Re: Snapshot error

[Alexey Chetroi]

On Thu, Feb 06, 2003 at 01:10:20AM -0500, Gene Parks wrote:
> Subject: Snapshot error
> From: "Gene Parks" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> Date: Thu, 6 Feb 2003 01:10:20 -0500
> 
> Thought you guys should know that the new snapshot is producing this
> error after install.
> 
> 2003-02-06 00:41:52.418187500 Starting - reading configuration files ...
> 2003-02-06 00:41:52.437049500 ?[0]: Unknown variable "datadir"
> 2003-02-06 00:41:53.526664500 Starting - reading configuration files ...
> 2003-02-06 00:41:53.543306500 ?[0]: Unknown variable "datadir"
> 2003-02-06 00:41:54.638002500 Starting - reading configuration files ...
> 2003-02-06 00:41:54.655309500 ?[0]: Unknown variable "datadir"
> 2003-02-06 00:41:55.748170500 Starting - reading configuration files ...
> 2003-02-06 00:41:55.764256500 ?[0]: Unknown variable "datadir"
> 2003-02-06 00:41:56.857507500 Starting - reading configuration files ...
> 2003-02-06 00:41:56.873177500 ?[0]: Unknown variable "datadir"

  radiusd.conf from the snapshots is a bit different from those 0.8.1. I've
compiled a snapshot from cvs yesterday and it complains about the same error
and after that dumps core, so I had modify radiusd.conf from CVS tree.

-- 

  Best regards,
  Alexey Chetroi

---
Smile... Tomorrow will be worse.   (c) Murphy's law

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Snapshot error

[Gene Parks]

Title: Snapshot error






Thought you guys should know that the new snapshot is producing this error after install.


2003-02-06 00:41:52.418187500 Starting - reading configuration files ...

2003-02-06 00:41:52.437049500 ?[0]: Unknown variable "datadir"

2003-02-06 00:41:53.526664500 Starting - reading configuration files ...

2003-02-06 00:41:53.543306500 ?[0]: Unknown variable "datadir"

2003-02-06 00:41:54.638002500 Starting - reading configuration files ...

2003-02-06 00:41:54.655309500 ?[0]: Unknown variable "datadir"

2003-02-06 00:41:55.748170500 Starting - reading configuration files ...

2003-02-06 00:41:55.764256500 ?[0]: Unknown variable "datadir"

2003-02-06 00:41:56.857507500 Starting - reading configuration files ...

2003-02-06 00:41:56.873177500 ?[0]: Unknown variable "datadir"

RE: FTP access to accounting logs by rodopi

[Gene Parks]

You could always log straight into rodopi via the mssql driver.

Gene Parks
VIP Direct

-Original Message-
From: Tim D. McCracken [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, February 04, 2003 4:43 PM
To: [EMAIL PROTECTED]
Subject: FTP access to accounting logs by rodopi



OS: Solaris8/SPARC

I need to ftp (read) the accounting log using a non-priveleged account
from RODOPI.

I created a non-priveleged user with the 'other' group.
Rodopi can change the 'detail' file names but cannot read the files
since the default persmision is owner:rw (only).  RODOPI changes the
'detail' filenames forcing FR to create a new file each time RODOPI
process the current data, so I can't just change the file permissions
one time and call it good.

I am trying to set the default group permission on the 'detail' file to
allow this. However, I have been unable to determine where to set the
umask for a daemon. Also, I do not want to change it system wide - only
for the radiusd daemon. I have been unable to locate this information in
the Solaris docs. Any Ideas?

Or is there a better way to accomplish this? (without anon FTP)

Tim


- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

[isp-radius] RADIUS Load Test program (fwd)

[Kostas Kalevras]

-- Forwarded message --
Date: Wed, 5 Feb 2003 09:59:27 -0500
From: Mike Mazar <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [isp-radius] RADIUS Load Test program

I have developed a RADIUS Load Test program and it's available for free
download at www.evolynx.com/radius.

Regards

Mike Mazar


  The ISP-RADIUS Discussion List  
To Join: mailto:[EMAIL PROTECTED]
To Remove: mailto:[EMAIL PROTECTED]
Archives: http://isp-lists.isp-planet.com/isp-radius/archives/

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Dialup_admin questions

[Kostas Kalevras]

On Wed, 5 Feb 2003, Andrew Staples wrote:

>
>
> > -Original Message-
> > Kostas Kalevras
> >
> > Dialup-Access is an attribute used by the ldap module. It is
> > not implemented in the sql module, that's why the mapping is
> > set to none. You could set Auth-Type to Reject instead.
>
> [snip]
> >
> > So, the badusers table is used to keep bad account history,
> > not to disable user accounts.
>
> Thanks, Kostas,  for the info.  Setting to reject caused the field to
> appear.
>
>
> Also, just wondering why the personal information fields show multiple
> entries for attributes like name, department, etc:
> name
> name ()  -
> department  -
> department ()
> title  -
> title ()
>
> I see that both these attributes are for ldap only, although changing their
> settings does affect the display:
> general_prefered_lang:
> general_prefered_lang_name:
>
> Is there a way to remove the duplicate fields in the display?

Set general_prefered_lang to en

>
>
> Thanks again
> Andrew
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius not reading Auth-Type from MySQL

[Robert Canary]

Then there is a gross error in half of the documnetation.  Even the
O'Reilly Radius book is showing it in the regroupreply, as well as the
infamous www.frontios.com/freeradius.html.but then agian half of the
docs are spelling Jacobs*o*n, instead Jacobs*e*n..

What your saying makes perfect sense, of course.  You suggest it be put
in the radcheck, or the radgroupcheck?

Alan DeKok wrote:
> 
> Robert Canary <[EMAIL PROTECTED]> wrote:
> > Where do have the Auth-Type := Local listed at; in the radgroupreply?
> 
>   You don't.  It's not an attribute which goes into the reply to the
> NAS.
> 
>   There was a message yesterday on the list about this same issue.
> 
>   Put the Auth-Type into the check table.  Read the 'users' file 'man'
> page.  Look at the 'users' file examples.  The SQL configuration
> attempts to mirror the same layout as the 'users' file.
> 
>   Alan DeKok.
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Dialup_admin questions

[Andrew Staples]

> -Original Message-
> Kostas Kalevras
> 
> Dialup-Access is an attribute used by the ldap module. It is 
> not implemented in the sql module, that's why the mapping is 
> set to none. You could set Auth-Type to Reject instead.

[snip]
> 
> So, the badusers table is used to keep bad account history, 
> not to disable user accounts.

