Re: Cache /etc/passwd, /etc/shadow, and /etc/group
Dear User for Free Radius mail list, passwd file doesn't contain any passwords or hashes, so it's useless without shadow. If you store your passwords in plain text file format different from linux passwd/shadow files consider to use rlm_passwd module. See doc/rlm_passwd. --Thursday, October 10, 2002, 5:11:15 AM, you wrote to [EMAIL PROTECTED]: UfFRml System = Linux with kernel 2.4.18 UfFRml In the radiusd.conf file: UfFRml The Cache setup does not work if you do not use shadow passwords. If the UfFRml shadow line is left at the default value: (ie commented out) UfFRml To force the module to use the system password functions, UfFRml # instead of reading the files, comment out the 'passwd' UfFRml # and 'shadow' configuration entries. This is required UfFRml # for some systems, like FreeBSD. UfFRml # UfFRml passwd = /etc/passwd UfFRml # shadow = /etc/shadow UfFRml Then you will get an error: UfFRml Wed Oct 9 17:51:06 2002 : Info: HASH: Reinitializing hash structures UfFRml and lists for caching... UfFRml Wed Oct 9 17:51:06 2002 : Error: rlm_unix: You MUST specify a shadow UfFRml password file! UfFRml Wed Oct 9 17:51:06 2002 : Error: HASH: unable to create user hash table. UfFRml disable caching and run debugs UfFRml Wed Oct 9 17:51:06 2002 : Error: radiusd.conf[462]: unix: Module UfFRml instantiation failed. UfFRml If you say no to the cache option: UfFRml# For FreeBSD, you do NOT want to enable the cache, UfFRml # as it's password lookups are done via a database. UfFRml # UfFRml # allowed values: {no, yes} UfFRml cache = no UfFRml It loads up just fine. UfFRml Is there something I'm missing or is the the default behavior of this UfFRml setup? UfFRml Thanks, UfFRml Ken Rea UfFRml - UfFRml List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- ~/ZARAZA Òàêèì îáðàçîì ýòîò ïóòü äåøåâëå è ê íåìó ëåã÷å äîáðàòüñÿ òîìó, êòî â ñîñòîÿíèè äî íåãî äîáðàòüñÿ. (Òâåí) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP authentication using Win2000 Professional as the client
hi i've read your email already but i had no clue about the problem that's why i didn't reply so far. the problem you are talking about seems to be related to the windows-programming. where is your problem related to the free-radius server? greetings, artur [EMAIL PROTECTED] wrote: Dear Sir: Could you please direct this mail to Mr Fernandez, Jorge and Mr Artur Hecker? Fernandez, Jorge [EMAIL PROTECTED] Artur Hecker [EMAIL PROTECTED] I am trying to realize the EAP authentication using Win2000 Professional as the client, Windows2000 Server as the router, and Linux as the Radius Authenticater. Although I tried several ways following the EAP guides in the microsoft SDK, I failed so far.I registered the EAP.DLL following the EAP guides in the microsoft SDK. Especially, rasman does call RasEapGetInfo exported by the EAP.dll but it does not call the EapBegin function in the EAP.dll. Maybe the function RasEapInitialize should always be called before any other call, but I could not get what I should do in the function RasEapInitialize. All in all, my EAP.DLL did not work as it was supposed to. So I could not begin my job. The typical function prototypes are listed below: If it is possible, Could you please tell me how to put my EAP protocal DLL into effect? Thanks a lot! Sincerely Yours, Wu MingChang 09/10/2002 // DWORD APIENTRY RasEapGetInfo( IN DWORD dwEapTypeId, OUT PPP_EAP_INFO* pInfo ) { EapTrace(RasEapGetInfo); if (dwEapTypeId != PPP_EAP_PROTOCOL_ID) { EapTrace(Type ID %d is not supported, dwEapTypeId); return(ERROR_NOT_SUPPORTED); } ZeroMemory(pInfo, sizeof(PPP_EAP_INFO)); pInfo-dwEapTypeId = PPP_EAP_PROTOCOL_ID; pInfo-RasEapBegin = EapBegin; pInfo-RasEapEnd = EapEnd; pInfo-RasEapMakeMessage = EapMakeMessage; return(NO_ERROR); } DWORD APIENTRY EapBegin( OUT VOID** ppWorkBuf, IN VOID* pInfo ) { PPP_EAP_INPUT* pInput = (PPP_EAP_INPUT*)pInfo; EAPCB* pwb; EapTrace(EapBegin(%ws), pInput-pwszIdentity); ... ... ... ... return(NO_ERROR); } // .+-wèþ˱Êâmïî˱Êâmäzm§ÿðÃëyêÚv+¬¢¸?+-þë®Èmml== -- Artur Hecker artur[at]hecker.info - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Using Vendor-Specific attributes
