EAP/TLS problems... The last mail 4/4
Freeradius log:
raddb]# radiusd -A -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
main: prefix = "/usr/local"
main: localstatedir = "/var"
main: logdir = "/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = no
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
Using deprecated clients file. Support for this will go away soon.
read_config_files: reading realms
Using deprecated realms file. Support for this will go away soon.
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded eap
eap: default_eap_type = "tls"
eap: timer_expire = 60
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/etc/1x/cert/cert-srv.pem"
tls: certificate_file = "/etc/1x/cert/cert-srv.pem"
tls: CA_file = "/etc/1x/cert/demoCA/cacert.pem"
tls: private_key_password = "eaptls9"
tls: dh_file = "/etc/1x/cert/random"
tls: random_file = "/etc/1x/cert/dh"
tls: fragment_size = 1024
tls: include_length = yes
rlm_eap_tls: conf N ctx stored
rlm_eap: Loaded and initialized the type tls
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/raddb/huntgroups"
preprocess: hints = "/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded attr_filter
attr_filter: attrsfile = "/etc/raddb/attrs"
Module: Instantiated attr_filter (attr_filter)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/etc/raddb/users"
files: acctusersfile = "/etc/raddb/acct_users"
files: preproxy_usersfile = "/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port-Id"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded System
unix: cache = no
unix: passwd = "/etc/passwd"
unix: shadow = "(null)"
unix: group = "/etc/group"
unix: radwtmp = "/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded radutmp
radutmp: filename = "/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on IP address *, ports 1812/udp and 1813/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 194.142.202.102:6001, id=110,
length=132
User-Name = "helpdesk"
NAS-IP-Address = 194.142.202.102
Called-Station-Id = "00-20-a6-48-e0-a3"
Calling-Station-Id = "00-20-a6-4c-b0-1f"
NAS-Identifier = "CTI-AP-2000"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0202000d0168656c706465736b
Message-Authenticator = 0x66e088c10d28c82a8f08b1b283dca42f
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "attr_filter" returns noop
rlm_eap: EAP
Re: Another noob who can't compile on OS X
Dave Pooser <[EMAIL PROTECTED]> wrote: > It configures without complaining, although looking through the config.log I > see a lot of lines like: > configure:1453: error: `__CYGWIN32__' undeclared (first use in this > function) If it doesn't die, don't worry about it. > Then I try "make" and end up with: > > make[4]: *** [radiusd] Error 1 Which is quite unhelpful. There were more descriptive errors printed out by make. MAC OSX apparently has issues in 0.9.0, too. They do even more weird things, which means building it is annoying, but not impossible. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco VoIP and Simultaneous-use
"Guillermo Delmastro" <[EMAIL PROTECTED]> wrote: > The problem is that for a voip call (i am using it throgh an IVR) the > nas-port is always 0, so for the same user (called PIN) calling from the > same nas, we are only able to see one entry in radutmp file. For this > reason, simultaneous-use doesn't work. > > If all of this is correct, is there another way to check simultaneous use? Find some other way of telling user sessions apart. Caller ID, maybe. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
libradius library.
Hello all. I am thinking of using to use the RADIUS protocol in another program. I would like to process radius request (as it is specified in radius.c for example). what should I do? should I use libradius library? is it enough? Thank you very much --- -- Rafael Marin Lopez Faculty of Computer Science-University of Murcia 30071 Murcia - Spain Telf: +34968367645 e-mail: [EMAIL PROTECTED] -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radrelay replication loop
> > > Since the "Client-IP-Address" value is not there, the packet keeps > > > looping between the two servers. Problem solved, I had disabled the "preprocess" module which takes care of adding the "Client-IP-Address" attribute to the packet. Navid signature.asc Description: This is a digitally signed message part
Re: Interface with standard wireless access point
Hi,
client 192.168.0.100 {
secret = prueba
shortname = Dlink
nastype = other
}
The line was nastype.
Good luck
Regards.
Omar
Aime escribió:
Omar,
what did you change in the client file exactly ?
--- MuLa_oMaR <[EMAIL PROTECTED]> wrote:
h,
I have probed agains Cisco 350 and Dlink 900AP+ and
some problems occurs
with this last. After a lot of hours and one
change in clients.conf
all is ok.
Ragards.
Omar.
