Re: Auth-Type woes...

[Ulrich Walcher]

The answer's in your log...

Am Die, 2003-09-09 um 07.44 schrieb [EMAIL PROTECTED]:
--- snip ---
> DEFAULT Auth-Type = System, Huntgroup-Name == "test"

If you compare to the default examples you'll see it's ":=" not just "="

--- snip ---

Cheers,
OoLee


And if I may add a suggestion:
Change to "clients.conf" and "proxy.conf" instead of "naslist",
"clients" and "realms" as it says:
"Using deprecated realms file.  Support for this will go away soon."
I guess most people use the new files, so if you run into trouble you'll
have a wider base of people who might be able to help...


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

rlm_sql_mysql

[Rio Martin]

Dear folks,
I am having the same problem as described at Freeradius FAQ.
I tried the solution just as the FAQ mentioned,

First i tried with: 
./configure --disable-shared
   make
   make install

But it didnt succeed.

I tried second way: i add "/usr/local/radiusd/lib" into /etc/ld.so.conf
--
[EMAIL PROTECTED]:/usr/local/radiusd/lib# cat /etc/ld.so.conf
/usr/local/lib
/usr/X11R6/lib
/usr/i386-slackware-linux/lib
/opt/kde/lib
/usr/local/radiusd/lib
[EMAIL PROTECTED]:/usr/local/radiusd/lib# ldconfig
[EMAIL PROTECTED]:/usr/local/radiusd/lib# /usr/local/radiusd/sbin/radiusd -X
.
.
sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, 
NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol 
FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found
rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the 
search path of your system's ld.
radiusd.conf[14]: sql: Module instantiation failed.
--

I wonder why still not worked ? Of course FAQ given the right instruction 
right ? I ve tried google, answer to related problem is just the same as 
written in FAQ. Do i missed something ?

Regards,
Rio Martin.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_sql_mysql

[Ulrich Walcher]

I guess you'll have to add the configure options for mysql like:
--with-mysql-dir=/path/to/mysql
--with-mysql-lib-dir=/path/to/mysql/lib
--with-mysql-include-dir=/path/to/mysql/include

I might be wrong but at least it's a hint...

Am Die, 2003-09-09 um 12.25 schrieb Rio Martin:
> Dear folks,
> I am having the same problem as described at Freeradius FAQ.
> I tried the solution just as the FAQ mentioned,
> 
> First i tried with: 
> ./configure --disable-shared
>make
>make install
> 
> But it didnt succeed.
> 
> I tried second way: i add "/usr/local/radiusd/lib" into /etc/ld.so.conf
> --
> [EMAIL PROTECTED]:/usr/local/radiusd/lib# cat /etc/ld.so.conf
> /usr/local/lib
> /usr/X11R6/lib
> /usr/i386-slackware-linux/lib
> /opt/kde/lib
> /usr/local/radiusd/lib
> [EMAIL PROTECTED]:/usr/local/radiusd/lib# ldconfig
> [EMAIL PROTECTED]:/usr/local/radiusd/lib# /usr/local/radiusd/sbin/radiusd -X
> .
> .
> sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, 
> NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol 
> FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
> rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found
> rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the 
> search path of your system's ld.
> radiusd.conf[14]: sql: Module instantiation failed.
> --
> 
> I wonder why still not worked ? Of course FAQ given the right instruction 
> right ? I ve tried google, answer to related problem is just the same as 
> written in FAQ. Do i missed something ?
> 
> Regards,
> Rio Martin.
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Mysql Optimize Table without losing accounting-data???

[m . prenger]

Dear ML,

were running several radius-servers with Freeradius 0.8.1 or later.
Now our mysql.radacct table requires to start a mysql_optimize_table,
because selecting on this table takes longer and longer...

A mysql_optimize locks the table, so that it isn't possible to access
this table during optimize which means that all acoounting data will
be lost.

That's not the solution i want to, so i wrote a script which strips
off mysql support from radiusd by changing radiusd.conf. All
accounting
data is now logged to detailfile only and none of the
accounting-packets
will be lost on optimize, i thought. This works quiet good, so i'm
able
to resend accounting-packets to radiusd after optimize had finished.

But during the mysql_optimize logging to detailfile takes so much
time
that radiusd is discarding each request due to live request.

Our Problem is, that we don't have a radius-proxy which could be
instruct
to send the accounting-data to a other radius-server while the first
is
in maintainance.

Has anyone a solution for this scenario? We have to optimize our
radacct
table, which takes round about 15 minutes, and we don't want to loose
accounting-data

Thanks a lot,
Marc Prenger

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: compatibility / feature comparisons?

[Alan DeKok]

"Chris Knipe" <[EMAIL PROTECTED]> wrote:
> Just a bit of a informational question... Feature wise, compatibility wise,
> management wise... You know.. The full monty..
> 
> How does FreeRadius compare against Radiator??

  I've never used Radiator, so I'm not really sure.

  As for their features page:

http://www.open.com.au/radiator/technical.html

  FreeRADIUS supports the vast majority of those features, with more
in the works.  Not being Perl, FreeRADIUS is also substantially faster
than Radiator.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Auth-Type woes...

