Re: Fwd: Re: Simultaneous Use
Hi again, I need to have some solution about this, Chris can you helpme ?, any one on the list please ? Thank you very much. JM> Chris, JM> thank for your answer, JM> I put radius on debug mode, then called nas (Total Control JM> w/HiperArc) as a user that where connected, but I don't see any error JM> and the request have not been rejected. JM> Below is the result of debug mode. JM> After that you have again radiusd.conf. JM> Thank for your help ! JM> Jorge. >>>Hi all !, >>> >>>I am having some trouble about simultaneous connnection. >>>I can not see where would be the error on configuration, if any, and did >>>not get nothing browsing docs, faqs, etc, that were applicable to my config. >>>Can some one give some idea about this ?. >> >>What error messages did you receive, and what is the output from running >>'radiusd -X' ( debug mode ) telling you? >> >>-Chris JM> - Results from "radiusd -X" JM> Starting - reading configuration files ... JM> reread_config: reading radiusd.conf JM> Config: including file: /etc/raddb/proxy.conf JM> Config: including file: /etc/raddb/clients.conf JM> Config: including file: /etc/raddb/snmp.conf JM> Config: including file: /etc/raddb/sql.conf JM> main: prefix = "/usr" JM> main: localstatedir = "/usr/var" JM> main: logdir = "/var/log/radius" JM> main: libdir = "/usr/lib" JM> main: radacctdir = "/var/log/radius/radacct" JM> main: hostname_lookups = no JM> read_config_files: reading dictionary JM> read_config_files: reading clients JM> read_config_files: reading realms JM> read_config_files: reading naslist JM> main: max_request_time = 30 JM> main: cleanup_delay = 5 JM> main: max_requests = 1024 JM> main: delete_blocked_requests = 0 JM> main: port = 0 JM> main: allow_core_dumps = no JM> main: log_stripped_names = yes JM> main: log_auth = yes JM> main: log_auth_badpass = yes JM> main: log_auth_goodpass = no JM> main: pidfile = "/var/run/radius/radiusd.pid" JM> main: user = "radius" JM> main: group = "radius" JM> main: usercollide = no JM> main: lower_user = "no" JM> main: lower_pass = "no" JM> main: nospace_user = "no" JM> main: nospace_pass = "no" JM> main: proxy_requests = yes JM> proxy: retry_delay = 5 JM> proxy: retry_count = 3 JM> proxy: synchronous = no JM> proxy: default_fallback = yes JM> proxy: dead_time = 120 JM> security: max_attributes = 200 JM> security: reject_delay = 1 JM> main: debug_level = 0 JM> read_config_files: entering modules setup JM> Module: Library search path is /usr/lib JM> Module: Loaded preprocess JM> preprocess: huntgroups = "/etc/raddb/huntgroups" JM> preprocess: hints = "/etc/raddb/hints" JM> preprocess: with_ascend_hack = no JM> preprocess: ascend_channels_per_line = 23 JM> preprocess: with_ntdomain_hack = no JM> preprocess: with_specialix_jetstream_hack = no JM> preprocess: with_cisco_vsa_hack = no JM> Module: Instantiated preprocess (preprocess) JM> Module: Loaded realm JM> realm: format = "suffix" JM> realm: delimiter = "@" JM> Module: Instantiated realm (suffix) JM> Module: Loaded SQL JM> sql: driver = "rlm_sql_mysql" JM> sql: server = "localhost" JM> sql: port = "" JM> sql: login = "digitalcoop" JM> sql: password = "digitalcoop" JM> sql: radius_db = "digitalcoop" JM> sql: acct_table = "radacct" JM> sql: acct_table2 = "radacct" JM> sql: authcheck_table = "radcheck" JM> sql: authreply_table = "radreply" JM> sql: groupcheck_table = "radgroupcheck" JM> sql: groupreply_table = "radgroupreply" JM> sql: usergroup_table = "usergroup" JM> sql: nas_table = "nas" JM> sql: dict_table = "dictionary" JM> sql: sqltrace = no JM> sql: sqltracefile = "/var/log/radius/sqltrace.sql" JM> sql: deletestalesessions = yes JM> sql: num_sql_socks = 5 JM> sql: sql_user_name = "%{User-Name}" JM> sql: authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = JM> '%{SQL-User-Name}' ORDER BY id" JM> sql: authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = JM> '%{SQL-User-Name}' ORDER BY id" JM> sql: authorize_group_check_query = "SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.A JM> ttribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username JM> = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id" JM> sql: authorize_group_reply_query = "SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.A JM> ttribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username JM> = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id" JM> sql: authenticate_query = "SELECT Value,Attribute FROM radcheck WHERE UserName = '%{User-Name}' AND JM> ( Attribute = 'User-Password' OR Attribute = 'Password' OR Attribute = 'Crypt-Password' ) ORDER BY JM> Attribute DESC" JM> sql: accounting_onoff_qu
