Orkestra kuculdu ve cebinize girdi!

2003-02-24 Thread Melodi Grafik Hizmetleri 
Title: SMSNET MELODI GRAFIK HABERLER
   24 Þubat 2003www.melodilerim.com / www.grafiklerim.com  Allý Turnam  Gülpembe - Barýþ Manço  Arap Saçý - Erkin Koray  Bir Kulunu Çok Sevdim - Ýbrahim Tatlýses  Alyazmalým - Cahit Berkay  Kum Gibi - Ahmet Kaya  Düþler Sokaðý -Ezginin Günlüðü  Whenever Wherever - Shakira  Mezdeke  Mission Impossible   Ve daha niceleri Melodilerim.com' da ORKESTRA küçüldü, küçüldü, küçüldü... CEBÝNÝZE GÝRDÝ !Polifonik melodiler, GPRS veya WAP yoluyla polifonik özelliði olan cep telefonunuza indirebileceðiniz, þimdiye kadar alýþýk olduðunuz melodilerden farklý olarak birden fazla enstrümanýn kullanýldýðý çok sesli melodilerdir. En önemli özellikleri, orijinal hallerine daha çok benzemeleridir.Polifonik melodilerimizi dinlemek, hangi telefon modellerine gönderilebildiðini öðrenmek ve telefonunuza transfer etmek için týklayýnýz...Sayfalarýmýzdaki yeniliklerimizi göremiyorsanýz, lütfen melodilerim.com sayfamýzý bir kaç kez üstüste yeniden yükleyiniz  (Tazele / Refresh) ya da CTRL ve F5 tuþuna ayný anda basarak sayfamýzýn yeniden yüklenmesini saðlayýnýz.Melodi isteðinde  bulunmak istiyorum!Resmimi telefonumda görmek istiyorum!Þifremi unuttumHaber listenizden  çýkmak istiyorum Yardým hattýmýz: 0 312 2865891 (her gün 9.00 - 20.00 arasý)    


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Free Radius and Inter Access Point Protocol (IAPP - 802.11f)

2003-02-24 Thread Mohit Bajpai 



Hi,
    Could you please let me know 
whether FreeRadius supports IAPP. If yes then how can I configure it and if no 
is there any work going on to include IAPP support in freeRadius.
any information in this regard will be higly 
appreciated.
 
Thanks and Regards,
Mohit

Re: running freeradius on mips platform

2003-02-24 Thread Jeffery 
Dear Alan,
  All my other programs are work fine and no messages like this. all the
other application in freeradius, like check-config, radtest, are work
fine. Only "radiusd" cannot work.
:(

Can you give any other suggestion? Or what you think the error probably
occur reason. Thank you!


¦b ¶g¤@, 2003-02-24 19:21, Alan DeKok ¼g¹D¡G
> "jeffery" <[EMAIL PROTECTED]> wrote:
> >   I have successed crosscompile freeradius into mipsel-linux. But I got a
> > strange situation. That is, all debug messages are short in one line. And the
> > finally message is:
> > ,@[EMAIL PROTECTED]  /lib/ld.so.10@((0hhHH@@H@@[EMAIL PROTECTED] ([EMAIL 
> > PROTECTED]@@(@
> > ./radiusd: 1: Syntax error: "(" unexpected
> > all the other messages before line 1 are be replaced. Does anyone get the
> > error like this? Please help me! 
> 
>   It looks like your run-time system, or your cross-compile system is
> seriously broken.
> 
>   Ensure that you can cross-compile & run a simple "hello world"
> program, before you take on something larger like FreeRADIUS.
> 
>   Alan DeKok.
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- 
Regard,
Jeffery Huang
iMining Technology Co., Ltd.
8F-4, No.432, Sec.1 Keelung Rd.,
Taipei, Taiwan
TEL:886-2-27235122 ext 20
FAX:886-2-27232287
http://www.imining.com.tw
mail://[EMAIL PROTECTED]


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: RV: freeradius-ldap is not running

2003-02-24 Thread Robert Canary 
You have ldap configured in the radius.  You have ldap configured to be
a default fall-through.  I understand your ldap server is working fine. 
I'm saying the radius server isn't talking to the ldap server, _maybe_
because the basedn is set wrong.

Federico Edelman wrote:
> 
> My LDAP server works fine. I'm using the LDAP server for other services.
> 
> > -Mensaje original-
> > De: Robert Canary [mailto:[EMAIL PROTECTED]
> > Enviado el: lunes, 24 de febrero de 2003 15:35
> > Para: [EMAIL PROTECTED]
> > Asunto: Re: RV: freeradius-ldap is not running
> >
> > I think you should look at your ldap server logs.  Your "basedn" dosen't
> > look right to me.  I think it should be something like,
> > "cn=user-that-can-read-passwords,dc=example,dc=com"
> >
> > Federico Edelman wrote:
> > >
> > > I can't get a response.
> > > Somebody know about this trouble?
> > >
> > > -Mensaje original-
> > > De: Federico Edelman
> > > Enviado el: jueves, 20 de febrero de 2003 10:29
> > > Para: [EMAIL PROTECTED]
> > > Asunto: RE: freeradius-ldap is not running
> > >
> > > Robert:
> > > This is the complete log file.
> > >
> > > > -Mensaje original-
> > > > De: Robert Canary [mailto:[EMAIL PROTECTED]
> > > > Enviado el: miércoles, 19 de febrero de 2003 17:54
> > > > Para: [EMAIL PROTECTED]
> > > > Asunto: Re: freeradius-ldap is not running
> > > >
> > > > Why did you snip-it?  We need the rest of the lof file.
> > > >
> > > > Do this radiusd -X >/var/log/radiusd_dbg_con.log
> > > >
> > > > It is esasier to capture the error messages that way.
> > > >
> > > > Also what shows up in your freeradius logs during this time?
> > > >
> > > > Federico Edelman wrote:
> > > > >
> > > > > Hi guys,
> > > > > I'm newbie with freeradius. I'm running freeradius-0.8.1 on
> > > > > Linux Debian 3.1. The LDAP server/client is openldap-2.1.12.
> > > > >
> > > > > I've compiled the freeradius with:
> > > > >
> > > > > # LD_LIBRARY_PATH="/usr/local/openldap/lib:/usr/local/lib"
> > > > > # LDFLAGS="-L/usr/local/openldap/lib -L/usr/local/lib"
> > > > > # CFLAGS="-O -g -I/usr/local/openldap/include -I/usr/local/include"
> > > > > # CC="gcc"
> > > > > # export LD_LIBRARY_PATH LDFLAGS CFLAGS CC
> > > > > # ./configure --prefix=/usr/local/freeradius --with-
> > > > > openldap=/usr/local/openldap
> > > > > # make
> > > > > # make install
> > > > >
> > > > > All's ok.
> > > > >
> > > > > I've run:
> > > > > # /usr/local/freeradius/sbin/radiusd -X
> > > > > And...
> > > > > # /usr/local/freeradius/bin/radtest
> > > > >
> > > > > All's ok. The radtest connect with radiusd successfully.
> > > > >
> > > > > But, When I setting up the radius with LDAP support the radiusd exit
> > and
> > > > > not running.
> > > > >
> > > > > The radius ldap configuration:
> > > > >
> > > > > My /usr/local/freeradius/etc/raddb/radiusd.conf:
> > > > >  snip snip 
> > > > > ldap {
> > > > > server = "myldapserver"
> > > > > basedn = "ou=people,dc=rootldap"
> > > > > filter = "((posixAccount)(uid=%u))"
> > > > > start_tls = no
> > > > > tls_mode = no
> > > > > dictionary_mapping = ${raddbdir}/ldap.attrmap
> > > > > ldap_connections_number = 5
> > > > > timeout = 4
> > > > > timelimit = 3
> > > > > net_timeout = 1
> > > > > }
> > > > > authenticate {
> > > > > authtype LDAP {
> > > > > ldap
> > > > > }
> > > > > }
> > > > >  snip snip 
> > > > > my /usr/local/freeradius/etc/raddb/dictionary:
> > > > >  snip snip 
> > > > > #
> > > > > #   Non-Protocol Integer Translations
> > > > > #
> > > > >
> > > > > VALUE   Auth-Type   Local   0
> > > > > VALUE   Auth-Type   System  1
> > > > > VALUE   Auth-Type   SecurID 2
> > > > > VALUE   Auth-Type   Crypt-Local 3
> > > > > VALUE   Auth-Type   Reject  4
> > > > > VALUE   Auth-Type   ActivCard   4
> > > > > VALUE   Auth-Type   LDAP5
> > > > >  snip snip 
> > > > > my /usr/local/freeradius/etc/raddb/users:
> > > > >  snip snip 
> > > > > DEFAULT Auth-Type := LDAP
> > > > > Fall-Through = 1
> > > > >  snip snip 
> > > > >
> > > > > My ldif user:
> > > > >
> > > > >  snip snip 
> > > > > dn: uid=test,ou=people,dc=claxson
> > > > > objectClass: top
> > > > > objectClass: account
> > > > > objectClass: posixAccount
> > > > > ou: people
> > > > > uid: test
> > > > > cn: TestUser
> > > > > loginShell: /bin/bash
> > > > > homeDirectory: /home/test
> > > > > gecos: Test User
> > > > > uidNumber: 1001
> > > > > gidNumber: 1001
> > > > > userPassword

