RE: Freeradius-Users digest, Vol 1 #1300 - 1 msg

2002-11-27 Thread Chhai Thach 
Dialup_admin comes with freeradius. You should find in the freeradius
install folder after you decompressed it. 

- Chhai


-Original Message-
From: Iq [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, 28 November 2002 5:23 PM
To: [EMAIL PROTECTED]
Subject: Re: Freeradius-Users digest, Vol 1 #1300 - 1 msg

Hi,
what is this dial-up admin and where do i get it from 
 
> Use dialup_admin to view usage. You can find the sql queries in the =
> source code
> 
regards,

Iqtadar Raja


- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius-Users digest, Vol 1 #1300 - 1 msg

2002-11-27 Thread Iq 
Hi,
what is this dial-up admin and where do i get it from 
 
> Use dialup_admin to view usage. You can find the sql queries in the =
> source code
> 
regards,

Iqtadar Raja


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius-Users digest, Vol 1 #1301 - 2 msgs

2002-11-27 Thread Iq 
Hi Alan,
   Check out these two websites and follow the instructions
U don need to compile FR with mysql options..u can instal
freeradius...install mysql..make sure its working..change sql.conf and
radiusd.conf.
http://www.ccs.neu.edu/home/peterm/freeradiusbuild.html
http://www.frontios.com/freeradius.html

If you have any questions or comments, kindly do not hesitate to contact us
at Golden IT.

kind regards,

 Internet Services Administrator
Golden IT
Ph:  +61 (3) 97052511
Fax: +61 (3) 97052544
Email: [EMAIL PROTECTED]
Web: www.goldenit.net.au


-
Please advise the originator by telephone (03)9705 2511 in the event that
this transmission is incomplete.
IF THIS EMAIL HAS BEEN SENT TO YOU BY MISTAKE: please call (03) 9705 2511
and destroy it immediately. This email may contain Information which is
confidential or which is subject to legal professional privilege. You must
not use this email or the Information in it. Any confidentiality or
privilege is not waived or lost because this email has been sent to you by
mistake.


- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, November 28, 2002 4:47 PM
Subject: Freeradius-Users digest, Vol 1 #1301 - 2 msgs


> Send Freeradius-Users mailing list submissions to
> [EMAIL PROTECTED]
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.cistron.nl/mailman/listinfo/freeradius-users
> or, via email, send a message with subject or body 'help' to
> [EMAIL PROTECTED]
>
> You can reach the person managing the list at
> [EMAIL PROTECTED]
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Users digest..."
>
>
> Today's Topics:
>
>1. help (Jerry)
>2. Re: Linux+freeradius+mysql (Alan Wong)
>
> --__--__--
>
> Message: 1
> From: "Jerry" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Subject: help
> Date: Thu, 28 Nov 2002 13:33:31 +0800
> Reply-To: [EMAIL PROTECTED]
>
>
>
>
> --__--__--
>
> Message: 2
> From: "Alan Wong" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Subject: Re: Linux+freeradius+mysql
> Date: Thu, 28 Nov 2002 16:47:16 +1100
> Reply-To: [EMAIL PROTECTED]
>
> Dear Iq,
>
> Im trying to get freeradius to work with mysql and having problems. Can
you
> tell me what ./configure options you used to configure it? Cause Im using
> ./configure --sysconfdir=/etc --with-mysql-lib-dir=/usr/lib/mysql. Its
> giving me this error
>
>
> rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found
> rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the
> search path of your system's ld.
> radiusd.conf[14]: sql: Module instantiation failed.
>
> Just wondering what configure options you used.
>
> Thanks in advance.
>
> From: "Iq" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, November 28, 2002 3:59 PM
> Subject: Linux+freeradius+mysql
>
>
> > Hi everyone,
> >tried freeradius with mysql, got it working but how
do
> I
> > get usage details out of radacct table. Is there a query provided
> anywhere.
> > I made two sessions and got both of them in radacct.
> > Bellow is a copy of  what I got in radacct
> >
> >
> > mysql> select * from radacct where Username='iraja';
> >
>
+---+---+--+--+---+-
>
> -+---+-+-+-+--
> --
>
> -+---+---+---+
> --
>
> ---+--+-+--+--
> --
>
> +-++-+
> --
> > --+---+
> > | RadAcctId | AcctSessionId | AcctUniqueId | UserName | Realm |
> NASIPAddress
> > | NASPortId | NASPortType | AcctStartTime   | AcctStopTime|
> > AcctSessionTime | AcctAuthentic | ConnectInfo_start | ConnectInfo_stop
|
> > AcctInputOctets | AcctOutputOctets | CalledStationId | CallingStationId
|
> > AcctTerminateCause | ServiceType | FramedProtocol | FramedIPAddress |
> > AcctStartDelay | AcctStopDelay |
> >
>
+---+---+--+--+---+-
>
> -+---+-+-+-+--
> --
>
> -+---+---+---+
> --
>
> ---+--+-+--+--
> --
>
> +-++-+
> --
> > --+---+
> > | 2 | 7100034B  |  | iraja|   |
> 203.14.183.2
> > |12 | Async   | 2002-11-26 22:27:39 | 2002-11-26 22:29:08 |
> > 89 | RADIUS| 38666 LAPM/V42BIS | 24000 LAPM/V42BIS |
> 1399
> > | 1064 | 87966000|  | User-Request

Re: Linux+freeradius+mysql

2002-11-27 Thread Alan Wong 
Dear Iq,

Im trying to get freeradius to work with mysql and having problems. Can you
tell me what ./configure options you used to configure it? Cause Im using
./configure --sysconfdir=/etc --with-mysql-lib-dir=/usr/lib/mysql. Its
giving me this error


rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found
rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the
search path of your system's ld.
radiusd.conf[14]: sql: Module instantiation failed.

Just wondering what configure options you used.

Thanks in advance.

From: "Iq" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, November 28, 2002 3:59 PM
Subject: Linux+freeradius+mysql


> Hi everyone,
>tried freeradius with mysql, got it working but how do
I
> get usage details out of radacct table. Is there a query provided
anywhere.
> I made two sessions and got both of them in radacct.
> Bellow is a copy of  what I got in radacct
>
>
> mysql> select * from radacct where Username='iraja';
>
+---+---+--+--+---+-
> -+---+-+-+-+--
--
> -+---+---+---+
--
> ---+--+-+--+--
--
> +-++-+
--
> --+---+
> | RadAcctId | AcctSessionId | AcctUniqueId | UserName | Realm |
NASIPAddress
> | NASPortId | NASPortType | AcctStartTime   | AcctStopTime|
> AcctSessionTime | AcctAuthentic | ConnectInfo_start | ConnectInfo_stop  |
> AcctInputOctets | AcctOutputOctets | CalledStationId | CallingStationId |
> AcctTerminateCause | ServiceType | FramedProtocol | FramedIPAddress |
> AcctStartDelay | AcctStopDelay |
>
+---+---+--+--+---+-
> -+---+-+-+-+--
--
> -+---+---+---+
--
> ---+--+-+--+--
--
> +-++-+
--
> --+---+
> | 2 | 7100034B  |  | iraja|   |
203.14.183.2
> |12 | Async   | 2002-11-26 22:27:39 | 2002-11-26 22:29:08 |
> 89 | RADIUS| 38666 LAPM/V42BIS | 24000 LAPM/V42BIS |
1399
> | 1064 | 87966000|  | User-Request
> | Framed-User | PPP| 203.14.193.11  |  0 |
> 0 |
> | 4 | 7100034C  |  | iraja|   |
203.14.183.2
> |11 | Async   | 2002-11-26 22:30:46 | 2002-11-26 22:36:12 |
> 326 | RADIUS| 52000 LAPM/V42BIS | 52000 LAPM/V42BIS |
> 159179 |  1355687 | 87966000|  |
> User-Request   | Framed-User | PPP| 203.14.193.12   |
> 0 | 0 |
>
+---+---+--+--+---+-
> -+---+-+-+-+--
--
> -+---+---+---+
--
> ---+--+-+--+--
--
> +-++-+
--
> --+---+
> 2 rows in set (0.00 sec)
>
> mysql>
>
>
> If you have any questions or comments, kindly do not hesitate to contact
us
> at Golden IT.
>
> kind regards,
>
>  Internet Services Administrator
> Golden IT
> Ph:  +61 (3) 97052511
> Fax: +61 (3) 97052544
> Email: [EMAIL PROTECTED]
> Web: www.goldenit.net.au
>
> --
--
> -
> Please advise the originator by telephone (03)9705 2511 in the event that
> this transmission is incomplete.
> IF THIS EMAIL HAS BEEN SENT TO YOU BY MISTAKE: please call (03) 9705 2511
> and destroy it immediately. This email may contain Information which is
> confidential or which is subject to legal professional privilege. You must
> not use this email or the Information in it. Any confidentiality or
> privilege is not waived or lost because this email has been sent to you by
> mistake.
>
>
> - Original Message -
> From: <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, November 28, 2002 2:30 PM
> Subject: Freeradius-Users digest, Vol 1 #1298 - 10 msgs
>
>
> > Send Freeradius-Users mailing list submissions to
> > [EMAIL PROTECTED]
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> > http://lists.cistron.nl/mailman/listinfo/freeradius-users
> > or, via email, send a message with subject or body 'help' to
> > [EMAIL PROTECTED]
> >
> > You can reach the person managing the list at
> > [EMAIL PROTECTED]
> >
> > When replying, please edit your Subject line so it is mor

help

2002-11-27 Thread Jerry 
.+-Šwèþ˛±ÊâmïîžË›±Êâmäžzm§ÿðÃëyêÚv+¬¢¸?–+-þë®Èmš

RE: Linux+freeradius+mysql

2002-11-27 Thread Chhai Thach 
Use dialup_admin to view usage. You can find the sql queries in the source code

Chhai


-Original Message-
From: Iq [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, 28 November 2002 3:29 PM
To: [EMAIL PROTECTED]
Subject: Linux+freeradius+mysql

Hi everyone,
   tried freeradius with mysql, got it working but how do I
get usage details out of radacct table. Is there a query provided anywhere.
I made two sessions and got both of them in radacct.
Bellow is a copy of  what I got in radacct


mysql> select * from radacct where Username='iraja';
+---+---+--+--+---+-
-+---+-+-+-+
-+---+---+---+--
---+--+-+--+
+-++-+--
--+---+
| RadAcctId | AcctSessionId | AcctUniqueId | UserName | Realm | NASIPAddress
| NASPortId | NASPortType | AcctStartTime   | AcctStopTime|
AcctSessionTime | AcctAuthentic | ConnectInfo_start | ConnectInfo_stop  |
AcctInputOctets | AcctOutputOctets | CalledStationId | CallingStationId |
AcctTerminateCause | ServiceType | FramedProtocol | FramedIPAddress |
AcctStartDelay | AcctStopDelay |
+---+---+--+--+---+-
-+---+-+-+-+
-+---+---+---+--
---+--+-+--+
+-++-+--
--+---+
| 2 | 7100034B  |  | iraja|   | 203.14.183.2
|12 | Async   | 2002-11-26 22:27:39 | 2002-11-26 22:29:08 |
89 | RADIUS| 38666 LAPM/V42BIS | 24000 LAPM/V42BIS |1399
| 1064 | 87966000|  | User-Request
| Framed-User | PPP| 203.14.193.11  |  0 |
0 |
| 4 | 7100034C  |  | iraja|   | 203.14.183.2
|11 | Async   | 2002-11-26 22:30:46 | 2002-11-26 22:36:12 |
326 | RADIUS| 52000 LAPM/V42BIS | 52000 LAPM/V42BIS |
159179 |  1355687 | 87966000|  |
User-Request   | Framed-User | PPP| 203.14.193.12   |
0 | 0 |
+---+---+--+--+---+-
-+---+-+-+-+
-+---+---+---+--
---+--+-+--+
+-++-+--
--+---+
2 rows in set (0.00 sec)

mysql>


If you have any questions or comments, kindly do not hesitate to contact us
at Golden IT.

kind regards,

 Internet Services Administrator
Golden IT
Ph:  +61 (3) 97052511
Fax: +61 (3) 97052544
Email: [EMAIL PROTECTED]
Web: www.goldenit.net.au


-
Please advise the originator by telephone (03)9705 2511 in the event that
this transmission is incomplete.
IF THIS EMAIL HAS BEEN SENT TO YOU BY MISTAKE: please call (03) 9705 2511
and destroy it immediately. This email may contain Information which is
confidential or which is subject to legal professional privilege. You must
not use this email or the Information in it. Any confidentiality or
privilege is not waived or lost because this email has been sent to you by
mistake.


- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, November 28, 2002 2:30 PM
Subject: Freeradius-Users digest, Vol 1 #1298 - 10 msgs


> Send Freeradius-Users mailing list submissions to
> [EMAIL PROTECTED]
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.cistron.nl/mailman/listinfo/freeradius-users
> or, via email, send a message with subject or body 'help' to
> [EMAIL PROTECTED]
>
> You can reach the person managing the list at
> [EMAIL PROTECTED]
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Users digest..."
>
>
> Today's Topics:
>
>1. RE: Re: FreeRadius 0.8, Oracle 8.1.7. Problem with CPU load
(Novoselsky Alexander)
>2. Re: User Configuartion Help and Interesting Scenario (Alan Wong)
>3. Re: EAP/TLS testing: SSL_set_my_callback (Artur Hecker)
>4. Re: SSL_read Error: EAP-TLS (Artur Hecker)
>5. RE: use freeradius to clear line (Chhai  Thach)
>6. RE: use freeradius to clear line (Chhai  Thach)
>7. Please Confirm Your $10,000 Entries! ([EMAIL PROTECTED])
>8. Recommend-It: PLS REPLY to CONFIRM
[[EMAIL PROTECTED]/6

Linux+freeradius+mysql

2002-11-27 Thread Iq 
Hi everyone,
   tried freeradius with mysql, got it working but how do I
get usage details out of radacct table. Is there a query provided anywhere.
I made two sessions and got both of them in radacct.
Bellow is a copy of  what I got in radacct


mysql> select * from radacct where Username='iraja';
+---+---+--+--+---+-
-+---+-+-+-+
-+---+---+---+--
---+--+-+--+
+-++-+--
--+---+
| RadAcctId | AcctSessionId | AcctUniqueId | UserName | Realm | NASIPAddress
| NASPortId | NASPortType | AcctStartTime   | AcctStopTime|
AcctSessionTime | AcctAuthentic | ConnectInfo_start | ConnectInfo_stop  |
AcctInputOctets | AcctOutputOctets | CalledStationId | CallingStationId |
AcctTerminateCause | ServiceType | FramedProtocol | FramedIPAddress |
AcctStartDelay | AcctStopDelay |
+---+---+--+--+---+-
-+---+-+-+-+
-+---+---+---+--
---+--+-+--+
+-++-+--
--+---+
| 2 | 7100034B  |  | iraja|   | 203.14.183.2
|12 | Async   | 2002-11-26 22:27:39 | 2002-11-26 22:29:08 |
89 | RADIUS| 38666 LAPM/V42BIS | 24000 LAPM/V42BIS |1399
| 1064 | 87966000|  | User-Request
| Framed-User | PPP| 203.14.193.11  |  0 |
0 |
| 4 | 7100034C  |  | iraja|   | 203.14.183.2
|11 | Async   | 2002-11-26 22:30:46 | 2002-11-26 22:36:12 |
326 | RADIUS| 52000 LAPM/V42BIS | 52000 LAPM/V42BIS |
159179 |  1355687 | 87966000|  |
User-Request   | Framed-User | PPP| 203.14.193.12   |
0 | 0 |
+---+---+--+--+---+-
-+---+-+-+-+
-+---+---+---+--
---+--+-+--+
+-++-+--
--+---+
2 rows in set (0.00 sec)

mysql>


If you have any questions or comments, kindly do not hesitate to contact us
at Golden IT.

kind regards,

 Internet Services Administrator
Golden IT
Ph:  +61 (3) 97052511
Fax: +61 (3) 97052544
Email: [EMAIL PROTECTED]
Web: www.goldenit.net.au


-
Please advise the originator by telephone (03)9705 2511 in the event that
this transmission is incomplete.
IF THIS EMAIL HAS BEEN SENT TO YOU BY MISTAKE: please call (03) 9705 2511
and destroy it immediately. This email may contain Information which is
confidential or which is subject to legal professional privilege. You must
not use this email or the Information in it. Any confidentiality or
privilege is not waived or lost because this email has been sent to you by
mistake.


- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, November 28, 2002 2:30 PM
Subject: Freeradius-Users digest, Vol 1 #1298 - 10 msgs


> Send Freeradius-Users mailing list submissions to
> [EMAIL PROTECTED]
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.cistron.nl/mailman/listinfo/freeradius-users
> or, via email, send a message with subject or body 'help' to
> [EMAIL PROTECTED]
>
> You can reach the person managing the list at
> [EMAIL PROTECTED]
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Users digest..."
>
>
> Today's Topics:
>
>1. RE: Re: FreeRadius 0.8, Oracle 8.1.7. Problem with CPU load
(Novoselsky Alexander)
>2. Re: User Configuartion Help and Interesting Scenario (Alan Wong)
>3. Re: EAP/TLS testing: SSL_set_my_callback (Artur Hecker)
>4. Re: SSL_read Error: EAP-TLS (Artur Hecker)
>5. RE: use freeradius to clear line (Chhai  Thach)
>6. RE: use freeradius to clear line (Chhai  Thach)
>7. Please Confirm Your $10,000 Entries! ([EMAIL PROTECTED])
>8. Recommend-It: PLS REPLY to CONFIRM
[[EMAIL PROTECTED]/6947] (Recommend-It Confirmation Bot)
>9. Can I do eap/tls use 2 wire NIC and cisco 2950? (Huter.Liu)
>   10. Re: Recommend-It: PLS REPLY to CONFIRM
[[EMAIL PROTECTED]/6947] ([EMAIL PROTECTED])
>
> --__--__--
>
> Message: 1
> From: Novoselsky Ale

rlm_sqlcounter

2002-11-27 Thread Peter Santiago 
how do I include rlm_sqlcounter in the compilation? Thanks

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Recommend-It: PLS REPLY to CONFIRM [freeradius-users@lists.cistron.nl/6947]

2002-11-27 Thread jmartz 

> CONFIRMATION OF RECOMMEND-IT SUBSCRIPTION REQUEST IS REQUIRED!
> 
> We have just received a subscription request to add you to the
> free lists run by Recommend-It. You must confirm your subscription to 
> join these lists by following the simple instructions below.
> 
> INSTRUCTIONS:
> 
> In order to activate your subscription(s), you MUST send us an email 
> by replying to this message to verify your email address! It is very easy:
> simply hit the "Reply" button to this email, leave the confirmation code 
> in the "Subject:" and click to "Send."
> 
> Alternatively, you can also confirm via the web:
> 
> http://www.ric2.com/pmdconfirm.jsp?E=freeradius-users%40lists.cistron.nl&T=6947
> 
> If asked, your codes are   E: [EMAIL PROTECTED] and T: 6947
> 
> This is just to verify your email address and to make sure no one is trying
> to subscribe you without your permission. If this subscription request is
> in error, do nothing, you will NOT receive any mail from us.
> 
> We NEVER spam, and this email is to validate the subscription request we
> received via the Recommend-It web site. There is a possibility that someone
> may have attempted to sign you up maliciously; in which case ignore this
> email. Again, we do not harvest or send unsolicited email of any sort, nor
> do we wish to do that.
> 
> Finally, let us remind you again: to confirm your subscription, "Reply" to this
> message, leaving the code in the subject line, and click on "Send".
> 
> 
> Recommend-It lists requested:
> 
> Recommend-It/Dating.list
> Recommend-It/Entertainment_Ezine.list
> Recommend-It/HUMOR.list
> Recommend-It/Recommend-It_Megazine.list
> 
> 
> 
> 
> ** [EMAIL PROTECTED]
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Can I do eap/tls use 2 wire NIC and cisco 2950?

2002-11-27 Thread Huter.Liu 
hi,everyone!
I know 802.1x support both wireless and wire network authentication,but I 
found nobody use 802.1x do wire network authentication,why?I don't know.Now I'd to do 
such a trick,I must show somebody how cisco 2950 support 802.1x authentication,I want 
use freeradius and xsupplicant,just use one laptop with two wire NIC(one embedded and 
one PCMCIA,I can't found any document about xsupplicant,can you tell me xsupplicant 
support wire NIC do EAP/TLS authentication or not? 

Best Regards
Yours
Huter.Liu
[EMAIL PROTECTED]



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Recommend-It: PLS REPLY to CONFIRM [freeradius-users@lists.cistron.nl/6947]

2002-11-27 Thread Recommend-It Confirmation Bot 
CONFIRMATION OF RECOMMEND-IT SUBSCRIPTION REQUEST IS REQUIRED!

We have just received a subscription request to add you to the
free lists run by Recommend-It. You must confirm your subscription to 
join these lists by following the simple instructions below.

INSTRUCTIONS:

In order to activate your subscription(s), you MUST send us an email 
by replying to this message to verify your email address! It is very easy:
simply hit the "Reply" button to this email, leave the confirmation code 
in the "Subject:" and click to "Send."

Alternatively, you can also confirm via the web:

http://www.ric2.com/pmdconfirm.jsp?E=freeradius-users%40lists.cistron.nl&T=6947

If asked, your codes are   E: [EMAIL PROTECTED] and T: 6947

This is just to verify your email address and to make sure no one is trying
to subscribe you without your permission. If this subscription request is
in error, do nothing, you will NOT receive any mail from us.

We NEVER spam, and this email is to validate the subscription request we
received via the Recommend-It web site. There is a possibility that someone
may have attempted to sign you up maliciously; in which case ignore this
email. Again, we do not harvest or send unsolicited email of any sort, nor
do we wish to do that.

Finally, let us remind you again: to confirm your subscription, "Reply" to this
message, leaving the code in the subject line, and click on "Send".


Recommend-It lists requested:

Recommend-It/Dating.list
Recommend-It/Entertainment_Ezine.list
Recommend-It/HUMOR.list
Recommend-It/Recommend-It_Megazine.list




** [EMAIL PROTECTED]











- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Please Confirm Your $10,000 Entries!

2002-11-27 Thread contest 
Please confirm the following contest entries by 
clicking the link below:

Recommend-It Spread the Word and Win $10,000 
Sweepstakes (5 Entries) Sony DVD Player Giveaway (5 Entries)

Your confirmation link is:

http://ric1.com/irec.e?228469CB76F

Your confirmation page will also show you how 
you can earn additional contest entries by visiting 
great Recommend-It websites!

Don't want to hear about other contests and 
promotions? Visit the link above and uncheck the 
notification box.

---
Recommend-It, iRecommend-It and Spread the Word 
and Win are trademarks of Digital Demographics, Inc. 
All contest entries are subject to applicable 
contest rules. Visit http://iRecommend-it.com/ for more details.



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: use freeradius to clear line

2002-11-27 Thread Chhai Thach 
Radzap doesn't seem to work for me either. I have two users stuck in FR
but they have disconnected from NAS a long time ago. 

-Chhai

-Original Message-
From: Vitaliy Karlov [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, 28 November 2002 1:51 AM
To: [EMAIL PROTECTED]
Subject: Re: use freeradius to clear line

On Wed, Nov 27, 2002 at 10:10:33AM -0500, Alan DeKok wrote:
> "Chhai  Thach" <[EMAIL PROTECTED]> wrote:
> > Is there a way to manually disconnect the user using freeradius
instead
> > of NAS?
> 
>   Did you bother reading the FAQ?

May be I wrong, but in FR-0.8 radzap is broken!

I yourself want delete user from line, but nothing more, then log-entry:
in radius.log "Error: No clients entry for localhost", did not recieve
:(
In client and  clients.conf I have records for localhost!

Any suggestion?

PS. Now I use radzap from FR-0.7...

-- 
WBR, Vitaliy Karlov [KV1670-RIPE]

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: use freeradius to clear line

2002-11-27 Thread Chhai Thach 
Thanks Alan!

I read the FAQ once before and I remembered that freeradius could kick
users but I forgot that it was in the FAQ if that make sense at all!

Chhai

-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, 28 November 2002 1:41 AM
To: [EMAIL PROTECTED]
Subject: Re: use freeradius to clear line 

"Chhai  Thach" <[EMAIL PROTECTED]> wrote:
> Is there a way to manually disconnect the user using freeradius
instead
> of NAS?

