sql counter problem
I try to use this module but the debug wirte: rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns ok rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module noresetcounter returns noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module dailycounter returns noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module monthlycounter returns noop modcall: group authorize returns ok What does it means : rlm_sqlcounter: Could not find Check item value pair I have had the same problem with counter. TEB! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Ignoring attributes from remote RADIUS server
Anybody? I must stupid or blind (or maybe even both) since this sounds trivial and I can't figure this out! --- Sepp Rudel [EMAIL PROTECTED] wrote: I'm probably missing something very obvious since I can't figure out the following: I've set up roaming/proxying scene where NAS sends Access-Request to RADIUS server A. Server A proxies the Access-Request to server B. If B returns Access-Accept, it also returns a bunch of attributes, which I'd like to get rid of. How this can be done? (i.e., NAS gets only Access-Accept and perhaps some attributes added in A's users file DEFAULT section.) (Attributes from B can contain some VSAs which I'm not currently aware, so disabling each attribute is not a valid option.) __ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com __ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: RADIUS + LDAP + TLS
Hiya, When you built rlm_ldap, you needed some sort of LDAP library for it. Usually, this is OpenLDAP. If you used something else, I'm not sure what to tell you. In my case, I built FreeRadius and the rlm_ldap module at the same time. I don't know what you did. I didn't install a certificate on the RADIUS server. I used an existing LDAP server run by IT which has a self-signed certificate on it. I don't know how they installed the certificate, and that would depend on the LDAP server in use anyway. As to validation, I haven't been able to get them to validate because FreeRadius is rejecting the self-signed certificate from the LDAP server. I've compiled FreeRadius and rlm_ldap, without installing any LDAP package (like OpenLDAP), I've only untar FreeRadius, then ./configure, and make. But I suppose that it has LDAP support, because I've been able to authenticate users using LDAP. On RADIUS server I haven't install any certificate, I don't know how. I've configured my RADIUS server in order to use LDAP as authentication database and I det to yes start_tls and tls_mode. I got the impression from your original email that you had the LDAP server already working with LDAPs. If that's not the case, you first need to get a working LDAPs server (LDAP over SSL). This is not something I can help you with. Yes, I've got an LDAPs (LDAP over SSL) server working. But I'm not able to contact it from RADIUS. If I try to contact to LDAPs server from Outlook (for example) I need to install my CA certificate, to validate authentication of LDAPs. Dous RADIUS need some similar? Once that is done, getting RADIUS to be another client of that LDAPs server should simply be a matter of changing the port number in the radiusd.conf from what was working with the LDAP server. I've do it, but i get an error could not start TLS protocol. See my log. Maybe I'm forgetting something. I've saw some TLS parameters in EAP section of radiusd.conf, but I haven't used it... Is it ok? rad_recv: Access-Request packet from host 127.0.0.1:32792, id=101, length=60 User-Name = test User-Password = 1234567890 NAS-IP-Address = 255.255.255.255 NAS-Port = 1 rad_lowerpair: User-Name now 'test' rad_lowerpair: User-Password now '1234567890' modcall: entering group authorize rlm_ldap: - authorize rlm_ldap: performing user authorization for test radius_xlat: '(uid=test)' radius_xlat: 'o=Prova' ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to ldap.server.mycompany.es:636, authentication 0 rlm_ldap: setting TLS mode to 1 rlm_ldap: starting TLS rlm_ldap: ldap_start_tls_s() rlm_ldap: could not start TLS Protocol error rlm_ldap: (re)connection attempt failed rlm_ldap: search failed ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns fail modcall: group authorize returns fail There was no response configured: rejecting request 0 Server rejecting request 0. Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 101 to 127.0.0.1:32792 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 101 with timestamp 3ef0694c Nothing to do. Sleeping until we see a request. __ Paco Orozco ([EMAIL PROTECTED]) Divisió de Telecomunicacions UPCNet Edifici Vèrtex - Pl. Eusebi Güell, 6 Telèfon centraleta: 93.40.11600 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Ignoring attributes from remote RADIUS server
Sepp Rudel wrote: Anybody? I must stupid or blind (or maybe even both) since this sounds trivial and I can't figure this out! --- Sepp Rudel [EMAIL PROTECTED] wrote: I'm probably missing something very obvious since I can't figure out the following: I've set up roaming/proxying scene where NAS sends Access-Request to RADIUS server A. Server A proxies the Access-Request to server B. If B returns Access-Accept, it also returns a bunch of attributes, which I'd like to get rid of. How this can be done? (i.e., NAS gets only Access-Accept and perhaps some attributes added in A's users file DEFAULT section.) (Attributes from B can contain some VSAs which I'm not currently aware, so disabling each attribute is not a valid option.) __ Look at rlm_attr_filter, (docs/rlm_attr_filter). It was designed precisely for this. Eddie - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Using FreeRadius to authenticate to a Cisco 350AP - has anyone done it?
