unsubscribe

[boggss]

unsubscribe


  

-
Bringing First World Technology Closer to You.
http://www.1asialink.com
  


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: core dump using freeradius0.9.2 with FreeBSD 5.1

[Rohaizam Abu Bakar]

even 0.9.0 having problem with FreeBSD 5.1 ... 
something about rlm_ldap  

--haizam


  - Original Message - 
  From: 
  Rohaizam Abu 
  Bakar 
  To: [EMAIL PROTECTED] 
  
  Sent: Monday, October 20, 2003 6:53 
  PM
  Subject: core dump using freeradius0.9.2 
  with FreeBSD 5.1
  
  
  Using freeradius 0.9.2 with FreeBSD 5.1.. All 
  compilations seems Ok... even starting up doesn't give any problem... 
  But once pumping load into it (not that 
  heavy)... then it keep core dumping as shown in below log.. 
  
  Currently i revert back to freeradius 0.9.0 with 
  my FreeBSD 5.1 ... 
  
  FYI... freeradius 0.9.2 inside my FreeBSD 4.8 
  runnning fine...
  
  
  LOG
  =
  i) from system log
  
  Oct 20 16:42:20 radius3 kernel: pid 67341 
  (radiusd), uid 0: exited onsignal 4 (core dumped)Oct 20 16:42:20 
  radius3 kernel: Oct 20 16:42:20 radius3 kernel: pid 67341(radiusd), uid 0: 
  exited on signal 4 (core dumped)Oct 20 17:02:02 radius3 kernel: pid 68054 
  (radiusd), uid 0: exited onsignal 4 (core dumped)Oct 20 17:02:02 
  radius3 kernel: Oct 20 17:02:02 radius3 kernel: pid 68054(radiusd), uid 0: 
  exited on signal 4 (core dumped)Oct 20 17:34:01 radius3 kernel: pid 69185 
  (radiusd), uid 0: exited onsignal 4 (core dumped)Oct 20 17:34:01 
  radius3 kernel: Oct 20 17:34:01 radius3 kernel: pid 69185(radiusd), uid 0: 
  exited on signal 4 (core dumped)Oct 20 17:46:27 radius3 kernel: pid 69671 
  (radiusd), uid 0: exited onsignal 4 (core dumped)Oct 20 17:46:27 
  radius3 kernel: Oct 20 17:46:27 radius3 kernel: pid 69671(radiusd), uid 0: 
  exited on signal 4 (core dumped)
  
  ii) from radius.log
  
  Mon Oct 20 18:37:00 2003 : Error: rlm_ldap: 
  uniqueIdentifier=227523,ou=RADIUS,ou=People,dc=com,dc=my bind to x.x.x.x:389 
  failed: timeoutMon Oct 20 18:37:00 2003 : Error: rlm_ldap: 
  uniqueIdentifier=717710,ou=RADIUS,ou=People,dc=com,dc=my bind to x.x.x.x:389 
  failed: timeoutMon Oct 20 18:37:03 2003 : Error: rlm_ldap: 
  uniqueIdentifier=983053,ou=RADIUS,ou=People,dc=com,dc=my bind to x.x.x.x:389 
  failed: timeout
  
  
  --haizam
  

RE: FreeRadius On a Lucent NAS

[m0bius]

 Manoj Reddy wrote:

 y don't u check ur server, hosting RADIUS for ports on
 which it is listening. there might a possible mismatch
 of ports on which ur server is listening and the ports
 on which ur NAS is operating for RADIUS Connections.
 check it out once and let me know the results.


Both you and Alan Dekok were actually quite right. Foolish mistake :-)
Thanks a lot

Btw has anyone figured anything out regarding the snmpfinger issue I
mentioned on my previous e-mail? Is opening the finger daemon on the NAS
the only way?


Regards
Paris



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: core dump using freeradius0.9.2 with FreeBSD 5.1

[Kostas Kalevras]

On Mon, 20 Oct 2003, Rohaizam Abu Bakar wrote:

 even 0.9.0 having problem with FreeBSD 5.1 ... something about rlm_ldap 

Please read doc/bugs and send a backtrace of the core dump to the list.

Thanks


 --haizam

   - Original Message -
   From: Rohaizam Abu Bakar
   To: [EMAIL PROTECTED]
   Sent: Monday, October 20, 2003 6:53 PM
   Subject: core dump using freeradius0.9.2 with FreeBSD 5.1



   Using freeradius 0.9.2 with FreeBSD 5.1.. All compilations seems Ok... even 
 starting up doesn't give any problem... But once pumping load into it (not that 
 heavy)... then it keep core dumping as shown in below log..

   Currently i revert back to freeradius 0.9.0 with my FreeBSD 5.1 ...

   FYI... freeradius 0.9.2 inside my FreeBSD 4.8 runnning fine...


   LOG
   =
   i) from system log

   Oct 20 16:42:20 radius3 kernel: pid 67341 (radiusd), uid 0: exited on
   signal 4 (core dumped)
   Oct 20 16:42:20 radius3 kernel: Oct 20 16:42:20 radius3 kernel: pid 67341
   (radiusd), uid 0: exited on signal 4 (core dumped)
   Oct 20 17:02:02 radius3 kernel: pid 68054 (radiusd), uid 0: exited on
   signal 4 (core dumped)
   Oct 20 17:02:02 radius3 kernel: Oct 20 17:02:02 radius3 kernel: pid 68054
   (radiusd), uid 0: exited on signal 4 (core dumped)
   Oct 20 17:34:01 radius3 kernel: pid 69185 (radiusd), uid 0: exited on
   signal 4 (core dumped)
   Oct 20 17:34:01 radius3 kernel: Oct 20 17:34:01 radius3 kernel: pid 69185
   (radiusd), uid 0: exited on signal 4 (core dumped)
   Oct 20 17:46:27 radius3 kernel: pid 69671 (radiusd), uid 0: exited on
   signal 4 (core dumped)
   Oct 20 17:46:27 radius3 kernel: Oct 20 17:46:27 radius3 kernel: pid 69671
   (radiusd), uid 0: exited on signal 4 (core dumped)

   ii) from radius.log

   Mon Oct 20 18:37:00 2003 : Error: rlm_ldap: 
 uniqueIdentifier=227523,ou=RADIUS,ou=People,dc=com,dc=my bind to x.x.x.x:389 failed: 
 timeout
   Mon Oct 20 18:37:00 2003 : Error: rlm_ldap: 
 uniqueIdentifier=717710,ou=RADIUS,ou=People,dc=com,dc=my bind to x.x.x.x:389 failed: 
 timeout
   Mon Oct 20 18:37:03 2003 : Error: rlm_ldap: 
 uniqueIdentifier=983053,ou=RADIUS,ou=People,dc=com,dc=my bind to x.x.x.x:389 failed: 
 timeout