Hi all, I must be probably too stupid or complete blind sice I just can't find any info how to use Vendor-Specific attributes with radclient and radiusd. I have this simple test dictionary: VENDOR Testing 1234 ATTRIBUTE Foo 1 integer Testing ATTRIBUTE Bar 2 integer Testing How I shall send those with radclient? echo User-Name=un,User-Password=pw,Vendor-Specific=1234 | radclient 10.0.0.1 auth secret doesn't work at all. And I couldn't add Vendor-Specific attributes to server reply either. Is there any examples available, since this didn't work: un Auth-Type := Local, User-Password == pw Reply-Message = Hello, World!, Vendor-Specific = Testing,Foo=123 Thanks. __ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos More http://faith.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using Vendor-Specific attributes
Dear Jukka Lehti, Foo=ValueOfFoo,Bar=ValueOfBar Isn't is what dictionary is for? --Thursday, October 10, 2002, 12:10:00 PM, you wrote to [EMAIL PROTECTED]: JL Hi all, JL I must be probably too stupid or complete blind sice I JL just can't find any info how to use Vendor-Specific JL attributes with radclient and radiusd. I have this JL simple test dictionary: JL VENDOR Testing 1234 JL ATTRIBUTE Foo 1 integer Testing JL ATTRIBUTE Bar 2 integer Testing JL How I shall send those with radclient? JL echo JL User-Name=un,User-Password=pw,Vendor-Specific=1234 | JL radclient 10.0.0.1 auth secret JL doesn't work at all. And I couldn't add JL Vendor-Specific attributes to server reply either. Is JL there any examples available, since this didn't work: JL un Auth-Type := Local, User-Password == pw JL Reply-Message = Hello, World!, JL Vendor-Specific = Testing,Foo=123 JL Thanks. JL __ JL Do you Yahoo!? JL Faith Hill - Exclusive Performances, Videos More JL http://faith.yahoo.com JL - JL List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- ~/ZARAZA Æàëî ìíå íå ïîíàäîáèòñÿ (Ñ. Ëåì) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using Vendor-Specific attributes
Dear Jukka Lehti, Foo=ValueOfFoo,Bar=ValueOfBar Isn't is what dictionary is for? Yes, I think so. But still I get: radclient:Unknown attribute Foo __ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos More http://faith.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Connecting to Oracle
from my sql.conf: driver = rlm_sql_oracle server = 10.10.10.10 login = user_name password = password radius_db = (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=10.10.10.10)(PORT=1521))(CONNECT_DATA=(SID=your_sid))) At 19.24 09/10/02, you wrote: Hi I have FreeRadius 0.71 on Solaris 8. My database is Oracle 8.1.7 After starting ./radiusd -X, I receive the following message: rlm_sql: Driver rlm_sql_oracle loaded and linked rlm_sql: Attempting to connect to [EMAIL PROTECTED]:1521/pmt rlm_sql: starting 0 rlm_sql: Attempting to connect #0 Init: Oracle logon failed: 'Error while trying to retrieve text for error ORA-12154 ' rlm_sql: Failed to connect DB handle #0 rlm_sql: starting 1 rlm_sql: starting 2 rlm_sql: starting 3 rlm_sql: starting 4 The database (pmt) is running, the listener also. Oracle client is installed. I try to connect as user pmt locally. Could someone help Thanks Robert - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- Always remember you're unique, just like everyone else. --- Ing. Andrea Gabellini Email: [EMAIL PROTECTED] Tel: 0549 886111 (Italy) Tel. +378 0549 886111 (International) Intelcom San Marino S.p.A. Strada degli Angariari, 3 47891 Rovereta Repubblic of San Marino http://www.omniway.sm http://www.intelcom.sm - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Using Vendor-Specific attributes
The only VSA's I've ever seen have been accounting packet reply items. That's just been my experience with them. Would AV-Pairs do what you need? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jukka Lehti Sent: Thursday, October 10, 2002 4:10 AM To: [EMAIL PROTECTED] Subject: Using Vendor-Specific attributes Hi all, I must be probably too stupid or complete blind sice I just can't find any info how to use Vendor-Specific attributes with radclient and radiusd. I have this simple test dictionary: VENDOR Testing 1234 ATTRIBUTE Foo 1 integer Testing ATTRIBUTE Bar 2 integer Testing How I shall send those with radclient? echo User-Name=un,User-Password=pw,Vendor-Specific=1234 | radclient 10.0.0.1 auth secret doesn't work at all. And I couldn't add Vendor-Specific attributes to server reply either. Is there any examples available, since this didn't work: un Auth-Type := Local, User-Password == pw Reply-Message = Hello, World!, Vendor-Specific = Testing,Foo=123 Thanks. __ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos More http://faith.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
