(no subject)
Re: libtool libs conflicts.
On Mon, 9 Sep 2002, Yang-Hwee TAN wrote:
Hi,
i've just managed to build the freeradius rpm from an old v0.6 redhat spec file,
and now i've got a problem on the libtool libs conflict with the ones build onto
FreeRadius' rpm.
here are the options i used to build the rpm for freeradius:
%configure --prefix=%{_prefix} \
--localstatedir=%{_localstatedir} \
--sysconfdir=%{_sysconfdir} \
--mandir=%{_mandir} \
--with-threads \
--with-thread-pool \
--with-gnu-ld \
--with-rlm-krb5-include-dir=/usr/include/krb5 \
--with-rlm-krb5-lib-dir=/usr/lib
What you need to to is add --libdir=/usr/lib/freeradius to your configure
line. This will put all the rlm*.so modules and the libtool libraies in
/usr/lib/freeradius. That is how I have worked around this problem in both
debian and RedHat for version 0.7. Should work for 0.6.
Yours Tony
Jan 22-25 2003 Linux.Conf.AUhttp://linux.conf.au/
The Australian Linux Technical Conference!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RH 6.2 Freeradius-0.7
On Thu, 5 Sep 2002 16:52:49 +0800 Joeffrey Betita wrote: Freeradius is now running on my RH6.2 but when i try to dialup my login name did not appear on the radius.log pls. help me. thank you very much I suggest you first perform checking of your installation by running radtest. After that, if dialup doesn't work it is likely to be not the problem of FreeRadius. -- Balkin Ruslan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error: Invalid operator for item NAS-Port-Type: 11 reverting to'=='
On Mon, 9 Sep 2002, Allister Maguire wrote:
Hello,
I am using FreeRadius v0.7 with rlm_ldap and get this error for all
check items: Mon Sep 9 10:16:53 2002 : Error: Invalid operator for
item NAS-Port-Type: 11 reverting to '=='.
I have looked through the code and found what I think is the cause:
static VALUE_PAIR *
ldap_pairget(LDAP * ld, LDAPMessage * entry,
TLDAP_RADIUS * item_map, VALUE_PAIR **pairs)
{
} else {
/* this is a one-to-one-mapped attribute */
token = gettoken(ptr, value, sizeof(value));
if (token T_EQSTART || token T_EQEND) {
token = T_OP_EQ;
} else {
gettoken(ptr, value, sizeof(value));
}
}
After reading the man on users it says:
Attribute = Value
Not allowed as a check item.
As a reply item, it means add the item to the reply list, but only if
there is no other item of the same attribute.
This means line token = T_OP_EQ; should be for checkItems token =
T_OP_CMP_EQ;, == (as a default). But because ldap_pairget() is used
for replyItems also, therefore it will need to token = T_OP_EQ; for
replyItems.
Now then what would be the best way to solve it, I thought a simple way
might be to pass what type of pairs they are to ldap_pairget(), check or
reply and put a if statement around token = T_OP_EQ; eg:
if (strcasecmp(itemType, checkItem) == 0) {
token = T_OP_CMD_EQ;
}
Else {
token = T_OP_EQ;
}
OK, I 've changed the code a little based on your idea. If we add check items
then we use the '==' operator.
It works correctly as it is, but the log has these error for every auth
attempt. My guess is that the comparing of attributes would be done by
the same piece of code for all modules, there is documented conventions
for operator type, should the rlm_ldap module follow those conventions
as well?
Also because there are other operators that could also be used, maybe a
better option in the future might be specifying the operator in
ldap.attrmap for each item?
You can add an operator in the attribute ldap value. Something like
radiusAuthType: := Local
should work (although I haven't tested it). I think that the defaults are quite
fine.
Regards
Allister Maguire
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP/MD5,CHAP O.K - PAP Fails
High List
I have problem concerning freeradius 0.7 on an RedHat 7.3 Operating
system.
EAP/MD5 and Chap works fine in conjunction with LDAP. But PAT
authentification fails.
Any hints or suggestions where I make an mistake !
## Start: radiusd.conf #
modules {
...
eap {
md5 {
}
}
chap {
}
mschap {
authtype = MS-CHAP
}
pap {
encryption_scheme = clear
}
ldap {
server = ldap.uni-oldenburg.de
identity = cn=...
password = ...
basedn = ou=Radius,ou=Account,dc=uni-oldenburg,dc=de
filter = (uid=%u)
start_tls = no
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 15
password_attribute = userPassword
timeout = 4
timelimit = 3
net_timeout = 1
}
...