Thanks, Kostas,  for the info.  Setting to reject caused the field to
appear. 


Also, just wondering why the personal information fields show multiple
entries for attributes like name, department, etc:
name  
name ()  -  
department  -  
department ()  
title  -  
title ()  

I see that both these attributes are for ldap only, although changing their
settings does affect the display:
general_prefered_lang:
general_prefered_lang_name:

Is there a way to remove the duplicate fields in the display?


Thanks again 
Andrew


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problems with Ascend TNTs?

[Alan DeKok]

Jim <[EMAIL PROTECTED]> wrote:
> >   Unless, of course, the NAS is broken.
> 
> It turns out their radius proxy assigns IPs out of a pool, and not the
> NASs. This allows them to better manage the network. I suggested they take
> another look at their Framed-IP-Address filter.

  Agreed.

> >   Probably the 'users' file.  If you're not using it, then comment out
> > 'files' in the 'authorize' section of radiusd.conf.
> 
> That's where it is. Will commenting out 'files' stop reading the
> clients.conf and proxy.conf files?

  No.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problems with Ascend TNTs?

[Jim]

On Wed, 5 Feb 2003, Alan DeKok wrote:

> Jim <[EMAIL PROTECTED]> wrote:
> 
>   But that's the IP address defined in the RFC as "let the NAS pick an
> IP", so everything should be fine.

Right, hence the surprise on my part.

>   Unless, of course, the NAS is broken.

It turns out their radius proxy assigns IPs out of a pool, and not the
NASs. This allows them to better manage the network. I suggested they take
another look at their Framed-IP-Address filter.

>   Probably the 'users' file.  If you're not using it, then comment out
> 'files' in the 'authorize' section of radiusd.conf.

That's where it is. Will commenting out 'files' stop reading the
clients.conf and proxy.conf files?

thanks,
Jim


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

UnixODBC module setup.

[tchav]

Hi everybody,
I set the latest version of 
FreeRadius/RH7.2  and it's working great for me for now with MySQL but I'm 
forcedto provide my coleagues with "well known" 
database.So i'm in process of moving from MySQL to MS SQL.
Somewhere in the archve i read that the odbc 
support is provided. 
So from my test box i'm able to test 
successfully the connection to MS SQL  not as part of 
radiusd.
The rlm_sql_unixodbc is configured/compiled 
sucessfully during ./configure/make/make install.
My question is: Where in mssql.conf or radiusd.conf 
i can set the DSN i have created.
probably i have missed something -- who 
knows.
Thanks in advance for your time.
Best Regards

Re: Dialup_admin questions

[Kostas Kalevras]

On Wed, 5 Feb 2003, Andrew Staples wrote:

> Admitted newbie to radius/freeradius, the book is on order.
>
> Freeradius is installed and working with mysql.  However:
>
> 1.  Even though I have uncommented Dialup-Access in user_edits.attrs, when
> editing a user, that field is not available.  Is this because in sql.attrmap
> I have:
>
> checkItem Dialup-Access   none
>
> What should the attribute be?

Dialup-Access is an attribute used by the ldap module. It is not implemented in
the sql module, that's why the mapping is set to none.
You could set Auth-Type to Reject instead.

>
> 2. Since the dialup-access isn't working for me, I thought that I could
> easily disable an account by moving a user to the badusers table.  This
> seems to be one-way, i.e. once the user is in badusers is there a way to
> move them back via dialup_admin?

>From the dialup_admin/README file (which is included in the dialup_admin help
page):

* sql/badusers.sql: It will create a table named badusers which can be used to
  hold the history for badusers (date,action)

So, the badusers table is used to keep bad account history, not to disable user
accounts.

>
> 3.  Testing the software with ntradping (v1.2) connects to the server on
> port 1812, but any requests (such as server status) return a "no response
> from server (time out)" message.  I know the server is responding, since
> changing the port gives me a completely different error.

Run the radius server in debug mode: radiusd -X

>
> If these answers are documented, I need to be bitch-slapped.  I've seached
> the mailing-list archives, and the docs.
>
>
> Thanks,
>
> Andrew Staples
>
>
> A great many people think they are thinking when they are merely rearranging
>
> their prejudices. -- William James
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Alan

[Ryan Beisner]

It looks like there's about 1 day lag for this list reaching my address.
Now that I'm aware of that oddity, I will wait longer in the future.  I
apologize for posting twice.  Thanks for the pointers!!



>   Not only did it make it to the list, I responded yesterday.  If
> you're not going to read the list, then I would suggest that you stop
> posting.
> 
>   Look in the archives for the answer.
> 
>   Alan DeKok.
> 
> 



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problems with Ascend TNTs?

[Alan DeKok]

Jim <[EMAIL PROTECTED]> wrote:
> We worked with the network and they discovered that our requests were
> trying to assign an IP address (!), as far as the TNTs were concerned.
...
> Login OK: [test@domain] (from client nnn.nnn.nnn.111 port 23523 cli **)
> Sending Access-Accept of id 215 to nnn.nnn.nnn.111:1681
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Idle-Timeout = 900
> Session-Timeout = 4800
> Port-Limit = 6
> Framed-MTU = 1500
> Framed-IP-Address = 255.255.255.254

  Yeah, there's an IP address in that.

  But that's the IP address defined in the RFC as "let the NAS pick an
IP", so everything should be fine.

  Unless, of course, the NAS is broken.

> So, the Framed-IP-Address and Framed-Compression are added by freeradius
> somewhere. I can't find out where. 

  Probably the 'users' file.  If you're not using it, then comment out
'files' in the 'authorize' section of radiusd.conf.

  Alan DeKok.



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Huntgroup by calledstationid?

[J. S. Townsley]

Thank you Ossama.

I will look into what you've given me thus far.

Idealy I do not want to add a huntgroup to all of my users, I just want to
prevent 'everyone but' user bob, user bob2, etc.

Additionally, do you know if I can store the huntgroup in ldap?  I am
assuming I would set the huntgroup-name up as a check item, but not sure
preprocess is going to know about it.

