FreeRadius and md5

2002-10-09 Thread Nick Marino 

How do I get freeradius to use md5 instead of crypt?
I have in my pap settings to use md5
Encryption_scheme = md5

But it still tries to use crypt..
If I put a user in the database with an md5 encrypted password but it
gets rejected at loging.
But users with a crypt encrypted password log in fine.

Any help would be greatly appreciated.



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.394 / Virus Database: 224 - Release Date: 10/3/2002
 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius and md5

2002-10-09 Thread Kostas Kalevras 

On Wed, 9 Oct 2002, Nick Marino wrote:

 How do I get freeradius to use md5 instead of crypt?
 I have in my pap settings to use md5
 Encryption_scheme = md5

 But it still tries to use crypt..
 If I put a user in the database with an md5 encrypted password but it
 gets rejected at loging.
 But users with a crypt encrypted password log in fine.

 Any help would be greatly appreciated.

md5 encrypted passwords = crypt with the $1$ salt or truly md5 encrypted
passwords?

If you are using the former then you could try specifying crypt as the
encryption scheme. It will probable work ok. the md5 encryption scheme will not
work with salted md5 passwords like the ones generated by crypt().

If nothing of this works run the server in debug mode and check the output.

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

disconnecting users

2002-10-09 Thread Mehdi Roomi 

  Hi,
- Is there any feature to kill online users that can be viewd with
radwho ?  if Yes, How?
(the radkill can't be downloaded from the specified web site)

Regards,
M. Roomi

_
Send and receive Hotmail on your mobile device: http://mobile.msn.com


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius and md5

2002-10-09 Thread Bobi 

--  Forwarded Message  --

Subject: rlm_pap using crypt() bug report
Date: Fri, 28 Jun 2002 17:41:10 +0300
From: Bobi [EMAIL PROTECTED]
To: [EMAIL PROTECTED]

When compiled with SNMP support (default=yes) crypt funciton in rlm_pap
doesn't work with md5 passwords (Crypt mode)
because it uses libcrypto instead of libcrypt.

--
B.

On Wednesday 09 October 2002 10:39, Nick Marino wrote:
 How do I get freeradius to use md5 instead of crypt?
 I have in my pap settings to use md5
 Encryption_scheme = md5

 But it still tries to use crypt..
 If I put a user in the database with an md5 encrypted password but it
 gets rejected at loging.
 But users with a crypt encrypted password log in fine.

 Any help would be greatly appreciated.



 ---
 Outgoing mail is certified Virus Free.
 Checked by AVG anti-virus system (http://www.grisoft.com).
 Version: 6.0.394 / Virus Database: 224 - Release Date: 10/3/2002



 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html

-- 
B.Ikonomov
Techno-link


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Proxy Radius

2002-10-09 Thread Mehdi Roomi 

  Hi,
I have my previous NT commercial accounting server(ISPUtil) with more than 
1 active users on it. as I cant't export crypted NT passwords into 
freeradius, I want to define all new accounts in FreeRadius and also want 
freeradius acts as the master Accounting  server and if the accounts doesn't 
exist in FreeRadius, I want the user to be redirected to Previous nasty NT 
accounting server.

Freeradius proxy always redirects the requests to NT accounting server 
before searching itself for this username!
I want FreeRadius First search itself and if the username doesn't exist , It 
redirect it to Next accounting Server.

Additional Info:
there is no seprator like '' in the username and I don't want to use in new 
accounts too.
as I configured freeradius, it acts as proxy, as it works well when the 
username doesn't exist in freeradius so it redirected to NT accounting 
server.
but when the username exists in the Freeradius, It doesn't authenticate the 
user and resend it to second server.


please let me know how to reconfigue the proxy radius.

Regards,
M. Roomi



_
Join the world’s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Proxy Radius

2002-10-09 Thread 3APA3A 

Dear Mehdi Roomi,

You   can   export   your   crypted  NT  passwords  to  FreeRADIUS.  See
doc/rlm_mschap

--Wednesday, October 9, 2002, 1:28:51 PM, you wrote to 
[EMAIL PROTECTED]:

MR   Hi,
MR I have my previous NT commercial accounting server(ISPUtil) with more than 
MR 1 active users on it. as I cant't export crypted NT passwords into 
MR freeradius, I want to define all new accounts in FreeRadius and also want 
MR freeradius acts as the master Accounting  server and if the accounts doesn't 
MR exist in FreeRadius, I want the user to be redirected to Previous nasty NT 
MR accounting server.