   --haizam


--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius On a Lucent NAS

[Kostas Kalevras]

On Sun, 19 Oct 2003, m0bius wrote:


 Hello there,

 I am doing an upgrade on the radius server, and I've decided to switch
 from Clistron Radius Server to FreeRadius. I have set FreeRadius to use
 mySQL and I've transformed the users file to the database format. I
 believe that I have configured freeradius enough to work fine. (radtest
 and radclient works as expected) However I've encountered some issues.

 1st) The first time I tried to see if our Lucent NAS worked well with
 the freeradius (clients.conf has been properly set, with all the correct
 ip's and passwords) and running radiusd on debug mode (-X) I never saw a
 single connection from the NASes. It's kinda confusing since if the
 password was incorrect I would probably see a message. I believe that it
 is a Lucent issue but the weird thing is that it previously worked just
 fine with the Cistron Radius (I've not changed anything on the NASes).
 Could anyone know if there is anything that should be taken into
 consideration regarding the configuration of the nas?

 2nd) I've set the dialup admin pretty well and it seems to work (Check
 Server and each Test User works as expected) however I don't seem to see
 the online users on the nas. I've set as fingering method snmp. I've
 tried running snmpfinger manually to see that it didn't work giving out
 errors. Mostly this was because of the different version of the snmpwalk
 I have installed on the system. (I use net-snmp latest version). I've
 edited snmpfinger for snmpwalk to work well, however now when I manually
 execute it I never get anything back... I don't want to use radacct for
 such purposes and I am most confused on what is going on. (Shouldn't
 snmpfinger return something back? Please note that when I do something
 like: snmpwalk -c community host -v 1 system I get a response from the
 nas)

The snmpfinger will use the Cisco Session MIB so it will probably only work for
cisco equipment. Patches are always welcome though.
You could just try using radacct. As long as your accounting works ok it won't
be of any difference.


 3rd) The nases are supposed to server both dialup PSTN and ISDN 64k and
 128k at the same time. I've included the NAS-Port-Type on the dictionary
 and the dialup admin user_edit.attr file, however, while in Cistron the
 difference between PSTN, ISDN 64k, ISDN 128K was something like:

 PSTN:
 NAS-Port-Type = Async
 Simultaneus Use = 1

 ISDN 64
 Simultaneus Use = 1

 ISDN 128
 Simultaneus Use = 2

 I've been searching the documentations and saw something like:
 NAS-Port-Type = ISDN. Would such a thing work as well?

Simultaneous-Use is used to determine the number of distinct logins of a user
Port-Limit is used to determine the number of multilink channels a user is
allowed to open on a login.



 Btw I should mention that the Cistron Radius was not set by me and the
 people do not know how or why it was done this way back then. Well it's
 pretty much about that. I am sorry about the extended mail

 Really looking forward for any help available

 Regards
 Paris


 -
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Session-Timeout

[Kostas Kalevras]

On Sun, 19 Oct 2003, Doron Shmaryahu wrote:

 Hi,

 I am using freeradius with mysql and dialupadmin. I have deleted the
 timeouts for users in the admin.conf file in dialup admin. I still seem
 to have users being disconnected after 2hrs with Session-Timeout as the
 cause. How could I remedy this ??

The admin.conf has nothing to do with the user information in the database. You
should change the user attributes for things to work ok.


 Thanks

 Doron Shmaryahu


--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Radkill

[Kostas Kalevras]

On Sat, 18 Oct 2003, Matthew wrote:

 Is it possible to use Radkill or something similiar to use the accounting
 logs to determine who the heaviest users are and kick them off line if there
 is only one free line left on the portmaster?  I want the accounting to
 based on the last 30 days of usage not just the current session.  This way
 the line campers would be kicked off rather then giving busy signals to
 everyone else at peak times.  If there are plenty of lines though no one
 would be kicked.

One easy way is to just setup a monthly counter for all your users (see
rlm_counter).
What you are trying to do is quite difficult. For instance how will you be able
to stop the disconnected users from reconnecting after you 've kicked them out?


 Matt


 -
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: attr_rewrite documentation?

[Kostas Kalevras]

On Fri, 17 Oct 2003, Steve Fulton wrote:

 Hi all,

 I'm in the process of setting up a FreeRADIUS server to replace our
 ancient one, and part of our requirements mean using attr_rewrite.  Is
 there any decent documentation/how-to's out there on how it is used?

Other than the comments in radiusd.conf and 'man 5 regex' none.


 And FWIW, I'm going to share our logic, so please feel free to poke holes
 in it:

 1.  We use [EMAIL PROTECTED].  If the realm is missing, we will use
 attr_write to add it.

proxy.conf:

realm NULL{
[...]
}


 2.  Since we're AAA'ing using a SQL database, the username needs to be
 parsed so that the username and the realm/domain is split.  Then those,
 plus the password, are checked against the SQL DB.

This is done automatically by the realm module.


 Seem sane to you?

Yes but you probably don't need to even use the attr_rewrite module


 -- Stephen.