Hello Everyone, I have several wireless Cisco 350 AP's in service, can FreeRadius be used to authenticate my users with Cisco LEAP? I have upgraded my flash to the latest Cisco 12.02T I just cant seem to figure out how to do it. I also want to use MySQL as my user DB so I can create,edit or delete users from a web interface. Has anyone done this yet. I am a newbie here so please be patient??? Thanks in advance. Ron Simpson, Central Valley Internet eXchage
Max-Daily-Session attribute
I use the sqlcounter module.When I use Max-All-Session all work fine.But if I try to use Max-Daily-Session this become Session-Timeout and the module dailyconunter don't work,because the counter in debug is = 0. rlm_sqlcounter: (Check item - counter) is greater than zero rlm_sqlcounter: Authorized user , check_item=30, counter=0 rlm_sqlcounter: Sent Reply-Item for user , Type=Session-Timeout, value=30 modcall[authorize]: module dailycounter returns ok TEB! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
test
Regards Gary Barnden. Attention: The information contained in this message and or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: simple radius+perl setup (i cannot)
On _2003-06-18 at 23:37, [EMAIL PROTECTED] wrote: I try to do a veeery simple radius+perl setup Im running that issue for 2 days (each time i fix a small step) but now im stuck in one point... --DEBUG- Module: Loaded perl perl: cmd = (null) perl: persistent = (null) Segmentation fault Please use rlm_perl from cvs since it have been updated and changed. Check the latest patches from http://redguy.orbitel.bg/~alien/ -- Best Regards, Boian Jordanov SNE Orbitel - the Internet Company tel. +359 2 937 07 23 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
huntgroups in users file
Hi All, I am stuck at a point while configuring FreeRadius 0.8.1 for a pool of NAS's and annex's. I want to give a group of admin users such ip's that they are above 10.0.0.100 and won't be affected by simultaneous-use parameter. My users and huntgroups file are below (ip's are changed) users: --- DEFAULT Huntgroup-Name==admin, Auth-Type :=System User-Service-Type = NAS-Prompt-User, Framed-IP-Address = 10.0.0.100+, DEFAULT Auth-Type :=System, BSimultaneous-Use:=1 User-Service-Type = NAS-Prompt-User, Framed-IP-Address = 10.0.0.1+ huntgroups: --- admin NAS-IP-Address == A.B.C.D User-Name = gunce, User-Name = gciftci However, when a user, other than gunce and gciftci logs in to A.B.C.D, (ahmet logs in) radiusd -X says and gives 10.0.0.100+ .. modcall: entering group authorize modcall[authorize]: module preprocess returns ok huntgroups: Matched admin at 2 users: Matched DEFAULT at 1 modcall[authorize]: module files returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type System auth: type System modcall: entering group authenticate modcall[authenticate]: module unix returns ok modcall: group authenticate returns ok Login OK: [ahmet] (from client ras port 32 cli [03334445566) Sending Access-Accept of id 149 to A.B.C.D:4504 User-Service-Type = NAS-Prompt-User Framed-IP-Address = 10.0.0.100+ Finished request 2 .. I could not figure out what is the wrong thing, could anybody point me please? Is it related with my understanding of huntgroups or users file? Regards, - Gunce - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP/TTLS authentication
Hi all, i'm searching for a way to authenticate some wireless users via TTLS (for this is the only auth method allowed by these particular supplicants). Looking thru freeradius i'm not able to find out anything about it. Can anyone confirm about that? In this case, what I could use for this task? This must run on a linux RH 7.3, and the number of clients it has to manage does not justify the acquisition of a licenced server like aegis. So, something not free could be considered, but it must not cost too much... ;-) Thanks... -- Emanuele Balla aka Skull - Public Key #661E5CBF on www.keyserver.com +--+ And 1.1.81 is officially BugFree(tm), so if you receive any bug-reports on it, you know they are just evil lies. (By Linus Torvalds) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/TLS Setup problem
Hi Umesh, I am trying to install a freeradius/EAP-TLS athentification for my wireless network (DWL 1000 AP +) by following the instructions at http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm, but I don't manage to create correctly the certificate ... (I use openssl-0.9.7b) How do you manage to do it ? Thanks a lot for your help, Best regards, Jean-Guillaume - Original Message - From: Umesh [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, June 10, 2003 8:54 AM Subject: EAP/TLS Setup problem Hi All, I am new to FreeRadius. I am trying to setup EAP/TLS authentication. I have installed OpenSSL-0.9.7b and FreeRadius 0.8.1. I followed the instructions at http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm, but when I run radiusd -x -A, an error occurs - Unknown value EAP. (I have set Auth-Type=EAP in /etc/raddb/users) Any help would be appreciated. Regards, Umesh - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
USRHYPER thru accounting into a tizzy
Gentlemen, Accounting is going to Postgres. Rebooted a hyper and radius was showing Thu Jun 19 04:48:09 2003 : Error: rlm_sql (sql): Couldn't update SQL accounting for Acct On/Off packet - ERROR: parser: parse error at or near '2003-06-19 04:48:09' at character 102 In the radius.log. To clear the errors I shutdown the sql accounting and went to detail. Below is the record that showed up in the detail file. Thu Jun 19 07:57:10 2003 Acct-Status-Type = Accounting-On USR-Acct-Reason-Code = 0 Acct-Delay-Time = 48840 Acct-Session-Id = This is an Accounting ON message NAS-IP-Address = 12.163.67.22 Timestamp = 1056023830 I hope that I have included enough information. Jeff _ How many firemen does it take to change a light bulb? Four. One to change the bulb and 3 to chop a hole in the roof. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