IP pool problem, please help
I have installed the freeRADIUS server and I 'm using the rlm_ippool module. Everything works fine until one account-stop packet had been lost. The user was log out but the dialup admin interface shows him as online and active in finger page. I remove the correct record from the radacct table so the user went offline. The problem is that the server had assigned him an ip address and when the user is trying to login again, the following error message appears: The server did not assign an IP Address, error 738 I know that the ippool module keeps two files (not text files) with information about used IP addresses. I think that the stacked user can't login because the server has already assign him an ipaddress. Is there any ways to solve this problem? Please help... Andrew Kelaidis _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius+PostgreSQL connection error on FreeBSD
On Monday 07 October 2002 21:42, Aleksandar Zhelyazkov wrote: There are also some diferences between the sql db schema supplied in src/modules/rlm_sql/drivers/rlm_sql_postgres/db_postgres.sql and the sql statemetns for accounting_onoff etc in postgresql.conf Some time ago I've posted here patch for right config and schema don't know maybe , it is in CVS.. -- With Best Regards, Sergey Holod SAH1-RIPE - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
checkrad .. pls post radiusd -x output..
Can someone please post a copy of the output from radiusd -X when a simultaneous login is detected, and freeradius runs the checkrad prog .. I can't get checkrad to work, and just want to know what it should look like when it does !! thx ... Tim Fraser * Relax Internet Internet Service Provider (dial-up ADSL) / Web Hosting www.relax.com.au * - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ippool problem on 0.7.1.Don't deallocate ip addresses
Hi all, I' m having problem with the Ippool module ( rlm_ippool ). When authorizing, the module is able to allocate the correct IP address, but on the account Stop does not set the ip free. relevant part of radiusd.conf ... ... modules { ... ... ippool Prova0 { range-start = 10.128.1.0 range-stop = 10.128.1.3 netmask = 255.255.255.252 cache-size = 800 session-db = ${raddbdir}/db.ippool.0 ip-index = ${raddbdir}/db.ipindex.0 } ... } authorize { ... Prova0 ... } accounting { ... Prova0 ... } users file: ... steve Auth-Type := Local, User-Password == testing, Pool-Name := Prova1 ... log, from radiusd -X log says: ... Module: Instantiated ippool (Prova0) ippool: session-db = /usr/local/freeradius/etc/raddb/db.ippool.1 ippool: ip-index = /usr/local/freeradius/etc/raddb/db.ipindex.1 ippool: range-start = 10.128.10.0 IP address [10.128.10.0] ippool: range-stop = 10.128.10.3 IP address [10.128.10.3] ippool: netmask = 255.255.255.252 IP address [255.255.255.252] ippool: cache-size = 800 ... ... modcall[authorize]: module files returns ok rad_recv: Access-Request packet from host 10.128.255.4:1024, id=78, length=92 User-Name = steve User-Password = \r\021\353N\315\021 s\023.8]O\002F\010 NAS-Port = 1020 Service-Type = Framed-User Framed-Protocol = PPP Tunnel-Client-Endpoint:0 = 212.239.118.116 NAS-IP-Address = 10.128.255.4 NAS-Port-Type = Virtual modcall: entering group authorize modcall[authorize]: module preprocess returns ok rlm_realm: Looking up realm NULL for User-Name = steve rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop users: Matched steve at 99 modcall[authorize]: module files returns ok rlm_ippool: Entering in function authorize rlm_ippool: Searching for an entry for nas/port: 10.128.255.4/1020 rlm_ippool: num: 1 rlm_ippool: Allocated ip 10.128.10.2 to client on nas 10.128.255.4,port 1020 modcall[authorize]: module Prova0 returns ok ... ... rad_recv: Accounting-Request packet from host 10.128.255.4:1038, id=24, length=155 User-Name = steve NAS-Port = 1020 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 10.128.10.2 Class = 0x47727570706f526164 