--JST

* Ossama Suleiman [Wed, 5 Feb 2003]

> Date: Wed, 05 Feb 2003 10:33:51 +0200
> From: Ossama Suleiman <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: Re: Huntgroup by calledstationid?
>
>
>
> J. S. Townsley wrote:
>
> >Anyone on the list ever hacked something up to create hunt groups based on
> >calledstationid?
> >
> >I have a situation where I have a NAS with a couple different DID's on it.
> >I'd like an easy method to differentiate between users on these DID's.
> >
> >IE, user bob can dial the local XXX number, but not the 800 number on the
> >same NAS.
> >
> >
> create 2 huntgroups, list them in the file huntgroups:
> huntgroup1Called-Station-Id==123456
> huntgroup2Called-Station-Id==654321
>
> then add this entry "huntgroup" to the user you want:
>
> bobpassword=="secret", Huntgroup-Name == "huntgroup1"
>
> hope that helps
> --Ossama
>
> >Thoughts anyone?
> >
> >--JST
> >
> >
> >-
> >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >
> >
> >
> >
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

___
J. S. Townsley  Senior Network and Systems Engineer
[EMAIL PROTECTED]  Integrity Online
  www.integrity.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problems with Ascend TNTs?

[Jim]

Some follow up, for those that are interested. Also, a couple of
questions.

We worked with the network and they discovered that our requests were
trying to assign an IP address (!), as far as the TNTs were concerned.
They had a filter up to deny any such requests (Framed-IP, which seemed
weird). They removed the filter, and the TNTs started assigning IPs as
they should. Keep in mind that attributes we set in the users file on the
auth server are the exact same we were using with our ICradius setup:

DEFAULT Auth-Type = System,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Idle-Timeout = 900,
Session-Timeout = 4800,
Port-Limit = 6,
Framed-MTU = 1500

Here's what we saw going back and forth during testing (IP addresses
identified by 'nnn' for nas, 'ppp' for proxy and 'aaa' for auth):

rad_recv: Access-Request packet from host nnn.nnn.nnn.111:1681, id=215,
length=202
User-Name = "test@domain"
NAS-IP-Address = nnn.nnn.nnn.222
NAS-Port = 23523
NAS-Port-Type = Async
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "**"
Ascend-Calling-Id-Type-Of-Num = Unknown
Ascend-Calling-Id-Number-Plan = Unknown
Called-Station-Id = "**"
Acct-Session-Id = "395738553"
Ascend-Endpoint-Disc =
"\001\037\033\333ft&I\201\202\264\205T\213\3271\225\000\000\000"
Ascend-Data-Rate = 26400
Ascend-Xmit-Rate = 49333
User-Password = "*"

Sending Access-Request of id 2 to aaa.aaa.aaa.aaa:1645
User-Name = "test@domain"
NAS-IP-Address = nnn.nnn.nnn.
NAS-Port = 23523
NAS-Port-Type = Async
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "**"
Ascend-Calling-Id-Type-Of-Num = Unknown
Ascend-Calling-Id-Number-Plan = Unknown
Called-Station-Id = "**"
Acct-Session-Id = "395738553"
Ascend-Endpoint-Disc =
"\001\037\033\333ft&I\201\202\264\205T\213\3271\225\000\000\000"
Ascend-Data-Rate = 26400
Ascend-Xmit-Rate = 49333
User-Password = ":\275\033\35304\335\305`8N\273\002\236I\375"
Proxy-State = "215"

rad_recv: Access-Accept packet from host aaa.aaa.aaa.aaa:1645, id=2, length=61
Service-Type = Framed-User
Framed-Protocol = PPP
Idle-Timeout = 900
Session-Timeout = 4800
Port-Limit = 6
Framed-MTU = 1500
Proxy-State = 0x323135

  rad_check_password: Auth-Type = Accept, accepting the user
Login OK: [test@domain] (from client nnn.nnn.nnn.111 port 23523 cli **)
Sending Access-Accept of id 215 to nnn.nnn.nnn.111:1681
Service-Type = Framed-User
Framed-Protocol = PPP
Idle-Timeout = 900
Session-Timeout = 4800
Port-Limit = 6
Framed-MTU = 1500
Framed-IP-Address = 255.255.255.254
Framed-Compression = Van-Jacobson-TCP-IP
Finished request 2
Going to the next request


So, the Framed-IP-Address and Framed-Compression are added by freeradius
somewhere. I can't find out where. These are normal a/v pairs, but they're
not coming from the auth server, and we don't have anything in the
rad*check or rad*reply, or the usergroup tables at all. It shouldn't be an
issue, but it was in this case.

Also, we didn't get anything back when the rejects happened from the NAS,
or anything in the radacct table, but it is logged in radius.log as a
completed login on both the auth and proxy servers (as shown in the
snippet above).

So, are these bugs or features?

thanks,
Jim


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Dialup_admin questions

[Andrew Staples]

Admitted newbie to radius/freeradius, the book is on order.

Freeradius is installed and working with mysql.  However:

1.  Even though I have uncommented Dialup-Access in user_edits.attrs, when
editing a user, that field is not available.  Is this because in sql.attrmap
I have:

checkItem   Dialup-Access   none

What should the attribute be?

2. Since the dialup-access isn't working for me, I thought that I could
easily disable an account by moving a user to the badusers table.  This
seems to be one-way, i.e. once the user is in badusers is there a way to
move them back via dialup_admin? 

3.  Testing the software with ntradping (v1.2) connects to the server on
port 1812, but any requests (such as server status) return a "no response
from server (time out)" message.  I know the server is responding, since
changing the port gives me a completely different error.

If these answers are documented, I need to be bitch-slapped.  I've seached
the mailing-list archives, and the docs.


Thanks,

Andrew Staples


A great many people think they are thinking when they are merely rearranging

their prejudices. -- William James


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius not reading Auth-Type from MySQL

[Michael Brininstool]

Freeradius-0.8.1 on FreeBSD-4.7  with  mysql 4.0.7 gamma-nt on NT.
Have not gone live with the NASes yet, but they are Redback, Nomadix, 
and a box that is not released or in production yet.  So far I have
just been testing with tadtest and radclient.

On Wed, Feb 05, 2003 at 08:07:11AM -0600, [EMAIL PROTECTED] wrote:
> What veersion are using Mike?
> 
> Michael Brininstool wrote:
> > 
> > On Wed, Feb 05, 2003 at 01:51:43AM -0600, [EMAIL PROTECTED] wrote:
> > >
> > > Where do have the Auth-Type := Local listed at; in the radgroupreply?
> > > It seems I can only make it work by designating it as local in the
> > > DEFUALT Auth-Type := Local.
> > 
> > I don't.  Here are the radiud.conf & users files with comments and blank
> > lines stripped out:

[SNIP]

-- 
Michael P. Brininstool  [EMAIL PROTECTED]
"We have a criminal jury system which is superior to any in the world, and
its efficiency is only marred by the difficulty of finding twelve men every
day who don't know anything and can't read." -- Mark Twain

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

PEAP ?