[Alan DeKok]

<[EMAIL PROTECTED]> wrote:
> In the users file:
>
> DEFAULT Auth-Type = System, Huntgroup-Name == "test"

  This says "use System authentication for people in Huntgroup test"

  Do you have an authentication type set up for people NOT in
huntgroup test?

> User 'radtest' is in the system group 'test'...

  Uh, that's not the same thing at all.

  Alan DeKok.



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: compatibility / feature comparisons?

[Chris Parker]

At 04:54 PM 9/8/2003, Chris Knipe wrote:
Lo everyone,

Just a bit of a informational question... Feature wise, compatibility wise,
management wise... You know.. The full monty..
http://www.freeradius.org/features.html ( needs to have EAP/LEAP added )
http://www.open.com.au/radiator/technical.html
FreeRADIUS: Free Software, threaded, written in C
Radiator:   Commercial Software, non-threaded, written in PERL
How does FreeRadius compare against Radiator??
Dunno, you're asking this on a FreeRADIUS list.  :)  Obviously we're going
to be biased.  That being said, a multi-threaded c program should
outperform a perl program doing the same tasks on an equivalent system.
-Chris
--
   \\\|||///  \  StarNet Inc.  \ Chris Parker
   \ ~   ~ /   \   WX *is* Wireless!\   Director, Engineering
   | @   @ |\   http://www.starnetwx.net \  (847) 963-0116
oOo---(_)---oOo--\--
  \ Wholesale Internet Services - http://www.megapop.net


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: compatibility / feature comparisons?

[Graeme Hinchliffe]

>   FreeRADIUS supports the vast majority of those features, with more
> in the works.  Not being Perl, FreeRADIUS is also substantially faster
> than Radiator.

you did forget, FreeRADIUS is substantially cheaper than Radiator too :)



-- 
-
Graeme Hinchliffe (BSc)
Core Team Member
Zen Internet (http://www.zen.co.uk)

ICQ 3842605 (link)

Direct: 0845 058 9074
Main  : 0845 058 9000
Fax   : 0845 058 9005


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Mysql Optimize Table without losing accounting-data???

[Alan DeKok]

[EMAIL PROTECTED] wrote:
> But during the mysql_optimize logging to detailfile takes so much
> time that radiusd is discarding each request due to live request.

  Huh?  Logging to the 'detail' file takes nearly zero time.

  Let me guess: You're running MySQL on the same machine as
FreeRADIUS.

  The solution is simple: Don't do that.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

re[2]: compatibility / feature comparisons?

[Rick Reynolds]

This ended up in our [EMAIL PROTECTED] account.

Does lists.cistron.nl host with Bluegenesis.com?

Rick



> At 04:54 PM 9/8/2003, Chris Knipe wrote:
>Lo everyone,
>
>Just a bit of a informational question... Feature wise, compatibility wise,
>management wise... You know.. The full monty..

http://www.freeradius.org/features.html ( needs to have EAP/LEAP added )
http://www.open.com.au/radiator/technical.html

FreeRADIUS: Free Software, threaded, written in C
Radiator:   Commercial Software, non-threaded, written in PERL

>How does FreeRadius compare against Radiator??

Dunno, you're asking this on a FreeRADIUS list.  :)  Obviously we're going
to be biased.  That being said, a multi-threaded c program should
outperform a perl program doing the same tasks on an equivalent system.

-Chris
--
   \\\|||///  \  StarNet Inc.  \ Chris Parker
   \ ~   ~ /   \   WX *is* Wireless!\   Director, Engineering
   | @   @ |\   http://www.starnetwx.net \  (847) 963-0116
oOo---(_)---oOo--\--
  \ Wholesale Internet Services - http://www.megapop.net



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


<

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Radius realm logging

[Jason Love]

Testing... Testing... 1. 2. 3. Is this mic on? :)


-Original Message-
From: Jason Love 
Sent: Monday, September 08, 2003 3:40 PM
To: [EMAIL PROTECTED]
Subject: Radius realm logging


I am currently using cistron radius version 1.6.6 on Debian. Its been ok
for what I have used it for. I am now starting to add realms to my users
and I need to be able to see the realm in the actuall radius.log file.
Right now it strips the realm and if I try a nostrip it wont
authenticate the user at all. I was wondering if freeradius had resolved
this issue. If so then I would take out cistron and use it.

Thanks for your help,

Jason Love

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

cisco vpdn nas port id

[Evren Yurtesen]

Hi,

I wonder if anybody is using freeradius with vpdn connections?
I am getting weird port id numbers from the cisco. Not the virtual 
interface numbers. I dont know what is wrong. Any experiences?

Evren

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Wireless

[Troy Sanders]

I am looking for a document that shows how to configure the
Free Radius Server and wireless access points; I am using Orinoco’s or
Proxim’s AP-2000.

 

Any Help would be wonderful.  I saw the diagram at NetWorld Interop.

 

Thank you

 

Troy

Installation Error

[arothenberg]

I am a new Linux admin, so pardon my stupid questions.