 -
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_counter and rlm_sqlcounter

[Kostas Kalevras]

On Sun, 19 Oct 2003, apellido jr., wilfredo p wrote:

 Have a nice day Mr. Kalevras, I just question
 regarding counter attribute, is this possible to add
 this attribute in rlm_sqlcounter? or it is just for
 rlm_counter? Both rlm_counter and rlm_sqlcounter
 support user define reset, i tried to change the
 default reset of sql_monthlycounter and counter
 Monthly
 to 3 months and here's the LOG

 daywalker# radiusd -xx
 Starting - reading configuration files ...
 reread_config:  reading radiusd.conf
 Config:   including file: /etc/raddb/proxy.conf
 Config:   including file: /etc/raddb/clients.conf

[...]

 Module: Loaded Counter
  counter: filename = /etc/raddb/db.monthly
  counter: key = User-name
  counter: reset = 3m
  counter: count-attribute = Acct-Session-Time
  counter: counter-name = Monthly-Session-Time
  counter: check-name = Max-Monthly-Session
  counter: allowed-servicetype = Framed-User
  counter: cache-size = 5000
 rlm_counter: Counter attribute Monthly-Session-Time is
 number 1081
 rlm_counter: num=3, last=m
 rlm_counter: Current Time: 1066614025, Next reset
 1072886400


You could try using the cvs version of rlm_counter, it will print the current
time and next reset time in human readable form. In any case for rlm_counter the
next is after 72 days which is probably at the first day of the third month
ahead.

[...]

 Module: Loaded SQL Counter
  sqlcounter: counter-name = Monthly-Session-Time
  sqlcounter: check-name = Max-Monthly-Session
  sqlcounter: key = User-Name
  sqlcounter: sqlmod-inst = sqlcca3
  sqlcounter: query = SELECT SUM(AcctSessionTime) FROM
 radacct WHERE UserName='%{%k}' AND AcctStartTime 
 FROM_UNIXTIME('%b')
  sqlcounter: reset = 3m
 rlm_sqlcounter: Counter attribute Monthly-Session-Time
 is number 1081
 rlm_sqlcounter: Check attribute Max-Monthly-Session is
 number 1082
 rlm_sqlcounter: num=1, last=m
 rlm_sqlcounter: Current Time: 1066614026 [2003-10-20
 09:40:26], Next reset 1067616000 [2003-11-01 00:00:00]
 rlm_sqlcounter: num=3, last=m
 rlm_sqlcounter: Current Time: 1066614026 [2003-10-20
 09:40:26], Prev reset 1059667200 [2003-08-01 00:00:00]
 Module: Instantiated sqlcounter (monthlycounter)

 why isnt it the next reset STILL first day of the
 month?

As for rlm_sqlcounter i don't know.




 =
 [ apellido jr., wilfredo p. ]
 +63 034 4880-449

 If you can't hear me, it's because i'm in parentheses.

 __
 Do you Yahoo!?
 The New Yahoo! Shopping - with improved product search
 http://shopping.yahoo.com

 -
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Authentication with FreeRadius and /etc/shadow

[Alan DeKok]

=?iso-8859-1?Q?Jos=E9?= Berenguer [EMAIL PROTECTED] wrote:
 We are trying to authenticate users with FreeRadius 0.9.2 against
 the /etc/shadow file in a Solaris system, but we always get an error
 like this:
 
 Info: Ready to process requests.
 Info: rlm_eap_md5: Issuing Challenge
 Auth: Login OK: [jose/no User-Password attribute]
 Info: rlm_eap_md5: No password configured for this user
 Auth: Login incorrect: [jose/no User-Password attribute]

  System authentication will NEVER work for EAP-MD5.  It's CHAP.  See
the FAQ.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: dialup_admin: log_badlogins problem

[Kenny Olano]

I had to download dialup-admin from the cvs snapshot to allow
[EMAIL PROTECTED].

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of Kostas
 Kalevras
 Sent: Monday, October 20, 2003 8:57 AM
 To: [EMAIL PROTECTED]
 Subject: RE: dialup_admin: log_badlogins problem


 On Fri, 17 Oct 2003, Kenny Olano wrote:

  I fixed that issue. I had to run it as perl log_badlogins
  /path/to/radius.log.  But now when it logs the bad logins, The
 username is
  just a -.

 That probable has to do with the form of your usernames.
 log_badlogins will only
 log usernames matching the regex [EMAIL PROTECTED] for now.

 
   -Original Message-
   From: [EMAIL PROTECTED]
   [mailto:[EMAIL PROTECTED] Behalf Of Kostas
   Kalevras
   Sent: Friday, October 17, 2003 9:25 AM
   To: Freeradius-Users
   Subject: Re: dialup_admin: log_badlogins problem
  
  
   On Fri, 17 Oct 2003, Kenny Olano wrote:
  
I'm trying to run log_badlogin but I keep getting the following
   error sh:
/usr/local/mysql/bin/mysql: No such file or directory I am
 pointing the
$mysql variable to right path /usr/bin/mysql   Why does it
   still try to
use /usr/local/mysql/bin/mysql ? I even tried commenting out
   the insert
command but I still get this error.  Any help will be appreciated.
  
   As long as you have something like:
  
   $mysql='/usr/bin/mysql';
  
   in your log_badlogins it should work just fine...
  
   
Kenny Olano
Web Programmer
Practical Solutions
   
   
-
List info/subscribe/unsubscribe? See
  http://www.freeradius.org/list/users.html
  
 
  --
  Kostas Kalevras Network Operations Center
  [EMAIL PROTECTED]   National Technical University of Athens, Greece
  Work Phone: +30 210 7721861
  'Go back to the shadow' Gandalf
 
  -
  List info/subscribe/unsubscribe? See
  http://www.freeradius.org/list/users.html
 
 
  -
  List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html
 

 --
 Kostas Kalevras   Network Operations Center
 [EMAIL PROTECTED] National Technical University of Athens, Greece
 Work Phone:   +30 210 7721861
 'Go back to the shadow'   Gandalf

 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

manually updating AcctStopTime

[Kenny Olano]

Hello
I am using freeradius 07.1 with mysql. I am working on script that will
update the AcctStopTime manually, But I have noticed that when that is done
and the radius server receives the accounting stop packets it doesn't update
the record but inserts an entire new record.  Any way of stopping this?

