Re: Problem in authenticating user in NIS+ compat mode
Dear Alan, I checked carefull when running radiusd -X, the radius server reads user info from /etc/passwd , /etc/shadow and /etc/group. As user info is stored in NIS+ tables, do you have any suggestions/modifications on rlm_unix modules in order to read user info fom NIS+ tables. Thank you. Regards akongr Alan DeKok wrote: akongr <[EMAIL PROTECTED]> wrote: There was no problem if the user entry was entered in the /etc/passwd and /etc/shadow. However the user cound not be authenticated if the user was added in NIS format:+testuser: Then I would say that the problem lies with configuring the user inNIS+ on your system. So far as FreeRADIUS is concerned, it just asksfor the password from the "system", and doesn't know (or care) if itcomes from /etc/passwd, or NIS+ Alan DeKok.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
http://www.toti.com.tr/kampanya_haziran.htm
http://www.toti.com.tr/kampanya_haziran.htm Adresini Tıklatın 100'lerce bilgisayar modeli bir arada Telefonla bilgi için : (212) 543 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Max 6000 Sql
Sorry about replying to a reply... but I didn't see the original message. > > I have just got a new Max6000 Nas but the problem is, it is sending all > > sorts of other info such as dialin number where the username is suposed to > > be > ... > > Why would this be? This happens when you have enabled CLID or DNIS authorization in the MAX setup. Check your documentation about authorization types in the MAX. -- Damjan Georgievski jabberID: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Max 6000 Sql
"Rhys (Gallamda)" <[EMAIL PROTECTED]> wrote: > I have just got a new Max6000 Nas but the problem is, it is sending all > sorts of other info such as dialin number where the username is suposed to > be ... > Why would this be? Ask the NAS vendor. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How best to patch md5.h problem?
Gary Algier <[EMAIL PROTECTED]> wrote: > I have a problem with getting FreeRADIUS to include gdbm.h. FreeRADIUS (the server core) doesn't use gdbm.h. One or more of the modules may use it. If using 'configure' doesn't work, then edit the Makefiles directly. They're not large. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[OT] Radius atributes support in a WiFi AP
Sorry if this is offtopic, but it seems there are a lot of people here using freeradius with 802.1x wireless access points. I've also set up freeradius and a (prety dumb) USRobotics access point, and it works ok, but I was wondering what additional settings can I make in the radius reply to the AP, if any. Since my AP doesn't have any documentation about its radius support, I was wondering if there is some common set of Radius Atributes supported by all wireless access points?!? -- Damjan Georgievski jabberID: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Max 6000 Sql
Hello, I have a installed FreeRadius and it works fine with Sql support I have an Old NT4 box as a Radius Client, this works fine with teh radius server I have just got a new Max6000 Nas but the problem is, it is sending all sorts of other info such as dialin number where the username is suposed to be for example User-Name = "51363500" User-Password = "Ascend-DNIS" NAS-IP-Address = 202.76.188.138 NAS-Port = 20103 NAS-Port-Type = Async Service-Type = Outbound-User State = 0x Called-Station-Id = "51363500" Framed-IP-Address = 202.76.1.1 Acct-Session-Id = "299504288" Why would this be? Thanks Rhys - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Status... rlm_ldap problem
I've sent all the error log/debug output before .. but Kostas ask me to troubleshoot more but i do not know where to start. I will explain again below: Problem A - Problem only exist when using FreeBSD 5.1 - with freeradius 0.9.2 & also 0.9.0 (not tested in 0.9.1) - My LDAP server working fine all along(tested using manual ldapsearch when problem happen) i) Error from radius.log Mon Oct 20 18:37:00 2003 : Error: rlm_ldap: uniqueIdentifier=227523,ou=RADIUS,ou=People,dc=com,dc=my bind to x.x.x.x:389 failed: timeout Mon Oct 20 18:37:00 2003 : Error: rlm_ldap: uniqueIdentifier=717710,ou=RADIUS,ou=People,dc=com,dc=my bind to x.x.x.x:389 failed: timeout Mon Oct 20 18:37:03 2003 : Error: rlm_ldap: uniqueIdentifier=983053,ou=RADIUS,ou=People,dc=com,dc=my bind to x.x.x.x:389 failed: timeout ii) From debug output ... rlm_ldap: performing search in ou=People,dc=jaring,dc=my, with filter (uid=spts) rlm_ldap: checking if remote access for spts is allowed by dialupAccess rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusSessionTimeout as Session-Timeout, value 21600 & op=11 rlm_ldap: Adding radiusFramedCompression