Re: auth bind : Address already in use. What could be the reason?

[Krishna]

Hi,
Thanks it s working now!!

regards
Krishna


At 07:10 AM 7/30/02 -0700, you wrote:
>Another radiusd is already running.
>
>On Tue, Jul 30, 2002 at 07:36:06PM +0530, Krishna wrote:
> > Hi,
> >
> > When I run radius it gives this error
> > auth bind : Address is already in use.
> >
> > What could be the reason?
> >
> > regards
> > Krishna
> >
> >
> > Krishna Shekhar
> > Network Administrator
> > Wiplash Wireless
> >
> >
> > http://www.wiplash.net
> >
> >
> > -
> > List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> >
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Krishna Shekhar
Network Administrator
Wiplash Wireless

 ___   __  __
 __ | / /___  _/__  __ \__  /___|_  ___/__  / / /
 __ | /| / / __  / __  /_/ /_  / __  /| | \__  /_/ /
 __ |/ |/ / __/ /  _  /_  /___  ___ |___/ /_  __  /
 /|__/  /___/  /_/ /_/_/  |_// /_/ /_/


http://www.wiplash.net


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: mysql accounting

[Nikodim Nikodimov]

Maybe you are right...I'm thinking to write a small script witch will look
in the database and will sum the records for each user.

NN

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of tywe
Sent: Wednesday, July 31, 2002 9:48 AM
To: [EMAIL PROTECTED]
Subject: Re: mysql accounting


- Original Message -
> Hi all,
>
> I have an accounting record in my mysql database for every session for
each
> user.
> I there a possible way to make radius add this accounting information for
> each user in one record?
>
> NN

I can't think of any way to do that. But, all of the SQL statements are
customizable in the sql.conf, so I'm sure almost anything is possible. If
you do somehow manage to make that work, be prepared for lots of things to
not work though, such as Simultaneous-Use, etc. since each session has a
unique AcctSessionId that is needed to identify which data goes with which
session. I'm sure there are plenty of other bad things that would happen by
changing the functionality like that, but it's up to you.

What's wrong with having a new record for each session anyhow?

Frank




-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: mysql accounting

[tywe]

- Original Message -
> Hi all,
>
> I have an accounting record in my mysql database for every session for
each
> user.
> I there a possible way to make radius add this accounting information for
> each user in one record?
>
> NN

I can't think of any way to do that. But, all of the SQL statements are
customizable in the sql.conf, so I'm sure almost anything is possible. If
you do somehow manage to make that work, be prepared for lots of things to
not work though, such as Simultaneous-Use, etc. since each session has a
unique AcctSessionId that is needed to identify which data goes with which
session. I'm sure there are plenty of other bad things that would happen by
changing the functionality like that, but it's up to you.

What's wrong with having a new record for each session anyhow?

Frank




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

mysql accounting

[Nikodim Nikodimov]

Hi all,

I have an accounting record in my mysql database for every session for each
user.
I there a possible way to make radius add this accounting information for
each user in one record?

NN


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: (no subject)

[Aaron T. Weiker]

You will want to set the authorize section to unix meanwhile have the accounting set 
to sql. Please make sure to configure the sql.conf file correctly.

Please carefully read radiusd.conf, sql.conf and the relevant files in the doc 
directory. If you do not know where the doc directory is you can view them at 
http://www.freeradius.org/radiusd/doc/. There are also FAQ's and other various help 
files located on the website that you will find helpful. 



Aaron Weiker

-Original Message-
From: Diretoria [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, July 31, 2002 1:45 AM
To: [EMAIL PROTECTED]
Subject: (no subject)


Hi, 
I´ve installed freeradius on our FreeBSD box.
I would like to send the only auth log to my MySQL server to the report generation 
easier *but* still using the /etc/passwd to authenticate.
Any help?
I didn´t find it at FAQ.
Thanks
Clever Anjos



___
Acipnet, http://www.acip.org.br



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: FreeBSD and MySQL

[Aaron T. Weiker]

Latest version is 0.7 which has a lot of bug fixes since 0.5 as well as
improved MySQL connection pooling support.

Aaron

-Original Message-
From: Diretoria [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, July 31, 2002 1:48 AM
To: [EMAIL PROTECTED]
Subject: FreeBSD and MySQL


Sorry, i forgot about this 
radiusd: FreeRADIUS Version 0.5, for host i386-unknown-freebsd4.6, built
on Jul 30 2002 at 16:02:17

on last message


___
Acipnet, http://www.acip.org.br



- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

(no subject)

[Diretoria]

Hi, 
I´ve installed freeradius on our FreeBSD box.
I would like to send the only auth log to my MySQL server to the report generation 
easier *but* still using the /etc/passwd to authenticate.
Any help?
I didn´t find it at FAQ.
Thanks
Clever Anjos



___
Acipnet, http://www.acip.org.br



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

FreeBSD and MySQL

[Diretoria]

Sorry, i forgot about this 
radiusd: FreeRADIUS Version 0.5, for host i386-unknown-freebsd4.6, built on Jul 30 
2002 at 16:02:17

on last message


___
Acipnet, http://www.acip.org.br



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

failover ldap config

[Brian Leung]

hi all,

how can i config failover ldap server in radiusd.conf if i already have
the following entries?

ldap LDAP1 {


}

ldap LDAP2 {


}
Then, what should i do?
Thank you

Regards,
Brian Leung
System Engineer
Pacific Supernet


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: md5 passwords in database

[Mattt]

On Wed, 2002-07-31 at 11:44, Dave Logan wrote:

> Is there "no way" to make freeradius look at the regular
> 32 chars hashes?  


  Erm, they _are_ 32 char digests - just that your first
implementation was wrong.

  To clarify - the digests you (we) are using here are 32 char MD5
hashes, with '$1$' as the magic, and the 8 chars immediately following
that are used as the salt.

  Here's an example :

$1$fUQUfY0M$qarq3C1dDephPbGgaRdoe/

  It's irrelevant what the original string was, as it wouldn't hash into
an identical digest again, anyways (without salt at least - see
below)...

  It's also worth noting (for those that don't already know, anyways...)
that these digests are on-way - they can't be decrypted. To test the
pass, we take a string, hash it *using the salt from the digest we have*
(ie: substr(3,8) ), and compare the digests.

-- 
Cheers,
 Mattt.   icq   : 117539757
 Network and Tech Guy,www1  : http://www.pulse.nq4u.net
 Expressnet.  www2  : http://www.expressnet.net.au
 [EMAIL PROTECTED]  jabber: [EMAIL PROTECTED]


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: md5 passwords in database

[Dave Logan]

Great.  That will surely help for freeradius.
I think I lost track of where I was initially going with
the project though
A central database with all of our users, with login and
"regular" (md5sum generated) passwords, then just sync the
data out to our other databases (radius, mail auth, etc).
So if I were to do the "shadow" style md5 hash, I'd have
to rewrite any other program to do the equivalent hashing.
Is there "no way" to make freeradius look at the regular
32 chars hashes?  Perhaps even a new "module" of some sort?
Or even comparing the password "at the database", where the
md5() function lives?  I haven't even started looking at
the code yet because I thought surely this would already
exist somewhere.
Thanks for all the feedback though, it will help me at
least look like I'm making progress (which I am, thanks
to mattt).
Dave


--
Dave Logan

"NO!  Try not!  Do.  Or do not." -- Yoda


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

users file and SQL?

[Spike Ilacqua]

Is there a way to read just a few Attribute/Value pairs from a SQL
table, and get the rest of the information from the users file?

Basically I just want to pull the IP address and netmask from an
existing database and use the user file for the rest.  I can do this
by calling a script with Exec-Program-Wait to generate the right
Attribute/Value pairs.  It seems to me that doing the query within
radiusd would be a little cleaner, but it also looks to me like SQL is
an all or nothing deal.  Is that correct or am I missing something?

->Spike

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_ippool

[Alan DeKok]

"Andrew Kelaidis" <[EMAIL PROTECTED]> wrote:
> I want to use ippool module (freeradius version 0.7 stable). I have tried 
> the following configure commands but unfortunately didn't work:
...
> I looked in configure, make messages but I didn't see anything wrong. Are 
> there any dependencies for this module??? What I did wrong??

  The output of 'configure --help' gives you some information.  You
can enable experimental modules.  But it won't currently let you
enable the experimental modules one-by-one.

  Or, you can just build && install the server without rlm_ippool.
Then, go to 'src/modules/rlm_ippool', and do 'configure;make;make
install' and it should work.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

multi-user support in EAP/TLS module?

[Zhenwen Shao]

Sorry that the question may seem stupid but I
am a beginner in experimenting with freeRadius, 
and I desperately need some help here.
Does anyone know how to authenticate multi-users
with EAP/TLS? Current freeRadius radiusd.conf
only defined the TLS module for one user ( file
path etc. all locate in one cerficate set), and 
I tried to replicate the TLS part with different
set, but the Radius server seemed not loading
the right files when I try both user case...
Could anyone tell me how to do that? I hope I won't
have to write this support by my own at last.
Also is SNMP necessary for this case anyway?

Thanks,
Zhenwen



__
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Compiling on OpenBSD 3.1

[Alan DeKok]

"Steve Camacho" <[EMAIL PROTECTED]> wrote:
> I keep getting this compile error when I compile on OpenBSD 3.1.  I've
> seen other people with this problem but I haven't seen an answer yet.
> Can anyone explain why this happens and give me a way to fix it.

