RE: Freeradius-Users digest, Vol 1 #1300 - 1 msg
Dialup_admin comes with freeradius. You should find in the freeradius install folder after you decompressed it. - Chhai -Original Message- From: Iq [mailto:[EMAIL PROTECTED]] Sent: Thursday, 28 November 2002 5:23 PM To: [EMAIL PROTECTED] Subject: Re: Freeradius-Users digest, Vol 1 #1300 - 1 msg Hi, what is this dial-up admin and where do i get it from > Use dialup_admin to view usage. You can find the sql queries in the = > source code > regards, Iqtadar Raja - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius-Users digest, Vol 1 #1300 - 1 msg
Hi, what is this dial-up admin and where do i get it from > Use dialup_admin to view usage. You can find the sql queries in the = > source code > regards, Iqtadar Raja - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius-Users digest, Vol 1 #1301 - 2 msgs
Hi Alan, Check out these two websites and follow the instructions U don need to compile FR with mysql options..u can instal freeradius...install mysql..make sure its working..change sql.conf and radiusd.conf. http://www.ccs.neu.edu/home/peterm/freeradiusbuild.html http://www.frontios.com/freeradius.html If you have any questions or comments, kindly do not hesitate to contact us at Golden IT. kind regards, Internet Services Administrator Golden IT Ph: +61 (3) 97052511 Fax: +61 (3) 97052544 Email: [EMAIL PROTECTED] Web: www.goldenit.net.au - Please advise the originator by telephone (03)9705 2511 in the event that this transmission is incomplete. IF THIS EMAIL HAS BEEN SENT TO YOU BY MISTAKE: please call (03) 9705 2511 and destroy it immediately. This email may contain Information which is confidential or which is subject to legal professional privilege. You must not use this email or the Information in it. Any confidentiality or privilege is not waived or lost because this email has been sent to you by mistake. - Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, November 28, 2002 4:47 PM Subject: Freeradius-Users digest, Vol 1 #1301 - 2 msgs > Send Freeradius-Users mailing list submissions to > [EMAIL PROTECTED] > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.cistron.nl/mailman/listinfo/freeradius-users > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Freeradius-Users digest..." > > > Today's Topics: > >1. help (Jerry) >2. Re: Linux+freeradius+mysql (Alan Wong) > > --__--__-- > > Message: 1 > From: "Jerry" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: help > Date: Thu, 28 Nov 2002 13:33:31 +0800 > Reply-To: [EMAIL PROTECTED] > > > > > --__--__-- > > Message: 2 > From: "Alan Wong" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: Re: Linux+freeradius+mysql > Date: Thu, 28 Nov 2002 16:47:16 +1100 > Reply-To: [EMAIL PROTECTED] > > Dear Iq, > > Im trying to get freeradius to work with mysql and having problems. Can you > tell me what ./configure options you used to configure it? Cause Im using > ./configure --sysconfdir=/etc --with-mysql-lib-dir=/usr/lib/mysql. Its > giving me this error > > > rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found > rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the > search path of your system's ld. > radiusd.conf[14]: sql: Module instantiation failed. > > Just wondering what configure options you used. > > Thanks in advance. > > From: "Iq" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, November 28, 2002 3:59 PM > Subject: Linux+freeradius+mysql > > > > Hi everyone, > >tried freeradius with mysql, got it working but how do > I > > get usage details out of radacct table. Is there a query provided > anywhere. > > I made two sessions and got both of them in radacct. > > Bellow is a copy of what I got in radacct > > > > > > mysql> select * from radacct where Username='iraja'; > > > +---+---+--+--+---+- > > -+---+-+-+-+-- > -- > > -+---+---+---+ > -- > > ---+--+-+--+-- > -- > > +-++-+ > -- > > --+---+ > > | RadAcctId | AcctSessionId | AcctUniqueId | UserName | Realm | > NASIPAddress > > | NASPortId | NASPortType | AcctStartTime | AcctStopTime| > > AcctSessionTime | AcctAuthentic | ConnectInfo_start | ConnectInfo_stop | > > AcctInputOctets | AcctOutputOctets | CalledStationId | CallingStationId | > > AcctTerminateCause | ServiceType | FramedProtocol | FramedIPAddress | > > AcctStartDelay | AcctStopDelay | > > > +---+---+--+--+---+- > > -+---+-+-+-+-- > -- > > -+---+---+---+ > -- > > ---+--+-+--+-- > -- > > +-++-+ > -- > > --+---+ > > | 2 | 7100034B | | iraja| | > 203.14.183.2 > > |12 | Async | 2002-11-26 22:27:39 | 2002-11-26 22:29:08 | > > 89 | RADIUS| 38666 LAPM/V42BIS | 24000 LAPM/V42BIS | > 1399 > > | 1064 | 87966000| | User-Request
Re: Linux+freeradius+mysql
Dear Iq, Im trying to get freeradius to work with mysql and having problems. Can you tell me what ./configure options you used to configure it? Cause Im using ./configure --sysconfdir=/etc --with-mysql-lib-dir=/usr/lib/mysql. Its giving me this error rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. Just wondering what configure options you used. Thanks in advance. From: "Iq" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, November 28, 2002 3:59 PM Subject: Linux+freeradius+mysql > Hi everyone, >tried freeradius with mysql, got it working but how do I > get usage details out of radacct table. Is there a query provided anywhere. > I made two sessions and got both of them in radacct. > Bellow is a copy of what I got in radacct > > > mysql> select * from radacct where Username='iraja'; > +---+---+--+--+---+- > -+---+-+-+-+-- -- > -+---+---+---+ -- > ---+--+-+--+-- -- > +-++-+ -- > --+---+ > | RadAcctId | AcctSessionId | AcctUniqueId | UserName | Realm | NASIPAddress > | NASPortId | NASPortType | AcctStartTime | AcctStopTime| > AcctSessionTime | AcctAuthentic | ConnectInfo_start | ConnectInfo_stop | > AcctInputOctets | AcctOutputOctets | CalledStationId | CallingStationId | > AcctTerminateCause | ServiceType | FramedProtocol | FramedIPAddress | > AcctStartDelay | AcctStopDelay | > +---+---+--+--+---+- > -+---+-+-+-+-- -- > -+---+---+---+ -- > ---+--+-+--+-- -- > +-++-+ -- > --+---+ > | 2 | 7100034B | | iraja| | 203.14.183.2 > |12 | Async | 2002-11-26 22:27:39 | 2002-11-26 22:29:08 | > 89 | RADIUS| 38666 LAPM/V42BIS | 24000 LAPM/V42BIS | 1399 > | 1064 | 87966000| | User-Request > | Framed-User | PPP| 203.14.193.11 | 0 | > 0 | > | 4 | 7100034C | | iraja| | 203.14.183.2 > |11 | Async | 2002-11-26 22:30:46 | 2002-11-26 22:36:12 | > 326 | RADIUS| 52000 LAPM/V42BIS | 52000 LAPM/V42BIS | > 159179 | 1355687 | 87966000| | > User-Request | Framed-User | PPP| 203.14.193.12 | > 0 | 0 | > +---+---+--+--+---+- > -+---+-+-+-+-- -- > -+---+---+---+ -- > ---+--+-+--+-- -- > +-++-+ -- > --+---+ > 2 rows in set (0.00 sec) > > mysql> > > > If you have any questions or comments, kindly do not hesitate to contact us > at Golden IT. > > kind regards, > > Internet Services Administrator > Golden IT > Ph: +61 (3) 97052511 > Fax: +61 (3) 97052544 > Email: [EMAIL PROTECTED] > Web: www.goldenit.net.au > > -- -- > - > Please advise the originator by telephone (03)9705 2511 in the event that > this transmission is incomplete. > IF THIS EMAIL HAS BEEN SENT TO YOU BY MISTAKE: please call (03) 9705 2511 > and destroy it immediately. This email may contain Information which is > confidential or which is subject to legal professional privilege. You must > not use this email or the Information in it. Any confidentiality or > privilege is not waived or lost because this email has been sent to you by > mistake. > > > - Original Message - > From: <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, November 28, 2002 2:30 PM > Subject: Freeradius-Users digest, Vol 1 #1298 - 10 msgs > > > > Send Freeradius-Users mailing list submissions to > > [EMAIL PROTECTED] > > > > To subscribe or unsubscribe via the World Wide Web, visit > > http://lists.cistron.nl/mailman/listinfo/freeradius-users > > or, via email, send a message with subject or body 'help' to > > [EMAIL PROTECTED] > > > > You can reach the person managing the list at > > [EMAIL PROTECTED] > > > > When replying, please edit your Subject line so it is mor
help
.+-wèþ˱Êâmïî˱Êâmäzm§ÿðÃëyêÚv+¬¢¸?+-þë®Èm
RE: Linux+freeradius+mysql