RE: RV: freeradius-ldap is not running

2003-02-24 Thread Federico Edelman 
My LDAP server works fine. I'm using the LDAP server for other services.


> -Mensaje original-
> De: Robert Canary [mailto:[EMAIL PROTECTED]
> Enviado el: lunes, 24 de febrero de 2003 15:35
> Para: [EMAIL PROTECTED]
> Asunto: Re: RV: freeradius-ldap is not running
> 
> I think you should look at your ldap server logs.  Your "basedn" dosen't
> look right to me.  I think it should be something like,
> "cn=user-that-can-read-passwords,dc=example,dc=com"
> 
> Federico Edelman wrote:
> >
> > I can't get a response.
> > Somebody know about this trouble?
> >
> > -Mensaje original-
> > De: Federico Edelman
> > Enviado el: jueves, 20 de febrero de 2003 10:29
> > Para: [EMAIL PROTECTED]
> > Asunto: RE: freeradius-ldap is not running
> >
> > Robert:
> > This is the complete log file.
> >
> > > -Mensaje original-
> > > De: Robert Canary [mailto:[EMAIL PROTECTED]
> > > Enviado el: miércoles, 19 de febrero de 2003 17:54
> > > Para: [EMAIL PROTECTED]
> > > Asunto: Re: freeradius-ldap is not running
> > >
> > > Why did you snip-it?  We need the rest of the lof file.
> > >
> > > Do this radiusd -X >/var/log/radiusd_dbg_con.log
> > >
> > > It is esasier to capture the error messages that way.
> > >
> > > Also what shows up in your freeradius logs during this time?
> > >
> > > Federico Edelman wrote:
> > > >
> > > > Hi guys,
> > > > I'm newbie with freeradius. I'm running freeradius-0.8.1 on
> > > > Linux Debian 3.1. The LDAP server/client is openldap-2.1.12.
> > > >
> > > > I've compiled the freeradius with:
> > > >
> > > > # LD_LIBRARY_PATH="/usr/local/openldap/lib:/usr/local/lib"
> > > > # LDFLAGS="-L/usr/local/openldap/lib -L/usr/local/lib"
> > > > # CFLAGS="-O -g -I/usr/local/openldap/include -I/usr/local/include"
> > > > # CC="gcc"
> > > > # export LD_LIBRARY_PATH LDFLAGS CFLAGS CC
> > > > # ./configure --prefix=/usr/local/freeradius --with-
> > > > openldap=/usr/local/openldap
> > > > # make
> > > > # make install
> > > >
> > > > All's ok.
> > > >
> > > > I've run:
> > > > # /usr/local/freeradius/sbin/radiusd -X
> > > > And...
> > > > # /usr/local/freeradius/bin/radtest
> > > >
> > > > All's ok. The radtest connect with radiusd successfully.
> > > >
> > > > But, When I setting up the radius with LDAP support the radiusd exit
> and
> > > > not running.
> > > >
> > > > The radius ldap configuration:
> > > >
> > > > My /usr/local/freeradius/etc/raddb/radiusd.conf:
> > > >  snip snip 
> > > > ldap {
> > > > server = "myldapserver"
> > > > basedn = "ou=people,dc=rootldap"
> > > > filter = "((posixAccount)(uid=%u))"
> > > > start_tls = no
> > > > tls_mode = no
> > > > dictionary_mapping = ${raddbdir}/ldap.attrmap
> > > > ldap_connections_number = 5
> > > > timeout = 4
> > > > timelimit = 3
> > > > net_timeout = 1
> > > > }
> > > > authenticate {
> > > > authtype LDAP {
> > > > ldap
> > > > }
> > > > }
> > > >  snip snip 
> > > > my /usr/local/freeradius/etc/raddb/dictionary:
> > > >  snip snip 
> > > > #
> > > > #   Non-Protocol Integer Translations
> > > > #
> > > >
> > > > VALUE   Auth-Type   Local   0
> > > > VALUE   Auth-Type   System  1
> > > > VALUE   Auth-Type   SecurID 2
> > > > VALUE   Auth-Type   Crypt-Local 3
> > > > VALUE   Auth-Type   Reject  4
> > > > VALUE   Auth-Type   ActivCard   4
> > > > VALUE   Auth-Type   LDAP5
> > > >  snip snip 
> > > > my /usr/local/freeradius/etc/raddb/users:
> > > >  snip snip 
> > > > DEFAULT Auth-Type := LDAP
> > > > Fall-Through = 1
> > > >  snip snip 
> > > >
> > > > My ldif user:
> > > >
> > > >  snip snip 
> > > > dn: uid=test,ou=people,dc=claxson
> > > > objectClass: top
> > > > objectClass: account
> > > > objectClass: posixAccount
> > > > ou: people
> > > > uid: test
> > > > cn: TestUser
> > > > loginShell: /bin/bash
> > > > homeDirectory: /home/test
> > > > gecos: Test User
> > > > uidNumber: 1001
> > > > gidNumber: 1001
> > > > userPassword: {crypt}XXX
> > > >  snip snip 
> > > >
> > > > When I run "radiusd -X" I get this:
> > > >  snip snip 
> > > > .
> > > > .
> > > > .
> > > > Module: Loaded radutmp
> > > >  radutmp: filename = "/usr/local/freeradius/var/log/radius/radutmp"
> > > >  radutmp: username = "%{User-Name}"
> > > >  radutmp: perm = 384
> > > >  radutmp: callerid = yes
> > > > Module: Instantiated radutmp (radutmp)
> > > >  main: smux_password = ""
> > > >  main: snmp_write_access = no
> > > > SMUX connect try 1
> > > > SMUX open