[john zurowski]

Is anyone actively looking at PEAP support within Freeradius ?Express yourself with cool emoticons.  Get MSN Messenger today. 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Help! Can't compile rlm_sql_oracle on solaris

[Chris Parker]

At 11:48 AM 2/5/2003 -0500, Chayim I. Kirshen wrote:

Hi there,

I'm trying to compile rlm_sql_oracle for solaris.  I've got the oracle9i
client installed and when linking I get an error because of the ELFCLASS
of the file.  I've printed the output of the make below.  Hopefully,
someone can help me!
Oh, I've got GNU make, the GCC, and am running Solaris 8i.  Thanks!


It looks like perhaps you have a 64-bit version of the oracle libs, but
you haven't told GCC to compile 64-bit versions of freeradius.

Either use a 32-bit version of Oracle, or tell GCC to compile in 64-bit
mode.  Getting GCC to compile 64-bit binaries is possible, though it
is a fairly involved process and not for the faint of heart ( you have
to bootstrap a 32bit compiler that can produce 64bit output, then build
a 64bit native compler ).

You could try telling './configure' that your host is: sparc64-sun-solaris2.8

-Chris
--
   \\\|||///  \  StarNet Inc.  \ Chris Parker
   \ ~   ~ /   \   WX *is* Wireless!\   Director, Engineering
   | @   @ |\   http://www.starnetwx.net \  (847) 963-0116
oOo---(_)---oOo--\--
  \ Wholesale Internet Services - http://www.megapop.net



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Help! Can't compile rlm_sql_oracle on solaris

[Chayim I. Kirshen]

Hi there,

I'm trying to compile rlm_sql_oracle for solaris.  I've got the oracle9i
client installed and when linking I get an error because of the ELFCLASS
of the file.  I've printed the output of the make below.  Hopefully,
someone can help me!
Oh, I've got GNU make, the GCC, and am running Solaris 8i.  Thanks!

make[10]: Entering directory
`/export/home/chayim/freeradius/src/modules/rlm_sql/drivers/rlm_sql_oracle'
/export/home/chayim/freeradius/libtool --mode=link gcc -module
-export-dynamic  -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall
-D_GNU_SOURCE -DNDEBUG -I../.. -I../../../../include \
-I/export/home/chayim/oracle9i//rdbms/demo
-I/export/home/chayim/oracle9i//rdbms/public
-I/export/home/chayim/oracle9i//plsql/public
-I/export/home/chayim/oracle9i//network/public
-I/export/home/chayim/oracle9i//oci/include
-I/export/home/chayim/freeradius/libltdl -o rlm_sql_oracle.la -rpath
/shared/toolchain/stow/freeradius-0.8//lib sql_oracle.lo
-L/export/home/chayim/oracle9i//lib -lclntsh -lm
rm -fr .libs/rlm_sql_oracle.la .libs/rlm_sql_oracle.*
.libs/rlm_sql_oracle.*
/usr/ccs/bin/ld -G -h rlm_sql_oracle.so.0 -o
.libs/rlm_sql_oracle.so.0.0.0  sql_oracle.lo 
-L/export/home/chayim/oracle9i//lib -lclntsh -lm -lc 
ld: fatal: file /export/home/chayim/oracle9i//lib/libclntsh.so: wrong
ELF class: ELFCLASS64
ld: fatal: File processing errors. No output written to
.libs/rlm_sql_oracle.so.0.0.0


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Monthly usage limits -slowly but surely

[Alan DeKok]

"Keith Ballard" <[EMAIL PROTECTED]> wrote:
> Okay thanks, from that I've established that the rlm_counter module is not
> in the library area at all.
> 
> Not knowing much about non-rpm packages, how do I get the required module in
> there?

$ cd src/modules/rlm_counter
$ ./configure

  And see what it says.  If everything works, do:

$ make
$ make install


  You probably don't have some DB header file or library installed.
You've got to do that before the counter module will work.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Added trailing slash to password...plus 3 digits. ??

[Alan DeKok]

Ryan Beisner <[EMAIL PROTECTED]> wrote:
> I don't thing my last post made it to the list... here it is again.  TIA

  Not only did it make it to the list, I responded yesterday.  If
you're not going to read the list, then I would suggest that you stop
posting.

  Look in the archives for the answer.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Added trailing slash to password...plus 3 digits. ??

[Ryan Beisner]

I don't thing my last post made it to the list... here it is again.  TIA
> Something very odd is happening to my FreeRADIUS server.  From a Win98
> PC (multiple different ones), dialing in with the SAME user name and
> password (re-entering it each time), I get different results.
> 
> It seems there's a "\003" added sometimes for an unknown reason.
> 
> FYI:  The real password should've been: a010110  (fake password with a
> test account).
> 
> Can anyone explain what is going on here?  Thanks in advance!  
> 
> -Ryan Beisner
> 
> 
> 
> Tue Feb  4 13:19:49 2003 : Auth: Login OK: [ryan] (from client flex port
> 0)
> Tue Feb  4 13:20:34 2003 : Auth: rlm_unix: [ryan]: invalid password
> Tue Feb  4 13:20:34 2003 : Auth: Login incorrect: [ryan/a01011\003]
> (from client prattusa-dialup-rack port 530 cli )
> Tue Feb  4 13:20:34 2003 : Auth: rlm_unix: [ryan]: invalid password
> Tue Feb  4 13:20:34 2003 : Auth: Login incorrect: [ryan/a01011\003]
> (from client prattusa-dialup-rack port 530 cli )
> Tue Feb  4 13:20:48 2003 : Auth: Login OK: [ryan] (from client flex port
> 0)
> 



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Monthly usage limits -slowly but surely

[Keith Ballard]

Okay thanks, from that I've established that the rlm_counter module is not
in the library area at all.

Not knowing much about non-rpm packages, how do I get the required module in
there?
When I compiled radius originally I just blindly followed the Radius book
and did:

tar -zxvf freeradius.tar.gz
configure
make
make install

on testing it all worked fine, including mySQL support, it's just the
counters that seem to be missing.

regards,
Keith

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Kostas
> Kalevras
> Sent: 04 February 2003 21:33
> To: [EMAIL PROTECTED]
> Subject: RE: Monthly usage limits -slowly but surely
>
>
> On Tue, 4 Feb 2003, Keith Ballard wrote:
>
> > I too am interested in this, as I have just set up my system
> (RH7.2, mySQL,
> > freeRaduis) to use counters and get:
> >
> > Error: radiusd.conf[1018] Failed to link to module
> 'rlm_counter': File not
> > found.
>
> ls /lib/rlm_counter*
>
> ldd /lib/rlm_counter.so
>
> That should give you a sufficient indication of what is missing
>
> >
> > I have definitely got counters called up in radiusd, and cannot
> see anything
> > I did wrong. I have looked at an example from this list from
> 2/10/02 and it
> > seems to match, any suggestions would be appreciated. I could not find a
> > detailed list of what each part in the 'counter' setup section
> did, is there
> > a full description anywhere?
>
> A two page documentation of the counter module in the sample
> radius.conf is not
> a full description for you?
>
> >
> > regards,
> > Keith


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Script to change password in mysql

[Simon White]

05-Feb-03 at 15:12, Daniel Dias Gonçalves ([EMAIL PROTECTED]) wrote :
> You it did not understand. I asked if already the ready solution existed, 
> if it does not have, without problems I myself I make script. But necessary 
> to save time... 