offer about rad_malloc. (bugs in rlm_passwd)
Today i have tried to define why rlm_passwd make segmentation fault. there are bug in allocation hash-table for pointers . There no memset after allocations. so all pointers are garbage. There are another unknown bugs in rlm_passwd. I don't know where. Tomorrow i'll find it. But today i offer to change rad_malloc. Adding line memset(ptr, 0, size); before return ptr; in function rad_malloc() is good, IMHO. It's make code more secure. If no, say why. Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dbm to gdbm conversion
Hi, I working with Linux Mandrake 9.0 and I try of installing RADIUS services with EAP authentification, I have compilation problems with the function rlm_dbm_parser.c that referencies gdbm.h and/or dbm.h When I installed gdbm-1.8.0, the dbm.h and gdbm.h was created into the directory /usr/local/include. You can see the resultat of compilation: - begin compilation - /usr/src/802/radius/radiusd/libtool --mode=link gcc rlm_dbm_parser.o ../../lib/libradius.a -lnsl -lresolv -lpthread -lpthread -o rlm_dbm_parser gcc rlm_dbm_parser.o -o rlm_dbm_parser ../../lib/libradius.a -lnsl -lresolv -lpthread -lpthread rlm_dbm_parser.o: In function `open_storage': /usr/src/802/radius/radiusd/src/modules/rlm_dbm/rlm_dbm_parser.c:101: undefined reference to `dbm_open' rlm_dbm_parser.o: In function `close_storage': /usr/src/802/radius/radiusd/src/modules/rlm_dbm/rlm_dbm_parser.c:109: undefined reference to `dbm_close' rlm_dbm_parser.o: In function `storecontent': /usr/src/802/radius/radiusd/src/modules/rlm_dbm/rlm_dbm_parser.c:163: undefined reference to `dbm_store' /usr/src/802/radius/radiusd/src/modules/rlm_dbm/rlm_dbm_parser.c:168: undefined reference to `dbm_store' collect2: ld returned 1 exit status make: *** [rlm_dbm_parser] Erreur 1 end compilation The problem is the conflit between dbm.h and ndbm.h I was modified ndbm.h by dbm.h, but i have more errors. There is the conv2gdbm utility... but what is the file to modify?? dbm.h? rlm_dbm_parser.c? Herewith you have the original rlm_dbm_parser.c file. If you can help me, i will be thankful with you. Best Regards. Octavio RAMIREZ ROJAS Université de Versailles de Saint Quentin-en-Yvelines 45, Avenue des Etats-Unis 78035, Versailles Cedex France /* * rlm_dbm_parser.c :Create dbm file from plain text * * Version: $Id: rlm_dbm_parser.c,v 1.6 2002/10/15 14:51:18 aland Exp $ * * This program is is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License, version 2 if the * License as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * Copyright 2001 Koulik Andrei, Sandy Service */ char sccsid[] = $Id: rlm_dbm_parser.c,v 1.6 2002/10/15 14:51:18 aland Exp $ sandy module project\n Copyright 2001 Sandy Service\nCopyright 2001 Koulik Andrei; #include autoconf.h #include fcntl.h #include stdlib.h #ifdef HAVE_NDBM_H #include ndbm.h #endif #ifdef HAVE_GDBM_NDBM_H #include gdbm/ndbm.h #endif #ifdef HAVE_GDBMNDBM_H #include gdbm-ndbm.h #endif #include stdio.h #include ctype.h #include string.h #include conf.h #include radpaths.h #include missing.h #include radiusd.h #define MAX_BUFF_SIZE 1024 #define DOUT1 if( librad_debug 0 ) printf #define DOUT2 if( librad_debug 5 ) printf typedef enum sm_parse_state_t { SMP_INVALID = 0, SMP_USER, SMP_PATTERN, SMP_ACTION, SMP_PATTERN_OR_USER } sm_parse_state_t; const char * progname; unsigned long st_errors = 0, st_warns = 0, st_lines = 0, st_users = 0, st_skiped = 0, st_loaded = 0; /* test int dumplist(VALUE_PAIR *vp) { while (vp != NULL) { printf(VP: name: %s\nattribute: %d\ntype: %d\nlvalue: %lu \noperator %d\naddport: %d\nValue: %s\n, vp - name, vp - attribute, vp - type, vp - lvalue, vp - operator, vp - addport, (char*)vp - strvalue); vp = vp - next; } return 0; } */ char content[4096]; int concntr = 0; int oflags = O_RDWR | O_CREAT; DBM * pdb = NULL; static int open_storage(const char * fname) { if ( (pdb = dbm_open(fname, oflags, 0600 )) == NULL ) { perror(Couldn't open database); return 1; } return 0; } static void close_storage(void){ dbm_close(pdb); } static int addlinetocontent(VALUE_PAIR *vp) { int outlen = sizeof(content) - concntr - 1; int lendiv; if ( outlen 4 ) return -1; if ( vp == NULL ) { /* add empty line */ content[concntr++] = '\n'; content[concntr] = '\0'; } else { while ( vp != NULL ){ lendiv = vp_prints(content[concntr],outlen,vp); if ( lendiv 0 ) { outlen -= lendiv; if (outlen 3) { strcat(content,, ); concntr += lendiv + 2; outlen -= 2; } else { concntr = 0; return -1; } } vp = vp - next; } if ( concntr 2 ) { /* remove trailing ',' */ content[--concntr] = '\0'; content[concntr - 1] = '\n'; } } return 0; } static int storecontent (const char * username) { datum d,k; int res; if ( pdb == NULL || concntr 3 ) return 1; DOUT2(store:\n%s\ncontent:\n%s,username,content); d.dptr = content; d.dsize = concntr + 1; k.dptr = username; k.dsize = strlen(username) + 1; res = dbm_store(pdb, k, d, DBM_INSERT); if ( res == 1 ) dbm_store(pdb, k, d, DBM_REPLACE); if ( res 0 ) {
Re: dbm to gdbm conversion