}
authorize {
preprocess
chap
ldap
eap
}
authenticate {
eap
authtype CHAP {
chap
}
authtype PAP {
pap
}
}
## End: radiusd.conf #
## Start: users #
DEFAULT Auth-Type := Local
Fall-Through = 1
DEFAULT Auth-Type := System
Fall-Through = 1
## End:: users #
rad_recv: Access-Request packet from host 213.20.240.250:56949, id=117,
length=73
User-Name = talktest
CHAP-Password = 0x7519249ac5d1bd628ef8e017015373a99b
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-IP-Address = 213.20.240.250
NAS-Port = 1
modcall: entering group authorize
modcall[authorize]: module preprocess returns ok
rlm_chap: Adding Auth-Type = CHAP
modcall[authorize]: module chap returns ok
rlm_ldap: - authorize
rlm_ldap: performing user authorization for talktest
radius_xlat: '(uid=talktest)'
radius_xlat: 'ou=Radius,ou=Account,dc=uni-oldenburg,dc=de'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in
ou=Radius,ou=Account,dc=uni-oldenburg,dc=de, with filter (uid=talktest)
rlm_ldap: Added password talktalk in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user talktest authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module ldap returns ok
rlm_eap: EAP-Message not found
modcall[authorize]: module eap returns noop
modcall: group authorize returns ok
rad_check_password: Found Auth-Type CHAP
auth: type CHAP
modcall: entering group authtype
rlm_chap: login attempt by talktest with CHAP password
u?$?Åѽb?øà??Ss©?
rlm_chap: Using clear text password talktalk for user talktest
authentication.
rlm_chap: chap user talktest authenticated succesfully
modcall[authenticate]: module chap returns ok
modcall: group authtype returns ok
Login OK: [talktest/CHAP-Password] (from client MediaWays port 1)
Sending Access-Accept of id 117 to 213.20.240.250:56949
Finished request 706
rad_recv: Access-Request packet from host 213.20.240.250:56973, id=24,
length=72
User-Name = talktest
User-Password = W\022R\351\\\026q}7Q\003\355\224$N
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-IP-Address = 213.20.240.250
NAS-Port = 1
modcall: entering group authorize
modcall[authorize]: module preprocess returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module chap returns noop
rlm_ldap: - authorize
rlm_ldap: performing user authorization for talktest
radius_xlat: '(uid=talktest)'
radius_xlat: 'ou=Radius,ou=Account,dc=uni-oldenburg,dc=de'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in
ou=Radius,ou=Account,dc=uni-oldenburg,dc=de, with filter (uid=talktest)
rlm_ldap: Added password talktalk in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user talktest authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module ldap returns ok
rlm_eap: EAP-Message not found
modcall[authorize]: module eap returns noop
modcall: group authorize returns ok
rad_check_password: Found Auth-Type LDAP
auth: type LDAP
auth: Failed to validate the user.
Login incorrect: [talktest/talktalk] (from client MediaWays port 1)
Delaying request 711 for 1 seconds
Finished request 711
Going to the next request
--
+--+
+ Juergen Weissmailto:[EMAIL PROTECTED] |
+ Hochschulrechenzentrum TEL: +49 0441 7984407 |
+ Universitaet Oldenburg FAX: +49 0441 7984413 |
+ Carl v. Ossietzky Str. 9-11 http://www.hrz.uni-oldenburg.de/~weiss |
+--+
+
-
List info/subscribe/unsubscribe? See
Login Rejected
Hi
I have installed freeradius 0.7 on a Redhat Linux 7.3. I am having
problems authenticating using username@domain. If I use username,
without the domain option, all works fine. Also, if I have user@domain
in the /etc/passwd file, the login is accepted as well.
The relevant entries are shown below, together with the output as shown
with the Radius Debug.
Your help would be greatly appreciated. BTW, the man pages regarding
huntgroups, hints and clients.conf referenced to in radiusd man page, do
not exist on my system, neither in the package I downloaded. Do these
exist? If, yes, where?