Radius with PAM
hi, using the raddb/users file, the password is in cleartext on the FR server, what's recommended to prevent using cleartext file? by compiling FR to use PAM module? please enlighten me. cheers, yanghwee - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radrelay help
Roger <[EMAIL PROTECTED]> wrote: > Thanks for the suggestion Alan. Besides upgrading to newest version, > did you(or anyone else) notice that I was infact calling radrelay correctly? To be honest, I didn't even look at that. I know there are issues with the 0.7.1 radrelay, which have been fixed in the CVS head. So I'm less interested in bug reports for 0.7.1 than I am for the CVS head. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radrelay help
Alan DeKok wrote: Roger <[EMAIL PROTECTED]> wrote: After reading over that I used the following command, on the primary, to sync up the detail file radrelay -d /etc/raddb -S /etc/raddb/secret -r <> -x detail-relay After about a second or two the script returns a seg fault. Try the latest CVS snapshot. It has bug fixes over 0.7.1 Alan DeKok. Thanks for the suggestion Alan. Besides upgrading to newest version, did you(or anyone else) notice that I was infact calling radrelay correctly? -- Rock River Internet Roger Grunkemeyer 202 W. State St, 8th Floor[EMAIL PROTECTED] Rockford, IL 61101815-968-9888 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radrelay help
Roger <[EMAIL PROTECTED]> wrote: > After reading over that I used the following command, on the primary, to > sync up the detail file > > radrelay -d /etc/raddb -S /etc/raddb/secret -r <> > -x detail-relay > > After about a second or two the script returns a seg fault. Try the latest CVS snapshot. It has bug fixes over 0.7.1 Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
7.1 with mysql support
I can't seem to mumble the right thing to get freeradius 7.1 to build with mysql support. I trying this on RH 7.3 with gcc 3.2 before I implment it on my production server. I have the mysql 4.0.4 source in /usr/local/src/mysql-4.0.4 with a soft link to /usr/local/src/mysql. configure consistantly complains that it can't find ../mysql/mysql.h and disables mysql support. do I need mysql-3.23? -- Daniel Monjar IS Manager, Technical Services bioMérieux, Inc. Durham, NC US - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proxy Attributes
Hey All, This may be a stupid question, but still, one to which I don't know the answer. :) If so, please forgive my ingnorance. I am trying to find a way to strip attributes sent "from" the NAS in the proxy authentication request in freeradius. I am able to modify the attributes that are sent back "to" the NAS after authentication using that attr_filter module, but I don't see a way of stripping certain attributes that are sent "from" the NAS. Is this possible? I have a proxy client who has an issue with the "Service-Type" attribute that would be solved if I could strip that attribute before it reaches their radius. Thanks for any assistance! Darren Nay - [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radrelay help
I'm attempting to keep detail files in sync between our primary and secondary radius servers. Both at running FreeRadius .0.7 both running RH7.2. I've followed the radrelay man page and faq at http://www.freeradius.org/radiusd/doc/radrelay After reading over that I used the following command, on the primary, to sync up the detail file radrelay -d /etc/raddb -S /etc/raddb/secret -r <> -x detail-relay After about a second or two the script returns a seg fault. On the secondary I enter the following command: radrelay -d /etc/raddb -S /etc/raddb/secret -r <> -x detail-relay and nothing happens No errors codes, verbose output, no nothing. Am I calling radrelay properly??? I believe I am. Other people in the past have mentioned bad ram being the culperate. Any suggestions. -- Rock River Internet Roger Grunkemeyer 202 W. State St, 8th Floor[EMAIL PROTECTED] Rockford, IL 61101815-968-9888 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: URGENT: Segmantation Fault