I am trying to install FreeRadius and when I run the Make Install command I
get an error that says "smbencrypt does not exist" followed by
"smbencrypt-install error 1"

Am I missing a component I could not find any documentation about what is
required before installation.

Thanks for your assistance

Adam Rothenberg
Network Technician
Palatine High School
 N. Rohlwing Rd.
Palatine, IL 60074
(847) 755-1764



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Wireless

[Alan DeKok]

"Troy Sanders" <[EMAIL PROTECTED]> wrote:
> I am looking for a document that shows how to configure the Free Radius
> Server and wireless access points; 

  http://www.freeradius.org/doc/  ?

  There are a number of such documents.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Installation Error

[Chris Parker]

At 12:12 PM 9/9/2003, [EMAIL PROTECTED] wrote:
I am a new Linux admin, so pardon my stupid questions.

I am trying to install FreeRadius and when I run the Make Install command I
get an error that says "smbencrypt does not exist" followed by
"smbencrypt-install error 1"
What type of system are you attempting to build this on?  Also, what
is the output of './configure' when you ran it?
Without a bit more detail to narrow it down, it sounds to me like you
are trying to build/link the 'rlm_smb' module, which unless you specifically
are trying to build it, you probably don't need.
Do you need the rlm_smb module for what you are doing?

Adam Rothenberg
Network Technician
Palatine High School
 N. Rohlwing Rd.
Palatine, IL 60074
(847) 755-1764
Hey, you are just down the road!  ( StarNet is on NW Hwy/First Bank Drive ).

-Chris
--
   \\\|||///  \  StarNet Inc.  \ Chris Parker
   \ ~   ~ /   \   WX *is* Wireless!\   Director, Engineering
   | @   @ |\   http://www.starnetwx.net \  (847) 963-0116
oOo---(_)---oOo--\--
  \ Wholesale Internet Services - http://www.megapop.net


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Installation Error

[arothenberg]

we use you guys for our district dial-in service. keep up the good work!

well, as I said I am new at this so I was trying trying to get a basic
install working and go from there, but I am trying to setup authentication
for a wireless LAN. Currently we don't have any encryption and I am trying
to test some ideas and also try to learn some new apps when I am getting
paid to.



Adam Rothenberg
Network Technician
Palatine High School
 N. Rohlwing Rd.
Palatine, IL 60074
(847) 755-1764


   
   
  Chris Parker 
   
  <[EMAIL PROTECTED]>To:   [EMAIL PROTECTED]   
  
  Sent by:cc:  
   
  [EMAIL PROTECTED]Subject:  Re: Installation Error

  .cistron.nl  
   
   
   
   
   
  09/09/2003 12:16 PM  
   
  Please respond to
   
  freeradius-users 
   
   
   
   
   




At 12:12 PM 9/9/2003, [EMAIL PROTECTED] wrote:
>I am a new Linux admin, so pardon my stupid questions.
>
>I am trying to install FreeRadius and when I run the Make Install command
I
>get an error that says "smbencrypt does not exist" followed by
>"smbencrypt-install error 1"

What type of system are you attempting to build this on?  Also, what
is the output of './configure' when you ran it?

Without a bit more detail to narrow it down, it sounds to me like you
are trying to build/link the 'rlm_smb' module, which unless you
specifically
are trying to build it, you probably don't need.

Do you need the rlm_smb module for what you are doing?

>Adam Rothenberg
>Network Technician
>Palatine High School
> N. Rohlwing Rd.
>Palatine, IL 60074
>(847) 755-1764

Hey, you are just down the road!  ( StarNet is on NW Hwy/First Bank Drive
).

-Chris
--
\\\|||///  \  StarNet Inc.  \ Chris Parker
\ ~   ~ /   \   WX *is* Wireless!\   Director, Engineering
| @   @ |\   http://www.starnetwx.net \  (847) 963-0116
oOo---(_)---oOo--\--
   \ Wholesale Internet Services - http://www.megapop.net



-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html






- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Installation Error

[Chris Parker]

At 12:25 PM 9/9/2003, [EMAIL PROTECTED] wrote:

we use you guys for our district dial-in service. keep up the good work!
Cool.  :)

well, as I said I am new at this so I was trying trying to get a basic
install working and go from there, but I am trying to setup authentication
for a wireless LAN. Currently we don't have any encryption and I am trying
to test some ideas and also try to learn some new apps when I am getting
paid to.
Can you paste a few lines from around where you are getting this
error during the build process?  That'll help us nail down where in the
build process it is failing, then we can start looking into why it isn't
working for you.
-Chris
--
   \\\|||///  \  StarNet Inc.  \ Chris Parker
   \ ~   ~ /   \   WX *is* Wireless!\   Director, Engineering
   | @   @ |\   http://www.starnetwx.net \  (847) 963-0116
oOo---(_)---oOo--\--
  \ Wholesale Internet Services - http://www.megapop.net


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Minor (but crashing) bug in rlm_mschap

[Alan DeKok]

Peter Stamfest <[EMAIL PROTECTED]> wrote:
> With freeradius-0.9.1 radiusd constantly crashed (using radiusd -X) when
> doing MSCHAP. I tracked the problem to the code that generates the
> SMB-Account-CTRL value from SMB-Account-CTRL-TEXT if SMB-Account-CTRL was
> missing (BTW: I am using LDAP to store data). The integer value for
> SMB-Account-CTRL was initialized from an empty string ("") instead of a
> string representation of an integer (eg. "0"), resulting in a NULL pointer
> deref later on.