  Did you bother reading the FAQ?

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: SSL_read Error: EAP-TLS

2002-11-27 Thread Artur Hecker 

ah, that's a good one


Nikhil Chauhan wrote:
> 
> I generated the certificates as per the HOWTO
> by Raymond MacKay. I get a SSL_read Error (Please
> see the attached radius server log).



> TLS_accept:error in SSLv3 read client certificate A
> rlm_eap_tls: SSL_read Error
>  Error code is . 2
>  SSL Error . 2
>   modcall[authenticate]: module "eap" returns ok
> modcall: group authenticate returns ok

you are talking about that one right?

there is to say, i've been having this error ever since (v0.5) and it
seems to work but i would indeed like to know what it actually is...

anybody an idea? some openssl expert?


ciao
artur



-- 
Artur Hecker
artur[at]hecker.info

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: EAP/TLS testing: SSL_set_my_callback

2002-11-27 Thread Artur Hecker 


you don't need x99 token.

go in the src/modules directory, locate the "stable" file and throw it
out of the list.

ciao
artur



Nikhil Chauhan wrote:
> 
> Hi Artur:
> 
> Thanks for your suggestions. I heartly appreciate
> them.
> 
> The problem with SSL_set_msg_callback seems to be
> fixed now. I installed the latest Beta version of the
> openssl and /usr/local/lib/ldd rlm_eap_tls-0.7-pre.so
> seems to give me libraries from this version of
> openssl. I tried again with FreeRADIUS-0.7 and I get a
> segmentation fault when it tries to process the TLS
> request: (NOTE: PLEASE READ BELOW THE FOLLOWING LOG AS
> WELL)
> 
> 
> Listening on IP address *, ports 1812/udp and
> 1813/udp, with proxy on 1814/udp.
> Ready to process requests.
> rad_recv: Access-Request packet from host
> 192.168.11.20:1047, id=23, length=122
> User-Name = "adam-ctl"
> NAS-IP-Address = 192.168.11.20
> Called-Station-Id = "004096577e54"
> Calling-Station-Id = "00080997"
> NAS-Identifier = "AP350"
> NAS-Port = 29
> Framed-MTU = 1400
> NAS-Port-Type = Wireless-802.11
> EAP-Message = "\002\035\000\r\001adam-ctl"
> Message-Authenticator =
> 0x09cf6a42badba94b8978e30247cdd626
> modcall: entering group authorize
>   modcall[authorize]: module "preprocess" returns ok
>   modcall[authorize]: module "eap" returns updated
> rlm_realm: Looking up realm NULL for User-Name =
> "adam-ctl"
> rlm_realm: No such realm NULL
>   modcall[authorize]: module "suffix" returns noop
> users: Matched adam-ctl at 97
>   modcall[authorize]: module "files" returns ok
> modcall: group authorize returns updated
>   rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> modcall: entering group authenticate
> rlm_eap: processing type tls
> Segmentation fault
> ==
> 
> I understand that there are a lot of bug-fixes within
> FreeRadius 0.8 release and I should UPGRADE to the
> same level. I tried to install freeradius-0.8 and it
> gives me a parse error in unistd.h
> ===
> gmake[6]: Entering directory
> `/tmp/freeradius-0.8/src/modules/rlm_unix'
> /tmp/freeradius-0.8/libtool --mode=link
> ld \
> -module -static  -g -O2 -D_REENTRANT
> -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -g
> -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align
> -Wwrite-strings -Wstrict-prototypes
> -Wmissing-prototypes -Wmissing-declarations
> -Wnested-externs -I../../include  rlm_unix.o cache.o
> compat.o -o rlm_unix.a
> ar cru rlm_unix.a rlm_unix.o cache.o compat.o
> ranlib rlm_unix.a
> gmake[6]: Leaving directory
> `/tmp/freeradius-snapshot-20021122/src/modules/rlm_unix'
> Making static dynamic in rlm_x99_token...
> gmake[6]: Entering directory
> `/tmp/freeradius-snapshot-20021122/src/modules/rlm_x99_token'
> gcc  -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS
> -Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith
> -Wcast-qual -Wcast-align -Wwrite-strings
> -Wstrict-prototypes -Wmissing-prototypes
> -Wmissing-declarations -Wnested-externs
> -I../../include -DX99_MODULE_NAME=\"rlm_x99_token\"
> -DFREERADIUS -c x99_site.c -o x99_site.o
> In file included from ../../include/radiusd.h:19,
>  from x99_rad.h:25,
>  from x99.h:201,
>  from x99_site.c:37:
> /usr/include/unistd.h:945: parse error before `('
> /usr/include/unistd.h:945: parse error before
> `__const'
> gmake[6]: *** [x99_site.o] Error 1
> gmake[6]: Leaving directory
> `/tmp/freeradius-0.8/src/modules/rlm_x99_token'
> gmake[5]: *** [common] Error 1
> gmake[5]: Leaving directory
> `/tmp/freeradius-0.8/src/modules'
> gmake[4]: *** [all] Error 2
> gmake[4]: Leaving directory
> `/tmp/freeradius-0.8/src/modules'
> gmake[3]: *** [common] Error 1
> gmake[3]: Leaving directory
> `/tmp/freeradius-0.8/src'
> gmake[2]: *** [all] Error 2
> gmake[2]: Leaving directory
> `/tmp/freeradius-0.8/src'
> gmake[1]: *** [common] Error 1
> gmake[1]: Leaving directory
> `/tmp/freeradius-0.8'
> make: *** [all] Error 2
> =
> 
> --- Artur Hecker <[EMAIL PROTECTED]> wrote:
> > nikhil:
> >
> >
> > as i already said to you:
> > - upgrade to the newest version, why do you still
> > use the 0.7.1?
> > - assure that the "old" openssl is not involved into
> > the compilation
> >
> > your problem is evidently that the rlm_eap_tls used
> > by freeradius is
> > compiled to use the old openssl OR it uses this for
> > unclear reasons.
> > resolve it, don't wait for _the_ solution, simply
> > try, play with your
> > settings (after having upgraded), with your gcc
> > config, your system
> > config, etc.
> >
> > the old lib doesn't have this function, only the new
> > beta versions have
> > (for as far as i know). yours evidently don't.
> > upgrade & recompile it.
> >
> > i'm sorry but it's a little bit hard to see what the
> > exact

Re: User Configuartion Help and Interesting Scenario

2002-11-27 Thread Alan Wong 
Dear all,

Sorry for the badly worded question which has caused a big confusion. I
think I should explain the problem at hand instead of asking bits and
pieces. I want to be able to use an authenication server which will receive
a request. This request asks the authentication server to dynamically add
the user and also generate a one time password. Then after the user is
authenticated with that password it will be deleted.

Therefore the question is, are there add on modules that can dynamically add
a user and generate a one time password?

But now that the only way to dynamically add a user is through a database
(we do not want to even restart the auth server) therefore the main question
is is there a module to generate a one time password (and also be able to
delete the user after the password has been used?)

Sorry for the confusion caused.

THanks in advance,
Alan

>From: Chris Brotsos <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: [EMAIL PROTECTED]
>Subject: Re: User Configuartion Help and Interesting Scenario
>Date: Wed, 27 Nov 2002 07:39:13 -0600
>
>Alan,
>
>At 11:38 PM 11/27/2002 +1100, you wrote:
>>Dear all,
>>
>>I have just installed radius 0.8 on my redhat 7.2 box. Being a total
>>newbie I just wanted to know two things...
>>
>>1) Firstly how do I add new users and then without restarting make radius
>>reread the users file? Is there a configuration switch to allow me to do
>>that? If it isnt possible, can i set up a database and do it that way? I
>>just need to know how to dynamically add new users without restarting the
>>radius server.
>
>Yes, you will need to use a database.
>
>
>>2) Is it possible for radius to also send back a string (password) back to
>>the client instead of just accept-accept. Or will I have to set up another
>>machine or program to do that?
>
>I am a little unsure of what you mean here, but I think you are referring
>to the use of a Reply-Message attribute that can be added to the user's
>profile to send back a string with your Access-Accept packet.
>
>Chris
>
>
>
>- List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html


_
The new MSN 8: smart spam protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Re: FreeRadius 0.8, Oracle 8.1.7. Problem with CPU load

2002-11-27 Thread Novoselsky Alexander 
Title: RE: Re: FreeRadius 0.8, Oracle 8.1.7. Problem with CPU load





> -Original Message-
> From: Chris Parker [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, November 26, 2002 7:47 PM
> To: [EMAIL PROTECTED]
> 
> > > Maybe they cache the responses from Oracle.  Look at the  queries they  do to Oracle, to see what's going on.
> >May be. But OpenRADIUS and Navis Radius use simple SQL queries: "SELECT password FROM users WHERE username = ?".
> >It seems to me, in FreeRadius 0.8 SQL query is not configurable parameter. 
> >But FreeRadius 0.7.1 used almost the same SQL query (it was in file sql.conf).
> 
> Nope, you can edit the queries in 'sql.conf' for all versions of FreeRADIUS.
> Try editing it and see what it does to the performance.  A simpler
> query ( assuming properly indexed tables, etc ) should return faster.


Thank you for advice, Chris.


I tried to leave in file 'sql.conf' only 1 line with SELECT:
authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM ${authcheck_table} WHERE Username = '%{SQL-User-Name}' ORDER BY id"

It improved results: instead of 25-30% CPU load, now works with Oracle takes 15-20% CPU load.


May be, source of my problem was so. I filled only table 'radcheck', but left in file 'sql.conf' all SQL queries, which tried to search in empty tables.

Best regards,
Alexander Novoselsky, Programmer
E-mail:     [EMAIL PROTECTED]

Re: LDAP bind problem

2002-11-27 Thread Samuel T Patterson 
>   Let me guess.  When using '-s' you're running as 'root'.  You've
> also got the 'user' and 'group' entries in radiusd.conf set to
> 'nobody'.

Nope, it actually is running as nobody in "-s" mode. I tried running with
the user and group commented out letting it run as root in both modes: no
change in behavior.

>   If the server can connect using '-s', then it can connect in
> threaded mode.  The issue is that you've got to figure out what is
> different between the two.

Not sure what the difference is. I even examined truss output in both
modes. I did not see anything that jumped right out, but I only gave this
a cursory look... I've got a deadline looming :-) I am going to try to see
if I can duplicate things on my old development server, which also runs
Solaris 8.

> What lda libraries are you using?  What type of LDAP server are you
> using?

I'm using openldap-2.0.27 libraries on the RADIUS server. Our LDAP server
is iPlanet on a Solaris box.

sam

-- 
Samuel T Patterson
Systems Programmer
Northern Arizona University
Information and Technology Services
[EMAIL PROTECTED]
Work:   (928) 523-8246
Pager:  (928) 213-5176
P.O. Box 5100
Flagstaff, AZ 86011




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

SSL_read Error: EAP-TLS

2002-11-27 Thread Nikhil Chauhan 
Hello:

I'm testing EAP TLS functionality with:
* freeRADIUS-0.8 and the latest version of openssl
  -(openssl-0.9.7-beta4) on the server; 
* Linux machine as a client, and
* Cisco's AP350 as the authenticator.

I generated the certificates as per the HOWTO
by Raymond MacKay. I get a SSL_read Error (Please
see the attached radius server log). 

Any similar experiences?

