Re: Compiling freeradius with rlm_sql_sybase

[Eivind Ravndal]

- Original Message - 
From: Alan DeKok [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 15, 2003 6:06 PM
Subject: Re: Compiling freeradius with rlm_sql_sybase


  Anybody successfully compiled freeradius with rlm_sql_sybase ?
  I think there's something wrong with my Makefile
  /freeradius-0.8.1/src/modules/rlm_sql/drivers/rlm_sql_sybase/Makefile

   Did you try reading it?  It says you've got to edit it by hand to
 get it to work.


Yes,
I've read it, but I don't know what to change. So I was hoping someone
who've compiled it successfully would paste me their MakeFile so I could get
some ideas. I am pretty sure this line is the one which is wrong:
---
RLM_SQL_LIBS
  =  -L/opt/sybase/OCS-12_0/lib -ltcl -lcomn -lintl -lnsl -ldl -lm -lcs -lct
---
When I comment out this line, it compiles and installs just fine, but it
will not run since there's missing some libs.


Mvh,
Regards,
Eivind Ravndal
NetPower Int


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: bugfix for src/modules/rlm_x99_token

[Frank Cusack]

On Tue, Jul 08, 2003 at 03:54:57PM +0200, Steffen Ullrich wrote:
 
 os: linux
 version: freeradius-0.8.1
  
 in async mode, when the authorize code gets the reply with the challenge
 in the state it returns successfully but does not set the Auth-Type,
 so that the authenticate code (which checks the response against the 
 challenge) will not be executed. The following patch should fix this.

Try this instead (please let me know if this works for you, ASAP
if you can, so that this can get into 0.9):

Index: x99_rlm.c
===
RCS file: /source/radiusd/src/modules/rlm_x99_token/x99_rlm.c,v
retrieving revision 1.37
diff -u -r1.37 x99_rlm.c
--- x99_rlm.c   13 Nov 2002 04:21:59 -  1.37
+++ x99_rlm.c   16 Jul 2003 07:21:08 -
@@ -306,6 +306,9 @@
 /* The State attribute will be present if this is a response. */
 if (pairfind(request-packet-vps, PW_STATE) != NULL) {
DEBUG(rlm_x99_token: autz: Found response to access challenge);
+   if (!auth_type_found)
+   pairadd(request-config_items,
+   pairmake(Auth-Type, inst-name, T_OP_EQ));
return RLM_MODULE_OK;
 }
 
@@ -440,10 +443,9 @@
 request-reply-code = PW_ACCESS_CHALLENGE;
 DEBUG(rlm_x99_token: Sending Access-Challenge.);
 
-/* TODO: support config-specific auth-type */
 if (!auth_type_found)
pairadd(request-config_items,
-   pairmake(Auth-Type, x99_token, T_OP_EQ));
+   pairmake(Auth-Type, inst-name, T_OP_EQ));
 return RLM_MODULE_HANDLED;
 }
 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Compiling freeradius with rlm_sql_sybase

[Paul Hampson]

 From: Eivind Ravndal
 Sent: Wednesday, 16 July 2003 5:10 PM

  From: Alan DeKok [EMAIL PROTECTED]
  To: [EMAIL PROTECTED]

   Anybody successfully compiled freeradius with rlm_sql_sybase ?
   I think there's something wrong with my Makefile
   /freeradius-0.8.1/src/modules/rlm_sql/drivers/rlm_sql_sybase/Makefile

Did you try reading it?  It says you've got to edit it by hand to
  get it to work.

 I've read it, but I don't know what to change. So I was hoping someone
 who've compiled it successfully would paste me their MakeFile so I could get
 some ideas. I am pretty sure this line is the one which is wrong:
 ---
 RLM_SQL_LIBS
   =  -L/opt/sybase/OCS-12_0/lib -ltcl -lcomn -lintl -lnsl -ldl -lm -lcs -lct
 ---
 When I comment out this line, it compiles and installs just fine, but it
 will not run since there's missing some libs.

Assuming you're using libct to compile it, try changing the
/opt/sybase/OCS-12_0/lib to the directory where libct.so is on your system.

You're also going to have to make the /opt/sybase/OCS-12_0/include on the
previous instead be the directory that ctpublic.h lives in.

(These two steps should be unneccessary if your libct.so lives in /usr/lib
and your ctpublic.h lives in /usr/include, eg. freetds-dev package in
Debian, and presumably the equivalent pacakges in other Linux distributions)

Then make the TARGET line be
TARGET = rlm_sql_sybase

Then run make in that directory, and see if it works...

Otherwise, maybe the libct you've got installed came with some documentation?

I was going to have a play with that post-0.9, to see if I could integrate
it into the rest of the build system... But I don't use sybase so it would
be a mainly academic exercise.

--
=
Paul TBBle Hampson
Bubblesworth Pty Ltd (ABN: 51 095 284 361)
[EMAIL PROTECTED]

This is a one line proof...if we start
sufficiently far to the left.
-- Cambridge University Math Department
-
Random signature generator 3.0 by Paul TBBle Hampson
=


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Compiling freeradius with rlm_sql_sybase

[Paul Hampson]

 From: Paul Hampson
 Sent: Wednesday, 16 July 2003 5:41 PM

  From: Eivind Ravndal
  Sent: Wednesday, 16 July 2003 5:10 PM
 
   From: Alan DeKok [EMAIL PROTECTED]
   To: [EMAIL PROTECTED]
 
Anybody successfully compiled freeradius with rlm_sql_sybase ?
I think there's something wrong with my Makefile
/freeradius-0.8.1/src/modules/rlm_sql/drivers/rlm_sql_sybase/Makefile
 
 Did you try reading it?  It says you've got to edit it by hand to
   get it to work.
 
  I've read it, but I don't know what to change. So I was hoping someone
  who've compiled it successfully would paste me their MakeFile so I could get
  some ideas. I am pretty sure this line is the one which is wrong:
  ---
  RLM_SQL_LIBS
=  -L/opt/sybase/OCS-12_0/lib -ltcl -lcomn -lintl -lnsl -ldl -lm -lcs -lct
  ---
  When I comment out this line, it compiles and installs just fine, but it
  will not run since there's missing some libs.

 I was going to have a play with that post-0.9, to see if I could integrate
 it into the rest of the build system... But I don't use sybase so it would
 be a mainly academic exercise.

I just tried it then, and the libct in Debian (0.61) built with the
following Makefile segment (although I've made slight changes to the build
system, but these should be OK)

TARGET = rlm_sql_sybase
SRCS   = sql_sybase.c
RLM_SQL_CFLAGS = $(INCLTDL)
RLM_SQL_LIBS   = -lnsl -lct

and the following patch to sql_sybase.c (Broken whitespace, but it should be obvious 
what
to change.) which I suspect is only needed for gcc 3.2+. Still a ton of warnings 
though,
mainly prototype issues from which many of the sql drivers suffer.