  Where?  I don't see why any of that code would core dump.  Can you
supply a back trace, with indication as to which pointer was NULL?

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Freeradius + Mysql

[L U C A S]

I'm using Freeradius and have some 
problems that don't let me sleep..:-) 
 
I want to authentificate our users not 
only by username and passwort, I need to check also NAS-IP-Address or 
Called-Station-ID. This I need to manage different NAS with one Radius, the 
users only have to get access to one NAS. 
 
But this does not seem to work. Why? 

 
The User can everytime login into the 
NAS, with the correct Checkitem or without them.. The Radius seem to ignore 
the aditional Checkitems and it makes not sense if they are in the 
radchecktable or in the radgroupchecktable. Only Username and Password are 
checked. 
 
Wath I'm doing wrong?? Any Idea? 

 
Please help me! 

Lucas Nascimento
 

Re: Freeradius + Mysql

[Vincent_Giovannone]

1, you're sending formatted text to a mailing list.  I know you think that 
blue color is pretty, but _don't_ do that.
2, you haven't run the server in debug mode to see what it's trying to do 
(...or not do)
3, you haven't provided any snippet of a configuration.  "It doesn't work" 
is a pretty broad problem statement.  Cut and paste the definition for ONE 
user (or the default if that's all you're using).

Vincent Giovannone
Network Infrastructure Group
Information Services Division
Rush - Presbyterian St. Luke's Medical Center

"A four-year-old will very quickly get over news of the death of Santa if 
told that it was due to his fully loaded sleigh crashing in the back 
garden." 
-- Mil Millington





"L U C A S" <[EMAIL PROTECTED]> 
Sent by: [EMAIL PROTECTED]
09/09/2003 03:43 PM
Please respond to
[EMAIL PROTECTED]


To
<[EMAIL PROTECTED]>
cc

Subject
Freeradius + Mysql






I'm using Freeradius and have some problems that don't let me sleep..:-) 
 

I want to authentificate our users not only by username and passwort, I 
need 
to check also NAS-IP-Address or Called-Station-ID. 
This I need to manage different NAS with one Radius, the users only have 
to get access to one NAS. 
 

But this does not seem to work. Why? 
 

The User can everytime login into the NAS, with the correct Checkitem or 
without them.. The Radius seem to ignore the aditional Checkitems and it 
makes not sense if they are in the radchecktable or in the 
radgroupchecktable. Only Username and Password are checked. 
 

Wath I'm doing wrong?? Any Idea? 
 

Please help me! 
Lucas Nascimento
 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

freeradius crashes while using PAM

[Christophe Dupre]

Searching the archives, I saw a mail about a similar problem back in 
June, but no follow-up... So, here's my problem.

I'm running freeradius 0.9.1 (upgraded this morning) on a Solaris 9 
machine. Authentication local users works great using rlm_unix, but now 
we'd like to use LDAP auth through PAM. We have it configured on the 
system and it works great for all the other pam-enabled applications 
(sshd, login, sudo, etc), but radiusd crashes when provided bad 
credential. However, it works if provided good credentials. This is when 
testing with radtest:

Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:32843, id=122, length=58
User-Name = "duprec"
User-Password = "foo"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
users: Matched DEFAULT at 152
  modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
  rad_check_password:  Found Auth-Type PAM
auth: type "PAM"
modcall: entering group authenticate
pam_pass: using pamauth string  for pam.conf lookup
Segmentation Fault (core dumped)
The debugger gives this traceback:
=>[1] PAM_conv(num_msg = 1, msg = 0xffbf9964, resp = 0xffbfd9d0, 
appdata_ptr = (nil)), line 144 in "rlm_pam.c"
  [2] __get_authtok(0xfef70778, 0x1, 0xffbf99c8, 0x0, 0xffbfd9d0, 
0xfec29574), at 0xfec14ec4
  [3] pam_sm_authenticate(0x0, 0xfec167c8, 0x2, 0x11c630, 0xfec1240c, 
0xfef52ddc), at 0xfec12670
  [4] run_stack(0x0, 0xfef67024, 0x9, 0x0, 0x1, 0xfef67100), at 0xfef52dfc
  [5] pam_authenticate(0x11d2e8, 0x0, 0xffbfdb08, 0xffbfdb04, 0x2, 
0x28), at 0xfef53104
  [6] pam_pass(name = 0x11bd04 "duprec", passwd = 0x11be54 "foo", 
pamauth = 0xbf538 "radiusd"), line 203 in "rlm_pam.c"
  [7] pam_auth(instance = 0xbf538, request = 0x11bbe8), line 273 in 
"rlm_pam.c"
  [8] 0x1d328(0xfef80fd4, 0xc1ac0, 0x11bbe8, 0x0, 0x1d540, 0x1d564), at 
0x1d327
  [9] modcall(0x0, 0xc1ac0, 0x11bbe8, 0xffbfbce0, 0x0, 0x0), at 0x1d41c
  [10] 0x1d36c(0x0, 0xc1ac0, 0x11bbe8, 0x0, 0x1d540, 0x1d564), at 0x1d36b
  [11] modcall(0x0, 0xc2608, 0x11bbe8, 0x3, 0x1d3e8, 0x1198f8), at 0x1d49c
  [12] rad_check_password(0x11bbe8, 0x418, 0x11bbe8, 0x0, 0x1, 0x0), at 
0x19e04
  [13] rad_authenticate(0x37400, 0x22069, 0x6, 0x5, 0x6e, 0x62), at 
0x1a140
  [14] rad_respond(0x11bbe8, 0x1a030, 0x804b, 0x11bac0, 0x11bc80, 
0xbe2094c4), at 0x1502c
  [15] rad_process(0x11bbe8, 0x0, 0x20, 0xfff8, 0x37400, 0x36800), 
at 0x14ab0
  [16] main(0xffbfebbc, 0x0, 0x37400, 0xffbfebbc, 0xeff0, 0xc17f0), 
at 0x143a0