MR Freeradius proxy always redirects the requests to NT accounting server 
MR before searching itself for this username!
MR I want FreeRadius First search itself and if the username doesn't exist , It 
MR redirect it to Next accounting Server.

MR Additional Info:
MR there is no seprator like '@' in the username and I don't want to use in new 
MR accounts too.
MR as I configured freeradius, it acts as proxy, as it works well when the 
MR username doesn't exist in freeradius so it redirected to NT accounting 
MR server.
MR but when the username exists in the Freeradius, It doesn't authenticate the 
MR user and resend it to second server.


MR please let me know how to reconfigue the proxy radius.

MR Regards,
MR M. Roomi



MR _
MR Join the world’s largest e-mail service with MSN Hotmail. 
MR http://www.hotmail.com


MR - 
MR List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-- 
~/ZARAZA
Ïîÿâèëñÿ íîâûé òèï ýëåìåíòàðíûõ ÷àñòèö - øêâàðêè.
Íå î÷åíü áîëüøèå, ñëåãêà ïîäãîðåâøèå.  (Ëåì)


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Proxy Radius

2002-10-09 Thread Mehdi Roomi 

  Thank You.
I exported NT SAM passwords into a file successfully. one sample line is as 
following:
borj2:1003:4f132fed9c9f145daad3b435b51404ee:6af463cbfe0f54eadfefd907ec233491:::

currently my freeradius configured to use clear text passwords which stored 
in mysql and pap authentication method for authentication.

Now I think that I should use rlm_passwd module instead of rlm_mschap? and 
import this file into radcheck table of radius database.
also I want new passwords to be saved as clear text .
another problem is that I want users to be able to change their passwords 
from web site and I don't know how to check the previous passwords in my PHP 
program.


Regards,
M. Roomi



You   can   export   your   crypted  NT  passwords  to  FreeRADIUS.  See
doc/rlm_mschap

--Wednesday, October 9, 2002, 1:28:51 PM, you wrote to 
[EMAIL PROTECTED]:

MR   Hi,
MR I have my previous NT commercial accounting server(ISPUtil) with more 
than
MR 1 active users on it. as I cant't export crypted NT passwords into
MR freeradius, I want to define all new accounts in FreeRadius and also 
want
MR freeradius acts as the master Accounting  server and if the accounts 
doesn't
MR exist in FreeRadius, I want the user to be redirected to Previous nasty 
NT
MR accounting server.

MR Freeradius proxy always redirects the requests to NT accounting server
MR before searching itself for this username!
MR I want FreeRadius First search itself and if the username doesn't exist 
, It
MR redirect it to Next accounting Server.

MR Additional Info:
MR there is no seprator like '@' in the username and I don't want to use 
in new
MR accounts too.
MR as I configured freeradius, it acts as proxy, as it works well when the
MR username doesn't exist in freeradius so it redirected to NT accounting
MR server.
MR but when the username exists in the Freeradius, It doesn't authenticate 
the
MR user and resend it to second server.


MR please let me know how to reconfigue the proxy radius.

MR Regards,
MR M. Roomi



MR _
MR Join the worlds largest e-mail service with MSN Hotmail.
MR http://www.hotmail.com


MR -
MR List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html


--
~/ZARAZA

    - .
  
,  .  ()


-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html




_
Join the world’s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re[2]: Proxy Radius

2002-10-09 Thread 3APA3A 

Dear Mehdi Roomi,

You  should  use  both  rlm_passwd and rlm_mschap modules (rlm_passwd in
authorize, rlm_mschap in authenticate. Optionally you can use rlm_mschap
in authorize).

See doc/rlm_mschap and doc/rlm_passwd.

--Wednesday, October 9, 2002, 5:32:02 PM, you wrote to 
[EMAIL PROTECTED]:

MR   Thank You.
MR I exported NT SAM passwords into a file successfully. one sample line is as 
MR following:
MR borj2:1003:4f132fed9c9f145daad3b435b51404ee:6af463cbfe0f54eadfefd907ec233491:::

MR currently my freeradius configured to use clear text passwords which stored 
MR in mysql and pap authentication method for authentication.