==
run_radius -X -A > radius_log
+ LD_LIBRARY_PATH=/usr/local/openssl-beta-latest/lib
+
LD_PRELOAD=/usr/local/openssl-beta-latest/lib/libcrypto.so
+ export LD_LIBRARY_PATH LD_PRELOAD
+ /usr/local/sbin/radiusd -X -A
 
Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /etc/raddb/proxy.conf
Config:   including file: /etc/raddb/clients.conf
Config:   including file: /etc/raddb/snmp.conf
Config:   including file: /etc/raddb/sql.conf
 main: prefix = "/usr/local"
 main: localstatedir = "/usr/local/var"
 main: logdir = "/usr/local/var/log/radius"
 main: libdir = "/usr/local/lib"
 main: radacctdir =
"/usr/local/var/log/radius/radacct"
 main: hostname_lookups = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_file =
"/usr/local/var/log/radius/radius.log"
 main: log_auth = no
 main: log_auth_badpass = no
 main: log_auth_goodpass = no
 main: pidfile =
"/usr/local/var/run/radiusd/radiusd.pid"
 main: user = "(null)"
 main: group = "(null)"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"
 main: checkrad = "/usr/local/sbin/checkrad"
 main: proxy_requests = yes
 proxy: retry_delay = 5
 proxy: retry_count = 3
 proxy: synchronous = no
 proxy: default_fallback = yes
 proxy: dead_time = 120
 proxy: servers_per_realm = 15
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded System
 unix: cache = no
 unix: passwd = "(null)"
 unix: shadow = "(null)"
 unix: group = "(null)"
 unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
 unix: usegroup = no
 unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
 eap: default_eap_type = "tls"
 eap: timer_expire = 60
 tls: rsa_key_exchange = no
 tls: dh_key_exchange = yes
 tls: rsa_key_length = 512
 tls: dh_key_length = 512
 tls: verify_depth = 0
 tls: CA_path = "(null)"
 tls: pem_file_type = yes
 tls: private_key_file = "/etc/1x/tstpc11.pem"
 tls: certificate_file = "/etc/1x/tstpc11.pem"
 tls: CA_file = "/etc/1x/root.pem"
 tls: private_key_password = "whatever"
 tls: dh_file = "/etc/1x/DH"
 tls: random_file = "/etc/1x/random"
 tls: fragment_size = 1024
 tls: include_length = yes
rlm_eap_tls: conf N ctx stored
rlm_eap: Loaded and initialized the type tls
Module: Instantiated eap (eap)
Module: Loaded preprocess
 preprocess: huntgroups = "/etc/raddb/huntgroups"
 preprocess: hints = "/etc/raddb/hints"
 preprocess: with_ascend_hack = no
 preprocess: ascend_channels_per_line = 23
 preprocess: with_ntdomain_hack = no
 preprocess: with_specialix_jetstream_hack = no
 preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
 realm: format = "suffix"
 realm: delimiter = "@"
Module: Instantiated realm (suffix)
Module: Loaded files
 files: usersfile = "/etc/raddb/users"
 files: acctusersfile = "/etc/raddb/acct_users"
 files: preproxy_usersfile =
"/etc/raddb/preproxy_users"
 files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
 acct_unique: key = "User-Name, Acct-Session-Id,
NAS-IP-Address, Client-IP-Address, NAS-Port-Id"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
 detail: detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
 detail: detailperm = 384
 detail: dirperm = 493
 detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
 radutmp: filename =
"/usr/local/var/log/radius/radutmp"
 radutmp: username = "%{User-Name}"
 radutmp: perm = 384
 radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
 main: smux_password = ""
 main: snmp_write_access = no
SMUX connect try 1
Can't connect to SNMP agent with SMUX: Connection
refused
Listening on IP address *, ports 1812/udp and
1813/udp, with proxy on 1814/udp.
Ready to process requests.
rad_recv: Access-Request packet from host
192.168.11.20:1549, id=13, length=116
User-Name = "Cisco"
NAS-IP-Address = 192.168.11.20
Called-Station-Id = "004096577e54"
Calling-Station-Id = "00080997"

Re: Max-Daily-Session token usage, can anyone help?

2002-11-27 Thread peter . santiago 
Thanks... Spasiba 

Peter 

Svetlana Vyslanko writes: 




I have downloaded version 0.8,  and I've been lookoing at the sql (mysql)
table... It seems that there is no entry for Max-Session-Time (or is it
Max-Daily Session?) or either the Daily-Session-Time... 

Can anyone guide me on how to use these tokens properly... TIA 

Peter

I used Max-Daily-Session, Max-Monthly-Session and Max-All-Session with version
0.7.1. 


radiusd.conf

sqlcounter noresetcounter {
counter-name = Max-All-Session-Time
check-name = Max-All-Session
sqlmod-inst = sql
key = User-Name
reset = never 

query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{%k}'" 

} 


sqlcounter dailycounter {
driver = "rlm_sqlcounter"
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
sqlmod-inst = sql
key = User-Name
reset = daily 

query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND
UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" 

} 

sqlcounter monthlycounter {
counter-name = Monthly-Session-Time
check-name = Max-Monthly-Session
sqlmod-inst = sql
key = User-Name
reset = monthly 

query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND
UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" 

	}
... 

authorize {
	preprocess
	sql
	noresetcounter
	dailycounter
	monthlycounter
	files
} 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: EAP/TLS testing: SSL_set_my_callback

2002-11-27 Thread Nikhil Chauhan 
Hi All:

The solution...

* Clean-up all prior versions of freeRADIUS and
openSSL
* Install the latest BETA version of openssl
  (0.9.7-beta4)
* Download latest version of freeRADIUS(0.8)
* Run ./configure under freeRADIUS root directory
* Do necessary changes in the Makefile under
  rlm_eap_tls directory
* Run ./make under freeRADIUS root dir
* Type the command:
  /usr/local/lib/ldd rlm_eap_tls-0.7-pre.so
* Make sure that the referred "libssl" and "libcrypto"
  are the correct ones from the latest openSSL BETA
  version -(0.9.7-beta4) 
* Run ./make install under freeRADIUS root directory

It should work fine and should perform TLS
handshaking.
Thanks especially to Artur.

I would close this thread of emails now.  :-))


--- Nikhil Chauhan <[EMAIL PROTECTED]> wrote:
> Hi Artur:
> 
> Thanks for your suggestions. I heartly appreciate
> them.
> 
> The problem with SSL_set_msg_callback seems to be 
> fixed now. I installed the latest Beta version of
> the
> openssl and /usr/local/lib/ldd
> rlm_eap_tls-0.7-pre.so
> seems to give me libraries from this version of
> openssl. I tried again with FreeRADIUS-0.7 and I get
> a
> segmentation fault when it tries to process the TLS
> request: (NOTE: PLEASE READ BELOW THE FOLLOWING LOG
> AS
> WELL)
> 
> 
> Listening on IP address *, ports 1812/udp and
> 1813/udp, with proxy on 1814/udp.
> Ready to process requests.
> rad_recv: Access-Request packet from host
> 192.168.11.20:1047, id=23, length=122
>   User-Name = "adam-ctl"
>   NAS-IP-Address = 192.168.11.20
>   Called-Station-Id = "004096577e54"
>   Calling-Station-Id = "00080997"
>   NAS-Identifier = "AP350"
>   NAS-Port = 29
>   Framed-MTU = 1400
>   NAS-Port-Type = Wireless-802.11
>   EAP-Message = "\002\035\000\r\001adam-ctl"
>   Message-Authenticator =
> 0x09cf6a42badba94b8978e30247cdd626
> modcall: entering group authorize
>   modcall[authorize]: module "preprocess" returns ok
>   modcall[authorize]: module "eap" returns updated
> rlm_realm: Looking up realm NULL for User-Name =
> "adam-ctl"
> rlm_realm: No such realm NULL
>   modcall[authorize]: module "suffix" returns noop
> users: Matched adam-ctl at 97
>   modcall[authorize]: module "files" returns ok
> modcall: group authorize returns updated
>   rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> modcall: entering group authenticate
> rlm_eap: processing type tls
> Segmentation fault
>
==
> 
> I understand that there are a lot of bug-fixes
> within
> FreeRadius 0.8 release and I should UPGRADE to the 
> same level. I tried to install freeradius-0.8 and it
> gives me a parse error in unistd.h
> ===
> gmake[6]: Entering directory
> `/tmp/freeradius-0.8/src/modules/rlm_unix'
> /tmp/freeradius-0.8/libtool --mode=link
> ld \
> -module -static  -g -O2 -D_REENTRANT
> -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -g
> -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align
> -Wwrite-strings -Wstrict-prototypes
> -Wmissing-prototypes -Wmissing-declarations
> -Wnested-externs -I../../include  rlm_unix.o cache.o
> compat.o -o rlm_unix.a
> ar cru rlm_unix.a rlm_unix.o cache.o compat.o
> ranlib rlm_unix.a
> gmake[6]: Leaving directory
>
`/tmp/freeradius-snapshot-20021122/src/modules/rlm_unix'
> Making static dynamic in rlm_x99_token...
> gmake[6]: Entering directory
>
`/tmp/freeradius-snapshot-20021122/src/modules/rlm_x99_token'
> gcc  -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS
> -Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith
> -Wcast-qual -Wcast-align -Wwrite-strings
> -Wstrict-prototypes -Wmissing-prototypes
> -Wmissing-declarations -Wnested-externs
> -I../../include -DX99_MODULE_NAME=\"rlm_x99_token\"
> -DFREERADIUS -c x99_site.c -o x99_site.o
> In file included from ../../include/radiusd.h:19,
>  from x99_rad.h:25,
>  from x99.h:201,
>  from x99_site.c:37:
> /usr/include/unistd.h:945: parse error before `('
> /usr/include/unistd.h:945: parse error before
> `__const'
> gmake[6]: *** [x99_site.o] Error 1
> gmake[6]: Leaving directory
> `/tmp/freeradius-0.8/src/modules/rlm_x99_token'
> gmake[5]: *** [common] Error 1
> gmake[5]: Leaving directory
> `/tmp/freeradius-0.8/src/modules'
> gmake[4]: *** [all] Error 2
> gmake[4]: Leaving directory
> `/tmp/freeradius-0.8/src/modules'
> gmake[3]: *** [common] Error 1
> gmake[3]: Leaving directory
> `/tmp/freeradius-0.8/src'
> gmake[2]: *** [all] Error 2
> gmake[2]: Leaving directory
> `/tmp/freeradius-0.8/src'
> gmake[1]: *** [common] Error 1
> gmake[1]: Leaving directory
> `/tmp/freeradius-0.8'
> make: *** [all] Error 2
> =
> 
> --- Artur Hecker <[EMAIL PROTECTED]> wrote:
> > nikhil:
> > 
> > 
> > as i already said to you:
> > - upgrade to the newest version, why do you still
> > use the 0.7.1?
> > - assure that the "old

Re: Does mod_auth_radius can talk with a shiva radius?

2002-11-27 Thread Aviel Levy 
Thanks for the quick response.
I'm an idiot..
I am using one time password method and just forgot
about the caveat that is mentioned in the source file
regarding the browser behavior when not directed to a
specific url..
Fixed it and it works just fine.
Thanks again.. 

--- Alan DeKok <[EMAIL PROTECTED]> wrote:
> aviel levy <[EMAIL PROTECTED]> wrote:
> > We compiled mod_auth_radius-1.5.4 with
> apache_1.3.27
> > on RedHat 8.
> > 
> > Can it work with a shiva radius server (access
> manager
> > 5.7)?
> 
>   I don't see why not.
> 
> > The client gets an positive reply from the server
> but
> > sends another request and then is denied.. 
> 
>   See if there's any debugging information you can
> get.
> 
>   Alan DeKok.
> 
> - 
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re[2]: MS-CHAP

2002-11-27 Thread 3APA3A 
Dear Josh Howlett,

No. rlm_smb is authentication module, not authorization one. You can use
either rlm_mschap or rlm_smb.

--Wednesday, November 27, 2002, 6:46:43 PM, you wrote to [EMAIL PROTECTED]:

JH> Does that include rlm_smb?

JH> thanks, josh.

JH> On Wed, 2002-11-27 at 15:34, 3APA3A wrote:
>> Dear Josh Howlett,
>> 
>> You  can  use  mschap  authentication  module  in  conjunction  with any
>> authorization module (for example sql or dbm). All you need is cleartext
>> or  NT-crypted password to be accessable. So you can use almost any DBMS
>> (Oracle,  MySQL,  PostgreSQL,  MS  SQL,  DB2,  Sybase,  etc), LDAP, text
>> password file format, DBM file format, and users file.
>> 
>> --Wednesday, November 27, 2002, 5:21:26 PM, you wrote to 
>[EMAIL PROTECTED]:
>> 
>> JH> Hi,
>> 
>> JH> What can Freeradius use to authenticate MS-CHAP against?  I know of the
>> JH> following methods:
>> JH>  - the 'users' file
>> JH>  - /etc/smbpasswd
>> JH>  - LDAP directory
>> JH>  - proxy to another RADIUS server
>> 
>> JH> Are there any others?
>> 
>> JH> thanks, josh.
>> 
>> 
>> 
>> -- 
>> ~/ZARAZA
>> Ms ` b veknl, Shk|l, gdexmhi jkhl`r - efekh rnk|jn
>> }rn lnfmn m`gb`r| jkhl`rnl, bonkme qmnqm{i. (Rbem)
>> 


-- 
~/ZARAZA
Ïèøèòå åùå. È åñëè â âàøåé ïåòèöèè èìåëñÿ êàêîé-íèáóäü
ñìûñë, òî, íå ñòåñíÿÿñü, ðàçúÿñíèòå â ÷åì äåëî. (Òâåí)


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: MS-CHAP

2002-11-27 Thread Josh Howlett 
Does that include rlm_smb?

thanks, josh.