Thanks
Geoff
/etc/huntgroups
adslNAS-IP-Address == 192.168.0.25
Group == tech
/etc/hints
DEFAULT Suffix = stream, Strip-User-Name = Yes
Hint = STREAM
/etc/proxy.conf
realm stream {
type= radius
authhost= LOCAL
accthost= LOCAL
hints
}
/etc/passwd
test:x:500:48:Geoffrey Cauchi:/home/test:/bin/false
/etc/group
tech:x:48:
Radius Debug
rad_recv: Access-Request packet from host 192.168.0.25:36868, id=159,
length=132
User-Name = test@stream
User-Password = ^|z\363\003\3163\034\313\340\217}\242n4
NAS-IP-Address = 192.168.0.25
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Compression = None
NAS-Port-Type = Sync
NAS-Port = 8392609
Port-Limit = 0
Calling-Station-Id = 03100301002
Acct-Session-Id = 0352769928
Attr-218 = \000\000\000\036
modcall: entering group authorize
hints: Matched DEFAULT at 63
No huntgroup access: [test] (from client bras port 8392609 cli
03100301002)
modcall[authorize]: module preprocess returns reject
modcall: group authorize returns reject
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
SMUX connect try 2
Can't connect to SNMP agent with SMUX: Connection refused
--- Walking the entire request list ---
Waking up in 1 seconds...
SMUX connect try 3
Can't connect to SNMP agent with SMUX: Connection refused
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 159 to 192.168.0.25:36868
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 159 with timestamp 3d7c80e1
Nothing to do. Sleeping until we see a request.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/MD5,CHAP O.K - PAP Fails
On Mon, 9 Sep 2002, [iso-8859-1] Jürgen Weiß wrote:
High List
I have problem concerning freeradius 0.7 on an RedHat 7.3 Operating
system.
EAP/MD5 and Chap works fine in conjunction with LDAP. But PAP
authentification fails.
Any hints or suggestions where I make an mistake !
## Start: radiusd.conf #
modules {
...
eap {
md5 {
}
}
chap {
}
mschap {
authtype = MS-CHAP
}
pap {
encryption_scheme = clear
}
ldap {
server = ldap.uni-oldenburg.de
identity = cn=...
password = ...
basedn = ou=Radius,ou=Account,dc=uni-oldenburg,dc=de
filter = (uid=%u)
start_tls = no
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 15
password_attribute = userPassword
timeout = 4
timelimit = 3
net_timeout = 1
}
...
}
authorize {
preprocess
chap
ldap
eap
}
authenticate {
eap
authtype CHAP {
chap
}
authtype PAP {
pap
}
}
## End: radiusd.conf #
## Start: users #
DEFAULT Auth-Type := Local
Fall-Through = 1
DEFAULT Auth-Type := System
Fall-Through = 1
## End:: users #
Hint 1: You don't have the files module listed in your authorize section.
Hint 2: You don't set the Auth-Type to PAP.
Hint 3: Don't use the := operator for Auth-Type. CHAP will not work if you do
that
I would suggest something like this:
authorize{
preprocess
chap
eap
files
ldap
}
users:
DEFAULT Auth-Type = PAP
or you could just leave the users file blank, add the ldap module in the
authenticate section and let it handle the PAP requests.
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
counter_monthly: Failed to open file ... Resource temporarily unavailable...
hi everybody, do you know what may produce these errors ? it happened after the log rotation, and the server did not start anymore. Mon Sep 9 07:16:26 2002 : Error: rlm_counter: Failed to open file /var/log/radiusd-freeradius/counters/counter.monthly: Resource temporarily unavailable Mon Sep 9 07:16:26 2002 : Error: radiusd.conf[247]: counter_monthly: Module instantiation failed. Mon Sep 9 07:17:26 2002 : Error: rlm_counter: Failed to open file /var/log/radiusd-freeradius/counters/counter.monthly: Resource temporarily unavailable Mon Sep 9 07:17:26 2002 : Error: radiusd.conf[247]: counter_monthly: Module instantiation failed. Mon Sep 9 07:18:26 2002 : Error: rlm_counter: Failed to open file /var/log/radiusd-freeradius/counters/counter.monthly: Resource temporarily unavailable Mon Sep 9 07:18:26 2002 : Error: radiusd.conf[247]: counter_monthly: Module instantiation failed. Mon Sep 9 07:19:26 2002 : Error: rlm_counter: Failed to open file /var/log/radiusd-freeradius/counters/counter.monthly: Resource temporarily unavailable Mon Sep 9 07:19:26 2002 : Error: radiusd.conf[247]: counter_monthly: Module instantiation failed. Mon Sep 9 07:20:27 2002 : Error: rlm_counter: Failed to open file /var/log/radiusd-freeradius/counters/counter.monthly: Resource temporarily unavailable Mon Sep 9 07:20:27 2002 : Error: radiusd.conf[247]: counter_monthly: Module instantiation failed. nevertheless, the counter db file is actually there, and is with the right permission, tanalahy:/var/log/radiusd-freeradius# ls -l counters/ total 292 -rw-rw1 freerad freerad 49184 Jun 17 10:03 counter.daily -rw-rw1 freerad freerad 90531 Sep 9 07:31 counter.monthly -rw-rw1 freerad freerad159845 Sep 9 07:31 counter.never tanalahy:/var/log/radiusd-freeradius# regards, + -- DouRiX \\\|/// ___ \\ - - // ___ __ | _ oOOo_ _oOOo| _ \(_) \/ / | | | |/ _(_) | | | |_| ) |\ / | |_| | (_) | |_| | _ | |/ \ |/ \___/ \_O| \_\_/_/\_\ f u cn rd ths u r usng unx O ) / ( )(_/ \ ( \_) [Women who seek to be equal to men lack ambition.] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: libtool libs conflicts.