Use dialup_admin to view usage. You can find the sql queries in the source code Chhai -Original Message- From: Iq [mailto:[EMAIL PROTECTED]] Sent: Thursday, 28 November 2002 3:29 PM To: [EMAIL PROTECTED] Subject: Linux+freeradius+mysql Hi everyone, tried freeradius with mysql, got it working but how do I get usage details out of radacct table. Is there a query provided anywhere. I made two sessions and got both of them in radacct. Bellow is a copy of what I got in radacct mysql> select * from radacct where Username='iraja'; +---+---+--+--+---+- -+---+-+-+-+ -+---+---+---+-- ---+--+-+--+ +-++-+-- --+---+ | RadAcctId | AcctSessionId | AcctUniqueId | UserName | Realm | NASIPAddress | NASPortId | NASPortType | AcctStartTime | AcctStopTime| AcctSessionTime | AcctAuthentic | ConnectInfo_start | ConnectInfo_stop | AcctInputOctets | AcctOutputOctets | CalledStationId | CallingStationId | AcctTerminateCause | ServiceType | FramedProtocol | FramedIPAddress | AcctStartDelay | AcctStopDelay | +---+---+--+--+---+- -+---+-+-+-+ -+---+---+---+-- ---+--+-+--+ +-++-+-- --+---+ | 2 | 7100034B | | iraja| | 203.14.183.2 |12 | Async | 2002-11-26 22:27:39 | 2002-11-26 22:29:08 | 89 | RADIUS| 38666 LAPM/V42BIS | 24000 LAPM/V42BIS |1399 | 1064 | 87966000| | User-Request | Framed-User | PPP| 203.14.193.11 | 0 | 0 | | 4 | 7100034C | | iraja| | 203.14.183.2 |11 | Async | 2002-11-26 22:30:46 | 2002-11-26 22:36:12 | 326 | RADIUS| 52000 LAPM/V42BIS | 52000 LAPM/V42BIS | 159179 | 1355687 | 87966000| | User-Request | Framed-User | PPP| 203.14.193.12 | 0 | 0 | +---+---+--+--+---+- -+---+-+-+-+ -+---+---+---+-- ---+--+-+--+ +-++-+-- --+---+ 2 rows in set (0.00 sec) mysql> If you have any questions or comments, kindly do not hesitate to contact us at Golden IT. kind regards, Internet Services Administrator Golden IT Ph: +61 (3) 97052511 Fax: +61 (3) 97052544 Email: [EMAIL PROTECTED] Web: www.goldenit.net.au - Please advise the originator by telephone (03)9705 2511 in the event that this transmission is incomplete. IF THIS EMAIL HAS BEEN SENT TO YOU BY MISTAKE: please call (03) 9705 2511 and destroy it immediately. This email may contain Information which is confidential or which is subject to legal professional privilege. You must not use this email or the Information in it. Any confidentiality or privilege is not waived or lost because this email has been sent to you by mistake. - Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, November 28, 2002 2:30 PM Subject: Freeradius-Users digest, Vol 1 #1298 - 10 msgs > Send Freeradius-Users mailing list submissions to > [EMAIL PROTECTED] > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.cistron.nl/mailman/listinfo/freeradius-users > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Freeradius-Users digest..." > > > Today's Topics: > >1. RE: Re: FreeRadius 0.8, Oracle 8.1.7. Problem with CPU load (Novoselsky Alexander) >2. Re: User Configuartion Help and Interesting Scenario (Alan Wong) >3. Re: EAP/TLS testing: SSL_set_my_callback (Artur Hecker) >4. Re: SSL_read Error: EAP-TLS (Artur Hecker) >5. RE: use freeradius to clear line (Chhai Thach) >6. RE: use freeradius to clear line (Chhai Thach) >7. Please Confirm Your $10,000 Entries! ([EMAIL PROTECTED]) >8. Recommend-It: PLS REPLY to CONFIRM [[EMAIL PROTECTED]/6
Linux+freeradius+mysql
Hi everyone, tried freeradius with mysql, got it working but how do I get usage details out of radacct table. Is there a query provided anywhere. I made two sessions and got both of them in radacct. Bellow is a copy of what I got in radacct mysql> select * from radacct where Username='iraja'; +---+---+--+--+---+- -+---+-+-+-+ -+---+---+---+-- ---+--+-+--+ +-++-+-- --+---+ | RadAcctId | AcctSessionId | AcctUniqueId | UserName | Realm | NASIPAddress | NASPortId | NASPortType | AcctStartTime | AcctStopTime| AcctSessionTime | AcctAuthentic | ConnectInfo_start | ConnectInfo_stop | AcctInputOctets | AcctOutputOctets | CalledStationId | CallingStationId | AcctTerminateCause | ServiceType | FramedProtocol | FramedIPAddress | AcctStartDelay | AcctStopDelay | +---+---+--+--+---+- -+---+-+-+-+ -+---+---+---+-- ---+--+-+--+ +-++-+-- --+---+ | 2 | 7100034B | | iraja| | 203.14.183.2 |12 | Async | 2002-11-26 22:27:39 | 2002-11-26 22:29:08 | 89 | RADIUS| 38666 LAPM/V42BIS | 24000 LAPM/V42BIS |1399 | 1064 | 87966000| | User-Request | Framed-User | PPP| 203.14.193.11 | 0 | 0 | | 4 | 7100034C | | iraja| | 203.14.183.2 |11 | Async | 2002-11-26 22:30:46 | 2002-11-26 22:36:12 | 326 | RADIUS| 52000 LAPM/V42BIS | 52000 LAPM/V42BIS | 159179 | 1355687 | 87966000| | User-Request | Framed-User | PPP| 203.14.193.12 | 0 | 0 | +---+---+--+--+---+- -+---+-+-+-+ -+---+---+---+-- ---+--+-+--+ +-++-+-- --+---+ 2 rows in set (0.00 sec) mysql> If you have any questions or comments, kindly do not hesitate to contact us at Golden IT. kind regards, Internet Services Administrator Golden IT Ph: +61 (3) 97052511 Fax: +61 (3) 97052544 Email: [EMAIL PROTECTED] Web: www.goldenit.net.au - Please advise the originator by telephone (03)9705 2511 in the event that this transmission is incomplete. IF THIS EMAIL HAS BEEN SENT TO YOU BY MISTAKE: please call (03) 9705 2511 and destroy it immediately. This email may contain Information which is confidential or which is subject to legal professional privilege. You must not use this email or the Information in it. Any confidentiality or privilege is not waived or lost because this email has been sent to you by mistake. - Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, November 28, 2002 2:30 PM Subject: Freeradius-Users digest, Vol 1 #1298 - 10 msgs > Send Freeradius-Users mailing list submissions to > [EMAIL PROTECTED] > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.cistron.nl/mailman/listinfo/freeradius-users > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Freeradius-Users digest..." > > > Today's Topics: > >1. RE: Re: FreeRadius 0.8, Oracle 8.1.7. Problem with CPU load (Novoselsky Alexander) >2. Re: User Configuartion Help and Interesting Scenario (Alan Wong) >3. Re: EAP/TLS testing: SSL_set_my_callback (Artur Hecker) >4. Re: SSL_read Error: EAP-TLS (Artur Hecker) >5. RE: use freeradius to clear line (Chhai Thach) >6. RE: use freeradius to clear line (Chhai Thach) >7. Please Confirm Your $10,000 Entries! ([EMAIL PROTECTED]) >8. Recommend-It: PLS REPLY to CONFIRM [[EMAIL PROTECTED]/6947] (Recommend-It Confirmation Bot) >9. Can I do eap/tls use 2 wire NIC and cisco 2950? (Huter.Liu) > 10. Re: Recommend-It: PLS REPLY to CONFIRM [[EMAIL PROTECTED]/6947] ([EMAIL PROTECTED]) > > --__--__-- > > Message: 1 > From: Novoselsky Ale
rlm_sqlcounter
how do I include rlm_sqlcounter in the compilation? Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Recommend-It: PLS REPLY to CONFIRM [freeradius-users@lists.cistron.nl/6947]
> CONFIRMATION OF RECOMMEND-IT SUBSCRIPTION REQUEST IS REQUIRED! > > We have just received a subscription request to add you to the > free lists run by Recommend-It. You must confirm your subscription to > join these lists by following the simple instructions below. > > INSTRUCTIONS: > > In order to activate your subscription(s), you MUST send us an email > by replying to this message to verify your email address! It is very easy: > simply hit the "Reply" button to this email, leave the confirmation code > in the "Subject:" and click to "Send." > > Alternatively, you can also confirm via the web: > > http://www.ric2.com/pmdconfirm.jsp?E=freeradius-users%40lists.cistron.nl&T=6947 > > If asked, your codes are E: [EMAIL PROTECTED] and T: 6947 > > This is just to verify your email address and to make sure no one is trying > to subscribe you without your permission. If this subscription request is > in error, do nothing, you will NOT receive any mail from us. > > We NEVER spam, and this email is to validate the subscription request we > received via the Recommend-It web site. There is a possibility that someone > may have attempted to sign you up maliciously; in which case ignore this > email. Again, we do not harvest or send unsolicited email of any sort, nor > do we wish to do that. > > Finally, let us remind you again: to confirm your subscription, "Reply" to this > message, leaving the code in the subject line, and click on "Send". > > > Recommend-It lists requested: > > Recommend-It/Dating.list > Recommend-It/Entertainment_Ezine.list > Recommend-It/HUMOR.list > Recommend-It/Recommend-It_Megazine.list > > > > > ** [EMAIL PROTECTED] > > > > > > > > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Can I do eap/tls use 2 wire NIC and cisco 2950?
hi,everyone! I know 802.1x support both wireless and wire network authentication,but I found nobody use 802.1x do wire network authentication,why?I don't know.Now I'd to do such a trick,I must show somebody how cisco 2950 support 802.1x authentication,I want use freeradius and xsupplicant,just use one laptop with two wire NIC(one embedded and one PCMCIA,I can't found any document about xsupplicant,can you tell me xsupplicant support wire NIC do EAP/TLS authentication or not? Best Regards Yours Huter.Liu [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Recommend-It: PLS REPLY to CONFIRM [freeradius-users@lists.cistron.nl/6947]
CONFIRMATION OF RECOMMEND-IT SUBSCRIPTION REQUEST IS REQUIRED! We have just received a subscription request to add you to the free lists run by Recommend-It. You must confirm your subscription to join these lists by following the simple instructions below. INSTRUCTIONS: In order to activate your subscription(s), you MUST send us an email by replying to this message to verify your email address! It is very easy: simply hit the "Reply" button to this email, leave the confirmation code in the "Subject:" and click to "Send." Alternatively, you can also confirm via the web: http://www.ric2.com/pmdconfirm.jsp?E=freeradius-users%40lists.cistron.nl&T=6947 If asked, your codes are E: [EMAIL PROTECTED] and T: 6947 This is just to verify your email address and to make sure no one is trying to subscribe you without your permission. If this subscription request is in error, do nothing, you will NOT receive any mail from us. We NEVER spam, and this email is to validate the subscription request we received via the Recommend-It web site. There is a possibility that someone may have attempted to sign you up maliciously; in which case ignore this email. Again, we do not harvest or send unsolicited email of any sort, nor do we wish to do that. Finally, let us remind you again: to confirm your subscription, "Reply" to this message, leaving the code in the subject line, and click on "Send". Recommend-It lists requested: Recommend-It/Dating.list Recommend-It/Entertainment_Ezine.list Recommend-It/HUMOR.list Recommend-It/Recommend-It_Megazine.list ** [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Please Confirm Your $10,000 Entries!