MR Now I think that I should use rlm_passwd module instead of rlm_mschap? and 
MR import this file into radcheck table of radius database.
MR also I want new passwords to be saved as clear text .
MR another problem is that I want users to be able to change their passwords 
MR from web site and I don't know how to check the previous passwords in my PHP 
MR program.


MR Regards,
MR M. Roomi



You   can   export   your   crypted  NT  passwords  to  FreeRADIUS.  See
doc/rlm_mschap

--Wednesday, October 9, 2002, 1:28:51 PM, you wrote to 
[EMAIL PROTECTED]:

MR   Hi,
MR I have my previous NT commercial accounting server(ISPUtil) with more 
than
MR 1 active users on it. as I cant't export crypted NT passwords into
MR freeradius, I want to define all new accounts in FreeRadius and also 
want
MR freeradius acts as the master Accounting  server and if the accounts 
doesn't
MR exist in FreeRadius, I want the user to be redirected to Previous nasty 
NT
MR accounting server.

MR Freeradius proxy always redirects the requests to NT accounting server
MR before searching itself for this username!
MR I want FreeRadius First search itself and if the username doesn't exist 
, It
MR redirect it to Next accounting Server.

MR Additional Info:
MR there is no seprator like '@' in the username and I don't want to use 
in new
MR accounts too.
MR as I configured freeradius, it acts as proxy, as it works well when the
MR username doesn't exist in freeradius so it redirected to NT accounting
MR server.
MR but when the username exists in the Freeradius, It doesn't authenticate 
the
MR user and resend it to second server.


MR please let me know how to reconfigue the proxy radius.

MR Regards,
MR M. Roomi



MR _
MR Join the worlds largest e-mail service with MSN Hotmail.
MR http://www.hotmail.com


MR -
MR List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html


--
~/ZARAZA

MR     - .
  
MR ,  .  ()


-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html




MR _
MR Join the world’s largest e-mail service with MSN Hotmail. 
MR http://www.hotmail.com


MR - 
MR List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-- 
~/ZARAZA
Èòàê, ÿ áóäó êðàòîê. (Òâåí)


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Help Info SQL

2002-10-09 Thread Gian-Carlo Baldarelli 

May I ask the exact meaning of the tables and how to use them ?



radacct
radcheck
radgroupcheck
radgroupreply
radreply
usergroup

I guess tha a user has to be inserted in the radchek with: 
UserName(username) - Attribute (User-Password) - Vale (password)- op (???)

and suppose in usergroup:
UserName ( username) - GroupName (group )

so I suppose in radgroupreplay:
GroupName (dialin) Attribute (Auth-Type) Value (PAP)


and the others tables 

and what does it mean op? 







- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Help Info SQL

2002-10-09 Thread Aleksandar Zhelyazkov 

Gian-Carlo Baldarelli wrote:

May I ask the exact meaning of the tables and how to use them ?



radacct
radcheck
radgroupcheck
radgroupreply
radreply
usergroup

I guess tha a user has to be inserted in the radchek with: 
UserName(username) - Attribute (User-Password) - Vale (password)- op (???)

and suppose in usergroup:
UserName ( username) - GroupName (group )

so I suppose in radgroupreplay:
GroupName (dialin) Attribute (Auth-Type) Value (PAP)


and the others tables 

and what does it mean op? 







- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Dear Gian-Carlo
1.radacct for accounting
2. man 5 users for operators (op)





- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Please help me!

2002-10-09 Thread wanglu 

hi
I have some questions about freeradius.
I have installed the freeradius0.7 and configured the server EAP-TLS 
authentication.The server can work correctly.It is said that the PMK(Pairwise 
Master Key) encapsuled in the  vendor-specific attribute(id=MS-MPPE-RECV) is 
supported by 0.7.But I still can not get the vendor-specific attribute in its 
accept packet.It seems that after succeeding in EAP-TLS authentication,the 
server does not send the PMK.There is no VSAs in the accept packet.
I just want to get the PMK and generate other keys.
In freeradius0.7,I did not see the mppe.c file.Should I add the file to patch 
the radius 
or what can I do to get the PMK?
Have you succeeded in getting the PMK?Hope you can help me!Thanks





- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

fr0.5: logging: UNKNOWN-NAS, although ip entered?