In that case, try this for a quick solution: PHPMyAdmin

http://www.phpwizard.net/projects/phpMyAdmin/

You can set it up so only some users can use it and you can restrict
their privileges.

For a public access "Change your dialup password online" tool it is
inadequate. That, you will want to develop yourself to keep it as
minimalistic as possible.

-- 
|-Simon White, Internet Services Manager, Certified Check Point CCSA.
|-MTDS  Internet, Security, Anti-Virus, Linux and Hosting Solutions.
|-MTDS  14, rue du 16 novembre, Agdal, Rabat, Morocco.
|-MTDS  tel +212.3.767.4861 - fax +212.3.767.4863

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Script to change password in mysql

[Miquel van Smoorenburg]

In article <[EMAIL PROTECTED]>,
yacine rebahi  <[EMAIL PROTECTED]> wrote:
>please remove me from the mailing list

What is so hard to understand about:

>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Which is at the end of /every/ message to this list ?

Mike.
-- 
Anyone who is capable of getting themselves made President should
on no account be allowed to do the job -- Douglas Adams.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: attribute grouping

[Alan DeKok]

"Robert Toth" <[EMAIL PROTECTED]> wrote:
> I'm running freeradius-0.8.1 on redhat linux. I have a problem with =
> sending attributes from group 2. Radius always=20
> sends attributes only for group 1, here is debug output:

  Read the 'users' file 'man' page.  Use '+=' for the reply
attributes, instead of '='.

  Hmm... the '1' versus '2' tunnel type should make the attributes
different...

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Script to change password in mysql

[Daniel Dias Gonçalves]

You it did not understand. I asked if already the ready solution existed, 
if it does not have, without problems I myself I make script. But necessary 
to save time... 

On Wed, 5 Feb 2003 15:02:22 +, Simon White <[EMAIL PROTECTED]> wrote :

> 05-Feb-03 at 14:41, Daniel Dias Gonçalves ([EMAIL PROTECTED]) wrote :
> > I need one script cgi (php, Perl, c) to modify the password of the user 
in 
> > a data base mysql that freeradius authenticate.
> > I think about something as a field using it to place the username, a 
field 
> > for the current password and others two fields new password and to 
confirm 
> > new password. 
> 
> This would be a few lines of PHP. Learning PHP and how to connect it to
> your MySQL database is beyond the scope of this mailing list.
> 
> -- 
> |-Simon White, Internet Services Manager, Certified Check Point CCSA.
> |-MTDS  Internet, Security, Anti-Virus, Linux and Hosting Solutions.
> |-MTDS  14, rue du 16 novembre, Agdal, Rabat, Morocco.
> |-MTDS  tel +212.3.767.4861 - fax +212.3.767.4863
> 
> -
> List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html
> 
> 
> 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: users and passwords in different databases?

[Alan DeKok]

Claus Nagel <[EMAIL PROTECTED]> wrote:
> i would like to use freeradius! so is it also possible with freeradius?

  Yes.  Use Unix groups.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius not reading Auth-Type from MySQL

[Alan DeKok]

Robert Canary <[EMAIL PROTECTED]> wrote:
> I finally commented out every insistance on Auth-Type from the user.conf

  There is no 'user.conf' file distributed with the server.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius not reading Auth-Type from MySQL

[Alan DeKok]

Robert Canary <[EMAIL PROTECTED]> wrote:
> Where do have the Auth-Type := Local listed at; in the radgroupreply? 

  You don't.  It's not an attribute which goes into the reply to the
NAS.

  There was a message yesterday on the list about this same issue.

  Put the Auth-Type into the check table.  Read the 'users' file 'man'
page.  Look at the 'users' file examples.  The SQL configuration
attempts to mirror the same layout as the 'users' file.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Script to change password in mysql

[yacine rebahi]

please remove me from the mailing list

Simon White wrote:
> 
> 05-Feb-03 at 14:41, Daniel Dias Gonçalves ([EMAIL PROTECTED]) wrote :
> > I need one script cgi (php, Perl, c) to modify the password of the user in
> > a data base mysql that freeradius authenticate.
> > I think about something as a field using it to place the username, a field
> > for the current password and others two fields new password and to confirm
> > new password.
> 
> This would be a few lines of PHP. Learning PHP and how to connect it to
> your MySQL database is beyond the scope of this mailing list.
> 
> --
> |-Simon White, Internet Services Manager, Certified Check Point CCSA.
> |-MTDS  Internet, Security, Anti-Virus, Linux and Hosting Solutions.
> |-MTDS  14, rue du 16 novembre, Agdal, Rabat, Morocco.
> |-MTDS  tel +212.3.767.4861 - fax +212.3.767.4863
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-- 
Best Regards
Yacine


Yacine Rebahi
FOKUS - Institut fuer offene Kommunikationssysteme
Kaiserin-Augusta-Allee 31, D-10589 Berlin, Germany
Phone   +49 30 - 34 63 - 73 78
Fax +49 30 - 34 63 - 80 00
e-Mail  [EMAIL PROTECTED]


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Script to change password in mysql

[Simon White]

05-Feb-03 at 14:41, Daniel Dias Gonçalves ([EMAIL PROTECTED]) wrote :
> I need one script cgi (php, Perl, c) to modify the password of the user in 
> a data base mysql that freeradius authenticate.
> I think about something as a field using it to place the username, a field 
> for the current password and others two fields new password and to confirm 
> new password. 

This would be a few lines of PHP. Learning PHP and how to connect it to
your MySQL database is beyond the scope of this mailing list.