Please confirm the following contest entries by clicking the link below: Recommend-It Spread the Word and Win $10,000 Sweepstakes (5 Entries) Sony DVD Player Giveaway (5 Entries) Your confirmation link is: http://ric1.com/irec.e?228469CB76F Your confirmation page will also show you how you can earn additional contest entries by visiting great Recommend-It websites! Don't want to hear about other contests and promotions? Visit the link above and uncheck the notification box. --- Recommend-It, iRecommend-It and Spread the Word and Win are trademarks of Digital Demographics, Inc. All contest entries are subject to applicable contest rules. Visit http://iRecommend-it.com/ for more details. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: use freeradius to clear line
Radzap doesn't seem to work for me either. I have two users stuck in FR but they have disconnected from NAS a long time ago. -Chhai -Original Message- From: Vitaliy Karlov [mailto:[EMAIL PROTECTED]] Sent: Thursday, 28 November 2002 1:51 AM To: [EMAIL PROTECTED] Subject: Re: use freeradius to clear line On Wed, Nov 27, 2002 at 10:10:33AM -0500, Alan DeKok wrote: > "Chhai Thach" <[EMAIL PROTECTED]> wrote: > > Is there a way to manually disconnect the user using freeradius instead > > of NAS? > > Did you bother reading the FAQ? May be I wrong, but in FR-0.8 radzap is broken! I yourself want delete user from line, but nothing more, then log-entry: in radius.log "Error: No clients entry for localhost", did not recieve :( In client and clients.conf I have records for localhost! Any suggestion? PS. Now I use radzap from FR-0.7... -- WBR, Vitaliy Karlov [KV1670-RIPE] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: use freeradius to clear line
Thanks Alan! I read the FAQ once before and I remembered that freeradius could kick users but I forgot that it was in the FAQ if that make sense at all! Chhai -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED]] Sent: Thursday, 28 November 2002 1:41 AM To: [EMAIL PROTECTED] Subject: Re: use freeradius to clear line "Chhai Thach" <[EMAIL PROTECTED]> wrote: > Is there a way to manually disconnect the user using freeradius instead > of NAS? Did you bother reading the FAQ? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SSL_read Error: EAP-TLS
ah, that's a good one Nikhil Chauhan wrote: > > I generated the certificates as per the HOWTO > by Raymond MacKay. I get a SSL_read Error (Please > see the attached radius server log). > TLS_accept:error in SSLv3 read client certificate A > rlm_eap_tls: SSL_read Error > Error code is . 2 > SSL Error . 2 > modcall[authenticate]: module "eap" returns ok > modcall: group authenticate returns ok you are talking about that one right? there is to say, i've been having this error ever since (v0.5) and it seems to work but i would indeed like to know what it actually is... anybody an idea? some openssl expert? ciao artur -- Artur Hecker artur[at]hecker.info - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/TLS testing: SSL_set_my_callback
you don't need x99 token. go in the src/modules directory, locate the "stable" file and throw it out of the list. ciao artur Nikhil Chauhan wrote: > > Hi Artur: > > Thanks for your suggestions. I heartly appreciate > them. > > The problem with SSL_set_msg_callback seems to be > fixed now. I installed the latest Beta version of the > openssl and /usr/local/lib/ldd rlm_eap_tls-0.7-pre.so > seems to give me libraries from this version of > openssl. I tried again with FreeRADIUS-0.7 and I get a > segmentation fault when it tries to process the TLS > request: (NOTE: PLEASE READ BELOW THE FOLLOWING LOG AS > WELL) > > > Listening on IP address *, ports 1812/udp and > 1813/udp, with proxy on 1814/udp. > Ready to process requests. > rad_recv: Access-Request packet from host > 192.168.11.20:1047, id=23, length=122 > User-Name = "adam-ctl" > NAS-IP-Address = 192.168.11.20 > Called-Station-Id = "004096577e54" > Calling-Station-Id = "00080997" > NAS-Identifier = "AP350" > NAS-Port = 29 > Framed-MTU = 1400 > NAS-Port-Type = Wireless-802.11 > EAP-Message = "\002\035\000\r\001adam-ctl" > Message-Authenticator = > 0x09cf6a42badba94b8978e30247cdd626 > modcall: entering group authorize > modcall[authorize]: module "preprocess" returns ok > modcall[authorize]: module "eap" returns updated > rlm_realm: Looking up realm NULL for User-Name = > "adam-ctl" > rlm_realm: No such realm NULL > modcall[authorize]: module "suffix" returns noop > users: Matched adam-ctl at 97 > modcall[authorize]: module "files" returns ok > modcall: group authorize returns updated > rad_check_password: Found Auth-Type EAP > auth: type "EAP" > modcall: entering group authenticate > rlm_eap: processing type tls > Segmentation fault > == > > I understand that there are a lot of bug-fixes within > FreeRadius 0.8 release and I should UPGRADE to the > same level. I tried to install freeradius-0.8 and it > gives me a parse error in unistd.h > === > gmake[6]: Entering directory > `/tmp/freeradius-0.8/src/modules/rlm_unix' > /tmp/freeradius-0.8/libtool --mode=link > ld \ > -module -static -g -O2 -D_REENTRANT > -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -g > -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align > -Wwrite-strings -Wstrict-prototypes > -Wmissing-prototypes -Wmissing-declarations > -Wnested-externs -I../../include rlm_unix.o cache.o > compat.o -o rlm_unix.a > ar cru rlm_unix.a rlm_unix.o cache.o compat.o > ranlib rlm_unix.a > gmake[6]: Leaving directory > `/tmp/freeradius-snapshot-20021122/src/modules/rlm_unix' > Making static dynamic in rlm_x99_token... > gmake[6]: Entering directory > `/tmp/freeradius-snapshot-20021122/src/modules/rlm_x99_token' > gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS > -Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith > -Wcast-qual -Wcast-align -Wwrite-strings > -Wstrict-prototypes -Wmissing-prototypes > -Wmissing-declarations -Wnested-externs > -I../../include -DX99_MODULE_NAME=\"rlm_x99_token\" > -DFREERADIUS -c x99_site.c -o x99_site.o > In file included from ../../include/radiusd.h:19, > from x99_rad.h:25, > from x99.h:201, > from x99_site.c:37: > /usr/include/unistd.h:945: parse error before `(' > /usr/include/unistd.h:945: parse error before > `__const' > gmake[6]: *** [x99_site.o] Error 1 > gmake[6]: Leaving directory > `/tmp/freeradius-0.8/src/modules/rlm_x99_token' > gmake[5]: *** [common] Error 1 > gmake[5]: Leaving directory > `/tmp/freeradius-0.8/src/modules' > gmake[4]: *** [all] Error 2 > gmake[4]: Leaving directory > `/tmp/freeradius-0.8/src/modules' > gmake[3]: *** [common] Error 1 > gmake[3]: Leaving directory > `/tmp/freeradius-0.8/src' > gmake[2]: *** [all] Error 2 > gmake[2]: Leaving directory > `/tmp/freeradius-0.8/src' > gmake[1]: *** [common] Error 1 > gmake[1]: Leaving directory > `/tmp/freeradius-0.8' > make: *** [all] Error 2 > = > > --- Artur Hecker <[EMAIL PROTECTED]> wrote: > > nikhil: > > > > > > as i already said to you: > > - upgrade to the newest version, why do you still > > use the 0.7.1? > > - assure that the "old" openssl is not involved into > > the compilation > > > > your problem is evidently that the rlm_eap_tls used > > by freeradius is > > compiled to use the old openssl OR it uses this for > > unclear reasons. > > resolve it, don't wait for _the_ solution, simply > > try, play with your > > settings (after having upgraded), with your gcc > > config, your system > > config, etc. > > > > the old lib doesn't have this function, only the new > > beta versions have > > (for as far as i know). yours evidently don't. > > upgrade & recompile it. > > > > i'm sorry but it's a little bit hard to see what the > > exact
Re: User Configuartion Help and Interesting Scenario
Dear all, Sorry for the badly worded question which has caused a big confusion. I think I should explain the problem at hand instead of asking bits and pieces. I want to be able to use an authenication server which will receive a request. This request asks the authentication server to dynamically add the user and also generate a one time password. Then after the user is authenticated with that password it will be deleted. Therefore the question is, are there add on modules that can dynamically add a user and generate a one time password? But now that the only way to dynamically add a user is through a database (we do not want to even restart the auth server) therefore the main question is is there a module to generate a one time password (and also be able to delete the user after the password has been used?) Sorry for the confusion caused. THanks in advance, Alan >From: Chris Brotsos <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: [EMAIL PROTECTED] >Subject: Re: User Configuartion Help and Interesting Scenario >Date: Wed, 27 Nov 2002 07:39:13 -0600 > >Alan, > >At 11:38 PM 11/27/2002 +1100, you wrote: >>Dear all, >> >>I have just installed radius 0.8 on my redhat 7.2 box. Being a total >>newbie I just wanted to know two things... >> >>1) Firstly how do I add new users and then without restarting make radius >>reread the users file? Is there a configuration switch to allow me to do >>that? If it isnt possible, can i set up a database and do it that way? I >>just need to know how to dynamically add new users without restarting the >>radius server. > >Yes, you will need to use a database. > > >>2) Is it possible for radius to also send back a string (password) back to >>the client instead of just accept-accept. Or will I have to set up another >>machine or program to do that? > >I am a little unsure of what you mean here, but I think you are referring >to the use of a Reply-Message attribute that can be added to the user's >profile to send back a string with your Access-Accept packet. > >Chris > > > >- List info/subscribe/unsubscribe? See >http://www.freeradius.org/list/users.html _ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Re: FreeRadius 0.8, Oracle 8.1.7. Problem with CPU load
Title: RE: Re: FreeRadius 0.8, Oracle 8.1.7. Problem with CPU load > -Original Message- > From: Chris Parker [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, November 26, 2002 7:47 PM > To: [EMAIL PROTECTED] > > > > Maybe they cache the responses from Oracle. Look at the queries they do to Oracle, to see what's going on. > >May be. But OpenRADIUS and Navis Radius use simple SQL queries: "SELECT password FROM users WHERE username = ?". > >It seems to me, in FreeRadius 0.8 SQL query is not configurable parameter. > >But FreeRadius 0.7.1 used almost the same SQL query (it was in file sql.conf). > > Nope, you can edit the queries in 'sql.conf' for all versions of FreeRADIUS. > Try editing it and see what it does to the performance. A simpler > query ( assuming properly indexed tables, etc ) should return faster. Thank you for advice, Chris. I tried to leave in file 'sql.conf' only 1 line with SELECT: authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM ${authcheck_table} WHERE Username = '%{SQL-User-Name}' ORDER BY id" It improved results: instead of 25-30% CPU load, now works with Oracle takes 15-20% CPU load. May be, source of my problem was so. I filled only table 'radcheck', but left in file 'sql.conf' all SQL queries, which tried to search in empty tables. Best regards, Alexander Novoselsky, Programmer E-mail: [EMAIL PROTECTED]
Re: LDAP bind problem
> Let me guess. When using '-s' you're running as 'root'. You've > also got the 'user' and 'group' entries in radiusd.conf set to > 'nobody'. Nope, it actually is running as nobody in "-s" mode. I tried running with the user and group commented out letting it run as root in both modes: no change in behavior. > If the server can connect using '-s', then it can connect in > threaded mode. The issue is that you've got to figure out what is > different between the two. Not sure what the difference is. I even examined truss output in both modes. I did not see anything that jumped right out, but I only gave this a cursory look... I've got a deadline looming :-) I am going to try to see if I can duplicate things on my old development server, which also runs Solaris 8. > What lda libraries are you using? What type of LDAP server are you > using? I'm using openldap-2.0.27 libraries on the RADIUS server. Our LDAP server is iPlanet on a Solaris box. sam -- Samuel T Patterson Systems Programmer Northern Arizona University Information and Technology Services [EMAIL PROTECTED] Work: (928) 523-8246 Pager: (928) 213-5176 P.O. Box 5100 Flagstaff, AZ 86011 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SSL_read Error: EAP-TLS
Hello: I'm testing EAP TLS functionality with: * freeRADIUS-0.8 and the latest version of openssl -(openssl-0.9.7-beta4) on the server; * Linux machine as a client, and * Cisco's AP350 as the authenticator. I generated the certificates as per the HOWTO by Raymond MacKay. I get a SSL_read Error (Please see the attached radius server log). Any similar experiences? == run_radius -X -A > radius_log + LD_LIBRARY_PATH=/usr/local/openssl-beta-latest/lib + LD_PRELOAD=/usr/local/openssl-beta-latest/lib/libcrypto.so + export LD_LIBRARY_PATH LD_PRELOAD + /usr/local/sbin/radiusd -X -A Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/usr/local/var" main: logdir = "/usr/local/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/usr/local/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: servers_per_realm = 15 security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/usr/local/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "tls" eap: timer_expire = 60 tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/etc/1x/tstpc11.pem" tls: certificate_file = "/etc/1x/tstpc11.pem" tls: CA_file = "/etc/1x/root.pem" tls: private_key_password = "whatever" tls: dh_file = "/etc/1x/DH" tls: random_file = "/etc/1x/random" tls: fragment_size = 1024 tls: include_length = yes rlm_eap_tls: conf N ctx stored rlm_eap: Loaded and initialized the type tls Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: preproxy_usersfile = "/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port-Id" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/usr/local/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) main: smux_password = "" main: snmp_write_access = no SMUX connect try 1 Can't connect to SNMP agent with SMUX: Connection refused Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp. Ready to process requests. rad_recv: Access-Request packet from host 192.168.11.20:1549, id=13, length=116 User-Name = "Cisco" NAS-IP-Address = 192.168.11.20 Called-Station-Id = "004096577e54" Calling-Station-Id = "00080997"
Re: Max-Daily-Session token usage, can anyone help?