Re: RV: freeradius-ldap is not running

2003-02-24 Thread Robert Canary 
I think you should look at your ldap server logs.  Your "basedn" dosen't
look right to me.  I think it should be something like,
"cn=user-that-can-read-passwords,dc=example,dc=com"

Federico Edelman wrote:
> 
> I can't get a response.
> Somebody know about this trouble?
> 
> -Mensaje original-
> De: Federico Edelman
> Enviado el: jueves, 20 de febrero de 2003 10:29
> Para: [EMAIL PROTECTED]
> Asunto: RE: freeradius-ldap is not running
> 
> Robert:
> This is the complete log file.
> 
> > -Mensaje original-
> > De: Robert Canary [mailto:[EMAIL PROTECTED]
> > Enviado el: miércoles, 19 de febrero de 2003 17:54
> > Para: [EMAIL PROTECTED]
> > Asunto: Re: freeradius-ldap is not running
> >
> > Why did you snip-it?  We need the rest of the lof file.
> >
> > Do this radiusd -X >/var/log/radiusd_dbg_con.log
> >
> > It is esasier to capture the error messages that way.
> >
> > Also what shows up in your freeradius logs during this time?
> >
> > Federico Edelman wrote:
> > >
> > > Hi guys,
> > > I'm newbie with freeradius. I'm running freeradius-0.8.1 on
> > > Linux Debian 3.1. The LDAP server/client is openldap-2.1.12.
> > >
> > > I've compiled the freeradius with:
> > >
> > > # LD_LIBRARY_PATH="/usr/local/openldap/lib:/usr/local/lib"
> > > # LDFLAGS="-L/usr/local/openldap/lib -L/usr/local/lib"
> > > # CFLAGS="-O -g -I/usr/local/openldap/include -I/usr/local/include"
> > > # CC="gcc"
> > > # export LD_LIBRARY_PATH LDFLAGS CFLAGS CC
> > > # ./configure --prefix=/usr/local/freeradius --with-
> > > openldap=/usr/local/openldap
> > > # make
> > > # make install
> > >
> > > All's ok.
> > >
> > > I've run:
> > > # /usr/local/freeradius/sbin/radiusd -X
> > > And...
> > > # /usr/local/freeradius/bin/radtest
> > >
> > > All's ok. The radtest connect with radiusd successfully.
> > >
> > > But, When I setting up the radius with LDAP support the radiusd exit and
> > > not running.
> > >
> > > The radius ldap configuration:
> > >
> > > My /usr/local/freeradius/etc/raddb/radiusd.conf:
> > >  snip snip 
> > > ldap {
> > > server = "myldapserver"
> > > basedn = "ou=people,dc=rootldap"
> > > filter = "((posixAccount)(uid=%u))"
> > > start_tls = no
> > > tls_mode = no
> > > dictionary_mapping = ${raddbdir}/ldap.attrmap
> > > ldap_connections_number = 5
> > > timeout = 4
> > > timelimit = 3
> > > net_timeout = 1
> > > }
> > > authenticate {
> > > authtype LDAP {
> > > ldap
> > > }
> > > }
> > >  snip snip 
> > > my /usr/local/freeradius/etc/raddb/dictionary:
> > >  snip snip 
> > > #
> > > #   Non-Protocol Integer Translations
> > > #
> > >
> > > VALUE   Auth-Type   Local   0
> > > VALUE   Auth-Type   System  1
> > > VALUE   Auth-Type   SecurID 2
> > > VALUE   Auth-Type   Crypt-Local 3
> > > VALUE   Auth-Type   Reject  4
> > > VALUE   Auth-Type   ActivCard   4
> > > VALUE   Auth-Type   LDAP5
> > >  snip snip 
> > > my /usr/local/freeradius/etc/raddb/users:
> > >  snip snip 
> > > DEFAULT Auth-Type := LDAP
> > > Fall-Through = 1
> > >  snip snip 
> > >
> > > My ldif user:
> > >
> > >  snip snip 
> > > dn: uid=test,ou=people,dc=claxson
> > > objectClass: top
> > > objectClass: account
> > > objectClass: posixAccount
> > > ou: people
> > > uid: test
> > > cn: TestUser
> > > loginShell: /bin/bash
> > > homeDirectory: /home/test
> > > gecos: Test User
> > > uidNumber: 1001
> > > gidNumber: 1001
> > > userPassword: {crypt}XXX
> > >  snip snip 
> > >
> > > When I run "radiusd -X" I get this:
> > >  snip snip 
> > > .
> > > .
> > > .
> > > Module: Loaded radutmp
> > >  radutmp: filename = "/usr/local/freeradius/var/log/radius/radutmp"
> > >  radutmp: username = "%{User-Name}"
> > >  radutmp: perm = 384
> > >  radutmp: callerid = yes
> > > Module: Instantiated radutmp (radutmp)
> > >  main: smux_password = ""
> > >  main: snmp_write_access = no
> > > SMUX connect try 1
> > > SMUX open oid: 1.3.6.1.4.1.3317.1.3.1
> > > SMUX open progname: radiusd
> > > SMUX open password:
> > > SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1
> > > SMUX register priority: -1
> > > SMUX register operation: 1
> > > SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1
> > > SMUX register priority: -1
> > > SMUX register operation: 1
> > >  snip snip 
> > >
> > > And... exit and radiusd isn't running.
> > >
> > > What can I do wrong? Any idea?
> > >
> > > Thanks very much.
> > >
> > > Federico
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > h

Re: SIGTERM somewhere in SQL accounting (using MySQL)

2003-02-24 Thread Alan DeKok 
[EMAIL PROTECTED] (Derrik Pates) wrote:
> Actually, it pointed me in the right direction anyway - the checkrad
> script tried talking to the RAS server via SNMP, and got no response,
> and died of SIGTERM, for whatever reason knocking radiusd over with it.
> Anyone have any insight on that?

  There was a long discussion on this list last Friday about exactly
this issue.  See the archives for details.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: SIGTERM somewhere in SQL accounting (using MySQL)

2003-02-24 Thread Derrik Pates 
On Mon, Feb 24, 2003 at 10:40:13AM -0600, Chris Parker wrote:
> Use GDB it's much handier at finding the cause of the sigterm than
> strace.

Actually, it pointed me in the right direction anyway - the checkrad
script tried talking to the RAS server via SNMP, and got no response,
and died of SIGTERM, for whatever reason knocking radiusd over with it.
Anyone have any insight on that?