--- 
/home/tbble/frcvs/branch_0_9/src/modules/rlm_sql/drivers/rlm_sql_sybase/sql_sybase.c   
 2002-07-30 00:59:13.0 +1000
+++ sql_sybase.c2003-07-16 17:48:52.0 +1000
@@ -344,7 +344,7 @@
if ((results_ret = ct_results(sybase_sock-command, result_type)) == 
CS_SUCCEED) {
if (result_type != CS_CMD_SUCCEED) {
if  (result_type == CS_ROW_RESULT) {
-   radlog(L_ERR,rlm_sql_sybase(sql_query): sql_query 
processed a query returning rows.
+   radlog(L_ERR,rlm_sql_sybase(sql_query): sql_query 
processed a query returning rows.\
 Use sql_select_query instead!);
}
radlog(L_ERR,rlm_sql_sybase(sql_query): Result failure or 
unexpected result type from query\n%s,

This was against 0.9.0-pre2, BTW. I doubt it's different in CVS HEAD, or pre3.

--
=
Paul TBBle Hampson
Bubblesworth Pty Ltd (ABN: 51 095 284 361)
[EMAIL PROTECTED]

This is a one line proof...if we start
sufficiently far to the left.
-- Cambridge University Math Department
-
Random signature generator 3.0 by Paul TBBle Hampson
=


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Compiling freeradius with rlm_sql_sybase

[Eivind Ravndal]

 I just tried it then, and the libct in Debian (0.61) built with the
 following Makefile segment (although I've made slight changes to the build
 system, but these should be OK)

 TARGET = rlm_sql_sybase
 SRCS   = sql_sybase.c
 RLM_SQL_CFLAGS = $(INCLTDL)
 RLM_SQL_LIBS   = -lnsl -lct

It connects to my mssql server!
Great !

I didn't use your patch on sql_sybase.c, just modified the Makefile.

Do you know if it's possible to run stored procedures on mssql from
freeradius ?


Mvh,
Regards,
Eivind Ravndal
NetPower Int


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_perl bug

[Boian Jordanov]

On _ 2003-07-01 at 20:20, Manuel Sousa wrote:
 Hi all,
   
   I just tried the latest CVS (couple of hours ago) version and found a
 bug when using 2 instances of the module.

There is a patch against latest CVS that should fix it. Enjoy. 

-- 
Best Regards,

Boian Jordanov
SNE
Orbitel - the Internet Company
tel. +359 2 937 07 23

Index: rlm_perl.c
===
RCS file: /source/radiusd/src/modules/rlm_perl/rlm_perl.c,v
retrieving revision 1.11
diff -u -r1.11 rlm_perl.c
--- rlm_perl.c	25 Jun 2003 21:37:57 -	1.11
+++ rlm_perl.c	16 Jul 2003 08:35:55 -
@@ -12,7 +12,7 @@
  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *   GNU General Public License for more details.
- *
+ * 
  *   You should have received a copy of the GNU General Public License
  *   along with this program; if not, write to the Free Software
  *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
@@ -40,10 +40,6 @@
 #undef INADDR_ANY
 #endif
 
-#ifdef INADDR_NONE
-#undef INADDR_NONE
-#endif
-
 #include EXTERN.h
 #include perl.h
 #include XSUB.h
@@ -52,118 +48,122 @@
 
 static const char rcsid[] = $Id: rlm_perl.c,v 1.11 2003/06/25 21:37:57 aland Exp $;
 
+#ifdef USE_ITHREADS
+
+/*
+ * Pool of Perl's clones (genetically cloned) ;)
+ *
+ */
+typedef struct pool_handle {
+struct pool_handle  *next;
+struct pool_handle  *prev;
+enum {busy, idle}   status;
+unsigned intrequest_count;
+PerlInterpreter *clone;
+} POOL_HANDLE;
+
+typedef struct PERL_POOL {
+POOL_HANDLE *head;
+POOL_HANDLE *tail;
+
+int current_clones;
+int active_clones;
+int max_clones;
+int start_clones;
+int min_spare_clones;
+int max_spare_clones;
+int max_request_per_clone;
+int cleanup_delay;
+perl_mutex  mutex;
+time_t  time_when_last_added;   
+} PERL_POOL;
+
+#endif 
 
 /*
- *	Define a structure for our module configuration.
+ *  Define a structure for our module configuration.
  *
- *	These variables do not need to be in a structure, but it's
- *	a lot cleaner to do so, and a pointer to the structure can
- *	be used as the instance handle.
+ *  These variables do not need to be in a structure, but it's
+ *  a lot cleaner to do so, and a pointer to the structure can
+ *  be used as the instance handle.
  */
 typedef struct perl_inst {
-	/* Name of the perl module */
-	char	*module;
-	
-	/* Name of the functions for each module method */
-	char	*func_authorize;
-	char	*func_authenticate;
-	char	*func_accounting;
-	char	*func_start_accounting;
-	char	*func_stop_accounting;
-	char	*func_preacct;
-	char	*func_checksimul;
-	char	*func_detach;
-	char	*func_xlat;
-	char	*xlat_name;
-	char	*perl_flags;
+/* Name of the perl module */
+char*module;
+
+/* Name of the functions for each module method */
+char*func_authorize;
+char*func_authenticate;
+char*func_accounting;
+char*func_start_accounting;
+char*func_stop_accounting;
+char*func_preacct;
+char*func_checksimul;
+char*func_detach;
+char*func_xlat;
+char*xlat_name;
+char*perl_flags;
+PerlInterpreter *perl;
+#ifdef USE_ITHREADS
+PERL_POOL   *perl_pool;
+#endif
 } PERL_INST;
 /*
- *	A mapping of configuration file names to internal variables.
+ *  A mapping of configuration file names to internal variables.
  *
- *	Note that the string is dynamically allocated, so it MUST
- *	be freed.  When the configuration file parse re-reads the string,
- *	it free's the old one, and strdup's the new one, placing the pointer
- *	to the strdup'd string into 'config.string'.  This gets around
- *	buffer over-flows.
+ *  Note that the string is dynamically allocated, so it MUST
+ *  be freed.  When the configuration file parse re-reads the string,
+ *  it free's the old one, and strdup's the new one, placing the pointer
+ *  to the strdup'd string into 'config.string'.  This gets around
+ *  buffer over-flows.
  */
 static CONF_PARSER module_config[] = {
-	{ module,  PW_TYPE_STRING_PTR,
-	  offsetof(PERL_INST,module), NULL,  module},
-	{ func_authorize, PW_TYPE_STRING_PTR,
-	  offsetof(PERL_INST,func_authorize), NULL, authorize},
-	{ func_authenticate, PW_TYPE_STRING_PTR,
-	  offsetof(PERL_INST,func_authenticate), NULL, authenticate},
-	{ func_accounting, PW_TYPE_STRING_PTR,
-	  offsetof(PERL_INST,func_accounting), NULL, accounting},
-	{ func_preacct, PW_TYPE_STRING_PTR,
-	  offsetof(PERL_INST,func_preacct), NULL, preacct},
-	{ func_checksimul, 

Re: rlm_counter compile/configure problem / Solaris8

[Christian Esken]

Hello Peter,

 A similar problem exists in the kerberos module.
 I expect we will have these issues sorted out for version 1.0 (or ever 
 version 0.9.1)

 Send me a patch that works and I will test it :-)

Here is the patch for rlm_counter/configure.in . I retested it with 
freeradius-0.9.0-pre3.