Mauricio García Ocaña escribió:
Yes, this is no problem, i.e a.p cisco 1200 with
radius in windows, linux o
solaris, this work
slds.
Mauricio
- Original Message -
From: "Wireless Orbit Inc"
<[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, August 04, 2003 6:00 PM
Subject: Interface with standard wireless access
point
Hello all,
Will free radius work with any standard wireless
access
point that has a built in radius client such as
Aironet, Orinoco, colubris etc? i.e can it be used
as a
server to authenticate users coming through any of
the
standard radius-supported access point? Any help
will
be appreciated!
Much thanks!
Wireless Orbit Inc.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
What is the minimal attributes that must be in START, INTERIM UPDATE and STOP packets
Hello All, What are the minimal attributes to use to issue START , INTERIM UPDATE and STOP radius packet ? Thanks in advance --Aimé __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Debian compilation problems
Jan Berkel wrote: > Sevcik Berndt wrote: > > > checking for dbm_open in -lgdbm_compat... yes > > configure: warning: FAILURE: rlm_dbm requires: (libndbm or libgdm). > > configure: error: set --without-rlm_dbm to disable it explicitly. > > configure: error: ./configure failed for src/modules/rlm_dbm > > this happens when using a new version of libgdbm (libgdbm3), but > apparently on some systems the package builds ok (if an old version is > still installed and hasn't been removed). > > try changing line 70 in src/modules/rlm_dbm/configure.in: > - if test "x$ac_cv_lib_gdbm_dbm_open" != "xyes"; then > + if test "x$ac_cv_lib_gdbm_compat_dbm_open" != "xyes"; then ... and after that run autoconf to generate a correct configure script. It's the second time the problem shows up on the mailing lists, it would be nice if a maintainer of freeradius corrects it in the CVS. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Passing Radius requests to NT Domain Controller
Ray Seals <[EMAIL PROTECTED]> wrote: > I have a feeling I can do this using CHAP. It's impossible to do with CHAP. > But I'm not sure what pieces I need to get the FreeBSD box to talk > to the NT domain for authentication (Samba). PAM && pam_smb, or 'src/modules/rlm_smb' Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/TLS problems... The last mail 4/4
I am using Orinoco AP-2000 (with 2.3.1 firmware). Has anyone got it working with Freeradius? I mean judging by the Artur's comments it sends notifications and it should send EAP/Identity or EAPOL Start. Is this Access Point's fault or Freeradius fault? I mean I have Freeradius and AP running and I turn the laptop on. Should the AP send notification? Or should it send EAP/Identity or EAPOL Start? Best regards: Antti Mattila -- [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/TLS problems... The last mail 4/4
hi Antti i think that what you receive at your radius server is nor the EAP Identity neither EAP Start, apparently it is a Notification message. The AP sends notifications to your Radius server, and the latter tries to send challenges back (to Alan, WHY?) the notifications remain exactly the same except for the increasing ID. why is your AP sending notifications? it should send EAP/Identity OR EAPOL Start. both are ok though Identity would be more convenient. To Alan : the following messages are really not very consistent. Could you improve it so that the defined EAP message type appears in the same manner and the reason is given? E.g. the third line is ambiguous and the first and the second lines are not consistent. Also the last line is not user-friendly :-) > rlm_eap: EAP packet type notification id 2 length 13 > rlm_eap: EAP Start not found > rlm_eap: EAP Identity > rlm_eap: processing type tls > rlm_eap_tls: Initiate > rlm_eap_tls: Start returned 1 I would suggest something like this if it's easy to change and you have time for this (since you are about to make changes to the EAP module): > rlm_eap: "EAP Notification" id 2 length 13 detected > rlm_eap: "EAP Start" not found > rlm_eap: "EAP Identity" WHAT? EXPECTED? FOUND? MISSED? > rlm_eap: processing type N (EAP/TLS) > rlm_eap_tls: Initiate > rlm_eap_tls: Start returned 1 (which means ) ciao artur Antti Mattila wrote: > > Freeradius log: > > Listening on IP address *, ports 1812/udp and 1813/udp. > Ready to process requests. > rad_recv: Access-Request packet from host 194.142.202.102:6001, id=110, > length=132 > User-Name = "helpdesk" > NAS-IP-Address = 194.142.202.102 > Called-Station-Id = "00-20-a6-48-e0-a3" > Calling-Station-Id = "00-20-a6-4c-b0-1f" > NAS-Identifier = "CTI-AP-2000" > Framed-MTU = 1400 > NAS-Port-Type = Wireless-802.11 > EAP-Message = 0x0202000d0168656c706465736b > Message-Authenticator = 0x66e088c10d28c82a8f08b1b283dca42f > modcall: entering group authorize > modcall[authorize]: module "preprocess" returns ok > modcall[authorize]: module "attr_filter" returns noop > rlm_eap: EAP packet type notification id 2 length 13 > rlm_eap: EAP Start not found > modcall[authorize]: module "eap" returns updated > rlm_realm: No '@' in User-Name = "helpdesk", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop > users: Matched DEFAULT at 152 > modcall[authorize]: module "files" returns ok > modcall: group authorize returns updated > rad_check_password: Found Auth-Type Eap > auth: type "EAP" > modcall: entering group authenticate > rlm_eap: EAP packet type notification id 2 length 13 > rlm_eap: EAP Start not found > rlm_eap: EAP Identity > rlm_eap: processing type tls > rlm_eap_tls: Initiate > rlm_eap_tls: Start returned 1 > modcall[authenticate]: module "eap" returns ok > modcall: group authenticate returns ok > Sending Access-Challenge of id 110 to 194.142.202.102:6001 > EAP-Message = 0x010300060d20 > Message-Authenticator = 0x > State = > 0x3913e3477fcb9f86ced7207700dfc54c9040313f49dfb963be36bd7adf9af0035595fce8 > Finished request 0 > Going to the next request > --- Walking the entire request list --- > Waking up in 6 seconds... > rad_recv: Access-Request packet from host 194.142.202.102:6001, id=110, > length=132 > Sending duplicate reply to client CTI-AP2000:6001 - ID: 110 > Re-sending Access-Challenge of id 110 to 194.142.202.102:6001 > --- Walking the entire request list --- > Waking up in 3 seconds... > rad_recv: Access-Request packet from host 194.142.202.102:6001, id=111, > length=132 > User-Name = "helpdesk" > NAS-IP-Address = 194.142.202.102 > Called-Station-Id = "00-20-a6-48-e0-a3" > Calling-Station-Id = "00-20-a6-4c-b0-1f" > NAS-Identifier = "CTI-AP-2000" > Framed-MTU = 1400 > NAS-Port-Type = Wireless-802.11 > EAP-Message = 0x0203000d0168656c706465736b > Message-Authenticator = 0xf49b4959d49e9e52cc5c2be9f801e3e9 > modcall: entering group authorize > modcall[authorize]: module "preprocess" returns ok > modcall[authorize]: module "attr_filter" returns noop > rlm_eap: EAP packet type notification id 3 length 13 > rlm_eap: EAP Start not found > modcall[authorize]: module "eap" returns updated > rlm_realm: No '@' in User-Name = "helpdesk", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop > users: Matched DEFAULT at 152 > modcall[authorize]: module "files" returns ok > modcall: group authorize returns updated > rad_check_password: Found Auth-Type Eap > auth: type "EAP" > modcall: entering group authenticate > rlm_eap: EAP packet type notification id 3 length 13 > rlm_eap: EAP Start not found > rlm_eap: EAP Identity
Re: postgresql - dialup-admin
On Thu August 7 2003 12:54, Truong Manh Cuong wrote:
> I try to create table in dialup_admin/sql directory, and it come to fail.
> ERROR: parser: parse error at or near "("
> and dialup_admin will not work with database fields in lower case. because
> of query sentence like this: SELECT UserName,AcctStopTime ... FROM..WHERE
> UserName ..
> and the result of that query sentence will differ to SELECT
> username,acctstoptime ... FROM..WHERE username ..
hmm. They are sql tables for MySQL, not Postgres. I have not used dialup_admin
before, but I will take a look at it.
> If all database is in lower case, I must change all code (PHP file) in
> dialup_admin. do you understand ?
This should not be the case. Have you tested this? Postgres is case
insensitive by default, and should work with FieldName as well as fieldname
in a SQL query.
Please confirm if you have actually tested this.