-- 
Derrik Pates
[EMAIL PROTECTED]
[EMAIL PROTECTED]

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: SIGTERM somewhere in SQL accounting (using MySQL)

2003-02-24 Thread Chris Parker 
At 11:26 AM 2/24/2003 -0500, Derrik Pates wrote:
For some reason, I've started to see FreeRADIUS die of a SIGTERM
somewhere in its SQL accounting code. It's going something like this:


radius_xlat:  'SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, 
NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM radacct 
WHERE UserName='USERNAME' AND AcctStopTime = 0'
Terminated

I'm running it now with an strace, to see where it's dying more
specifically. I'm using the code from a CVS snap from 10 days ago
(20030214), if that helps to narrow it down.
Use GDB it's much handier at finding the cause of the sigterm than
strace.
-Chris

--
   \\\|||///  \  StarNet Inc.  \ Chris Parker
   \ ~   ~ /   \   WX *is* Wireless!\   Director, Engineering
   | @   @ |\   http://www.starnetwx.net \  (847) 963-0116
oOo---(_)---oOo--\--
  \ Wholesale Internet Services - http://www.megapop.net


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Realm specific Accounting

2003-02-24 Thread Alan DeKok 
"Gene Parks" <[EMAIL PROTECTED]> wrote:
> Is there anyway to point specific realms to log accounting information
> to specific databases?
> 
> i.e. realm1 to mysql
>   realm2 to mssql
>   reaml3 to ldap

  In the CVS head (it may not be in 0.8.1), use 'Acct-Type'

DEFAULT  User-Name =~ @realm1", Acct-Type := "mysql"
 Fall-Through = 1

...

  Then set up "mysql", "mssql", and "ldap" modules with accounting.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: running freeradius on mips platform

2003-02-24 Thread Alan DeKok 
"jeffery" <[EMAIL PROTECTED]> wrote:
>   I have successed crosscompile freeradius into mipsel-linux. But I got a
> strange situation. That is, all debug messages are short in one line. And the
> finally message is:
> ,@[EMAIL PROTECTED]  /lib/ld.so.10@((0hhHH@@H@@[EMAIL PROTECTED] ([EMAIL 
> PROTECTED]@@(@
> ./radiusd: 1: Syntax error: "(" unexpected
> all the other messages before line 1 are be replaced. Does anyone get the
> error like this? Please help me! 

  It looks like your run-time system, or your cross-compile system is
seriously broken.

  Ensure that you can cross-compile & run a simple "hello world"
program, before you take on something larger like FreeRADIUS.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

SIGTERM somewhere in SQL accounting (using MySQL)

2003-02-24 Thread Derrik Pates 
For some reason, I've started to see FreeRADIUS die of a SIGTERM
somewhere in its SQL accounting code. It's going something like this:


radius_xlat:  'USERNAME'
rlm_sql (sql): sql_set_user escaped user --> 'USERNAME'
radius_xlat:  'SELECT COUNT(*) FROM radacct WHERE UserName='USERNAME' AND AcctStopTime 
= 0'
rlm_sql (sql): Reserving sql socket id: 1
radius_xlat:  'SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, 
FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE 
UserName='USERNAME' AND AcctStopTime = 0'
Terminated

I'm running it now with an strace, to see where it's dying more
specifically. I'm using the code from a CVS snap from 10 days ago
(20030214), if that helps to narrow it down.

-- 
Derrik Pates
[EMAIL PROTECTED]
[EMAIL PROTECTED]

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Patch for LDAP URI support (at least with OpenLDAP libraries)

2003-02-24 Thread Derrik Pates 
On Sat, Feb 22, 2003 at 11:40:24AM +0200, Kostas Kalevras wrote:
> Where's the patch?

Heh. Sure enough, I forgot to attach the patch. It's attached this time,
I swear! :)

-- 
Derrik Pates
[EMAIL PROTECTED]
[EMAIL PROTECTED]
--- /root/radiusd/src/modules/rlm_ldap/rlm_ldap.c   Fri Jan 24 08:35:30 2003
+++ radiusd/src/modules/rlm_ldap/rlm_ldap.c Fri Feb 21 20:19:28 2003
@@ -186,6 +186,9 @@
 
 typedef struct {
char   *server;
+#ifdef LDAP_API_FEATURE_X_OPENLDAP
+   char   *server_uri;
+#endif /* LDAP_API_FEATURE_X_OPENLDAP */
int port;
int timelimit;
struct timeval  net_timeout;
@@ -223,6 +226,9 @@
 static CONF_PARSER module_config[] = {
{"server", PW_TYPE_STRING_PTR, offsetof(ldap_instance,server), NULL, 
"localhost"},
{"port", PW_TYPE_INTEGER, offsetof(ldap_instance,port), NULL, "389"},
+#ifdef LDAP_API_FEATURE_X_OPENLDAP
+   {"server_uri", PW_TYPE_STRING_PTR, offsetof(ldap_instance,server_uri), NULL, 
NULL},
+#endif /* LDAP_API_FEATURE_X_OPENLDAP */
/* wait forever on network activity */
{"net_timeout", PW_TYPE_INTEGER, offsetof(ldap_instance,net_timeout.tv_sec), 
NULL, "10"},
/* wait forever for search results */
@@ -320,11 +326,17 @@
return -1;
}
 
-   if (inst->server == NULL) {
-   radlog(L_ERR, "rlm_ldap: missing 'server' directive.");
-   free(inst);
-   return -1;
+#ifdef LDAP_API_FEATURE_X_OPENLDAP
+   if (inst->server_uri == NULL) {
+#endif /* LDAP_API_FEATURE_X_OPENLDAP */
+   if (inst->server == NULL) {
+   radlog(L_ERR, "rlm_ldap: missing 'server' directive.");
+   free(inst);
+   return -1;
+   }
+#ifdef LDAP_API_FEATURE_X_OPENLDAP
}
+#endif /* LDAP_API_FEATURE_X_OPENLDAP */
  
inst->timeout.tv_usec = 0;
inst->net_timeout.tv_usec = 0;
@@ -1352,12 +1364,26 @@
int ldap_errno = 0;
LDAPMessage*res;
 
-   DEBUG("rlm_ldap: (re)connect to %s:%d, authentication %d", inst->server, 
inst->port, auth);
-   if ((ld = ldap_init(inst->server, inst->port)) == NULL) {
-   radlog(L_ERR, "rlm_ldap: ldap_init() failed");
-   *result = RLM_MODULE_FAIL;
-   return (NULL);
+#ifdef LDAP_API_FEATURE_X_OPENLDAP
+   if (inst->server_uri) {
+   DEBUG("rlm_ldap: (re)connect to %s, authentication %d", 
inst->server_uri, auth);
+   if (ldap_initialize(&ld, inst->server_uri) != LDAP_SUCCESS) {
+   radlog(L_ERR, "rlm_ldap: ldap_initialize() failed");
+   *result = RLM_MODULE_FAIL;
+   return (NULL);
+   }
+   }
+   else {
+#endif /* LDAP_API_FEATURE_X_OPENLDAP */
+   DEBUG("rlm_ldap: (re)connect to %s:%d, authentication %d", 
inst->server, inst->port, auth);
+   if ((ld = ldap_init(inst->server, inst->port)) == NULL) {
+   radlog(L_ERR, "rlm_ldap: ldap_init() failed");
+   *result = RLM_MODULE_FAIL;
+   return (NULL);
+   }
+#ifdef LDAP_API_FEATURE_X_OPENLDAP
}
+#endif /* LDAP_API_FEATURE_X_OPENLDAP */
if (ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, (void *) 
&(inst->net_timeout)) != LDAP_OPT_SUCCESS) {
radlog(L_ERR, "rlm_ldap: Could not set LDAP_OPT_NETWORK_TIMEOUT 
%ld.%ld", inst->net_timeout.tv_sec, inst->net_timeout.tv_usec);
}

pb with eap-md5 !