  See the README file in that directory, it may help.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: md5 passwords in database

[Mattt]

On Wed, 2002-07-31 at 08:52, Dave Logan wrote:

> If we need to take this "off list" we can do that too, but I'm hoping
> your code snippets will reveal all the secrets, and help someone in the
> future.
> Dave


  Of course - it's early, and I forgot where I was ;-)

= code follows =

  function encrypt($password, $salt = '') {
$MAGIC = '$1$';
$ITOA64 =
'./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';

if (strlen($salt) < 8) {
  mt_srand ((double) microtime() * 100);

  for ($i = 8; $i > strlen($salt);) {
$salt .= $ITOA64{mt_rand (0, strlen($ITOA64))};
  }
}

$passwd = crypt($password, $MAGIC . $salt);

return($passwd);
  }

= code ends =

  The line above which initialises $ITOA64 has been split by the mua,
and should be a single line, although this should not hurt the
function...


-- 
Cheers,
 Mattt.   icq   : 117539757
 Network and Tech Guy,www1  : http://www.pulse.nq4u.net
 Expressnet.  www2  : http://www.expressnet.net.au
 [EMAIL PROTECTED]  jabber: [EMAIL PROTECTED]


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: md5 passwords in database

[Vector]

I am currently struggling with generating an md5 compatible password for the
db with new users.  Does your snippet do that?  If so, I am very interested.
thnx,

vec

- Original Message -
From: "Mattt" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, July 30, 2002 4:30 PM
Subject: Re: md5 passwords in database


> On Wed, 2002-07-31 at 08:07, Dave Logan wrote:
>
>
> > # echo -n "password" | md5sum
> > 5f4dcc3b5aa765d61d8327deb882cf99 -
>
>
>   That's the problem - you need to use a 12-char salt with '$1$' as the
> first three chars. $1$ is the magic that denotes an MD5'd password, and
> the salt used to decrypt the pass is the 8-char string b/w the 3rd and
> 8th chars inclusively. I don't think md5sum will do what you need.
>
>   I wrote a bit of php to do our encryption/checking - if you're really
> stuck, I can send you a snippet...
>
> --
> Cheers,
>  Mattt.   icq   : 117539757
>  Network and Tech Guy,www1  : http://www.pulse.nq4u.net
>  Expressnet.  www2  : http://www.expressnet.net.au
>  [EMAIL PROTECTED]   jabber: [EMAIL PROTECTED]
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: md5 passwords in database

[Dave Logan]

) That's the problem - you need to use a 12-char salt with '$1$' as the
) first three chars. $1$ is the magic that denotes an MD5'd password, and
) the salt used to decrypt the pass is the 8-char string b/w the 3rd and
) 8th chars inclusively. I don't think md5sum will do what you need.
) 
) I wrote a bit of php to do our encryption/checking - if you're really
) stuck, I can send you a snippet...

That would be great, because that doesn't make sense. i.e. the hash is
32 chars + 12 chars of "salt" would be 44 chars and the field is only
varchar(40). If you mod'd the table could you send new definition too?
I will be using PHP in the end, so it's possible if I just started there
I'd be fine, but it looks like the MD5 function in PHP (mhash?) doesn't
support "salt" in that way?
If we need to take this "off list" we can do that too, but I'm hoping
your code snippets will reveal all the secrets, and help someone in the
future.
Dave


--
Dave Logan

"NO!  Try not!  Do.  Or do not." -- Yoda


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: md5 passwords in database

[Mattt]

On Wed, 2002-07-31 at 08:07, Dave Logan wrote:


> # echo -n "password" | md5sum
> 5f4dcc3b5aa765d61d8327deb882cf99 -

 
  That's the problem - you need to use a 12-char salt with '$1$' as the
first three chars. $1$ is the magic that denotes an MD5'd password, and
the salt used to decrypt the pass is the 8-char string b/w the 3rd and
8th chars inclusively. I don't think md5sum will do what you need.

  I wrote a bit of php to do our encryption/checking - if you're really
stuck, I can send you a snippet...

-- 
Cheers,
 Mattt.   icq   : 117539757
 Network and Tech Guy,www1  : http://www.pulse.nq4u.net
 Expressnet.  www2  : http://www.expressnet.net.au
 [EMAIL PROTECTED]  jabber: [EMAIL PROTECTED]


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: md5 passwords in database

[Dave Logan]

) > So, please impart the knowledge unto me, what incantation
) > in SQL or configuration must I utter to authenticate
) > against these hashes?

) Just make the attribute field in the radcheck record 'Crypt-Password'

Still no joy.
Here is the full output of what I've done.

# cat davec
User-Name = davec
User-Password = password

# echo -n "password" | md5sum
5f4dcc3b5aa765d61d8327deb882cf99 -

radius=# select * from radcheck where id = 2;
id | username | attribute | value | op 
+--++--+
2 | davec | Crypt-Password | 5f4dcc3b5aa765d61d8327deb882cf99 | 
(1 row)

# cat davec | radclient localhost:21812 auth testing123
Received response ID 125, code 3, length = 20

(radiusd -x output below)
rad_recv: Access-Request packet from host 127.0.0.1:32771, id=144, length=45
User-Name = "davec"
User-Password = "\333\253\375\362\353)\237Y\333\336\005c\t\232e1"
rlm_sql: Reserving sql socket id: 1
query: SELECT id,UserName,Attribute,Value FROM radcheck WHERE Username = 'davec'
ORDER BY id
rlm_postgresql Status: PGRES_TUPLES_OK
sql_postgresql: affected rows = 
query: SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value 
FROM
radgroupcheck,usergroup WHERE usergroup.Username = 'davec' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id
rlm_postgresql Status: PGRES_TUPLES_OK
sql_postgresql: affected rows = 
query: SELECT id,UserName,Attribute,Value FROM radreply WHERE Username = 'davec' ORDER
BY id
rlm_postgresql Status: PGRES_TUPLES_OK
sql_postgresql: affected rows = 
query: SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value 
FROM
radgroupreply,usergroup WHERE usergroup.Username = 'davec' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_postgresql Status: PGRES_TUPLES_OK
sql_postgresql: affected rows = 
query: SELECT Value,Attribute FROM radcheck WHERE UserName = 'davec' AND Attribute =
'Crypt-Password' ORDER BY Attribute DESC
rlm_postgresql Status: PGRES_TUPLES_OK
sql_postgresql: affected rows = 
rlm_sql: Released sql socket id: 1
Login incorrect: [davec/password] (from client localhost port 0)
rad_recv: Access-Request packet from host 127.0.0.1:32771, id=144, length=45
Sending Access-Reject of id 144 to 127.0.0.1:32771


Then I change the query back to look for User-Password OR Crypt-Password:
(radiusd -x)
rad_recv: Access-Request packet from host 127.0.0.1:32771, id=161, length=45
User-Name = "davec"
User-Password = "\265\261\322\204AM\340#\315\215\001o\003};x"
rlm_sql: Reserving sql socket id: 4
query: SELECT id,UserName,Attribute,Value FROM radcheck WHERE Username = 'davec'
ORDER BY id
rlm_postgresql Status: PGRES_TUPLES_OK
sql_postgresql: affected rows = 
query: SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value 
FROM
radgroupcheck,usergroup WHERE usergroup.Username = 'davec' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id
rlm_postgresql Status: PGRES_TUPLES_OK
sql_postgresql: affected rows = 
query: SELECT id,UserName,Attribute,Value FROM radreply WHERE Username = 'davec' ORDER
BY id
rlm_postgresql Status: PGRES_TUPLES_OK
sql_postgresql: affected rows = 
query: SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value 
FROM
radgroupreply,usergroup WHERE usergroup.Username = 'davec' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_postgresql Status: PGRES_TUPLES_OK
sql_postgresql: affected rows = 
query: SELECT Value,Attribute FROM radcheck WHERE UserName = 'davec' AND ( Attribute =
'User-Password' OR Attribute = 'Crypt-Password' ) ORDER BY Attribute DESC
rlm_postgresql Status: PGRES_TUPLES_OK
sql_postgresql: affected rows = 
rlm_sql: Released sql socket id: 4
Login incorrect: [davec/password] (from client localhost port 0)
rad_recv: Access-Request packet from host 127.0.0.1:32771, id=161, length=45
Sending Access-Reject of id 161 to 127.0.0.1:32771


I see that last query returns 'affected rows = '.
I can assert that it works for a plaintext user...

Any more ideas, or do you need more information?
Dave


--
Dave Logan

"NO!  Try not!  Do.  Or do not." -- Yoda


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

rlm_ippool

[Andrew Kelaidis]

Hi,

I want to use ippool module (freeradius version 0.7 stable). I have tried 
the following configure commands but unfortunately didn't work:
./configure . --with-rlm_ippool
./configure . --enable-rlm_ippool
I looked in configure, make messages but I didn't see anything wrong. Are 
there any dependencies for this module??? What I did wrong??
Please help.

_
Send and receive Hotmail on your mobile device: http://mobile.msn.com


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Compiling on OpenBSD 3.1

[Steve Camacho]

I keep getting this compile error when I compile on OpenBSD 3.1.  I've
seen other people with this problem but I haven't seen an answer yet.
Can anyone explain why this happens and give me a way to fix it.

The error is below.

