Re: more Kerberos fun
On Thu, 7 Nov 2002, Allister Maguire wrote: > Hello, > > This is what you need in radius.conf: > > You need to add a empty "krb5" to the module section. (It takes no > parameters). > > modules { > > > krb5 { > } > > Wow, it looks like I was closer than I thought with my guess. I look forward to giving it a try tomorrow, er, this morning, a bit later :). Thanks Allister! Brian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mod_auth_radiusd and apache 2.0.40 (RH8.0)
Hi, Im having a problem cant seem to work out. I compile the mod_auth_radius 1.5.4 fine with: "apsx -i -a -c mod_auth_radius-2.0.c" it installs fine however when I start apache I get: "Cannot load /etc/httpd/modules/mod_auth_radius-2.0.so into server: /etc/https/modules/mod_auth_radius-2.0.so: undefined symbol: note_basic_auth_failure" This is on apache 2.0.40 on redhat 8.0 with freeradius on the same. Can anyone help? Thanks Daniel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: more Kerberos fun
Hello, This is what you need in radius.conf: You need to add a empty "krb5" to the module section. (It takes no parameters). modules { krb5 { } } And then add "krb5" to auth section: authenticate { krb5 } This part is correct: Auth-Type := Kerberos Regards Allister P Maguire - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: (So close I can taste it...) freeradius & mssql2000
Thank you. My apologies for leaving that out: my /usr/local/freetds.conf file has this as the only section database section: [192.168.0.126] host = 192.168.0.126 port = 1433 tds version = 7.0 Does the name in [brackets] have to match anything else in the other conf files?? The test program tsql is working: [glynn@localhost bin]$ tsql -S 192.168.0.126 -p 1433 -U hsvpnws Password: Msg 5703, Level 0, State 1, Server WFC-ACC1, Line 0 Changed language setting to us_english. 1> use wific 2> go 1> select * from customer; 2> go Msg 208, Level 16, State 1, Server WFC-ACC1, Line 1 Invalid object name 'customer'. 1> select * from customers; 2> go ID CustomerID NameAddr1 CityState Zip 1 1 Microsoft 1 Microsoft Way RedmondWA 98105 5 2 Oracle 1 Ellison Way Dontknow 9 1> Yet radiusd can not get a connection to the database. Is there some logging I can turn on or check to help me figure this out? Thanks all GT -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius-users-admin@;lists.cistron.nl]On Behalf Of Adorable Dauz Sent: Wednesday, November 06, 2002 5:53 PM To: [EMAIL PROTECTED] Subject: Re: (So close I can taste it...) freeradius & mssql2000 you need also to configure the freetds first. - Original Message - From: "Glynn Taylor" <[EMAIL PROTECTED]> To: "Freeradius-Users" <[EMAIL PROTECTED]> Sent: Thursday, November 07, 2002 6:36 AM Subject: (So close I can taste it...) freeradius & mssql2000 > > 1. Do we have to specify a port number to connect to a MS SQL database? (If > so where, I can't find where to put one in MSSQL.conf) > > 2. Is it true that unixODBC does not work on it's own and still requires > freeTDS? > > First I got freeRadius working with text files. So far so good. The move > to SQL has not yet worked. The user is hsvpnws, the database is wific. The > databases server is 192.168.0.126. > > My Modules load, but my connection never makes it. > > sql: simul_verify_query = "" > rlm_sql ((null)): Driver rlm_sql_unixodbc (module rlm_sql_unixodbc) loaded > and linked > rlm_sql ((null)): Attempting to connect to [EMAIL PROTECTED]:/wific > rlm_sql ((null)): starting 0 > rlm_sql ((null)): Attempting to connect #0 > rlm_sql_unixodbc: Connection failed > rlm_sql ((null)): Failed to connect DB handle #0 > rlm_sql ((null)): starting 1 > rlm_sql ((null)): starting 2 > rlm_sql ((null)): starting 3 > rlm_sql ((null)): starting 4 > Module: Instantiated sql (sql) > Module: Loaded files > files: usersfile = "/etc/raddb/users" > files: acctusersfile = "/etc/raddb/acct_users" > files: preproxy_usersfile = "/etc/raddb/preproxy_users" > files: compat = "no" > Module: Instantiated files (files) > Module: Loaded detail > detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail" > detail: detailperm = 384 > detail: dirperm = 493 > detail: locking = no > Module: Instantiated detail (detail) > Module: Loaded radutmp > radutmp: filename = "/var/log/radius/radutmp" > radutmp: username = "%{User-Name}" > radutmp: perm = 384 > radutmp: callerid = yes > Module: Instantiated radutmp (radutmp) > Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on > 1814/udp. > Ready to process requests. > > At the top of the raddb trace (third line down here) there is a blank port > directive, but I can't find where to enter it in mssql.conf: > > Module: Loaded SQL > sql: driver = "rlm_sql_unixodbc" > sql: server = "192.168.0.126" > sql: port = "" > sql: login = "hsvpnws" > sql: password = "eagles99" > sql: radius_db = "wific" > sql: acct_table = "radacct" > sql: acct_table2 = "radacct" > sql: authcheck_table = "radcheck" > sql: authreply_table = "radreply" > sql: groupcheck_table = "radgroupcheck" > sql: groupreply_table = "radgroupreply" > sql: usergroup_table = "usergroup" > sql: nas_table = "nas" > sql: dict_table = "dictionary" > sql: sqltrace = no > sql: sqltracefile = "/var/log/radius/sqltrace.sql" > sql: deletestalesessions = yes > sql: num_sql_socks = 5 > sql: sql_user_name = "%{hsvpnws}" > > I'm running the latest snapshot of freeRadius and freeTDS. (but the > symptons are the same with 0.7.1 and 0.60). I compiled and installed > unixODBC first, then the freeTDS, then recompiled freeRadius. The database > exists. > > This is in my /usr/local/etc/odbc.ini: > [sqlserver] > Driver = TDS > Descripttion = SQL Server > Trace = Yes > Servername = 192.168.0.4 > Database = wific > > This is in my /usr/local/etc/odbcinst.ini: > [TDS] >
Re: Freeradius-Users digest, Vol 1 #1211 - 14 msgs
Hey guys: The patch 112438-01 http://sunsolve.sun.com add /dev/random and other stuff related to it. Another question: Can I change the ldap library checking?? Now is something like this: try lber if not lber then fail and exit else try ldap... I need barely try lber if not lber then continue try ldap I have dealed with the configure.in and other files but any modification make configure unusable or just like the original one! Thanks a lot! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radutmp file