2003-02-24 Thread Benoît Bécel 
I would like to use eap-md5 on a wired network !

I have a laptop on Win XP with a pcmcia 3com Etherlink III card!
I use a Business Policy Switch 2000 as NAS and FreeRadius on Linux !
And it seems that EAP-MD5 can't work, but my laptop answer to the NAS 
request/identity when I activate PEAP instead of EAP-MD5!
But PEAP is a non-standard protocol and doesn't work with FreeRadius !

I know it's more a windows problem than a FreeRadius one but I can't 
solve it!
Thanks for your help !

Beno

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RV: freeradius-ldap is not running

2003-02-24 Thread Federico Edelman 
I can't get a response.
Somebody know about this trouble?

-Mensaje original-
De: Federico Edelman 
Enviado el: jueves, 20 de febrero de 2003 10:29
Para: [EMAIL PROTECTED]
Asunto: RE: freeradius-ldap is not running

Robert:
This is the complete log file.

> -Mensaje original-
> De: Robert Canary [mailto:[EMAIL PROTECTED]
> Enviado el: miércoles, 19 de febrero de 2003 17:54
> Para: [EMAIL PROTECTED]
> Asunto: Re: freeradius-ldap is not running
> 
> Why did you ship-it?  We need the rest of the lof file.
> 
> Do this radiusd -X >/var/log/radiusd_dbg_con.log
> 
> It is esasier to capture the error messages that way.
> 
> Also what shows up in your freeradius logs during this time?
> 
> Federico Edelman wrote:
> >
> > Hi guys,
> > I'm newbie with freeradius. I'm running freeradius-0.8.1 on
> > Linux Debian 3.1. The LDAP server/client is openldap-2.1.12.
> >
> > I've compiled the freeradius with:
> >
> > # LD_LIBRARY_PATH="/usr/local/openldap/lib:/usr/local/lib"
> > # LDFLAGS="-L/usr/local/openldap/lib -L/usr/local/lib"
> > # CFLAGS="-O -g -I/usr/local/openldap/include -I/usr/local/include"
> > # CC="gcc"
> > # export LD_LIBRARY_PATH LDFLAGS CFLAGS CC
> > # ./configure --prefix=/usr/local/freeradius --with-
> > openldap=/usr/local/openldap
> > # make
> > # make install
> >
> > All's ok.
> >
> > I've run:
> > # /usr/local/freeradius/sbin/radiusd -X
> > And...
> > # /usr/local/freeradius/bin/radtest
> >
> > All's ok. The radtest connect with radiusd successfully.
> >
> > But, When I setting up the radius with LDAP support the radiusd exit and
> > not running.
> >
> > The radius ldap configuration:
> >
> > My /usr/local/freeradius/etc/raddb/radiusd.conf:
> >  snip snip 
> > ldap {
> > server = "myldapserver"
> > basedn = "ou=people,dc=rootldap"
> > filter = "((posixAccount)(uid=%u))"
> > start_tls = no
> > tls_mode = no
> > dictionary_mapping = ${raddbdir}/ldap.attrmap
> > ldap_connections_number = 5
> > timeout = 4
> > timelimit = 3
> > net_timeout = 1
> > }
> > authenticate {
> > authtype LDAP {
> > ldap
> > }
> > }
> >  snip snip 
> > my /usr/local/freeradius/etc/raddb/dictionary:
> >  snip snip 
> > #
> > #   Non-Protocol Integer Translations
> > #
> >
> > VALUE   Auth-Type   Local   0
> > VALUE   Auth-Type   System  1
> > VALUE   Auth-Type   SecurID 2
> > VALUE   Auth-Type   Crypt-Local 3
> > VALUE   Auth-Type   Reject  4
> > VALUE   Auth-Type   ActivCard   4
> > VALUE   Auth-Type   LDAP5
> >  snip snip 
> > my /usr/local/freeradius/etc/raddb/users:
> >  snip snip 
> > DEFAULT Auth-Type := LDAP
> > Fall-Through = 1
> >  snip snip 
> >
> > My ldif user:
> >
> >  snip snip 
> > dn: uid=test,ou=people,dc=claxson
> > objectClass: top
> > objectClass: account
> > objectClass: posixAccount
> > ou: people
> > uid: test
> > cn: TestUser
> > loginShell: /bin/bash
> > homeDirectory: /home/test
> > gecos: Test User
> > uidNumber: 1001
> > gidNumber: 1001
> > userPassword: {crypt}XXX
> >  snip snip 
> >
> > When I run "radiusd -X" I get this:
> >  snip snip 
> > .
> > .
> > .
> > Module: Loaded radutmp
> >  radutmp: filename = "/usr/local/freeradius/var/log/radius/radutmp"
> >  radutmp: username = "%{User-Name}"
> >  radutmp: perm = 384
> >  radutmp: callerid = yes
> > Module: Instantiated radutmp (radutmp)
> >  main: smux_password = ""
> >  main: snmp_write_access = no
> > SMUX connect try 1
> > SMUX open oid: 1.3.6.1.4.1.3317.1.3.1
> > SMUX open progname: radiusd
> > SMUX open password:
> > SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1
> > SMUX register priority: -1
> > SMUX register operation: 1
> > SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1
> > SMUX register priority: -1
> > SMUX register operation: 1
> >  snip snip 
> >
> > And... exit and radiusd isn't running.
> >
> > What can I do wrong? Any idea?
> >
> > Thanks very much.
> >
> > Federico
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


freeradius.log
Description: freeradius.log

Re: Simultaneous-Use + Ascend maxen

2003-02-24 Thread Jacques Caruso 
Le Samedi 22 Février 2003 02:07, Kristina Pfaff-Harris a écrit :
> Simultaneous-Use set to 1, if I dial into a Max when the account is
> already logged on, I get dropped to the internal ascend% prompt.

Well, my tests here (with a MAX4048) didn't show such a behaviour. I
just get disconnected right after login. Unfortunately, the MAX just
died last night, so I can't test it anymore (doh !)...

> I know this is likely an Ascend wierdness rather than a Freeradius
> weirdness, but was wondering if any other folks with Maxen have
> noticed this, and if so, what you did about it? Or, if you didn't

I would suggest scouring the Maxen's configuration. Judging from the
Ascend docs, one probable candidate would be 'Profile reqd = No' in the
Answer profile. Just guessing, of course, but I'm fairly confident the
problem lies with the NAS configuration rather than the RADIUS server...