Thanks in advance

Steve




gcc  -g -O2 -pthread -D_THREAD_SAFE -Wall -D_GNU_SOURCE -DNDEBUG
-I../../include  -c rlm_krb5.c -o rlm_krb5.o
rlm_krb5.c: In function `krb5_auth':
rlm_krb5.c:75: warning: initialization makes pointer from integer
without a cast
rlm_krb5.c:77: warning: excess elements in struct initializer
rlm_krb5.c:77: warning: (near initialization for `tgtname')
rlm_krb5.c:127: request for member `length' in something not a structure
or union
rlm_krb5.c:128: request for member `data' in something not a structure
or union
rlm_krb5.c:131: request for member `length' in something not a structure
or union
rlm_krb5.c:132: request for member `data' in something not a structure
or union
gmake[5]: *** [rlm_krb5.o] Error 1
gmake[5]: Leaving directory
`/home/steve/freeradius-0.7/src/modules/rlm_krb5'
gmake[4]: *** [common] Error 1
gmake[4]: Leaving directory `/home/steve/freeradius-0.7/src/modules'
gmake[3]: *** [all] Error 2
gmake[3]: Leaving directory `/home/steve/freeradius-0.7/src/modules'
gmake[2]: *** [common] Error 1
gmake[2]: Leaving directory `/home/steve/freeradius-0.7/src'
gmake[1]: *** [all] Error 2
gmake[1]: Leaving directory `/home/steve/freeradius-0.7/src'
gmake: *** [common] Error 1
*** Error code 2


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: md5 passwords in database

[Mattt]

On Wed, 2002-07-31 at 01:49, Dave Logan wrote:

[snip]

> So, please impart the knowledge unto me, what incantation
> in SQL or configuration must I utter to authenticate
> against these hashes?

[snip]


  Just make the attribute field in the radcheck record 'Crypt-Password'
(and note that users with a digest instead of a plaintext pass will not
be able to connect using CHAP (but they already couldn't, so no
biggie).
 
-- 
Cheers,
 Mattt.   icq   : 117539757
 Network and Tech Guy,www1  : http://www.pulse.nq4u.net
 Expressnet.  www2  : http://www.expressnet.net.au
 [EMAIL PROTECTED]  jabber: [EMAIL PROTECTED]


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: RADIUS book from O'Reilly

[Alan DeKok]

"Aaron T. Weiker" <[EMAIL PROTECTED]> wrote:
> Is this book geared towards radius in general?

  Yes, with additional specifics about FreeRADIUS.

> Sort of how the Orielly DNS book explains DNS in general, but
> provides BIND examples and syntax.

  This is an O'Reilly book, too.  It should be pretty similar.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: RADIUS book from O'Reilly

[Aaron T. Weiker]

Is this book geared towards radius in general? Or does the book do this
as well as provide examples using freeradius. Sort of how the Orielly
DNS book explains DNS in general, but provides BIND examples and syntax.

Thanks,
Aaron Weiker

-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, July 30, 2002 1:41 PM
To: [EMAIL PROTECTED]
Subject: RADIUS book from O'Reilly


  A RADIUS book from O'Reilly has been announced, and it's on Amazon.
See:

http://www.freeradius.org/related/

  I've taken the liberty of signing up for an 'Amazon associates'
program, so if you're thinking about buying the book, please us the
link, and some $$ will be contributed to FreeRADIUS.


  Since there is currently no legal entity called "FreeRADIUS", I've
signed up for the Amazon Associates program under my name.  If the
incoming $$ are sufficient, it may be worth legally registering
FreeRADIUS as a non-profit entity.


  In any case, the moneys received from the associates program will go
to fostering the development of the server.  I will be posting periodic
summaries of the $$, and request for comment as to where/how the money
should be spent.

  If, in fact, the link makes money. :)


  In the interests of transparency, I was a technical reviewer of the
book, and saw it in pre-publication draft.  It isn't perfect, but it's
better than the nearly complete lack of documentation that comes with
the server today.  It also explains in greater detail the "why" and the
"how" of the RADIUS protocol, and may answer many initial questions
someone may have about the RADIUS protocol, and the FreeRADIUS server.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: RADIUS book from O'Reilly

[Alan DeKok]

[EMAIL PROTECTED] wrote:
> This might be a dumb question, but...  I'd like to buy the book and have 
> my company pay for it.  (Read:  fill out  a PO, go through the whole 
> purchasing thing, blah blah blah...)  Any way for FR to get the kickback 
> then?  (I'd imagine not, but figured I'd ask anyway.)

  Buy it out-of-pocket, and then expense it?  For a $40 book, this
shouldn't be much of a problem.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: RADIUS book from O'Reilly

[Vincent_Giovannone]

This might be a dumb question, but...  I'd like to buy the book and have 
my company pay for it.  (Read:  fill out  a PO, go through the whole 
purchasing thing, blah blah blah...)  Any way for FR to get the kickback 
then?  (I'd imagine not, but figured I'd ask anyway.)

Vincent Giovannone
Network Infrastructure Group
Information Services Division
Rush - Presbyterian St. Luke's Medical Center

Pinball is a way of life.  My way!






"Jonathan Hassell" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
07/30/2002 03:07 PM
Please respond to freeradius-users

 
To: <[EMAIL PROTECTED]>
cc: 
Subject:RE: RADIUS book from O'Reilly


And I just happen to be the author of said O'Reilly book, and I monitor
this list frequently.  I haven't had time to contribute much during the
past few months, though.  At any rate, please feel free to ask any
questions about the book to me personally, or call me stupid, and I'll
do my best to respond appropriately.  (No, I won't hold it against you
for calling me stupid.)

If you do decide to purchase the book, please do so through the
FreeRADIUS site.  There is a real potential for a decent chunk of change
to become available to support the development of this project. 

Thanks for your support!

Jonathan Hassell
[EMAIL PROTECTED]

-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, July 30, 2002 2:01 PM
To: [EMAIL PROTECTED]
Subject: RADIUS book from O'Reilly


  A RADIUS book from O'Reilly has been announced, and it's on Amazon.
See:

 http://www.freeradius.org/related/

  I've taken the liberty of signing up for an 'Amazon associates'
program, so if you're thinking about buying the book, please us the
link, and some $$ will be contributed to FreeRADIUS.


  Since there is currently no legal entity called "FreeRADIUS", I've
signed up for the Amazon Associates program under my name.  If the
incoming $$ are sufficient, it may be worth legally registering
FreeRADIUS as a non-profit entity.


  In any case, the moneys received from the associates program will go
to fostering the development of the server.  I will be posting periodic
summaries of the $$, and request for comment as to where/how the money
should be spent.

  If, in fact, the link makes money. :)


  In the interests of transparency, I was a technical reviewer of the
book, and saw it in pre-publication draft.  It isn't perfect, but it's
better than the nearly complete lack of documentation that comes with
the server today.  It also explains in greater detail the "why" and the
"how" of the RADIUS protocol, and may answer many initial questions
someone may have about the RADIUS protocol, and the FreeRADIUS server.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: RADIUS book from O'Reilly

[Jonathan Hassell]

And I just happen to be the author of said O'Reilly book, and I monitor
this list frequently.  I haven't had time to contribute much during the
past few months, though.  At any rate, please feel free to ask any
questions about the book to me personally, or call me stupid, and I'll
do my best to respond appropriately.  (No, I won't hold it against you
for calling me stupid.)

If you do decide to purchase the book, please do so through the
FreeRADIUS site.  There is a real potential for a decent chunk of change
to become available to support the development of this project.  

Thanks for your support!

Jonathan Hassell
[EMAIL PROTECTED]

-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, July 30, 2002 2:01 PM
To: [EMAIL PROTECTED]
Subject: RADIUS book from O'Reilly


  A RADIUS book from O'Reilly has been announced, and it's on Amazon.
See:

http://www.freeradius.org/related/

  I've taken the liberty of signing up for an 'Amazon associates'
program, so if you're thinking about buying the book, please us the
link, and some $$ will be contributed to FreeRADIUS.


  Since there is currently no legal entity called "FreeRADIUS", I've
signed up for the Amazon Associates program under my name.  If the
incoming $$ are sufficient, it may be worth legally registering
FreeRADIUS as a non-profit entity.


  In any case, the moneys received from the associates program will go
to fostering the development of the server.  I will be posting periodic
summaries of the $$, and request for comment as to where/how the money
should be spent.

  If, in fact, the link makes money. :)


  In the interests of transparency, I was a technical reviewer of the
book, and saw it in pre-publication draft.  It isn't perfect, but it's
better than the nearly complete lack of documentation that comes with
the server today.  It also explains in greater detail the "why" and the
"how" of the RADIUS protocol, and may answer many initial questions
someone may have about the RADIUS protocol, and the FreeRADIUS server.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Fwd: sql_oracle.fix

[Alan DeKok]

"Yuri Bazhukov" <[EMAIL PROTECTED]> wrote:
> Fix for sql_oracle driver in CVS and v. 0.7
> It returns 1 in case of success, which is wrong (should return 0)

  Applied, thanks.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: R: MySQL and simultaneous use check

[Nick Davis]

On Tuesday 30 July 2002 09:29, Niccolo Rigacci wrote:
> > [EMAIL PROTECTED] wrote:
> > > I want to add simultaneous access check so I uncommented
> > > "simul_count_query" in sql.conf and added "sql" into session{} section
>
> of
>
> > > radiusd.conf.
> > >
> > > >From the radiusd log I see that the query is defined, but never used.
>
> What
>
> > > am I missing?
> >
> >   Are you using the 'Simultaneous-Use' attribute anywhere for that
> > user?  If not, then the server will never do session checking.
>

> DEFAULT Simultaneous-Use = 1

This is wrong, should be ":=".
Read "man 5 users"

Nick

-- 
Nick Davis 
Associate Systems Administrator 
[EMAIL PROTECTED] 
Internet Exposure, Inc. 
http://www.iexposure.com  

(612)676-1946 
Web Development-Web Marketing-ISP Services

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RADIUS book from O'Reilly

[Alan DeKok]

  A RADIUS book from O'Reilly has been announced, and it's on Amazon.
See:

http://www.freeradius.org/related/

  I've taken the liberty of signing up for an 'Amazon associates'
program, so if you're thinking about buying the book, please us the
link, and some $$ will be contributed to FreeRADIUS.