You can use your systems libtool instead of the one that ships with the
FreeRADIUS source. Add --with-system-libtool to your configure.
I seemed to need that on Mandrake when I built it with my RPM
(http://volcano.boulderhill.net/freeradius-rpm/)
-Shawn
On Mon, 9 Sep 2002, Yang-Hwee TAN wrote:
Hi,
i've just managed to build the freeradius rpm from an old v0.6 redhat spec file,
and now i've got a problem on the libtool libs conflict with the ones build onto
FreeRadius' rpm.
here are the options i used to build the rpm for freeradius:
%configure --prefix=%{_prefix} \
--localstatedir=%{_localstatedir} \
--sysconfdir=%{_sysconfdir} \
--mandir=%{_mandir} \
--with-threads \
--with-thread-pool \
--with-gnu-ld \
--with-rlm-krb5-include-dir=/usr/include/krb5 \
--with-rlm-krb5-lib-dir=/usr/lib
i did tried to use the switch --disable-ltdl-install, but the compilation complains
and it seems like its not a valid option for compiling. any help on this would be
great!
Does anyone knows if i can rebuild the binary without the conflict on my system's
libtool libs to happen? (see the rpm conflict below). Or is this a normal thing?
Meaning that i can go ahead to replace the libraries for my libtool in order to
use FreeRadius?
[root@lnx00 root]# rpm --test -Uvh
/usr/src/RPM/RPMS/i586/freeradius-0.7-1mdk.i586.rpm
Preparing...### [100%]
file /usr/lib/libltdl.so.3.1.0 from install of freeradius-0.7-1mdk conflicts with
file from package libltdl3-1.4.2-3mdk
file /usr/lib/libltdl.a from install of freeradius-0.7-1mdk conflicts with file
from package libltdl3-devel-1.4.2-3mdk
file /usr/lib/libltdl.la from install of freeradius-0.7-1mdk conflicts with file
from package libltdl3-devel-1.4.2-3mdk
--
Cheers!
Yanghwee TAN [EMAIL PROTECTED]
http://krypton.bii.a-star.edu.sg/~tanyh/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Shawn K. O'Shea
Sr. Unix Administrator
DSL.net, Inc.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radkill
Hello, I am looking for a copy of radkill, the site listed in the FAQ does not work (the name resolves, but there is no route to host) What i would like is to have raddb periodically query the freeradius server for (re)authorisation of online users, and if authorisation fails, kick off that user. Does anybody know of another ftp location (or has the file) ? Cheers Brett - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
One question
Title: Message Hi all, How can i close the user connection on radius server ?