> notice it, and you are using MySQL auth, can you tell me how your
> Simultaneous-Use flag is set? I have no Simultaneous-Use settings in
> the database, and in the users file, I have:

I did put it in the database :

mysql> SELECT Attribute,op,Value FROM radgroupcheck;
(...)
| Simultaneous-Use  | :=   | 1 |

It works for us (well, except for a bizarre problem that only plagues
one SQL group connecting via a Livingston PM3. But this has nothing to
do with the issue at hand).

Not sure it can help, but good luck anyway...

Regards,
-- 
[ Jacques Caruso <[EMAIL PROTECTED]>  Développeur PHP ]
[ Monaco Internet   http://monaco-internet.mc/ ]
[ Tél : (+377) 93 10 00 43Clé PGP : 0x41F5C63D ]
[ -+-   Trespassers will be shot.  Survivors will be prosecuted.   -+- ]

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Auth-Type := Reject

2003-02-24 Thread Alan DeKok 
David De Maeyer <[EMAIL PROTECTED]> wrote:
> In our case doing so gives some problems. First of all we
> authenticate our users via the users file and via our LDAP
> server.

  No.  The 'users' file AUTHORIZES the users.  It doesn't authenticate
anyone.

> If the user is not found in the users file then Radius tries
> via the LDAP server. It works fine. But of course we do not need to
> authenticate the user WhistleBlower via LDAP. It unnecessary fills
> the log file with:
> 
> Mon Feb 24 10:53:27 2003 : Auth: Login incorrect (rlm_ldap: User not found): 
> [WhistleBlower] (from client YYY port 1)

  Then disable logging of failed authentication requests.

> What I did than is to create a user WhistleBlower a the beginning of
> the users file using the "Auth-Type := Reject" attribute. Starting
> radiusd in debug mode and using radtest I tested that user and
> access was rejected as expected and radiusd didn't make use of the
> rlm_ldap module:
...

  And you provided the output of 'radtest' NOT the output of the
server.  So you have no idea whether or not that test used the LDAP
module.

> But when starting radiusd normally it seems that it still tries to
> authenticate the WhistleBlower user against the LDAP server.

  I'll bet money that the same thing happens for the test you posted above.

> It seems to me that Radius ignores the WhistleBlower user defined at
> the beginning of the users file:

  No.  What's happening is that the 'files' module (which administers
the 'users' file) is returning 'OK' from the 'authorize' section.
Since you configured the user to be rejected, it would be better for
the module to return REJECT.  The server would then immediately stop
processing the request, and reject the user.

> clients file is organized as:
> 1. WhistleBlower user
> 2. Local users
> 3. DEFAULT LDAP authentication

  None of those things go into the 'clients' file.


  The solution is to fix the 'files' module to return 'reject'.  The
patch is small.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: RADIUS +

2003-02-24 Thread Alan DeKok 
[EMAIL PROTECTED] wrote:
> I understand you Alan, but i want my application to create the policy not the 
> database. LDAP in my case just stores the userbase(which is already working 
> fine). 

  LDAP can store the RADIUS policy, too.  That's what I said.

> The main reason for me to write this application(which is part of my project) 
> is to create a GUI for a person who manages a WLAN security and he is not too 
> much interested in the inner workings of RADIUS or LDAP.
> 
> And should be able to enforce policy based authentication using my application.

  If your application does't use RADIUS, then I don't understand why
you're asking questions on this list.

  If your application does use RADIUS, then I don't understand why
you're not just using FreeRADIUS.  It even comes with a PHP
administration front-end, which can be used to configure policy.

> Is this possible, if yes please tell what do i do.

  What you're doing makes no sense to me.  I would advise you to use
existing tools, rather than re-inventing the wheel.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Dictonary in postgresql

2003-02-24 Thread Alan DeKok 
"leaobicalho" <[EMAIL PROTECTED]> wrote:
> How Can i use my Dictonary with
> postgresql? What i need put in
> postgresql.conf to dictonary work also
> in database?

  You can't.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Dictonary in postgresql

2003-02-24 Thread leaobicalho 
How Can i use my Dictonary with
postgresql? What i need put in
postgresql.conf to dictonary work also
in database?

thanks
Leao Bicalho


__
E-mail Premium BOL
Antivírus, anti-spam e até 100 MB de espaço. Assine já!
http://email.bol.com.br/



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

IPPOOL PROBLEM

2003-02-24 Thread Javier Castillo Alcibar 
Hello All,

I have a problem with rlm_ippool module It doesn't give
ip addresses... :(
This is my radiusd.conf:

modules {
..
ippool ippool {
name = ippool
range-start = 194.69.251.128
range-stop = 194.69.251.254
netmask = 255.255.252.0
session-db = /usr/local/etc/raddb/ippool-sess-db
ip-index = /usr/local/etc/raddb/ippool-idx-db
cache-size = 1000
}

}
accounting {
acct_unique
detail
unix 
radutmp
ippool
}
post-auth {
ippool
}


When the radius gets an incoming auth.req :

Thread 4 handling request 3, (1 handled so far)
User-Name = "tec-javiere"
User-Password = "1"
NAS-IP-Address = 194.69.248.50
NAS-Port = 2
Framed-Protocol = PPP
Service-Type = 0

modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
  modcall[authorize]: module "chap" returns noop
  modcall[authorize]: module "mschap" returns notfound
rlm_realm: No '@' in User-Name = "tec-javiere", looking up realm
NULL
rlm_realm: No such realm NULL
  modcall[authorize]: module "suffix" returns noop
users: Matched tec-javiere at 5123
  modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
  rad_check_password:  Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password Login OK:
[tec-javiere] (from client alhproxy port 2)
modcall: entering group post-auth
rlm_ippool: Searching for an entry for nas/port: 194.69.248.50/2
  modcall[post-auth]: module "ippool" returns noop
modcall: group post-auth returns noop
Sending Access-Accept of id 36 to 194.69.248.50:2761
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-MTU = 1500
Framed-Address = 255.255.255.255
Framed-Netmask = 255.255.255.255
Ascend-Metric = 2
Framed-Routing = None
Framed-Compression = None
Ascend-Idle-Limit = 14400
Ascend-Maximum-Time = 36000
Finished request 3

 

Why ippool modules returns NOOP??

Thx in advance.
Javier.



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Auth-Type := Reject

2003-02-24 Thread David De Maeyer 
Hi,

I use Whistle Blower to monitor our servers (mainly to nake sure the servers are still
running). Basically Whistle Blower will attempt to validate a user named WhistleBlower
and validate the packet denying returned by the Radius server.