  Since there is currently no legal entity called "FreeRADIUS", I've
signed up for the Amazon Associates program under my name.  If the
incoming $$ are sufficient, it may be worth legally registering
FreeRADIUS as a non-profit entity.


  In any case, the moneys received from the associates program will go
to fostering the development of the server.  I will be posting
periodic summaries of the $$, and request for comment as to where/how
the money should be spent.

  If, in fact, the link makes money. :)


  In the interests of transparency, I was a technical reviewer of the
book, and saw it in pre-publication draft.  It isn't perfect, but it's
better than the nearly complete lack of documentation that comes with
the server today.  It also explains in greater detail the "why" and
the "how" of the RADIUS protocol, and may answer many initial
questions someone may have about the RADIUS protocol, and the
FreeRADIUS server.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Expiration Attribute

[Gonzalez, Pedro]

All,

Does expiration attribute support date and time format now, or just date ?
"DD MMM  HH:MM:SS" or "DD MMM " 

If only support dates? How can I control time within a date?

Thanks
Pedro Gonzalez

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

md5 passwords in database

[Dave Logan]

Hi all,

I've been following the list for a while, and with the
tips picked up here, and with the fantastic webpage at
http://www.frontios.com/freeradius.html
I've been able to get my freeradius (0.6) talking to
my postgres database for both auth and acct.

One more thing, which I've searched on, and haven't seen
any references (in plain english at least) about what to
do if the passwords are stored in the database MD5 hashed
already.  I saw one other person ask about it, but never
did find a reply.

So, please impart the knowledge unto me, what incantation
in SQL or configuration must I utter to authenticate
against these hashes?

Many thanks,
Dave


--
Dave Logan

"NO!  Try not!  Do.  Or do not." -- Yoda


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Abnormal child exit

[Thomas Jalsovsky]

Hello,
I use FR from CVS (Jul 10 2002). I have problems with
Exec-Program-Wait. While FR runs in debug mode it doesn't send back the
right AVPairs, rather AVPair Reply-Message.

 debug --
radius_xlat:  '/gis/scripts/prepaid.pl'
Exec-Program: /gis/scripts/prepaid.pl
Exec-Program-Wait: value-pairs: h323-billing-model =
"h323-billing-model=1",h323-preferred-lang = "h323-preferred-lang=S
K",h323-credit-amount = "h323-credit-amount=419.00",h323-currency =
"h323-currency=SKK",h323-return-code = "h323-return-
code=0"
Exec-Program: Abnormal child exit
Sending Access-Reject of id 162 to 193.41.203.20:1645
Reply-Message = "\r\nAccess denied (external check failed)."
Finished request 50
-

When I use FR in daemon mode it works, but when I want to reject
the user (my perl script returns exit value 1) and send back AVPairs to
the NAS, I also get only the Reply-Message AVPair (I know this from the
NAS's debug - NAS got attribute 18).

Something is wrong with the external script. I know that there was
a bug around the debug mode (I found this bug), but I upgraded after that
bug was fixed (?).

Thanks in advance.

Thomas




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Segmentation Fault

[Gonzalez, Pedro]

Sorry I understand now...

LIBS= @LIBS@ -lpthread

Okay, then I run

1. make
2. make install

Thanks
Pedro

> -Original Message-
> From: Gonzalez, Pedro [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, July 30, 2002 10:12 AM
> To: '[EMAIL PROTECTED]'
> Subject: RE: Segmentation Fault 
> 
> 
> Yes I am using Solaris. Where in Make.inc.in I have to place 
> -lpthread ?
> 
> Thanks
> Pedro
> 
> > -Original Message-
> > From: Chris Brotsos [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, July 30, 2002 10:08 AM
> > To: [EMAIL PROTECTED]
> > Subject: RE: Segmentation Fault 
> > 
> > 
> > 
> > At 09:52 AM 7/30/2002 -0500, you wrote:
> > >Still getting segmentation fault after removing old 
> version 0.5 rlm_*
> > >libraries and re-installing. By the way, there are no core 
> dump file
> > >generated even after setting "allow_core_dumps = yes".
> > >
> > >More ideas ???
> > 
> > 
> > Yes, make distclean, and then after the LIBS directive in 
> > Make.inc.in...place -lpthread. It sounds like you are using 
> Solaris...
> > 
> > If not, sorry, but I had the same problem, and that is how it 
> > was fixed.
> > 
> > Chris
> > 
> > 
> > 
> > 
> > 
> > - 
> > List info/subscribe/unsubscribe? See 
> > http://www.freeradius.org/list/users.html
> > 
> 
> - 
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Segmentation Fault

[Gonzalez, Pedro]

Yes I am using Solaris. Where in Make.inc.in I have to place -lpthread ?

Thanks
Pedro

> -Original Message-
> From: Chris Brotsos [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, July 30, 2002 10:08 AM
> To: [EMAIL PROTECTED]
> Subject: RE: Segmentation Fault 
> 
> 
> 
> At 09:52 AM 7/30/2002 -0500, you wrote:
> >Still getting segmentation fault after removing old version 0.5 rlm_*
> >libraries and re-installing. By the way, there are no core dump file
> >generated even after setting "allow_core_dumps = yes".
> >
> >More ideas ???
> 
> 
> Yes, make distclean, and then after the LIBS directive in 
> Make.inc.in...place -lpthread. It sounds like you are using Solaris...
> 
> If not, sorry, but I had the same problem, and that is how it 
> was fixed.
> 
> Chris
> 
> 
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Segmentation Fault

[Chris Brotsos]

At 09:52 AM 7/30/2002 -0500, you wrote:
>Still getting segmentation fault after removing old version 0.5 rlm_*
>libraries and re-installing. By the way, there are no core dump file
>generated even after setting "allow_core_dumps = yes".
>
>More ideas ???


Yes, make distclean, and then after the LIBS directive in 
Make.inc.in...place -lpthread. It sounds like you are using Solaris...

If not, sorry, but I had the same problem, and that is how it was fixed.

Chris





- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Segmentation Fault

[Gonzalez, Pedro]

Alan,

ulimit is already unlimited

root@telem-tac:/usr/local/sbin # ulimit
unlimited
root@telem-tac:/usr/local/sbin # 



Thanks
Pedro

> -Original Message-
> From: Alan DeKok [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, July 30, 2002 9:54 AM
> To: [EMAIL PROTECTED]
> Subject: Re: MySQL and simultaneous use check 
> 
> 
> "Gonzalez, Pedro" <[EMAIL PROTECTED]> wrote:
> > Still getting segmentation fault after removing old version 
> 0.5 rlm_*
> > libraries and re-installing. By the way, there are no core dump file
> > generated even after setting "allow_core_dumps = yes".
> > 
> > More ideas ???
> 
>   ulimit -c unlimited
> 
>   And then run it again.
> 
>   Alan DeKok.
> 
> - 
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: MySQL and simultaneous use check

[Alan DeKok]

"Gonzalez, Pedro" <[EMAIL PROTECTED]> wrote:
> Still getting segmentation fault after removing old version 0.5 rlm_*
> libraries and re-installing. By the way, there are no core dump file
> generated even after setting "allow_core_dumps = yes".
> 
> More ideas ???

  ulimit -c unlimited

  And then run it again.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Segmentation Fault

[Gonzalez, Pedro]

Still getting segmentation fault after removing old version 0.5 rlm_*
libraries and re-installing. By the way, there are no core dump file
generated even after setting "allow_core_dumps = yes".