as Framed-Compression, value Van-Jacobson-TCP-IP & op=11 rlm_ldap: Adding radiusFramedMTU as Framed-MTU, value 1500 & op=11 rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP & op=11 rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User & op=11 rlm_ldap: user spts authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap1" returns ok for request 561 modcall: group redundant returns ok for request 561 modcall: group authorize returns ok for request 561 rad_check_password: Found Auth-Type LDAP auth: type "LDAP" modcall: entering group Auth-Type for request 561 modcall: entering group redundant for request 561 rlm_ldap: - authenticate rlm_ldap: login attempt by "spts" with password "" rlm_ldap: user DN: uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my rlm_ldap: (re)connect to 61.6.32.201:389, authentication 1 rlm_ldap: bind as uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my/spts2003 to 61.6.32 .201:389 rlm_ldap: waiting for bind result ... rlm_ldap: ldap_result() rlm_ldap: uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my bind to 61.6.32.201:389 fai led: timeout rlm_ldap: ldap_connect() failed modcall[authenticate]: module "ldap1" returns fail for request 561 rlm_ldap: - authenticate rlm_ldap: login attempt by "spts" with password "" rlm_ldap: user DN: uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my rlm_ldap: (re)connect to 61.6.32.97:389, authentication 1 rlm_ldap: bind as uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my/spts2003 to 61.6.32 .97:389 rlm_ldap: waiting for bind result ... rlm_ldap: ldap_result() rlm_ldap: uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my bind to 61.6.32.97:389 fail ed: timeout rlm_ldap: ldap_connect() failed modcall[authenticate]: module "ldap2" returns fail for request 561 modcall: group redundant returns fail for request 561 modcall: group Auth-Type returns fail for request 561 auth: Failed to validate the user. Login incorrect: [spts] (from client jhb34 port 239 cli 072270533) Delaying request 561 for 1 seconds Finished request 561 Going to the next request . Problem B - ADDED to above problem.. I'm still having "Unresponsive child" problem - LDAP working fine... - not that critical compare to above... i) From radius.log Wed Nov 12 00:59:52 2003 : Error: WARNING: Unresponsive child (id 136795136) for request 322196 Wed Nov 12 01:00:13 2003 : Error: WARNING: Unresponsive child (id 136585216) for request 322292 Wed Nov 12 08:42:48 2003 : Error: WARNING: Unresponsive child (id 135698432) for request 15206 ii) My ldap setting in radiusd.conf - maybe tuning is needed here. max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 256000 hostname_lookups = yes allow_core_dumps = no start_servers = 20 max_servers = 1024 min_spare_servers = 10 max_spare_servers = 20 ldap ldap2 { server = "10.1.1.1" identity = "cn=Sysadmin,ou=Applications,dc=jaring,dc=my" password = XX basedn = "ou=People,dc=jaring,dc=my" filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" start_tls = no access_attr = "dialupAccess" dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 256 timeout = 10 timelimit =10 net_timeout = 5 } Hopefully above info good enough to troubleshoot the problem... --haizam - Original Message - From: "Alan DeKok" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, November 10, 2003 10:47 PM Subject: Re: Status... > "
Re: OSX Installation Using Mysql
Actually, on a second look, I think the problem is that you try to configure MySQL with --disable-shared. You should have MySQL built _with_ shared libraries (ie. omit the --disabled-shared option), and I am not sure Jaguar allows for that. Only then can freeRADIUS build the rlm_sql_mysql driver successfully. This is mentioned in a compiler warning. Make sure freeRADIUS built the rlm_sql_mysql driver. -Andreas On Nov 10, 2003, at 11:35 AM, Julien Gabry wrote: Hello, Thanks you for your fast answer. I have tryed your pertinent solutions about dylib, tried also to recompile rlm-sql dynamically and many other things without any more success. But anyway I will switch to panther soon. So thanks you very much for your help PS: sorry for my previous double post Julien - Original Message - From: "Andreas Wolf" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, November 07, 2003 9:05 PM Subject: Re: OSX Installation Using Mysql On Sep 6, 2003, at 9:24 PM, Julien Gabry wrote: Hello I have been able to compile freeradius on mac os X 10.2.8 (jaguar) The freeradius is ok I can authentify, everything look great I have also install mysql and import all needed database for dialup_admin. But I can't activate the rlm_sql_mysql driver. The error message that i get while launching the check-config script or