In our case doing so gives some problems. First of all we authenticate our users via
the users file and via our LDAP server. If the user is not found in the users file then
Radius tries via the LDAP server. It works fine. But of course we do not need to 
authenticate
the user WhistleBlower via LDAP. It unnecessary fills the log file with:

Mon Feb 24 10:53:27 2003 : Auth: Login incorrect (rlm_ldap: User not found): 
[WhistleBlower] (from client YYY port 1)

What I did than is to create a user WhistleBlower a the beginning of the users file 
using
the "Auth-Type := Reject" attribute. Starting radiusd in debug mode and using radtest
I tested that user and access was rejected as expected and radiusd didn't make use of
the rlm_ldap module:

-- test --
# /var/log/radius# radtest WhistleBlower fff 130.225.220.157:1645 0 testing123
Sending Access-Request of id 104 to 130.225.220.157:1645
User-Name = "WhistleBlower"
User-Password = "/D\333\355\026_}\2465zF]\021n\206\322"
NAS-IP-Address = woody
NAS-Port = 0
rad_recv: Access-Reject packet from host 130.225.220.157:1645, id=104, length=63
Reply-Message = "Whistle Blower user. Rejected by default."
# /var/log/radius#
-- end test --

But when starting radiusd normally it seems that it still tries to authenticate the
WhistleBlower user against the LDAP server. It seems to me that Radius ignores the
WhistleBlower user defined at the beginning of the users file:

-- log --
Mon Feb 24 10:47:58 2003 : Auth: Login OK: [keha] (from client XXX port 13 cli 
45875082)
Mon Feb 24 10:49:42 2003 : Auth: Login OK: [ncje] (from client XXX port 7 cli 35851819)
Mon Feb 24 10:50:27 2003 : Auth: Login OK: [helno] (from client XXX port 3)
Mon Feb 24 10:50:36 2003 : Auth: Login OK: [bredahl] (from client XXX port 28 cli 
59442154)
Mon Feb 24 10:51:21 2003 : Auth: Login OK: [schulz] (from client XXX port 23 cli 
46367966)
Mon Feb 24 10:52:26 2003 : Auth: Login OK: [ues] (from client XXX port 20013 cli 
46341822)
Mon Feb 24 10:53:27 2003 : Auth: Login incorrect (rlm_ldap: User not found): 
[WhistleBlower] (from client YYY port 1)
Mon Feb 24 10:53:47 2003 : Auth: Login incorrect (rlm_ldap: User not found): 
[WhistleBlower] (from client YYY port 1)
Mon Feb 24 10:54:07 2003 : Auth: Login incorrect (rlm_ldap: User not found): 
[WhistleBlower] (from client YYY port 1)
Mon Feb 24 10:54:07 2003 : Auth: Login OK: [ues] (from client XXX port 20006 cli 
46341822)
Mon Feb 24 10:54:47 2003 : Auth: Login OK: [ncje] (from client XXX port 30 cli 
35851819)
Mon Feb 24 10:55:04 2003 : Auth: Login OK: [ewt] (from client XXX port 8 cli 44482075)
-- end log --

Client YYY is correctly defined in the clients file...

I thought by doing so I would avoid the WhistleBlower to be authenticated by our LDAP 
server...
Any idea what goes wrong or what I could have misunderstood?

clients file is organized as:
1. WhistleBlower user
2. Local users
3. DEFAULT LDAP authentication
 
Regards,
David
___
David De Maeyer
Roskilde University Center
Computer Science Department
Box 260, Hus 42.1
4000 Roskilde
Denmark
voice (+45) 46 74 38 29 fax (+45) 46 74 30 72





- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

zombies in non-threaded, single-server mode

2003-02-24 Thread Josh Howlett 
Regarding:



I can confirm that this fix works.

josh.

-- 
---
Josh Howlett, Networking & Digital Communications,
Information Systems & Computing, University of Bristol, U.K.
'phone: 0117 928 7850 email: [EMAIL PROTECTED]

---


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

FreeRadius and WinXP

2003-02-24 Thread Manuel Sánchez Cuenca 



Hello, I'm using hostap as access point, WinXP as 
client and FreeRadius as Authenticator. 
 
* radiusd.conf:
 
...
 
authorize 
{    
#    #  The preprocess module 
takes care of sanitizing some 
bizarre    #  attributes in the 
request, and turning them into 
attributes    #  which are more 
standard.    
#    #  It takes care of 
processing the 'raddb/hints' and 
the    #  'raddb/huntgroups' 
files.    
#    #  It also adds a 
Client-IP-Address attribute to the 
request.    preprocess
 
    
#    #  The chap module will set 
'Auth-Type := CHAP' if we are    
#  handling a CHAP request and Auth-Type has not already been 
set    chap
 
    #  
If the users are logging in with an 
MS-CHAP-Challenge    #  
attribute for authentication, the mschap module will 
find    #  the MS-CHAP-Challenge 
attribute, and add 'Auth-Type := 
MS-CHAP'    #  to the request, 
which will cause the server to then 
use    #  the mschap module for 
authentication.    
mschap
 
#   
counter#   
attr_filter#   
eap    
suffix    
files    
eap#   etc_smbpasswd
 
# The ldap module will set Auth-Type to LDAP if 
it has not already been set#   
ldap}
...
 
* users
 
lolo    Auth-Type := EAP, 
User-Password == "mellon"    
Reply-Message = "Hola, lolo"
 
...
 
When I try to connect with WinXP with user = lolo 
and password = mellon, FreeRadius show this:
 
rad_recv: Access-Request packet from host 
127.0.0.1:1025, id=0, length=149    
User-Name = "lolo"    NAS-IP-Address 
= 127.0.0.1    NAS-Port = 
1    Called-Station-Id = 
"00-40-05-AE-D7-65:lolored"    
Calling-Station-Id = 
"00-80-C8-B1-81-77"    Framed-MTU = 
2304    NAS-Port-Type = 
Wireless-802.11    Connect-Info = 
"CONNECT 11Mbps 802.11b"    
EAP-Message = 
"\002\001\000\t\001lolo"    
Message-Authenticator = 0x9f35bda34ad440392dbdb8bf139eb823modcall: entering 
group authorize  modcall[authorize]: module "preprocess" returns 
okrlm_chap: Could not find proper Chap-Password attribute in 
request  modcall[authorize]: module "chap" returns noop  
modcall[authorize]: module "mschap" returns notfound    
rlm_realm: No '@' in User-Name = "lolo", looking up 
realm NULL    rlm_realm: No such realm NULL  
modcall[authorize]: module "suffix" returns noop    users: 
Matched lolo at 1  modcall[authorize]: module "files" returns 
ok  modcall[authorize]: module "eap" returns updatedmodcall: group 
authorize returns updated  rad_check_password:  Found Auth-Type 
EAPauth: type "EAP"auth: Failed to validate the user.Delaying 
request 0 for 1 secondsFinished request 0Going to the next 
request--- Walking the entire request list ---Waking up in 1 
seconds...--- Walking the entire request list ---Waking up in 1 
seconds...--- Walking the entire request list ---Sending Access-Reject 
of id 0 to 127.0.0.1:1025    
Reply-Message = "Hola, lolo"Waking up in 4 seconds...--- Walking the 
entire request list ---Cleaning up request 0 ID 0 with timestamp 
3e59e8b5
 
 
 
Why I can autenticate with 
WinXP???