On Wed, 2002-11-27 at 15:34, 3APA3A wrote:
> Dear Josh Howlett,
> 
> You  can  use  mschap  authentication  module  in  conjunction  with any
> authorization module (for example sql or dbm). All you need is cleartext
> or  NT-crypted password to be accessable. So you can use almost any DBMS
> (Oracle,  MySQL,  PostgreSQL,  MS  SQL,  DB2,  Sybase,  etc), LDAP, text
> password file format, DBM file format, and users file.
> 
> --Wednesday, November 27, 2002, 5:21:26 PM, you wrote to 
>[EMAIL PROTECTED]:
> 
> JH> Hi,
> 
> JH> What can Freeradius use to authenticate MS-CHAP against?  I know of the
> JH> following methods:
> JH>  - the 'users' file
> JH>  - /etc/smbpasswd
> JH>  - LDAP directory
> JH>  - proxy to another RADIUS server
> 
> JH> Are there any others?
> 
> JH> thanks, josh.
> 
> 
> 
> -- 
> ~/ZARAZA
> Ms ` b veknl, Shk|l, gdexmhi jkhl`r - efekh rnk|jn
> }rn lnfmn m`gb`r| jkhl`rnl, bonkme qmnqm{i. (Rbem)
> 
-- 
---
Josh Howlett, Networking & Digital Communications,
Information Systems & Computing, University of Bristol, U.K.
'phone: 0117 928 7850 email: [EMAIL PROTECTED]

---


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Does mod_auth_radius can talk with a shiva radius?

2002-11-27 Thread Alan DeKok 
aviel levy <[EMAIL PROTECTED]> wrote:
> We compiled mod_auth_radius-1.5.4 with apache_1.3.27
> on RedHat 8.
> 
> Can it work with a shiva radius server (access manager
> 5.7)?

  I don't see why not.

> The client gets an positive reply from the server but
> sends another request and then is denied.. 

  See if there's any debugging information you can get.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: MS-CHAP

2002-11-27 Thread 3APA3A 
Dear Josh Howlett,

You  can  use  mschap  authentication  module  in  conjunction  with any
authorization module (for example sql or dbm). All you need is cleartext
or  NT-crypted password to be accessable. So you can use almost any DBMS
(Oracle,  MySQL,  PostgreSQL,  MS  SQL,  DB2,  Sybase,  etc), LDAP, text
password file format, DBM file format, and users file.

--Wednesday, November 27, 2002, 5:21:26 PM, you wrote to 
[EMAIL PROTECTED]:

JH> Hi,

JH> What can Freeradius use to authenticate MS-CHAP against?  I know of the
JH> following methods:
JH>  - the 'users' file
JH>  - /etc/smbpasswd
JH>  - LDAP directory
JH>  - proxy to another RADIUS server

JH> Are there any others?

JH> thanks, josh.



-- 
~/ZARAZA
Íó à â öåëîì, Óèëüÿì, çäåøíèé êëèìàò - åæåëè òîëüêî
ýòî ìîæíî íàçâàòü êëèìàòîì, âïîëíå ñíîñíûé. (Òâåí)


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Allocating dynamic IP addresses from FreeRadius

2002-11-27 Thread Mike Varley 
On Wed, 2002-11-27 at 09:26, Vitaliy Karlov wrote:
> On Wed, Nov 27, 2002 at 04:12:12PM +0200, Kostas Kalevras wrote:
> > > Hi All!
> > > In radiusd.conf I put this:
> > >
> > > === radiusd.conf =
> > > ippool main_pool {
> > > range-start = 10.1.1.1
> > > range-stop = 10.1.1.255
> > > netmask = 255.255.255.255
> > 
> > You should put a netmask of 255.255.255.0
> > Delete the db* files and run the server in debug mode (radiusd -X)
> 
> I delete all entries with db* and get this (I does not run radiusd in debug mode)
> == radius.log ==
> Wed Nov 27 16:20:17 2002 : Error: rlm_ippool: 'session-db' must be set.
> Wed Nov 27 16:20:17 2002 : Error: radiusd.conf[489]: main_pool: Module instantiation 
>failed.
> ===
> 
> ???
> 
> What is goal of the db* files?
> 

The db* files are used to manage which IP addresses are available, and
which ones have been assigned to which NAC/port combination. for the
session-db and index-db, you can just put in a path and file name. Here
is my complete settings for ths module:
ippool ippool {
name = ippool
session-db = /usr/local/etc/raddb/ippool-sess-db
ip-index = /usr/local/etc/raddb/ippool-idx-db
range-start = 192.168.1.2
range-stop = 192.168.1.10
netmask = 255.255.255.0
cache-size = 1000
}


ippool-sess-db and ippool-idx-db are gdbm databases. you can do a 'man
gdbm' for more information.

