RE: FW: Another MySql 'failed to authenticate' question
I am using NTRADPING to test with. MySql Table data: (1 row only per table) Usergroup: 1, notme, dialup Radcheck: 1, notme, User-Password, yesyou, == Radreply: 1, notme, Auth-Type, PAP, := I have enabled PAP in radiusd.conf I am still getting this message in the log: rad_check_password: Found Auth-Type System Where is this configured at? Thanks! - Tim - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Binaries/Config Multi Realm questions
Tim D. McCracken [EMAIL PROTECTED] wrote: Alan, THANKS for all your help. I am sure that it gets to be a drag sometimes! This thing sure has lots of options and it takes awhile to figure it all out. I hope I can contribute something soon to the effort! I have the sql stuff working now. Docs? We could always use more docs. But when I run the command above, I get an error from libtool: install: that it must have an absolute directory. I also tried R=/~/tmp make install But this causes other problems as well. Any other ideas? If there is some file somewhere that lists all the directories (or files for stuff in common directories) I can script it from that if I have to. No, it's more of a Unix thing. '~' is usually an alias for your home directory. So just do: R=/home/whatever/wherever make install and it should work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Binaries/Config Multi Realm questions
-Original Message- From: [EMAIL PROTECTED] [mailto:freeradius-users-admin;lists.cistron.nl]On Behalf Of Alan DeKok Sent: Saturday, October 19, 2002 6:20 PM To: [EMAIL PROTECTED] Subject: Re: Binaries/Config Multi Realm questions Tim D. McCracken [EMAIL PROTECTED] wrote: I have built FreeRadius on my 'development' machine and want to copy the binaries and configuration over to multiple productions machines. Is there a list or script anywhere that I can use to get all the necessary files. do: R=~/tmp make install Alan, THANKS for all your help. I am sure that it gets to be a drag sometimes! This thing sure has lots of options and it takes awhile to figure it all out. I hope I can contribute something soon to the effort! I have the sql stuff working now. But when I run the command above, I get an error from libtool: install: that it must have an absolute directory. I also tried R=/~/tmp make install But this causes other problems as well. Any other ideas? If there is some file somewhere that lists all the directories (or files for stuff in common directories) I can script it from that if I have to. Thanks! - Tim And the 'installation' should go into '~/tmp/usr/local/bin/radiusd', etc. You can then create a 'tar' file from ~/tmp, and un-tar it to install it on different machines. As I recall from previous postings, I need to run multiple daemons to support multiple domains where the users are not providing the realms. I don't think so. See 'doc/duplicate_users' Finally, where is there a list of all the variables available when configuring the MySql queries? I have reviewed the .conf file for MySql, and am curious if there are other variables available. doc/variables.txt ?? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re[6]: Modules cleanup
Now it's working fine...for KILL and TERM. Except SIGKILL can't be caught. But that's another story... BTW, I notice that this is work correctly only when compiling with --with-threads. Previously, when I compiled --with-threads=no there was problems authenticating users with sql module (except while in single process mode). When compiling without threads, the ONLY method of running is in single process mode. And this change to signal handling will ONLY work when threading. Without threading, it may take seconds for execution to return from the module (sql or whatever), and back to the main loop. I've added patches based on what I've been describing. So SIGTERM should work a little better... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FW: Another MySql 'failed to authenticate' question
Tim D. McCracken [EMAIL PROTECTED] wrote: I am still getting this message in the log: rad_check_password: Found Auth-Type System Where is this configured at? 'users' file, as it notes when you run the server in debugging mode. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
help
-- Get free mailbox 20 Mb at http://www.hotbox.ru
RE: Solaris 8 Make issues