I have downloaded the recent CVS snapsot, and i am getting the same problem again and again. But the important thing here to notice is that, this is happenning in only one of my m/c., i.e., a Compaq Proliant 400 server, and free radius was running there for some quite a long time untill it crashed on 13th with segmentation fault. Now i have installed the same radius in two different m/c (one desktop pc and another IBM netinfinity server) and it is working pefectly. Well...that does make things a little more interesting. Hopefully, this will not be the case for the other customer. You stated that you are using RH 7.3 on both servers (i.e. the one failing and the one working). ON THE SERVER FAILING: Remove all of the radiusd module source. Remove all of the rlm_* libraries from your /usr/local/lib (or whichever) directory. Try to reinstall the CVS snapshot. Run the server with no modules except say...rlm_files...enabled. This way, you can try just authenticating a user out of the users file. If it doesn't fail...enable your used modules one at a time. Hopefully, after completely removing all of the module libs and all source, it will work. If it's still failing on just that one server...on the memset call...you may want to delve a little further into the capabilities of GDB. If you start the process, and then attach via "GDB -p pid" (available in later versions of GDB), and then you don't detach from the process when it dies...you can find out everything about what the process has in memory at the time it seg-faulted. The trick is to find out where you want to look ;-). If you are not starting GDB out of the /usr/local/etc/raddb/ directory...try that. I know that w/Solaris it is the only way to get GDB to print that function, currently showing up as "#1 0x7674913d in ?? ()" in your GDB output, as the actual function being called (it has to do with GDB correctly picking up all libraries in use by radiusd, but when viewing your GDB output, it really doesn't look like your having an issue with that). Lastly, that server's memory modules or libraries could just be hosed too :(. If the server is running fine on two other servers...there's probably no problems with the software. Regards, Chris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
re: fr 0.7 & openldap 2.1.4
Hello, I thought I'd follow up on this in case it helps anyone. Basically the problem I saw is that at some point, openldap disabled --enable-crypt as a default option (or else I had somehow enabled it in the past without realizing it). When freeradius went to compare the password, it was comparing the encrypted form against the plain text. Cheers, John On Thu, 19 Sep 2002, John wrote: > Hi, > > I think there may have been some similiar questions posted a few months > back, but can't find them currently. > > I recently upgraded from openldap 2.0.5 to 2.1.4. Upon doing that, when > fr 0.7 goes to authenticate a user, it fails with bind as user failed > (user/pass error). Things like attribute denies access still work as > before, so fr 0.7 is at least able to query ldap. > > If anyone knows the answer to this, or can point me at previous postings, > it would be greatly appreciated. > > Cheers, > John > > --- > John Hogenmiller, kb3dfz > Network Engineer > Pennswoods.net > 877.716.2002 x 529 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: URGENT: Segmantation Fault
Hi, > Another user wrote about a seg-fault that occurred on memset...a system > call used to allocate memory. Ya I posted the problem of segmantation fault. I got the same error when i was trying to run again after reinstalling > Regardless, some issues with memory allocation (not directly dealing > w/accounting but possibly still relevant) have been resolved in more recent > releases of FR, and you may want to upgrade to the most recent CVS version > of the software (0.8-pre)...as opposed to reinstalling the OS. > > *Keeping up with the most recent versions is always a good idea anyway, > when software is still in the development stage.* > I have downloaded the recent CVS snapsot, and i am getting the same problem again and again. But the important thing here to notice is that, this is happenning in only one of my m/c., i.e., a Compaq Proliant 400 server, and free radius was running there for some quite a long time untill it crashed on 13th with segmentation fault. Now i have installed the same radius in two different m/c (one desktop pc and another IBM netinfinity server) and it is working pefectly. Atanu Das System Development SS NetCom Pvt Ltd. Dhankheti Shillong-793003 Ph: 91+361+502355 Visit us at: http://www.neline.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: URGENT: Segmantation Fault