Kenny Olano
Web Programmer
Practical Solutions
1561 Virginia Avenue Suite 207A
College Park, GA 30337
404-762-5600 x103


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: manually updating AcctStopTime

[Kostas Kalevras]

On Mon, 20 Oct 2003, Kenny Olano wrote:

 Hello
   I am using freeradius 07.1 with mysql. I am working on script that will
 update the AcctStopTime manually, But I have noticed that when that is done
 and the radius server receives the accounting stop packets it doesn't update
 the record but inserts an entire new record.  Any way of stopping this?

Have you read the sql.conf file?

the accounting-stop query will do an 'update where acctstoptime = 0'
If acctstoptime has been changed then the query will fail and the server will
fall back to an insert


 Kenny Olano
 Web Programmer
 Practical Solutions
 1561 Virginia Avenue Suite 207A
 College Park, GA 30337
 404-762-5600 x103


 -
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: manually updating AcctStopTime

[Kenny Olano]

I guess I should of read the sql.conf file before I posted this. Sorry about
that.  Would there be any damage caused if I remove accstoptime = 0 from
the sql clause? By damage I mean any time of database corruption or the
wrong records being updated.

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of Kostas
 Kalevras
 Sent: Monday, October 20, 2003 10:27 AM
 To: Freeradius-Users
 Subject: Re: manually updating AcctStopTime


 On Mon, 20 Oct 2003, Kenny Olano wrote:

  Hello
  I am using freeradius 07.1 with mysql. I am working on
 script that will
  update the AcctStopTime manually, But I have noticed that when
 that is done
  and the radius server receives the accounting stop packets it
 doesn't update
  the record but inserts an entire new record.  Any way of stopping this?

 Have you read the sql.conf file?

 the accounting-stop query will do an 'update where acctstoptime = 0'
 If acctstoptime has been changed then the query will fail and the
 server will
 fall back to an insert

 
  Kenny Olano
  Web Programmer
  Practical Solutions
  1561 Virginia Avenue Suite 207A
  College Park, GA 30337
  404-762-5600 x103
 
 
  -
  List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: manually updating AcctStopTime

[Kostas Kalevras]

On Mon, 20 Oct 2003, Kenny Olano wrote:

 I guess I should of read the sql.conf file before I posted this. Sorry about
 that.  Would there be any damage caused if I remove accstoptime = 0 from
 the sql clause? By damage I mean any time of database corruption or the
 wrong records being updated.

Probably not as long as the acct-session-id (and probably acct-unique-id) fields
are unique...


  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED] Behalf Of Kostas
  Kalevras
  Sent: Monday, October 20, 2003 10:27 AM
  To: Freeradius-Users
  Subject: Re: manually updating AcctStopTime
 
 
  On Mon, 20 Oct 2003, Kenny Olano wrote:
 
   Hello
 I am using freeradius 07.1 with mysql. I am working on
  script that will
   update the AcctStopTime manually, But I have noticed that when
  that is done
   and the radius server receives the accounting stop packets it
  doesn't update
   the record but inserts an entire new record.  Any way of stopping this?
 
  Have you read the sql.conf file?
 
  the accounting-stop query will do an 'update where acctstoptime = 0'
  If acctstoptime has been changed then the query will fail and the
  server will
  fall back to an insert
 
  
   Kenny Olano
   Web Programmer
   Practical Solutions
   1561 Virginia Avenue Suite 207A
   College Park, GA 30337
   404-762-5600 x103
  
  
   -
   List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html
 

 --
 Kostas Kalevras   Network Operations Center
 [EMAIL PROTECTED] National Technical University of Athens, Greece
 Work Phone:   +30 210 7721861
 'Go back to the shadow'   Gandalf

 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html


 -
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: manually updating AcctStopTime

[Kenny Olano]

Thanks for your help Kostas.

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of Kostas
 Kalevras
 Sent: Monday, October 20, 2003 10:40 AM
 To: [EMAIL PROTECTED]
 Subject: RE: manually updating AcctStopTime


 On Mon, 20 Oct 2003, Kenny Olano wrote:

  I guess I should of read the sql.conf file before I posted
 this. Sorry about
  that.  Would there be any damage caused if I remove
 accstoptime = 0 from
  the sql clause? By damage I mean any time of database corruption or the
  wrong records being updated.

 Probably not as long as the acct-session-id (and probably
 acct-unique-id) fields
 are unique...

 
   -Original Message-
   From: [EMAIL PROTECTED]
   [mailto:[EMAIL PROTECTED] Behalf Of Kostas
   Kalevras
   Sent: Monday, October 20, 2003 10:27 AM
   To: Freeradius-Users
   Subject: Re: manually updating AcctStopTime
  
  
   On Mon, 20 Oct 2003, Kenny Olano wrote:
  
Hello
I am using freeradius 07.1 with mysql. I am working on
   script that will
update the AcctStopTime manually, But I have noticed that when
   that is done
and the radius server receives the accounting stop packets it
   doesn't update
the record but inserts an entire new record.  Any way of
 stopping this?
  
   Have you read the sql.conf file?
  
   the accounting-stop query will do an 'update where acctstoptime = 0'
   If acctstoptime has been changed then the query will fail and the
   server will
   fall back to an insert
  
   
Kenny Olano
Web Programmer
Practical Solutions
1561 Virginia Avenue Suite 207A
College Park, GA 30337
404-762-5600 x103
   
   
-
List info/subscribe/unsubscribe? See
  http://www.freeradius.org/list/users.html
  
 
  --
  Kostas Kalevras Network Operations Center
  [EMAIL PROTECTED]   National Technical University of Athens, Greece
  Work Phone: +30 210 7721861
  'Go back to the shadow' Gandalf
 
  -
  List info/subscribe/unsubscribe? See
  http://www.freeradius.org/list/users.html
 
 
  -
  List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: 0.9.1 and bad logins

[Alan DeKok]

Bill [EMAIL PROTECTED] wrote:
 What does this mean? I don't understand the -s according to the radiusd
 man page. When I do a ps ax and review my logs Radius appears to running
 normally.