--
Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Duplicate Accounting Records
Hello, I have a question about session-id in accounting table (using mysql): It is appear that this field could not be unique over the table, I supposed that NAS's reuse packet id's on defined period. I found some duplicated records on the accounting table with same session id, and sessiontime on very close time for the same user. This cause a problem in calculating the login hours for users, I use SQL counter named Total-Time-Limit to limit some users to a predefined connection hours. Is there a way to force freeradius to eliminate duplication or configure NAS server to not send redundant packets? Thanks, Farid Mohammed
I need help in accounting configuration
Hi, ALL! I'm novice in installation, configuration and using of FreeRadius. Can anybody help me in accounting configuring for NAS. I mean, should I use acct_users file? Or should I use another config params and files? I'm not planning to use DB right now. Best regards, Serg Shipaev - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius?????what device and OS compatible with them???
I've used a toaster with radius. (a VSA determines how brown, cow now... :) ) Other items I've seen using radius are a waffle iron, high quality golf clubs, an electric train set, a disposable shaver, a gumball machine, a satellite television receiver, a box of facial tissues and a foam dome. (Foam dome: one of those hats that holds two cans of beer on your head with two straws.) Oh yes, most of these devices were using HomeOS'03 version 1.0 beta. (Basically, rebranded windows 3.0.) Vincent Giovannone Network Infrastructure Group Information Services Division Rush - Presbyterian St. Luke's Medical Center "A four-year-old will very quickly get over news of the death of Santa if told that it was due to his fully loaded sleigh crashing in the back garden." -- Mil Millington - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
postgresql - dialup-admin
I wonder is there anyone use postgresql for freeradius? there is so many thing I have to fix if I want to use postgres. But freeradius staffs do not fix it. or may be I do wrong ? is there any type like this: CREATE TABLE badusers ( id int(10) DEFAULT '0' NOT NULL auto_increment, ... "Date"timestamp with timezone DEFAULT '-00-00 00:00:00' NOT NULL, ... ); and with postgresql_db.sql, every fields must have " " when they are declared, but I don't see, so as the result, my db will have tables with all fields in lowercase Here is my sql file that fixed.(file attact) *** Truong M?nh Cu?ng System Engineer - SE Research & Development Division - RDD Mobile: 84-90-8392986 Work Phone: 84-08-9321001 - 664 Email[EMAIL PROTECTED] EIS Service, Inc. http://www.globaleis.com Saigon Software Park, 2nd Floor. 123 Truong Dinh St., Dist. 3, HCM City, Vietnam. Tel 84-8-932 1001 Fax 84-8-932 1002 *** EIS-radius.sql Description: Binary data
freeradius 0.9 and LDAP and cisco LEAP
Hi all, first of all i would like to sorry my english. Well, where is a problem. I have server with debian (woody) [Linux version 2.4.20 ([EMAIL PROTECTED]) (gcc version 2.95.4 20011002 (Debian prerelease)) #2 SMP Wed Jun 11 23:16:47 CEST 2003] on this server i installed freeradius 0.9 (./configure, make and make install) everything is OK. Than i configured radiusd.conf for LEAP and try to authenticate through cisco AP 1200 still everthing runing OK. So, now i want to authenticate users from active directory (w2k server) ok i tray to setup a LDAP like this http://www.tldp.org/HOWTO/LDAP-Implementation-HOWTO/radius.html. But when i'm starting server (radiusd -X -A) recive message (radiusd.conf[703] Failed to link to module 'rlm_ldap': file not found) g. OK i tray find out in /usr/local/lib/rlm_ldap module but nothing :(. Ok i try compile in /freeradius-0.9.0/src/modules/rlm_ldap ./configure --with-rlm-ldap-lib-dir=/usr/local/lib --with-rlm-ldap-include-dir=/usr/local/include) but get loading cache ./config.cache checking for gcc... (cached) gcc checking whether the C compiler (gcc ) works... yes checking whether the C compiler (gcc ) is a cross-compiler... no checking whether we are using GNU C... (cached) yes checking whether gcc accepts -g... (cached) yes checking for inet_aton in -lresolv... (cached) yes checking for lber.h... no checking for ldap.h... no checking for sasl_encode in -lsasl... no checking for DH_new in -lcrypto... no checking for SSL_new in -lssl... no checking for ber_init in -llber... no configure: warning: silently not building rlm_ldap. configure: warning: FAILURE: rlm_ldap requires: liblber. creating ./config.status creating Makefile It's look like problem is in (configure: warning: FAILURE: rlm_ldap requires: liblber.) but i don't know what can i do. Can somebody help me ? Questions: When i would like to authenticate users from active directory per LDAP, should i install openLDAP server too ? I thing no because in freeradius 0.9 is module for LDAP ? Have anybody a radiusd.conf for authenticate users from active directory for LEAP ? ThanXXX to all jennifer Aktuálně: Prázdninová soutěž o DVD přehrávač Panasonic S 35E-S stříbrný na http://www.obchodni-dum.cz/index.phtml?prov=106&akce=yes - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