Multiple Query
Hi friends, Is there anyone who Knows whether multiple query is possible in FreeRadius. I've seen one implemented example but I can not do the same thing using my sql.conf. Best wishes for ALL, Massood Sam __ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: replicate-to-realm - freeRadius 0.7
Loh John Wu [EMAIL PROTECTED] wrote: I basically want all incoming accounting packets (no care about which realm it came from or even if it came from a specific realm) to be replicated to another remote server (tpc-c3-27). Use 'radrelay'. It's by far and away your best choice. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Login Rejected
I have installed freeradius 0.7 on a Redhat Linux 7.3. I am having problems authenticating using username@domain. If I use username, without the domain option, all works fine. Also, if I have user@domain in the /etc/passwd file, the login is accepted as well. The relevant entries are shown below, together with the output as shown with the Radius Debug. Which you should read: modcall: entering group authorize hints: Matched DEFAULT at 63 No huntgroup access: [test] (from client bras port 8392609 cli 03100301002) modcall[authorize]: module preprocess returns reject The 'huntgroup file you edited says to reject that user. So find out what's special about the domain, and why you've configured the 'huntgroup' file to reject it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Login Rejected
The thing is that the user test@stream and test are the same user. The only thing is that the radius daemon should remove the realm and authenticate the user without the domain. I do not know why the huntgroup is denying access. Geoff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Alan DeKok Sent: Monday, September 09, 2002 5:41 PM To: [EMAIL PROTECTED] Subject: Re: Login Rejected I have installed freeradius 0.7 on a Redhat Linux 7.3. I am having problems authenticating using username@domain. If I use username, without the @domain option, all works fine. Also, if I have user@domain in the /etc/passwd file, the login is accepted as well. The relevant entries are shown below, together with the output as shown with the Radius Debug. Which you should read: modcall: entering group authorize hints: Matched DEFAULT at 63 No huntgroup access: [test] (from client bras port 8392609 cli 03100301002) modcall[authorize]: module preprocess returns reject The 'huntgroup file you edited says to reject that user. So find out what's special about the @domain, and why you've configured the 'huntgroup' file to reject it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Login Rejected
Geoffrey Cauchi [EMAIL PROTECTED] wrote: The thing is that the user test@stream and test are the same user. The only thing is that the radius daemon should remove the realm and authenticate the user without the domain. How does the server know to do that? Magic? The answer is that the server knows to do it because of your local configuration. So if your local configuration doesn't do what you want, then you've got to fix it. I do not know why the huntgroup is denying access. Read the 'huntgroup' file, and see what you've configured it to do. Walk a packet through, making NO assumptions about what the server is *supposed* to do. Most of the reasons people misunderstand the behaviour of the server are because they *expect* the server to know something, or do something, but they haven't *configured* the server to do that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP/TLS with dynamic WEP
hi is there anybody on the list who managed to install freeradius with EAP/TLS and dynamic WEP with cisco hardware (notably ap340 or ap350 AND/or the wlan cards aironet 340 / 350)? if you are using it with another hardware or only partly with the same hardware, please let me know about your experiences. i'm currently trying to configure eap/tls with ap340 or 350 and the cisco cards and everything works fine (authentication, the keys are sent to the AP by freeradius, etc.) except for the dynamic WEP - my notebook fails to obtain the DHCP address (probably because the broadcast key is not like it should be or something similiar). i use the newest versions of freeradius and all firmware implied. does soembody have a hint on it? thanks, artur -- Artur Hecker Groupe Accès et Mobilité hecker[at]enst[dot]fr Département Informatique et Réseaux +33 1 45 81 750746, rue Barrault 75634 Paris cedex 13 http://www.infres.enst.fr ENST Paris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: User-Passwrd and Crypt-Password
Joe Lewis [EMAIL PROTECTED] wrote: What is the difference between User-Password and Crypt-Password? Is User-Password supposed to be plain text, Yes. or can I put it in as a unix crypt() result? No. Am I supposed to put it in as Crypt-Password if it's a crypt() result? Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: User-Passwrd and Crypt-Password
Thanks! (I love short answers!) Alan DeKok wrote: Yes. No. Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
importing NT LDAP + password info into mySQL
Hello, I realize this is a total newbie question, but it seems like a pretty common scenario so hopefully someone out there can lend a hand. :) I'm getting ready to migrate from NT authentication over to FreeRadius, with the ultimate goal being to free ourselves from dependency on the NT server. I'm stumped, however, as to how I should migrate all of the user/password db's off of NT and over to Linux. Assuming I put FreeRadius onto any flavor Linux, with mySQL installed, does anyone have documentation outlining how to port LDAP db's, SAM password entries, and other required information off of NT and into mySQL? I assume passwords are not stored directly in LDAP. (?) If there are scripts out there that you know of and can share, that would also be a huge help! I'm dealing with a user base of about 12000, so re-generating passwords is a terrifying option. :( Thanks for your help, Joe p.s. if i'm leaving out any pieces of the puzzle please e-mail me. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Severe Issues with Radius Authentication/MySQL
Then the server thinks everything is fine, and it looks like the MySQL back-end is returning the wrong data... But if that is the problem, then why don't I have to restart MySQL as well? All that I need to do is restart radius; actually cronning kill -HUP seems to be working so far. Joshua Corbin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Severe Issues with Radius Authentication/MySQL
Joshua Corbin [EMAIL PROTECTED] wrote: Then the server thinks everything is fine, and it looks like the MySQL back-end is returning the wrong data... But if that is the problem, then why don't I have to restart MySQL as well? Maybe it's a problem with the MySQL client libraries. All that I need to do is restart radius; actually cronning kill -HUP seems to be working so far. Sending a HUP to the server tears down all of the MySQL connections, and then re-starts them from scratch. Could you verify if the problem also occurs when using the 'users' file, or another SQL back-end? If so, then it's likely a problem with the server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: User-Passwrd and Crypt-Password
On Mon, 9 Sep 2002, Alan DeKok wrote: Joe Lewis [EMAIL PROTECTED] wrote: What is the difference between User-Password and Crypt-Password? Is User-Password supposed to be plain text, Yes. Well, actually if you are using the pap module User-Password can contain whatever you want (clear,crypt,md5,sha1). or can I put it in as a unix crypt() result? No. Am I supposed to put it in as Crypt-Password if it's a crypt() result? Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: libtool libs conflicts.