  It means that there are still threading issues with some system
calls.

  FreeRADIUS has its own internal locks which prevent it from making
more than one call to the getpwent(), etc. functions at a time.  It
appears that either more locks are needed, or that the existing locks
don't work.

  Since you're the only one having problems, I believe it's most
likely a local system issue.  There's not much I can suggest as to how
to fix that.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Importing /etc/passwd file to Postgresgql DB

[Blevins Carol A]

I have freeradius 0.9.1 up and running using pgsql.  I would like to
import /etc/passwd into the radius db.  I have manually entered a user
into the radius db and have been able to authenticate the user fine, but
am unclear as to how I can import the passwd file in the db.  Any help
would be appreciated.  I have looked high and low on the mailing list and
google.

thanx
Carol B.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: assign wireless users to VLANs on CISCO AP1230

[Jean-Marie GUILLEMOT]

  # ATTRIBUTE Tunnel-Private-Group-Id 81  string  has_tag
  ATTRIBUTE   Tunnel-Private-Group-Id 81  integer has_tag

   I have no clue why you would change that.  See:

   http://www.freeradius.org/rfc/attributes.html

   Click on the Tunnel-Private-Group-Id link, and read the text.


Sorry if I wasn't clear enough. When I read the CISCO configuration guide,
it says :


These are the RADIUS user attributes used for vlan-id assignment. Each
attribute must have a common Tag value to identify the grouped relationship.

IETF 64 (Tunnel Type): Set this attribute to VLAN
IETF 65 (Tunnel Medium Type): Set this attribute to 802
IETF 81 (Tunnel Private Group ID): Set this attribute to vlan-id


I'm not perfectly bilingual, but I understand that my AP is expecting the
attributes VLAN, 802 and the VLAN-ID

vlan-id is not a string, it's an integer for CISCO (for instance, in my
WLAN the SSID teacher is mapped to VLAN 10 : 10 is the vlan-id)


   Don't play games with the dictionaries unless you know what you're
 doing.  Change the entries back, and I'll bet it will work.


unfortunately not.
But be sure that before bothering the mailing list, I tried to make it work
without making any change to the dictionaries :

jmguillemot Auth-Type := eap, User-Password == X
Service-Type = Login-User,
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = teacher

...without success.
thanks anyway for the help.

Jean-Marie


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

FreeRadius and BreezeAccess...

[Damjan]

First a pre-question, how can I see a DUMP of radius accounting packets
that are entering my freeradius?

Second, has anyone used freeradius to collect radius accounting from
BreezeAccess wireless devices? The peculiar thing with these units is
that they are sending some interesting info in Vendor-Specific
attributes, but freeradius complains that:

Mon Oct 20 18:39:07 2003 : Error: WARNING: Malformed RADIUS packet from
host 192.168.2.10: Vendor specific attributes do not exactly fill
Vendor-Specific



-- 
Damjan Georgievski
jabberID: [EMAIL PROTECTED]

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: assign wireless users to VLANs on CISCO AP1230

[Alan DeKok]

Jean-Marie GUILLEMOT [EMAIL PROTECTED] wrote:
 These are the RADIUS user attributes used for vlan-id assignment. Each
 attribute must have a common Tag value to identify the grouped relationship.
 
 IETF 64 (Tunnel Type): Set this attribute to VLAN
 IETF 65 (Tunnel Medium Type): Set this attribute to 802
 IETF 81 (Tunnel Private Group ID): Set this attribute to vlan-id
 
 
 I'm not perfectly bilingual, but I understand that my AP is expecting the
 attributes VLAN, 802 and the VLAN-ID

  No.  Read the 'dictionary.tunnel' file.  VLAN is a name for the
value 13 for the attribute Tunnel-Type.  802 is the name for the
value 6 for the attribue Tunnel-Medium-Type.  The
Tunnel-Private-Group-Id attribute is of type string, so the value
inside of it should be a string representation of the vlan-id.

 vlan-id is not a string, it's an integer for CISCO (for instance, in my
 WLAN the SSID teacher is mapped to VLAN 10 : 10 is the vlan-id)

  It can still be sent as the string 10.

 But be sure that before bothering the mailing list, I tried to make it work
 without making any change to the dictionaries :
 
 jmguillemot   Auth-Type := eap, User-Password == X
   Service-Type = Login-User,
   Tunnel-Type = VLAN,
   Tunnel-Medium-Type = IEEE-802,
   Tunnel-Private-Group-Id = teacher
 

  teacher?  That's the SSID.  Did the documentation not say to use
the vlan-id, NOT the SSID?

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: assign wireless users to VLANs on CISCO AP1230

[Artur Hecker]

hi

These are the RADIUS user attributes used for vlan-id assignment. Each
attribute must have a common Tag value to identify the grouped relationship.
IETF 64 (Tunnel Type): Set this attribute to VLAN
IETF 65 (Tunnel Medium Type): Set this attribute to 802
IETF 81 (Tunnel Private Group ID): Set this attribute to vlan-id

I'm not perfectly bilingual, but I understand that my AP is expecting the
attributes VLAN, 802 and the VLAN-ID
no, your AP wants the attributes Tunnel-Type, Tunnel-Medium-Type and 
Tunnel-Private-Group-ID and the VALUEs should be as you say. there is no 
need to change the dictionaries for that.


vlan-id is not a string, it's an integer for CISCO (for instance, in my
WLAN the SSID teacher is mapped to VLAN 10 : 10 is the vlan-id)
that doesn't prove anything. 10 is a perfect string.


jmguillemot Auth-Type := eap, User-Password == X
Service-Type = Login-User,
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = teacher

...without success.
please always post the server debug output (radiusd -s -X) as requested 
by the FAQ. btw.: auth-type shouldn't be explicitly set to eap ...

ciao
artur


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius and BreezeAccess...