More ideas ???

root@telem-tac:/usr/local/sbin # radiusd -zxxy
Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /usr/local/etc/raddb/proxy.conf
Config:   including file: /usr/local/etc/raddb/clients.conf
Config:   including file: /usr/local/etc/raddb/snmp.conf
Config:   including file: /usr/local/etc/raddb/sql.conf
 main: prefix = "/usr/local"
 main: localstatedir = "/usr/local/var"
 main: logdir = "/usr/local/var/log/radius"
 main: libdir = "/usr/local/lib"
 main: radacctdir = "/usr/local/var/log/radius/radacct"
 main: hostname_lookups = no
read_config_files:  reading dictionary
read_config_files:  reading clients
read_config_files:  reading realms
read_config_files:  reading naslist
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_auth = no
 main: log_auth_badpass = no
 main: log_auth_goodpass = no
 main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
 main: user = "root"
 main: group = "root"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"
 main: proxy_requests = yes
 proxy: retry_delay = 5
 proxy: retry_count = 3
 proxy: synchronous = no
 proxy: default_fallback = yes
 proxy: dead_time = 120
 security: max_attributes = 200
 security: reject_delay = 1
 main: debug_level = 0
read_config_files:  entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded MS-CHAP 
 mschap: ignore_password = no
 mschap: use_mppe = yes
 mschap: require_encryption = no
 mschap: require_strong = no
 mschap: passwd = "(null)"
 mschap: authtype = "MS-CHAP"
Module: Instantiated mschap (mschap) 
Module: Loaded PAP 
 pap: encryption_scheme = "md5"
Module: Instantiated pap (pap) 
Module: Loaded realm 
 realm: format = "suffix"
 realm: delimiter = "@"
Module: Instantiated realm (suffix) 
Module: Loaded SQL 
 sql: driver = "rlm_sql_mysql"
 sql: server = "localhost"
 sql: port = ""
 sql: login = "icradius"
 sql: password = "myicpass"
 sql: radius_db = "radius"
 sql: acct_table = "radacct"
 sql: acct_table2 = "radacct"
 sql: authcheck_table = "radcheck"
 sql: authreply_table = "radreply"
 sql: groupcheck_table = "radgroupcheck"
 sql: groupreply_table = "radgroupreply"
 sql: usergroup_table = "usergroup"
 sql: nas_table = "nas"
 sql: dict_table = "dictionary"
 sql: sqltrace = no
 sql: sqltracefile = "/usr/local/var/log/radius/sqltrace.sql"
 sql: deletestalesessions = yes
 sql: num_sql_socks = 5
 sql: sql_user_name = "%{User-Name}"
 sql: authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM
radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id"
 sql: authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM
radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id"
 sql: authorize_group_check_query = "SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
ck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE
usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id"
 sql: authorize_group_reply_query = "SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
ly.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE
usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id"
 sql: authenticate_query = "SELECT Value,Attribute FROM radcheck WHERE
UserName = '%{User-Name}' AND ( Attribute = 'User-Password' OR Attribute =
'Password' OR Attribute = 'Crypt-Password' ) ORDER BY Attribute DESC"
 sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S',
AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime),
AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay =
%{Acct-Delay-Time} WHERE AcctSessionTime=0 AND AcctStopTime=0 AND
NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'"
 sql: accounting_update_query = "UPDATE radacct SET FramedIPAddress =
'%{Framed-IP-Address}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND
UserName = '%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}' AND
AcctStopTime = 0"
 sql: accounting_start_query = "INSERT into radacct (RadAcctId,
AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId,
NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic,
ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets,
CalledStationId, CallingStationId, AcctTerminateCause, ServiceType,
FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('',
'%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}',
'%{Realm}

RE: MySQL and simultaneous use check

[Gonzalez, Pedro]

Still getting segmentation fault after removing old version 0.5 rlm_*
libraries and re-installing. By the way, there are no core dump file
generated even after setting "allow_core_dumps = yes".

More ideas ???

root@telem-tac:/usr/local/sbin # radiusd -zxxy
Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /usr/local/etc/raddb/proxy.conf
Config:   including file: /usr/local/etc/raddb/clients.conf
Config:   including file: /usr/local/etc/raddb/snmp.conf
Config:   including file: /usr/local/etc/raddb/sql.conf
 main: prefix = "/usr/local"
 main: localstatedir = "/usr/local/var"
 main: logdir = "/usr/local/var/log/radius"
 main: libdir = "/usr/local/lib"
 main: radacctdir = "/usr/local/var/log/radius/radacct"
 main: hostname_lookups = no
read_config_files:  reading dictionary
read_config_files:  reading clients
read_config_files:  reading realms
read_config_files:  reading naslist
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_auth = no
 main: log_auth_badpass = no
 main: log_auth_goodpass = no
 main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
 main: user = "root"
 main: group = "root"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"
 main: proxy_requests = yes
 proxy: retry_delay = 5
 proxy: retry_count = 3
 proxy: synchronous = no
 proxy: default_fallback = yes
 proxy: dead_time = 120
 security: max_attributes = 200
 security: reject_delay = 1
 main: debug_level = 0
read_config_files:  entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded MS-CHAP 
 mschap: ignore_password = no
 mschap: use_mppe = yes
 mschap: require_encryption = no
 mschap: require_strong = no
 mschap: passwd = "(null)"
 mschap: authtype = "MS-CHAP"
Module: Instantiated mschap (mschap) 
Module: Loaded PAP 
 pap: encryption_scheme = "md5"
Module: Instantiated pap (pap) 
Module: Loaded realm 
 realm: format = "suffix"
 realm: delimiter = "@"
Module: Instantiated realm (suffix) 
Module: Loaded SQL 
 sql: driver = "rlm_sql_mysql"
 sql: server = "localhost"
 sql: port = ""
 sql: login = "icradius"
 sql: password = "myicpass"
 sql: radius_db = "radius"
 sql: acct_table = "radacct"
 sql: acct_table2 = "radacct"
 sql: authcheck_table = "radcheck"
 sql: authreply_table = "radreply"
 sql: groupcheck_table = "radgroupcheck"
 sql: groupreply_table = "radgroupreply"
 sql: usergroup_table = "usergroup"
 sql: nas_table = "nas"
 sql: dict_table = "dictionary"
 sql: sqltrace = no
 sql: sqltracefile = "/usr/local/var/log/radius/sqltrace.sql"
 sql: deletestalesessions = yes
 sql: num_sql_socks = 5
 sql: sql_user_name = "%{User-Name}"
 sql: authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM
radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id"
 sql: authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM
radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id"
 sql: authorize_group_check_query = "SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
ck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE
usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id"
 sql: authorize_group_reply_query = "SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
ly.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE
usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id"
 sql: authenticate_query = "SELECT Value,Attribute FROM radcheck WHERE
UserName = '%{User-Name}' AND ( Attribute = 'User-Password' OR Attribute =
'Password' OR Attribute = 'Crypt-Password' ) ORDER BY Attribute DESC"
 sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S',
AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime),
AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay =
%{Acct-Delay-Time} WHERE AcctSessionTime=0 AND AcctStopTime=0 AND
NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'"
 sql: accounting_update_query = "UPDATE radacct SET FramedIPAddress =
'%{Framed-IP-Address}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND
UserName = '%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}' AND
AcctStopTime = 0"
 sql: accounting_start_query = "INSERT into radacct (RadAcctId,
AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId,
NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic,
ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets,
CalledStationId, CallingStationId, AcctTerminateCause, ServiceType,
FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('',
'%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}',
'%{Realm}

Re: FreeRADIUS 0.7 & ORACLE

[Alan DeKok]

Bobi <[EMAIL PROTECTED]> wrote:
> Exactly the same thing on my box.

  Go to src/modules/rlm_sql/drivers/rlm_sql_oracle/sql_oracle.h, and
delete the offending line.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS 0.7 & ORACLE

[Bobi]

Exactly the same thing on my box.

On Sunday 28 July 2002 15:29, you wrote:
> Hello,
>
> FreeRADIUS 0.7 does not compile with ORACLE support:
>

-- 
B.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Binaries for Mac OS X

[Johnsen, Lasse]

Frank,

Nothing like a bit of cross posting to keep everybody entertained.

From: http://developer.apple.com/internet/macosx/intro.html 

Mac OS X is largely based on one of the most popular and stable open source
UNIX variants: FreeBSD. FreeBSD has a long history on the Web, and is used
to serve some of the busiest sites on the Internet, including Yahoo!. Apple
engineers have adapted the FreeBSD system into their own low-level system,
called Darwin, which is also released under an open source license. Darwin's
relationship to BSD and the open source community means that developers who
use open source technologies can expect the same functionality and
flexibility on which they've relied in their UNIX systems.

But who cares anyway,

Lasse


-Original Message-
From: Frank Cusack [mailto:[EMAIL PROTECTED]]
Sent: 30 July 2002 15:11
To: [EMAIL PROTECTED]
Subject: Re: Binaries for Mac OS X


I'm not sure what you're saying.  The first paragraph of that web page
clearly says it is not based on FreeBSD.
/fc

On Tue, Jul 30, 2002 at 09:02:23AM -0500, Jerry Kemp wrote:
> Read the first paragraph.  I have/had always read that
> it was based on FreeBSD also, but I have not found a
> specific reference.
> 
> 
> 
> Jerry
> 
> 
> On Monday, July 29, 2002, at 07:48  PM, Frank Cusack wrote:
> 
> > It is not.
> > /fc
> >
> > On Mon, Jul 29, 2002 at 11:25:38AM -0400, Jason Lixfeld wrote:
> >> If I'm not mistaken, the *NIX OS X kernel is a FreeBSD variant, is it
> >> not?  Anything you can compile for FreeBSD would work on OS X?
> >>
> >>> -Original Message-
> >>> From: [EMAIL PROTECTED]
> >>> [mailto:[EMAIL PROTECTED]] On Behalf Of
> >>> Adam C. Acord
> >>> Sent: Monday, July 29, 2002 11:21 AM
> >>> To: [EMAIL PROTECTED]
> >>> Subject: Binaries for Mac OS X
> >>>
> >>>
> >>> Has anyone successfully compiled the FreeRadius Server under
> >>> Mac OS X?
> >>> If so, would you be interested in sending me the details, or even a
> >>> binary?
> >>>
> >>> Please respond to me directly, as I'm not yet a member of the list.
> >>>
> >>> Thanks in advance
> >>>
> >>> -aa
> >>>
> >>>
> >>> -
> >>> List info/subscribe/unsubscribe? See
> >>> http://www.freeradius.org/list/users.html
> >>>
> >>
> >>
> >>
> >> -
> >> List info/subscribe/unsubscribe? See 
> >> http://www.freeradius.org/list/users.html
> >>
> >
> > -
> > List info/subscribe/unsubscribe? See 
> > http://www.freeradius.org/list/users.html
> 
> 
> - 
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
> 

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


**
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**
Bulldog Communications Limited is registered in England, number 4005262, 
with its office address at Golden Cross House, 8 Duncannon Street
LONDON, WC2N 4JF, United Kingdom

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

R: MySQL and simultaneous use check

[Niccolo Rigacci]

> [EMAIL PROTECTED] wrote:
> > I want to add simultaneous access check so I uncommented
> > "simul_count_query" in sql.conf and added "sql" into session{} section
of
> > radiusd.conf.
> >
> > >From the radiusd log I see that the query is defined, but never used.
What
> > am I missing?
>
>   Are you using the 'Simultaneous-Use' attribute anywhere for that
> user?  If not, then the server will never do session checking.