# Copy patch to src/modules/rlm_counter and cd to directory.
patch  freeradius-rlm_counter.patch

# I don't know how the freeradius build process works. But somewhen before shipping
# you must recreate the configure script. For example, with current autoconf:
autoconf -I ../../..

With this patch I see while doing ./configure

checking for gdbm.h... no
checking for gdbm_open in -lgdbm... yes
checking for gdbm_fdesc... no
configure: WARNING: silently not building rlm_counter.
configure: WARNING: FAILURE: rlm_counter requires:  gdbm.h.
configure: creating ./config.status
config.status: creating Makefile
config.status: creating config.h
config.status: config.h is unchanged

And while doing make:

make[6]: Entering directory `/home/chris/freeradius-0.9.0-pre1/src/modules/rlm_c
ounter'
make[6]: Nothing to be done for `static'.
make[6]: Nothing to be done for `dynamic'.
make[6]: Leaving directory `/home/chris/freeradius-0.9.0-pre1/src/modules/rlm_counter'

Looks good for me.


I know there are a lot more configure related problems in current freeradius. You 
mentioned you wanted to sort them out, so here is my list:

rlm_ippool
Needs gdbm.h

rlm_ldap
Needs ldap.h from OpenLDAP. Solaris ldap.h  fails to meet the requirements. The 
configure script should check for OpenLDAP specialities like LDAPS_PORT , 
LDAP_OPT_X_TLS_HARD , LDAP_OPT_NETWORK_TIMEOUT , LDAP_OPT_X_TLS .

rlm_eap
Needs ltdl.h

rlm_sql
Needs ltdl.h

Bye,
  Christian


-- 
cityweb DSL start ab monatlich 3,49 Euro *** http://www.cityweb.de/dsl ***
Sekundenschneller Seitenaufbau, Downloads, Videos und vieles mehr. Mit
Cityweb-DSL wird der Blick auf die Uhr beim Surfen überflüssig!

freeradius-rlm_counter.patch
Description: Binary data

configure / make problem on suse 8.0

[barry]

Hi There

Using freeradius 0.9.0-pre3. 

After a ./configure and a make I get the following 
errors :

-module -static -g -O2 -D_REENTRANT 
-D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -D_LIBRADIUS 
-I../include dict.o print.o radius.o valuepair.o token.o misc.o log.o filters.o 
missing.o md4.o md5.o sha1.o hmac.o snprintf.o isaac.o smbdes.o crypt.o -o 
libradius.agmake[4]: /usr/local/httpd/htdocs/freeradius: Command not 
foundgmake[4]: *** [libradius.a] Error 127gmake[4]: Leaving directory 
`/usr/local/httpd/htdocs/freeradius 
0.9.0-pre3/freeradius/freeradius-0.9.0-pre3/src/lib'gmake[3]: *** [common] 
Error 1gmake[3]: Leaving directory `/usr/local/httpd/htdocs/freeradius 
0.9.0-pre3/freeradius/freeradius-0.9.0-pre3/src'gmake[2]: *** [all] Error 
2gmake[2]: Leaving directory `/usr/local/httpd/htdocs/freeradius 
0.9.0-pre3/freeradius/freeradius-0.9.0-pre3/src'gmake[1]: *** [common] Error 
1gmake[1]: Leaving directory `/usr/local/httpd/htdocs/freeradius 
0.9.0-pre3/freeradius/freeradius-0.9.0-pre3'make: *** [all] Error 
2
Is this still a problem with the version or my 
system or me ?

Thanks
Barry

RE: configure / make problem on suse 8.0

[Paul Hampson]

From: [EMAIL PROTECTED]
Sent: Wednesday, 16 July 2003 7:34 PM

 Using freeradius 0.9.0-pre3. 

 After a ./configure and a make I get the following errors :

 -module -static  -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS \
 -Wall -D_GNU_SOURCE -DNDEBUG  -D_LIBRADIUS -I../include dict.o \
 print.o radius.o valuepair.o token.o misc.o log.o filters.o \
 missing.o md4.o md5.o sha1.o hmac.o snprintf.o isaac.o smbdes.o \
 crypt.o -o libradius.a
 gmake[4]: /usr/local/httpd/htdocs/freeradius: Command not found
 gmake[4]: *** [libradius.a] Error 127
 gmake[4]: Leaving directory `/usr/local/httpd/htdocs/freeradius 
 0.9.0-pre3/freeradius/freeradius-0.9.0-pre3/src/lib'
 gmake[3]: *** [common] Error 1
 gmake[3]: Leaving directory `/usr/local/httpd/htdocs/freeradius 
 0.9.0-pre3/freeradius/freeradius-0.9.0-pre3/src'
 gmake[2]: *** [all] Error 2
 gmake[2]: Leaving directory `/usr/local/httpd/htdocs/freeradius 
 0.9.0-pre3/freeradius/freeradius-0.9.0-pre3/src'
 gmake[1]: *** [common] Error 1
 gmake[1]: Leaving directory `/usr/local/httpd/htdocs/freeradius 
 0.9.0-pre3/freeradius/freeradius-0.9.0-pre3'
 make: *** [all] Error 2

 Is this still a problem with the version or my system or me ?

It _looks_ like it's falling over the space in your path... However,
the relevant part of the command has been trimmed from just off
the top... (The first line above is part of the arguments to the
command)

The whole make output would prolly help narrow it down, but I
don't think it's a bug in FreeRADIUS per se, unless some of the
makefile scripts make unfortunate assumptions about file naming.

--
=
Paul TBBle Hampson
Bubblesworth Pty Ltd (ABN: 51 095 284 361)
[EMAIL PROTECTED]

This is a one line proof...if we start
sufficiently far to the left.
-- Cambridge University Math Department
-
Random signature generator 3.0 by Paul TBBle Hampson
=


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: dialup_admin user_admin.php3

[Kostas Kalevras]

On Tue, 15 Jul 2003, alantu wrote:

 freeradius-users

 In the dialup_admin gui ,if anyone want to edit the user,he only need to input 
 the user name and do it.
 I find that in the user edit file user_admin.php3 only need the username without 
 username passwd.
 Do anyone know how to chage when someone wants to edit user he should input the 
 username and the user passwd?
 i am fool with php

It's a little bit complicated.
In any case dialupadmin is an interface for admins. You are not supposed to
provide the user password to make changes.


   Thanks
 alantu
 [EMAIL PROTECTED]
 



 -
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_perl bug

[Manuel Sousa]

On Wed, 2003-07-16 at 09:45, Boian Jordanov wrote:
 On _ 2003-07-01 at 20:20, Manuel Sousa wrote:
  Hi all,
  
  I just tried the latest CVS (couple of hours ago) version and found a
  bug when using 2 instances of the module.
 