[Alan DeKok]

Damjan [EMAIL PROTECTED] wrote:
 First a pre-question, how can I see a DUMP of radius accounting packets
 that are entering my freeradius?

  www.tcpdump.org

 Second, has anyone used freeradius to collect radius accounting from
 BreezeAccess wireless devices? The peculiar thing with these units is
 that they are sending some interesting info in Vendor-Specific
 attributes, but freeradius complains that:
 
 Mon Oct 20 18:39:07 2003 : Error: WARNING: Malformed RADIUS packet from
 host 192.168.2.10: Vendor specific attributes do not exactly fill
 Vendor-Specific

  Breezecom has chosen to ignore the RFC's.  Therefore, their hardware
is not fully RADIUS compliant.

  We may add hacks to FreeRADIUS to make this work, before version 1.0
is released.  But the problem is definitely caused by Breezecom
choosing to ignore the RFC recommendations, and do something which is
intentionally broken.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Access-Reject has no Reply-Message (2nd try)

[Paul Hampson]

 From: $BLnB<(B $B7z(B
(B Sent: Monday, 20 October 2003 6:35 PM
(B
(B I want my freeradius server to send Access-Reject packet with Reply-Message 
(B in it, 
(B so that NAS can alert user when authentication fails.  But, it's not 
(B working so far.
(B When authentication succeeds, my freeradius server sends Access-Accept 
(B packet
(B with Reply-Message in it.  But when authentication fails, it sends Access 
(B Reject packet
(B with no Reply-Message in it..
(B
(B So my question is why my freeradius doesn't include Reply-Message into 
(B Access-Reject
(B  packet, and how can I fix this problem?
(B
(B ---users
(B [EMAIL PROTECTED] Auth-Type :=Local, User-Password == "secret"
(B Service-Type = Framed-User,
(B Framed-Protocol = PPP,
(B Framed-IP-address = 192.168.200.1,
(B Framed-IP-Netmask = 255.255.255.0,
(B Session-Timeout = 30,
(B Reply-Message="111",
(B Reply-Message="222",
(B Reply-Message="333",
(B 
(B
(BAs you've observed, this will only add a Reply-Message if the authentication
(Bsucceeds. In the same way as it will only give an IP address or Session
(BTimeout if it succeeds.
(B
(BAs for how to send a Reply-Message on failure, I dunno off hand. :-)
(B
(B--
(BPaul "TBBle" Hampson
(BBubblesworth Pty Ltd (ABN: 51 095 284 361)
(B[EMAIL PROTECTED]
(B
(BOn a sidewalk near Portland State
(BUniversity someone wrote `Trust Jesus', and
(Bsomeone else wrote `But Cut the Cards'.
(B
(B
(B- 
(BList info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius and BreezeAccess...

[Damjan]

  First a pre-question, how can I see a DUMP of radius accounting packets
  that are entering my freeradius?
 
   www.tcpdump.org

Didn't mean about a dump on that level... I meant how freeeradius sees
or interprets the packet..


  Second, has anyone used freeradius to collect radius accounting from
  BreezeAccess wireless devices? The peculiar thing with these units is
  that they are sending some interesting info in Vendor-Specific
  attributes, but freeradius complains that:
  
  Mon Oct 20 18:39:07 2003 : Error: WARNING: Malformed RADIUS packet from
  host 192.168.2.10: Vendor specific attributes do not exactly fill
  Vendor-Specific
 
   Breezecom has chosen to ignore the RFC's.  Therefore, their hardware
 is not fully RADIUS compliant.
 
yes I know that,  hoped someone maybe got it to work...

thanks anyway.


-- 
Damjan Georgievski
jabberID: [EMAIL PROTECTED]

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius and BreezeAccess...

[Alan DeKok]

Damjan [EMAIL PROTECTED] wrote:
www.tcpdump.org
 
 Didn't mean about a dump on that level... I meant how freeeradius sees
 or interprets the packet..

  FreeRADIUS sees the same packet as tcpdump.  Any other information
is printed out in debugging mode.

 yes I know that,  hoped someone maybe got it to work...

  You've got source.  Hack the server so that Vendor-Specific is not
treated specially, but is instead treated like an attribute of type
'octets'.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

newbie question about rlm_radutmp

[Jeff Mello]

I've got freeradius 0.9.1 configured and running on a
sun enterprise ultra 2 with gentoo linux. When I try
to authenticate from an Ascend Max 6000, I'm getting
the following message in the radius.log:

Error: rlm_radutmp: Logout for NAS max6000 port 20101,
but no Login record

The radutmp file is empty. I have not found much
information on the radutmp module and how it works. 

I'm also getting the following entry in the log file:

Error: Received Accounting-Request packet from
ascend-IP-address with invalid signature!  (Shared
secret is incorrect.)

I have double and triple-checked the passwords on the
Ascend box to confirm that they match the secret in
the clients.conf file.

I appreciate any help that you folks can give me with
these 2 issues.


Jeff Mello

__
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

PPTP+RADIUS+LDAP+MSCHAP

[Jason Schultz]

Hi.