Thanks... Spasiba Peter Svetlana Vyslanko writes: I have downloaded version 0.8, and I've been lookoing at the sql (mysql) table... It seems that there is no entry for Max-Session-Time (or is it Max-Daily Session?) or either the Daily-Session-Time... Can anyone guide me on how to use these tokens properly... TIA Peter I used Max-Daily-Session, Max-Monthly-Session and Max-All-Session with version 0.7.1. radiusd.conf sqlcounter noresetcounter { counter-name = Max-All-Session-Time check-name = Max-All-Session sqlmod-inst = sql key = User-Name reset = never query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}'" } sqlcounter dailycounter { driver = "rlm_sqlcounter" counter-name = Daily-Session-Time check-name = Max-Daily-Session sqlmod-inst = sql key = User-Name reset = daily query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" } sqlcounter monthlycounter { counter-name = Monthly-Session-Time check-name = Max-Monthly-Session sqlmod-inst = sql key = User-Name reset = monthly query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" } ... authorize { preprocess sql noresetcounter dailycounter monthlycounter files } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/TLS testing: SSL_set_my_callback
Hi All: The solution... * Clean-up all prior versions of freeRADIUS and openSSL * Install the latest BETA version of openssl (0.9.7-beta4) * Download latest version of freeRADIUS(0.8) * Run ./configure under freeRADIUS root directory * Do necessary changes in the Makefile under rlm_eap_tls directory * Run ./make under freeRADIUS root dir * Type the command: /usr/local/lib/ldd rlm_eap_tls-0.7-pre.so * Make sure that the referred "libssl" and "libcrypto" are the correct ones from the latest openSSL BETA version -(0.9.7-beta4) * Run ./make install under freeRADIUS root directory It should work fine and should perform TLS handshaking. Thanks especially to Artur. I would close this thread of emails now. :-)) --- Nikhil Chauhan <[EMAIL PROTECTED]> wrote: > Hi Artur: > > Thanks for your suggestions. I heartly appreciate > them. > > The problem with SSL_set_msg_callback seems to be > fixed now. I installed the latest Beta version of > the > openssl and /usr/local/lib/ldd > rlm_eap_tls-0.7-pre.so > seems to give me libraries from this version of > openssl. I tried again with FreeRADIUS-0.7 and I get > a > segmentation fault when it tries to process the TLS > request: (NOTE: PLEASE READ BELOW THE FOLLOWING LOG > AS > WELL) > > > Listening on IP address *, ports 1812/udp and > 1813/udp, with proxy on 1814/udp. > Ready to process requests. > rad_recv: Access-Request packet from host > 192.168.11.20:1047, id=23, length=122 > User-Name = "adam-ctl" > NAS-IP-Address = 192.168.11.20 > Called-Station-Id = "004096577e54" > Calling-Station-Id = "00080997" > NAS-Identifier = "AP350" > NAS-Port = 29 > Framed-MTU = 1400 > NAS-Port-Type = Wireless-802.11 > EAP-Message = "\002\035\000\r\001adam-ctl" > Message-Authenticator = > 0x09cf6a42badba94b8978e30247cdd626 > modcall: entering group authorize > modcall[authorize]: module "preprocess" returns ok > modcall[authorize]: module "eap" returns updated > rlm_realm: Looking up realm NULL for User-Name = > "adam-ctl" > rlm_realm: No such realm NULL > modcall[authorize]: module "suffix" returns noop > users: Matched adam-ctl at 97 > modcall[authorize]: module "files" returns ok > modcall: group authorize returns updated > rad_check_password: Found Auth-Type EAP > auth: type "EAP" > modcall: entering group authenticate > rlm_eap: processing type tls > Segmentation fault > == > > I understand that there are a lot of bug-fixes > within > FreeRadius 0.8 release and I should UPGRADE to the > same level. I tried to install freeradius-0.8 and it > gives me a parse error in unistd.h > === > gmake[6]: Entering directory > `/tmp/freeradius-0.8/src/modules/rlm_unix' > /tmp/freeradius-0.8/libtool --mode=link > ld \ > -module -static -g -O2 -D_REENTRANT > -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -g > -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align > -Wwrite-strings -Wstrict-prototypes > -Wmissing-prototypes -Wmissing-declarations > -Wnested-externs -I../../include rlm_unix.o cache.o > compat.o -o rlm_unix.a > ar cru rlm_unix.a rlm_unix.o cache.o compat.o > ranlib rlm_unix.a > gmake[6]: Leaving directory > `/tmp/freeradius-snapshot-20021122/src/modules/rlm_unix' > Making static dynamic in rlm_x99_token... > gmake[6]: Entering directory > `/tmp/freeradius-snapshot-20021122/src/modules/rlm_x99_token' > gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS > -Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith > -Wcast-qual -Wcast-align -Wwrite-strings > -Wstrict-prototypes -Wmissing-prototypes > -Wmissing-declarations -Wnested-externs > -I../../include -DX99_MODULE_NAME=\"rlm_x99_token\" > -DFREERADIUS -c x99_site.c -o x99_site.o > In file included from ../../include/radiusd.h:19, > from x99_rad.h:25, > from x99.h:201, > from x99_site.c:37: > /usr/include/unistd.h:945: parse error before `(' > /usr/include/unistd.h:945: parse error before > `__const' > gmake[6]: *** [x99_site.o] Error 1 > gmake[6]: Leaving directory > `/tmp/freeradius-0.8/src/modules/rlm_x99_token' > gmake[5]: *** [common] Error 1 > gmake[5]: Leaving directory > `/tmp/freeradius-0.8/src/modules' > gmake[4]: *** [all] Error 2 > gmake[4]: Leaving directory > `/tmp/freeradius-0.8/src/modules' > gmake[3]: *** [common] Error 1 > gmake[3]: Leaving directory > `/tmp/freeradius-0.8/src' > gmake[2]: *** [all] Error 2 > gmake[2]: Leaving directory > `/tmp/freeradius-0.8/src' > gmake[1]: *** [common] Error 1 > gmake[1]: Leaving directory > `/tmp/freeradius-0.8' > make: *** [all] Error 2 > = > > --- Artur Hecker <[EMAIL PROTECTED]> wrote: > > nikhil: > > > > > > as i already said to you: > > - upgrade to the newest version, why do you still > > use the 0.7.1? > > - assure that the "old
Re: Does mod_auth_radius can talk with a shiva radius?
Thanks for the quick response. I'm an idiot.. I am using one time password method and just forgot about the caveat that is mentioned in the source file regarding the browser behavior when not directed to a specific url.. Fixed it and it works just fine. Thanks again.. --- Alan DeKok <[EMAIL PROTECTED]> wrote: > aviel levy <[EMAIL PROTECTED]> wrote: > > We compiled mod_auth_radius-1.5.4 with > apache_1.3.27 > > on RedHat 8. > > > > Can it work with a shiva radius server (access > manager > > 5.7)? > > I don't see why not. > > > The client gets an positive reply from the server > but > > sends another request and then is denied.. > > See if there's any debugging information you can > get. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: MS-CHAP
Dear Josh Howlett, No. rlm_smb is authentication module, not authorization one. You can use either rlm_mschap or rlm_smb. --Wednesday, November 27, 2002, 6:46:43 PM, you wrote to [EMAIL PROTECTED]: JH> Does that include rlm_smb? JH> thanks, josh. JH> On Wed, 2002-11-27 at 15:34, 3APA3A wrote: >> Dear Josh Howlett, >> >> You can use mschap authentication module in conjunction with any >> authorization module (for example sql or dbm). All you need is cleartext >> or NT-crypted password to be accessable. So you can use almost any DBMS >> (Oracle, MySQL, PostgreSQL, MS SQL, DB2, Sybase, etc), LDAP, text >> password file format, DBM file format, and users file. >> >> --Wednesday, November 27, 2002, 5:21:26 PM, you wrote to >[EMAIL PROTECTED]: >> >> JH> Hi, >> >> JH> What can Freeradius use to authenticate MS-CHAP against? I know of the >> JH> following methods: >> JH> - the 'users' file >> JH> - /etc/smbpasswd >> JH> - LDAP directory >> JH> - proxy to another RADIUS server >> >> JH> Are there any others? >> >> JH> thanks, josh. >> >> >> >> -- >> ~/ZARAZA >> Ms ` b veknl, Shk|l, gdexmhi jkhl`r - efekh rnk|jn >> }rn lnfmn m`gb`r| jkhl`rnl, bonkme qmnqm{i. (Rbem) >> -- ~/ZARAZA Ïèøèòå åùå. È åñëè â âàøåé ïåòèöèè èìåëñÿ êàêîé-íèáóäü ñìûñë, òî, íå ñòåñíÿÿñü, ðàçúÿñíèòå â ÷åì äåëî. (Òâåí) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MS-CHAP
Does that include rlm_smb? thanks, josh. On Wed, 2002-11-27 at 15:34, 3APA3A wrote: > Dear Josh Howlett, > > You can use mschap authentication module in conjunction with any > authorization module (for example sql or dbm). All you need is cleartext > or NT-crypted password to be accessable. So you can use almost any DBMS > (Oracle, MySQL, PostgreSQL, MS SQL, DB2, Sybase, etc), LDAP, text > password file format, DBM file format, and users file. > > --Wednesday, November 27, 2002, 5:21:26 PM, you wrote to >[EMAIL PROTECTED]: > > JH> Hi, > > JH> What can Freeradius use to authenticate MS-CHAP against? I know of the > JH> following methods: > JH> - the 'users' file > JH> - /etc/smbpasswd > JH> - LDAP directory > JH> - proxy to another RADIUS server > > JH> Are there any others? > > JH> thanks, josh. > > > > -- > ~/ZARAZA > Ms ` b veknl, Shk|l, gdexmhi jkhl`r - efekh rnk|jn > }rn lnfmn m`gb`r| jkhl`rnl, bonkme qmnqm{i. (Rbem) > -- --- Josh Howlett, Networking & Digital Communications, Information Systems & Computing, University of Bristol, U.K. 'phone: 0117 928 7850 email: [EMAIL PROTECTED] --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Does mod_auth_radius can talk with a shiva radius?