MV




-- 
~~~
Mike Varley -= SOMA Networks =-
Tel: 416.977.1414   x1578
email: [EMAIL PROTECTED]


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: LDAP bind problem

2002-11-27 Thread Alan DeKok 
Samuel T Patterson <[EMAIL PROTECTED]> wrote:
> Here is some more information about the problem I am seeing. Running
> with debug flags shows a "Can't contact LDAP server" message. The bind
> is successful if the "-s" argument is used. I would prefer to run
> FreeRADIUS in multi-threaded mode, but cannot seem to get it to work!
> This is a 0.8 server on Solaris 8.

  Let me guess.  When using '-s' you're running as 'root'.  You've
also got the 'user' and 'group' entries in radiusd.conf set to
'nobody'.

  If the server can connect using '-s', then it can connect in
threaded mode.  The issue is that you've got to figure out what is
different between the two.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: MS-CHAP

2002-11-27 Thread Alan DeKok 
Josh Howlett <[EMAIL PROTECTED]> wrote:
> What can Freeradius use to authenticate MS-CHAP against?  I know of the
> following methods:
...

  Right now, the mschap module can only use clear-text passwords (or
/etc/smbpasswd) for authentication.  So any module which supplies a
clear-text password for comparison is OK.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: User Configuartion Help and Interesting Scenario

2002-11-27 Thread Chris Brotsos 
At 09:14 AM 11/27/2002 -0600, you wrote:

I'm not disputing anything; I'm trying to provide information.  I have
freeradius set up to _always_ send reply messages, and I have NASes that
show the string to the user on login, and NASes that completely ignore it.
 Nothing more, nothing less.


I thought that maybe you had another idea of what Alan was trying to 
accomplish. I'm just a little confused because of what he suggested he was 
trying to return...a password. I didn't know if he meant Reply-Message or 
not. When you said that the NAS ignores the Reply-Message, I didn't know if 
you had another attribute in mind that specifically dealt with returning a 
password to the NAS...that's all I meant. Sorry for the inappropriate tone.

Chris


Vincent Giovannone
Network Infrastructure Group
Information Services Division
Rush - Presbyterian St. Luke's Medical Center

"So for the IT Manager Role, you want someone who's absolute crap, looks
reasonable on paper, and won't cause too much trouble. ...  Well I don't
have any MCSEs on my books at the moment, but I could call around."--
Simon Travaglia





Chris Brotsos <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
11/27/2002 09:08 AM
Please respond to freeradius-users


To: [EMAIL PROTECTED]
cc:
Subject:Re: User Configuartion Help and Interesting Scenario


At 07:50 AM 11/27/2002 -0600, you wrote:
>You do NOT need to use a database to cause freeradius to re-read its
users
>file.  You simply have to sigHUP it.

Fair enough, I was considering a SIGHUP to be a restart of the
process...my
apologies for any confusion.

I can say though, Alan, if you are worried about losing requests when
sending a HUP, the current incoming requests will not be dropped (assuming

that the request queue does not get full in the time it takes to restart
the process). But, to be more specific, if you don't even want to SIGHUP
the process then you will need a database.



>Also, the "reply-message" packet is not guaranteed.  Well, let me say
that
>better.  It's guaranteed that Freeradius will send it if you specify it.
>It is NOT guaranteed what the NAS will do with it.  (Some NASes will
>ignore it, many will show it to the user.)

Well, instead of disputing a suggestion I made, when I stated I wasn't
even
sure that I completely understood the question, please provide another
means...especially if you are sure that you know exactly what Alan is
trying to accomplish by returning said string.

Thanks,

Chris

>Vincent Giovannone
>Network Infrastructure Group
>Information Services Division
>Rush - Presbyterian St. Luke's Medical Center
>
>"So for the IT Manager Role, you want someone who's absolute crap, looks
>reasonable on paper, and won't cause too much trouble. ...  Well I don't
>have any MCSEs on my books at the moment, but I could call around."--
>Simon Travaglia
>
>
>
>
>
>Chris Brotsos <[EMAIL PROTECTED]>
>Sent by: [EMAIL PROTECTED]
>11/27/2002 07:39 AM
>Please respond to freeradius-users
>
>
> To: [EMAIL PROTECTED]
> cc:
> Subject:Re: User Configuartion Help and Interesting
Scenario
>
>
>Alan,
>
>At 11:38 PM 11/27/2002 +1100, you wrote:
> >Dear all,
> >
> >I have just installed radius 0.8 on my redhat 7.2 box. Being a total
> >newbie I just wanted to know two things...
> >
> >1) Firstly how do I add new users and then without restarting make
radius
>
> >reread the users file? Is there a configuration switch to allow me to
do
> >that? If it isnt possible, can i set up a database and do it that way?
I
> >just need to know how to dynamically add new users without restarting
the
>
> >radius server.
>
>Yes, you will need to use a database.
>
>
> >2) Is it possible for radius to also send back a string (password) back
>to
> >the client instead of just accept-accept. Or will I have to set up
>another
> >machine or program to do that?
>
>I am a little unsure of what you mean here, but I think you are referring
>to the use of a Reply-Message attribute that can be added to the user's
>profile to send back a string with your Access-Accept packet.
>
>Chris
>
>
>
>-
>List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html
>
>
>
>
>-
>List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

---
Christopher Brotsos ([EMAIL PROTECTED])
Development Engineering
StarNet/MegaPOP: http://www.megapop.net
WX is wireless : http://www.starnetwx.net

This message is sent in confidence to the addressees.
It may contain privileged, proprietary, or confidential information.



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: use freeradius to clear line

2002-11-27 Thread Vitaliy Karlov 
On Wed, Nov 27, 2002 at 10:10:33AM -0500, Alan DeKok wrote:
> "Chhai  Thach" <[EMAIL PROTECTED]> wrote:
> > Is there a way to manually disconnect the user using freeradius instead
> > of NAS?
> 
>   Did you bother reading the FAQ?

May be I wrong, but in FR-0.8 radzap is broken!

I yourself want delete user from line, but nothing more, then log-entry:
in radius.log "Error: No clients entry for localhost", did not recieve :(
In client and  clients.conf I have records for localhost!

Any suggestion?

PS. Now I use radzap from FR-0.7...

-- 
WBR, Vitaliy Karlov [KV1670-RIPE]

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Authentication vs. Authorization question

2002-11-27 Thread Alan DeKok 
Artur Hecker <[EMAIL PROTECTED]> wrote:
> his question is how to mangle the response adding authorization data... 
> Jukka, i think you should take a loot at postproxying available in 
> freeradius 0.8 or in the snapshots (not sure about that).

  No.  Once the reply is received from the home server, FreeRADIUS
will run the packet through the authorization stage again.  At this
point, you can add whatever authorization you decide is necessary.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: User Configuartion Help and Interesting Scenario

2002-11-27 Thread Vincent_Giovannone 
I'm not disputing anything; I'm trying to provide information.  I have 
freeradius set up to _always_ send reply messages, and I have NASes that 
show the string to the user on login, and NASes that completely ignore it. 
 Nothing more, nothing less.

Vincent Giovannone
Network Infrastructure Group
Information Services Division
Rush - Presbyterian St. Luke's Medical Center

"So for the IT Manager Role, you want someone who's absolute crap, looks 
reasonable on paper, and won't cause too much trouble. ...  Well I don't 
have any MCSEs on my books at the moment, but I could call around."-- 
Simon Travaglia





Chris Brotsos <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
11/27/2002 09:08 AM
Please respond to freeradius-users

 
To: [EMAIL PROTECTED]
cc: 
Subject:Re: User Configuartion Help and Interesting Scenario


At 07:50 AM 11/27/2002 -0600, you wrote:
>You do NOT need to use a database to cause freeradius to re-read its 
users
>file.  You simply have to sigHUP it.

Fair enough, I was considering a SIGHUP to be a restart of the 
process...my 
apologies for any confusion.

I can say though, Alan, if you are worried about losing requests when 
sending a HUP, the current incoming requests will not be dropped (assuming 

that the request queue does not get full in the time it takes to restart 
the process). But, to be more specific, if you don't even want to SIGHUP 
the process then you will need a database.



>Also, the "reply-message" packet is not guaranteed.  Well, let me say 
that
>better.  It's guaranteed that Freeradius will send it if you specify it.
>It is NOT guaranteed what the NAS will do with it.  (Some NASes will
>ignore it, many will show it to the user.)

Well, instead of disputing a suggestion I made, when I stated I wasn't 
even 
sure that I completely understood the question, please provide another 
means...especially if you are sure that you know exactly what Alan is 
trying to accomplish by returning said string.

Thanks,

Chris

>Vincent Giovannone
>Network Infrastructure Group
>Information Services Division
>Rush - Presbyterian St. Luke's Medical Center
>
>"So for the IT Manager Role, you want someone who's absolute crap, looks
>reasonable on paper, and won't cause too much trouble. ...  Well I don't
>have any MCSEs on my books at the moment, but I could call around."--
>Simon Travaglia
>
>
>
>
>
>Chris Brotsos <[EMAIL PROTECTED]>
>Sent by: [EMAIL PROTECTED]
>11/27/2002 07:39 AM
>Please respond to freeradius-users
>
>
> To: [EMAIL PROTECTED]
> cc:
> Subject:Re: User Configuartion Help and Interesting 
Scenario
>
>
>Alan,
>
>At 11:38 PM 11/27/2002 +1100, you wrote:
> >Dear all,
> >
> >I have just installed radius 0.8 on my redhat 7.2 box. Being a total
> >newbie I just wanted to know two things...
> >
> >1) Firstly how do I add new users and then without restarting make 
radius
>
> >reread the users file? Is there a configuration switch to allow me to 
do
> >that? If it isnt possible, can i set up a database and do it that way? 
I
> >just need to know how to dynamically add new users without restarting 
the
>
> >radius server.
>
>Yes, you will need to use a database.
>
>
> >2) Is it possible for radius to also send back a string (password) back
>to
> >the client instead of just accept-accept. Or will I have to set up
>another
> >machine or program to do that?
>
>I am a little unsure of what you mean here, but I think you are referring
>to the use of a Reply-Message attribute that can be added to the user's
>profile to send back a string with your Access-Accept packet.
>
>Chris
>
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Allocating dynamic IP addresses from FreeRadius

2002-11-27 Thread Vitaliy Karlov 
On Wed, Nov 27, 2002 at 04:50:50PM +0200, Kostas Kalevras wrote:
> > > You should put a netmask of 255.255.255.0
> > > Delete the db* files and run the server in debug mode (radiusd -X)
> >
> > I delete all entries with db* and get this (I does not run radiusd in debug mode)
> > == radius.log ==
> > Wed Nov 27 16:20:17 2002 : Error: rlm_ippool: 'session-db' must be set.
> > Wed Nov 27 16:20:17 2002 : Error: radiusd.conf[489]: main_pool: Module 
>instantiation failed.
> > ===
> >
> > ???
> 
> I meant all the db *files* not the configuration directives!!

OK! Now from this pool IP-address assign diul-up user. Everuthing is OK.

But I have some another target...
I want in this pool assign, for example, 10 IP-address, not 8 or 16...
I.e. 10.1.1.1 - 10.1.1.10.

I do not want write like this 10.1.1.0/29 (for 8 IP-address 10.1.1.0-10.1.1.7) or 
10.1.1.0/28 (for 16 IP 10.1.1.0-10.1.1.15)

May I release similar assignment with radius+rlm_ippol ???

> > What is goal of the db* files?
> They are the db keeping state of allocated ips

Thanks, i.e. anyway for restarting radiusd I must:
touch db.ipindex && touch db.ippool 
?
I right understand?


> > > Read raddb/experimental.conf
> >
> > Thanks, I read yet... no more?
> 
> No. If you find that it is lacking something please contribute some
> documentation.

I have bad english :( 
I may example of config files put here, if I can release _not_ CLASSLESS IP address 
pool... 

-- 
WBR, Vitaliy Karlov [KV1670-RIPE]

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Is freeradius support mips platform?

2002-11-27 Thread Alan DeKok 
Jeffery Huang <[EMAIL PROTECTED]> wrote:
>   Here is my error message!
> 
> gmake[4]: Entering directory `/home/jeffery/Project/radiusd/src/lib'
> mipsel-linux-gcc  -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall
> -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align
> -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes
> -Wmissing-declarations -Wnested-externs -D_LIBRADIUS -I../include -c
> dict.c -o dict.o
> In file included from dict.c:20:
> ../include/libradius.h:19: stdint.h: No such file or directory

  Your build system (gcc, include files, etc) is completely broken.

  The stdint.h file is included ONLY if the 'configure' stage finds
it.  And stdint.h should be included on all modern Linux systems.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: use freeradius to clear line

2002-11-27 Thread Alan DeKok 
"Chhai  Thach" <[EMAIL PROTECTED]> wrote:
> Is there a way to manually disconnect the user using freeradius instead
> of NAS?

  Did you bother reading the FAQ?

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: User Configuartion Help and Interesting Scenario

2002-11-27 Thread Chris Brotsos 
At 07:50 AM 11/27/2002 -0600, you wrote:

You do NOT need to use a database to cause freeradius to re-read its users
file.  You simply have to sigHUP it.


Fair enough, I was considering a SIGHUP to be a restart of the process...my 
apologies for any confusion.

I can say though, Alan, if you are worried about losing requests when 
sending a HUP, the current incoming requests will not be dropped (assuming 
that the request queue does not get full in the time it takes to restart 
the process). But, to be more specific, if you don't even want to SIGHUP 
the process then you will need a database.



Also, the "reply-message" packet is not guaranteed.  Well, let me say that
better.  It's guaranteed that Freeradius will send it if you specify it.
It is NOT guaranteed what the NAS will do with it.  (Some NASes will
ignore it, many will show it to the user.)


Well, instead of disputing a suggestion I made, when I stated I wasn't even 
sure that I completely understood the question, please provide another 
means...especially if you are sure that you know exactly what Alan is 
trying to accomplish by returning said string.

Thanks,

Chris

Vincent Giovannone
Network Infrastructure Group
Information Services Division
Rush - Presbyterian St. Luke's Medical Center

"So for the IT Manager Role, you want someone who's absolute crap, looks
reasonable on paper, and won't cause too much trouble. ...  Well I don't
have any MCSEs on my books at the moment, but I could call around."--
Simon Travaglia