I'm running 3 pairs of radius servers. One of them is logging the framed-ip-address properly, however the other two are not. I see the entry in the detail file. I run radwho and the "Location" is not populated on 2 of the servers. Each uses a different radius server for proxy, however they all have the Framed-IP-Address entry in their detail files. Any clues? Thanks, Brian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (So close I can taste it...) freeradius & mssql2000
you need also to configure the freetds first. - Original Message - From: "Glynn Taylor" <[EMAIL PROTECTED]> To: "Freeradius-Users" <[EMAIL PROTECTED]> Sent: Thursday, November 07, 2002 6:36 AM Subject: (So close I can taste it...) freeradius & mssql2000 > > 1. Do we have to specify a port number to connect to a MS SQL database? (If > so where, I can't find where to put one in MSSQL.conf) > > 2. Is it true that unixODBC does not work on it's own and still requires > freeTDS? > > First I got freeRadius working with text files. So far so good. The move > to SQL has not yet worked. The user is hsvpnws, the database is wific. The > databases server is 192.168.0.126. > > My Modules load, but my connection never makes it. > > sql: simul_verify_query = "" > rlm_sql ((null)): Driver rlm_sql_unixodbc (module rlm_sql_unixodbc) loaded > and linked > rlm_sql ((null)): Attempting to connect to [EMAIL PROTECTED]:/wific > rlm_sql ((null)): starting 0 > rlm_sql ((null)): Attempting to connect #0 > rlm_sql_unixodbc: Connection failed > rlm_sql ((null)): Failed to connect DB handle #0 > rlm_sql ((null)): starting 1 > rlm_sql ((null)): starting 2 > rlm_sql ((null)): starting 3 > rlm_sql ((null)): starting 4 > Module: Instantiated sql (sql) > Module: Loaded files > files: usersfile = "/etc/raddb/users" > files: acctusersfile = "/etc/raddb/acct_users" > files: preproxy_usersfile = "/etc/raddb/preproxy_users" > files: compat = "no" > Module: Instantiated files (files) > Module: Loaded detail > detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail" > detail: detailperm = 384 > detail: dirperm = 493 > detail: locking = no > Module: Instantiated detail (detail) > Module: Loaded radutmp > radutmp: filename = "/var/log/radius/radutmp" > radutmp: username = "%{User-Name}" > radutmp: perm = 384 > radutmp: callerid = yes > Module: Instantiated radutmp (radutmp) > Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on > 1814/udp. > Ready to process requests. > > At the top of the raddb trace (third line down here) there is a blank port > directive, but I can't find where to enter it in mssql.conf: > > Module: Loaded SQL > sql: driver = "rlm_sql_unixodbc" > sql: server = "192.168.0.126" > sql: port = "" > sql: login = "hsvpnws" > sql: password = "eagles99" > sql: radius_db = "wific" > sql: acct_table = "radacct" > sql: acct_table2 = "radacct" > sql: authcheck_table = "radcheck" > sql: authreply_table = "radreply" > sql: groupcheck_table = "radgroupcheck" > sql: groupreply_table = "radgroupreply" > sql: usergroup_table = "usergroup" > sql: nas_table = "nas" > sql: dict_table = "dictionary" > sql: sqltrace = no > sql: sqltracefile = "/var/log/radius/sqltrace.sql" > sql: deletestalesessions = yes > sql: num_sql_socks = 5 > sql: sql_user_name = "%{hsvpnws}" > > I'm running the latest snapshot of freeRadius and freeTDS. (but the > symptons are the same with 0.7.1 and 0.60). I compiled and installed > unixODBC first, then the freeTDS, then recompiled freeRadius. The database > exists. > > This is in my /usr/local/etc/odbc.ini: > [sqlserver] > Driver = TDS > Descripttion = SQL Server > Trace = Yes > Servername = 192.168.0.4 > Database = wific > > This is in my /usr/local/etc/odbcinst.ini: > [TDS] > Description = SQL 2000 Database > Driver = /usr/local/lib/libtdsodbc.so > FileUsage = 1 > > In mssql.conf the database type is declared as driver = "rlm_sql_unixodbc" > In radiusd.conf the following line chooses mssql. > > # For MS-SQL, use ${confdir}/mssql.conf > $INCLUDE ${confdir}/mssql.conf > > > > > > Any assistance or pointers greatly appreciated. Thanks for your time. > GT > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(So close I can taste it...) freeradius & mssql2000
1. Do we have to specify a port number to connect to a MS SQL database? (If so where, I can't find where to put one in MSSQL.conf) 2. Is it true that unixODBC does not work on it's own and still requires freeTDS? First I got freeRadius working with text files. So far so good. The move to SQL has not yet worked. The user is hsvpnws, the database is wific. The databases server is 192.168.0.126. My Modules load, but my connection never makes it. sql: simul_verify_query = "" rlm_sql ((null)): Driver rlm_sql_unixodbc (module rlm_sql_unixodbc) loaded and linked rlm_sql ((null)): Attempting to connect to [EMAIL PROTECTED]:/wific rlm_sql ((null)): starting 0 rlm_sql ((null)): Attempting to connect #0 rlm_sql_unixodbc: Connection failed rlm_sql ((null)): Failed to connect DB handle #0 rlm_sql ((null)): starting 1 rlm_sql ((null)): starting 2 rlm_sql ((null)): starting 3 rlm_sql ((null)): starting 4 Module: Instantiated sql (sql) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: preproxy_usersfile = "/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded detail detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp. Ready to process requests. At the top of the raddb trace (third line down here) there is a blank port directive, but I can't find where to enter it in mssql.conf: Module: Loaded SQL sql: driver = "rlm_sql_unixodbc" sql: server = "192.168.0.126" sql: port = "" sql: login = "hsvpnws" sql: password = "eagles99" sql: radius_db = "wific" sql: acct_table = "radacct" sql: acct_table2 = "radacct" sql: authcheck_table = "radcheck" sql: authreply_table = "radreply" sql: groupcheck_table = "radgroupcheck" sql: groupreply_table = "radgroupreply" sql: usergroup_table = "usergroup" sql: nas_table = "nas" sql: dict_table = "dictionary" sql: sqltrace = no sql: sqltracefile = "/var/log/radius/sqltrace.sql" sql: deletestalesessions = yes sql: num_sql_socks = 5 sql: sql_user_name = "%{hsvpnws}" I'm running the latest snapshot of freeRadius and freeTDS. (but the symptons are the same with 0.7.1 and 0.60). I compiled and installed unixODBC first, then the freeTDS, then recompiled freeRadius. The database exists. This is in my /usr/local/etc/odbc.ini: [sqlserver] Driver = TDS Descripttion = SQL Server Trace = Yes Servername = 192.168.0.4 Database = wific This is in my /usr/local/etc/odbcinst.ini: [TDS] Description = SQL 2000 Database Driver = /usr/local/lib/libtdsodbc.so FileUsage = 1 In mssql.conf the database type is declared as driver = "rlm_sql_unixodbc" In radiusd.conf the following line chooses mssql. # For MS-SQL, use ${confdir}/mssql.conf $INCLUDE ${confdir}/mssql.conf Any assistance or pointers greatly appreciated. Thanks for your time. GT - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: more Kerberos fun