 There is a patch against latest CVS that should fix it. Enjoy. 

First of all thanks for your work,

I've applied the patch (against pre3 and it went in ok), but i still
have the same problem. Bellow i send some logs.

Another thing i've come upon is that i wanted to change the
request-simul_count from within the perl script (using a perl script in
the session phase) and wonder if it is possible. For now i did a crude
patch to modules.c where if i return USERLOCK it considers the case
where it there are already more users logged in than there should.

I'm willing to test others scripts/patches so if you want to you may
either send me a email or to the list and i'll try it.

Again thanks,
Manuel Sousa

=LOG=
(both have func_accounting = accounting)
Using perl at 0x81162a0
rlm_perl: rlm_perl:: PERL2
  modcall[accounting]: module perl1 returns ok
radius_xlat:  'night'

( perl1 = func_accounting = accounting ; perl2 = func_accounting =
accounting2 )
Using perl at 0x81162a0
rlm_perl: perl_embed:: module = /servicos/freeradius/sbin/perl1.pl ,
func = accounting exit status= Global symbol $stdin requires explicit
package name. Global symbol $stdout requires explicit package name.
Global symbol $stderr requires explicit package name. Undefined
subroutine main::accounting called.
  modcall[accounting]: module perl1 returns reject
modcall: group group returns reject
Using perl at 0x8120288
rlm_perl: rlm_perl:: PERL2
  modcall[accounting]: module perl2 returns ok

=END LOG=

=SCRIPT=
perl1
sub accounting{
radiusd::radlog(1,rlm_perl:: PERL1);
return RLM_MODULE_OK;
}

perl2
sub accounting{ # Later sub accounting2
radiusd::radlog(1,rlm_perl:: PERL2);
return RLM_MODULE_OK;
}
=END SCRIPT=



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

FreeRadius 0.9.0pre3 SuSE 8.2 rpms

[Peter Nixon]

I have built 0.9.0pre3 SuSE 8.2 rpms. they are available from:
http://www.peternixon.net/files/freeradius/ 

If anyone feels like testing these, that would be great. Anyone with versions 
of SuSE older than 8.2 (or versions of 8.2 that are not as updated as my 
workstation) can download freeradius-0.9.0pre3-0.src.rpm and rebuild it if 
the binary rpms fail due to dependencies on your system.

Anyone not running SuSE, if you have some time  we would appreciate your help 
in downloading and compiling
ftp://ftp.freeradius.org/pub/radius/freeradius-0.9.0-pre3.tar.gz

We should have the final 0.9.0 release out sometime next week, so please get 
any bug reports into us asap.

-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Compilation problems...

[Edouard Correia]

Hi all,

I don't know what's the bug reporting process so I decide to notify it
on this ML.
I compile and run free radius 0.8.1 on BSDI4 for 3 months with no
problem but some crashes occured however.
I Tried to compile the latest free radius release (0.9.0 pre3)
on my BSDI box with no success, using the configuration line:
 CFLAGS=-O2 ./configure --without-threads 

First I get :
gcc  -O2 -Wall -D_GNU_SOURCE -DNDEBUG  -I../include   -c radiusd.c
radiusd.c: In function `main':
radiusd.c:309: structure has no member named `sa_sigaction'
radiusd.c: At top level:
radiusd.c:106: warning: `got_child' defined but not used
radiusd.c:117: warning: `needs_child_cleanup' defined but not used


So I made the following changes:
309c309
   act.sa_handler = NULL;
---
   act.sa_sigaction = NULL;
2213a2214
   act.sa_sigaction = NULL;


Then I got 
radiusd.o: In function `main':
radiusd.o(.text+0xd00): undefined reference to `total_active_threads'


Since I disable Threads, this change is needed
845d844
 #if HAVE_PTHREAD_H
848,850d846
 #else
 if   (max_wait = 5) {
 #endif


It compiles fine right now


Thanks.



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RES: UNKNOWN NAS

[Ricardo Batista]

I did the upgrade and finish my problem.

Thanks Alan and Vincent.

Ricardo.

-Mensagem original-
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Em nome de Alan DeKok
Enviada em: segunda-feira, 14 de julho de 2003 12:09
Para: [EMAIL PROTECTED]
Assunto: Re: UNKNOWN NAS 

Ricardo Batista [EMAIL PROTECTED] wrote:
 
 Hi, I have a problem using Freeradius 0.5.

  Yuck.  Did you try upgrading?

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Replicator - PostgreSQL for DB backend

[Bernie, CTA]

Hi Peter,

We use a modified (well hacked) version of PostgreSQL Replicator 
and have experienced no significant problem.

These were our primary DBMS replication requirements:

1. We needed a solution to operate securely within our 
distributed data environment  100 physical locations, and 
10,000 virtual datamarts.

2. We needed a replication topology that was scalable and 
reliable with no single-point-of-failure, as present in most 
DBMS Replication topologies. (Another reason why MySQL was not 
attractive, as at the time only master-slave replication was 
supported)

3. We required the ability to do asynchronous queries.

4. We required the metadata catalog and file replica catalog to 
be distributed yet appear virtually centralized.

5. Since we were creating a virtual metadata catalog and a 
unique autonomous security monitoring and incident handling 
system, access to all of the source code was required.

After looking at a few others… DBBALANCER 
http://dbbalancer.sourceforge.net/ we picked PostgreSQL 
Replicator http://pgreplicator.sourceforge.net/ and made a few 
customized changes to the source to accommodate our unique 
security monitoring and incident handling system. 

I am now in the early stages of planning a complete design of 
our own PostgreSQL BDMS replicating technology featuring our 
autonomous security monitoring and incident handling method. I 
am not sure if the project will be a public or private.



On 14 Jul 2003 at 16:44, Peter Nixon wrote:

 On Mon, 14 Jul 2003 04:24 pm, Bernie, CTA wrote:
  On 14 Jul 2003 at 10:30, Peter Nixon wrote:
   Hi List
  
   I would like to take a quick straw poll.
  
   a) If you use a Database backend for FreeRadius which one do
   you use?
 
  We are an BSDi / Open BSD environment
 
  Accounting - Redundant Postgres DB
  == to other DBMS such as MySQL, Oracle its:
  1. No license fee
  2. Less Security Vulnerabilities
  3. Easier to replacate
  4. Lends to a Decentralized / Virtually Centralized DBMS
  topology, which is better for security applications
  5. Better Transaction Processing Performance
  6. Less overhead
  7. Control of source
  8. Scales well
  9. Faster
 
 Yep. No arguements from me on these :-) For general purpose DB
 work Postgres pretty much walks all over the competition when you
 take all these factors into account. I can only imagine needing
 to pay for a commercial DB if I was handling Terabytes of data.
 (Postgres happily handles many gigabytes of data per table for me
 currently)
 
 Do you mind telling me what replication system you use (Postgres
 has several) and how you find it? Are there any gotchas/problems?
 (I currently run my DBs standalone as I simply don't have the
 reliability issues with postgres that used to force me to
 replicate/cluster my MySQL boxes..)
 