At 06:45 PM 10/22/2002 +0330, you wrote: Hi, I am runnning FreeRadius 0.7 on a RedHat 7.3 machine. It crashed and after restarting I coudln't bring the Radius server up again. I am using this for only ACCOUNTING, no authentcation purposes. I have tried recompiling the radius server but still didn't work. Each time the I get the Error " Segmantation Fault" and the radiusd exits. Finally I formatted the server, and Installed a clean RedHat 8.0 (no upgrade)on this machine, and compiled freeradius again. But still I get the same error ! I am really getting confused about this, any comments ??? Another user wrote about a seg-fault that occurred on memset...a system call used to allocate memory. Because you did not include a backtrace or any debug info, I'm not sure if this is happening to you too. Regardless, some issues with memory allocation (not directly dealing w/accounting but possibly still relevant) have been resolved in more recent releases of FR, and you may want to upgrade to the most recent CVS version of the software (0.8-pre)...as opposed to reinstalling the OS. *Keeping up with the most recent versions is always a good idea anyway, when software is still in the development stage.* If the problem still occurs, write back again with some debug output and/or a GDB backtrace. That may make it easier for list members to determine the source of your problem. Regards, Chris Brotsos - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: system group access
Dave Mackintosh <[EMAIL PROTECTED]> wrote: > I see that the users file contains an example of how to deny users > who are a member of a particular group, but what I want to do is only > permit users who are members of a particular group and supply their > correct user password. See 'man 5 users' DEFAULT Group != "foo", Auth-Type := Reject DEFAULT Auth-Type := System will (1) reject anyone not in that group, and (2) accept them only if they supply the correct password. > Also, you might want to add to your documentation something to the > effect that you need to turn caching off if you are trying to use > NIS for username/password/group information. It is implied in > the reference to system lookup, but making it explicit might save > some other admin a bit of time. The latest CVS snapshot has caching turned off by default. It was confusing too many people who didn't bother reading the configuration file... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
URGENT: Segmantation Fault
Hi, I am runnning FreeRadius 0.7 on a RedHat 7.3 machine. It crashed and after restarting I coudln't bring the Radius server up again. I am using this for only ACCOUNTING, no authentcation purposes. I have tried recompiling the radius server but still didn't work. Each time the I get the Error " Segmantation Fault" and the radiusd exits. Finally I formatted the server, and Installed a clean RedHat 8.0 (no upgrade)on this machine, and compiled freeradius again. But still I get the same error ! I am really getting confused about this, any comments ??? Thanks in advance, Hamid - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
system group access
Greetings I have downloaded FreeRadius 0.7.1 and am trying to use system group membership to grant access. I see that the users file contains an example of how to deny users who are a member of a particular group, but what I want to do is only permit users who are members of a particular group and supply their correct user password. We have an ugly work-around (perl script creates a custom passwd file only containing group members and aim FreeRadius at that), but if there is a 'correct' way to do this I would prefer it. I feel like a complete idiot asking such a simple question, but after banging my head for two days I need to ask for help. Also, you might want to add to your documentation something to the effect that you need to turn caching off if you are trying to use NIS for username/password/group information. It is implied in the reference to system lookup, but making it explicit might save some other admin a bit of time. Thanks in advance -- /\oo/\ / /()\ \ David Mackintosh | - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Modules: rlm_pap.c
On Tue, 22 Oct 2002 [EMAIL PROTECTED] wrote: > Hi! > > Something strange in rlm_pap.c code...in pap_instantiate() > pthread_mutex_init() is called only when "crypt" configured > as encryption scheme, but in pap_detach() pthread_mutex_destroy() > is called without any checking. This cause radiusd to not exit > properly when pap module is used and configured other than for > "crypt" scheme (in case of linking with threads library, I do not > check this without threads). > > I think that call to pthread_mutex_init() must be placed either > inside each scheme checking if() block or just before *instance = inst; > at the end of pap_instantiate(). OK, fixed. Thanks -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Group attribute in users file