Chris Brotsos <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
11/27/2002 07:39 AM
Please respond to freeradius-users


To: [EMAIL PROTECTED]
cc:
Subject:Re: User Configuartion Help and Interesting Scenario


Alan,

At 11:38 PM 11/27/2002 +1100, you wrote:
>Dear all,
>
>I have just installed radius 0.8 on my redhat 7.2 box. Being a total
>newbie I just wanted to know two things...
>
>1) Firstly how do I add new users and then without restarting make radius

>reread the users file? Is there a configuration switch to allow me to do
>that? If it isnt possible, can i set up a database and do it that way? I
>just need to know how to dynamically add new users without restarting the

>radius server.

Yes, you will need to use a database.


>2) Is it possible for radius to also send back a string (password) back
to
>the client instead of just accept-accept. Or will I have to set up
another
>machine or program to do that?

I am a little unsure of what you mean here, but I think you are referring
to the use of a Reply-Message attribute that can be added to the user's
profile to send back a string with your Access-Accept packet.

Chris



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Allocating dynamic IP addresses from FreeRadius

2002-11-27 Thread Kostas Kalevras 
On Wed, 27 Nov 2002, Vitaliy Karlov wrote:

> On Wed, Nov 27, 2002 at 04:12:12PM +0200, Kostas Kalevras wrote:
> > > Hi All!
> > > In radiusd.conf I put this:
> > >
> > > === radiusd.conf =
> > > ippool main_pool {
> > > range-start = 10.1.1.1
> > > range-stop = 10.1.1.255
> > > netmask = 255.255.255.255
> >
> > You should put a netmask of 255.255.255.0
> > Delete the db* files and run the server in debug mode (radiusd -X)
>
> I delete all entries with db* and get this (I does not run radiusd in debug mode)
> == radius.log ==
> Wed Nov 27 16:20:17 2002 : Error: rlm_ippool: 'session-db' must be set.
> Wed Nov 27 16:20:17 2002 : Error: radiusd.conf[489]: main_pool: Module instantiation 
>failed.
> ===
>
> ???

I meant all the db *files* not the configuration directives!!

>
> What is goal of the db* files?

They are the db keeping state of allocated ips

>
> > > PS. Where is I find documentation about rlm_ipppol ?
> >
> > Read raddb/experimental.conf
>
> Thanks, I read yet... no more?

No. If you find that it is lacking something please contribute some
documentation.

>
> --
> WBR, Vitaliy Karlov [KV1670-RIPE]
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Allocating dynamic IP addresses from FreeRadius

2002-11-27 Thread Vitaliy Karlov 
On Wed, Nov 27, 2002 at 04:12:12PM +0200, Kostas Kalevras wrote:
> > Hi All!
> > In radiusd.conf I put this:
> >
> > === radiusd.conf =
> > ippool main_pool {
> > range-start = 10.1.1.1
> > range-stop = 10.1.1.255
> > netmask = 255.255.255.255
> 
> You should put a netmask of 255.255.255.0
> Delete the db* files and run the server in debug mode (radiusd -X)

I delete all entries with db* and get this (I does not run radiusd in debug mode)
== radius.log ==
Wed Nov 27 16:20:17 2002 : Error: rlm_ippool: 'session-db' must be set.
Wed Nov 27 16:20:17 2002 : Error: radiusd.conf[489]: main_pool: Module instantiation 
failed.
===

???

What is goal of the db* files?

> > PS. Where is I find documentation about rlm_ipppol ?
> 
> Read raddb/experimental.conf

Thanks, I read yet... no more?

-- 
WBR, Vitaliy Karlov [KV1670-RIPE]

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

MS-CHAP

2002-11-27 Thread Josh Howlett 
Hi,

What can Freeradius use to authenticate MS-CHAP against?  I know of the
following methods:
 - the 'users' file
 - /etc/smbpasswd
 - LDAP directory
 - proxy to another RADIUS server

Are there any others?

thanks, josh.

-- 
---
Josh Howlett, Networking & Digital Communications,
Information Systems & Computing, University of Bristol, U.K.
'phone: 0117 928 7850 email: [EMAIL PROTECTED]

---


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Allocating dynamic IP addresses from FreeRadius

2002-11-27 Thread Kostas Kalevras 
On Wed, 27 Nov 2002, Vitaliy Karlov wrote:

> On Tue, Nov 26, 2002 at 11:54:59AM -0500, Mike Varley wrote:
> > There is a module that does dynamic IP assignment: look in
> > ${freeradius_source_dir}/src/modules/rlm_ippool
> >
> > It is not built by default, so you need to add it to the top level
> > Makefile. There is a description on how to configure it in the docs
> > direcotry.
> >
> > Once you've compiled and installed it, change your radiusd.conf file to
> > have a section:
> >
> > post-auth {
> > ippool
> > }
> >
> > and then after every successful authentication, this module will add an
> > IP address chosen dynamically BASED ON the NAS/port combination. The
> > ippool module uses dbm databases. I'm not sure if this is what you are
> > looking for, but it may help point you in the right direction.
> >
> > HTH!
> >
> > MV
>
> Hi All!
> In radiusd.conf I put this:
>
> === radiusd.conf =
> ippool main_pool {
> range-start = 10.1.1.1
> range-stop = 10.1.1.255
> netmask = 255.255.255.255

You should put a netmask of 255.255.255.0
Delete the db* files and run the server in debug mode (radiusd -X)

> cache-size = 800
> session-db = ${raddbdir}/db.ippool
> ip-index = ${raddbdir}/db.ipindex
> }
>
> post-auth {
>   #  Get an address from the IP Pool.
>   main_pool
> }
> ==
>
> In user I write this:
> == users 
> zzz zyxel   Auth-Type := Local, User-Password == "some_pass", Pool-Name := 
>"main_pool"
> 
>
> But IP-address anywhere does not assign from space 10.1.1.0/24
>
> Thanks for any suggestion.
>
> PS. Where is I find documentation about rlm_ipppol ?

Read raddb/experimental.conf

>
>
> --
> WBR, Vitaliy Karlov [KV1670-RIPE]
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Allocating dynamic IP addresses from FreeRadius

2002-11-27 Thread Vitaliy Karlov 
On Tue, Nov 26, 2002 at 11:54:59AM -0500, Mike Varley wrote:
> There is a module that does dynamic IP assignment: look in
> ${freeradius_source_dir}/src/modules/rlm_ippool
> 
> It is not built by default, so you need to add it to the top level
> Makefile. There is a description on how to configure it in the docs
> direcotry.
> 
> Once you've compiled and installed it, change your radiusd.conf file to
> have a section:
> 
> post-auth {
>   ippool
> }
> 
> and then after every successful authentication, this module will add an
> IP address chosen dynamically BASED ON the NAS/port combination. The
> ippool module uses dbm databases. I'm not sure if this is what you are
> looking for, but it may help point you in the right direction.
> 
> HTH!
> 
> MV

Hi All!
In radiusd.conf I put this:

=== radiusd.conf =
ippool main_pool {
range-start = 10.1.1.1
range-stop = 10.1.1.255
netmask = 255.255.255.255
cache-size = 800
session-db = ${raddbdir}/db.ippool
ip-index = ${raddbdir}/db.ipindex
}

post-auth {
  #  Get an address from the IP Pool.
  main_pool
}
==

In user I write this:
== users 
zzz zyxel   Auth-Type := Local, User-Password == "some_pass", Pool-Name := "main_pool"


But IP-address anywhere does not assign from space 10.1.1.0/24

Thanks for any suggestion.

PS. Where is I find documentation about rlm_ipppol ?


-- 
WBR, Vitaliy Karlov [KV1670-RIPE]

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: ERROR 2002: Can't connect to local MySQL server through socket '/ var/lib/mysql/mysql.sock' (111)

2002-11-27 Thread Simon White 
27-Nov-02 at 19:28, Vijay Reddy ([EMAIL PROTECTED]) wrote :
> Hi,
> I have just installed freeradius 0.8 on Linux. How can we connect the mysql
> server running on different machine,what changes are required to make mysql
> client contact the server running on different machine,always i am getting 
> 
> ERROR 2002: Can't connect to local MySQL server through socket
> '/var/lib/mysql/mysql.sock' (111)
> 

This is a MySQL problem; in any case, you need to look at sql.conf

 driver = "rlm_sql_mysql"

# Connect info
server = "hostname/IP address"
login = "root" 
# or a better username who has access to the radius DB
password = "yourpassword"

Regards,

-- 
|-Simon White, Internet Services Manager, Certified Check Point CCSA.
|-MTDS  Internet, Security, Anti-Virus, Linux and Hosting Solutions.
|-MTDS  14, rue du 16 novembre, Agdal, Rabat, Morocco.
|-MTDS  tel +212.3.767.4861 - fax +212.3.767.4863

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: ERROR 2002: Can't connect to local MySQL server through socket'/ var/lib/mysql/mysql.sock' (111)

2002-11-27 Thread Jason Lixfeld 
You should check out the mysql documentation on mysql.com.  This is a
freeradius list and I doubt you will get much mysql support here.

On Wed, 2002-11-27 at 08:58, Vijay Reddy wrote:
> Hi,
> I have just installed freeradius 0.8 on Linux. How can we connect the mysql
> server running on different machine,what changes are required to make mysql
> client contact the server running on different machine,always i am getting 
> 
> ERROR 2002: Can't connect to local MySQL server through socket
> '/var/lib/mysql/mysql.sock' (111)
> 
> Can anyone help me out of this problem, Thanks in Advance
> 
> Regards
> 
> Vijay Reddy
> 
>  
-- 
Regards,

Jason A. LixfeldFastvibe Corporation
Senior IP Network Engineer  220-156 Front St. W
[EMAIL PROTECTED]   Toronto, ON M5V-2L6
-
tel://416.341.0099:223  fax://416.341.0088



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

ERROR 2002: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (111)

2002-11-27 Thread Vijay Reddy 




Hi,

I have just installed freeradius 0.8 on Linux. How 
can we connect the mysql server running on different machine,what changes are 
required to make mysql client contact the server running on different 
machine,always i am getting 
ERROR 2002: 
Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' 
(111)
Can anyone help 
me out of this problem, Thanks in Advance
Regards
Vijay 
Reddy
 

Re: User Configuartion Help and Interesting Scenario

2002-11-27 Thread Vincent_Giovannone 
You do NOT need to use a database to cause freeradius to re-read its users 
file.  You simply have to sigHUP it.

Also, the "reply-message" packet is not guaranteed.  Well, let me say that 
better.  It's guaranteed that Freeradius will send it if you specify it. 
It is NOT guaranteed what the NAS will do with it.  (Some NASes will 
ignore it, many will show it to the user.)

Vincent Giovannone
Network Infrastructure Group
Information Services Division
Rush - Presbyterian St. Luke's Medical Center

"So for the IT Manager Role, you want someone who's absolute crap, looks 
reasonable on paper, and won't cause too much trouble. ...  Well I don't 
have any MCSEs on my books at the moment, but I could call around."-- 
Simon Travaglia





Chris Brotsos <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
11/27/2002 07:39 AM
Please respond to freeradius-users

 
To: [EMAIL PROTECTED]
cc: 
Subject:Re: User Configuartion Help and Interesting Scenario


Alan,

At 11:38 PM 11/27/2002 +1100, you wrote:
>Dear all,
>
>I have just installed radius 0.8 on my redhat 7.2 box. Being a total 
>newbie I just wanted to know two things...
>
>1) Firstly how do I add new users and then without restarting make radius 

>reread the users file? Is there a configuration switch to allow me to do 
>that? If it isnt possible, can i set up a database and do it that way? I 
>just need to know how to dynamically add new users without restarting the 

>radius server.

Yes, you will need to use a database.


>2) Is it possible for radius to also send back a string (password) back 
to 
>the client instead of just accept-accept. Or will I have to set up 
another 
>machine or program to do that?

I am a little unsure of what you mean here, but I think you are referring 
to the use of a Reply-Message attribute that can be added to the user's 
profile to send back a string with your Access-Accept packet.

Chris



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: User Configuartion Help and Interesting Scenario

2002-11-27 Thread Chris Brotsos 
Alan,

At 11:38 PM 11/27/2002 +1100, you wrote:

Dear all,

I have just installed radius 0.8 on my redhat 7.2 box. Being a total 
newbie I just wanted to know two things...

1) Firstly how do I add new users and then without restarting make radius 
reread the users file? Is there a configuration switch to allow me to do 
that? If it isnt possible, can i set up a database and do it that way? I 
just need to know how to dynamically add new users without restarting the 
radius server.

Yes, you will need to use a database.



2) Is it possible for radius to also send back a string (password) back to 
the client instead of just accept-accept. Or will I have to set up another 
machine or program to do that?

I am a little unsure of what you mean here, but I think you are referring 
to the use of a Reply-Message attribute that can be added to the user's 
profile to send back a string with your Access-Accept packet.

Chris



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Max-Daily-Session token usage, can anyone help?

2002-11-27 Thread Svetlana Vyslanko 

> 
> I have downloaded version 0.8,  and I've been lookoing at the sql (mysql)
> table... It seems that there is no entry for Max-Session-Time (or is it
> Max-Daily Session?) or either the Daily-Session-Time...
> 
> Can anyone guide me on how to use these tokens properly... TIA
> 
> Peter

I used Max-Daily-Session, Max-Monthly-Session and Max-All-Session with version
0.7.1.


radiusd.conf

sqlcounter noresetcounter {
counter-name = Max-All-Session-Time
check-name = Max-All-Session
sqlmod-inst = sql
key = User-Name
reset = never

query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{%k}'"

}


sqlcounter dailycounter {
driver = "rlm_sqlcounter"
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
sqlmod-inst = sql
key = User-Name
reset = daily

query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND
UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"

}

sqlcounter monthlycounter {
counter-name = Monthly-Session-Time
check-name = Max-Monthly-Session
sqlmod-inst = sql
key = User-Name
reset = monthly

query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND
UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"

}
...

authorize {
preprocess
sql
noresetcounter
dailycounter
monthlycounter
files
}

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

User Configuartion Help and Interesting Scenario

2002-11-27 Thread Alan Wong 
Dear all,

I have just installed radius 0.8 on my redhat 7.2 box. Being a total newbie 
I just wanted to know two things...

1) Firstly how do I add new users and then without restarting make radius 
reread the users file? Is there a configuration switch to allow me to do 
that? If it isnt possible, can i set up a database and do it that way? I 
just need to know how to dynamically add new users without restarting the 
radius server.

2) Is it possible for radius to also send back a string (password) back to 
the client instead of just accept-accept. Or will I have to set up another 
machine or program to do that?

Thanks for the help in advance...

Alan Wong

_
Help STOP SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: EAP/TLS testing: SSL_set_my_callback

2002-11-27 Thread Nikhil Chauhan 
Hi Artur:

Thanks for your suggestions. I heartly appreciate