-- 
|-Simon White, Internet Services Manager, Certified Check Point CCSA.
|-MTDS  Internet, Security, Anti-Virus, Linux and Hosting Solutions.
|-MTDS  14, rue du 16 novembre, Agdal, Rabat, Morocco.
|-MTDS  tel +212.3.767.4861 - fax +212.3.767.4863

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Script to change password in mysql

[Daniel Dias Gonçalves]

I need one script cgi (php, Perl, c) to modify the password of the user in 
a data base mysql that freeradius authenticate.
I think about something as a field using it to place the username, a field 
for the current password and others two fields new password and to confirm 
new password. 

Somebody knows some solution?

--
Daniel Dias Gonçalves
[EMAIL PROTECTED]
 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

unsubscribe

[yacine rebahi]

please remove me from the list, I unsubscribed this morning but I am
still receiving emails
-- 
Best Regards
Yacine


Yacine Rebahi
FOKUS - Institut fuer offene Kommunikationssysteme
Kaiserin-Augusta-Allee 31, D-10589 Berlin, Germany
Phone   +49 30 - 34 63 - 73 78
Fax +49 30 - 34 63 - 80 00
e-Mail  [EMAIL PROTECTED]


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius not reading Auth-Type from MySQL

[Robert Canary]

What veersion are using Mike?

Michael Brininstool wrote:
> 
> On Wed, Feb 05, 2003 at 01:51:43AM -0600, [EMAIL PROTECTED] wrote:
> >
> > Where do have the Auth-Type := Local listed at; in the radgroupreply?
> > It seems I can only make it work by designating it as local in the
> > DEFUALT Auth-Type := Local.
> 
> I don't.  Here are the radiud.conf & users files with comments and blank
> lines stripped out:
> 
> ### radiusd.conf #
> prefix = /usr/local
> exec_prefix = ${prefix}
> sysconfdir = /etc
> localstatedir = /var
> sbindir = ${exec_prefix}/sbin
> logdir = ${localstatedir}/log/radius
> raddbdir = ${sysconfdir}/raddb
> radacctdir = ${logdir}/radacct
> confdir = ${raddbdir}
> run_dir = ${localstatedir}/run/radiusd
> log_file = ${logdir}/radius.log
> libdir = ${exec_prefix}/lib
> pidfile = ${run_dir}/radiusd.pid
> user = radius
> group = radius
> max_request_time = 8
> delete_blocked_requests = no
> cleanup_delay = 5
> max_requests = 1024
> bind_address = *
> port = 0
> hostname_lookups = no
> allow_core_dumps = no
> regular_expressions = yes
> extended_expressions= yes
> log_stripped_names = no
> log_auth = yes
> log_auth_badpass = no
> log_auth_goodpass = no
> usercollide = no
> lower_user = no
> lower_pass = no
> nospace_user = no
> nospace_pass = no
> checkrad = ${sbindir}/checkrad
> security {
> max_attributes = 200
> reject_delay = 1
> status_server = no
> }
> proxy_requests  = no
> $INCLUDE  ${confdir}/clients.conf
> $INCLUDE  ${confdir}/snmp.conf
> thread pool {
> start_servers = 5
> max_servers = 32
> min_spare_servers = 3
> max_spare_servers = 10
> max_requests_per_server = 0
> }
> modules {
> pap {
> encryption_scheme = clear
> authtype = PAP
> }
> realm suffix {
> format = suffix
> delimiter = "@"
> }
> realm realmslash {
> format = prefix
> delimiter = "/"
> }
> realm realmpercent {
> format = suffix
> delimiter = "%"
> }
> 
> preprocess {
> huntgroups = ${confdir}/huntgroups
> hints = ${confdir}/hints
> with_ascend_hack = no
> ascend_channels_per_line = 23
> with_ntdomain_hack = no
> with_specialix_jetstream_hack = no
> with_cisco_vsa_hack = no
> }
> files {
> usersfile = ${confdir}/users
> acctusersfile = ${confdir}/acct_users
> compat = no
> }
> detail {
> detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
> detailperm = 0600
> }
> acct_unique {
> key = "User-Name, Acct-Session-Id, NAS-IP-Address, 
>Client-IP-Address, NAS-Port-Id"
> }
> $INCLUDE  ${confdir}/sql.conf
> radutmp {
> filename = ${logdir}/radutmp
> perm = 0600
> callerid = "yes"
> }
> radutmp sradutmp {
> filename = ${logdir}/sradutmp
> perm = 0644
> callerid = "no"
> }
> attr_filter {
> attrsfile = ${confdir}/attrs
> }
> counter {
> filename = ${raddbdir}/db.counter
> key = User-Name
> count-attribute = Acct-Session-Time
> reset = daily
> counter-name = Daily-Session-Time
> check-name = Max-Daily-Session
> allowed-servicetype = Framed-User
> cache-size = 5000
> }
> always fail {
> rcode = fail
> }
> always reject {
> rcode = reject
> }
> always ok {
> rcode = ok
> simulcount = 0
> mpp = no
> }
> expr {
> }
> }
> instantiate {
> expr
> }
> authorize {
> preprocess
> suffix
> sql
> files
> }
> authenticate {
> authtype PAP {
> pap
> }
> }
> preacct {
> preprocess
> suffix
> files
> }
> accounting {
> acct_unique
> detail
> sql
> radutmp
> }
> session {
> radutmp
> sql
> }
> post-auth {
> }
> ### radiusd.conf #
> 
> ### users #
> DEFAULT Password = ""
> Service-Type = Outbound-User,
> Context-Name = "eth_customers",
> Rate_Limit_Rate = "3000",
> Rate_Limit_Burst = "5",
> Police_Rate = "128",
> Police_Burst = "15000"
> ### users #
> 
> --
> Michael P. Brini

Re: users and passwords in different databases?

[Claus Nagel]

ups, i missed an important thing:

i don't want to use realm-suffixes or prefixes.
the user just sends its username.
whether the password is checked against
radius1 or radius2 should be transparent
to the user!

-- 
+++ GMX - Mail, Messaging & more  http://www.gmx.net +++
NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen!


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

(no subject)

[yacine rebahi]

unsubscribe please
-- 
Best Regards
Yacine


Yacine Rebahi
FOKUS - Institut fuer offene Kommunikationssysteme
Kaiserin-Augusta-Allee 31, D-10589 Berlin, Germany
Phone   +49 30 - 34 63 - 73 78
Fax +49 30 - 34 63 - 80 00
e-Mail  [EMAIL PROTECTED]


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

freeradius-users added to gmane.org

[Peter Nixon]

Hi Guys

As I like to keep track of what is happening on freeradius-users but dont wish 
to always have it in my inbox (Yes. I do have filters and folders etc, but 
when I am on the road using webmail it can be a pain).
Therefore I have setup freeradius-users on

http://www.gmane.org/

So you can new read the mailing list with a news reader and subscribe to the 
list with mail delivery turned off (so as still be able to post)

Hope that helps somone else out too.