On Wed, 6 Nov 2002, Alan DeKok wrote: > Brian Johnson <[EMAIL PROTECTED]> wrote: > > modcall: group authorize returns ok > > rad_check_password: Found Auth-Type Kerberos > > auth: type "Kerberos" > > auth: Failed to validate the user. > > Yup. The kerberos module returns helpful debugging messages, > doesn't it? Heh, yeah, it does seem to be a little vague > > > As always, I'm happy to provide any additional information. > > A patch to rlm_krb5, so that it takes any return error string/code > from kerberos, and outputs debug information saying WHY it failed? Hehe, sadly, at the moment I have no coding abilities and I know enough about kerberos to be dangerous, so unfortunately I'm definitely the wrong man for the job. However, by the time this is said and done, I'll probably be an expert in kerberos, and then, after I get my butt in gear and start programming, I'll come back and it'll be the first thing I do :). Actually, there is a piece of information I can provide (and probably should've said in my last post)unfortunately I'm still unable to find anything telling me what needs to be added to radiusd.conf for krb5...I've tried a few guesses (nothing really more than adding krb5 and an open and closed curly bracket following under the 'modules' section), but unfortunately my lame attempt didn't seem to do much good. Here's the information after I start the server: radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: ignore_password = no mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/usr/local/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded preprocess preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" preprocess: hints = "/usr/local/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/usr/local/etc/raddb/users" files: acctusersfile = "/usr/local/etc/raddb/acct_users" files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Addre ss, NAS-Port-Id" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/de tail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/usr/local/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) No mention of krb in the module section at all. If someone could point me in the direction of something that tells what I need to put in radiusd.conf, I think it'll definitely help, if not solve my problem. Thanks! Brian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: more Kerberos fun
Brian Johnson <[EMAIL PROTECTED]> wrote: > modcall: group authorize returns ok > rad_check_password: Found Auth-Type Kerberos > auth: type "Kerberos" > auth: Failed to validate the user. Yup. The kerberos module returns helpful debugging messages, doesn't it? > As always, I'm happy to provide any additional information. A patch to rlm_krb5, so that it takes any return error string/code from kerberos, and outputs debug information saying WHY it failed? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: more Kerberos fun
On Wed, 6 Nov 2002, Alan DeKok wrote: > Brian Johnson <[EMAIL PROTECTED]> wrote: > > Here's the debugging info as requested. In my users file, I added: > > > > DEFAULT Auth-Type = Kerberos > > Reply-Message = "Hello, Brian" > > Try 'Auth-Type := Kerberos', I think. Ah, it does make a differenceI had tried it once with and once without the ':' when troubleshooting before, and left it out when I was getting debugging info. Although I don't have the debugging info from my 0.7.1 server, I do remember it returning: modcall: group authorize returns ok rad_check_password: Found Auth-Type Kerberos auth: type "Kerberos" auth: Failed to validate the user. after I made the change (the above is from the debugging info from the latest snapshot, but should be similar, if not the same to what I saw from 0.7.1). > > > modcall[authorize]: module "files" returns notfound > > modcall: group authorize returns ok > > auth: No authenticate method (Auth-Type) configuration found for the request: >Rejecting the user > > Hmm... can you try this using the latest CVS version? I think > there's a bugfix there which may help. No problem. With DEFAULT Auth-Type := Kerberos Reply-Message = "Hello, Brian" at the top of my users file and using the command "radtest mbjohn [password] 152.3.2.153 0 testing123" on the remote client, here's the debugging information from the latest snapshot: Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp. Ready to process requests. Thread 4 waiting to be assigned a request Thread 5 waiting to be assigned a request rad_recv: Access-Request packet from host 152.16.0.183:1031, id=168, length=55 Thread 1 assigned request 0 --- Walking the entire request list --- Threads: total/active/spare threads = 5/1/4 Waking up in 5 seconds... Thread 1 handling request 0, (1 handled so far) User-Name = "mbjohn" User-Password = "[password]" NAS-IP-Address = 255.255.255.255 NAS-Port-Id = "0" modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_chap: Could not find proper Chap-Password attribute in request modcall[authorize]: module "chap" returns noop modcall[authorize]: module "mschap" returns notfound rlm_realm: No '@' in User-Name = "mbjohn", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched DEFAULT at 4 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type Kerberos auth: type "Kerberos" auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request Thread 1 waiting to be assigned a request rad_recv: Access-Request packet from host 152.16.0.183:1031, id=168, length=55 Sending Access-Reject of id 168 to 152.16.0.183:1031 Reply-Message = "Hello, Brian" --- Walking the entire request list --- Threads: total/active/spare threads = 5/0/5 Waking up in 3 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 168 with timestamp 3dc9706d Nothing to do. Sleeping until we see a request. And on the remote client I got: Sending Access-Request of id 168 to 152.3.2.153:1812 User-Name = "mbjohn" User-Password = "\36286i\354\223~\202H\2663D\221\027X\344" NAS-IP-Address = user-0-183.wireless.duke.edu NAS-Port-Id = "0" Re-sending Access-Request of id 168 to 152.3.2.153:1812 User-Name = "mbjohn" User-Password = "\36286i\354\223~\202H\2663D\221\027X\344" NAS-IP-Address = user-0-183.wireless.duke.edu NAS-Port-Id = "0" rad_recv: Access-Reject packet from host 152.3.2.153:1812, id=168, length=34 Reply-Message = "Hello, Brian" These are also the results I got when I made the 'Auth-Type := ' change on the 0.7.1 server and ran it from the remote client. As always, I'm happy to provide any additional information. Thanks! Brian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sql accounting and custom attributes
Hi, i am using that with a cvs version from september, but it worked with all version up to from 0.5 Regards, Christian. On Wed, Nov 06, 2002 at 10:10:27PM +0200, Alexey Chetroi wrote: > Hello Christian, > I'd like to have that patches regarding converting of the > cisco-avpair attributes, if it is possible. you may use > this email. > > -- > > Best regards, > Alexey Chetroi > > --- > Smile... Tomorrow will be worse. (c) Murphy's law --- freeradius-0.7.1/src/modules/rlm_preprocess/rlm_preprocess.cWed Sep 11 06:49:12 2002 +++ freeradius-snapshot-20020923/src/modules/rlm_preprocess/rlm_preprocess.cMon +Sep 23 21:57:06 2002 @@ -115,51 +115,52 @@ char*ptr; charnewattr[MAX_STRING_LEN]; -for ( ; vp != NULL; vp = vp->next) { -vendorcode = (vp->attribute >> 16); /* HACK! */ -if (vendorcode == 0) continue; /* ignore non-VSA attributes */ - -vendorpec = dict_vendorpec(vendorcode); -if (vendorpec == 0) continue; /* ignore unknown VSA's */ - -if (vendorpec != 9) continue; /* not a Cisco VSA, continue */ - -/* no = seperator in value */ -if ((ptr = strchr(vp->strvalue, '=')) == NULL) continue; - -/* ugly sip-hdr hack */ -if ((strncmp(vp->strvalue,"sip-hdr=",8) == 0) && (strchr(vp->strvalue, ':') != NULL)) { -DEBUG2("cisco_vsa_hack: found sip_hdr %s", vp->strvalue); -*ptr = '-'; -ptr = strchr(vp->strvalue, ':'); -*ptr = '='; -DEBUG("cisco_vsa_hack: rewrote %s", vp->strvalue); -} - -/* Cisco-AVPair - * We take the lvalue look it up in the dictionary and - * when found overwrite the attribute of Cisco-AVPair with it. - */ -if ((vp->attribute & 0x) == 1) { -strNcpy(newattr, vp->strvalue, vp->length - strlen(ptr) + 1 ); -DEBUG2("cisco_vsa_hack: attr : %s to %s",vp->strvalue, da->name); -if (( da = dict_attrbyname((char *)newattr) ) == NULL ) -continue; -vp->attribute = da->attr; -DEBUG2("cisco_vsa_hack: attr : %s found in dictionary", da->name); -} - -/* - * We strip out the duplicity from the value field, - * we use only the value on the right side of - * = character. - */ -strNcpy(newattr, ptr + 1, sizeof(newattr)); -DEBUG2("cisco_vsa_hack: value: %s to %s",(char *)vp->strvalue,(char *) newattr); -strNcpy((char *)vp->strvalue, newattr, -sizeof(vp->strvalue)); -vp->length = strlen((char *)vp->strvalue); -} + + for ( ; vp != NULL; vp = vp->next) { + vendorcode = (vp->attribute >> 16); /* HACK! */ + if (vendorcode == 0) continue; /* ignore non-VSA attributes */ + + vendorpec = dict_vendorpec(vendorcode); + if (vendorpec == 0) continue; /* ignore unknown VSA's */ + + if (vendorpec != 9) continue; /* not a Cisco VSA, continue */ + + /* no = seperator in value */ + if ((ptr = strchr(vp->strvalue, '=')) == NULL) continue; + + /* ugly sip-hdr hack */ + if ((strncmp(vp->strvalue,"sip-hdr=",8) == 0) && (strchr(vp->strvalue, +':') != NULL)) { + DEBUG2("cisco_vsa_hack: found sip_hdr %s", vp->strvalue); + *ptr = '-'; + ptr = strchr(vp->strvalue, ':'); + *ptr = '='; + DEBUG("cisco_vsa_hack: rewrote %s", vp->strvalue); + } + + /* Cisco-AVPair +* We take the lvalue look it up in the dictionary and +* when found overwrite the attribute of Cisco-AVPair with it. +*/ + if ((vp->attribute & 0x) == 1) { + strNcpy(newattr, vp->strvalue, vp->length - strlen(ptr) + 1 ); + DEBUG2("cisco_vsa_hack: attr : %s to %s",vp->strvalue, +newattr); + if (( da = dict_attrbyname((char *)newattr) ) == NULL ) + continue; + vp->attribute = da->attr; + DEBUG2("cisco_vsa_hack: attr : %s found in dictionary", +da->name); + } + + /* +* We strip out the duplicity from the value field, +* we use only the value on the right side of +* = character. +*/ + strNcpy(newattr, ptr + 1, siz
Re: Install FreeRadius on Redhat 7.3
check your firewall settings... --On Wednesday, November 06, 2002 12:02 PM -0800 "Ynjiun P. Wang" <[EMAIL PROTECTED]> wrote: Hi, I was able to install freeradius on Redhat 7.3 and run "radiusd -X" successfully. The "Ready to process requests." string did showup. But when I start running "radtest bob bob localhost 0 testing123" There is no response from Radius. I did check /etc/services and the port was right 1812. I did add bob user account with password bob in the /etc/raddb/users. I did check both clients and clients.conf have localhost with share secret testing123. Am I missing something? I do notice for every service in Redhat 7.3, it has a file under /etc/xinetd.d. Do I need to setup a radius file under /etc/xinetd.d and enable the service? or just simply run "radius -X" in a window? Please advise. Thanks. -Ynjiun - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Daniel Monjar IS Manager, Technical Services bioMérieux, Inc. Durham, NC US - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Install FreeRadius on Redhat 7.3
Hi, I was able to install freeradius on Redhat 7.3 and run "radiusd -X" successfully. The "Ready to process requests." string did showup. But when I start running "radtest bob bob localhost 0 testing123" There is no response from Radius. I did check /etc/services and the port was right 1812. I did add bob user account with password bob in the /etc/raddb/users. I did check both clients and clients.conf have localhost with share secret testing123. Am I missing something? I do notice for every service in Redhat 7.3, it has a file under /etc/xinetd.d. Do I need to setup a radius file under /etc/xinetd.d and enable the service? or just simply run "radius -X" in a window? Please advise. Thanks. -Ynjiun - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sql accounting and custom attributes
