Re: Cache /etc/passwd, /etc/shadow, and /etc/group
Dear User for Free Radius mail list,
passwd file doesn't contain any passwords or hashes, so it's useless
without shadow.
If you store your passwords in plain text file format different from
linux passwd/shadow files consider to use rlm_passwd module. See
doc/rlm_passwd.
--Thursday, October 10, 2002, 5:11:15 AM, you wrote to
[EMAIL PROTECTED]:
UfFRml System = Linux with kernel 2.4.18
UfFRml In the radiusd.conf file:
UfFRml The Cache setup does not work if you do not use shadow passwords. If the
UfFRml shadow line is left at the default value: (ie commented out)
UfFRml To force the module to use the system password functions,
UfFRml # instead of reading the files, comment out the 'passwd'
UfFRml # and 'shadow' configuration entries. This is required
UfFRml # for some systems, like FreeBSD.
UfFRml #
UfFRml passwd = /etc/passwd
UfFRml # shadow = /etc/shadow
UfFRml Then you will get an error:
UfFRml Wed Oct 9 17:51:06 2002 : Info: HASH: Reinitializing hash structures
UfFRml and lists for caching...
UfFRml Wed Oct 9 17:51:06 2002 : Error: rlm_unix: You MUST specify a shadow
UfFRml password file!
UfFRml Wed Oct 9 17:51:06 2002 : Error: HASH: unable to create user hash table.
UfFRml disable caching and run debugs
UfFRml Wed Oct 9 17:51:06 2002 : Error: radiusd.conf[462]: unix: Module
UfFRml instantiation failed.
UfFRml If you say no to the cache option:
UfFRml# For FreeBSD, you do NOT want to enable the cache,
UfFRml # as it's password lookups are done via a database.
UfFRml #
UfFRml # allowed values: {no, yes}
UfFRml cache = no
UfFRml It loads up just fine.
UfFRml Is there something I'm missing or is the the default behavior of this
UfFRml setup?
UfFRml Thanks,
UfFRml Ken Rea
UfFRml -
UfFRml List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
~/ZARAZA
Òàêèì îáðàçîì ýòîò ïóòü äåøåâëå è ê íåìó ëåã÷å äîáðàòüñÿ
òîìó, êòî â ñîñòîÿíèè äî íåãî äîáðàòüñÿ. (Òâåí)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP authentication using Win2000 Professional as the client
hi
i've read your email already but i had no clue about the problem that's
why i didn't reply so far.
the problem you are talking about seems to be related to the
windows-programming. where is your problem related to the free-radius
server?
greetings,
artur
[EMAIL PROTECTED] wrote:
Dear Sir:
Could you please direct this mail to
Mr Fernandez, Jorge and
Mr Artur Hecker?
Fernandez, Jorge [EMAIL PROTECTED]
Artur Hecker [EMAIL PROTECTED]
I am trying to realize the EAP authentication using Win2000 Professional as the
client,
Windows2000 Server as the router, and Linux as the Radius Authenticater.
Although I tried several ways following the EAP guides in the microsoft SDK, I
failed so far.I registered the EAP.DLL following the EAP guides in the microsoft SDK.
Especially, rasman does call RasEapGetInfo exported by the EAP.dll but it does not
call the EapBegin function in the EAP.dll. Maybe the function RasEapInitialize should
always be called before any other call, but I could not get what I should do in the
function RasEapInitialize.
All in all, my EAP.DLL did not work as it was supposed to. So I could not begin my
job. The typical function prototypes are listed below:
If it is possible, Could you please tell me how to put my EAP protocal DLL into
effect? Thanks a lot!
Sincerely Yours,
Wu MingChang
09/10/2002
//
DWORD APIENTRY
RasEapGetInfo(
IN DWORD dwEapTypeId,
OUT PPP_EAP_INFO* pInfo
)
{
EapTrace(RasEapGetInfo);
if (dwEapTypeId != PPP_EAP_PROTOCOL_ID)
{
EapTrace(Type ID %d is not supported, dwEapTypeId);
return(ERROR_NOT_SUPPORTED);
}
ZeroMemory(pInfo, sizeof(PPP_EAP_INFO));
pInfo-dwEapTypeId = PPP_EAP_PROTOCOL_ID;
pInfo-RasEapBegin = EapBegin;
pInfo-RasEapEnd = EapEnd;
pInfo-RasEapMakeMessage = EapMakeMessage;
return(NO_ERROR);
}
DWORD APIENTRY
EapBegin(
OUT VOID** ppWorkBuf,
IN VOID* pInfo
)
{
PPP_EAP_INPUT* pInput = (PPP_EAP_INPUT*)pInfo;
EAPCB* pwb;
EapTrace(EapBegin(%ws), pInput-pwszIdentity);
...