Cheers

-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Binary for debian

[Alexey Chetroi]

On Tue, Feb 04, 2003 at 03:52:27PM -0500, Kem Hartley wrote:
> From: Kem Hartley <[EMAIL PROTECTED]>
> Organization: Penn State University
> To: [EMAIL PROTECTED]
> Subject: Binary for debian
> Date: Tue, 04 Feb 2003 15:52:27 -0500
> 
> Hello,
>Does anyone happen to have a freeradius binary for Debian.  I'm 
> running debain 3.0 and am having trouble compiling the rlm_krb5 module.  
> I get the
> :warning: silently not building rlm_krb5
> warning: FAILURE rlm_krb5 requires: krb5
> 
> I installed the debian packages for krb5 and that seems to be working.
> I'm stuck and welcome any advice.

  Do you need rlm_krb module? If answer is no, then configure freeradius
with --without-rlm_krb5  option.

-- 

  Best regards,
  Alexey Chetroi

---
Smile... Tomorrow will be worse.   (c) Murphy's law

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: cisco_vsa_hack (rlm_preprocess)

[Alexey Chetroi]

On Tue, Feb 04, 2003 at 09:53:35PM +0300, Vladimir Kravchenko wrote:
> To: [EMAIL PROTECTED]
> Subject: cisco_vsa_hack (rlm_preprocess)
> From: Vladimir Kravchenko <[EMAIL PROTECTED]>
>  i386-unknown-freebsd4.7)
> Reply-To: [EMAIL PROTECTED]
> Date: Tue, 04 Feb 2003 21:53:35 +0300
> 
> 
> I offer to add functionality in the function "cisco_vsa_hack".
> 
> Example value pair:
> Cisco-AVPair = "h323-incoming-conf-id=cc0576cf 379011d7 95c8ef6a 9f419c36"
> I can not will address to attribute h323-incoming-conf-id through macro
> %{h323-incoming-conf-id}
> Offer: if "h323-incoming-conf-id" exists in dictonary then replace
> attribute & value.
> 

  I'm voting for this functionality. Cisco sends alot of attributes
which I'd like to store in sql table, but cannot access them via macro.

---
Smile... Tomorrow will be worse.   (c) Murphy's law

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

attribute grouping

[Robert Toth]

Hi, 

I'm running freeradius-0.8.1 on redhat linux. I have a problem with sending attributes 
from group 2. Radius always 
sends attributes only for group 1, here is debug output:
---
Login OK: [domain.sk/cisco] (from client LAC port 30001 cli 0253632293)
Sending Access-Accept of id 133 to 10.100.100.1:1645
Service-Type = Outbound-User
Tunnel-Type:1 = L2TP
Tunnel-Medium-Type:1 = IP
Tunnel-Server-Endpoint:1 = "10.100.100.2"
Tunnel-Password:1 = "\325,2\t\235S\243\035\367 \0047\230\222\r\200\353\303"
Tunnel-Preference:1 = 1
Finished request 0
Going to the next request
---

Here is my users file:
---
domain.sk   Auth-Type := Local, Password == "cisco"
Service-Type = Outbound-User,
Tunnel-Type:1 = L2TP,
Tunnel-Medium-Type:1 = IP,
Tunnel-Server-Endpoint:1 = "10.100.100.2",
Tunnel-Password:1 = "test",
Tunnel-Preference:1 = 1,
Tunnel-Type:2 = L2TP,
Tunnel-Medium-Type:2 = IP,
Tunnel-Server-Endpoint:2 = "10.100.100.3",
Tunnel-Password:2 = "test",
Tunnel-Preference:2 = 10

"[EMAIL PROTECTED]"   Auth-Type := Local, Password == "pass"
Service-Type = Framed-User
--

Can anybody help? Where is the problem ?

thanks for your time

robert

Róbert Tóth
system engineer
Tronet a.s.  tel.: +421 2 58224111  
Plynárenská 5fax : +421 2 58224199
829 75 Bratislava 25
Slovak Republic
===

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: /usr/bin/ld: cannot find -lperl ...

[Do-Risika RAFIEFERANTSIARONJY]

B J wrote:

On _ 2003-02-04 at 17:10, Do-Risika RAFIEFERANTSIARONJY wrote:



Though, libperl seems to be present :

indri:/etc/raddb# locate libperl
/usr/doc/libperl5.6
/usr/lib/libperl.so.5.6
/usr/lib/libperl.so.5.6.1

Do you know what's wrong in my config ?



Try adding a link with name libperl.so wich points to libperl.so.5.6.1
in /usr/lib/ 

now it works,

thanks much,

@+
--
DouRiX




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: ldap v2 supported?

[Kostas Kalevras]

On Sun, 2 Feb 2003, Chris van Meerendonk wrote:

> Hi,
>
> I've got Freeradius 0.81 installed with ldap-support. Unfortunately our
> ldap is (a sort of) OpenLdap v1.2.x. Is it possible to let Freeradius do
> auth on this version (ldap v2) of ldap?

Edit rlm_ldap.c and in line 1370 delete:

ldap_version = LDAP_VERSION3;
if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &ldap_version) !=
LDAP_OPT_SUCCESS) {
radlog(L_ERR, "rlm_ldap: Could not set LDAP version to V3");
}

make;make install.

That should do the trick.

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Release: Perl script to parse Cisco H323 VoIP call records into a Postgres DB

[Peter Nixon]

Yes. I am interested to see what you have. I have a whole bunch of perl 
scripts like this one that all do a slightly different job (One takes call 
records from cisco remote syslog and compares with the DB. etc..) but I would 
like to see your php. I previously had a bunch of stats pages written in PHP 
but with the amount of records I have it was timing out apache.

Alan I am in the process of cleaning all these scripts up for release. What 
say we create a sub project in the freeradius CVS to handle alot of this 
stuff. (I am particularly writing stuff to do h323 billing but general radius 
scripts are welcome) I already have cvs access, but dont want to commit new 
files withought your say so.
All the stuff I have written is radius related and indeed I am using it with 
freeradius, but it should work with any radius server/billing system hence 
the reason it may be a good idea to make it a separate project.