aviel levy <[EMAIL PROTECTED]> wrote: > We compiled mod_auth_radius-1.5.4 with apache_1.3.27 > on RedHat 8. > > Can it work with a shiva radius server (access manager > 5.7)? I don't see why not. > The client gets an positive reply from the server but > sends another request and then is denied.. See if there's any debugging information you can get. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MS-CHAP
Dear Josh Howlett, You can use mschap authentication module in conjunction with any authorization module (for example sql or dbm). All you need is cleartext or NT-crypted password to be accessable. So you can use almost any DBMS (Oracle, MySQL, PostgreSQL, MS SQL, DB2, Sybase, etc), LDAP, text password file format, DBM file format, and users file. --Wednesday, November 27, 2002, 5:21:26 PM, you wrote to [EMAIL PROTECTED]: JH> Hi, JH> What can Freeradius use to authenticate MS-CHAP against? I know of the JH> following methods: JH> - the 'users' file JH> - /etc/smbpasswd JH> - LDAP directory JH> - proxy to another RADIUS server JH> Are there any others? JH> thanks, josh. -- ~/ZARAZA Íó à â öåëîì, Óèëüÿì, çäåøíèé êëèìàò - åæåëè òîëüêî ýòî ìîæíî íàçâàòü êëèìàòîì, âïîëíå ñíîñíûé. (Òâåí) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Allocating dynamic IP addresses from FreeRadius
On Wed, 2002-11-27 at 09:26, Vitaliy Karlov wrote: > On Wed, Nov 27, 2002 at 04:12:12PM +0200, Kostas Kalevras wrote: > > > Hi All! > > > In radiusd.conf I put this: > > > > > > === radiusd.conf = > > > ippool main_pool { > > > range-start = 10.1.1.1 > > > range-stop = 10.1.1.255 > > > netmask = 255.255.255.255 > > > > You should put a netmask of 255.255.255.0 > > Delete the db* files and run the server in debug mode (radiusd -X) > > I delete all entries with db* and get this (I does not run radiusd in debug mode) > == radius.log == > Wed Nov 27 16:20:17 2002 : Error: rlm_ippool: 'session-db' must be set. > Wed Nov 27 16:20:17 2002 : Error: radiusd.conf[489]: main_pool: Module instantiation >failed. > === > > ??? > > What is goal of the db* files? > The db* files are used to manage which IP addresses are available, and which ones have been assigned to which NAC/port combination. for the session-db and index-db, you can just put in a path and file name. Here is my complete settings for ths module: ippool ippool { name = ippool session-db = /usr/local/etc/raddb/ippool-sess-db ip-index = /usr/local/etc/raddb/ippool-idx-db range-start = 192.168.1.2 range-stop = 192.168.1.10 netmask = 255.255.255.0 cache-size = 1000 } ippool-sess-db and ippool-idx-db are gdbm databases. you can do a 'man gdbm' for more information. MV -- ~~~ Mike Varley -= SOMA Networks =- Tel: 416.977.1414 x1578 email: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP bind problem
Samuel T Patterson <[EMAIL PROTECTED]> wrote: > Here is some more information about the problem I am seeing. Running > with debug flags shows a "Can't contact LDAP server" message. The bind > is successful if the "-s" argument is used. I would prefer to run > FreeRADIUS in multi-threaded mode, but cannot seem to get it to work! > This is a 0.8 server on Solaris 8. Let me guess. When using '-s' you're running as 'root'. You've also got the 'user' and 'group' entries in radiusd.conf set to 'nobody'. If the server can connect using '-s', then it can connect in threaded mode. The issue is that you've got to figure out what is different between the two. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MS-CHAP
Josh Howlett <[EMAIL PROTECTED]> wrote: > What can Freeradius use to authenticate MS-CHAP against? I know of the > following methods: ... Right now, the mschap module can only use clear-text passwords (or /etc/smbpasswd) for authentication. So any module which supplies a clear-text password for comparison is OK. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: User Configuartion Help and Interesting Scenario
At 09:14 AM 11/27/2002 -0600, you wrote: I'm not disputing anything; I'm trying to provide information. I have freeradius set up to _always_ send reply messages, and I have NASes that show the string to the user on login, and NASes that completely ignore it. Nothing more, nothing less. I thought that maybe you had another idea of what Alan was trying to accomplish. I'm just a little confused because of what he suggested he was trying to return...a password. I didn't know if he meant Reply-Message or not. When you said that the NAS ignores the Reply-Message, I didn't know if you had another attribute in mind that specifically dealt with returning a password to the NAS...that's all I meant. Sorry for the inappropriate tone. Chris Vincent Giovannone Network Infrastructure Group Information Services Division Rush - Presbyterian St. Luke's Medical Center "So for the IT Manager Role, you want someone who's absolute crap, looks reasonable on paper, and won't cause too much trouble. ... Well I don't have any MCSEs on my books at the moment, but I could call around."-- Simon Travaglia Chris Brotsos <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 11/27/2002 09:08 AM Please respond to freeradius-users To: [EMAIL PROTECTED] cc: Subject:Re: User Configuartion Help and Interesting Scenario At 07:50 AM 11/27/2002 -0600, you wrote: >You do NOT need to use a database to cause freeradius to re-read its users >file. You simply have to sigHUP it. Fair enough, I was considering a SIGHUP to be a restart of the process...my apologies for any confusion. I can say though, Alan, if you are worried about losing requests when sending a HUP, the current incoming requests will not be dropped (assuming that the request queue does not get full in the time it takes to restart the process). But, to be more specific, if you don't even want to SIGHUP the process then you will need a database. >Also, the "reply-message" packet is not guaranteed. Well, let me say that >better. It's guaranteed that Freeradius will send it if you specify it. >It is NOT guaranteed what the NAS will do with it. (Some NASes will >ignore it, many will show it to the user.) Well, instead of disputing a suggestion I made, when I stated I wasn't even sure that I completely understood the question, please provide another means...especially if you are sure that you know exactly what Alan is trying to accomplish by returning said string. Thanks, Chris >Vincent Giovannone >Network Infrastructure Group >Information Services Division >Rush - Presbyterian St. Luke's Medical Center > >"So for the IT Manager Role, you want someone who's absolute crap, looks >reasonable on paper, and won't cause too much trouble. ... Well I don't >have any MCSEs on my books at the moment, but I could call around."-- >Simon Travaglia > > > > > >Chris Brotsos <[EMAIL PROTECTED]> >Sent by: [EMAIL PROTECTED] >11/27/2002 07:39 AM >Please respond to freeradius-users > > > To: [EMAIL PROTECTED] > cc: > Subject:Re: User Configuartion Help and Interesting Scenario > > >Alan, > >At 11:38 PM 11/27/2002 +1100, you wrote: > >Dear all, > > > >I have just installed radius 0.8 on my redhat 7.2 box. Being a total > >newbie I just wanted to know two things... > > > >1) Firstly how do I add new users and then without restarting make radius > > >reread the users file? Is there a configuration switch to allow me to do > >that? If it isnt possible, can i set up a database and do it that way? I > >just need to know how to dynamically add new users without restarting the > > >radius server. > >Yes, you will need to use a database. > > > >2) Is it possible for radius to also send back a string (password) back >to > >the client instead of just accept-accept. Or will I have to set up >another > >machine or program to do that? > >I am a little unsure of what you mean here, but I think you are referring >to the use of a Reply-Message attribute that can be added to the user's >profile to send back a string with your Access-Accept packet. > >Chris > > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- Christopher Brotsos ([EMAIL PROTECTED]) Development Engineering StarNet/MegaPOP: http://www.megapop.net WX is wireless : http://www.starnetwx.net This message is sent in confidence to the addressees. It may contain privileged, proprietary, or confidential information. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: use freeradius to clear line
On Wed, Nov 27, 2002 at 10:10:33AM -0500, Alan DeKok wrote: > "Chhai Thach" <[EMAIL PROTECTED]> wrote: > > Is there a way to manually disconnect the user using freeradius instead > > of NAS? > > Did you bother reading the FAQ? May be I wrong, but in FR-0.8 radzap is broken! I yourself want delete user from line, but nothing more, then log-entry: in radius.log "Error: No clients entry for localhost", did not recieve :( In client and clients.conf I have records for localhost! Any suggestion? PS. Now I use radzap from FR-0.7... -- WBR, Vitaliy Karlov [KV1670-RIPE] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authentication vs. Authorization question
Artur Hecker <[EMAIL PROTECTED]> wrote: > his question is how to mangle the response adding authorization data... > Jukka, i think you should take a loot at postproxying available in > freeradius 0.8 or in the snapshots (not sure about that). No. Once the reply is received from the home server, FreeRADIUS will run the packet through the authorization stage again. At this point, you can add whatever authorization you decide is necessary. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: User Configuartion Help and Interesting Scenario
I'm not disputing anything; I'm trying to provide information. I have freeradius set up to _always_ send reply messages, and I have NASes that show the string to the user on login, and NASes that completely ignore it. Nothing more, nothing less. Vincent Giovannone Network Infrastructure Group Information Services Division Rush - Presbyterian St. Luke's Medical Center "So for the IT Manager Role, you want someone who's absolute crap, looks reasonable on paper, and won't cause too much trouble. ... Well I don't have any MCSEs on my books at the moment, but I could call around."-- Simon Travaglia Chris Brotsos <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 11/27/2002 09:08 AM Please respond to freeradius-users To: [EMAIL PROTECTED] cc: Subject:Re: User Configuartion Help and Interesting Scenario At 07:50 AM 11/27/2002 -0600, you wrote: >You do NOT need to use a database to cause freeradius to re-read its users >file. You simply have to sigHUP it. Fair enough, I was considering a SIGHUP to be a restart of the process...my apologies for any confusion. I can say though, Alan, if you are worried about losing requests when sending a HUP, the current incoming requests will not be dropped (assuming that the request queue does not get full in the time it takes to restart the process). But, to be more specific, if you don't even want to SIGHUP the process then you will need a database. >Also, the "reply-message" packet is not guaranteed. Well, let me say that >better. It's guaranteed that Freeradius will send it if you specify it. >It is NOT guaranteed what the NAS will do with it. (Some NASes will >ignore it, many will show it to the user.) Well, instead of disputing a suggestion I made, when I stated I wasn't even sure that I completely understood the question, please provide another means...especially if you are sure that you know exactly what Alan is trying to accomplish by returning said string. Thanks, Chris >Vincent Giovannone >Network Infrastructure Group >Information Services Division >Rush - Presbyterian St. Luke's Medical Center > >"So for the IT Manager Role, you want someone who's absolute crap, looks >reasonable on paper, and won't cause too much trouble. ... Well I don't >have any MCSEs on my books at the moment, but I could call around."-- >Simon Travaglia > > > > > >Chris Brotsos <[EMAIL PROTECTED]> >Sent by: [EMAIL PROTECTED] >11/27/2002 07:39 AM >Please respond to freeradius-users > > > To: [EMAIL PROTECTED] > cc: > Subject:Re: User Configuartion Help and Interesting Scenario > > >Alan, > >At 11:38 PM 11/27/2002 +1100, you wrote: > >Dear all, > > > >I have just installed radius 0.8 on my redhat 7.2 box. Being a total > >newbie I just wanted to know two things... > > > >1) Firstly how do I add new users and then without restarting make radius > > >reread the users file? Is there a configuration switch to allow me to do > >that? If it isnt possible, can i set up a database and do it that way? I > >just need to know how to dynamically add new users without restarting the > > >radius server. > >Yes, you will need to use a database. > > > >2) Is it possible for radius to also send back a string (password) back >to > >the client instead of just accept-accept. Or will I have to set up >another > >machine or program to do that? > >I am a little unsure of what you mean here, but I think you are referring >to the use of a Reply-Message attribute that can be added to the user's >profile to send back a string with your Access-Accept packet. > >Chris > > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Allocating dynamic IP addresses from FreeRadius