Has anyone seen this ? Any help would be appreciated.

Thanks.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius 0.9.0 and Proxim Orinoco AP-2000 Help

[David Middleton]

FYI update, I ran tcpdump on the server and found that the radius
server was responding with a different address, even though I used the
-i xxx.xxx.xxx.xxx address switch. I changed the radius address on the
AP and it's working fine now.

David


--- Artur Hecker <[EMAIL PROTECTED]> wrote:
> you could log in into the AP and see what happens in there if this is
> 
> supported.
> 
> you mean the AP sends the Request, gets the challenge but never
> answers?
> 
> 
> ciao
> artur
> 
> 
> David Middleton wrote:
> 
> > Yes I can. I also traced it and it is getting there. It's almost
> like
> > the AP is ignoring the packets being sent to it. 
> > 
> > David
> > 
> > --- Ulrich Walcher <[EMAIL PROTECTED]> wrote:
> > 
> >>Sounds like a routing problem.
> >>Can you ping the ap?
> >>Am Fre, 2003-09-05 um 17.30 schrieb David Middleton:
> >>---SNIP ---
> >>
> >>> The radius server and the ap are on
> >>>different networks, but there is no firewall between them. 
> >>>
> >>>Any assistance would be appreciated,
> >>>David
> >>
> >>
> >>
> >>- 
> >>List info/subscribe/unsubscribe? See
> > 
> > http://www.freeradius.org/list/users.html
> > 
> > 
> > __
> > Do you Yahoo!?
> > Yahoo! SiteBuilder - Free, easy-to-use web site design software
> > http://sitebuilder.yahoo.com
> > 
> > - 
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> 
> - 
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius crashes while using PAM

[Chris Parker]

At 03:16 PM 9/9/2003, Christophe Dupre wrote:
Searching the archives, I saw a mail about a similar problem back in June, 
but no follow-up... So, here's my problem.

I'm running freeradius 0.9.1 (upgraded this morning) on a Solaris 9 
machine. Authentication local users works great using rlm_unix, but now 
we'd like to use LDAP auth through PAM.
Why not use LDAP directly?  PAM has many issues, including known memory
leaks ( in PAM, not FR ).
-Chris
--
   \\\|||///  \  StarNet Inc.  \ Chris Parker
   \ ~   ~ /   \   WX *is* Wireless!\   Director, Engineering
   | @   @ |\   http://www.starnetwx.net \  (847) 963-0116
oOo---(_)---oOo--\--
  \ Wholesale Internet Services - http://www.megapop.net


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius crashes while using PAM

[Christophe Dupre]

That's my last resort option - I really like the idea of pam - configure 
it once, then if/when authentication source changes, only one place 
needs to be updated.

If there are memory leaks, they must not be that big because I've never 
noticed any pam-using executable getting that big.

Chris Parker wrote:

At 03:16 PM 9/9/2003, Christophe Dupre wrote:

Searching the archives, I saw a mail about a similar problem back in 
June, but no follow-up... So, here's my problem.

I'm running freeradius 0.9.1 (upgraded this morning) on a Solaris 9 
machine. Authentication local users works great using rlm_unix, but 
now we'd like to use LDAP auth through PAM.


Why not use LDAP directly?  PAM has many issues, including known memory
leaks ( in PAM, not FR ).
-Chris
--
   \\\|||///  \  StarNet Inc.  \ Chris Parker
   \ ~   ~ /   \   WX *is* Wireless!\   Director, Engineering
   | @   @ |\   http://www.starnetwx.net \  (847) 963-0116
oOo---(_)---oOo--\--
  \ Wholesale Internet Services - http://www.megapop.net


- List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius crashes while using PAM

[Christophe Dupre]

The other reason is that I wasn't able to get freeradius to compile 
against Sun's LDAP libraries. I *think* freeradius expects 
openldap-specific implementation details.