...
...
...
return(NO_ERROR);
}
//
.+-wèþ˱Êâmïî˱Êâmäzm§ÿðÃëyêÚv+¬¢¸?+-þë
®Èmml==
--
Artur Hecker
artur[at]hecker.info
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Using Vendor-Specific attributes
Hi all, I must be probably too stupid or complete blind sice I just can't find any info how to use Vendor-Specific attributes with radclient and radiusd. I have this simple test dictionary: VENDOR Testing 1234 ATTRIBUTE Foo 1 integer Testing ATTRIBUTE Bar 2 integer Testing How I shall send those with radclient? echo User-Name=un,User-Password=pw,Vendor-Specific=1234 | radclient 10.0.0.1 auth secret doesn't work at all. And I couldn't add Vendor-Specific attributes to server reply either. Is there any examples available, since this didn't work: un Auth-Type := Local, User-Password == pw Reply-Message = Hello, World!, Vendor-Specific = Testing,Foo=123 Thanks. __ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos More http://faith.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using Vendor-Specific attributes
Dear Jukka Lehti, Foo=ValueOfFoo,Bar=ValueOfBar Isn't is what dictionary is for? --Thursday, October 10, 2002, 12:10:00 PM, you wrote to [EMAIL PROTECTED]: JL Hi all, JL I must be probably too stupid or complete blind sice I JL just can't find any info how to use Vendor-Specific JL attributes with radclient and radiusd. I have this JL simple test dictionary: JL VENDOR Testing 1234 JL ATTRIBUTE Foo 1 integer Testing JL ATTRIBUTE Bar 2 integer Testing JL How I shall send those with radclient? JL echo JL User-Name=un,User-Password=pw,Vendor-Specific=1234 | JL radclient 10.0.0.1 auth secret JL doesn't work at all. And I couldn't add JL Vendor-Specific attributes to server reply either. Is JL there any examples available, since this didn't work: JL un Auth-Type := Local, User-Password == pw JL Reply-Message = Hello, World!, JL Vendor-Specific = Testing,Foo=123 JL Thanks. JL __ JL Do you Yahoo!? JL Faith Hill - Exclusive Performances, Videos More JL http://faith.yahoo.com JL - JL List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- ~/ZARAZA Æàëî ìíå íå ïîíàäîáèòñÿ (Ñ. Ëåì) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using Vendor-Specific attributes
Dear Jukka Lehti, Foo=ValueOfFoo,Bar=ValueOfBar Isn't is what dictionary is for? Yes, I think so. But still I get: radclient:Unknown attribute Foo __ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos More http://faith.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Connecting to Oracle
from my sql.conf: driver = rlm_sql_oracle server = 10.10.10.10 login = user_name password = password radius_db = (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=10.10.10.10)(PORT=1521))(CONNECT_DATA=(SID=your_sid))) At 19.24 09/10/02, you wrote: Hi I have FreeRadius 0.71 on Solaris 8. My database is Oracle 8.1.7 After starting ./radiusd -X, I receive the following message: rlm_sql: Driver rlm_sql_oracle loaded and linked rlm_sql: Attempting to connect to [EMAIL PROTECTED]:1521/pmt rlm_sql: starting 0 rlm_sql: Attempting to connect #0 Init: Oracle logon failed: 'Error while trying to retrieve text for error ORA-12154 ' rlm_sql: Failed to connect DB handle #0 rlm_sql: starting 1 rlm_sql: starting 2 rlm_sql: starting 3 rlm_sql: starting 4 The database (pmt) is running, the listener also. Oracle client is installed. I try to connect as user pmt locally. Could someone help Thanks Robert - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- Always remember you're unique, just like everyone else. --- Ing. Andrea Gabellini Email: [EMAIL PROTECTED] Tel: 0549 886111 (Italy) Tel. +378 0549 886111 (International) Intelcom San Marino S.p.A. Strada degli Angariari, 3 47891 Rovereta Repubblic of San Marino http://www.omniway.sm http://www.intelcom.sm - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Using Vendor-Specific attributes