This is my /etc/raddb/users file, I think that Simultaneous-Use is defined
when radiusd fall through sql module. From the log I see that the module
"files" is run before module "sql". Or my be I had to set the attribute into
the database?

DEFAULT Simultaneous-Use = 1
Service-Type = Framed-User,
Framed-Protocol = PPP,
Ascend-Idle-Limit = 900,
Fall-Through = Yes

Thanks for the very prompt reply!

Niccolo Rigacci
Italy



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: auth bind : Address already in use. What could be the reason?

[Frank Cusack]

Another radiusd is already running.

On Tue, Jul 30, 2002 at 07:36:06PM +0530, Krishna wrote:
> Hi,
> 
> When I run radius it gives this error
> auth bind : Address is already in use.
> 
> What could be the reason?
> 
> regards
> Krishna
> 
> 
> Krishna Shekhar
> Network Administrator
> Wiplash Wireless
> 
> 
> http://www.wiplash.net
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Binaries for Mac OS X

[Frank Cusack]

I'm not sure what you're saying.  The first paragraph of that web page
clearly says it is not based on FreeBSD.
/fc

On Tue, Jul 30, 2002 at 09:02:23AM -0500, Jerry Kemp wrote:
> Read the first paragraph.  I have/had always read that
> it was based on FreeBSD also, but I have not found a
> specific reference.
> 
> 
> 
> Jerry
> 
> 
> On Monday, July 29, 2002, at 07:48  PM, Frank Cusack wrote:
> 
> > It is not.
> > /fc
> >
> > On Mon, Jul 29, 2002 at 11:25:38AM -0400, Jason Lixfeld wrote:
> >> If I'm not mistaken, the *NIX OS X kernel is a FreeBSD variant, is it
> >> not?  Anything you can compile for FreeBSD would work on OS X?
> >>
> >>> -Original Message-
> >>> From: [EMAIL PROTECTED]
> >>> [mailto:[EMAIL PROTECTED]] On Behalf Of
> >>> Adam C. Acord
> >>> Sent: Monday, July 29, 2002 11:21 AM
> >>> To: [EMAIL PROTECTED]
> >>> Subject: Binaries for Mac OS X
> >>>
> >>>
> >>> Has anyone successfully compiled the FreeRadius Server under
> >>> Mac OS X?
> >>> If so, would you be interested in sending me the details, or even a
> >>> binary?
> >>>
> >>> Please respond to me directly, as I'm not yet a member of the list.
> >>>
> >>> Thanks in advance
> >>>
> >>> -aa
> >>>
> >>>
> >>> -
> >>> List info/subscribe/unsubscribe? See
> >>> http://www.freeradius.org/list/users.html
> >>>
> >>
> >>
> >>
> >> -
> >> List info/subscribe/unsubscribe? See 
> >> http://www.freeradius.org/list/users.html
> >>
> >
> > -
> > List info/subscribe/unsubscribe? See 
> > http://www.freeradius.org/list/users.html
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

auth bind : Address already in use. What could be the reason?

[Krishna]

Hi,

When I run radius it gives this error
auth bind : Address is already in use.

What could be the reason?

regards
Krishna


Krishna Shekhar
Network Administrator
Wiplash Wireless


http://www.wiplash.net


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Strange problem with pam_radius_auth

[Frank Cusack]

On Tue, Jul 30, 2002 at 06:41:56PM +0600, Dr. Muhammad Masroor Ali wrote:
> My squid file in pam.d (as was suggested in INSTALL)
> 
>  auth   required /lib/security/pam_securetty.so
> auth   sufficient   /lib/security/pam_radius_auth.so debug
> auth   required /lib/security/pam_unix_auth.so

Do you have the accounts in /etc/passwd?  If not, why is pam_unix_auth there?
For this example, it shouldn't matter, as you show that radiusd does send
back an access-accept, but let's clean up the config anyway.

> There is no indication of a mishap in var/log/messages, (the last lines 
> are shown here),

Did you set daemon.debug to go to /var/log/messages?

/fc

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Binaries for Mac OS X

[Jerry Kemp]

Read the first paragraph.  I have/had always read that
it was based on FreeBSD also, but I have not found a
specific reference.



Jerry


On Monday, July 29, 2002, at 07:48  PM, Frank Cusack wrote:

> It is not.
> /fc
>
> On Mon, Jul 29, 2002 at 11:25:38AM -0400, Jason Lixfeld wrote:
>> If I'm not mistaken, the *NIX OS X kernel is a FreeBSD variant, is it
>> not?  Anything you can compile for FreeBSD would work on OS X?
>>
>>> -Original Message-
>>> From: [EMAIL PROTECTED]
>>> [mailto:[EMAIL PROTECTED]] On Behalf Of
>>> Adam C. Acord
>>> Sent: Monday, July 29, 2002 11:21 AM
>>> To: [EMAIL PROTECTED]
>>> Subject: Binaries for Mac OS X
>>>
>>>
>>> Has anyone successfully compiled the FreeRadius Server under
>>> Mac OS X?
>>> If so, would you be interested in sending me the details, or even a
>>> binary?
>>>
>>> Please respond to me directly, as I'm not yet a member of the list.
>>>
>>> Thanks in advance
>>>
>>> -aa
>>>
>>>
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>>
>>
>>
>>
>> -
>> List info/subscribe/unsubscribe? See 
>> http://www.freeradius.org/list/users.html
>>
>
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Segmentation Fault

[Alan DeKok]

"Gonzalez, Pedro" <[EMAIL PROTECTED]> wrote:
> I am upgrading freeradius from version 0.5 to version 0.7. Version 0.5 has
> been working just perfect for me so far. Version 0.7 is having problems
> starting up due to a segmentation fault error:

  Delete ALL of the 0.5 libraries (rlm_*) and re-install 0.7.

  Also, see 'doc/bugs'

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: MySQL and simultaneous use check

[Alan DeKok]

[EMAIL PROTECTED] wrote:
> I want to add simultaneous access check so I uncommented
> "simul_count_query" in sql.conf and added "sql" into session{} section of
> radiusd.conf.
> 
> >From the radiusd log I see that the query is defined, but never used. What
> am I missing?

  Are you using the 'Simultaneous-Use' attribute anywhere for that
user?  If not, then the server will never do session checking.

  Alan DeKok.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Segmentation Fault

[Gonzalez, Pedro]

I am upgrading freeradius from version 0.5 to version 0.7. Version 0.5 has
been working just perfect for me so far. Version 0.7 is having problems
starting up due to a segmentation fault error:

root@telem-tac:/usr/local/sbin # radiusd -zxyy
Starting - reading configuration files ...
Module: Loaded MS-CHAP 
Module: Instantiated mschap (mschap) 
Module: Loaded PAP 
Module: Instantiated pap (pap) 
Module: Loaded realm 
Module: Instantiated realm (suffix) 
Module: Loaded SQL 
rlm_sql: Driver rlm_sql_mysql loaded and linked
rlm_sql: Attempting to connect to icradius@localhost:/radius
rlm_sql: starting 0
rlm_sql:  Attempting to connect #0
rlm_sql: Starting connect to MySQL server for #0
rlm_sql:  Connected new DB handle, #0
rlm_sql: starting 1
rlm_sql:  Attempting to connect #1
rlm_sql: Starting connect to MySQL server for #1
rlm_sql:  Connected new DB handle, #1
rlm_sql: starting 2
rlm_sql:  Attempting to connect #2
rlm_sql: Starting connect to MySQL server for #2
rlm_sql:  Connected new DB handle, #2
rlm_sql: starting 3
rlm_sql:  Attempting to connect #3
rlm_sql: Starting connect to MySQL server for #3
rlm_sql:  Connected new DB handle, #3
rlm_sql: starting 4
rlm_sql:  Attempting to connect #4
rlm_sql: Starting connect to MySQL server for #4
rlm_sql:  Connected new DB handle, #4
Module: Instantiated sql (sql) 
Module: Loaded files 
Module: Instantiated files (files) 
Module: Loaded preprocess 
Module: Instantiated preprocess (preprocess) 
Module: Loaded radutmp 
Module: Instantiated radutmp (radutmp) 
Initializing the thread pool...
Segmentation Fault
root@telem-tac:/usr/local/sbin # 
root@telem-tac:/usr/local/sbin # 
root@telem-tac:/usr/local/sbin # radiusd -zxyy
Starting - reading configuration files ...
Module: Loaded MS-CHAP 
Module: Instantiated mschap (mschap) 
Module: Loaded PAP 
Module: Instantiated pap (pap) 
Module: Loaded realm 
Module: Instantiated realm (suffix) 
Module: Loaded SQL 
rlm_sql: Driver rlm_sql_mysql loaded and linked
rlm_sql: Attempting to connect to icradius@localhost:/radius
rlm_sql: starting 0
rlm_sql:  Attempting to connect #0
rlm_sql: Starting connect to MySQL server for #0
rlm_sql:  Connected new DB handle, #0
rlm_sql: starting 1
rlm_sql:  Attempting to connect #1
rlm_sql: Starting connect to MySQL server for #1
rlm_sql:  Connected new DB handle, #1
rlm_sql: starting 2
rlm_sql:  Attempting to connect #2
rlm_sql: Starting connect to MySQL server for #2
rlm_sql:  Connected new DB handle, #2
rlm_sql: starting 3
rlm_sql:  Attempting to connect #3
rlm_sql: Starting connect to MySQL server for #3
rlm_sql:  Connected new DB handle, #3
rlm_sql: starting 4
rlm_sql:  Attempting to connect #4
rlm_sql: Starting connect to MySQL server for #4
rlm_sql:  Connected new DB handle, #4
Module: Instantiated sql (sql) 
Module: Loaded files 
Module: Instantiated files (files) 
Module: Loaded preprocess 
Module: Instantiated preprocess (preprocess) 
Module: Loaded radutmp 
Module: Instantiated radutmp (radutmp) 
Initializing the thread pool...
Segmentation Fault