Hello Thomas, On Wed, Nov 06, 2002 at 09:15:30AM +0100, Thomas Jalsovsky wrote: > > On Wed, 6 Nov 2002, Alexey Chetroi wrote: > > > Is it possible to rewrite attribute names eg in preprocess module, > > like cisco_vsa_hack. eg to convert from: > > > > Cisco-AVPair = "nas-rx-speed=31200" > > to > > nas-rx-speed=31200 > This is exactly what i am doing. I can sent you the patch for it, if you like. Regards, Christian. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PAM-Radius
"Ricardo Gadea" <[EMAIL PROTECTED]> wrote: > Do any of you know if the PAM-Radius module can be used with any compliant > Radius server, or it only works with freeradius? It works with any RADIUS server. > In the second case, can I configure Freeradius as a proxy and redirect the > authentication to another generic Radius server? Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MySQL-Proxy-Exec-Program-Wait
I'm using my server for both local authentication and proxy to another server. I'm using MySQL for authentication/accounting. I have all of the realms/secrets/etc. setup in the proxy.conf file, and everything seems to work ok. Accounting shows up in the radacct table for all of it. Now I'm trying to add in an Exec-Program-Wait script. I don't care if it only runs for proxy users or if it runs for everyone, I just need to add in that attribute/value (Exec-Program-Wait/scriptname) to everyone that logs in. Can someone tell me how to add in attributes that effect all users. The server doesn't use the "users" file or system at all (it only authenticates using SQL). Any help would be greatly appreciated. Thanks, Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius & mssql2000
I installed freeradius along with freetds and unixodbc on RH8 to be able to send accounting records to a MSSQL database. Radius starts fine and connects to mssql but I get the following errors when radius is trying to update/insert the mssql database for accounting records: rlm_sql: Couldn't insert SQL accounting STOP record - 0 OR rlm_sql: Couldn't update SQL accounting for START packet - 0 extract of debugging output: -- sql: connect_failure_retry_delay = 60 sql: simul_count_query = "" sql: simul_verify_query = "" sql: simul_zap_query = "" rlm_sql: Driver rlm_sql_unixodbc loaded and linked rlm_sql: Attempting to connect to freeradius@MSSQL-6:/freeradius rlm_sql: starting 0 rlm_sql: Attempting to connect #0 rlm_sql: Connected new DB handle, #0 rlm_sql: starting 1 rlm_sql: Attempting to connect #1 rlm_sql: Connected new DB handle, #1 modcall: entering group preacct modcall[preacct]: module "preprocess" returns noop rlm_realm: Looking up realm NULL for User-Name = "dme" rlm_realm: No such realm NULL modcall[preacct]: module "suffix" returns noop modcall[preacct]: module "files" returns noop modcall: group preacct returns noop modcall: entering group accounting radius_xlat: 'dme' sql_set_user: escaped user --> 'dme' radius_xlat: 'UPDATE radacct SET AcctStopTime = '2002-11-06 18:44:40', AcctSessionTime = '127', AcctInputOctets = '2320', AcctOutputOctets = '157339', AcctTerminateCause = 'User-Request', AcctStopDelay = '0', ConnectInfo_stop = '' WHERE AcctSessionId = '7400315D' AND UserName = 'dme' AND NASIPAddress = '212.24.192.4' AND AcctStopTime = 0' rlm_sql: Reserving sql socket id: 4 radius_xlat: 'INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPort, NASPortType, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('7400315D', '', 'dme', '', '212.24.192.4', '34', 'ISDN', '2002-11-06 18:44:40', '127', 'RADIUS', '', '', '2320', '157339', '', '', 'User-Request', 'Framed-User', 'PPP', '212.24.192.101', '0', '0')' rlm_sql_unixodbc: '0 ' rlm_sql: Couldn't insert SQL accounting STOP record - 0 rlm_sql: Released sql socket id: 4 modcall[accounting]: module "sql" returns ok radius_xlat: '/usr/local/var/log/radius/radacct/212.24.192.4/detail' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail expands to /usr/local/var/log/radius/radacct/212.24.192.4/detail modcall[accounting]: module "detail" returns ok modcall[accounting]: module "unix" returns ok radius_xlat: 'dme' Accounting: logout: entry for NAS 212.24.192.4 port 34 has wrong ID modcall[accounting]: module "radutmp" returns ok modcall: group accounting returns ok Sending Accounting-Response of id 175 to 212.24.192.4:1118 Finished request 0 Going to the next request == Does anybody know a solution to this problem? thanks, Christian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PAM-Radius
Hi, Do any of you know if the PAM-Radius module can be used with any compliant Radius server, or it only works with freeradius? In the second case, can I configure Freeradius as a proxy and redirect the authentication to another generic Radius server? Thanks in advance, Ricardo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Simultaneous-User Questions
WA Support <[EMAIL PROTECTED]> wrote: > Thank you for your suggestions. However, no one has responded to why I > don't see any debugging traffic coming from checkrad. Is it not being > called? Did you read my previous message, where I told you how to find out the answer? I don't understand why you're refusing to do any work to find out the answer for yourself. I don't know what's going on in your server. YOU can find out by running it in debugging mode. I've said that until I'm sick of saying it, and still you refuse to follow simple instructions. Go away. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Simultaneous-User Questions
Hello, Thank you for your suggestions. However, no one has responded to why I don't see any debugging traffic coming from checkrad. Is it not being called? Murrah Boswell Alan DeKok wrote: > > WA Support <[EMAIL PROTECTED]> wrote: > > I will look at running freeradius in debug mode, but I would rather set > > debug flags in checkrad. > > Most of your questions about what happens, and when it happens, can > be answered by running the server in debugging mode, and reading the > output. > > > > Have you looked into using realms? > > > > I read this in the duplicate-users documentation: > > > > "Now, about now, many of you are thinking, "what about realms?" > > Well, realms are great, but, in general, it will require the end > > user to add "@domain.com", which is a pain. It means ISP A has to > > call 375 people and tell them to add that to their login name." > > > > and decided against realms, since I would have to notify a few thousand > > people. > > With the attr_rewrite module, it should be possible to have the > server re-write the usernames for them. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Simultaneous-User Questions