The only VSA's I've ever seen have been accounting packet reply items. That's just been my experience with them. Would AV-Pairs do what you need? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jukka Lehti Sent: Thursday, October 10, 2002 4:10 AM To: [EMAIL PROTECTED] Subject: Using Vendor-Specific attributes Hi all, I must be probably too stupid or complete blind sice I just can't find any info how to use Vendor-Specific attributes with radclient and radiusd. I have this simple test dictionary: VENDOR Testing 1234 ATTRIBUTE Foo 1 integer Testing ATTRIBUTE Bar 2 integer Testing How I shall send those with radclient? echo User-Name=un,User-Password=pw,Vendor-Specific=1234 | radclient 10.0.0.1 auth secret doesn't work at all. And I couldn't add Vendor-Specific attributes to server reply either. Is there any examples available, since this didn't work: un Auth-Type := Local, User-Password == pw Reply-Message = Hello, World!, Vendor-Specific = Testing,Foo=123 Thanks. __ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos More http://faith.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
IP pool problem, please help
I have installed the freeRADIUS server and I 'm using the rlm_ippool module. Everything works fine until one account-stop packet had been lost. The user was log out but the dialup admin interface shows him as online and active in finger page. I remove the correct record from the radacct table so the user went offline. The problem is that the server had assigned him an ip address and when the user is trying to login again, the following error message appears: The server did not assign an IP Address, error 738 I know that the ippool module keeps two files (not text files) with information about used IP addresses. I think that the stacked user can't login because the server has already assign him an ipaddress. Is there any ways to solve this problem? Please help... Andrew Kelaidis _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius+PostgreSQL connection error on FreeBSD
On Monday 07 October 2002 21:42, Aleksandar Zhelyazkov wrote: There are also some diferences between the sql db schema supplied in src/modules/rlm_sql/drivers/rlm_sql_postgres/db_postgres.sql and the sql statemetns for accounting_onoff etc in postgresql.conf Some time ago I've posted here patch for right config and schema don't know maybe , it is in CVS.. -- With Best Regards, Sergey Holod SAH1-RIPE - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
checkrad .. pls post radiusd -x output..
Can someone please post a copy of the output from radiusd -X when a simultaneous login is detected, and freeradius runs the checkrad prog .. I can't get checkrad to work, and just want to know what it should look like when it does !! thx ... Tim Fraser * Relax Internet Internet Service Provider (dial-up ADSL) / Web Hosting www.relax.com.au * - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ippool problem on 0.7.1.Don't deallocate ip addresses
Hi all,
I' m having problem with the Ippool module ( rlm_ippool ).
When authorizing, the module is able to allocate the correct IP address, but
on the account Stop does not set the ip free.
relevant part of radiusd.conf
...
...
modules {
...
...
ippool Prova0 {
range-start = 10.128.1.0
range-stop = 10.128.1.3
netmask = 255.255.255.252
cache-size = 800
session-db = ${raddbdir}/db.ippool.0
ip-index = ${raddbdir}/db.ipindex.0
}
...
}
authorize {
...
Prova0
...
}
accounting {
...
Prova0
...
}
users file:
...
steve Auth-Type := Local, User-Password == testing, Pool-Name :=
Prova1
...
log, from radiusd -X log says:
...
Module: Instantiated ippool (Prova0)
ippool: session-db = /usr/local/freeradius/etc/raddb/db.ippool.1
ippool: ip-index = /usr/local/freeradius/etc/raddb/db.ipindex.1
ippool: range-start = 10.128.10.0 IP address [10.128.10.0]
ippool: range-stop = 10.128.10.3 IP address [10.128.10.3]
ippool: netmask = 255.255.255.252 IP address [255.255.255.252]
ippool: cache-size = 800
...