 TIA
 
 -- 
 

-
-

Bernie 
Chief Technology Architect
Chief Security Officer
[EMAIL PROTECTED]
Euclidean Systems, Inc.
***
// There is no expedient to which a man will not go 
//to avoid the pure labor of honest thinking.   
// Honest thought, the real business capital.
//  Observe Think Plan Think Do Think  
***



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

multi linking...

[Chris Knipe]

Lo everyone,

Very basic, can a PPTP VPN tunnel be multi-linked?

A bit more details, say you have 10 x 128k dialup connections established to
5 different ISPs.  Can 10 VPNs be established to one VPN Server (More than
likely a Cisco VPN Concentrator), and in doing so send one virtual stream
of 1280k over the 10 dialup connections to the end-user  (Let's say
theoretically, it's not possible to multi-link the individual dialup
accounts).

I know this is a off-topic, but any information will be well received...

Ty
--
me


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: multi linking...

[Christian Zoffoli]

Chris Knipe wrote:
Lo everyone,

Very basic, can a PPTP VPN tunnel be multi-linked?

A bit more details, say you have 10 x 128k dialup connections established to
5 different ISPs.  Can 10 VPNs be established to one VPN Server (More than
likely a Cisco VPN Concentrator), and in doing so send one virtual stream
of 1280k over the 10 dialup connections to the end-user  (Let's say
theoretically, it's not possible to multi-link the individual dialup
accounts).
I know this is a off-topic, but any information will be well received...

have a look to:
- TEQL
- equalizer
- iptables additional patches
Christian



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: multi linking...

[Eric Leblond]

On Wed, 2003-07-16 at 15:01, Chris Knipe wrote:
 Lo everyone,
 
 Very basic, can a PPTP VPN tunnel be multi-linked?

I've done that with linux :
create 10 gre tunnels
use eql to aggregate the tunnels
create a PPTP VPN on the eql.

Hope this help

BR,
-- 
Eric Leblond [EMAIL PROTECTED]
Alphalink


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

unsuscribe

[Jeronimo Garcia]

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

problem whith Session-Timeout

[Double]

How can I specify Session-Timeout parameter passed to NAS server
every time a user is connecting to NAS?


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Replicator - PostgreSQL for DB backend

[Sean]

On Wed, 16 Jul 2003, Bernie, CTA wrote:
 
 We use a modified (well hacked) version of PostgreSQL Replicator 
 and have experienced no significant problem.
big scissors

Just out of curiosity, I am wondering why postgres looked like a better 
solution than an ldap based solution. LDAP is supposed to be scalable and 
replicable, and designed for mostly read-only data which to me is what you 
were looking for.


Don't get me wrong, I can also see where replicable postgres stuff would
be nice and I would be interested in it for another project (that quite
possibly will never get off the gorund), but the first read through your
requirements seemed like it was screaming ldap =)




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Migration from Steel Belted Radius to FreeRadius

[Jim Watts]

Currently, my company is migrating all core services from NT4.0 to
Linux/FreeBSD ;)

The next component on my hit list is to replace Steel Belted Radius with
freeRadius.

Question, has anyone attempted this before and got any suggestions ? Of
particular interest is reading the steel belted radius export file *.rif,
and being able to convert it to appropriate freeRadius conf, db files.

Thanks

Jim Watts



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

0.8.1 , src/modules/rlm_sql/drivers/rlm_sql_postgresql/sql_postgresql.c

[Ali Gunduz]

Sorry if this is reported before...

I'm having these errors while compiling 0.8.1 with postgresql support.

#
sql_postgresql.c:115:31: missing terminating  character
sql_postgresql.c: In function `sql_check_error':
sql_postgresql.c:116: error: parse error before s
sql_postgresql.c:116:22: missing terminating  character
sql_postgresql.c:129:31: missing terminating  character
sql_postgresql.c:130: error: parse error before s
sql_postgresql.c:130:11: missing terminating  character
sql_postgresql.c: In function `sql_query':
sql_postgresql.c:227: warning: implicit declaration of function
`sql_store_result'
sql_postgresql.c:228: warning: implicit declaration of function
`sql_num_fields'
sql_postgresql.c: At top level:
sql_postgresql.c:257: warning: `sql_store_result' was declared
implicitly `extern' and later `static'
sql_postgresql.c:227: warning: previous declaration of
`sql_store_result'
sql_postgresql.c:274: warning: `sql_num_fields' was declared implicitly
`extern' and later `static'
sql_postgresql.c:228: warning: previous declaration of `sql_num_fields'
make[10]: *** [sql_postgresql.o] Error 1
#---


Mentioned file is:
src/modules/rlm_sql/drivers/rlm_sql_postgresql/sql_postgresql.c

Line 115 of this file is:
radlog(L_DBG, rlm_sql_postgresql: Postgresql
check_error:
s, returning SQL_DOWN, PQresStatus(error));

(there's a newline at the end of first line.. Above code segment is
actually two lines in sql_postgresql.c)

Guess it'd be:
radlog(L_DBG, rlm_sql_postgresql: Postgresql
check_error: %s, returning SQL_DOWN, PQresStatus(error));



The same mistake exists on line 128 too...


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Replicator - PostgreSQL for DB backend

[Bernie, CTA]

On 16 Jul 2003 at 8:54, Sean wrote:
 On Wed, 16 Jul 2003, Bernie, CTA wrote:
  
  We use a modified (well hacked) version of PostgreSQL
  Replicator and have experienced no significant problem.
 big scissors
 
 Just out of curiosity, I am wondering why postgres looked like a
 better solution than an ldap based solution. LDAP is supposed to
 be scalable and replicable, and designed for mostly read-only
 data which to me is what you were looking for.
 
 
 Don't get me wrong, I can also see where replicable postgres
 stuff would be nice and I would be interested in it for another
 project (that quite possibly will never get off the gorund), but
 the first read through your requirements seemed like it was
 screaming ldap =)
 
 


Well, for starters we could not tolerate the security 
vulnerabilities found in certain LDAP implementations, which if 
exploited could result in denial-of-service attacks and 
unauthorized privileged access. Furthermore, I believe that the 
overhead involved implementing and maintaining an LDAP solution 
cannot be justified when considering security, performance and 
economics.


-

-

Bernie 
Chief Technology Architect
Chief Security Officer
[EMAIL PROTECTED]
Euclidean Systems, Inc.
***
// There is no expedient to which a man will not go 
//to avoid the pure labor of honest thinking.   
// Honest thought, the real business capital.
//  Observe Think Plan Think Do Think  
***



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: problem whith Session-Timeout

[Ulrich Walcher]

 How can I specify Session-Timeout parameter passed to NAS server
 every time a user is connecting to NAS?
in users:
USERNAME Auth-Type := Local, User-Password == PASSWORD
Session-Timeout = ??