WA Support <[EMAIL PROTECTED]> wrote: > I will look at running freeradius in debug mode, but I would rather set > debug flags in checkrad. Most of your questions about what happens, and when it happens, can be answered by running the server in debugging mode, and reading the output. > > Have you looked into using realms? > > I read this in the duplicate-users documentation: > > "Now, about now, many of you are thinking, "what about realms?" > Well, realms are great, but, in general, it will require the end > user to add "@domain.com", which is a pain. It means ISP A has to > call 375 people and tell them to add that to their login name." > > and decided against realms, since I would have to notify a few thousand > people. With the attr_rewrite module, it should be possible to have the server re-write the usernames for them. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Simultaneous-User Questions
Hello, > Run the radius server in debugging mode (-x) and see what the NAS actually > sends to the server when a person tries to authenticate. That will show you > the data you can use in the users file to help determine where packets get > proxied. I believe the Called-Station-Id is sent only in accounting packets, > which is sent after successful authentication. > My understanding is that freeradius first checks radutemp and if it sees a user logged on with the same username as one attempting to log on, it calls checkrad to query the NAS. This from the documentation on Simultaneous-Use: "...Only when someone tries to login who _already_ has an active session according to the radutmp file, the server executes the perl script /usr/local/sbin/checkrad (or /usr/sbin/checkrad, it checks for the presence of both and in that order). This script queries the terminal server to see if the user indeed already has an active session." Now, it makes sense to me that this checking would be done before the authentication process, since it is the more efficient path. However, I am not familiar with the logic flow of freeradius, so I do not know this for certain. If it does check radutmp, and call checkrad when necessary, before authentication, then it has access to the Called-Station-Id, since this is available in the requesting packet from the new user. It also has access to the Called-Station-Id for all users currently logged on, since the NAS keeps record of this in a table. At least my NAS does, since this is how they know which modem bank to assign my customers to. So, I am fairly certain that both the username and Called-Station-Id are available when/if checkrad is called. Since this is written in perl, it would be the most logical place to start working on a fix; i.e., would require recompiles of radiusd.c. However, I can not see any traffic coming out of the checkrad script, it doesn't seem to be writing to checkrad.log. Does freeradius-0.7.1, in fact, call the perl script checkrad? I did find where checkrad is called from the session.c module, so I know that the thought is in the code, but it doesn't seem to get triggered. However, I also see in my radius.log that certain sessions are being flagged as 'Multiple logins,' so I know something is catching them, but I don't know what. Do you? I will look at running freeradius in debug mode, but I would rather set debug flags in checkrad. > Have you looked into using realms? I read this in the duplicate-users documentation: "Now, about now, many of you are thinking, "what about realms?" Well, realms are great, but, in general, it will require the end user to add "@domain.com", which is a pain. It means ISP A has to call 375 people and tell them to add that to their login name." and decided against realms, since I would have to notify a few thousand people. Thanks, Murrah Boswell > > Kevin Bonner > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: more Kerberos fun
Brian Johnson <[EMAIL PROTECTED]> wrote: > Here's the debugging info as requested. In my users file, I added: > > DEFAULT Auth-Type = Kerberos > Reply-Message = "Hello, Brian" Try 'Auth-Type := Kerberos', I think. > modcall[authorize]: module "files" returns notfound > modcall: group authorize returns ok > auth: No authenticate method (Auth-Type) configuration found for the request: >Rejecting the user Hmm... can you try this using the latest CVS version? I think there's a bugfix there which may help. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: How to get "dh_file" and "random_file"?
Random is not available for Solaris 8 expect as an add-on. Just an FYI. There is a way around it. Gene Parks VIP Direct -Original Message- From: Artur Hecker [mailto:hecker@;enst.fr] Sent: Wednesday, November 06, 2002 11:12 AM To: [EMAIL PROTECTED] Subject: Re: How to get "dh_file" and "random_file"? ok, thank you very much you probably already know my opinion: random: copy from the /dev/random dh: from the openssl distribution directories... ciao artur McKay, Raymond wrote: >>http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm > > >>raymond, did you add it? > > > >>ciao > > >>artur > > > I have put some blurbage in on the random and DH file but before I put > any full instruction set in, I would like to hear the general > consensus on generating those files. There seems to be numerous > methods of generating the files so for the sake of ease of use, it > might be a good idea to come up with a universally accepted method. > Suggestions anyone? -- Artur Hecker Groupe Accès et Mobilité hecker[at]enst[dot]fr Département Informatique et Réseaux +33 1 45 81 750746, rue Barrault 75634 Paris cedex 13 http://www.infres.enst.fr ENST Paris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to get "dh_file" and "random_file"?