them.

The problem with SSL_set_msg_callback seems to be 
fixed now. I installed the latest Beta version of the
openssl and /usr/local/lib/ldd rlm_eap_tls-0.7-pre.so
seems to give me libraries from this version of
openssl. I tried again with FreeRADIUS-0.7 and I get a
segmentation fault when it tries to process the TLS
request: (NOTE: PLEASE READ BELOW THE FOLLOWING LOG AS
WELL)


Listening on IP address *, ports 1812/udp and
1813/udp, with proxy on 1814/udp.
Ready to process requests.
rad_recv: Access-Request packet from host
192.168.11.20:1047, id=23, length=122
User-Name = "adam-ctl"
NAS-IP-Address = 192.168.11.20
Called-Station-Id = "004096577e54"
Calling-Station-Id = "00080997"
NAS-Identifier = "AP350"
NAS-Port = 29
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = "\002\035\000\r\001adam-ctl"
Message-Authenticator =
0x09cf6a42badba94b8978e30247cdd626
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
  modcall[authorize]: module "eap" returns updated
rlm_realm: Looking up realm NULL for User-Name =
"adam-ctl"
rlm_realm: No such realm NULL
  modcall[authorize]: module "suffix" returns noop
users: Matched adam-ctl at 97
  modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: processing type tls
Segmentation fault
==

I understand that there are a lot of bug-fixes within
FreeRadius 0.8 release and I should UPGRADE to the 
same level. I tried to install freeradius-0.8 and it
gives me a parse error in unistd.h
===
gmake[6]: Entering directory
`/tmp/freeradius-0.8/src/modules/rlm_unix'
/tmp/freeradius-0.8/libtool --mode=link
ld \
-module -static  -g -O2 -D_REENTRANT
-D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -g
-Wshadow -Wpointer-arith -Wcast-qual -Wcast-align
-Wwrite-strings -Wstrict-prototypes
-Wmissing-prototypes -Wmissing-declarations
-Wnested-externs -I../../include  rlm_unix.o cache.o
compat.o -o rlm_unix.a
ar cru rlm_unix.a rlm_unix.o cache.o compat.o
ranlib rlm_unix.a
gmake[6]: Leaving directory
`/tmp/freeradius-snapshot-20021122/src/modules/rlm_unix'
Making static dynamic in rlm_x99_token...
gmake[6]: Entering directory
`/tmp/freeradius-snapshot-20021122/src/modules/rlm_x99_token'
gcc  -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS
-Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith
-Wcast-qual -Wcast-align -Wwrite-strings
-Wstrict-prototypes -Wmissing-prototypes
-Wmissing-declarations -Wnested-externs
-I../../include -DX99_MODULE_NAME=\"rlm_x99_token\"
-DFREERADIUS -c x99_site.c -o x99_site.o
In file included from ../../include/radiusd.h:19,
 from x99_rad.h:25,
 from x99.h:201,
 from x99_site.c:37:
/usr/include/unistd.h:945: parse error before `('
/usr/include/unistd.h:945: parse error before
`__const'
gmake[6]: *** [x99_site.o] Error 1
gmake[6]: Leaving directory
`/tmp/freeradius-0.8/src/modules/rlm_x99_token'
gmake[5]: *** [common] Error 1
gmake[5]: Leaving directory
`/tmp/freeradius-0.8/src/modules'
gmake[4]: *** [all] Error 2
gmake[4]: Leaving directory
`/tmp/freeradius-0.8/src/modules'
gmake[3]: *** [common] Error 1
gmake[3]: Leaving directory
`/tmp/freeradius-0.8/src'
gmake[2]: *** [all] Error 2
gmake[2]: Leaving directory
`/tmp/freeradius-0.8/src'
gmake[1]: *** [common] Error 1
gmake[1]: Leaving directory
`/tmp/freeradius-0.8'
make: *** [all] Error 2
=

--- Artur Hecker <[EMAIL PROTECTED]> wrote:
> nikhil:
> 
> 
> as i already said to you:
> - upgrade to the newest version, why do you still
> use the 0.7.1?
> - assure that the "old" openssl is not involved into
> the compilation
> 
> your problem is evidently that the rlm_eap_tls used
> by freeradius is 
> compiled to use the old openssl OR it uses this for
> unclear reasons. 
> resolve it, don't wait for _the_ solution, simply
> try, play with your 
> settings (after having upgraded), with your gcc
> config, your system 
> config, etc.
> 
> the old lib doesn't have this function, only the new
> beta versions have 
> (for as far as i know). yours evidently don't.
> upgrade & recompile it.
> 
> i'm sorry but it's a little bit hard to see what the
> exact problem is 
> and to give you the sequence of commands which will
> result in correct 
> behaviour, be administrator. you could write small
> test programs in C 
> and compile those (simply a SSL_init() and then a
> call to this 
> SSL_set_msg_callback() function). once your C test
> compiles correctly 
> and executes without linker complaining (although
> the program can 
> segfault completely, you don't ca

Re: Authentication vs. Authorization question

2002-11-27 Thread Jukka Lehti 
> Jukka wanted to know how to ADD authorization data
> to the response sent by the remote server. The 
> remote server _doesn't_ send any authorization data,
> it's not supposed to and there is nothing to be done
> about it, at least not by Jukka.
> 
> his question is how to mangle the response adding
> authorization data... 

Exactly.

> you can definitely add whatever you want using
> postproxying. the question is however, if there
> is a simplier way to achieve the same result.

Thanks, I'll check it out.

__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Authentication vs. Authorization question

2002-11-27 Thread Evren Yurtesen 
The data should be in radreply table or radgroupreply (if your user is in
a group in usergroup table)

I am not a proxying expert but I think it would be nice to check the
remote server if its even able to send these data. I might be off the
track also! You can perhaps use the radclient program to test the
situation when you connect to server with radclient you should just enter
the a/v pairs and then press CTRL+D

running

#radclient 192.168.168.1 auth YOURSECRET

then sending

User-Name = "John"
User-Password = "hello"
^D

should do...do you receive the replies you want?


Evren

On Wed, 27 Nov 2002, Jukka Lehti wrote:

> --- Evren Yurtesen <[EMAIL PROTECTED]> wrote:
> > What kind of db are you using? can you send
> > radiusd -xx
> > output of authentication session?
> 
> I'm using MySQL at the moment and it's working ok.
> Output attached.
> 
> > do you mean that the remote server is working good
> > when you connect it
> > directly? for example with radclient ?
> 
> It's working ok, yes. I get the authentication data
> from the remote server but don't know how to add
> authorization data from local db to reply?
> 
> > On Wed, 27 Nov 2002, Jukka Lehti wrote:
> > 
> > > Hi,
> > > 
> > > I've set up freeradius 0.8 so that users like
> > > john@test get authenticated from a remote RADIUS
> > > server, i.e., freeradius works as a proxy. This is
> > > working well, so no problem here. But: the remote
> > > server only returns authentication data (un/pw
> > > ok/bad), I have authorization data in my local DB
> > > (Session-Timeout etc). How could I add this
> > > authorization data to RADIUS reply after
> > successful
> > > authentication from the remote server? I've been
> > > experimenting with autztype directive, but without
> > > success yet. Any other ideas/examples?
> > > 
> > > Thanks in advance.
> > > 
> > > __
> > > Do you Yahoo!?
> > > Yahoo! Mail Plus - Powerful. Affordable. Sign up
> > now.
> > > http://mailplus.yahoo.com
> > > 
> > > - 
> > > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> > > 
> > 
> 
> 
> 
> __
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com





- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Authentication vs. Authorization question

2002-11-27 Thread Evren Yurtesen 
Well I suspected if the remote server maybe dont even have this data
inside or somehow it doesnt send back. I thought the first thing is to
check if the remote server is working good, without any problems.

But definetely I am not an expert at proxying but I thought the proxy
should automaticly forward all the data received from the server. Thats
also another reason why I thought proxy dont receive anything.

Evren

On Wed, 27 Nov 2002, Artur Hecker wrote:

> 
> Evren, i think you misunderstand the question: Jukka wanted to know how 
> to ADD authorization data to the response sent by the remote server. The 
> remote server _doesn't_ send any authorization data, it's not supposed 
> to and there is nothing to be done about it, at least not by Jukka.
> 
> his question is how to mangle the response adding authorization data... 
> Jukka, i think you should take a loot at postproxying available in 
> freeradius 0.8 or in the snapshots (not sure about that).
> 
> you can definitely add whatever you want using postproxying. the 
> question is however, if there is a simplier way to achieve the same result.
> 
> 
> ciao
> artur
> 
> 
> 
> Evren Yurtesen wrote:
> > What kind of db are you using? can you send
> > radiusd -xx
> > output of authentication session?
> > 
> > do you mean that the remote server is working good when you connect it
> > directly? for example with radclient ?
> 
> -- 
> Artur Hecker   Groupe Accès et Mobilité
> hecker[at]enst[dot]fr   Département Informatique et Réseaux
> +33 1 45 81 7507  46, rue Barrault 75634 Paris cedex 13
> http://www.infres.enst.frENST Paris
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Authentication vs. Authorization question

2002-11-27 Thread Artur Hecker 

Evren, i think you misunderstand the question: Jukka wanted to know how 
to ADD authorization data to the response sent by the remote server. The 
remote server _doesn't_ send any authorization data, it's not supposed 
to and there is nothing to be done about it, at least not by Jukka.

his question is how to mangle the response adding authorization data... 
Jukka, i think you should take a loot at postproxying available in 
freeradius 0.8 or in the snapshots (not sure about that).

you can definitely add whatever you want using postproxying. the 
question is however, if there is a simplier way to achieve the same result.


ciao
artur



Evren Yurtesen wrote:
What kind of db are you using? can you send
radiusd -xx
output of authentication session?

do you mean that the remote server is working good when you connect it
directly? for example with radclient ?


--
Artur Hecker Groupe Accès et Mobilité
hecker[at]enst[dot]fr		  Département Informatique et Réseaux
+33 1 45 81 7507		46, rue Barrault 75634 Paris cedex 13
http://www.infres.enst.fr   ENST Paris


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Authentication vs. Authorization question

2002-11-27 Thread Jukka Lehti 
--- Evren Yurtesen <[EMAIL PROTECTED]> wrote:
> What kind of db are you using? can you send
> radiusd -xx
> output of authentication session?

I'm using MySQL at the moment and it's working ok.
Output attached.

> do you mean that the remote server is working good
> when you connect it
> directly? for example with radclient ?

It's working ok, yes. I get the authentication data
from the remote server but don't know how to add
authorization data from local db to reply?

> On Wed, 27 Nov 2002, Jukka Lehti wrote:
> 
> > Hi,
> > 
> > I've set up freeradius 0.8 so that users like
> > john@test get authenticated from a remote RADIUS
> > server, i.e., freeradius works as a proxy. This is
> > working well, so no problem here. But: the remote
> > server only returns authentication data (un/pw
> > ok/bad), I have authorization data in my local DB
> > (Session-Timeout etc). How could I add this
> > authorization data to RADIUS reply after
> successful
> > authentication from the remote server? I've been
> > experimenting with autztype directive, but without
> > success yet. Any other ideas/examples?
> > 
> > Thanks in advance.
> > 
> > __
> > Do you Yahoo!?
> > Yahoo! Mail Plus - Powerful. Affordable. Sign up
> now.
> > http://mailplus.yahoo.com
> > 
> > - 
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> > 
> 



__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com


rad.log
Description: rad.log

Does mod_auth_radius can talk with a shiva radius?

2002-11-27 Thread aviel levy 
Hi,

We compiled mod_auth_radius-1.5.4 with apache_1.3.27
on RedHat 8.

Can it work with a shiva radius server (access manager
5.7)?

It seems like those folks don't understand each
other..
or the client doesn't get well the server's response.

The client gets an positive reply from the server but
sends another request and then is denied.. 


Here is an example from a tcpdump flash:



13:06:19.424346 web.1026 > radius.datametrics: 
rad-access-req 79 [id 51] Attr[  User{someone} Pass
Service_type{#2080} [|radius] (DF)
13:06:19.526026 radius.datametrics > web.1026: 
rad-access-accept 84 [id 51] Attr[ 
Service_type{#1032} Framed_ipaddr{NAS_select}
Framed_proto{#267} Filter_id{default} [|radius]
13:06:19.526533 web.1026 > radius.datametrics: 
rad-access-req 79 [id 190] Attr[  User{someone} Pass
Service_type{#2080} [|radius] (DF)
13:06:19.558925 radius.datametrics > web.1026: 
rad-access-reject 20 [id 190]

Could you help?

Thanks
[EMAIL PROTECTED]



__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Authentication vs. Authorization question

2002-11-27 Thread Evren Yurtesen 
What kind of db are you using? can you send
radiusd -xx
output of authentication session?

do you mean that the remote server is working good when you connect it
directly? for example with radclient ?

Evren

On Wed, 27 Nov 2002, Jukka Lehti wrote:

> Hi,
> 
> I've set up freeradius 0.8 so that users like
> john@test get authenticated from a remote RADIUS
> server, i.e., freeradius works as a proxy. This is
> working well, so no problem here. But: the remote
> server only returns authentication data (un/pw
> ok/bad), I have authorization data in my local DB
> (Session-Timeout etc). How could I add this
> authorization data to RADIUS reply after successful
> authentication from the remote server? I've been
> experimenting with autztype directive, but without
> success yet. Any other ideas/examples?
> 
> Thanks in advance.
> 
> __
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Authentication vs. Authorization question

2002-11-27 Thread Jukka Lehti 
Hi,

I've set up freeradius 0.8 so that users like
john@test get authenticated from a remote RADIUS
server, i.e., freeradius works as a proxy. This is
working well, so no problem here. But: the remote
server only returns authentication data (un/pw
ok/bad), I have authorization data in my local DB
(Session-Timeout etc). How could I add this
authorization data to RADIUS reply after successful
authentication from the remote server? I've been
experimenting with autztype directive, but without
success yet. Any other ideas/examples?

Thanks in advance.

__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius 0.8, Oracle 8.1.7. Problem with CPU load

2002-11-27 Thread Daryl Tester 
Novoselsky Alexander wrote:

> May be. But OpenRADIUS and Navis Radius use simple SQL queries: "SELECT password 
>FROM users
> WHERE username = ?".

IMNAODBA (= I am not an Oracle DBA), but I have it on reasonable authority that
queries of the above form (bindable?) are cacheable by Oracle.

> It seems to me, in FreeRadius 0.8 SQL query is not configurable parameter.

I *think* that such queries rely on a different Oracle API, in order to bind
the argument values to the parameters.


-- 
Regards,
  Daryl Tester,  Software Wrangler and Bit Herder, IOCANE Pty. Ltd.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html