...
modcall[authorize]: module files returns ok
rad_recv: Access-Request packet from host 10.128.255.4:1024, id=78,
length=92
User-Name = steve
User-Password = \r\021\353N\315\021 s\023.8]O\002F\010
NAS-Port = 1020
Service-Type = Framed-User
Framed-Protocol = PPP
Tunnel-Client-Endpoint:0 = 212.239.118.116
NAS-IP-Address = 10.128.255.4
NAS-Port-Type = Virtual
modcall: entering group authorize
modcall[authorize]: module preprocess returns ok
rlm_realm: Looking up realm NULL for User-Name = steve
rlm_realm: No such realm NULL
modcall[authorize]: module suffix returns noop
users: Matched steve at 99
modcall[authorize]: module files returns ok
rlm_ippool: Entering in function authorize
rlm_ippool: Searching for an entry for nas/port: 10.128.255.4/1020
rlm_ippool: num: 1
rlm_ippool: Allocated ip 10.128.10.2 to client on nas 10.128.255.4,port 1020
modcall[authorize]: module Prova0 returns ok
...
...
rad_recv: Accounting-Request packet from host 10.128.255.4:1038, id=24,
length=155
User-Name = steve
NAS-Port = 1020
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 10.128.10.2
Class = 0x47727570706f526164
Acct-Status-Type = Stop
Acct-Input-Octets = 312
Acct-Output-Octets = 0
Acct-Session-Id = 0C400010
Acct-Session-Time = 8
Acct-Input-Packets = 3
Acct-Output-Packets = 0
Acct-Terminate-Cause = User-Request
Tunnel-Client-Endpoint:0 = 212.239.118.116
Acct-Authentic = RADIUS
Acct-Delay-Time = 0
NAS-IP-Address = 10.128.255.4
NAS-Port-Type = Virtual
modcall: entering group preacct
modcall[preacct]: module preprocess returns noop
rlm_realm: Looking up realm NULL for User-Name = steve
rlm_realm: No such realm NULL
modcall[preacct]: module suffix returns noop
modcall[preacct]: module files returns noop
modcall: group preacct returns noop
modcall: entering group accounting
radius_xlat:
'/usr/local/freeradius/var/log/radius/radacct/10.128.255.4/detail'
rlm_detail:
/usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/detail
expands to /usr/local/freeradius/var/log/radius/radacct/1
0.128.255.4/detail
modcall[accounting]: module detail returns ok
modcall[accounting]: module counter returns ok
radius_xlat: 'steve'
modcall[accounting]: module radutmp returns ok
modcall[accounting]: module Prova0 returns ok
modcall: group accounting returns ok
Sending Accounting-Response of id 24 to 10.128.255.4:1038
Finished request 12
Going to the next request
This problem is driving me crazy.
Have you any idea ?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sql.conf and oracle
Hello, I am having trouble getting freeRadius to connect to oracle. In sql.conf the 'server' is the host name that the oracle database is running on, the 'login' and 'password' are to log onto the host. Is 'radius_db' the radius database name or the global database name? Is this correct? Does FreeRadius then use the host login name to connect to the database? The error that I am getting is that logon to the oracle database fails with: 'Error while trying to retrieve text for error ORA-12154 ', but I can connect using sqlplus and I can see that the TNS listener is running correctly for my database. I have run the netmgr oracle program to setup oracle to use radius. Any help would be appreciated. Adam Joncas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using Vendor-Specific attributes
In our case, we have a dictionary with the following entry: VENDOR FOO 1234 ATTRIBUTE FOO-Priv1 octets FOO and the users are set up as: foouser1 Auth-Type := Local, User-Password == foouser1 Service-Type == Login-User, FOO-Priv = 0x8007 Obviously using Auth-Type local isn't secure but this is just an example. We use this to test our routers ability to use Radius for keeping users and permissions vis a vis the router. The octet 0x8007 would allow foouser1 to do specific tasks on the router, etc. Hope this helps a bit? Max On Thursday, October 10, 2002, at 01:10 AM, Jukka Lehti wrote: Hi all, I must be probably too stupid or complete blind sice I just can't find any info how to use Vendor-Specific attributes with radclient and radiusd. I have this simple test dictionary: VENDOR Testing 1234 ATTRIBUTE Foo 1 integer Testing ATTRIBUTE Bar 2 integer Testing How I shall send those with radclient? echo User-Name=un,User-Password=pw,Vendor-Specific=1234 | radclient 10.0.0.1 auth secret doesn't work at all. And I couldn't add Vendor-Specific attributes to server reply either. Is there any examples available, since this didn't work: un Auth-Type := Local, User-Password == pw Reply-Message = Hello, World!, Vendor-Specific = Testing,Foo=123 Thanks. __ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos More http://faith.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using Vendor-Specific attributes