Acct-Status-Type = Stop Acct-Input-Octets = 312 Acct-Output-Octets = 0 Acct-Session-Id = 0C400010 Acct-Session-Time = 8 Acct-Input-Packets = 3 Acct-Output-Packets = 0 Acct-Terminate-Cause = User-Request Tunnel-Client-Endpoint:0 = 212.239.118.116 Acct-Authentic = RADIUS Acct-Delay-Time = 0 NAS-IP-Address = 10.128.255.4 NAS-Port-Type = Virtual modcall: entering group preacct modcall[preacct]: module preprocess returns noop rlm_realm: Looking up realm NULL for User-Name = steve rlm_realm: No such realm NULL modcall[preacct]: module suffix returns noop modcall[preacct]: module files returns noop modcall: group preacct returns noop modcall: entering group accounting radius_xlat: '/usr/local/freeradius/var/log/radius/radacct/10.128.255.4/detail' rlm_detail: /usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/detail expands to /usr/local/freeradius/var/log/radius/radacct/1 0.128.255.4/detail modcall[accounting]: module detail returns ok modcall[accounting]: module counter returns ok radius_xlat: 'steve' modcall[accounting]: module radutmp returns ok modcall[accounting]: module Prova0 returns ok modcall: group accounting returns ok Sending Accounting-Response of id 24 to 10.128.255.4:1038 Finished request 12 Going to the next request This problem is driving me crazy. Have you any idea ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sql.conf and oracle
Hello, I am having trouble getting freeRadius to connect to oracle. In sql.conf the 'server' is the host name that the oracle database is running on, the 'login' and 'password' are to log onto the host. Is 'radius_db' the radius database name or the global database name? Is this correct? Does FreeRadius then use the host login name to connect to the database? The error that I am getting is that logon to the oracle database fails with: 'Error while trying to retrieve text for error ORA-12154 ', but I can connect using sqlplus and I can see that the TNS listener is running correctly for my database. I have run the netmgr oracle program to setup oracle to use radius. Any help would be appreciated. Adam Joncas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using Vendor-Specific attributes
In our case, we have a dictionary with the following entry: VENDOR FOO 1234 ATTRIBUTE FOO-Priv1 octets FOO and the users are set up as: foouser1 Auth-Type := Local, User-Password == foouser1 Service-Type == Login-User, FOO-Priv = 0x8007 Obviously using Auth-Type local isn't secure but this is just an example. We use this to test our routers ability to use Radius for keeping users and permissions vis a vis the router. The octet 0x8007 would allow foouser1 to do specific tasks on the router, etc. Hope this helps a bit? Max On Thursday, October 10, 2002, at 01:10 AM, Jukka Lehti wrote: Hi all, I must be probably too stupid or complete blind sice I just can't find any info how to use Vendor-Specific attributes with radclient and radiusd. I have this simple test dictionary: VENDOR Testing 1234 ATTRIBUTE Foo 1 integer Testing ATTRIBUTE Bar 2 integer Testing How I shall send those with radclient? echo User-Name=un,User-Password=pw,Vendor-Specific=1234 | radclient 10.0.0.1 auth secret doesn't work at all. And I couldn't add Vendor-Specific attributes to server reply either. Is there any examples available, since this didn't work: un Auth-Type := Local, User-Password == pw Reply-Message = Hello, World!, Vendor-Specific = Testing,Foo=123 Thanks. __ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos More http://faith.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using Vendor-Specific attributes
Jukka Lehti [EMAIL PROTECTED] wrote: I must be probably too stupid or complete blind sice I just can't find any info how to use Vendor-Specific attributes with radclient and radiusd. I have this simple test dictionary: VENDOR Testing 1234 ATTRIBUTE Foo 1 integer Testing ATTRIBUTE Bar 2 integer Testing How I shall send those with radclient? Use them like any other attribute? echo User-Name=un,User-Password=pw,Vendor-Specific=1234 | Uh, why would you use Vendor-Specific when you wanted attribute 'Foo' or 'Bar'? And I couldn't add Vendor-Specific attributes to server reply either. Is there any examples available, since this didn't work: un Auth-Type := Local, User-Password == pw Reply-Message = Hello, World!, Vendor-Specific = Testing,Foo=123 Of course not. You just use the attributes Foo or Bar, like anything else. But you DO have to tell the main dictionary file about the new dictionary you added... did you try 'man 5 dictionary' ?? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Update on O'Reilly RADIUS Book