It seems you are not including the dinamic link libraries to compile... Something like -ldbm at the compilation time Regards - Original Message - From: Octavio Ramirez Rojas [EMAIL PROTECTED] Date: Thursday, June 19, 2003 10:40 am Subject: dbm to gdbm conversion Hi, I working with Linux Mandrake 9.0 and I try of installing RADIUS services with EAP authentification, I have compilation problems with the function rlm_dbm_parser.c that referencies gdbm.h and/or dbm.h When I installed gdbm-1.8.0, the dbm.h and gdbm.h was created into the directory /usr/local/include. You can see the resultat of compilation: - begin compilation - /usr/src/802/radius/radiusd/libtool --mode=link gcc rlm_dbm_parser.o ../../lib/libradius.a -lnsl -lresolv -lpthread -lpthread -o rlm_dbm_parser gcc rlm_dbm_parser.o -o rlm_dbm_parser ../../lib/libradius.a -lnsl -lresolv -lpthread -lpthread rlm_dbm_parser.o: In function `open_storage': /usr/src/802/radius/radiusd/src/modules/rlm_dbm/rlm_dbm_parser.c:101: undefined reference to `dbm_open' rlm_dbm_parser.o: In function `close_storage': /usr/src/802/radius/radiusd/src/modules/rlm_dbm/rlm_dbm_parser.c:109: undefined reference to `dbm_close' rlm_dbm_parser.o: In function `storecontent': /usr/src/802/radius/radiusd/src/modules/rlm_dbm/rlm_dbm_parser.c:163: undefined reference to `dbm_store' /usr/src/802/radius/radiusd/src/modules/rlm_dbm/rlm_dbm_parser.c:168: undefined reference to `dbm_store' collect2: ld returned 1 exit status make: *** [rlm_dbm_parser] Erreur 1 end compilation The problem is the conflit between dbm.h and ndbm.h I was modified ndbm.h by dbm.h, but i have more errors. There is the conv2gdbm utility... but what is the file to modify?? dbm.h? rlm_dbm_parser.c? Herewith you have the original rlm_dbm_parser.c file. If you can help me, i will be thankful with you. Best Regards. Octavio RAMIREZ ROJAS Universit de Versailles de Saint Quentin-en-Yvelines 45, Avenue des Etats-Unis 78035, Versailles Cedex France - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius does not try to register with SMUX- REPOSTED
It looks like your freeradius isn't compiled with snmp support, although you specified it. The only way of *not* getting the SMUX messages in debug mode was to compile freeradius again with --enable-snmp=no. Please double check that snmp support was compiled. Since it's default, you dont have to specify the --enable-snmp feature. Chris On Wed, 2003-06-18 at 23:06, Yousef Jamous wrote: Sorry for the previous posting, it was with some HTML lines. I'm trying to use net-snmp V5.0.8 to get information from my free-radius server (V 0.8.1). I did the following: Compiled radius server with --enable-snmp option net-snmp was compiled with SMUX option module Radius MIBS are accessible by the snmpd In the radius snmp.cof file I put: smux_password = secretpassword snmp_write_access = no snmpd.conf contains the line smuxpeer .1.3.6.1.4.1.3317.1.3.1 secretpassword When I run the command: snmpd -f -a -V -L -Dsmux smux_init: [smux_init] done; smux listen sd is 8, smux port is 199 smux_conf: parsing registration for: 1.3.6.1.4.1.3317.1.3.1 secretpassword NET-SNMP version 5.0.8 When I launch radiusd using radiusd -xxx, I see the logs, I do not see an entry showing that the radiusd has connected to the SMUX. My log file looks something like: Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /usr/local/var main: logdir = /usr/local/var/log/radius main: libdir = /usr/local/lib main: radacctdir = /usr/local/var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /usr/local/var/log/radius/radius.log main: log_auth = yes main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /usr/local/var/run/radiusd/radiusd.pid main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: servers_per_realm = 15 security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: ignore_password = no mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: passwd = (null) mschap: authtype = MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = (null) unix: shadow = (null) unix: group = (null) unix: radwtmp = /usr/local/var/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded preprocess preprocess: huntgroups = /usr/local/etc/raddb/huntgroups preprocess: hints = /usr/local/etc/raddb/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = suffix realm: delimiter = @ Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = /usr/local/etc/raddb/users files: acctusersfile = /usr/local/etc/raddb/acct_users files: preproxy_usersfile = /usr/local/etc/raddb/preproxy_users files: compat = no Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = User-Name, Acct-Session-Id, NAS-IP-Address, Client-I= P-Address, NAS-Port-Id Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = /usr/local/var/log/radius/radacct/%{Client-IP-Addr= ess}/detail-%Y%m%d detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = /usr/local/var/log/radius/radutmp radutmp: username = %{User-Name} radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated
radacct problem
Hi I have problem to report Framed-IP-address value in the mysql table radacct.in fact as I can see any attributes passed except the client assigned IP. I configure radius using the Scott Bartlett Freeradius and MYSQL How To... It works great but there no way to display the Attribute Framed-IP-Address, however if i display the file /usr/local/var/log/radius/radacct/radiusclientip/detail-datethe information is logged ! I hope someone who came across the problem before I did can help me... Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
All or any client access
I have a situation where I travel the country with a demo computer and it's IP address changes every day. To use my external AAA Freeradius server, I must call my office and have someone add the new IP address to the clients.conf file. Is there any way to use a wildcard in defining a client? Is it possible to allow ALL client requests? I tried: client *.com { secret = foo shortname = bar } to no avail. I also tried: client 0.0.0.0/24 { secret = foo shortname = bar } also, to no avail. Any help is greatly appreciated. Regards, Mark Gaither -- -- Mark Gaither| mark @ rocksteady . com Senior Software Engineer| ph: 512.275.0571 x 20 Rocksteady Networks, Inc. | fax: 512.275.0575 3410 Far West Blvd. Ste. 210| http://www.rocksteady.com/ Austin, TX 78731| -- Enabling Shared Networks. *Rocksteady solutions securely share wired and wireless networks.* - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Trying to debug rlm_ippool..