Jukka Lehti [EMAIL PROTECTED] wrote: I must be probably too stupid or complete blind sice I just can't find any info how to use Vendor-Specific attributes with radclient and radiusd. I have this simple test dictionary: VENDOR Testing 1234 ATTRIBUTE Foo 1 integer Testing ATTRIBUTE Bar 2 integer Testing How I shall send those with radclient? Use them like any other attribute? echo User-Name=un,User-Password=pw,Vendor-Specific=1234 | Uh, why would you use Vendor-Specific when you wanted attribute 'Foo' or 'Bar'? And I couldn't add Vendor-Specific attributes to server reply either. Is there any examples available, since this didn't work: un Auth-Type := Local, User-Password == pw Reply-Message = Hello, World!, Vendor-Specific = Testing,Foo=123 Of course not. You just use the attributes Foo or Bar, like anything else. But you DO have to tell the main dictionary file about the new dictionary you added... did you try 'man 5 dictionary' ?? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Update on O'Reilly RADIUS Book
I ordered the book through amazon but they say it is not yet avaiable I'm looking forward to getting my hands on a copy. when is your talk to TriLUG? --On Thursday, October 03, 2002 8:22 PM -0400 Jonathan Hassell [EMAIL PROTECTED] wrote: Hello, all Several of you have recently asked me about the status of the O'Reilly book on RADIUS that I wrote, and I thought I might send a short update to the list to let you know what's going on. 1. I have created a support site for the book at http://www.theradiusbook.com. There's most everything about the book on the site: a description of the book, a description of me, the table of contents, and a sample chapter (see point 2 below). I also have a mailing list created so readers can discuss the book, offer feedback and criticism, and make suggestions for the next revision. I'll be monitoring that mailing list closely. There are also on the site links to buy the book from every major online distributor, and a link to Amazon which, if you purchase the book through it, will contribute some money to the FreeRADIUS development effort. 2. There are now sample chapters posted on the web. The O'Reilly site (http://www.oreilly.com/catalog/RADIUS) has the complete text of Chapter 5, Getting Started with FreeRADIUS, and a portion of Chapter 9, New FreeRADIUS Developments. My site has Chapter 5 posted in a web version and a printer-friendly version. You're welcome to check out each of them. 3. My editor wrote me just a few minutes ago and told me he was holding a copy of the actual published book in his hand. Apparently I'm not important enough to receive a copy straight from the press, much to my chagrin, so I've gone ahead and purchased a copy myself. So the book exists, and it should be arriving to all of the major online retailers and some brick-and-mortar stores within the next couple of days. Thanks to all of you who have pre-ordered the book. You should receive your copies very soon. You're welcome to ask me any questions about the book you like - I can be reached at jon at jonathanhassell dot com. Best wishes to you all. --- Jonathan Hassell [EMAIL PROTECTED] http://www.theradiusbook.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Daniel Monjar IS Manager, Technical Services bioMérieux, Inc. Durham, NC US - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MySql authentication fails
Dear friends
I am totally newbie -yet fascinated - in both the linux and Freeradius
stuff so I beg you to bare with me .
I have a SuSe Linux 8.0 on Intel system and and 0.7.1 freeradius and
latest version of MySql . When I try to authenticate a user against my
passwd and shadow file it works but it doesn't when I try the same with
users inserted in radius database (radcheck , etc) and auth type = sql
.Below is the output of the debugging .Any help ?