where on sunfreeware did you find the FreeRadius Binaries? I looked all over and can't find them anywhere Brian At 09:36 AM 10/21/2002 -0500, you wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius-users-admin;lists.cistron.nl]On Behalf Of Brian Quinn Sent: Monday, October 21, 2002 9:37 AM To: [EMAIL PROTECTED] Subject: Solaris 8 Make issues i'm trying to install FreeRadius 0.7.1 on Solaris 8 (sparc) and am running into problems I run configure and all seems ok then i run make and get the following error begin error /usr/local/sparc-sun-solaris2.8/bin/ld -G -z defs -h libltdl.so.3 -o .libs/libltdl.so.3.1.0 ltdl.lo -ldl -lnsl -lresolv -lsocket -lposix4 -lpthread -lc Undefined first referenced symbol in file __eprintf ltdl.lo ld: fatal: Symbol referencing errors. No output written to .libs/libltdl.so.3.1.0 make[2]: *** [libltdl.la] Error 1 make[2]: Leaving directory `/opt/install_files/freeradius-0.7.1/libltdl' make[1]: *** [common] Error 1 make[1]: Leaving directory `/opt/install_files/freeradius-0.7.1'make: *** [all] Error 2 end error I'm not sure what version of gcc and stuff is required, since it wasn't anywhere in the docs that i could find. Any help would be great Brian I just did a successful build using the Solaris 8 binaries from sunfreeware.com Make sure you have all the required libraries installed including zlib. Also make sure you set up the paths properly to use the GNU stuff. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Solaris 8 Make issues
i'm trying to install FreeRadius 0.7.1 on Solaris 8 (sparc) and am running into problems I run configure and all seems ok then i run make and get the following error begin error /usr/local/sparc-sun-solaris2.8/bin/ld -G -z defs -h libltdl.so.3 -o .libs/libltdl.so.3.1.0 ltdl.lo -ldl -lnsl -lresolv -lsocket -lposix4 -lpthread -lc Undefined first referenced symbol in file __eprintf ltdl.lo ld: fatal: Symbol referencing errors. No output written to .libs/libltdl.so.3.1.0 make[2]: *** [libltdl.la] Error 1 make[2]: Leaving directory `/opt/install_files/freeradius-0.7.1/libltdl' make[1]: *** [common] Error 1 make[1]: Leaving directory `/opt/install_files/freeradius-0.7.1'make: *** [all] Error 2 end error I'm not sure what version of gcc and stuff is required, since it wasn't anywhere in the docs that i could find. Any help would be great Brian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Solaris 8 Make issues
-Original Message- From: [EMAIL PROTECTED] [mailto:freeradius-users-admin;lists.cistron.nl]On Behalf Of Brian Quinn Sent: Monday, October 21, 2002 9:37 AM To: [EMAIL PROTECTED] Subject: Solaris 8 Make issues i'm trying to install FreeRadius 0.7.1 on Solaris 8 (sparc) and am running into problems I run configure and all seems ok then i run make and get the following error begin error /usr/local/sparc-sun-solaris2.8/bin/ld -G -z defs -h libltdl.so.3 -o .libs/libltdl.so.3.1.0 ltdl.lo -ldl -lnsl -lresolv -lsocket -lposix4 -lpthread -lc Undefined first referenced symbol in file __eprintf ltdl.lo ld: fatal: Symbol referencing errors. No output written to .libs/libltdl.so.3.1.0 make[2]: *** [libltdl.la] Error 1 make[2]: Leaving directory `/opt/install_files/freeradius-0.7.1/libltdl' make[1]: *** [common] Error 1 make[1]: Leaving directory `/opt/install_files/freeradius-0.7.1'make: *** [all] Error 2 end error I'm not sure what version of gcc and stuff is required, since it wasn't anywhere in the docs that i could find. Any help would be great Brian I just did a successful build using the Solaris 8 binaries from sunfreeware.com Make sure you have all the required libraries installed including zlib. Also make sure you set up the paths properly to use the GNU stuff. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help equired for EAP
I'm trying to use Freeradius with a 3com 802.11 Lan AP (8000). It supports EAP-MD5 which is the authentication method I'm attempting to use. However it fails when attempting to autheticate the user. Has anyone used EAP-MD5 with 802.11 AP and Freeradius ? Thanks in advance John Zurowski Get a speedy connection with MSN Broadband. Join now! Click Here - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help equired for EAP
hi john zurowski wrote: I'm trying to use Freeradius with a 3com 802.11 Lan AP (8000). It supports EAP-MD5 which is the authentication method I'm attempting to use. However it fails when attempting to autheticate the user. Has anyone used EAP-MD5 with 802.11 AP and Freeradius ? why don't you provide some info on that? like what exactly fails e.g.? or some logs? how are we supposed to help you if you don't say anything? give it a try ciao artur -- _ Artur Hecker Groupe Accès et Mobilité hecker[at]enst[dot]fr Département Informatique et Réseaux +33 1 45 81 750746, rue Barrault 75634 Paris cedex 13 http://www.infres.enst.fr ENST Paris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
LDAP: compare_check_items and password_attribute don't mix
My first-born for a life without CHAP.