ok, thank you very much you probably already know my opinion: random: copy from the /dev/random dh: from the openssl distribution directories... ciao artur McKay, Raymond wrote: http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm raymond, did you add it? ciao artur I have put some blurbage in on the random and DH file but before I put any full instruction set in, I would like to hear the general consensus on generating those files. There seems to be numerous methods of generating the files so for the sake of ease of use, it might be a good idea to come up with a universally accepted method. Suggestions anyone? -- Artur Hecker Groupe Accès et Mobilité hecker[at]enst[dot]fr Département Informatique et Réseaux +33 1 45 81 7507 46, rue Barrault 75634 Paris cedex 13 http://www.infres.enst.fr ENST Paris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: more Kerberos fun
On Tue, 5 Nov 2002, Alan DeKok wrote: > So run the server in debugging mode, as it suggests in the README, > the documention, and in the FAQ. > I'll start here with an apology to the list. This was inexcusable on my part. Thanks for going easy. Here's the debugging info as requested. In my users file, I added: DEFAULT Auth-Type = Kerberos Reply-Message = "Hello, Brian" to the top. clients.conf has the proper information for localhost, so I ran "radtest mbjohn [password] localhost 0 testing123". Below is what I got from debugging on the server. I'm not sure what's needed, and it's rather verbose using the -xx option, so for brevity, I'm just posting from the "Listening on IP address..." part. I'll be happy to provide anything before, if needed. Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp. Ready to process requests. Thread 1 waiting to be assigned a request Thread 2 waiting to be assigned a request Thread 3 waiting to be assigned a request Thread 4 waiting to be assigned a request Thread 5 waiting to be assigned a request rad_recv: Access-Request packet from host 127.0.0.1:1032, id=111, length=55 Thread 1 assigned request 0 --- Walking the entire request list --- Threads: total/active/spare threads = 5/1/4 Waking up in 5 seconds... Thread 1 handling request 0, (1 handled so far) User-Name = "mbjohn" User-Password = "(t\342uf\275H4\351_\350\321\023\224\230\367" NAS-IP-Address = 255.255.255.255 NAS-Port-Id = "0" modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_realm: Looking up realm NULL for User-Name = "mbjohn" rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop modcall[authorize]: module "files" returns notfound modcall: group authorize returns ok auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request Thread 1 waiting to be assigned a request rad_recv: Access-Request packet from host 127.0.0.1:1032, id=111, length=55 Sending Access-Reject of id 111 to 127.0.0.1:1032 --- Walking the entire request list --- Threads: total/active/spare threads = 5/0/5 Waking up in 3 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 111 with timestamp 3dc92509 Nothing to do. Sleeping until we see a request. MASTER: exit on signal (2) I then added the appropriate info for a remote client in clients.conf, ran "radtest mbjohn [password] 152.3.2.153 0 testing123" and got this debugging information from the server: Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp. Ready to process requests. Thread 3 waiting to be assigned a request Thread 4 waiting to be assigned a request Thread 5 waiting to be assigned a request rad_recv: Access-Request packet from host 152.16.0.183:1031, id=64, length=55 Thread 1 assigned request 0 --- Walking the entire request list --- Threads: total/active/spare threads = 5/1/4 Waking up in 5 seconds... Thread 1 handling request 0, (1 handled so far) User-Name = "mbjohn" User-Password = "'\322\220\221\356P\3505M\355\221\3104\305\316\355" NAS-IP-Address = 255.255.255.255 NAS-Port-Id = "0" modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_realm: Looking up realm NULL for User-Name = "mbjohn" rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop modcall[authorize]: module "files" returns notfound modcall: group authorize returns ok auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request Thread 1 waiting to be assigned a request rad_recv: Access-Request packet from host 152.16.0.183:1031, id=64, length=55 Sending Access-Reject of id 64 to 152.16.0.183:1031 --- Walking the entire request list --- Threads: total/active/spare threads = 5/0/5 Waking up in 3 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 64 with timestamp 3dc925b2 Nothing to do. Sleeping until we see a request. MASTER: exit on signal (2) And this is what I got on the client side (which is nearly identical to what I got on localhost, which is why it wasn't posted above. Imagine %s/152.3.2.153/127.0.0.1/g and %s/user-0-183.wireless.duke.edu/hythloth/g, if you will, everything else is identical): Sending Access-Request of id 195 to 152.3.2.153:1812 User-Name = "mbjohn" User-Password = "\212\215\033s\220\361]\237\267\2760pc\016\206" NAS-IP-Address = user-0-183.wireless.duke.edu NAS-Port-Id = "0" Re-sending Access-Request of id 195 to 152.3.2.153:1812 User-Name = "mbjohn" User-Password = "\212\215\033s\220\361]\237\267\2760pc\016\206"
RE: How to get "dh_file" and "random_file"?
> http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm > raymond, did you add it? > ciao > artur I have put some blurbage in on the random and DH file but before I put any full instruction set in, I would like to hear the general consensus on generating those files. There seems to be numerous methods of generating the files so for the sake of ease of use, it might be a good idea to come up with a universally accepted method. Suggestions anyone? Raymond McKay IT Manager / Network Administrator Funnybone Interactive Vivendi Universal Games - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to get "dh_file" and "random_file"?
it should be (added) in http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm raymond, did you add it? ciao artur James Xie wrote: > Hi, > In radius.conf file, two files(dh_file and random_file) are needed. Who can tell me >the usage of these two files and how to get these two files? > Thanks!.+-wèþ˱Êâmïî˱ÊâmäzmðÃëyêÚv+¬¢?+-þë®Èmml== -- Artur Hecker Groupe Acc¨¨s et Mobilit¨¦ hecker[at]enst[dot]fr D¨¦partement Informatique et R¨¦seaux +33 1 45 81 750746, rue Barrault 75634 Paris cedex 13 http://www.infres.enst.fr ENST Paris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: solaris/sparc & Forte
An RPM of what? Freeradius? Gene -Original Message- From: Peter Nixon [mailto:listuser@;peternixon.net] Sent: Tuesday, November 05, 2002 4:57 AM To: [EMAIL PROTECTED] Subject: Re: solaris/sparc & Forte On Mon, 4 Nov 2002 20:07:46 -0500 "Gene Parks" <[EMAIL PROTECTED]> wrote: > I had a similar problem when I ran make on my Solaris 8 box but I > decided to take another route. I installed SUSE 7.3 for SPARC and > everything is working great now. > > Gene Parks > VIP Direct Finally! Another SuSE user on the list! Any luck with getting an rpm build to work yet? -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: creating ldap module with Solaris 9.