Re: EAP-TLS single authentication

2003-02-24 Thread Artur Hecker 
if i understand correctly, you only want to authenticate the
network-side but not the client side. 

i don't think that is possible for the simple reason: in 802.1X in some
cases it would result in no authentication at all. client can not be
forced to verify presented server certificate (as you know you have an
option in windows XP not to check the server). so, supposed that the
client doesn't check the network and using your option not to identify
the client neither, you do not verify anybody's identity.

anyway, this EAP stuff in 802.1X or PPP is all about network access
control, i.e. the network tries to verify who accesses it. if you look
at things like EAP/MD5 and EAP/OTP you will see that all these first
ideas are not mutual (in the sense that the client doesn't know
anything, but the network is sure whom it is serving - or at least
debiting).

so EAP/TLS was initially meant for the same thing. you can deactivate
the authentication of the network but i don't think you can deactivate
the auth of the client.

what you need is something like EAP/TTLS or EAP/PEAP, i think...


ciao
artur




wu zhen wrote:
> 
> HI, All
> 
> I know that FreeRadius could support EAP-TLS, which support mutual
> authentication. I have tried it successfully with XP client.
> 
> My question is whether we could make some configurations to FreeRadius
> so that TLS only carry out unilateral authentication, not mutual
> authentication (such as: client authenticate server certificate). As I
> know, the EAP-TLS specification has an option to do that.
> 
> Wu Zhen
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-- 
Artur Hecker
artur[at]hecker.info

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

EAP-TLS single authentication

2003-02-24 Thread wu zhen 
HI, All

I know that FreeRadius could support EAP-TLS, which support mutual
authentication. I have tried it successfully with XP client.

My question is whether we could make some configurations to FreeRadius
so that TLS only carry out unilateral authentication, not mutual
authentication (such as: client authenticate server certificate). As I
know, the EAP-TLS specification has an option to do that.

Wu Zhen


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: acct_users mysql

2003-02-24 Thread Ossama Suleiman 






Kostas Kalevras wrote:

  On Sun, 23 Feb 2003, Ossama Suleiman wrote:

  
  
hi all,

is it possible to use groups created in mysql and associate them
with acct_users file??

assume i have group "test" and want to execute a program using
"acct_users" when i receive a stop packet Exec-Program = "*/test.sh"

what should be the syntax if it is possible??

the man pages say it should look like the users file:

DEFAULTGroup == "test", Acct-Status-Type == "Stop"
Exec-Program = "*/test.sh"

any help??
anyone succeeded in running acct_users with mysql groups??

  
  
Use the Sql-Group attribute instead of Group

Thanks for your help, working just fine :)

  
I am not so sure though about the * in Exec-Program

Sorry for the confusion about *, i didn't mean too, i was too lazy to
write: Exec-Program = "usr/local/etc/raddb/test.sh"
i am sorry for that

  

  
  
thanks for your help
Ossama


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


  
  
--
Kostas Kalevras		Network Operations Center
[EMAIL PROTECTED]	National Technical University of Athens, Greece
Work Phone:		+30 210 7721861
'Go back to the shadow'	Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


  





- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

running freeradius on mips platform

2003-02-24 Thread jeffery 
Dear all,
  I have successed crosscompile freeradius into mipsel-linux. But I got a
strange situation. That is, all debug messages are short in one line. And the
finally message is:
,@[EMAIL PROTECTED]  /lib/ld.so.10@((0hhHH@@H@@[EMAIL PROTECTED] ([EMAIL PROTECTED]@@(@
./radiusd: 1: Syntax error: "(" unexpected
all the other messages before line 1 are be replaced. Does anyone get the
error like this? Please help me! 


ps.I have try to redirect the messages into files and upload to my host to check.
But the file look like binary code. :(

--
Regard,
Jeffery Huang
:)
[EMAIL PROTECTED]@4ELF44 ([EMAIL 
PROTECTED]@[EMAIL PROTECTED]@4ELF4 ([EMAIL PROTECTED]@[EMAIL PROTECTED]@@[EMAIL 
PROTECTED] ([EMAIL PROTECTED]@[EMAIL PROTECTED]@4ELF4 ([EMAIL PROTECTED]@ [EMAIL 
PROTECTED]@4ELF4 ([EMAIL PROTECTED]@[EMAIL PROTECTED]@4ELF4 ([EMAIL PROTECTED]@[EMAIL 
PROTECTED]@[EMAIL PROTECTED] ([EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED] 
([EMAIL PROTECTED]@ [EMAIL PROTECTED]@4ELF4 ([EMAIL PROTECTED]@ 
@@@[EMAIL PROTECTED] ([EMAIL 
PROTECTED]@[EMAIL PROTECTED] 
([EMAIL PROTECTED]@[EMAIL PROTECTED]@@[EMAIL PROTECTED] ([EMAIL 
PROTECTED]@hh@@h@@[EMAIL 
PROTECTED] ([EMAIL 
PROTECTED]@hhh@@h@@[EMAIL
 PROTECTED] ([EMAIL 
PROTECTED]@hhhh@@h@@[EMAIL
 PROTECTED] ([EMAIL 
PROTECTED]@h@@h@@[EMAIL
 PROTECTED] ([EMAIL PROTECTED]@[EMAIL PROTECTED]@@h@@[EMAIL PROTECTED] ([EMAIL 
PROTECTED]@[EMAIL PROTECTED]@@h@@[EMAIL PROTECTED] ([EMAIL 
PROTECTED]@h@@h@@h@@[EMAIL
 PROTECTED] ([EMAIL 
PROTECTED]@@(@h@@h@@[EMAIL
 PROTECTED] ([EMAIL 
PROTECTED]@((@h@@h@@[EMAIL
 PROTECTED] ([EMAIL 
PROTECTED]@(h@@h@@[EMAIL
 PROTECTED] ([EMAIL PROTECTED]@ @@h@@[EMAIL PROTECTED] 
([EMAIL PROTECTED]@ 0@@h@@[EMAIL PROTECTED] ([EMAIL 
PROTECTED]@00@((0@@h@@[EMAIL
 PROTECTED] ([EMAIL PROTECTED]@[EMAIL PROTECTED]@((0@@h@@[EMAIL PROTECTED] ([EMAIL 
PROTECTED]@[EMAIL PROTECTED]@((0@@h@@[EMAIL PROTECTED] ([EMAIL 
PROTECTED]@0@@00@((0@@h@@[EMAIL
 PROTECTED] ([EMAIL 
PROTECTED]@@
 @00@((0@@h@@[EMAIL PROTECTED] ([EMAIL 
PROTECTED]@
  @00@((0@@h@@[EMAIL PROTECTED] ([EMAIL 
PROTECTED]@
 00@((0@@h@@[EMAIL PROTECTED] ([EMAIL PROTECTED]@ 
/00@((0@@h@@[EMAIL PROTECTED] ([EMAIL 
PROTECTED]@/l00@((0@@h@@[EMAIL
 PROTECTED] ([EMAIL 
PROTECTED]@li00@((0@@h@@[EMAIL
 PROTECTED] ([EMAIL 
PROTECTED]@ib00@((0@@h@@[EMAIL
 PROTECTED] ([EMAIL 
PROTECTED]@b/00@((0@@h@@[EMAIL
 PROTECTED] ([EMAIL 
PROTECTED]@/l00@((0@@h@@[EMAIL
 PROTECTED] ([EMAIL 
PROTECTED]@ld00@((0@@h@@[EMAIL
 PROTECTED] ([EMAIL 
PROTECTED]@d.00@((0@@h@@[EMAIL
 PROTECTED] ([EMAIL 
PROTECTED]@.s00@((0@@h@@[EMAIL
 PROTECTED] ([EMAIL 
PROTECTED]@so00@((0@@h@@[EMAIL
 PROTECTED] ([EMAIL 
PROTECTED]@o.00@((0@@h@@[EMAIL