I have LDAP working with both PAP and CHAP, as long as
compare_check_items is turned off. This is what happens with a CHAP
authentication attempt without compare_check_items:
rlm_chap: Adding Auth-Type = CHAP
modcall[authorize]: module chap returns ok
modcall[authorize]: module files returns notfound
rlm_ldap: - authorize
rlm_ldap: performing user authorization for myraduser
radius_xlat: '(uid=myraduser)'
radius_xlat: 'ou=people,dc=nodewarrior,dc=org'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: setting TLS mode to 4
rlm_ldap: bind as / to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in ou=people,dc=nodewarrior,dc=org, with filter
(uid=myraduser)
rlm_ldap: Added password grunk in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding radiusClearTextPassword as User-Password, value grunk op=11
Adding check item 2, value grunk
rlm_ldap: looking for reply items in directory...
rlm_ldap: user myraduser authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module ldap returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type CHAP
auth: type CHAP
modcall: entering group authtype
..etc. The authentication succeeds, anyway.
This is with compare_check_items turned on. Some of the debugging
output may not look familiar; I have added a few DEBUG() lines.
rlm_chap: Adding Auth-Type = CHAP
modcall[authorize]: module chap returns ok
modcall[authorize]: module files returns notfound
rlm_ldap: - authorize
rlm_ldap: performing user authorization for myraduser
radius_xlat: '(uid=myraduser)'
radius_xlat: 'ou=people,dc=nodewarrior,dc=org'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: setting TLS mode to 4
rlm_ldap: bind as / to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in ou=people,dc=nodewarrior,dc=org, with filter
(uid=myraduser)
rlm_ldap: Added password grunk in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding radiusClearTextPassword as User-Password, value grunk op=11
rlm_ldap: Adding check item 2, value grunk
rlm_ldap: looking for reply items in directory...
rlm_ldap: (ldap) attr 1000, value CHAP
rlm_ldap: (ldap) attr 2, value grunk
rlm_ldap: (request) attr 3, value JUNK
rlm_ldap: (request) attr 1, value myraduser
rlm_ldap: (request) attr 1053, value uid=myraduser,ou=people,dc=nodewarrior,dc=org
paircmp: comparing check 1000
rlm_ldap: Pairs do not match. Rejecting user.
As you can see, it looks like it's complaining because there's no
Auth-Type = CHAP in the request. It works with PAP because rlm_pap
doesn't add Auth-Type, and rlm_ldap doesn't add it until after paircmp
is called.
By my reading, the lack of attribute 2 in the request shouldn't be an
issue. Given that Auth-Type should never appear in a packet, doesn't
it make sense to ignore it as well?
Here are the relevant parts of my (embryonic, testing-only) config:
modules {
# /etc/raddb/users is empty...
files {
usersfile = ${confdir}/users
compat = no
}
chap {
}
pap {
encryption_scheme = crypt
}
ldap {
server = localhost
basedn = ou=people,dc=nodewarrior,dc=org
filter = (uid=%u)
password_attribute = radiusClearTextPassword
compare_check_items = yes
dictionary_mapping = ${raddbdir}/ldap.attrmap
}
}
authorize {
chap
files
ldap
}
authenticate {
authtype CHAP {
chap
}
authtype LDAP {
ldap
}
}
Thanks,
Dan
--
/^Dan Debertin$/
[EMAIL PROTECTED] | Did I sleep a little too late,
www.nodewarrior.org | or am I awake?--Byrne
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