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

LEAP + LDAP

[idriss.mamodaly]

Hello folks,

I am working on a 802.11b network for a company. 
I try to make FreeRADIUS working with a LDAP user database, using Cisco LEAP 
authentication method. It doesn't work. 
Few months ago, i tried with Cisco Secure ACS 3.1 RADIUS server and it didn't work, 
too.
The Cisco ACS documentation mentionned that, LEAP authentication with an LDAP 
userdatabase, is impossible.

Is it also impossible, with FreeRADIUS 0.8.1 ?
Thank you for answering my question.

Greetings.

Idriss MAMODALY 
Email1 : [EMAIL PROTECTED] 
Email2 : [EMAIL PROTECTED]

P.S. : Excuse my english mistakes, i am french.

Accédez au courrier électronique de La Poste : www.laposte.net ; 
3615 LAPOSTENET (0,34€/mn) ; tél : 08 92 68 13 50 (0,34€/mn)




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Replicator - PostgreSQL for DB backend

[Peter Nixon]

On Wed, 16 Jul 2003 03:54 pm, Bernie, CTA wrote:
 Hi Peter,

 We use a modified (well hacked) version of PostgreSQL Replicator
 and have experienced no significant problem.

 These were our primary DBMS replication requirements:

 1. We needed a solution to operate securely within our
 distributed data environment  100 physical locations, and
 10,000 virtual datamarts.

 2. We needed a replication topology that was scalable and
 reliable with no single-point-of-failure, as present in most
 DBMS Replication topologies. (Another reason why MySQL was not
 attractive, as at the time only master-slave replication was
 supported)

 3. We required the ability to do asynchronous queries.

 4. We required the metadata catalog and file replica catalog to
 be distributed yet appear virtually centralized.

 5. Since we were creating a virtual metadata catalog and a
 unique autonomous security monitoring and incident handling
 system, access to all of the source code was required.

 After looking at a few others… DBBALANCER
 http://dbbalancer.sourceforge.net/ we picked PostgreSQL
 Replicator http://pgreplicator.sourceforge.net/ and made a few
 customized changes to the source to accommodate our unique
 security monitoring and incident handling system.

 I am now in the early stages of planning a complete design of
 our own PostgreSQL BDMS replicating technology featuring our
 autonomous security monitoring and incident handling method. I
 am not sure if the project will be a public or private.

I for one would love it to be public :-)

-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Migration from Steel Belted Radius to FreeRadius

[Peter Nixon]

On Wed, 16 Jul 2003 04:46 pm, Jim Watts wrote:
 Currently, my company is migrating all core services from NT4.0 to
 Linux/FreeBSD ;)

Nice :-)

 The next component on my hit list is to replace Steel Belted Radius with
 freeRadius.

Welcome to the club :-)

 Question, has anyone attempted this before and got any suggestions ? Of
 particular interest is reading the steel belted radius export file *.rif,
 and being able to convert it to appropriate freeRadius conf, db files.

I haven't I am sorry, although maybe someone else on the list has. We will 
certainly try to help you with any problems you come against though. 
Maybe you can write a migration howto... :-)

-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: LEAP + LDAP

[Luca Benassi]

On Wed, 16 Jul 2003, idriss.mamodaly wrote:
[K]
 Is it also impossible, with FreeRADIUS 0.8.1 ?
 Thank you for answering my question.

AFAIK you have to switch to other EAP type. Something that supports LDAP.
I'm trying EAP-TLS ... but certificates are not painless :]

Bye,
Luca


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Handling of the 'Class' attribute

[Alan DeKok]

Alex Chen [EMAIL PROTECTED] wrote:
 Because the client app. takes the output from 'radclient' directly,
 the 'Class' value always starts with '0x' prefix and following by
 the hex numbers representation of the octets.  When it sends it back
 to the server, it is no the same raw data as the one stored in DB
 (in its binary form).

  Then the client APP is wrong.

  Is it a FreeRADIUS-based app?  If so, then it should work, and you
need to say *exactly* how you're using the Class attribute, including
REAL examples.

  If it's not based on the FreeRADIUS code, then why are you
complaining to the FreeRADIUS list that your client app is broken?
There's nothing we can do to fix it.

  Write a dumb perl script which converts the hex 0x41... to a
string, and pass that string back to the broken client app.


  The server works.  The code is correct.  It Does The Right Thing.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Compilation problems...

[Alan DeKok]

Edouard Correia [EMAIL PROTECTED] wrote:
 I Tried to compile the latest free radius release (0.9.0 pre3)
 on my BSDI box with no success, using the configuration line:
  CFLAGS=-O2 ./configure --without-threads 
 
 First I get :
 gcc  -O2 -Wall -D_GNU_SOURCE -DNDEBUG  -I../include   -c radiusd.c
 radiusd.c: In function `main':
 radiusd.c:309: structure has no member named `sa_sigaction'

  I'll fix it in the CVS snapshot, and 0.9.0 (when it's finally done)
will also have the fix.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Migration from Steel Belted Radius to FreeRadius

[Alan DeKok]

Jim Watts [EMAIL PROTECTED] wrote:
 Currently, my company is migrating all core services from NT4.0 to
 Linux/FreeBSD ;)

  I wonder why...

 The next component on my hit list is to replace Steel Belted Radius with
 freeRadius.

  That's nice to hear.  Though I know Funk SBR runs on Solaris, and
maybe Linux, too.  (Not that I'm suggesting you stick with it.)

 Question, has anyone attempted this before and got any suggestions ? Of
 particular interest is reading the steel belted radius export file *.rif,
 and being able to convert it to appropriate freeRadius conf, db files.

 I haven't heard of anyone doing exactly that, and I don't know what
the format of the .rif files is, so I can't say much, sorry.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: 0.8.1 , src/modules/rlm_sql/drivers/rlm_sql_postgresql/sql_postgresql.c

[Alan DeKok]

Ali Gunduz [EMAIL PROTECTED] wrote:
 I'm having these errors while compiling 0.8.1 with postgresql support.

  It's a bug in 0.8.1, which is fixed in 0.9.0.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: 0.8.1 , src/modules/rlm_sql/drivers/rlm_sql_postgresql/sql_postgresql.c

[Peter Nixon]

Eeeek. I have no idea what you have done here :-)

try using the latest Prerelease version from:
 ftp://ftp.freeradius.org/pub/radius/freeradius-0.9.0-pre3.tar.gz

Let us know how you go..

Peter

On Wed, 16 Jul 2003 04:53 pm, Ali Gunduz wrote:
 Sorry if this is reported before...

 I'm having these errors while compiling 0.8.1 with postgresql support.