I ordered the book through amazon but they say it is not yet avaiable I'm looking forward to getting my hands on a copy. when is your talk to TriLUG? --On Thursday, October 03, 2002 8:22 PM -0400 Jonathan Hassell [EMAIL PROTECTED] wrote: Hello, all Several of you have recently asked me about the status of the O'Reilly book on RADIUS that I wrote, and I thought I might send a short update to the list to let you know what's going on. 1. I have created a support site for the book at http://www.theradiusbook.com. There's most everything about the book on the site: a description of the book, a description of me, the table of contents, and a sample chapter (see point 2 below). I also have a mailing list created so readers can discuss the book, offer feedback and criticism, and make suggestions for the next revision. I'll be monitoring that mailing list closely. There are also on the site links to buy the book from every major online distributor, and a link to Amazon which, if you purchase the book through it, will contribute some money to the FreeRADIUS development effort. 2. There are now sample chapters posted on the web. The O'Reilly site (http://www.oreilly.com/catalog/RADIUS) has the complete text of Chapter 5, Getting Started with FreeRADIUS, and a portion of Chapter 9, New FreeRADIUS Developments. My site has Chapter 5 posted in a web version and a printer-friendly version. You're welcome to check out each of them. 3. My editor wrote me just a few minutes ago and told me he was holding a copy of the actual published book in his hand. Apparently I'm not important enough to receive a copy straight from the press, much to my chagrin, so I've gone ahead and purchased a copy myself. So the book exists, and it should be arriving to all of the major online retailers and some brick-and-mortar stores within the next couple of days. Thanks to all of you who have pre-ordered the book. You should receive your copies very soon. You're welcome to ask me any questions about the book you like - I can be reached at jon at jonathanhassell dot com. Best wishes to you all. --- Jonathan Hassell [EMAIL PROTECTED] http://www.theradiusbook.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Daniel Monjar IS Manager, Technical Services bioMérieux, Inc. Durham, NC US - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MySql authentication fails
Dear friends I am totally newbie -yet fascinated - in both the linux and Freeradius stuff so I beg you to bare with me . I have a SuSe Linux 8.0 on Intel system and and 0.7.1 freeradius and latest version of MySql . When I try to authenticate a user against my passwd and shadow file it works but it doesn't when I try the same with users inserted in radius database (radcheck , etc) and auth type = sql .Below is the output of the debugging .Any help ? _ Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /usr/local/var main: logdir = /usr/local/var/log/radius main: libdir = /usr/local/lib main: radacctdir = /usr/local/var/log/radius/radacct main: hostname_lookups = no read_config_files: reading dictionary read_config_files: reading clients read_config_files: reading realms read_config_files: reading naslist main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_auth = no main: log_auth_badpass = yes main: log_auth_goodpass = no main: pidfile = /usr/local/var/run/radiusd/radiusd.pid main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: proxy_requests = no security: max_attributes = 200 security: reject_delay = 1 main: debug_level = 0 read_config_files: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded System unix: cache = yes unix: passwd = /etc/passwd unix: shadow = /etc/shadow unix: group = /etc/group unix: radwtmp = /usr/local/var/log/radius/radwtmp unix: usegroup = no Module: Instantiated unix (unix) Module: Loaded MS-CHAP mschap: ignore_password = no mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: passwd = (null) mschap: authtype = MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded PAP pap: encryption_scheme = clear Module: Instantiated pap (pap) Module: Loaded preprocess preprocess: huntgroups = /usr/local/etc/raddb/huntgroups preprocess: hints = /usr/local/etc/raddb/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = suffix realm: delimiter = Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = /usr/local/etc/raddb/users files: acctusersfile = /usr/local/etc/raddb/acct_users files: compat = no Module: Instantiated files (files) Module: Loaded detail detail: detailfile = /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded SQL sql: driver = rlm_sql_mysql sql: server = localhost sql: port = sql: login = root sql: password = myrootpasswd sql: radius_db = radius sql: acct_table = radacct sql: acct_table2 = radacct sql: authcheck_table = radcheck sql: authreply_table = radreply sql: groupcheck_table = radgroupcheck sql: groupreply_table = radgroupreply sql: usergroup_table = usergroup sql: nas_table = nas sql: dict_table = dictionary sql: sqltrace = yes sql: sqltracefile = /usr/local/var/log/radius/sqltrace.sql sql: deletestalesessions = yes sql: num_sql_socks = 5 sql: sql_user_name = %{User-Name} sql: authorize_check_query = SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id sql: authorize_reply_query = SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id sql: authorize_group_check_query = SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id sql: authorize_group_reply_query = SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id sql: authenticate_query = SELECT Value,Attribute FROM radcheck WHERE UserName = '%{User-Name}' AND ( Attribute = 'User-Password' OR Attribute = 'Password' OR Attribute =
Re: MySql authentication fails
Valakos Yorgos [EMAIL PROTECTED] wrote: I have a SuSe Linux 8.0 on Intel system and and 0.7.1 freeradius and latest version of MySql . When I try to authenticate a user against my passwd and shadow file it works but it doesn't when I try the same with users inserted in radius database (radcheck , etc) and auth type = sql Don't use Auth-Type := SQL, there's no such thing. See the mailing list archives for lots more information. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Update on O'Reilly RADIUS Book
apologies to the list... I meant that to go straight to Jon. --On Thursday, October 10, 2002 11:37 AM -0400 Daniel Monjar [EMAIL PROTECTED] wrote: I ordered the book through amazon but they say it is not yet avaiable I'm looking forward to getting my hands on a copy. when is your talk to TriLUG? -- Daniel Monjar IS Manager, Technical Services bioMérieux, Inc. Durham, NC US - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cache /etc/passwd, /etc/shadow, and /etc/group
On Thu, 10 Oct 2002, 3APA3A wrote: passwd file doesn't contain any passwords or hashes, so it's useless without shadow. If you do not use shadow passwords it does keep encrypted passwords in the passwd file. Check your man pages man 5 passwd and you will see the second field Optional encrypted password. This is the way it was long before shadow passwords came about. The reason we do not use shadow passwords on this server is beyond the scope of this email. It would be nice to be able to cache this data for quick lookup. Thanks, Ken Rea - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cache /etc/passwd, /etc/shadow, and /etc/group
On Thursday 10 October 2002 13:27, User for Free Radius mail list wrote: On Thu, 10 Oct 2002, 3APA3A wrote: passwd file doesn't contain any passwords or hashes, so it's useless without shadow. If you do not use shadow passwords it does keep encrypted passwords in the passwd file. Check your man pages man 5 passwd and you will see the second field Optional encrypted password. This is the way it was long before shadow passwords came about. The reason we do not use shadow passwords on this server is beyond the scope of this email. It would be nice to be able to cache this data for quick lookup. Thanks, Ken Rea In the unix section of radiusd.conf, try the following: cache = yes password = /path/to/passwd shadow = /path/to/passwd If your passwd file contains encrypted passwords (i.e. no shadow file), then using the above should allow you to cache the data. We are currently using this method to allow different realms to have their own passwd files, and just assigning different Auth-Type's depending on the realm. We'll be moving to SQL auth shortly, but for the time being, this is working quite well for us. Kevin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cache /etc/passwd, /etc/shadow, and /etc/group