From: Jonathan Ruano Sent: Tuesday, 17 June 2003 10:04 PM I'm debugging rlm_ippool, trying to catch the bug that causes ips to disappear.. (CC'd to -devel since this is leading towards a patch from me... :-) I'm just having a look at it myself, and on first glance the mutex locking is too fine grained, protecting the GDBM file itself, but not the transactions being performed... Just looking at the code, I think Multilink PPP is broken too, since if we find an active==0 entry, we break out of the loop, even if searching further would discover the matching entry for Multilink PPP. My current thought is that the module would be better served by _one_ GDBM database, indexed by IP address. The current system of having (nas,port) index into the IP address list is (I think) supposed to save walking the entire database each check, but supporting MLPPP requires almost exactly that... thinks Maybe a DB indexed by IP address, and one indexed by CLI/NAS? thinks more Dunno, gonna need some more thought on that one, and see if we can avoid walking the whole DB on _all_ paths: Post-auth: DB Lock Stale NAS/Port: Lookup NAS,port; get old IP (If there _was_ a NAS,port entry... Deallocate:) Delete NAS,port; Lookup IP; get oldCLI Lookup oldCLI,NAS; decrement usage delete if usage == 0 Lookup IP; mark inactive if deleted from (CLI,NAS) Multilink PPP check:Lookup CLI,NAS; get current ML-PPP IP elseFind unallocated IP... == Longest walk!! Allocation: Lookup IP; record active, cli, NAS Create NAS,port; record IP Lookup CLI,NAS; increment usage or create entry DB unlock Accounting: DB lock Deallocation: Delete NAS,port; Lookup IP; get oldCLI Lookup oldCLI,NAS; decrement usage delete if usage == 0 Lookup IP; mark inactive if deleted from (CLI,NAS) DB unlock DBs: (cli,nas): ipaddr, usage (nas,port): ipaddr (ipaddr): cli, nas, active Where the (cli,nas) and (nas,port) tables are only containing active entries, and the (ipaddr) table never has entries removed. Entries are cleaned when either a stop-record for that NAS/port or an Auth record for that NAS/port are seen. Each NAS,port can only have one IP address. Each cli,NAS can have one IP address assigned to multiple ports Each IPadress can have one or zero CLI, NAS and be assigned to multiple ports Big locks aren't bad to my mind here, since we're not walking the entire table anyway, which would be a step up from the current code. In fact, only once do we need to walk rather than looking up by index... Which worries me that I've missed something. Hopefully this would make the next step easier (or at least possible) of altering the tables without having to delete and recreate them. At least _adding_ to the IP pool would be easier... Deleting has problems when the IPs to be deleted are in use... Maybe just skip 'em until _next_ restart. (And yes, I _am_ volunteering for this one... So I'd appreciate anyone banging on the ideas here and telling me in what way I've been stupid. Patch ETA is over the weekend) Anyway, to reanswer the originally asked question, first glance is that the mutexes need to be expanded to cover whole transactions (ie subtracting one from the usage marker in the data-ip DB) instead of the current query by query locking. It may not fix the problem you're seeing, but it _is_ a problem waiting to happen. And as far as I can see, that would unify the mutexes in rlm_ippool.c into a single mutex. -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] The Creation of the Universe was made possible by a grant from Texas Instruments. -- PBS - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: USRHYPER thru accounting into a tizzy
On Thu, 19 Jun 2003 at 08:24 (-0400), Jeff Sullivan wrote: JS Accounting is going to Postgres. Rebooted a hyper and radius was JS showing JS JS Thu Jun 19 04:48:09 2003 : Error: rlm_sql (sql): Couldn't update SQL JS accounting for Acct On/Off packet - ERROR: parser: parse error at or JS near '2003-06-19 04:48:09' at character 102 The accounting_onoff_query in postgresql.conf prior to is wrong and won't work. You can update to the latest CVS version which has a fix or just replace that query with the following: accounting_onoff_query = UPDATE ${acct_table1} SET AcctStopTime='%S', A cctSessionTime=date_part('epoch'::text, ('%S'::timestamp without time zone - Acc tStartTime::timestamp without time zone)), AcctTerminateCause='%{Acct-Terminate- Cause}', AcctStopDelay = %{Acct-Delay-Time:-0} WHERE AcctSessionTime=0 AND AcctS topTime IS NULL AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime = '%S' Michael -- Michael J. Hartwick, VE3SLQ [EMAIL PROTECTED] Hartwick Communications Consulting (519) 396-7719 Kincardine, ON, CA http://www.hartwick.com -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: All or any client access
Have you tried something like http://www.no-ip.com/ You can then use their dynamic update client to update your host name to reflect your new IP address. Then just add en entry to clients.conf similar to the following: client myhost.no-ip.com { secret = testing123 shortname = myhost } Rgrds, Alan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mark Gaither Sent: 19 June 2003 16:12 To: Freeradius Subject: All or any client access I have a situation where I travel the country with a demo computer and it's IP address changes every day. To use my external AAA Freeradius server, I must call my office and have someone add the new IP address to the clients.conf file. Is there any way to use a wildcard in defining a client? Is it possible to allow ALL client requests? I tried: client *.com { secret = foo shortname = bar } to no avail. I also tried: client 0.0.0.0/24 { secret = foo shortname = bar } also, to no avail. Any help is greatly appreciated. Regards, Mark Gaither -- -- Mark Gaither | mark @ rocksteady . com Senior Software Engineer | ph: 512.275.0571 x 20 Rocksteady Networks, Inc. | fax: 512.275.0575 3410 Far West Blvd. Ste. 210 | http://www.rocksteady.com/ Austin, TX 78731 | -- Enabling Shared Networks. *Rocksteady solutions securely share wired and wireless networks.* - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- This email, and any files transmitted with it, is copyright and may contain confidential information. The contents are intended for the use of the addressee(s) only. Unauthorized use may be unlawful. If you receive this email by mistake, please advise sender immediately. The views of the author may not necessarily constitute the views of Telco Electronics Limited. Nothing in this mail shall bind Telco Electronics Limited in any contract or obligation. Telco Electronics Limited 6-8 Oxford Court Brackley Northants NN13 7XY Tel 07000 701999 Fax 07000 701777 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: RADIUS + LDAP + TLS
I think there must have been some sort of LDAP library on the system where you built FreeRadius. I don't know about TLS. As I said, I was using SSL. I get a different error, telling me that it doesn't like the self-signed certificate. As to installing the CA certificate, that depends on the TLS/SSL library you are using and how it was built. Owen --On Thursday, June 19, 2003 9:18 AM +0200 Francisco Orozco/Upcnet [EMAIL PROTECTED] wrote: Hiya, When you built rlm_ldap, you needed some sort of LDAP library for it. Usually, this is OpenLDAP. If you used something else, I'm not sure what to tell you. In my case, I built FreeRadius and the rlm_ldap module at the same time. I don't know what you did. I didn't install a certificate on the RADIUS server. I used an existing LDAP server run by IT which has a self-signed certificate on it. I don't know how they installed the certificate, and that would depend on the LDAP server in use anyway. As to validation, I haven't been able to get them to validate because FreeRadius is rejecting the self-signed certificate from the LDAP server. I've compiled FreeRadius and rlm_ldap, without installing any LDAP package (like OpenLDAP), I've only untar FreeRadius, then ./configure, and make. But I suppose that it has LDAP support, because I've been able to authenticate users using