2002-10-09 Thread MPawlowski 

hello, everybody.

well, i think i've got a problem with logging the names or ip-addresses of
the nas'es that users try to authenticate from.

although there are ip-addresses and shortnames set in clients.conf, fr0.5
just logs the sentence
Auth: Login OK: [username] (from nas UNKOWN-NAS port x cli x.x.x.x) (where
x.x.x.x is the ip address of our netview machine).

excerpt from clients.conf:

client 10.0.0.1 {
secret = 
shortname = just-a-funny-cisco-nas
}

i'm also using access verification based on huntgroups where i just
configured the NAS-IP-Address, nothing more.

what's wrong with my configuration? the evil thing is that i can't see from
which (cisco) nas authentication has been requested (quite good for
analysing problems).

i'll gladly appreciate hints and tips.

thank you in advance.

regards,
m. pawlowski.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: fr0.5: logging: UNKNOWN-NAS, although ip entered?

2002-10-09 Thread Alan DeKok 

[EMAIL PROTECTED] wrote:
 well, i think i've got a problem with logging the names or ip-addresses of
 the nas'es that users try to authenticate from.
 
 although there are ip-addresses and shortnames set in clients.conf, fr0.5

  Yuck.  Why don't you upgrade to 0.7.1?

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Connecting to Oracle

2002-10-09 Thread Mieczyslaw Maciejewski (EPO) 

Hi 

I have FreeRadius 0.71 on Solaris 8.
My database is Oracle 8.1.7
After starting ./radiusd -X,  I receive the following message:

rlm_sql: Driver rlm_sql_oracle loaded and linked
rlm_sql: Attempting to connect to [EMAIL PROTECTED]:1521/pmt
rlm_sql: starting 0
rlm_sql:  Attempting to connect #0
Init: Oracle logon failed: 'Error while trying to retrieve text for error ORA-12154 '
rlm_sql:  Failed to connect DB handle #0
rlm_sql: starting 1
rlm_sql: starting 2
rlm_sql: starting 3
rlm_sql: starting 4

The database (pmt) is running, the listener also. Oracle client is installed.
I try to connect as user pmt locally. 
Could someone help

Thanks
Robert


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: sql_iodbc.c:214: conflicting types for `sql_fetch_row' ...

2002-10-09 Thread Alan DeKok 

pDo-Risika RAFIEFERANTSIARONJY [EMAIL PROTECTED]
wrote:
 When building freeradius-0.7.1, I have this error with sql_iodbc, how to 
 resolve this ?

  Grab the latest CVS snapshot.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Late replies

2002-10-09 Thread Alan DeKok 

Enquiries [EMAIL PROTECTED] wrote:
   I run a freeradius server that is proxyed to from another freeradius server 
 which is in turn connected to a bt webport proxy, this second freeradius 
 server is complaining of late responses from my server. Physically the 
 servers are next to each other on the rack.

  That doesn't matter.  What matters is that the first server is
taking so long to respond, that the second one gives up.

  The solution is obvious: Make the first one work faster, AND/OR make
the second one be more patient.

 how many times can you proxy on a radius request, currently my server is the 
 last in a change of three, could the radius packets from the nas be expiring?

  No.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Connecting to Oracle

2002-10-09 Thread Daryl Tester 

Mieczyslaw Maciejewski (EPO)  wrote:

 Init: Oracle logon failed: 'Error while trying to retrieve text for error
ORA-12154 '

2nd hit from Google: ORA-12154:TNS:Could not resolve service name.

Regards,
  Daryl Tester
  IOCANE Pty. Ltd.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: disconnecting users

2002-10-09 Thread David Inglis 

I think there is a program called radzap.


On Wed, 9 Oct 2002, Mehdi Roomi wrote:

   Hi,
 - Is there any feature to kill online users that can be viewd with
 radwho ?  if Yes, How?
 (the radkill can't be downloaded from the specified web site)
 
 Regards,
 M. Roomi
 
 _
 Send and receive Hotmail on your mobile device: http://mobile.msn.com
 
 
 - 
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
 

-- 
Regards




David Inglis
Ruralnet Ph 50210210


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

OFFER TO CONSIDER

2002-10-09 Thread Mr . Ebere Okemiri . 

Attn. Sir,

It is with heart full of hope that I write to seek your help in the context below. I 
am Mr.Ebere Okemiri, the Personal Assistant to the late Nigerian former Sport 
Minister, Late Mr. Mark Aku, who until his death in a domestic plane crash weeks 
before the Japan / Korea world cup was the Minister of Youth and Sports in the present 
dispensation.