Any ideas??

Thanks
Pedro Gonzalez

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Strange problem with pam_radius_auth

[Alan DeKok]

"Dr. Muhammad Masroor Ali" <[EMAIL PROTECTED]> wrote:
> I am trying to use pam_radius_auth with squid. The authentication 
> program I am using  (pam_auth) for squid works perfectly when I use 
> system authentication. But when I switch to pam_radius_auth, messages 
> from radius says the user is being authenticated perfectly, while squid 
> thinks otherwise.

  And the messages about what PAM is doing are non-existent, right?

  PAM has no helpful debugging information, so of course, it's the one
denying the user authentication, and there's no way for you to find
out why.


  Grab the latest pam_radius_auth module from CVS:

  http://www.freeradius.org/development.html

  It has a patch submitted recently which may help.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius upgrade

[Alan DeKok]

Igor Chen <[EMAIL PROTECTED]> wrote:
> radiusd.conf: "SQL" modules aren't allowed in 'authenticate' sections --
> they have no such method.
> 
> What should i do to enable sql auth? I just wanted to know where can i
> read about that changes... Changelog?

  Or the list archive.  That change was made MONTHS ago, and has been
discussed a number of times already.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Strange problem with pam_radius_auth

[Dr. Muhammad Masroor Ali]

Greetings,
I have spent the last four hours on this problem without any success. I 
have searched the whole Internet, and done everything conceivable 
(imaginable) but all else have failed.

I am trying to use pam_radius_auth with squid. The authentication 
program I am using  (pam_auth) for squid works perfectly when I use 
system authentication. But when I switch to pam_radius_auth, messages 
from radius says the user is being authenticated perfectly, while squid 
thinks otherwise.

My squid file in pam.d (as was suggested in INSTALL)

 auth   required /lib/security/pam_securetty.so
auth   sufficient   /lib/security/pam_radius_auth.so debug
auth   required /lib/security/pam_unix_auth.so


There is no indication of a mishap in var/log/messages, (the last lines 
are shown here),

Jul 30 18:13:40 iictss squid[4786]: Squid Parent: child process 4788 started

See, there is nothing after squid has started.


radiusd is being run is debug mode, and the relevant last lines are,

rad_recv: Access-Request packet from host 127.0.0.1:5814, id=182, length=78
User-Name = "radtest"
User-Password = "\342\031$\227<\002G\202\364\263fSK\003\305~"
NAS-IP-Address = 127.0.0.1
NAS-Identifier = "squid"
NAS-Port = 4789
NAS-Port-Type = Virtual
Service-Type = Authenticate-Only
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
rlm_realm: Looking up realm NULL for User-Name = "radtest"
rlm_realm: No such realm NULL
  modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 152
  modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
  rad_check_password:  Found Auth-Type System
auth: type "System"
modcall: entering group authenticate
  HASH:  user radtest found in hashtable bucket 16015
  modcall[authenticate]: module "unix" returns ok
modcall: group authenticate returns ok
Sending Access-Accept of id 182 to 127.0.0.1:5814
Finished request 10
Going to the next request


See that line with Access-Accept!!!


I have even tried running squid in debug mode, but nothing is said there.


Other relevant informations,

RH 7.3,
Squid 2.4.STABLE6
freeradius-0.7
pam_radius-1.3.15


Any help will be highly appreciated.


Masroor



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius upgrade

[Michael Bailey]

> rlm_sql:  Attempting to connect #4
> rlm_sql:  Connected new DB handle, #4
> Module: Instantiated sql (sql)
> radiusd.conf: "SQL" modules aren't allowed in 'authenticate' sections --
> they have no such method.
> 
> What should i do to enable sql auth? I just wanted to know where can i
> read about that changes... Changelog?

I think this change was in the move from 0.4->0.5
It was due to a pretty big change in the way sql is used.

>From memory there was some discussion on the list along with 
an explanation of how to configure it. 

cheers,

Mike

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

MySQL and simultaneous use check

[Niccolò Rigacci]

I successfully configured freeradius 0.6 to authenticate against MySQL
server and also to add accounting information to the database.

I want to add simultaneous access check so I uncommented
"simul_count_query" in sql.conf and added "sql" into session{} section of
radiusd.conf.

>From the radiusd log I see that the query is defined, but never used. What
am I missing?

Thank you very much

Niccolo Rigacci
Italy


This is the relevand part of radiusd.conf
-

   accounting {
 detail
 sql
 radutmp
   }
   session {
  sql
   }

This is the radiusd log
-
 sql: simul_count_query = "SELECT COUNT(*) FROM radacct WHERE
  UserName='%{SQL-User-Name}' AND AcctStopTime = 0"^M
 sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId,
  UserName, NASIPAddress, NASPortId, FramedIPAddress,
  CalledStationId FROM radacct WHERE UserN
 sql: simul_zap_query = "DELETE FROM radacct WHERE
  RadAcctId = '%s'"^M
...
...
query:  INSERT into radacct (RadAcctId, AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress,
NASPortId, NASPortType, AcctStartTime, AcctStopTime,
rlm_sql: Released sql socket id: 3
  modcall[accounting]: module "sql" returns ok
...

No other sql query are attempted.

Those are the modules called by radiusd:

  modcall[authorize]: module "preprocess" returns ok
  modcall[authorize]: module "chap" returns ok
  modcall[authorize]: module "suffix" returns noop
  modcall[authorize]: module "files" returns notfound
  modcall[authorize]: module "sql" returns ok
  modcall[authenticate]: module "chap" returns ok
  modcall[preacct]: module "preprocess" returns noop
  modcall[preacct]: module "suffix" returns noop
  modcall[preacct]: module "files" returns ok
  modcall[accounting]: module "detail" returns ok
  modcall[accounting]: module "sql" returns ok
  modcall[accounting]: module "radutmp" returns ok
  modcall[preacct]: module "preprocess" returns noop
  modcall[preacct]: module "suffix" returns noop
  modcall[preacct]: module "files" returns ok
  modcall[accounting]: module "detail" returns ok
  modcall[accounting]: module "sql" returns ok
  modcall[accounting]: module "radutmp" returns ok


Niccolo Rigacci <[EMAIL PROTECTED]>
Tex.NET s.r.l.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius upgrade

[Alex Kasatkin]

Hi!

Try to use sql module in authorization section of radiusd.conf.

regards. 

Igor Chen [[EMAIL PROTECTED]] wrote:
> On Mon, 29 Jul 2002, Alan DeKok wrote:
> 
> > Igor Chen <[EMAIL PROTECTED]> wrote:
> > > I tried to upgrade my freeradius-snapshot-20020131 to freeradius 0.7, but
> > > it seems to have many differences in .conf files.  Where can i read
> > > about new file format?
> >
> >   There isn't a new file format.  Some of the configuration entries
> > have been updated, changed, or have had additional documentation
> > written.
> ---
> ...
> rlm_sql:  Attempting to connect #4
> rlm_sql:  Connected new DB handle, #4
> Module: Instantiated sql (sql)
> radiusd.conf: "SQL" modules aren't allowed in 'authenticate' sections --
> they have no such method.
> 
> What should i do to enable sql auth? I just wanted to know where can i
> read about that changes... Changelog?
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-- 
S.N.O.O.P.: Synthetic Networked Organism Optimized for Peacekeeping

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius upgrade

[Igor Chen]

On Mon, 29 Jul 2002, Alan DeKok wrote:

> Igor Chen <[EMAIL PROTECTED]> wrote:
> > I tried to upgrade my freeradius-snapshot-20020131 to freeradius 0.7, but
> > it seems to have many differences in .conf files.  Where can i read
> > about new file format?
>
>   There isn't a new file format.  Some of the configuration entries
> have been updated, changed, or have had additional documentation
> written.
---
...
rlm_sql:  Attempting to connect #4
rlm_sql:  Connected new DB handle, #4
Module: Instantiated sql (sql)
radiusd.conf: "SQL" modules aren't allowed in 'authenticate' sections --
they have no such method.