 #
 sql_postgresql.c:115:31: missing terminating  character
 sql_postgresql.c: In function `sql_check_error':
 sql_postgresql.c:116: error: parse error before s
 sql_postgresql.c:116:22: missing terminating  character
 sql_postgresql.c:129:31: missing terminating  character
 sql_postgresql.c:130: error: parse error before s
 sql_postgresql.c:130:11: missing terminating  character
 sql_postgresql.c: In function `sql_query':
 sql_postgresql.c:227: warning: implicit declaration of function
 `sql_store_result'
 sql_postgresql.c:228: warning: implicit declaration of function
 `sql_num_fields'
 sql_postgresql.c: At top level:
 sql_postgresql.c:257: warning: `sql_store_result' was declared
 implicitly `extern' and later `static'
 sql_postgresql.c:227: warning: previous declaration of
 `sql_store_result'
 sql_postgresql.c:274: warning: `sql_num_fields' was declared implicitly
 `extern' and later `static'
 sql_postgresql.c:228: warning: previous declaration of `sql_num_fields'
 make[10]: *** [sql_postgresql.o] Error 1
 #---


 Mentioned file is:
 src/modules/rlm_sql/drivers/rlm_sql_postgresql/sql_postgresql.c

 Line 115 of this file is:
 radlog(L_DBG, rlm_sql_postgresql: Postgresql
 check_error:
 s, returning SQL_DOWN, PQresStatus(error));

 (there's a newline at the end of first line.. Above code segment is
 actually two lines in sql_postgresql.c)

 Guess it'd be:
 radlog(L_DBG, rlm_sql_postgresql: Postgresql
 check_error: %s, returning SQL_DOWN, PQresStatus(error));



 The same mistake exists on line 128 too...


 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html

-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Handling of the 'Class' attribute

[Paul Hampson]

 From: Alex Chen
 Sent: Wednesday, 16 July 2003 10:26 AM

 Because the client app. takes the output from 'radclient' directly,
 the 'Class' value always starts with '0x' prefix and following by the hex
 numbers representation of the octets.  When it sends it back to the
 server, it is no the same raw data as the one stored in DB (in its binary form).

What it gets back is exactly the raw data stored in binary form, or at
least the raw data given in binary form to FreeRADIUS by your database.

The problem is that you've not got anything to tell your database to
present the raw data it got back as ASCII data. The default thing to
do with raw data into a string column in mySQL is to present the data
as an ASCII string representing the raw data. eg if you give 0x41424344
to mySQL to put into a string column, it will treat it as 0x41424344
which as far as FreeRADIUS is concerned is a different value entirely.

In short, if FreeRADIUS immediately inserted what it got from mySQL,
mySQL would not contain the same value it got. And as far as I can
think at this late hour, that's correct behaviour. The exceptional case
is when the string starts with 0x, in which case FreeRADIUS interprets
it not as a series of bytes, but a string representation of those
bytes. And so when it gives it back to mySQL, mySQL ends up with the
same thing it started with.

I'd suggest that the DB schema should use a different type for Class,
except that a string is the most sensible given the variable length of
the value stored...

 The questions is how I handle this?

Store the octets in your DB in the form 0xnnn. That way the
presentation forms you get back match those you sent.

OR

Massage your INSERT/UPDATE queries (Using a stored procedure, I expect)
to transform the raw data it receives from FreeRADIUS into the characters
whose ASCII values they hold. I don't guarantee this is possible though.
:-)


The only way the attribute will actually be changed is if you put 's
around it, as Alan pointed out earlier, when you put the data back
into radclient from your local client code.

If you want to verify or disprove the idea that the data is being
mangled, get tcpdump, an RFC, and look at the packets going back and
forth. If you're still stuck, try capturing both directions of a
single conversation with radclient (using tee?), and post 'em to
the list, just in case you've found a bug. (Although having just
read the relevant code, I doubt it.)

Given the simplicity of radclient.c, wouldn't it be easier to make your
software talk Radius through libradius than trying to talk 'text' with
radclient? (Only a thought...)

--
=
Paul TBBle Hampson
Bubblesworth Pty Ltd (ABN: 51 095 284 361)
[EMAIL PROTECTED]

This is a one line proof...if we start
sufficiently far to the left.
-- Cambridge University Math Department
-
Random signature generator 3.0 by Paul TBBle Hampson
=


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

ipaddress do not work with dialupadmin

[alantu]

freeradius-users
HI ALL
   In the dialupadmin web ,when make a new user ,you can define the user ipaddress 
and netmask .when i make ,but it does not work .can everybody tell me how to make ?
  

alantu
[EMAIL PROTECTED]
2003-07-16



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Handling of the 'Class' attribute

[Alex Chen]

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of
 Alan DeKok
 Sent: Wednesday, July 16, 2003 7:31 AM
 To: [EMAIL PROTECTED]
 Subject: Re: Handling of the 'Class' attribute


 Alex Chen [EMAIL PROTECTED] wrote:
  Because the client app. takes the output from 'radclient' directly,
  the 'Class' value always starts with '0x' prefix and following by
  the hex numbers representation of the octets.  When it sends it back
  to the server, it is no the same raw data as the one stored in DB
  (in its binary form).

   Then the client APP is wrong.

   Is it a FreeRADIUS-based app?  If so, then it should work, and you
 need to say *exactly* how you're using the Class attribute, including
 REAL examples.

   If it's not based on the FreeRADIUS code, then why are you
 complaining to the FreeRADIUS list that your client app is broken?
 There's nothing we can do to fix it.


I am not asking for any fix in the radius server or client.  I am just
pointing
out my observation and see what I can do to get the result I need.

   Write a dumb perl script which converts the hex 0x41... to a
 string, and pass that string back to the broken client app.


That is what I want to hear.  I indicated in my previous mail saying exactly
that.  I said 'something' has to do the conversion from this '0x41' hex
string
spit out by 'radclient' back to the original octets so they can be send back
to the server.  Maybe I did not read it right, but the impression I got from
the mail exchange was that I should not do anything at all and just pass the
string printed out by 'radclient' right back to the server.


   The server works.  The code is correct.  It Does The Right Thing.


I do not dispute that at all.  It is the interpretation of the output
printed out
by 'radclient' that caused my confusion.

Anyway, I think we had enough discussion on this and should let it rest.
Case closed.

   Alan DeKok.

 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: dictionary for Nortel's Passport 8000 products

[Gustavo Lozano]

submit it to the list


On Wed, 2003-07-16 at 13:01, lunar dee wrote:
 hi,
 i'd like to know who to contact to request additional dictionary to be
 added in the next release of freeradius.
 i have a dictionary for Nortel's Passport 8000 products for
 freeradius.
 thank you.
  
  
  
-- 
Gustavo A. Lozano Noldata Corporation
[EMAIL PROTECTED]   Calle 46 No. 40-19
CTO   Bogota D.C. Colombia
Noldata Corporation   http://noldata.com

I know not with what weapons World War III will be fought,
   but World War IV will be fought with sticks and stones.
   Albert Einstein




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

dictionary for Nortel's Passport 8000 products

[lunar dee]

hi,
i'd like to know who to contact to request 
additional dictionary to be added in the next release of 
freeradius.
i have a dictionary for Nortel's Passport 8000 
products for freeradius.
thank you.

using md5/crypt from /etc/shadow

[Bryan Koschmann - GKT]

Hello,

I'm trying to setup freeradius on a new server (have been using
cistron on my older server). I am planning on using mysql for all
authentication, however I am curious about something.