On Wed, Nov 27, 2002 at 04:50:50PM +0200, Kostas Kalevras wrote: > > > You should put a netmask of 255.255.255.0 > > > Delete the db* files and run the server in debug mode (radiusd -X) > > > > I delete all entries with db* and get this (I does not run radiusd in debug mode) > > == radius.log == > > Wed Nov 27 16:20:17 2002 : Error: rlm_ippool: 'session-db' must be set. > > Wed Nov 27 16:20:17 2002 : Error: radiusd.conf[489]: main_pool: Module >instantiation failed. > > === > > > > ??? > > I meant all the db *files* not the configuration directives!! OK! Now from this pool IP-address assign diul-up user. Everuthing is OK. But I have some another target... I want in this pool assign, for example, 10 IP-address, not 8 or 16... I.e. 10.1.1.1 - 10.1.1.10. I do not want write like this 10.1.1.0/29 (for 8 IP-address 10.1.1.0-10.1.1.7) or 10.1.1.0/28 (for 16 IP 10.1.1.0-10.1.1.15) May I release similar assignment with radius+rlm_ippol ??? > > What is goal of the db* files? > They are the db keeping state of allocated ips Thanks, i.e. anyway for restarting radiusd I must: touch db.ipindex && touch db.ippool ? I right understand? > > > Read raddb/experimental.conf > > > > Thanks, I read yet... no more? > > No. If you find that it is lacking something please contribute some > documentation. I have bad english :( I may example of config files put here, if I can release _not_ CLASSLESS IP address pool... -- WBR, Vitaliy Karlov [KV1670-RIPE] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Is freeradius support mips platform?
Jeffery Huang <[EMAIL PROTECTED]> wrote: > Here is my error message! > > gmake[4]: Entering directory `/home/jeffery/Project/radiusd/src/lib' > mipsel-linux-gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall > -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align > -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes > -Wmissing-declarations -Wnested-externs -D_LIBRADIUS -I../include -c > dict.c -o dict.o > In file included from dict.c:20: > ../include/libradius.h:19: stdint.h: No such file or directory Your build system (gcc, include files, etc) is completely broken. The stdint.h file is included ONLY if the 'configure' stage finds it. And stdint.h should be included on all modern Linux systems. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: use freeradius to clear line
"Chhai Thach" <[EMAIL PROTECTED]> wrote: > Is there a way to manually disconnect the user using freeradius instead > of NAS? Did you bother reading the FAQ? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: User Configuartion Help and Interesting Scenario
At 07:50 AM 11/27/2002 -0600, you wrote: You do NOT need to use a database to cause freeradius to re-read its users file. You simply have to sigHUP it. Fair enough, I was considering a SIGHUP to be a restart of the process...my apologies for any confusion. I can say though, Alan, if you are worried about losing requests when sending a HUP, the current incoming requests will not be dropped (assuming that the request queue does not get full in the time it takes to restart the process). But, to be more specific, if you don't even want to SIGHUP the process then you will need a database. Also, the "reply-message" packet is not guaranteed. Well, let me say that better. It's guaranteed that Freeradius will send it if you specify it. It is NOT guaranteed what the NAS will do with it. (Some NASes will ignore it, many will show it to the user.) Well, instead of disputing a suggestion I made, when I stated I wasn't even sure that I completely understood the question, please provide another means...especially if you are sure that you know exactly what Alan is trying to accomplish by returning said string. Thanks, Chris Vincent Giovannone Network Infrastructure Group Information Services Division Rush - Presbyterian St. Luke's Medical Center "So for the IT Manager Role, you want someone who's absolute crap, looks reasonable on paper, and won't cause too much trouble. ... Well I don't have any MCSEs on my books at the moment, but I could call around."-- Simon Travaglia Chris Brotsos <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 11/27/2002 07:39 AM Please respond to freeradius-users To: [EMAIL PROTECTED] cc: Subject:Re: User Configuartion Help and Interesting Scenario Alan, At 11:38 PM 11/27/2002 +1100, you wrote: >Dear all, > >I have just installed radius 0.8 on my redhat 7.2 box. Being a total >newbie I just wanted to know two things... > >1) Firstly how do I add new users and then without restarting make radius >reread the users file? Is there a configuration switch to allow me to do >that? If it isnt possible, can i set up a database and do it that way? I >just need to know how to dynamically add new users without restarting the >radius server. Yes, you will need to use a database. >2) Is it possible for radius to also send back a string (password) back to >the client instead of just accept-accept. Or will I have to set up another >machine or program to do that? I am a little unsure of what you mean here, but I think you are referring to the use of a Reply-Message attribute that can be added to the user's profile to send back a string with your Access-Accept packet. Chris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Allocating dynamic IP addresses from FreeRadius
On Wed, 27 Nov 2002, Vitaliy Karlov wrote: > On Wed, Nov 27, 2002 at 04:12:12PM +0200, Kostas Kalevras wrote: > > > Hi All! > > > In radiusd.conf I put this: > > > > > > === radiusd.conf = > > > ippool main_pool { > > > range-start = 10.1.1.1 > > > range-stop = 10.1.1.255 > > > netmask = 255.255.255.255 > > > > You should put a netmask of 255.255.255.0 > > Delete the db* files and run the server in debug mode (radiusd -X) > > I delete all entries with db* and get this (I does not run radiusd in debug mode) > == radius.log == > Wed Nov 27 16:20:17 2002 : Error: rlm_ippool: 'session-db' must be set. > Wed Nov 27 16:20:17 2002 : Error: radiusd.conf[489]: main_pool: Module instantiation >failed. > === > > ??? I meant all the db *files* not the configuration directives!! > > What is goal of the db* files? They are the db keeping state of allocated ips > > > > PS. Where is I find documentation about rlm_ipppol ? > > > > Read raddb/experimental.conf > > Thanks, I read yet... no more? No. If you find that it is lacking something please contribute some documentation. > > -- > WBR, Vitaliy Karlov [KV1670-RIPE] > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Allocating dynamic IP addresses from FreeRadius
On Wed, Nov 27, 2002 at 04:12:12PM +0200, Kostas Kalevras wrote: > > Hi All! > > In radiusd.conf I put this: > > > > === radiusd.conf = > > ippool main_pool { > > range-start = 10.1.1.1 > > range-stop = 10.1.1.255 > > netmask = 255.255.255.255 > > You should put a netmask of 255.255.255.0 > Delete the db* files and run the server in debug mode (radiusd -X) I delete all entries with db* and get this (I does not run radiusd in debug mode) == radius.log == Wed Nov 27 16:20:17 2002 : Error: rlm_ippool: 'session-db' must be set. Wed Nov 27 16:20:17 2002 : Error: radiusd.conf[489]: main_pool: Module instantiation failed. === ??? What is goal of the db* files? > > PS. Where is I find documentation about rlm_ipppol ? > > Read raddb/experimental.conf Thanks, I read yet... no more? -- WBR, Vitaliy Karlov [KV1670-RIPE] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MS-CHAP
Hi, What can Freeradius use to authenticate MS-CHAP against? I know of the following methods: - the 'users' file - /etc/smbpasswd - LDAP directory - proxy to another RADIUS server Are there any others? thanks, josh. -- --- Josh Howlett, Networking & Digital Communications, Information Systems & Computing, University of Bristol, U.K. 'phone: 0117 928 7850 email: [EMAIL PROTECTED] --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Allocating dynamic IP addresses from FreeRadius
On Wed, 27 Nov 2002, Vitaliy Karlov wrote: > On Tue, Nov 26, 2002 at 11:54:59AM -0500, Mike Varley wrote: > > There is a module that does dynamic IP assignment: look in > > ${freeradius_source_dir}/src/modules/rlm_ippool > > > > It is not built by default, so you need to add it to the top level > > Makefile. There is a description on how to configure it in the docs > > direcotry. > > > > Once you've compiled and installed it, change your radiusd.conf file to > > have a section: > > > > post-auth { > > ippool > > } > > > > and then after every successful authentication, this module will add an > > IP address chosen dynamically BASED ON the NAS/port combination. The > > ippool module uses dbm databases. I'm not sure if this is what you are > > looking for, but it may help point you in the right direction. > > > > HTH! > > > > MV > > Hi All! > In radiusd.conf I put this: > > === radiusd.conf = > ippool main_pool { > range-start = 10.1.1.1 > range-stop = 10.1.1.255 > netmask = 255.255.255.255 You should put a netmask of 255.255.255.0 Delete the db* files and run the server in debug mode (radiusd -X) > cache-size = 800 > session-db = ${raddbdir}/db.ippool > ip-index = ${raddbdir}/db.ipindex > } > > post-auth { > # Get an address from the IP Pool. > main_pool > } > == > > In user I write this: > == users > zzz zyxel Auth-Type := Local, User-Password == "some_pass", Pool-Name := >"main_pool" > > > But IP-address anywhere does not assign from space 10.1.1.0/24 > > Thanks for any suggestion. > > PS. Where is I find documentation about rlm_ipppol ? Read raddb/experimental.conf > > > -- > WBR, Vitaliy Karlov [KV1670-RIPE] > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Allocating dynamic IP addresses from FreeRadius