I have install freeradius 0.7.1 In users file I'm writing: = DEFAULT Group == "disabled", Auth-Type := Reject Reply-Message = "Your account has been disabled" = Attribute "Group" was ignored. Alhough it works in mysql. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Modules: rlm_pap.c
Hi! Something strange in rlm_pap.c code...in pap_instantiate() pthread_mutex_init() is called only when "crypt" configured as encryption scheme, but in pap_detach() pthread_mutex_destroy() is called without any checking. This cause radiusd to not exit properly when pap module is used and configured other than for "crypt" scheme (in case of linking with threads library, I do not check this without threads). I think that call to pthread_mutex_init() must be placed either inside each scheme checking if() block or just before *instance = inst; at the end of pap_instantiate(). - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius Crashes after some time
Dear All, I am having this rather pretty new problem. I have installed freeradius-0.7 in RedHat 7.3 and untill sometime it was working perfectly. But a week ago, it crashed with segmentation fault. I formatted the system and again installed radius. Now whenever i run radius in the debugging mode (radiusd -X -A) it stays alive for some time and functions perfectly. But after some minutes it agains crashes with the Segmentation Fault Message. I browsed through the mailing list and after reading some similar problems posted there, I thought there might be some wrong in one of my configuration files. So i prepared another RedHat 7.3 system and used the same freeradius tar ball and installed it there. Now the surprising thing is the Radius DID NOT crashed in this system. I have used the same configuration files directly copied from the old one to test the server. Now the whole new system is working perfectly. Could anybody tell me where the problem was? Below is the core dump of the CRASHED system Core was generated by `/usr/local/sbin/radiusd -X -A'.Program terminated with signal 11, Segmentation fault.Reading symbols from /usr/local/lib/libradius-0.7.so...done.Loaded symbols for /usr/local/lib/libradius-0.7.soReading symbols from /lib/libcrypt.so.1...done.Loaded symbols for /lib/libcrypt.so.1Reading symbols from /usr/local/lib/libltdl.so.3...done.Loaded symbols for /usr/local/lib/libltdl.so.3Reading symbols from /lib/libdl.so.2...done.Loaded symbols for /lib/libdl.so.2Reading symbols from /lib/libnsl.so.1...done.Loaded symbols for /lib/libnsl.so.1Reading symbols from /lib/libresolv.so.2...done.Loaded symbols for /lib/libresolv.so.2Reading symbols from /lib/i686/libpthread.so.0...done.Loaded symbols for /lib/i686/libpthread.so.0Reading symbols from /lib/i686/libc.so.6...done.Loaded symbols for /lib/i686/libc.so.6Reading symbols from /lib/ld-linux.so.2...done.Loaded symbols for /lib/ld-linux.so.2Reading symbols from /usr/local/lib/rlm_preprocess-0.7.so...done.Loaded symbols for /usr/local/lib/rlm_preprocess-0.7.soReading symbols from /usr/local/lib/rlm_files-0.7.so...done.Loaded symbols for /usr/local/lib/rlm_files-0.7.soReading symbols from /usr/local/lib/rlm_detail-0.7.so...done.Loaded symbols for /usr/local/lib/rlm_detail-0.7.soReading symbols from /usr/local/lib/rlm_sql-0.7.so...done.Loaded symbols for /usr/local/lib/rlm_sql-0.7.soReading symbols from /usr/local/lib/rlm_sql_mysql.so.0...done.Loaded symbols for /usr/local/lib/rlm_sql_mysql.so.0---Type to continue, or q to quit---Reading symbols from /usr/lib/mysql/libmysqlclient.so.10...done.Loaded symbols for /usr/lib/mysql/libmysqlclient.so.10Reading symbols from /usr/lib/libz.so.1...done.Loaded symbols for /usr/lib/libz.so.1Reading symbols from /lib/i686/libm.so.6...done.Loaded symbols for /lib/i686/libm.so.6Reading symbols from /lib/libnss_files.so.2...done.Loaded symbols for /lib/libnss_files.so.2Reading symbols from /usr/local/lib/rlm_radutmp-0.7.so...done.Loaded symbols for /usr/local/lib/rlm_radutmp-0.7.so#0 0x42082477 in memset () from /lib/i686/libc.so.6 (gdb) bt#0 0x42082477 in memset () from /lib/i686/libc.so.6#1 0x7674913d in ?? ()#2 0x0804cea2 in main ()#3 0x42017499 in __libc_start_main () from /lib/i686/libc.so.6 Atanu DasSystem DevelopmentSS NetCom Pvt Ltd.DhankhetiShillong-793003Ph: 91+361+502355Visit us at: http://www.neline.com