a question about freeradius & mssql2000
I am now trying to connect my freeradius to mssql2000 on freeBSD4.8, keeping getting failure: I am doing as below: setup unixODBC at /usr/apps/unixODBC compile and install freeTDS0.61 with --with-unixODBC at /usr/local/freetds complie and isntall freeradius 0.7.1 at /usr/apps/radius then I set the ini files as below: odbc.ini - [MyServer70] Description = MS SQLServer2000 Driver = TDS Server = 192.168.0.34 Database= master UID = sa PWD = 262721 Port= 1433 TDS_Version = 7.0 odbcinst.ini [TDS] Description = FreeTDS v0.60 Driver = /usr/local/freetds/lib/libtdsodbc.so FileUsage = 5 freetds.conf --- # A typical Microsoft SQL Server 7.0 configuration [MyServer70] host = 192.168.0.34 port = 1433 tds version = 7.0 sql.conf of freeradius: - driver = "rlm_sql_unixodbc" server = "MyServer70" login = "temp5" password = "" radius_db = "master" then I install the ODBC at /usr/apps/unixODBC/bin as below: odbcinst -i -d -f ../etc/odbcinst.ini odbcinst -i -s -f ../etc/odbc.ini and the next, I have a test : /isql -v MyServer70 temp5 It works fine.(I noticed that whereever I place the freetds.conf for even I delete it from the computer, isql works fine ) and then , I start radius and got the trace info as below: rlm_sql: Driver rlm_sql_unixodbc loaded and linked rlm_sql: Attempting to connect to [EMAIL PROTECTED]:/master rlm_sql: starting 0 rlm_sql: Attempting to connect #0 rlm_sql_unixodbc: Connection failed rlm_sql: Failed to connect DB handle #0 rlm_sql: starting 1 rlm_sql: starting 2 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
latest cvs unable to compile
under gcc 3.2.2 , glibc 2.3.1 , kernel 2.4.20 (slackware 9.0) latest freeradius cvs again unable to compile , the same problem was yesterday too , in rlm_eap_leap ( eap updated files in rlm_eap_tls , but not in leap) seems latest cvs builds have errors in different parts , before was rlm_radutmp ,various postgresql fixes between 0.9 and current cvs can expect 0.9.1 soon when open bugs are fixed ? gmake[7]: Entering directory `/usr/local/src/radiusd/src/modules/rlm_eap' Making static in types... gmake[8]: Entering directory `/usr/local/src/radiusd/src/modules/rlm_eap/types' /usr/bin/gmake -w WHAT_TO_MAKE=static common gmake[9]: Entering directory `/usr/local/src/radiusd/src/modules/rlm_eap/types' Making static in rlm_eap_leap... gmake[10]: Entering directory `/usr/local/src/radiusd/src/modules/rlm_eap/types/rlm_eap_leap' gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -g - Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict- prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs - I../../../../include -I../.. -c rlm_eap_leap.c -o rlm_eap_leap.o rlm_eap_leap.c: In function `leap_initiate': rlm_eap_leap.c:46: structure has no member named `username' rlm_eap_leap.c: In function `leap_authenticate': rlm_eap_leap.c:103: structure has no member named `username' rlm_eap_leap.c:158: structure has no member named `username' gmake[10]: *** [rlm_eap_leap.o] Error 1 gmake[10]: Leaving directory `/usr/local/src/radiusd/src/modules/rlm_eap/types/rlm_eap_leap' gmake[9]: *** [common] Error 1 gmake[9]: Leaving directory `/usr/local/src/radiusd/src/modules/rlm_eap/types' gmake[8]: *** [static] Error 2 gmake[8]: Leaving directory `/usr/local/src/radiusd/src/modules/rlm_eap/types' gmake[7]: *** [common] Error 1 gmake[7]: Leaving directory `/usr/local/src/radiusd/src/modules/rlm_eap' gmake[6]: *** [static] Error 2 gmake[6]: Leaving directory `/usr/local/src/radiusd/src/modules/rlm_eap' gmake[5]: *** [common] Error 1 gmake[5]: Leaving directory `/usr/local/src/radiusd/src/modules' gmake[4]: *** [all] Error 2 gmake[4]: Leaving directory `/usr/local/src/radiusd/src/modules' gmake[3]: *** [common] Error 1 gmake[3]: Leaving directory `/usr/local/src/radiusd/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/usr/local/src/radiusd/src' gmake[1]: *** [common] Error 1 gmake[1]: Leaving directory `/usr/local/src/radiusd' make: *** [all] Error 2 - This message was sent using ComNet WebMail Server. http://www.bginfo.net/mail/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP/TLS problem continued again...