Chris Parker wrote:

At 03:16 PM 9/9/2003, Christophe Dupre wrote:

Searching the archives, I saw a mail about a similar problem back in 
June, but no follow-up... So, here's my problem.

I'm running freeradius 0.9.1 (upgraded this morning) on a Solaris 9 
machine. Authentication local users works great using rlm_unix, but 
now we'd like to use LDAP auth through PAM.


Why not use LDAP directly?  PAM has many issues, including known memory
leaks ( in PAM, not FR ).
-Chris
--
   \\\|||///  \  StarNet Inc.  \ Chris Parker
   \ ~   ~ /   \   WX *is* Wireless!\   Director, Engineering
   | @   @ |\   http://www.starnetwx.net \  (847) 963-0116
oOo---(_)---oOo--\--
  \ Wholesale Internet Services - http://www.megapop.net


- List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

FreeRadius to Novell Netware

[Tin Ly]

RedHat 9 with FreeRadius 0.9.1
Novell Netware 6 sp3

I recently installed the latest FreeRadius and everything seemed fine.  When I try to 
authenticate to LDAP on the Novell server it works fine but I don't get an instant 
response back.  Rather, it takes about 20 seconds for an accept/reject response and if 
I try it again with the same user name/password, it takes about 10 seconds.  I've also 
noticed that the LDAP bind takes awhile.

I've searched through the FreeRadius mail archives and couldn't find anything useful.  
Can someone shed some light as to why I have this long delay?  Any help would be 
greatly appreciated.  Thanks in advance...

Tin


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Problems authenticating with mpd, MSCHAPv2

[Damian Gerow]

I've found some similar references to the problem I'm having here:



And I get an MS-Chap-Error similar to this:



Basically, I have set up mpd to authenticate via RADIUS, and I'm trying to
have FreeRADIUS do it's authentication via rlm_pam, so I can have mpd
(indirectly) authenticate off of a Windows Domain (so PAM is configured to
authenticate via pam_winbind, from the Samba3 distro).

I've been banging my head against this for a while, and I'm at a loss.  Any
pointers would be greatly appreciated.  Here's the icky details...

I have FreeRADIUS set up properly, and have been able to use radtest to
authenticate successfully.  However, as soon as I introduce mpd into the
equation, this is what I see:

Login incorrect: [damiang/] (from client localhost 
port 0 cli 64.7.141.26)

At the same time I see this in the mpd logs:

Sep  9 18:30:21 virtek mpd: [pptp1] RADIUS: RadiusAddServer Adding 127.0.0.1
Sep  9 18:30:21 virtek mpd: [pptp1] RADIUS: RadiusPutAuth: RADIUS_CHAP (MSOFTv2) 
peer name: damiang
Sep  9 18:30:25 virtek mpd: [pptp1] RADIUS: RadiusSendRequest: RAD_ACCESS_REJECT 
for user damiang
Sep  9 18:30:25 virtek mpd: [pptp1] RADIUS: RadiusGetParams: MS-CHAP-Error: 
^AE=691 R=1
Sep  9 18:30:25 virtek mpd: [pptp1] CHAP: sending FAILURE

If I change the mpd configuration to use PAP instead of CHAP, I get
authentication success, but then there's some weirdness going on on the mpd
side of things that I'm also trying to figure out.

Even though rlm_chap complains about not being able to find a proper
Chap-Password attribute, I can see the MS-CHAP-Challenge and -Response right
in the packet debug.

Attached is an output of radiusd -X during one of the CHAP authentication
failures.  Again, any pointers, clue sticks, RTFM's, or suggestions would be
greatly appreciated.

  - Damian
rad_recv: Access-Request packet from host 127.0.0.1:4844, id=105, length=181
NAS-Identifier = "me.sentex.ca"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
NAS-Port-Type = Virtual
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "64.7.141.26"
User-Name = "damiang"
MS-CHAP-Challenge = 0xbb1e6878db6ef46964e20032b6553ef8
MS-CHAP2-Response = 
0x0100776b215dac06f6137ce22c91b757127fc649289ce1433dc3c2a8e7f41fc2d82fe0d1384f2c715856
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
rlm_realm: No '@' in User-Name = "damiang", looking up realm NULL
rlm_realm: No such realm NULL
  modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 2
  modcall[authorize]: module "files" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
  modcall[authorize]: module "chap" returns noop
  modcall[authorize]: module "mschap" returns notfound
modcall: group authorize returns ok
  rad_check_password:  Found Auth-Type Pam
auth: type "PAM"
modcall: entering group authenticate
rlm_pam: Attribute "User-Password" is required for authentication.
  modcall[authenticate]: module "pam" returns invalid
modcall: group authenticate returns invalid
auth: Failed to validate the user.
Login incorrect: [damiang/] (from client localhost port 0 
cli 64.7.141.26)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 105 to 127.0.0.1:4844
MS-CHAP-Error = "\001E=691 R=1"
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:4845, id=198, length=168
NAS-Identifier = "me.sentex.ca"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
NAS-Port-Type = Virtual
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "damiang"
MS-CHAP-Challenge = 0xbb1e6878db6ef46964e20032b6553ef8
MS-CHAP2-Response = 
0x0100776b215dac06f6137ce22c91b757127fc649289ce1433dc3c2a8e7f41fc2d82fe0d1384f2c715856
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
rlm_realm: No '@' in User-Name = "damiang", looking up realm NULL
rlm_realm: No such realm NULL
  modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 2
  modcall[authorize]: module "files" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
  modcall[authorize]: module "chap" returns noop
  modcall[authorize]: module "mschap" returns notfound
modcall: group authorize returns ok
  rad_check_password:  Found Auth-Type Pam
auth: type "PAM"
modcall: entering group authenticate
rlm_pam: Attribute "User-Password" is required for authentication.
  modcall[auth