Having gotten your particulars through the Internet in my search for a trustworthy 
foreigner who will help me carry out the project I am about to tell you. I have no 
doubt about your custody (for safety) the sum US$15 Million deposited in my favor in a 
Security Company by my late boss before his untimely death.

The money was part of the funds release for Nigerian Super Eagles participation in the 
companionship by Present Democratic Government and major companies in Nigeria but my 
Boss Late Mr. Mark Aku diverted the fund in order to finance has ambition to contest 
for gubernatorial Election come 2003 but death took him away.

This money he deposited in a security company as personal effect in my favor without 
the knowledge of any other person till date, meanwhile, the government has tried their 
best in their search for the money but my situation has been so terrible as I had to 
loose my job and as I am writing you, I am virtually living on assistance of well- 
wishers.

The investigation teams have submitted their report, and the case closed, that was why 
I am looking for a foreigner who will help me to secure the fund and invest it on a 
long time project pending when I will meet him up.

In view of this plight therefore, I expect you to be trustworthy and kind enough to 
respond to this, I will compensate your sincere and candid effort in these regards 
with 20% of the fund when you finally receive the money.

I have perfected arrangement on the successful transfer of the fund and if you are 
interested to help me, kindly respond through this box or my alternative the email. 
Please provide me with your telephone and fax number for your easier communication.

You are equally guaranteed 100% risk free and smooth transfer. I look forward to your 
quick response.

May God bless you

Regards,


Mr.Ebere Okemiri.

Problems: EAP authentication[Client Win2000 Professional]

2002-10-09 Thread myeap 

Dear Sir:
I am try to realize the EAP authentication using Win2000 Professional as the client, 
Windows2000 Server as the router, and Linux as the Radius Authenticater.
Although I tried several ways following the EAP guides in the microsoft SDK, I failed 
so far.
I registered the EAP.DLL as following the EAP guides in the microsoft SDK,
Especially, rasman does call RasEapGetInfo exported by the EAP.dll but it does not 
call the EapBegin function in the EAP.dll. Maybe the function RasEapInitialize should 
always be called before any other call, but I could not get what I should do in the 
function RasEapInitialize. All in all, my EAP.DLL did not work as it was supposed to. 
So I could not begin my job. The typical function prototypes are listed below:

If it is possible, Could you please tell me how to put my EAP protocal DLL into 
effect? Thanks a lot!

Sincerely Yours,
Wu MingChang
09/11/2002

//
DWORD APIENTRY
RasEapGetInfo(
IN  DWORD dwEapTypeId,
OUT PPP_EAP_INFO* pInfo 
)
{
EapTrace(RasEapGetInfo);

if (dwEapTypeId != PPP_EAP_PROTOCOL_ID)
{
EapTrace(Type ID %d is not supported, dwEapTypeId);
return(ERROR_NOT_SUPPORTED);
}

ZeroMemory(pInfo, sizeof(PPP_EAP_INFO));

pInfo-dwEapTypeId   = PPP_EAP_PROTOCOL_ID;
pInfo-RasEapBegin   = EapBegin;
pInfo-RasEapEnd = EapEnd;
pInfo-RasEapMakeMessage = EapMakeMessage;

return(NO_ERROR);
}

DWORD APIENTRY
EapBegin(
OUT VOID** ppWorkBuf,
IN  VOID*  pInfo 
)
{
PPP_EAP_INPUT* pInput = (PPP_EAP_INPUT*)pInfo;
EAPCB* pwb;

EapTrace(EapBegin(%ws), pInput-pwszIdentity);
...
...
...
...

return(NO_ERROR);
}
//
.+-Šwèþ˛±ÊâmïîžË›±Êâmäžzm§ÿðÃëyêÚv+¬¢¸?–+-þë®Èmš

Cache /etc/passwd, /etc/shadow, and /etc/group

2002-10-09 Thread User for Free Radius mail list 


System = Linux with kernel 2.4.18

In the radiusd.conf file:
The Cache setup does not work if you do not use shadow passwords. If the
shadow line is left at the default value: (ie commented out)

  To force the module to use the system password functions,
#  instead of reading the files, comment out the 'passwd'
#  and 'shadow' configuration entries.  This is required
#  for some systems, like FreeBSD.
#
passwd = /etc/passwd
#   shadow = /etc/shadow

Then you will get an error:

  Wed Oct  9 17:51:06 2002 : Info: HASH:  Reinitializing hash structures
  and lists for caching...
  Wed Oct  9 17:51:06 2002 : Error: rlm_unix:  You MUST specify a shadow
  password file!
  Wed Oct  9 17:51:06 2002 : Error: HASH:  unable to create user hash table.
  disable caching and run debugs
  Wed Oct  9 17:51:06 2002 : Error: radiusd.conf[462]: unix: Module
  instantiation failed.