LDAP. On RADIUS server I haven't install any certificate, I don't know how. I've configured my RADIUS server in order to use LDAP as authentication database and I det to yes start_tls and tls_mode. I got the impression from your original email that you had the LDAP server already working with LDAPs. If that's not the case, you first need to get a working LDAPs server (LDAP over SSL). This is not something I can help you with. Yes, I've got an LDAPs (LDAP over SSL) server working. But I'm not able to contact it from RADIUS. If I try to contact to LDAPs server from Outlook (for example) I need to install my CA certificate, to validate authentication of LDAPs. Dous RADIUS need some similar? Once that is done, getting RADIUS to be another client of that LDAPs server should simply be a matter of changing the port number in the radiusd.conf from what was working with the LDAP server. I've do it, but i get an error could not start TLS protocol. See my log. Maybe I'm forgetting something. I've saw some TLS parameters in EAP section of radiusd.conf, but I haven't used it... Is it ok? rad_recv: Access-Request packet from host 127.0.0.1:32792, id=101, length=60 User-Name = test User-Password = 1234567890 NAS-IP-Address = 255.255.255.255 NAS-Port = 1 rad_lowerpair: User-Name now 'test' rad_lowerpair: User-Password now '1234567890' modcall: entering group authorize rlm_ldap: - authorize rlm_ldap: performing user authorization for test radius_xlat: '(uid=test)' radius_xlat: 'o=Prova' ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to ldap.server.mycompany.es:636, authentication 0 rlm_ldap: setting TLS mode to 1 rlm_ldap: starting TLS rlm_ldap: ldap_start_tls_s() rlm_ldap: could not start TLS Protocol error rlm_ldap: (re)connection attempt failed rlm_ldap: search failed ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns fail modcall: group authorize returns fail There was no response configured: rejecting request 0 Server rejecting request 0. Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 101 to 127.0.0.1:32792 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 101 with timestamp 3ef0694c Nothing to do. Sleeping until we see a request. __ Paco Orozco ([EMAIL PROTECTED]) Divisió de Telecomunicacions UPCNet Edifici Vèrtex - Pl. Eusebi Güell, 6 Telèfon centraleta: 93.40.11600 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
how to use a wildcard in realm in proxy.conf
Hi, This is another simple config question I couldnt find the answer to. I need to add a realm entry in proxy .conf that would match all realms that end in owlan.org. That is, [EMAIL PROTECTED] would match for any xxx or yyy. I tried the usual wildcard characters but they didnt work, and I also tried naming the realm with only a leading dot, .owlan.org. Any ideas? Regards, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius does not try to register with SMUX- REPOSTED
Thanks Chris for your advice. As I mentioned in my e-mail, I specified the option to compile with snmp. What can cause not compiling with SNMP though I specified that? Could it be a bug in the version I'm using (I'm using the latest version). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris van Meerendonk Sent: June 19, 2003 6:12 PM To: [EMAIL PROTECTED] Subject: Re: Radius does not try to register with SMUX- REPOSTED It looks like your freeradius isn't compiled with snmp support, although you specified it. The only way of *not* getting the SMUX messages in debug mode was to compile freeradius again with --enable-snmp=no. Please double check that snmp support was compiled. Since it's default, you dont have to specify the --enable-snmp feature. Chris On Wed, 2003-06-18 at 23:06, Yousef Jamous wrote: Sorry for the previous posting, it was with some HTML lines. I'm trying to use net-snmp V5.0.8 to get information from my free-radius server (V 0.8.1). I did the following: Compiled radius server with --enable-snmp option net-snmp was compiled with SMUX option module Radius MIBS are accessible by the snmpd In the radius snmp.cof file I put: smux_password = secretpassword snmp_write_access = no snmpd.conf contains the line smuxpeer .1.3.6.1.4.1.3317.1.3.1 secretpassword When I run the command: snmpd -f -a -V -L -Dsmux smux_init: [smux_init] done; smux listen sd is 8, smux port is 199 smux_conf: parsing registration for: 1.3.6.1.4.1.3317.1.3.1 secretpassword NET-SNMP version 5.0.8 When I launch radiusd using radiusd -xxx, I see the logs, I do not see an entry showing that the radiusd has connected to the SMUX. My log file looks something like: Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /usr/local/var main: logdir = /usr/local/var/log/radius main: libdir = /usr/local/lib main: radacctdir = /usr/local/var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /usr/local/var/log/radius/radius.log main: log_auth = yes main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /usr/local/var/run/radiusd/radiusd.pid main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: servers_per_realm = 15 security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: ignore_password = no mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: passwd = (null) mschap: authtype = MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = (null) unix: shadow = (null) unix: group = (null) unix: radwtmp = /usr/local/var/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded preprocess preprocess: huntgroups = /usr/local/etc/raddb/huntgroups preprocess: hints = /usr/local/etc/raddb/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = suffix realm: delimiter = @ Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = /usr/local/etc/raddb/users files: acctusersfile = /usr/local/etc/raddb/acct_users files: preproxy_usersfile = /usr/local/etc/raddb/preproxy_users files: compat = no Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = User-Name, Acct-Session-Id, NAS-IP-Address, Client-I= P-Address,
Re: Require Urgent Help
hi, First off get teh radius book from o'reilly. Next read all the documentation for installing and using freeradius. As for which linux, I use FreeBSD and it runs really well. If you are to use linux I would use Slackware. Key step, READ, READ, and read some more. FreeBSD is BSD, its not Linux. sorry, just really had to say that. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Require Urgent Help
FreeBSD is BSD, its not Linux. sorry, just really had to say that. alan Actually, Alan, I think FreeBSD users would be a little more insulted at the mere suggestion that they are at all similar to Linux ;-) It reminds me of the mug from ThinkGeek that was advertised as, My coffee is more genuine than your coffee... Don't ask... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Stop packet confirmation when in proxy mode - Feature Request
For the most part, I run my FR install in proxy mode. It has been seen that session stop packets are received by my FR, but on occasion, these stop packets are not received by the FR authentication endpoint due to network issues or possibly the FR endpoint experienced a hiccup. Would a feature request for this be in order? Has anyone else seen anything like this and if so, what did you do about it, ignore it? Thanks, Drew Flickema - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius does not try to register with SMUX- REPOSTED
From: Yousef Jamous Sent: Thursday, 19 June 2003 7:07 AM Sorry for the previous posting, it was with some HTML lines. I'm trying to use net-snmp V5.0.8 to get information from my free-radius server (V 0.8.1). I don't want to be patronising, but did you remember to set snmp = yes istead of snmp = no on the line above the $INCLUDE ${confdir}/snmp.conf? (Or elsewhere in your configuration, I guess...) It doesn't appear in your radiusd -X output... main: snmp = yes should be there somewhere. Apart from that, I can't see what else could be wrong. -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] The Creation of the Universe was made possible by a grant from Texas Instruments. -- PBS - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
CA_file ?