RE: Auth-Type woes...

[Paul.Johanson]

OK, so I have to specify in the huntgroups file each user that belongs to
that huntgroup?  I assumed that the 'group' option in huntgroups referred to
system groups.

I will assume no more!

Thanks for your help,

Paul.

-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, 10 September 2003 1:14 AM
To: [EMAIL PROTECTED]
Subject: Re: Auth-Type woes... 


<[EMAIL PROTECTED]> wrote:
> In the users file:
>
> DEFAULT Auth-Type = System, Huntgroup-Name == "test"

  This says "use System authentication for people in Huntgroup test"

  Do you have an authentication type set up for people NOT in huntgroup test?

> User 'radtest' is in the system group 'test'...

  Uh, that's not the same thing at all.

  Alan DeKok.



- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problems authenticating with mpd, MSCHAPv2

[Sean Perry]

Damian Gerow wrote:

If I change the mpd configuration to use PAP instead of CHAP, I get
authentication success, but then there's some weirdness going on on the mpd
side of things that I'm also trying to figure out.
Even though rlm_chap complains about not being able to find a proper
Chap-Password attribute, I can see the MS-CHAP-Challenge and -Response right
in the packet debug.
as I was told recently, you can't get there from here.

There is currently no way to authenticate via CHAP against a Windows 
domain from Linux.  Alan explains this in the thread I started last week.

The best possibility I have found is using a radius relay and a Windows 
based radius server like Internet Authentication Service which comes 
with win2k server.  Haven't tried to get it to work yet, but it is the 
most likely way to get it working.



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Wireless

[Rio Martin]

On Wednesday 10 September 2003 00:14, Alan DeKok wrote:
> "Troy Sanders" <[EMAIL PROTECTED]> wrote:
> > I am looking for a document that shows how to configure the Free Radius
> > Server and wireless access points;
>   http://www.freeradius.org/doc/  ?
>   There are a number of such documents.

Alan,
Please check the website, URL broken.

Regards,
Rio Martin.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Calling-Station-Id

[Eric]

Hi,
I need to authenticate users by Calling-Station-Id.
Pass users who uses phone number, which begins at "69"
I have written the script on perl:
==
#!/usr/bin/perl
(our $i)[EMAIL PROTECTED];
$string = substr ($i,0,2);
if ($i=='69'){
exit(0);}
else{
exit(1);}
==
And write this string in radreply table:
Id UserNameAttributeValue   op
1  someuser   Exec-Program-Wait/etc/radius/bin/credit.pl %i  =
==

And after all of this it still doesn't pass "69"-users.

What you could to advise me, maybe someone had the same problem.
Thanks!



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Installation Error

[arothenberg]

here is the last part everything before
appears to be ok.

libtool: install: `rlm_mschap.la' is not a valid libtool
archive
Try `libtool --help --mode=install' for more information.
gmake[7]: Entering directory
`/root/radiusinstall/freeradius-0.9.1/src/modules/rlm_mschap'
/root/radiusinstall/freeradius-0.9.1/install-sh -c -d -m 755
/usr/local/bin
/root/radiusinstall/freeradius-0.9.1/install-sh -c -m 755 -s smbencrypt
/usr/local/bin
install:  smbencrypt does not exist
gmake[7]: *** [smbencrypt-install] Error 1
gmake[7]: Leaving directory
`/root/radiusinstall/freeradius-0.9.1/src/modules/rlm_mschap'
gmake[6]: *** [install] Error 2
gmake[6]: Leaving directory
`/root/radiusinstall/freeradius-0.9.1/src/modules/rlm_mschap'
gmake[5]: *** [common] Error 1
gmake[5]: Leaving directory
`/root/radiusinstall/freeradius-0.9.1/src/modules'
gmake[4]: *** [install] Error 2
gmake[4]: Leaving directory
`/root/radiusinstall/freeradius-0.9.1/src/modules'
gmake[3]: *** [common] Error 1
gmake[3]: Leaving directory `/root/radiusinstall/freeradius-0.9.1/src'
gmake[2]: *** [install] Error 2
gmake[2]: Leaving directory `/root/radiusinstall/freeradius-0.9.1/src'
gmake[1]: *** [common] Error 1
gmake[1]: Leaving directory `/root/radiusinstall/freeradius-0.9.1'
make: *** [install] Error 2


Adam Rothenberg
Network Technician
Palatine High School
 N. Rohlwing Rd.
Palatine, IL 60074
(847) 755-1764






Chris Parker <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
09/09/2003 12:44 PM
Please respond to freeradius-users
        
        To:
       [EMAIL PROTECTED]
        cc:
       
        Subject:
       Re: Installation Error


At 12:25 PM 9/9/2003, [EMAIL PROTECTED] wrote:

>we use you guys for our district dial-in service. keep up the good
work!