I'm a newbie to radius and am trying to get mschap to authenticate over ppp
using an ldap server.  I have read through many archives and checked the
faq's but still no luck.  I can authenticate successfully using text
passwords and everything works fine connecting to poptop without radius.
I am storing the userpassword as text in ldap.  radiusd.conf and the output
from radius are below.  Any help would be appreciated!
tia


radiusd.conf:

modules {
   mschap {
   authtype = MS-CHAP
   use_mppe = yes
   require_encryption = yes
   require_strong = yes
   }
   ldap {
   server = 10.1.1.2
   identity = cn=Manager,dc=tsoftware,dc=com
   password = mypass
   basedn = dc=tsoftware,dc=com
   filter = (uid=%{Stripped-User-Name:-%{User-Name}})
   start_tls = no
   access_attr = dialupAccess
   dictionary_mapping = ${raddbdir}/ldap.attrmap
   ldap_connections_number = 5
   password_header = {clear}
   password_attribute = userPassword
   timeout = 4
   timelimit = 3
   net_timeout = 1
   # access_attr_used_for_allow = yes
   }
}
authorize {
   preprocess
   ldap
   mschap
}
authenticate {
   Auth-Type MS-CHAP {
   mschap
   }
   # Auth-Type LDAP {
   # ldap
   # }
}

radiusd output:

rad_recv: Access-Request packet from host 127.0.0.1:32807, id=111, length=59

Service-Type = Framed-User

Framed-Protocol = PPP

User-Name = RadiusTestUID

NAS-IP-Address = 127.0.0.1

NAS-Port = 0

modcall: entering group authorize for request 0

modcall[authorize]: module preprocess returns ok for request 0

rlm_ldap: - authorize

rlm_ldap: performing user authorization for RadiusTestUID

radius_xlat: '(uid=RadiusTestUID)'

radius_xlat: 'dc=tsoftware,dc=com'

ldap_get_conn: Got Id: 0

rlm_ldap: attempting LDAP reconnection

rlm_ldap: (re)connect to 10.1.1.2:389, authentication 0

rlm_ldap: bind as cn=Manager,dc=tsoftware,dc=com/mypass to 10.1.1.2:389

rlm_ldap: waiting for bind result ...

rlm_ldap: performing search in dc=tsoftware,dc=com, with filter
(uid=RadiusTestUID)
rlm_ldap: checking if remote access for RadiusTestUID is allowed by
dialupAccess
rlm_ldap: Password header not found in password usertestpwd for user
RadiusTestUID
rlm_ldap: looking for check items in directory...

rlm_ldap: looking for reply items in directory...

rlm_ldap: user RadiusTestUID authorized to use remote access

ldap_release_conn: Release Id: 0

modcall[authorize]: module ldap returns ok for request 0

modcall[authorize]: module mschap returns noop for request 0

modcall: group authorize returns ok for request 0

rad_check_password: Found Auth-Type LDAP

auth: type LDAP

auth: Failed to validate the user.

Delaying request 0 for 1 seconds

Finished request 0

Going to the next request

--- Walking the entire request list ---

Waking up in 1 seconds...

--- Walking the entire request list ---

Waking up in 1 seconds...

--- Walking the entire request list ---

Sending Access-Reject of id 111 to 127.0.0.1:32807

Waking up in 4 seconds...

--- Walking the entire request list ---

Cleaning up request 0 ID 111 with timestamp 3f9438ca

Nothing to do. Sleeping until we see a request.

_
Help STOP SPAM with the new MSN 8 and get 2 months FREE*   
http://join.msn.com/?page=features/junkmail

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: PPTP+RADIUS+LDAP+MSCHAP

[Alan DeKok]

Jason Schultz [EMAIL PROTECTED] wrote:
 I'm a newbie to radius and am trying to get mschap to authenticate over ppp
 using an ldap server.  I have read through many archives and checked the
 faq's but still no luck.

  The output of the server helps, too.

 rlm_ldap: Password header not found in password usertestpwd for user
 RadiusTestUID

  In the 'ldap' module, you've got:

 password_header = {clear}

  Try adding that to the password in LDAP.

 rad_recv: Access-Request packet from host 127.0.0.1:32807, id=111, length=59
 Service-Type = Framed-User
 Framed-Protocol = PPP
 User-Name = RadiusTestUID
 NAS-IP-Address = 127.0.0.1
 NAS-Port = 0

  And that's an Access-Request without a password, CHAP password, or
MS-CHAP password.  The server will *never* authenticate it.

 modcall[authorize]: module mschap returns noop for request 0

  The mschap module hasn't seen anything it recognizes in the
packet.  MS-CHAP will never work with that packet.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: expired certificate

[Dana Bourgeois]

Sorry, arniel, I don't have a concrete answer for you.  I'm still trying to
get my first EAP/TLS client going.  Its been about 3 days working on it.
The certificate stuff is the worst.  

Here is a thread that might shed some light:
http://www.mail-archive.com/[EMAIL PROTECTED]/msg20440.html.
I think the key is where the discussion mentions that the certificates don't
include a real user name as login would understand it.  The supplicant has a
certificate and it either matches one on the server or it doesn't.  Its kind
of anonymous that way.  Everyone could have the same cert and get on the net
that way.  You're either in the group that can use the AP or you're not.
From a security standpoint, this is disturbing.  Sure, you probably can't
brute force it anymore but if you can human engineer yourself a cert, no one
will ever know you're in and don't belong.

It still looks like you have to use supplicant tools to install the cert.

And now, here are my issues:
I'd like to know if the latest versions of OpenSSL (I have 0.9.6b-29 from
redhat 8) and FreeRADIUS (0.9.2) will work with the latest XP clients (I
have XP SP1 with latest patches from Windows Update).  If not, who knows
what will work?  Please don't tell me that in the 19 months since March
2002, OpenSSL hasn't had the extra code (SNAP?) put into the main tree.  I
saw somewhere that OpenSSL 0.9.7c was used by someone for EAP/TLS
successfully.  Is my 0.9.6b-29 OK?

FYI - for the best tutorial I've seen so far about EAP/TLS certificates in
general, Cisco has a good start:
http://www.cisco.com/warp/public/cc/pd/sqsw/sq/tech/acstl_wp.htm

I realize that RADIUS is only one piece of EAP/TLS but its an important
piece.  IMO there should be a section in the FAQ by now.


Dana Bourgeois

 --__--__--
 
 Message: 2
 From: arniel [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Subject: expired certificate
 Date: Sun, 19 Oct 2003 16:34:15 +0800
 Reply-To: [EMAIL PROTECTED]
 
 Hi Guys,
 
 
 I am implementing EAP-TLS on my network using Freeradius. 
 Just want to ask if there is a better way of re-certifying my 
 client certificate if ever it is already expired? For now, I 
 am doing the manual thing... I have to go over from scratch, 
 like copying root.der and client.p12 and copy it to my 
 clients PC. Then prior to that I also have to remove the 
 expired certificate and replace it with a new one. Its really 
 tidious to do if i have like 10 wireless clients.
 