Hello, I would like to use 2 CA for authanticate with freeRadius and EAP-TLS! How must be the form the CA_file ?? I tried to concat my 2 root.pem files but freeradius didn't like that ! Can you help me ? Thanks Ben - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius does not try to register with SMUX- REPOSTED
Paul Can you please send me the lines before and after the $INCLUDE ${confdir}/snmp.conf to compare it with mine? Many thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul Hampson Sent: June 19, 2003 10:08 PM To: [EMAIL PROTECTED] Subject: RE: Radius does not try to register with SMUX- REPOSTED From: Yousef Jamous Sent: Thursday, 19 June 2003 7:07 AM Sorry for the previous posting, it was with some HTML lines. I'm trying to use net-snmp V5.0.8 to get information from my free-radius server (V 0.8.1). I don't want to be patronising, but did you remember to set snmp = yes istead of snmp = no on the line above the $INCLUDE ${confdir}/snmp.conf? (Or elsewhere in your configuration, I guess...) It doesn't appear in your radiusd -X output... main: snmp = yes should be there somewhere. Apart from that, I can't see what else could be wrong. -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] The Creation of the Universe was made possible by a grant from Texas Instruments. -- PBS - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Your site
I apologize for this imposition and hope you don't mind my dropping you an email just to see if you might be interested having your web site revamped or a new one created. We specialize in web design, web marketing and building sites that will catch browser's attention to ensure relevant traffic and responses. Thank you, Samuel Lias [EMAIL PROTECTED] www.cyberlinktechnologies.com phone 1(888)977-4337 field: 1(425)802-2968 P.S. If you wish us to work on your site please attach the URL. A little about us: We are a company looking to get our name out as a leader in web, database development and other information technology services. We are inexpensive, our quality is superb, and you can watch the whole time, via the web, as we work on your web design or database. We hope that in return for great service and price that we can build a long-term relationship with you and do all your IT work as your business grows through our endeavors. We are a younger company that does not wish to bother you with emails. You will not receive another email from me in the future so please hold onto our contact info or email us to contact you at a later date if you wish for our services at another time. If you wish to not be contacted again and feel its necessary please reply and in the subject line type remove. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius does not try to register with SMUX- REPOSTED
On Thu, 2003-06-19 at 18:57, Yousef Jamous wrote: As I mentioned in my e-mail, I specified the option to compile with snmp. Yep, I read it. It seams --enable-snmp is equivalent to --enable-snmp=no. Since it's default, please don't specify it, or do it with --enable-snmp=yes. Chris What can cause not compiling with SNMP though I specified that? Could it be a bug in the version I'm using (I'm using the latest version). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris van Meerendonk Sent: June 19, 2003 6:12 PM To: [EMAIL PROTECTED] Subject: Re: Radius does not try to register with SMUX- REPOSTED It looks like your freeradius isn't compiled with snmp support, although you specified it. The only way of *not* getting the SMUX messages in debug mode was to compile freeradius again with --enable-snmp=no. Please double check that snmp support was compiled. Since it's default, you dont have to specify the --enable-snmp feature. Chris On Wed, 2003-06-18 at 23:06, Yousef Jamous wrote: Sorry for the previous posting, it was with some HTML lines. I'm trying to use net-snmp V5.0.8 to get information from my free-radius server (V 0.8.1). I did the following: Compiled radius server with --enable-snmp option net-snmp was compiled with SMUX option module Radius MIBS are accessible by the snmpd In the radius snmp.cof file I put: smux_password = secretpassword snmp_write_access = no snmpd.conf contains the line smuxpeer .1.3.6.1.4.1.3317.1.3.1 secretpassword When I run the command: snmpd -f -a -V -L -Dsmux smux_init: [smux_init] done; smux listen sd is 8, smux port is 199 smux_conf: parsing registration for: 1.3.6.1.4.1.3317.1.3.1 secretpassword NET-SNMP version 5.0.8 When I launch radiusd using radiusd -xxx, I see the logs, I do not see an entry showing that the radiusd has connected to the SMUX. My log file looks something like: Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /usr/local/var main: logdir = /usr/local/var/log/radius main: libdir = /usr/local/lib main: radacctdir = /usr/local/var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /usr/local/var/log/radius/radius.log main: log_auth = yes main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /usr/local/var/run/radiusd/radiusd.pid main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: servers_per_realm = 15 security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: ignore_password = no mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: passwd = (null) mschap: authtype = MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = (null) unix: shadow = (null) unix: group = (null) unix: radwtmp = /usr/local/var/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded preprocess preprocess: huntgroups = /usr/local/etc/raddb/huntgroups preprocess: hints = /usr/local/etc/raddb/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = suffix realm: delimiter = @ Module: Instantiated realm (suffix) Module: Loaded files files: usersfile =
Why FreeRADIUS?