_
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = /usr/local
main: localstatedir = /usr/local/var
main: logdir = /usr/local/var/log/radius
main: libdir = /usr/local/lib
main: radacctdir = /usr/local/var/log/radius/radacct
main: hostname_lookups = no
read_config_files: reading dictionary
read_config_files: reading clients
read_config_files: reading realms
read_config_files: reading naslist
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_auth = no
main: log_auth_badpass = yes
main: log_auth_goodpass = no
main: pidfile = /usr/local/var/run/radiusd/radiusd.pid
main: user = (null)
main: group = (null)
main: usercollide = no
main: lower_user = no
main: lower_pass = no
main: nospace_user = no
main: nospace_pass = no
main: proxy_requests = no
security: max_attributes = 200
security: reject_delay = 1
main: debug_level = 0
read_config_files: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded System
unix: cache = yes
unix: passwd = /etc/passwd
unix: shadow = /etc/shadow
unix: group = /etc/group
unix: radwtmp = /usr/local/var/log/radius/radwtmp
unix: usegroup = no
Module: Instantiated unix (unix)
Module: Loaded MS-CHAP
mschap: ignore_password = no
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: passwd = (null)
mschap: authtype = MS-CHAP
Module: Instantiated mschap (mschap)
Module: Loaded PAP
pap: encryption_scheme = clear
Module: Instantiated pap (pap)
Module: Loaded preprocess
preprocess: huntgroups = /usr/local/etc/raddb/huntgroups
preprocess: hints = /usr/local/etc/raddb/hints
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = suffix
realm: delimiter =
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = /usr/local/etc/raddb/users
files: acctusersfile = /usr/local/etc/raddb/acct_users
files: compat = no
Module: Instantiated files (files)
Module: Loaded detail
detail: detailfile =
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded SQL
sql: driver = rlm_sql_mysql
sql: server = localhost
sql: port =
sql: login = root
sql: password = myrootpasswd
sql: radius_db = radius
sql: acct_table = radacct
sql: acct_table2 = radacct
sql: authcheck_table = radcheck
sql: authreply_table = radreply
sql: groupcheck_table = radgroupcheck
sql: groupreply_table = radgroupreply
sql: usergroup_table = usergroup
sql: nas_table = nas
sql: dict_table = dictionary
sql: sqltrace = yes
sql: sqltracefile = /usr/local/var/log/radius/sqltrace.sql
sql: deletestalesessions = yes
sql: num_sql_socks = 5
sql: sql_user_name = %{User-Name}
sql: authorize_check_query = SELECT id,UserName,Attribute,Value,op
FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id
sql: authorize_reply_query = SELECT id,UserName,Attribute,Value,op
FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id
sql: authorize_group_check_query = SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou
pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id
sql: authorize_group_reply_query = SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou
preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id
sql: authenticate_query = SELECT Value,Attribute FROM radcheck WHERE
UserName = '%{User-Name}' AND ( Attribute = 'User-Password' OR Attribute
= 'Password' OR Attribute =
Re: MySql authentication fails
Valakos Yorgos [EMAIL PROTECTED] wrote: I have a SuSe Linux 8.0 on Intel system and and 0.7.1 freeradius and latest version of MySql . When I try to authenticate a user against my passwd and shadow file it works but it doesn't when I try the same with users inserted in radius database (radcheck , etc) and auth type = sql Don't use Auth-Type := SQL, there's no such thing. See the mailing list archives for lots more information. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Update on O'Reilly RADIUS Book
apologies to the list... I meant that to go straight to Jon. --On Thursday, October 10, 2002 11:37 AM -0400 Daniel Monjar [EMAIL PROTECTED] wrote: I ordered the book through amazon but they say it is not yet avaiable I'm looking forward to getting my hands on a copy. when is your talk to TriLUG? -- Daniel Monjar IS Manager, Technical Services bioMérieux, Inc. Durham, NC US - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cache /etc/passwd, /etc/shadow, and /etc/group
On Thu, 10 Oct 2002, 3APA3A wrote: passwd file doesn't contain any passwords or hashes, so it's useless without shadow. If you do not use shadow passwords it does keep encrypted passwords in the passwd file. Check your man pages man 5 passwd and you will see the second field Optional encrypted password. This is the way it was long before shadow passwords came about. The reason we do not use shadow passwords on this server is beyond the scope of this email. It would be nice to be able to cache this data for quick lookup. Thanks, Ken Rea - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cache /etc/passwd, /etc/shadow, and /etc/group