Install openldap-2x and run the ./configure, make , make install. You do not have to use Openldap just need the libraries at compile time. We run it here with Iplanet 5.1 and everything works great. Gene Parks VIP Direct -Original Message- From: Randall Badilla [mailto:rbadilla@;cesa.co.cr] Sent: Tuesday, November 05, 2002 9:55 AM To: [EMAIL PROTECTED] Subject: creating ldap module with Solaris 9. Hi all: I have recently downloaded the 0.7.1 version of freeradius, to be used with a LDAP server built on solaris 9 with SunOne (netscape) directory server 5.X. My problem is with the call of libraries although I have ber_decode and other commands/headers on the ldap library -lldap, the configure of that module insist call -llber; can any body tell me if I can workaround this and how..? copying libraries and renaming??? Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ynt: margo wgyk
SADECE TÜRK KAÞARLAR VAR!!! DÜNYANIN EN SEKSÝ KIZLARINI CANLI SEYREDÝN! KARÞILIKLI CHAT YAPIN, WEBCAM DE ÝSTEDÝÐÝNÝZ HERÞEYÝ YAPSINLAR! SÝZ ÝSTEYÝN ONLAR SOYUNSUN! TÜRK KIZLARI-TÜRK KAÞARLARI-TÜRK ÜNV. KIZLARI-TÜRK EV KADINLARI VAR! YABANCI HATUN YOK! HEPSÝ SADECE AMA SADECE TÜRK HATUNLARI! VAKÝT KAYBETMEYÝN! Hiçbir yerde göremeyeceðiniz içerik Margo mekanda. http://www.margosex.com Ëbú?²æìr¸{û§²æìr¸y'Ûiÿü0ÁúÞz¶ë(®å˺ǫ²f
proxy.conf newbie question
Hello All, Is the Realm attribute set, if authhost/accthost = LOCAL in the proxy.conf file? -- Best regards, Alexey Chetroi --- Smile... Tomorrow will be worse. (c) Murphy's law - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to get "dh_file" and "random_file"?
Hi, In radius.conf file, two files(dh_file and random_file) are needed. Who can tell me the usage of these two files and how to get these two files? Thanks!.+-wèþ˱Êâmïî˱Êâmäzm§ÿðÃëyêÚv+¬¢¸?+-þë®Èm
Re: sql accounting and custom attributes
On Wed, Nov 06, 2002 at 09:15:30AM +0100, Thomas Jalsovsky wrote: > > > > doc/variables.txt mentions that you can use %{Attribute-Name}, > > > > but what if there are several attributes with the same name, > > > > eg Cisco-AVpair? > > > > > > The server doesn't handle that right now. > > > > > > > I just want to log ras-tx-speed and ras-rx-speed attributes > > > > from the cisco in sql table. Is there any trick? > > > > > > That's an even more difficult problem. You don't know the order of > > > the attributes, so you want to log Cisco-AVpair attributes which > > > contain certain values. > > > > > > Your best bet right now is to use some kind of external program to > > > do the work, or to write a module to pull the information you want out > > > of the attributes. > > > > Is it possible to rewrite attribute names eg in preprocess module, > > like cisco_vsa_hack. eg to convert from: > > > > Cisco-AVPair = "nas-rx-speed=31200" > > to > > nas-rx-speed=31200 > > This is not possible while there are many Cisco-AVPair AV-Pairs e.g. > Cisco-AVPair = "nas-rx-speed=31200" > Cisco-AVPair = "nas-tx-speed=31200" > preprocess doesn't know how to rewrite this to nas-rx-speed=31200 > The cisco_vsa_hack can rewrite only pairs with type: > h323-connect-time = "h323-connect-time=." > I know, that requires patches to source code, or another preprocess module. Perhaps I should move to developers list :) -- Best regards, Alexey Chetroi --- Smile... Tomorrow will be worse. (c) Murphy's law - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sql accounting and custom attributes
On Wed, 6 Nov 2002, Alexey Chetroi wrote: > On Tue, Nov 05, 2002 at 10:49:12AM -0500, Alan DeKok wrote: > > > doc/variables.txt mentions that you can use %{Attribute-Name}, > > > but what if there are several attributes with the same name, > > > eg Cisco-AVpair? > > > > The server doesn't handle that right now. > > > > > I just want to log ras-tx-speed and ras-rx-speed attributes > > > from the cisco in sql table. Is there any trick? > > > > That's an even more difficult problem. You don't know the order of > > the attributes, so you want to log Cisco-AVpair attributes which > > contain certain values. > > > > Your best bet right now is to use some kind of external program to > > do the work, or to write a module to pull the information you want out > > of the attributes. > > Is it possible to rewrite attribute names eg in preprocess module, > like cisco_vsa_hack. eg to convert from: > > Cisco-AVPair = "nas-rx-speed=31200" > to > nas-rx-speed=31200 This is not possible while there are many Cisco-AVPair AV-Pairs e.g. Cisco-AVPair = "nas-rx-speed=31200" Cisco-AVPair = "nas-tx-speed=31200" preprocess doesn't know how to rewrite this to nas-rx-speed=31200 The cisco_vsa_hack can rewrite only pairs with type: h323-connect-time = "h323-connect-time=." Thomas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sql accounting and custom attributes
On Tue, Nov 05, 2002 at 10:49:12AM -0500, Alan DeKok wrote: > > doc/variables.txt mentions that you can use %{Attribute-Name}, > > but what if there are several attributes with the same name, > > eg Cisco-AVpair? > > The server doesn't handle that right now. > > > I just want to log ras-tx-speed and ras-rx-speed attributes > > from the cisco in sql table. Is there any trick? > > That's an even more difficult problem. You don't know the order of > the attributes, so you want to log Cisco-AVpair attributes which > contain certain values. > > Your best bet right now is to use some kind of external program to > do the work, or to write a module to pull the information you want out > of the attributes. Is it possible to rewrite attribute names eg in preprocess module, like cisco_vsa_hack. eg to convert from: Cisco-AVPair = "nas-rx-speed=31200" to nas-rx-speed=31200 -- Best regards, Alexey Chetroi --- Smile... Tomorrow will be worse. (c) Murphy's law - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html