# An example configuration for using /etc/smbpasswd.
#
#passwd etc_smbpasswd {
# filename = /etc/smbpasswd
# format =
"*User-Name::LM-Password:NT-Password:SMB-Account-CTRL-TEXT::"
# authtype = MS-CHAP
# hashsize = 100
# ignorenislike = no
# allowmultiplekeys = no
#}
# Similar configuration, for the /etc/group file. Adds a
Group-Name
# attribute for every group that the user is member of.
#
#passwd etc_group {
# filename = /etc/group
# format = "=Group-Name:::*,User-Name"
# hashsize = 50
# ignorenislike = yes
# allowmultiplekeys = yes
# delimiter = ":"
#}
# Realm module, for proxying.
#
# You can have multiple instances of the realm module to
# support multiple realm syntaxs at the same time. The
# search order is defined the order in the authorize and
# preacct blocks after the module config block.
#
# Two config options:
# format - must be 'prefix' or 'suffix'
# delimiter - must be a single character
# 'realm/username'
#
# Using this entry, IPASS users have their realm set to
"IPASS".
#realm realmslash {
# format = prefix
# delimiter = "/"
#}
# '[EMAIL PROTECTED]'
#
realm suffix {
format = suffix
delimiter = "@"
}
# 'username%realm'
#
#realm realmpercent {
# format = suffix
# delimiter = "%"
#}
# rewrite arbitrary packets. Useful in accounting and
authorization.
#
## This module is highly experimental at the moment. Please
give
## feedback to the mailing list.
#
# The module can also use the Rewrite-Rule attribute. If it
# is set and matches the name of the module instance, then
# that module instance will be the only one which runs.
#
# Also if new_attribute is set to yes then a new attribute
# will be created containing the value replacewith and it
# will be added to searchin (packet, reply or config).
# searchfor,ignore_case and max_matches will be ignored in that
case.
#
#attr_rewrite sanecallerid {
# attribute = Called-Station-Id
# may be "packet", "reply", or "config"
# searchin = packet
# searchfor = "[+ ]"
# replacewith = ""
# ignore_case = no
# new_attribute = no
# max_matches = 10
# ## If set to yes then the replace string will be
appended to the original string
# append = no
#}
# Preprocess the incoming RADIUS request, before handing it off
# to other modules.
#
# This module processes the 'huntgroups' and 'hints' files.
# In addition, it re-writes some weird attributes created
# by some NASes, and converts the attributes into a form which
# is a little more standard.
#
preprocess {
huntgroups = ${confdir}/huntgroups
hints = ${confdir}/hints
# This hack changes Ascend's wierd port numberings
# to standard 0-??? port numbers so that the "+" works
# for IP address assignments.
# with_ascend_hack = no
# ascend_channels_per_line = 23
# Windows NT machines often authenticate themselves as
# NT_DOMAIN\username
#
# If this is set to 'yes', then the NT_DOMAIN portion
# of the user-name is silently discarded.
# with_ntdomain_hack = no
# Specialix Jetstream 8500 24 port access server.
#
# If the user name is 10 characters or longer, a "/"
# and the excess characters after the 10th are
# appended to the user name.
#
# If you're not running that NAS, you don't need
# this hack.
# with_specialix_jetstream_hack = no
# Cisco sends it's VSA attributes with the attribute
# name *again* in the string, like:
#
# H323-Attribute = "h323-attribute=value".
#
# If this configuration item is set to 'yes', then
# the redundant data in the the attribute text is
stripped
# out. The result is:
#
# H323-Attribute = "value"
#
# If you're not running a Cisco NAS, you don't need
# this h