On Tue, Nov 26, 2002 at 11:54:59AM -0500, Mike Varley wrote: > There is a module that does dynamic IP assignment: look in > ${freeradius_source_dir}/src/modules/rlm_ippool > > It is not built by default, so you need to add it to the top level > Makefile. There is a description on how to configure it in the docs > direcotry. > > Once you've compiled and installed it, change your radiusd.conf file to > have a section: > > post-auth { > ippool > } > > and then after every successful authentication, this module will add an > IP address chosen dynamically BASED ON the NAS/port combination. The > ippool module uses dbm databases. I'm not sure if this is what you are > looking for, but it may help point you in the right direction. > > HTH! > > MV Hi All! In radiusd.conf I put this: === radiusd.conf = ippool main_pool { range-start = 10.1.1.1 range-stop = 10.1.1.255 netmask = 255.255.255.255 cache-size = 800 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex } post-auth { # Get an address from the IP Pool. main_pool } == In user I write this: == users zzz zyxel Auth-Type := Local, User-Password == "some_pass", Pool-Name := "main_pool" But IP-address anywhere does not assign from space 10.1.1.0/24 Thanks for any suggestion. PS. Where is I find documentation about rlm_ipppol ? -- WBR, Vitaliy Karlov [KV1670-RIPE] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ERROR 2002: Can't connect to local MySQL server through socket '/ var/lib/mysql/mysql.sock' (111)
27-Nov-02 at 19:28, Vijay Reddy ([EMAIL PROTECTED]) wrote : > Hi, > I have just installed freeradius 0.8 on Linux. How can we connect the mysql > server running on different machine,what changes are required to make mysql > client contact the server running on different machine,always i am getting > > ERROR 2002: Can't connect to local MySQL server through socket > '/var/lib/mysql/mysql.sock' (111) > This is a MySQL problem; in any case, you need to look at sql.conf driver = "rlm_sql_mysql" # Connect info server = "hostname/IP address" login = "root" # or a better username who has access to the radius DB password = "yourpassword" Regards, -- |-Simon White, Internet Services Manager, Certified Check Point CCSA. |-MTDS Internet, Security, Anti-Virus, Linux and Hosting Solutions. |-MTDS 14, rue du 16 novembre, Agdal, Rabat, Morocco. |-MTDS tel +212.3.767.4861 - fax +212.3.767.4863 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ERROR 2002: Can't connect to local MySQL server through socket'/ var/lib/mysql/mysql.sock' (111)
You should check out the mysql documentation on mysql.com. This is a freeradius list and I doubt you will get much mysql support here. On Wed, 2002-11-27 at 08:58, Vijay Reddy wrote: > Hi, > I have just installed freeradius 0.8 on Linux. How can we connect the mysql > server running on different machine,what changes are required to make mysql > client contact the server running on different machine,always i am getting > > ERROR 2002: Can't connect to local MySQL server through socket > '/var/lib/mysql/mysql.sock' (111) > > Can anyone help me out of this problem, Thanks in Advance > > Regards > > Vijay Reddy > > -- Regards, Jason A. LixfeldFastvibe Corporation Senior IP Network Engineer 220-156 Front St. W [EMAIL PROTECTED] Toronto, ON M5V-2L6 - tel://416.341.0099:223 fax://416.341.0088 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ERROR 2002: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (111)
Hi, I have just installed freeradius 0.8 on Linux. How can we connect the mysql server running on different machine,what changes are required to make mysql client contact the server running on different machine,always i am getting ERROR 2002: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (111) Can anyone help me out of this problem, Thanks in Advance Regards Vijay Reddy
Re: User Configuartion Help and Interesting Scenario
You do NOT need to use a database to cause freeradius to re-read its users file. You simply have to sigHUP it. Also, the "reply-message" packet is not guaranteed. Well, let me say that better. It's guaranteed that Freeradius will send it if you specify it. It is NOT guaranteed what the NAS will do with it. (Some NASes will ignore it, many will show it to the user.) Vincent Giovannone Network Infrastructure Group Information Services Division Rush - Presbyterian St. Luke's Medical Center "So for the IT Manager Role, you want someone who's absolute crap, looks reasonable on paper, and won't cause too much trouble. ... Well I don't have any MCSEs on my books at the moment, but I could call around."-- Simon Travaglia Chris Brotsos <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 11/27/2002 07:39 AM Please respond to freeradius-users To: [EMAIL PROTECTED] cc: Subject:Re: User Configuartion Help and Interesting Scenario Alan, At 11:38 PM 11/27/2002 +1100, you wrote: >Dear all, > >I have just installed radius 0.8 on my redhat 7.2 box. Being a total >newbie I just wanted to know two things... > >1) Firstly how do I add new users and then without restarting make radius >reread the users file? Is there a configuration switch to allow me to do >that? If it isnt possible, can i set up a database and do it that way? I >just need to know how to dynamically add new users without restarting the >radius server. Yes, you will need to use a database. >2) Is it possible for radius to also send back a string (password) back to >the client instead of just accept-accept. Or will I have to set up another >machine or program to do that? I am a little unsure of what you mean here, but I think you are referring to the use of a Reply-Message attribute that can be added to the user's profile to send back a string with your Access-Accept packet. Chris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: User Configuartion Help and Interesting Scenario
Alan, At 11:38 PM 11/27/2002 +1100, you wrote: Dear all, I have just installed radius 0.8 on my redhat 7.2 box. Being a total newbie I just wanted to know two things... 1) Firstly how do I add new users and then without restarting make radius reread the users file? Is there a configuration switch to allow me to do that? If it isnt possible, can i set up a database and do it that way? I just need to know how to dynamically add new users without restarting the radius server. Yes, you will need to use a database. 2) Is it possible for radius to also send back a string (password) back to the client instead of just accept-accept. Or will I have to set up another machine or program to do that? I am a little unsure of what you mean here, but I think you are referring to the use of a Reply-Message attribute that can be added to the user's profile to send back a string with your Access-Accept packet. Chris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Max-Daily-Session token usage, can anyone help?
> > I have downloaded version 0.8, and I've been lookoing at the sql (mysql) > table... It seems that there is no entry for Max-Session-Time (or is it > Max-Daily Session?) or either the Daily-Session-Time... > > Can anyone guide me on how to use these tokens properly... TIA > > Peter I used Max-Daily-Session, Max-Monthly-Session and Max-All-Session with version 0.7.1. radiusd.conf sqlcounter noresetcounter { counter-name = Max-All-Session-Time check-name = Max-All-Session sqlmod-inst = sql key = User-Name reset = never query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}'" } sqlcounter dailycounter { driver = "rlm_sqlcounter" counter-name = Daily-Session-Time check-name = Max-Daily-Session sqlmod-inst = sql key = User-Name reset = daily query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" } sqlcounter monthlycounter { counter-name = Monthly-Session-Time check-name = Max-Monthly-Session sqlmod-inst = sql key = User-Name reset = monthly query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" } ... authorize { preprocess sql noresetcounter dailycounter monthlycounter files } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
User Configuartion Help and Interesting Scenario
Dear all, I have just installed radius 0.8 on my redhat 7.2 box. Being a total newbie I just wanted to know two things... 1) Firstly how do I add new users and then without restarting make radius reread the users file? Is there a configuration switch to allow me to do that? If it isnt possible, can i set up a database and do it that way? I just need to know how to dynamically add new users without restarting the radius server. 2) Is it possible for radius to also send back a string (password) back to the client instead of just accept-accept. Or will I have to set up another machine or program to do that? Thanks for the help in advance... Alan Wong _ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/TLS testing: SSL_set_my_callback
Hi Artur: Thanks for your suggestions. I heartly appreciate them. The problem with SSL_set_msg_callback seems to be fixed now. I installed the latest Beta version of the openssl and /usr/local/lib/ldd rlm_eap_tls-0.7-pre.so seems to give me libraries from this version of openssl. I tried again with FreeRADIUS-0.7 and I get a segmentation fault when it tries to process the TLS request: (NOTE: PLEASE READ BELOW THE FOLLOWING LOG AS WELL) Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp. Ready to process requests. rad_recv: Access-Request packet from host 192.168.11.20:1047, id=23, length=122 User-Name = "adam-ctl" NAS-IP-Address = 192.168.11.20 Called-Station-Id = "004096577e54" Calling-Station-Id = "00080997" NAS-Identifier = "AP350" NAS-Port = 29 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = "\002\035\000\r\001adam-ctl" Message-Authenticator = 0x09cf6a42badba94b8978e30247cdd626 modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "eap" returns updated rlm_realm: Looking up realm NULL for User-Name = "adam-ctl" rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched adam-ctl at 97 modcall[authorize]: module "files" returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: processing type tls Segmentation fault == I understand that there are a lot of bug-fixes within FreeRadius 0.8 release and I should UPGRADE to the same level. I tried to install freeradius-0.8 and it gives me a parse error in unistd.h === gmake[6]: Entering directory `/tmp/freeradius-0.8/src/modules/rlm_unix' /tmp/freeradius-0.8/libtool --mode=link ld \ -module -static -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -I../../include rlm_unix.o cache.o compat.o -o rlm_unix.a ar cru rlm_unix.a rlm_unix.o cache.o compat.o ranlib rlm_unix.a gmake[6]: Leaving directory `/tmp/freeradius-snapshot-20021122/src/modules/rlm_unix' Making static dynamic in rlm_x99_token... gmake[6]: Entering directory `/tmp/freeradius-snapshot-20021122/src/modules/rlm_x99_token' gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -I../../include -DX99_MODULE_NAME=\"rlm_x99_token\" -DFREERADIUS -c x99_site.c -o x99_site.o In file included from ../../include/radiusd.h:19, from x99_rad.h:25, from x99.h:201, from x99_site.c:37: /usr/include/unistd.h:945: parse error before `(' /usr/include/unistd.h:945: parse error before `__const' gmake[6]: *** [x99_site.o] Error 1 gmake[6]: Leaving directory `/tmp/freeradius-0.8/src/modules/rlm_x99_token' gmake[5]: *** [common] Error 1 gmake[5]: Leaving directory `/tmp/freeradius-0.8/src/modules' gmake[4]: *** [all] Error 2 gmake[4]: Leaving directory `/tmp/freeradius-0.8/src/modules' gmake[3]: *** [common] Error 1 gmake[3]: Leaving directory `/tmp/freeradius-0.8/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/tmp/freeradius-0.8/src' gmake[1]: *** [common] Error 1 gmake[1]: Leaving directory `/tmp/freeradius-0.8' make: *** [all] Error 2 = --- Artur Hecker <[EMAIL PROTECTED]> wrote: > nikhil: > > > as i already said to you: > - upgrade to the newest version, why do you still > use the 0.7.1? > - assure that the "old" openssl is not involved into > the compilation > > your problem is evidently that the rlm_eap_tls used > by freeradius is > compiled to use the old openssl OR it uses this for > unclear reasons. > resolve it, don't wait for _the_ solution, simply > try, play with your > settings (after having upgraded), with your gcc > config, your system > config, etc. > > the old lib doesn't have this function, only the new > beta versions have > (for as far as i know). yours evidently don't. > upgrade & recompile it. > > i'm sorry but it's a little bit hard to see what the > exact problem is > and to give you the sequence of commands which will > result in correct > behaviour, be administrator. you could write small > test programs in C > and compile those (simply a SSL_init() and then a > call to this > SSL_set_msg_callback() function). once your C test > compiles correctly > and executes without linker complaining (although > the program can > segfault completely, you don't ca