 Please advice...
 
 Thanks
 
 
 arniel


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Problem running freeradius server

[pinkesh valdria]

Hi Everyone,

This is the first time i am using freeradius server.

I tried running the free radius server in the debug
mode, but it gave me error like 
 failed to link to module 'rlm_expr' file not found

There is no such module on my redhat 9 m/c.

i just want to allow a user defined in the users file
to send a request to the server.

Right now i have commented almost all lines in the
radiusd.conf file.

Now the server runs, but when the client from the
localhost try to acceess it.

it says access denied.

can anybody tell me what is the required minimum
configuration file for this.


awaiting a positive reply

Pinkesh 

__
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Authentication based on interface?

[Anastasios Sotiropoulos]

I have a cicso 3600 with 2 physical interfaces (2 ISDN PRIs) and want
to make 2 usergroups with separate access to them (ex. group1 can login
only from Serial0/0, and group2 - Serial1/0). How could that be done?


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

test scripts question..

[Jack J]

Hi,

I just wanted to know if FreeRadius has any
test scripts that I can run.
I looked at 'radtest'/ 'radclient' frontend
command line tool. 
But I was looking for some scripts to generate and
test various VSAs and such.

Any ideas ?

Thanks,



__
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

doc/tips to configure/enable VSA on FreeRadius.

[Jack J]

Hi,

I looked at doc directory, but could not find any
document how to configure/enable VSAs in FreeRadius.

I just see the 'dictionary' file, but not the
'vendors' file. Where are vendor attribute mappings to
be defined ?

Thanks,

__
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: core dump using freeradius0.9.2 with FreeBSD 5.1

[Rohaizam Abu Bakar]

Can't find the core although it say in log

Oct 20 16:42:20 radius3 kernel: pid 67341 (radiusd), uid 0: exited on
signal 4 (core dumped)

Mon Oct 20 11:41:50 2003 : Error: rlm_ldap:
uniqueIdentifier=208173,ou=RADIUS,ou=People,dc=com
,dc=my bind to x.x.x.x:389 failed: timeout


When runnning FB 5.1 with 0.9.2, at first it will running OK .. then around
15 minutes it will die  BOTH error log appear...

Then when i switch to 0.9.0 ... no core error but only rlm_ldap
error

Currently no authentication is forwarded to above server...  I've reverted
to my FB 4.8 with 0.9.2 that running fine...

What should i do without the CORE??

--haizam



- Original Message -
From: Kostas Kalevras [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, October 20, 2003 8:43 PM
Subject: Re: core dump using freeradius0.9.2 with FreeBSD 5.1


 On Mon, 20 Oct 2003, Rohaizam Abu Bakar wrote:

  even 0.9.0 having problem with FreeBSD 5.1 ... something about rlm_ldap


 Please read doc/bugs and send a backtrace of the core dump to the list.

 Thanks

 
  --haizam
 
- Original Message -
From: Rohaizam Abu Bakar
To: [EMAIL PROTECTED]
Sent: Monday, October 20, 2003 6:53 PM
Subject: core dump using freeradius0.9.2 with FreeBSD 5.1
 
 
 
Using freeradius 0.9.2 with FreeBSD 5.1.. All compilations seems Ok...
even starting up doesn't give any problem... But once pumping load into it
(not that heavy)... then it keep core dumping as shown in below log..
 
Currently i revert back to freeradius 0.9.0 with my FreeBSD 5.1 ...
 
FYI... freeradius 0.9.2 inside my FreeBSD 4.8 runnning fine...
 
 
LOG
=
i) from system log
 
Oct 20 16:42:20 radius3 kernel: pid 67341 (radiusd), uid 0: exited on
signal 4 (core dumped)
Oct 20 16:42:20 radius3 kernel: Oct 20 16:42:20 radius3 kernel: pid
67341
(radiusd), uid 0: exited on signal 4 (core dumped)
Oct 20 17:02:02 radius3 kernel: pid 68054 (radiusd), uid 0: exited on
signal 4 (core dumped)
Oct 20 17:02:02 radius3 kernel: Oct 20 17:02:02 radius3 kernel: pid
68054
(radiusd), uid 0: exited on signal 4 (core dumped)
Oct 20 17:34:01 radius3 kernel: pid 69185 (radiusd), uid 0: exited on
signal 4 (core dumped)
Oct 20 17:34:01 radius3 kernel: Oct 20 17:34:01 radius3 kernel: pid
69185
(radiusd), uid 0: exited on signal 4 (core dumped)
Oct 20 17:46:27 radius3 kernel: pid 69671 (radiusd), uid 0: exited on
signal 4 (core dumped)
Oct 20 17:46:27 radius3 kernel: Oct 20 17:46:27 radius3 kernel: pid
69671
(radiusd), uid 0: exited on signal 4 (core dumped)
 
ii) from radius.log
 
Mon Oct 20 18:37:00 2003 : Error: rlm_ldap:
uniqueIdentifier=227523,ou=RADIUS,ou=People,dc=com,dc=my bind to x.x.x.x:389
failed: timeout
Mon Oct 20 18:37:00 2003 : Error: rlm_ldap:
uniqueIdentifier=717710,ou=RADIUS,ou=People,dc=com,dc=my bind to x.x.x.x:389
failed: timeout
Mon Oct 20 18:37:03 2003 : Error: rlm_ldap:
uniqueIdentifier=983053,ou=RADIUS,ou=People,dc=com,dc=my bind to x.x.x.x:389
failed: timeout
 
 
--haizam
 

 --
 Kostas Kalevras Network Operations Center
 [EMAIL PROTECTED] National Technical University of Athens, Greece
 Work Phone: +30 210 7721861
 'Go back to the shadow' Gandalf

 -
 List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html