Hi! I'm new to the list but not new to RADIUS. I'm a net engineer at an ISP with about 1300 dial-in users, currently using ICRADIUS. Since that project is pretty well dead (despite claims on the mailing list otherwise) I'm considering alternatives. I *really* don't want to change my database around (currently using MySQL with some custom reporting utilities written by yours truly). I'm looking at FreeRADIUS and OpenRADIUS. Why should I use FreeRADIUS? I'm sure you all have reasons or you wouldn't be using it yourselves; please enlighten me. Cheers, --Scott! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ascend Binary attribute error
The situation is this. The server starts up, will authenticate about the first 12 users or so, and then give the following error, at which time the proxy feeding this server will put it in dead status, causing major headache as you can probably imagine. I cannot figure out why this error isn't there at the start. The startup error is: Wed Jun 18 18:53:11 2003 : Debug: parse buffer: Framed-Protocol = PPP, Ascend-Data-Filter = ip input forward tcp est, Ascend-Data-Filter = ip input forward 0 dstip xxx.yyy.zzz.0/24, Ascend-Data-Filter = ip input forward 0 dstip xx.yyy.zzz.0/24, Ascend-Data-Filter = ip input forward 0 dstip xx.yyy.zz.0/24, Ascend-Data-Filter = ip input forward 0 dstip xxx.yyy.zzz.0/24, Ascend-Data-Filter = ip input forward 0 dstip xx.yyy.z/24, Ascend-Data-Filter = ip input drop tcp dstport = 25, Ascend-Data-Filter = ip input forward 0 parse error : failed to parse Ascend binary attribute: ip filter error: do not recognize input in ip input forward tcp est Thanks for any help you can provide! -- Robert D. Haskins [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cisco Aironet 1200 and MAC address authentication
Hi, I am trying to do MAC address only auth from a Cisco aironet 1200AP and freeradius. I have gone thro many sites and postings regarding this issue and I am still facing problems. It will be of great help if anyone can share their tips. I have the freeradius setup and users file containing the client info in the format xx...xx Auth-Type:=Local, User-Password = xx...xx AP hits the Radius server and gets an ACCEPT packet, and assigns a DHCP address in our address space and immediately it resigns to a address nowhere in our address space. I just can't figure out what is going on ? Anand _ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Why FreeRADIUS?
It is very efficient as far as CPU cycles are concerned. The 'releases' are rock solid because they have already been field tested by many users before being called a release. It is also very flexible. The sql queries for MySql are not hard coded, they are in a config file. I am not familiar with the IC radius schema, but it wouldn't surprise me to find out you might be able to run a test environment using your current schema. Once you are satisfied though, I would think converting to the standard FR schema would be the thing to do. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Scott A. H. Phillips Sent: Thursday, June 19, 2003 4:33 PM To: [EMAIL PROTECTED] Subject: Why FreeRADIUS? Hi! I'm new to the list but not new to RADIUS. I'm a net engineer at an ISP with about 1300 dial-in users, currently using ICRADIUS. Since that project is pretty well dead (despite claims on the mailing list otherwise) I'm considering alternatives. I *really* don't want to change my database around (currently using MySQL with some custom reporting utilities written by yours truly). I'm looking at FreeRADIUS and OpenRADIUS. Why should I use FreeRADIUS? I'm sure you all have reasons or you wouldn't be using it yourselves; please enlighten me. Cheers, --Scott! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Squid - Freeradius authentication
Hi everyone, I have been tasked with a project to grant web access to some laptop clients. I have some wireless clients some of them have permission to surf the internet others don't. All web requests on port 80 are redirected by iptables to the Squid proxy server, can I use Freeradius to authenticate the users before sending the requests out into the internet. And if the users are not allowed to surf the internet, a web page will be sent to them telling them they are denied access. Can this be done? has anybody done this care to share their experience knowledge with me? Please help me. Thanks. Best regards Matthew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re: EAP/TLS Setup problem
Hi Jean-Guillaume, I also follow this guide. I succeed. Please post your log information. Jeson [EMAIL PROTECTED] 2003-06-20 Hi Umesh, I am trying to install a freeradius/EAP-TLS athentification for my wireless network (DWL 1000 AP +) by following the instructions at http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm, but I don't manage to create correctly the certificate ... (I use openssl-0.9.7b) How do you manage to do it ? Thanks a lot for your help, Best regards, Jean-Guillaume - Original Message - From: Umesh [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, June 10, 2003 8:54 AM Subject: EAP/TLS Setup problem Hi All, I am new to FreeRadius. I am trying to setup EAP/TLS authentication. I have installed OpenSSL-0.9.7b and FreeRadius 0.8.1. I followed the instructions at http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm, but when I run radiusd -x -A, an error occurs - Unknown value EAP. (I have set Auth-Type=EAP in /etc/raddb/users) Any help would be appreciated. Regards, Umesh - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius does not try to register with SMUX- REPOSTED
From: Yousef Jamous Sent: Friday, 20 June 2003 7:18 AM Can you please send me the lines before and after the $INCLUDE ${confdir}/snmp.conf to compare it with mine? # SNMP CONFIGURATION # # Snmp configuration is only valid if SNMP support was enabled # at compile time. # # To enable SNMP querying of the server, set the value of the # 'snmp' attribute to 'yes' # snmp= yes $INCLUDE ${confdir}/snmp.conf # THREAD POOL CONFIGURATION -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] The Creation of the Universe was made possible by a grant from Texas Instruments. -- PBS - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius and openldap
From: Leo Edmiston-Cyr Sent: Wednesday, 18 June 2003 11:55 PM Sylvain MASNADA wrote: I'd like to know too, which free client do you use on linux, with its advantages and disavantages, if possible. I've difficulties to made them well-work on this platform. (I tried Xsupplicant and Aegis -trial beta version-) ?? client? You mean RADIUS client or LDAP client? RADIUS comes with a free client -- radtest. LDAP (OpenLDAP) comes with free clients -- ldapsearch, ldapmodify... I'm not sure what you mean here. He actually means 802.1x supplicant. Or at least, that's what he's listing as tried... -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: All or any client access
From: Mark Gaither Sent: Friday, 20 June 2003 1:12 AM client 0.0.0.0/24 { secret = foo shortname = bar } I think you meant client 0.0.0.0/0 { which would match any IP address on the internet... Unless FreeRADIUS does weird stuff, what you've got would only match 0.0.0.0-255, which is unlikely to be what you meant. -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] The Creation of the Universe was made possible by a grant from Texas Instruments. -- PBS - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html