Re: Authentication vs. Authorization question
> Jukka wanted to know how to ADD authorization data > to the response sent by the remote server. The > remote server _doesn't_ send any authorization data, > it's not supposed to and there is nothing to be done > about it, at least not by Jukka. > > his question is how to mangle the response adding > authorization data... Exactly. > you can definitely add whatever you want using > postproxying. the question is however, if there > is a simplier way to achieve the same result. Thanks, I'll check it out. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authentication vs. Authorization question
The data should be in radreply table or radgroupreply (if your user is in a group in usergroup table) I am not a proxying expert but I think it would be nice to check the remote server if its even able to send these data. I might be off the track also! You can perhaps use the radclient program to test the situation when you connect to server with radclient you should just enter the a/v pairs and then press CTRL+D running #radclient 192.168.168.1 auth YOURSECRET then sending User-Name = "John" User-Password = "hello" ^D should do...do you receive the replies you want? Evren On Wed, 27 Nov 2002, Jukka Lehti wrote: > --- Evren Yurtesen <[EMAIL PROTECTED]> wrote: > > What kind of db are you using? can you send > > radiusd -xx > > output of authentication session? > > I'm using MySQL at the moment and it's working ok. > Output attached. > > > do you mean that the remote server is working good > > when you connect it > > directly? for example with radclient ? > > It's working ok, yes. I get the authentication data > from the remote server but don't know how to add > authorization data from local db to reply? > > > On Wed, 27 Nov 2002, Jukka Lehti wrote: > > > > > Hi, > > > > > > I've set up freeradius 0.8 so that users like > > > john@test get authenticated from a remote RADIUS > > > server, i.e., freeradius works as a proxy. This is > > > working well, so no problem here. But: the remote > > > server only returns authentication data (un/pw > > > ok/bad), I have authorization data in my local DB > > > (Session-Timeout etc). How could I add this > > > authorization data to RADIUS reply after > > successful > > > authentication from the remote server? I've been > > > experimenting with autztype directive, but without > > > success yet. Any other ideas/examples? > > > > > > Thanks in advance. > > > > > > __ > > > Do you Yahoo!? > > > Yahoo! Mail Plus - Powerful. Affordable. Sign up > > now. > > > http://mailplus.yahoo.com > > > > > > - > > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > > > > __ > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now. > http://mailplus.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authentication vs. Authorization question
Well I suspected if the remote server maybe dont even have this data inside or somehow it doesnt send back. I thought the first thing is to check if the remote server is working good, without any problems. But definetely I am not an expert at proxying but I thought the proxy should automaticly forward all the data received from the server. Thats also another reason why I thought proxy dont receive anything. Evren On Wed, 27 Nov 2002, Artur Hecker wrote: > > Evren, i think you misunderstand the question: Jukka wanted to know how > to ADD authorization data to the response sent by the remote server. The > remote server _doesn't_ send any authorization data, it's not supposed > to and there is nothing to be done about it, at least not by Jukka. > > his question is how to mangle the response adding authorization data... > Jukka, i think you should take a loot at postproxying available in > freeradius 0.8 or in the snapshots (not sure about that). > > you can definitely add whatever you want using postproxying. the > question is however, if there is a simplier way to achieve the same result. > > > ciao > artur > > > > Evren Yurtesen wrote: > > What kind of db are you using? can you send > > radiusd -xx > > output of authentication session? > > > > do you mean that the remote server is working good when you connect it > > directly? for example with radclient ? > > -- > Artur Hecker Groupe Accès et Mobilité > hecker[at]enst[dot]fr Département Informatique et Réseaux > +33 1 45 81 7507 46, rue Barrault 75634 Paris cedex 13 > http://www.infres.enst.frENST Paris > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authentication vs. Authorization question
Evren, i think you misunderstand the question: Jukka wanted to know how to ADD authorization data to the response sent by the remote server. The remote server _doesn't_ send any authorization data, it's not supposed to and there is nothing to be done about it, at least not by Jukka. his question is how to mangle the response adding authorization data... Jukka, i think you should take a loot at postproxying available in freeradius 0.8 or in the snapshots (not sure about that). you can definitely add whatever you want using postproxying. the question is however, if there is a simplier way to achieve the same result. ciao artur Evren Yurtesen wrote: What kind of db are you using? can you send radiusd -xx output of authentication session? do you mean that the remote server is working good when you connect it directly? for example with radclient ? -- Artur Hecker Groupe Accès et Mobilité hecker[at]enst[dot]fr Département Informatique et Réseaux +33 1 45 81 7507 46, rue Barrault 75634 Paris cedex 13 http://www.infres.enst.fr ENST Paris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authentication vs. Authorization question
--- Evren Yurtesen <[EMAIL PROTECTED]> wrote: > What kind of db are you using? can you send > radiusd -xx > output of authentication session? I'm using MySQL at the moment and it's working ok. Output attached. > do you mean that the remote server is working good > when you connect it > directly? for example with radclient ? It's working ok, yes. I get the authentication data from the remote server but don't know how to add authorization data from local db to reply? > On Wed, 27 Nov 2002, Jukka Lehti wrote: > > > Hi, > > > > I've set up freeradius 0.8 so that users like > > john@test get authenticated from a remote RADIUS > > server, i.e., freeradius works as a proxy. This is > > working well, so no problem here. But: the remote > > server only returns authentication data (un/pw > > ok/bad), I have authorization data in my local DB > > (Session-Timeout etc). How could I add this > > authorization data to RADIUS reply after > successful > > authentication from the remote server? I've been > > experimenting with autztype directive, but without > > success yet. Any other ideas/examples? > > > > Thanks in advance. > > > > __ > > Do you Yahoo!? > > Yahoo! Mail Plus - Powerful. Affordable. Sign up > now. > > http://mailplus.yahoo.com > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com rad.log Description: rad.log
Does mod_auth_radius can talk with a shiva radius?
Hi, We compiled mod_auth_radius-1.5.4 with apache_1.3.27 on RedHat 8. Can it work with a shiva radius server (access manager 5.7)? It seems like those folks don't understand each other.. or the client doesn't get well the server's response. The client gets an positive reply from the server but sends another request and then is denied.. Here is an example from a tcpdump flash: 13:06:19.424346 web.1026 > radius.datametrics: rad-access-req 79 [id 51] Attr[ User{someone} Pass Service_type{#2080} [|radius] (DF) 13:06:19.526026 radius.datametrics > web.1026: rad-access-accept 84 [id 51] Attr[ Service_type{#1032} Framed_ipaddr{NAS_select} Framed_proto{#267} Filter_id{default} [|radius] 13:06:19.526533 web.1026 > radius.datametrics: rad-access-req 79 [id 190] Attr[ User{someone} Pass Service_type{#2080} [|radius] (DF) 13:06:19.558925 radius.datametrics > web.1026: rad-access-reject 20 [id 190] Could you help? Thanks [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authentication vs. Authorization question
What kind of db are you using? can you send radiusd -xx output of authentication session? do you mean that the remote server is working good when you connect it directly? for example with radclient ? Evren On Wed, 27 Nov 2002, Jukka Lehti wrote: > Hi, > > I've set up freeradius 0.8 so that users like > john@test get authenticated from a remote RADIUS > server, i.e., freeradius works as a proxy. This is > working well, so no problem here. But: the remote > server only returns authentication data (un/pw > ok/bad), I have authorization data in my local DB > (Session-Timeout etc). How could I add this > authorization data to RADIUS reply after successful > authentication from the remote server? I've been > experimenting with autztype directive, but without > success yet. Any other ideas/examples? > > Thanks in advance. > > __ > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now. > http://mailplus.yahoo.com > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Authentication vs. Authorization question
Hi, I've set up freeradius 0.8 so that users like john@test get authenticated from a remote RADIUS server, i.e., freeradius works as a proxy. This is working well, so no problem here. But: the remote server only returns authentication data (un/pw ok/bad), I have authorization data in my local DB (Session-Timeout etc). How could I add this authorization data to RADIUS reply after successful authentication from the remote server? I've been experimenting with autztype directive, but without success yet. Any other ideas/examples? Thanks in advance. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius 0.8, Oracle 8.1.7. Problem with CPU load
Novoselsky Alexander wrote: > May be. But OpenRADIUS and Navis Radius use simple SQL queries: "SELECT password >FROM users > WHERE username = ?". IMNAODBA (= I am not an Oracle DBA), but I have it on reasonable authority that queries of the above form (bindable?) are cacheable by Oracle. > It seems to me, in FreeRadius 0.8 SQL query is not configurable parameter. I *think* that such queries rely on a different Oracle API, in order to bind the argument values to the parameters. -- Regards, Daryl Tester, Software Wrangler and Bit Herder, IOCANE Pty. Ltd. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html