Regards

Peter

On Wed February 5 2003 09:34, Karageorgioy Aggelos wrote:
> godsend work , godsend I say , I have been looking exaclty for this peice
> of code !
>
> Is anyone interested in some php scripts for daily and monthly stats of
> mysql databases ?
>
> -Original Message-
> From: Peter Nixon [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, February 04, 2003 8:45 PM
> To: freeradius-users; freeradius-devel
> Subject: Release: Perl script to parse Cisco H323 VoIP call records into
> a Postgres DB
>
>
> Hi Guys
>
> Here is a release (version 1.0) of a program I wrote and have found very
> useful. Maybe someone else will too.
>
> http://www.peternixon.net/code/h323detail2db.pl.txt


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

users and passwords in different databases?

[Claus Nagel]

hi, is the following configuration possible with freeradius:

on a radius server (let's call it radius1) i want to administer
users (in plain ascii files). some of them shall have a
password given in that text file. all the others are also
administered on another radius server (radius2). this
server is an rsa/ace server which holds token-based
passwords for that users. 

authentication should work as follows:
the clients connects to radius1 sending username and
password. radius1 searches its ascii files for that user.
if it finds an entry with password it should check the
password and send its answer to the client.
if there is no password stored in the ascii file it should
forward that request to radius2, where the password is
checked against the ace-server. radius2 sends its answer
via radius1 to the client.

i know this is possible with cisco's acs-radius. there you 
can put users in groups. then you can define whether
passwords of the members of certain groups should be
checked against the internal or an external database.

i would like to use freeradius! so is it also possible with freeradius?

thanx,
claus



-- 
+++ GMX - Mail, Messaging & more  http://www.gmx.net +++
NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen!


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re[2]: Release: Perl script to parse Cisco H323 VoIP call records into a Postgres DB

[falcon]

Hello Karageorgioy,

Wednesday, February 5, 2003, 10:34:55 AM, you wrote:

KA> godsend work , godsend I say , I have been looking exaclty for this peice of code !

KA> Is anyone interested in some php scripts for daily and monthly stats of mysql 
databases ?

KA> -Original Message-
KA> From: Peter Nixon [mailto:[EMAIL PROTECTED]]
KA> Sent: Tuesday, February 04, 2003 8:45 PM
KA> To: freeradius-users; freeradius-devel
KA> Subject: Release: Perl script to parse Cisco H323 VoIP call records into
KA> a Postgres DB


KA> Hi Guys

KA> Here is a release (version 1.0) of a program I wrote and have found very
KA> useful. Maybe someone else will too.

KA> http://www.peternixon.net/code/h323detail2db.pl.txt

KA> -
KA> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

well... of course


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Release: Perl script to parse Cisco H323 VoIP call records intoa Postgres DB

[Kostas Kalevras]

On Wed, 5 Feb 2003, Karageorgioy Aggelos wrote:

> godsend work , godsend I say , I have been looking exaclty for this peice of code !
>
> Is anyone interested in some php scripts for daily and monthly stats of mysql 
>databases ?

Sure!

>
> -Original Message-
> From: Peter Nixon [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, February 04, 2003 8:45 PM
> To: freeradius-users; freeradius-devel
> Subject: Release: Perl script to parse Cisco H323 VoIP call records into
> a Postgres DB
>
>
> Hi Guys
>
> Here is a release (version 1.0) of a program I wrote and have found very
> useful. Maybe someone else will too.
>
> http://www.peternixon.net/code/h323detail2db.pl.txt
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Huntgroup by calledstationid?

[Ossama Suleiman]

J. S. Townsley wrote:


Anyone on the list ever hacked something up to create hunt groups based on
calledstationid?

I have a situation where I have a NAS with a couple different DID's on it.
I'd like an easy method to differentiate between users on these DID's.

IE, user bob can dial the local XXX number, but not the 800 number on the
same NAS.
 

create 2 huntgroups, list them in the file huntgroups:
huntgroup1Called-Station-Id==123456
huntgroup2Called-Station-Id==654321

then add this entry "huntgroup" to the user you want:

bobpassword=="secret", Huntgroup-Name == "huntgroup1"

hope that helps
--Ossama


Thoughts anyone?

--JST


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


 



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius not reading Auth-Type from MySQL

[Michael Brininstool]

On Wed, Feb 05, 2003 at 01:51:43AM -0600, [EMAIL PROTECTED] wrote:
> 
> Where do have the Auth-Type := Local listed at; in the radgroupreply? 
> It seems I can only make it work by designating it as local in the
> DEFUALT Auth-Type := Local.

I don't.  Here are the radiud.conf & users files with comments and blank
lines stripped out:

### radiusd.conf #
prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = /etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
log_file = ${logdir}/radius.log
libdir = ${exec_prefix}/lib
pidfile = ${run_dir}/radiusd.pid
user = radius
group = radius
max_request_time = 8
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = *
port = 0
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions= yes
log_stripped_names = no
log_auth = yes
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
proxy_requests  = no
$INCLUDE  ${confdir}/clients.conf
$INCLUDE  ${confdir}/snmp.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
pap {
encryption_scheme = clear
authtype = PAP
}
realm suffix {
format = suffix
delimiter = "@"
}
realm realmslash {
format = prefix
delimiter = "/"
}
realm realmpercent {
format = suffix
delimiter = "%"
}

preprocess {
huntgroups = ${confdir}/huntgroups
hints = ${confdir}/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
files {
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_users
compat = no
}
detail {
detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0600
}
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, 
NAS-Port-Id"
}
$INCLUDE  ${confdir}/sql.conf
radutmp {
filename = ${logdir}/radutmp
perm = 0600
callerid = "yes"
}
radutmp sradutmp {
filename = ${logdir}/sradutmp
perm = 0644
callerid = "no"
}
attr_filter {
attrsfile = ${confdir}/attrs
}
counter {
filename = ${raddbdir}/db.counter
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
allowed-servicetype = Framed-User
cache-size = 5000
}
always fail {
rcode = fail
}
always reject {
rcode = reject
}
always ok {
rcode = ok
simulcount = 0
mpp = no
}
expr {
}
}
instantiate {
expr
}
authorize {
preprocess
suffix
sql
files
}
authenticate {
authtype PAP {
pap
}
}
preacct {
preprocess
suffix
files
}
accounting {
acct_unique
detail
sql
radutmp
}
session {
radutmp
sql
}
post-auth {
}
### radiusd.conf #



### users #
DEFAULT Password = ""
Service-Type = Outbound-User,
Context-Name = "eth_customers",
Rate_Limit_Rate = "3000",
Rate_Limit_Burst = "5",
Police_Rate = "128",
Police_Burst = "15000"
### users #

--
Michael P. Brininstool  [EMAIL PROTECTED]

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html