Cool.  :)

>well, as I said I am new at this so I was trying trying to get a basic
>install working and go from there, but I am trying to setup authentication
>for a wireless LAN. Currently we don't have any encryption and I am
trying
>to test some ideas and also try to learn some new apps when I am getting
>paid to.

Can you paste a few lines from around where you are getting this
error during the build process?  That'll help us nail down where in
the
build process it is failing, then we can start looking into why it isn't
working for you.

-Chris
--
    \\\|||///  \          StarNet
Inc.      \         Chris Parker
    \ ~   ~ /   \       WX *is* Wireless!
   \   Director, Engineering
    | @   @ |    \   http://www.starnetwx.net
\      (847) 963-0116
oOo---(_)---oOo--\--
                   \ Wholesale
Internet Services - http://www.megapop.net



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Wireless

[Ronald Jochems]

Hi Troy,
 
On the url described, i did find 3 documents, in 
the bottom, but basically describing EAP/TLS.
As far as i'm concerned, i do not wat to play with 
TLS yet, but only start with MD5.
 
For the moment i have got some parts working, but i 
am still 'fighting' with the wep encryption keys.
My AP (dlink-sys 950+) and client are operating 
just fine, but i think i am missing some radius config part for handing out 
these keys. 
The AP only can do WEP when radius is turned 
on.
 
I am wondering what your config is like. I changed 
radiusd.conf as described in : http://www.freeradius.org/doc/EAP-MD5.html
 
 
users :
test    Auth-Type := Eap, 
User-Password == "test"
 
 

  - Original Message - 
  From: 
  Troy 
  Sanders 
  To: [EMAIL PROTECTED] 
  
  Sent: Tuesday, September 09, 2003 7:02 
  PM
  Subject: Wireless
  
  
  I am looking for a document that 
  shows how to configure the Free Radius Server and wireless access points; I am 
  using Orinoco’s or 
  Proxim’s AP-2000.
   
  Any Help would be wonderful.  I saw the diagram at NetWorld 
  Interop.
   
  Thank 
  you
   
  Troy

Re: Minor (but crashing) bug in rlm_mschap

[Peter Stamfest]

On Tue, 9 Sep 2003, Alan DeKok wrote:

> Date: Tue, 09 Sep 2003 14:19:49 -0400
> From: Alan DeKok <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: Re: Minor (but crashing) bug in rlm_mschap 
> 
> Peter Stamfest <[EMAIL PROTECTED]> wrote:
> > With freeradius-0.9.1 radiusd constantly crashed (using radiusd -X) when
> > doing MSCHAP. I tracked the problem to the code that generates the
> > SMB-Account-CTRL value from SMB-Account-CTRL-TEXT if SMB-Account-CTRL was
> > missing (BTW: I am using LDAP to store data). The integer value for
> > SMB-Account-CTRL was initialized from an empty string ("") instead of a
> > string representation of an integer (eg. "0"), resulting in a NULL pointer
> > deref later on.
> 
>   Where?  I don't see why any of that code would core dump.  Can you
> supply a back trace, with indication as to which pointer was NULL?

The pairmake function returns NULL which gets dereferenced two lines below 
(smb_ctrl->lvalue).

The problem surfaces through the return of NULL at line 601 in
pairparsevalue in src/lib/valuepair.c which makes pairmake return NULL in
the case of an integer that does not start with a digit ("" does not start
with a digit).

Here is a backtrace:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 18105)]
0x400226f0 in mschap_authenticate (instance=0x80fb1d0, request=0x8104178)
at rlm_mschap.c:625
625 smb_ctrl->lvalue = 
pdb_decode_acct_ctrl(password->strvalue);
(gdb) bt
#0  0x400226f0 in mschap_authenticate (instance=0x80fb1d0, request=0x8104178)
at rlm_mschap.c:625
#1  0x08054cb5 in module_post_auth ()
#2  0x08054e16 in modcall ()
#3  0x08054cff in module_post_auth ()
#4  0x08054dd1 in modcall ()
#5  0x08054a5b in module_authenticate ()
#6  0x08051d83 in rad_check_password ()
#7  0x08052043 in rad_authenticate ()
#8  0x0804d475 in rad_respond ()
#9  0x0804d0ec in rad_process ()
#10 0x0804ce32 in main ()
#11 0x400c21c4 in __libc_start_main () from /lib/libc.so.6
(gdb) print smb_ctrl
$1 = (VALUE_PAIR *) 0x0



peter


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html