hi,
ok noted. thanks for sharing! :-)
cheers,
Yanghwee.
On Mon, 9 Sep 2002 09:24:54 -0400 (EDT)
Shawn O'Shea [EMAIL PROTECTED] wrote:
You can use your systems libtool instead of the one that ships with the
FreeRADIUS source. Add --with-system-libtool to your configure.
I seemed to need that on Mandrake when I built it with my RPM
(http://volcano.boulderhill.net/freeradius-rpm/)
-Shawn
On Mon, 9 Sep 2002, Yang-Hwee TAN wrote:
Hi,
i've just managed to build the freeradius rpm from an old v0.6 redhat spec file,
and now i've got a problem on the libtool libs conflict with the ones build onto
FreeRadius' rpm.
here are the options i used to build the rpm for freeradius:
%configure --prefix=%{_prefix} \
--localstatedir=%{_localstatedir} \
--sysconfdir=%{_sysconfdir} \
--mandir=%{_mandir} \
--with-threads \
--with-thread-pool \
--with-gnu-ld \
--with-rlm-krb5-include-dir=/usr/include/krb5 \
--with-rlm-krb5-lib-dir=/usr/lib
i did tried to use the switch --disable-ltdl-install, but the compilation
complains
and it seems like its not a valid option for compiling. any help on this would be
great!
Does anyone knows if i can rebuild the binary without the conflict on my system's
libtool libs to happen? (see the rpm conflict below). Or is this a normal thing?
Meaning that i can go ahead to replace the libraries for my libtool in order to
use FreeRadius?
[root@lnx00 root]# rpm --test -Uvh
/usr/src/RPM/RPMS/i586/freeradius-0.7-1mdk.i586.rpm
Preparing...### [100%]
file /usr/lib/libltdl.so.3.1.0 from install of freeradius-0.7-1mdk conflicts with
file from package libltdl3-1.4.2-3mdk
file /usr/lib/libltdl.a from install of freeradius-0.7-1mdk conflicts with file
from package libltdl3-devel-1.4.2-3mdk
file /usr/lib/libltdl.la from install of freeradius-0.7-1mdk conflicts with file
from package libltdl3-devel-1.4.2-3mdk
--
Cheers!
Yanghwee TAN [EMAIL PROTECTED]
http://krypton.bii.a-star.edu.sg/~tanyh/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Shawn K. O'Shea
Sr. Unix Administrator
DSL.net, Inc.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Cheers!
- = 0 = - 0 - = 0 = - 0 - = 0 = - 0 - = 0 = -
BII Trainee (Year 2002/3)
Yanghwee TAN [EMAIL PROTECTED]
http://krypton.bii.a-star.edu.sg/~tanyh/
BioInformatics Institute (an agency of A-STAR)
http://www.bii.a-star.edu.sg
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Severe Issues with Radius Authentication/MySQL
Could you verify if the problem also occurs when using the 'users' file, or another SQL back-end? If so, then it's likely a problem with the server. I really don't have the liberty to do this, because we are using FreeRadius in a production scenario, any lapse in service is unacceptable. And it may be that running the server for days on end with our load might be bringing out a new crack that hasn't shown up before. But I really am loath to chagne a working config, unless it will fix the problem we have. Joshua Corbin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