If you say no to the cache option:

   #  For FreeBSD, you do NOT want to enable the cache,
#  as it's password lookups are done via a database.
#
# allowed values: {no, yes}
cache = no

It loads up just fine.


Is there something I'm missing or is the the default behavior of this
setup?

Thanks,

Ken Rea


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

EAP authentication using Win2000 Professional as the client

2002-10-09 Thread myeap 

Dear Sir:

Could you please direct this mail to 
Mr Fernandez, Jorge and
Mr Artur Hecker?

Fernandez, Jorge [EMAIL PROTECTED]
Artur Hecker [EMAIL PROTECTED]

I am trying to realize the EAP authentication using Win2000 Professional as the 
client, 
Windows2000 Server as the router, and Linux as the Radius Authenticater.

Although I tried several ways following the EAP guides in the microsoft SDK, I failed 
so far.I registered the EAP.DLL following the EAP guides in the microsoft SDK.

Especially, rasman does call RasEapGetInfo exported by the EAP.dll but it does not 
call the EapBegin function in the EAP.dll. Maybe the function RasEapInitialize should 
always be called before any other call, but I could not get what I should do in the 
function RasEapInitialize. 

All in all, my EAP.DLL did not work as it was supposed to. So I could not begin my 
job. The typical function prototypes are listed below:

If it is possible, Could you please tell me how to put my EAP protocal DLL into 
effect? Thanks a lot!

Sincerely Yours,
Wu MingChang
09/10/2002

//
DWORD APIENTRY
RasEapGetInfo(
   IN  DWORD dwEapTypeId,
   OUT PPP_EAP_INFO* pInfo 
)
{
   EapTrace(RasEapGetInfo);

   if (dwEapTypeId != PPP_EAP_PROTOCOL_ID)
   {
   EapTrace(Type ID %d is not supported, dwEapTypeId);
   return(ERROR_NOT_SUPPORTED);
   }

   ZeroMemory(pInfo, sizeof(PPP_EAP_INFO));

   pInfo-dwEapTypeId   = PPP_EAP_PROTOCOL_ID;
   pInfo-RasEapBegin   = EapBegin;
   pInfo-RasEapEnd = EapEnd;
   pInfo-RasEapMakeMessage = EapMakeMessage;

   return(NO_ERROR);
}

DWORD APIENTRY
EapBegin(
   OUT VOID** ppWorkBuf,
   IN  VOID*  pInfo 
)
{
   PPP_EAP_INPUT* pInput = (PPP_EAP_INPUT*)pInfo;
   EAPCB* pwb;

   EapTrace(EapBegin(%ws), pInput-pwszIdentity);
   ...
   ...
   ...
   ...

   return(NO_ERROR);
}
//
ŠËbú?²æìr¸›{û§²æìr¸›y'ž†Ûiÿü0ÁúÞz¶Šë(®åŠËºÇ«²f

help - checkrad not being called

2002-10-09 Thread Tim 

I have freeradius 0.7  MySQL up and running on a debian woody box (kernel 
2.2-20), and doing all that it should EXCEPT allowing users to login if 
they still have a stale session in the db (Mysql)..  I have session{ sql } 
in radius.conf set to sql ..

/usr/local/sbin checkrad runs correctly when run manually and I have it set 
to debug mode, so I can see when it is being called ..  now, when I have a 
stale session in the DB, and use NTRadPing to request a new auth, it ALWAYS 
comes back saying the user is online, and checkrad never seems to get 
called ..

I have searched the archives, and even applied a patch suggested back in 
August, but it still appears checkrad is still not being run.

I have tried with 0.7, and the latest snapshot 1009 ..  and both give the 
same result ..

What am I missing that is causing checkrad to be ingnore/not called ??

All help greatly appreciated ..


Tim Fraser

*
Relax Internet
Internet Service Provider (dial-up  ADSL) / Web Hosting
www.relax.com.au

*



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html