Kevin, Thanks this works well. Thanks again, Ken Rea On Thu, 10 Oct 2002, Kevin Bonner wrote: In the unix section of radiusd.conf, try the following: cache = yes password = /path/to/passwd shadow = /path/to/passwd If your passwd file contains encrypted passwords (i.e. no shadow file), then using the above should allow you to cache the data. We are currently using this method to allow different realms to have their own passwd files, and just assigning different Auth-Type's depending on the realm. We'll be moving to SQL auth shortly, but for the time being, this is working quite well for us. Kevin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sql.conf and oracle
This message indicates two different problems. First one of your oracle message files (.msb) is missing. SOmetimes the oracle installer just doesn't know what all to install. Second the 12154 is TNS:could not resolve service name. I haven't been able to cut and paste the text for you, but you can get (and you need) the Oracle Error Message book which you can download for free at OTN.ORACLE.COM. Assuming that TNS is set up correctly and you can use SQLPLUS OK (you did try that first to verify the installation, right?), then I suspect that you need to add the service name to the connect string so that the entire connect string is something like 'scott/tiger@prodb' or however you have defined it in TNS. While most Oracle apps can use TNS to determine the default db to connect to, I have noticed that precompiled/oci apps (which free radius is) don't necessarily do this. I am guessing that you have multiple configurations in TNS - which you will have if you did not delete the example ones that are installed when you install the client. Tim On Thu, 10 Oct 2002 08:13:49 -0700 (PDT) Adam Joncas [EMAIL PROTECTED] wrote: Hello, I am having trouble getting freeRadius to connect to oracle. In sql.conf the 'server' is the host name that the oracle database is running on, the 'login' and 'password' are to log onto the host. Is 'radius_db' the radius database name or the global database name? Is this correct? Does FreeRadius then use the host login name to connect to the database? The error that I am getting is that logon to the oracle database fails with: 'Error while trying to retrieve text for error ORA-12154 ', but I can connect using sqlplus and I can see that the TNS listener is running correctly for my database. I have run the netmgr oracle program to setup oracle to use radius. Any help would be appreciated. Adam Joncas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Connecting to Oracle
On Wed, 9 Oct 2002 19:24:27 +0200 Mieczyslaw Maciejewski (EPO) [EMAIL PROTECTED] wrote: Hi I have FreeRadius 0.71 on Solaris 8. My database is Oracle 8.1.7 After starting ./radiusd -X, I receive the following message: rlm_sql: Driver rlm_sql_oracle loaded and linked rlm_sql: Attempting to connect to [EMAIL PROTECTED]:1521/pmt rlm_sql: starting 0 rlm_sql: Attempting to connect #0 Init: Oracle logon failed: 'Error while trying to retrieve text for error ORA-12154 ' rlm_sql: Failed to connect DB handle #0 rlm_sql: starting 1 rlm_sql: starting 2 rlm_sql: starting 3 rlm_sql: starting 4 The database (pmt) is running, the listener also. Oracle client is installed. I try to connect as user pmt locally. Could someone help Thanks Robert - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html You have the connect string wrong (atleast per normal Oracle syntax) it should be: username/password@database If I read your message correctly you named the database pmt, created a user pmt with a password of pmt? (I think that will work, but it will be confusing!) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PM3 Authentication.
We setup radius this evening on a new server and can authenticate from a total control 1000 and and cisco 5300 however, CANNOT authenticate from our pm3 which was authenticating from an older version of Freeradius... ANY HELP??? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html