On Thursday 10 October 2002 13:27, User for Free Radius mail list wrote: On Thu, 10 Oct 2002, 3APA3A wrote: passwd file doesn't contain any passwords or hashes, so it's useless without shadow. If you do not use shadow passwords it does keep encrypted passwords in the passwd file. Check your man pages man 5 passwd and you will see the second field Optional encrypted password. This is the way it was long before shadow passwords came about. The reason we do not use shadow passwords on this server is beyond the scope of this email. It would be nice to be able to cache this data for quick lookup. Thanks, Ken Rea In the unix section of radiusd.conf, try the following: cache = yes password = /path/to/passwd shadow = /path/to/passwd If your passwd file contains encrypted passwords (i.e. no shadow file), then using the above should allow you to cache the data. We are currently using this method to allow different realms to have their own passwd files, and just assigning different Auth-Type's depending on the realm. We'll be moving to SQL auth shortly, but for the time being, this is working quite well for us. Kevin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cache /etc/passwd, /etc/shadow, and /etc/group
Kevin, Thanks this works well. Thanks again, Ken Rea On Thu, 10 Oct 2002, Kevin Bonner wrote: In the unix section of radiusd.conf, try the following: cache = yes password = /path/to/passwd shadow = /path/to/passwd If your passwd file contains encrypted passwords (i.e. no shadow file), then using the above should allow you to cache the data. We are currently using this method to allow different realms to have their own passwd files, and just assigning different Auth-Type's depending on the realm. We'll be moving to SQL auth shortly, but for the time being, this is working quite well for us. Kevin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sql.conf and oracle
This message indicates two different problems. First one of your oracle message files (.msb) is missing. SOmetimes the oracle installer just doesn't know what all to install. Second the 12154 is TNS:could not resolve service name. I haven't been able to cut and paste the text for you, but you can get (and you need) the Oracle Error Message book which you can download for free at OTN.ORACLE.COM. Assuming that TNS is set up correctly and you can use SQLPLUS OK (you did try that first to verify the installation, right?), then I suspect that you need to add the service name to the connect string so that the entire connect string is something like 'scott/tiger@prodb' or however you have defined it in TNS. While most Oracle apps can use TNS to determine the default db to connect to, I have noticed that precompiled/oci apps (which free radius is) don't necessarily do this. I am guessing that you have multiple configurations in TNS - which you will have if you did not delete the example ones that are installed when you install the client. Tim On Thu, 10 Oct 2002 08:13:49 -0700 (PDT) Adam Joncas [EMAIL PROTECTED] wrote: Hello, I am having trouble getting freeRadius to connect to oracle. In sql.conf the 'server' is the host name that the oracle database is running on, the 'login' and 'password' are to log onto the host. Is 'radius_db' the radius database name or the global database name? Is this correct? Does FreeRadius then use the host login name to connect to the database? The error that I am getting is that logon to the oracle database fails with: 'Error while trying to retrieve text for error ORA-12154 ', but I can connect using sqlplus and I can see that the TNS listener is running correctly for my database. I have run the netmgr oracle program to setup oracle to use radius. Any help would be appreciated. Adam Joncas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Connecting to Oracle
On Wed, 9 Oct 2002 19:24:27 +0200 Mieczyslaw Maciejewski (EPO) [EMAIL PROTECTED] wrote: Hi I have FreeRadius 0.71 on Solaris 8. My database is Oracle 8.1.7 After starting ./radiusd -X, I receive the following message: rlm_sql: Driver rlm_sql_oracle loaded and linked rlm_sql: Attempting to connect to [EMAIL PROTECTED]:1521/pmt rlm_sql: starting 0 rlm_sql: Attempting to connect #0 Init: Oracle logon failed: 'Error while trying to retrieve text for error ORA-12154 ' rlm_sql: Failed to connect DB handle #0 rlm_sql: starting 1 rlm_sql: starting 2 rlm_sql: starting 3 rlm_sql: starting 4 The database (pmt) is running, the listener also. Oracle client is installed. I try to connect as user pmt locally. Could someone help Thanks Robert - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html You have the connect string wrong (atleast per normal Oracle syntax) it should be: username/password@database If I read your message correctly you named the database pmt, created a user pmt with a password of pmt? (I think that will work, but it will be confusing!) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PM3 Authentication.
We setup radius this evening on a new server and can authenticate from a total control 1000 and and cisco 5300 however, CANNOT authenticate from our pm3 which was authenticating from an older version of Freeradius... ANY HELP??? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