What should i do to enable sql auth? I just wanted to know where can i
read about that changes... Changelog?


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: ippool_problem.May_this_be_a_good_fix

[Pierluigi Frullani]

ippool_problem.May_this_be_a_good_fix
>> "Pierluigi Frullani" <[EMAIL PROTECTED]> wrote:
>> >  Looking in the code I think I' ve found a "bug" that I fixed this
>> >  way:
>> ...
>> > Brief, when entering in this lines, if the user was missing the
>> > Pool-Name attribute, there were no return and some unpredictable
>> > Pool address was returned.
>>
>>   Ah, that's a problem.
>
> Well actually that was a design decision. If the Pool-Name attribute
> does not exist then the first module instance in the authorize section
> will give out an IP address. That way we have a default behaviour when
> the Pool-Name is missing.
But this should be specified or in the docs, or somewhere else, because if
you have multiple pools, and an user or a group don't fall in a group the
module would return every time an address from the first pool.
It is hard to immagine that the problem is a user misconfiguration when
you get an ip address from a pool you don't immagine.
Maybe is better to have a "default" pool that should be "needed" in config
and checked at startup.
If it is not there is should not start or at least should give a warning.
Or at least, in debug mode  you should give a warning that the user don't
fall in "the first" pool.
Keep in mind that if the user don't  have a group, the IP returned is
always from the first pool.

Hope my english is enough clear.
Pigi





- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius-Users digest, Vol 1 #911 - 23 msgs

[atanu das]

Thanks boein,
but i do not have the lines that u have mentioned in my sql.conf 
file.
atanu

On Mon, 29 Jul 2002 [EMAIL PROTECTED] 
wrote :
>Send Freeradius-Users mailing list submissions to
>   [EMAIL PROTECTED]
>
>To subscribe or unsubscribe via the World Wide Web, visit
>   http://lists.cistron.nl/mailman/listinfo/freeradius-users
>or, via email, send a message with subject or body 'help' to
>   [EMAIL PROTECTED]
>
>You can reach the person managing the list at
>   [EMAIL PROTECTED]
>
>When replying, please edit your Subject line so it is more 
>specific
>than "Re: Contents of Freeradius-Users digest..."
>
>
>Today's Topics:
>
>   1. Fwd: sql_oracle.fix (Yuri Bazhukov)
>   2. Re: Cisco VSA & FreeRADIUS (Thomas Jalsovsky)
>   3. RE: EAP-TLS key generation (Henrik Eriksson)
>   4. Freeradius 0.5 + mysql stop to authenticate (Marcello 
>Lupo)
>   5. Unique Problem !!! (atanu das)
>   6. Re: Unique Problem !!! (Boian Iliev Jordanov)
>   7. freeradius upgrade (Igor Chen)
>   8. Re: freeradius upgrade (Michael Bailey)
>   9. rlm_sqlcounter (=?iso-8859-1?Q?HOPP=C1L_Felici=E1n?=)
>   10. Passwd expiration (Ralf Korczykowski)
>   11. SQL fail-over (Thomas Jalsovsky)
>   12. Re: Passwd expiration (Andrew Kelaidis)
>   13. op field in SQL tables (Shpend Bakalli)
>   14. Re: op field in SQL tables (Alan DeKok)
>   15. Re: Basic User Group question (Alan DeKok)
>   16. Re: Problem with Group reject in 0.6 (Alan DeKok)
>   17. Re: EAP-TLS key generation (Alan DeKok)
>   18. Re: Freeradius 0.5 + mysql stop to authenticate (Alan 
>DeKok)
>   19. Re: freeradius upgrade (Alan DeKok)
>   20. Re: freeradius upgrade (Alan DeKok)
>   21. Binaries for Mac OS X (Adam C. Acord)
>   22. RE: Binaries for Mac OS X (Jason Lixfeld)
>   23. Problems with stripping realm off LOCAL auth? 
>([EMAIL PROTECTED])
>
>--__--__--
>
>Message: 1
> From: "Yuri Bazhukov" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Subject: Fwd: sql_oracle.fix
>Date: Mon, 29 Jul 2002 19:27:33 +1300
>charset="koi8-r"
>Reply-To: [EMAIL PROTECTED]
>
>Fix for sql_oracle driver in CVS and v. 0.7
>It returns 1 in case of success, which is wrong (should return 
>0)
>
>==
>* Forwarded by  <>
>* From: "root" <[EMAIL PROTECTED]>
>* Date: Mon, 29 Jul 2002 19:27:19 +1300
>* To: <[EMAIL PROTECTED]>
>==
>
>--- sql_oracle.c Fri Jul 12 05:29:00 2002 +++ sql_oracle.c.new 
>Mon Jul 29
>19:23:04 2002 @@ -280,7 +280,7 @@
>
>   oracle_sock->results=rowdata;
>
>- return 1;
>+ return 0;
>  }
>
>
>
>==
>=
>Yuri Bazhukov
>
>
>
>--__--__--
>
>Message: 2
>Date: Mon, 29 Jul 2002 10:49:59 +0200 (CEST)
> From: Thomas Jalsovsky <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Re: Cisco VSA & FreeRADIUS
>Reply-To: [EMAIL PROTECTED]
>
>
> > I've tested freeradius 0.6 and it works fine, I'm planning to 
>replace my
> > production radius now. I have only one problem, I'd like to 
>log Cisco
> > VSAs (like nas-rx-speed, nas-tx-speed) in SQL database. I have 
>50+
> > AS5350 an AS5400 with IOS 12.2 and it sends VSA accounting 
>as
> > Cisco-AVPair. Cisco-vsa-hack does not work with this. Any 
>solution? This
> > is a sample accounting-stop record:
>the cisco_vsa_hack is only for handling situation:
>Cisco-VSA = "Cisco-VSA=value"
>this will be rewritten to Cisco-VSA = value
>
>The hack does not handle situation
>Cisco-AVPair = "Cisco-VSA=value"
>
>you will have to expand the hack (what I did a year ago, but 
>wasn't
>applied to the FR code).
>
>Regards,
>   Thomas
>
> >
> > Fri Jul 26 22:56:34 2002
> > NAS-IP-Address = xxx
> > NAS-Port = 670
> > Cisco-NAS-Port = "Async5/22*Serial2/6:2"
> > NAS-Port-Type = Async
> > User-Name = "xxx"
> > Called-Station-Id = "xxx"
> > Calling-Station-Id = "xxx"
> > Acct-Status-Type = Stop
> > Acct-Authentic = RADIUS
> > Service-Type = Framed-User
> > Acct-Session-Id = "0E000D11"
> > Framed-Protocol = PPP
> > Framed-IP-Address = xxx
> > Acct-Terminate-Cause = Lost-Carrier
> > Acct-Input-Octets = 3597499
> > Acct-Output-Octets = 36347730
> > Acct-Input-Packets = 55748
> > Acct-Output-Packets = 74657
> > Acct-Session-Time = 7280
> > Cisco-AVPair = "disc-cause-ext=1011"
> > Cisco-AVPair = "pre-bytes-in=123"
> > Cisco-AVPair = "pre-bytes-out=112"
> > Cisco-AVPair = "pre-paks-in=5"
> > Cisco-AVPair = "pre-paks-out=5"
> > Cisco-AVPair = "pre-session-time=25"
> > Cisco-AVPair = "connect-progress=60"
> > Cisco-AVPair = "nas-rx-speed=28800"
> > Cisco-AVPair = "nas-tx-speed=5"
> > Acct-Delay-Time = 0
> > Client-IP-Address = xxx
> > Timestamp = 1027716994
> >
> > Best Regards,
> > Fel

What are the installation requirements for Free Radius?

[Krishna]

Hi,
  What would be the installation requirements for free radius and can I 
set up a Radius Proxy Server with it?

regards
Krishna


Krishna Shekhar
Network Administrator
Wiplash Wireless


http://www.wiplash.net


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_ippool / need help

[Ador Dauz]

> > my problem, I need to stop the radiusd service then delete
> > the db.ippool and db.ipindex files then restart the radiusd.
> > Any help please to solve my problem...
> >
> >       ippool hangar {
> >                 range-start = 172.16.10.50
> >                 range-stop =  172.16.10.60
> >                 netmask = 255.255.255.0
> >                 cache-size = 10
> >                 session-db = ${raddbdir}/db.ippool
> >                 ip-index = ${raddbdir}/db.ipindex
>
> I am not able to reproduce the problem. The ippool module will give out all
> the available ip's in it's pool and after that it will not do anything.
> Could you send some debuging info showing radiusd giving out a wrong IP?

this is what I have, I using 3Com Ras1500 as my RAS and RedHat 7.2. In my
RAS1500 box I have also an IPPOOL 172.16.10.10 size 10 means It will pool
10 ip address which this is for my default dialup users. I have also IPPOOL
configuration thru the rlm_ippool module and I need it because of the feature 
that it can define to limit the ippool. After I consumed  the range pool from 
my configuration 172.16.10.50 to 60, the next time I login it gave me 
172.16.10.11, 12, 13 and so on. So I need to stop the radius services then
delete the db.ippool and db.ipindex files and start again the radiusd 
servicecs. What I want to be even I consumed the IPPOOL range the next time
I login I can still pool with in the range specified. My biggest problem is 
I'm not a programmer so I don't know how to debug. 
Thank you Kostas for replying my email... I realy need the features.

Thanks again.
--ador

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html