Currently we authenticate most users from the passwd file (shadow).
Because of the way they were added, some passwords are in crypt, others in
md5.

So, first off, can freeradius authenticate from mysql using md5 (while the
client sends cleartext - using pm3s)? If so, can I mix the two types,
crypt and md5, or do they HAVE to be in md5?

Thanks,

Bryan


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Accounting Packets with zero session length

[User]

I got this message when I define Simultaneous-use=1 in Freeradius 0.8
and the user connect still connected and connect again in the same
radius
The radius allow him to connect twice
how can I block the users to connect twice?
Sorry for my english

Frederico
On Tue, 2003-07-15 at 08:35, Rob Hartzenberg wrote:
 Hi again,
 
  
   snip mask-ip=1 mask-username=1
   Tue Jul 15 10:28:49 2003 : Error: rlm_sql: Stop packet with zero session
   length.  (user '[EMAIL PROTECTED]', nas '155.239.xx.xxx')
   /snip
  
   Any ideas on how to get around this?
 
  change
  #define CISCO_ACCOUNTING_HACK
  to
  #undef CISCO_ACCOUNTING_HACK
 
  in src/modules/rlm_sql/conf.h
 
  If you grep for it in rlm_sql.c you will see that this thing is
  responsible for dropping them.
 
  Oliver.
 
 The question that comes to mind now, is that surely this only occurs on the
 actual logging of the packet to the sql db.
 Will dropping this in rlm_sql affect the radutmp file at all?
 
 basically, I need to decide if this is what is causing the stale users
 syndrome or not.
 
 -TIA
 -Rob
 
 
 
 
 - 
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- 
Frederico Terra Boechat
[EMAIL PROTECTED]
Administrador de Redes
Mar Internet Provider
www.mar.com.br


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

freeradius debian dependencies

[Kirt Runolfson]

I just got through compiling freeradius-0.9.0-pre3.tar.gz on Debian
woody.  One of the things that it depends on is libiodbc2.  This in turn
depends on libglib1.2 (= 1.2.0), libgtk1.2 (= 1.2.10-4), xlibs (
4.1.0)

I really don't want these x packages installed on my radius server. 
Since I don't intend to use odbc, how can I remove the dependency on
libiodbc2?  Or is my best bet some other method?

Thank you,

Kirt Runolfson
Interlink Advantage


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius debian dependencies

[Alan DeKok]

Kirt Runolfson [EMAIL PROTECTED] wrote:
 I really don't want these x packages installed on my radius server. 
 Since I don't intend to use odbc, how can I remove the dependency on
 libiodbc2?  Or is my best bet some other method?

  Don't configure the sql module to use iodbc, and it won't be linked
against.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius debian dependencies

[Kirt Runolfson]

Kirt Runolfson [EMAIL PROTECTED] wrote:
 I really don't want these x packages installed on my radius server.
 Since I don't intend to use odbc, how can I remove the dependency on
 libiodbc2?  Or is my best bet some other method?

Alan DeKok wrote:
  Don't configure the sql module to use iodbc, and it won't be linked
against.

Thank you for the response Alan.  I tried using the --without-rlm_sql
configure option in the debian/rules script, but that broke the package
build.

A previous thread mentioned breaking off the rlm stuff into Yet Another
debian package.  There are cons to this, but I think in this case, the
pros out weigh the cons.  As it is now, just installing freeradius wants
to install 17.5 MB worth of packages on a woody server and pulls all
sorts of X packages:

The following NEW packages will be installed:
 freeradius libfreetype6 libglib1.2 libgtk1.2 libgtk1.2-common libiodbc2
 libltdl3 libsnmp-base libsnmp4.2 xfree86-common xlibs
0 packages upgraded, 11 newly installed, 0 to remove and 0 not upgraded.
Need to get 6590kB of archives. After unpacking 17.6MB will be used.

One other option might be to compile sid's libiodbc2 for woody as well,
since it does not have the x dependencies.

Please cc me in any response as I am not on the list yet.

-Kirt


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

ldap whitespace patch

[Matthew Schumacher]

Alan,

I don't know if this is something you want to include but I thought I 
would mail it to you in case you do want it.

This patch causes the rlm_ldap module to reject usernames that have 
whitespace in them.  This was causing me a lot of grief because ldap was 
accepting usernames with whitespace causing the NAS to send accounting 
messages with white space.  This white space caused the Simultaneous-Use 
code to break and it also caused a lot of accounting headaches.

There was also one case there a user was authenticated with more than 30 
chars of whitespace which broke accounting when the rlm_postgres module 
when to put that username in a varchar(20) column.

BTW, I can barely hack my way around c so hopefully there isn't anything 
wrong with my code.

schu
diff -urN rlm_ldap/rlm_ldap.c rlm_ldap.patched/rlm_ldap.c
--- rlm_ldap/rlm_ldap.c Wed Jul 16 14:22:41 2003
+++ rlm_ldap.patched/rlm_ldap.c Wed Jul 16 14:09:09 2003
@@ -148,6 +148,8 @@
 #include   modules.h
 #include   rad_assert.h
 
+#include   regex.h
+
 #define MAX_FILTER_STR_LEN 1024
 #define TIMELIMIT 5
 
@@ -1002,6 +1004,8 @@
charmodule_fmsg[MAX_STRING_LEN];
LDAP_CONN   *conn;
int conn_id = -1;
+   regex_t re;
+   char*pattern = [[:space:]];
 
DEBUG(rlm_ldap: - authorize);
 
@@ -1020,6 +1024,17 @@
radlog(L_ERR, rlm_ldap: zero length username not permitted\n);
return RLM_MODULE_INVALID;
}
+
+   /*
+* Check for valid input whitespace in names is not permitted
+*/
+   regcomp(re, pattern, REG_EXTENDED|REG_NOSUB);
+   if (regexec(re, request-username-strvalue, (size_t) 0, NULL, 0) != 1) {
+   radlog(L_ERR, rlm_ldap: whitespace in username not permitted\n);
+   return RLM_MODULE_INVALID;
+   }
+   regfree(re);
+
DEBUG(rlm_ldap: performing user authorization for %s,
   request-username-strvalue);
 

user_admin

[alantu]

freeradius-users
we know that in the user_admin of dialupadmin the admin can edit user every 
attrb.My problem is I want to make the user_admin chage ,when user wants to in 
user_admin he should input his username and passwd ,after that he only can change his 
infopasswd etc.
 Can you do me a favour to change the user_admin do?



alantu




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: using md5/crypt from /etc/shadow

[Oliver Graf]

On Wed, Jul 16, 2003 at 11:17:21AM -0700, Bryan Koschmann - GKT wrote:
 So, first off, can freeradius authenticate from mysql using md5 (while the
 client sends cleartext - using pm3s)? If so, can I mix the two types,
 crypt and md5, or do they HAVE to be in md5?

A glibc2 based systems crypt can do md5 passwords. Please check man
crypt if it can do. If not, rlm_pap can do md5.

There should be also some mails in the lists archive which describe
who crypt  md5 can be used.

Oliver.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html