radiusd with option -X is : rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. I have tryed many things to solve it without success I have tryed to compile mysql from the source instead of using apple package I have try several different path for the configure option ./configure --with-mysql-dir=/usr/local/bin --with-mysql-lib-dir=/usr/local/ lib/mysql --with-mysql-include-dir=/usr/local/include/mysql --disable-shared ./configure --with-mysql-dir=/Library/MySQL/bin --with-mysql-lib-dir=/Librar y/MySQL/lib/mysql --with-mysql-include-dir=/Library/MySQL/include/mysql --di sable-shared and many others ... I have also tryed to link the lib manually with common OSX tool (dyld, ld, libtool, ar, ...) So my questions are the following : Did someone has been able to use the mysql modules with free radius on OSX? What should be the way to link properly/correctly the rlm_sql_mysql lib ? How can i check that my MySQL is link as static ? Thanks you in advance I bet you are running into the limitations of having build everything statically. Some rlm modules appear to not work well when linked statically on any platform (so I've been told). On Jaguar I also haven't been able to compile freeRADIUS without the --disable-shared option. On Panther freeRadius builds and runs just fine with dynamic libs without a glitch! One thing you may try on Jaguar is to force linking the rlm_sql_mysql library: % setenv DYLD_INSERT_LIBRARIES -Andreas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Andreas Wolf Apple Computer, Inc. Technologies, AirPort Engineering - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MySQL and encrypted passwords
None of the suggestions seem to have worked. I have run radiusd in debugging mode and it comes up with this however; auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Below are the relevant tables for the user; mysql> select * from radgroupreply; ++---+++-+--+ | id | GroupName | Attribute | op | Value | prio | ++---+++-+--+ | 1 | static | Framed-Protocol | := | PPP | 0 | | 2 | static | Service-Type | := | Framed-User | 0 | | 3 | static | Framed-Compression | := | Van-Jacobsen-TCP-IP | 0 | | 4 | static | Framed-MTU | := | 1460 | 0 | ++---+++-+--+ 4 rows in set (0.00 sec) mysql> select * from usergroup; ++--+---+ | id | UserName | GroupName | ++--+---+ | 1 | [EMAIL PROTECTED] | static | | 4 | [EMAIL PROTECTED] | static | ++--+---+ 2 rows in set (0.00 sec) mysql> select * from radgroupcheck; ++---+---++---+ | id | GroupName | Attribute | op | Value | ++---+---++---+ | 2 | static | Auth-Type | := | MD5 | ++---+---++---+ 1 row in set (0.00 sec) mysql> select * from radcheck; ++--+---++--+ | id | UserName | Attribute | op | Value | ++--+---++--+ | 1 | [EMAIL PROTECTED] | Password | == | f07aac8d7d9a859726ddcc7a96b0af8c | | 4 | [EMAIL PROTECTED] | Password | == | ezekeil65OOP | ++--+---++--+ 2 rows in set (0.01 sec) If anyone could help to get it authenticating via MD5 it would be most appreciated. Regards. Nikolas. From: Sergio Jose Ferreira [mailto:[EMAIL PROTECTED] Sent: Tuesday, 11 November 2003 8:18 PM To: [EMAIL PROTECTED] Subject: RES: MySQL and encrypted passwords Hi Nikolas, Try : to plain password : | 1 | [EMAIL PROTECTED] | User-Password | == | password | to Crypt password : | 1 | [EMAIL PROTECTED] | Crypt-Password | == | f07aac8d7d9a859726ddcc7a96b0af8c | Sergio Jose Ferreira WGO Internet Catalao - Go - Brazil -Mensagem original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Em nome de Nikolas Geyer Enviada em: segunda-feira, 10 de novembro de 2003 23:26 Para: [EMAIL PROTECTED] Assunto: MySQL and encrypted passwords Hi all, Hoping someone can help me. I have just installed FreeRadius on a FreeBSD 5.1-STABLE system, using MySQL as the database backend. The problem I am running into is it wont seem to authenticate users unless they are using plain passwords. I have set pap in radiusd.conf to authenticate via MD5, and here is an excerpt of a user in the database; | 1 | [EMAIL PROTECTED] | Password | == | f07aac8d7d9a859726ddcc7a96b0af8c | If I authenticate using the password that has been made into a MD5 hash, it fails. If I authenticate using the md5 hash as a clear text password, it authenticates (im using NTRadPing to test). If anyone has had these problems, or could help out it would be most appreciated. Regards, Nikolas. -- Nikolas GeyerSystems AdministrationInfinite NetworksPh: 02 6239 2152Fax: 02 6239 2041 13 Wiluna StreetFyshwick ACT 2609 http://www.infinite.net.au/ IMPORTANT NOTICE: This message may contain privileged and confidentialinformation intended only for the above named addressee. If you are not theintended recipient of this message, you are hereby notified that any use,distribution or reproduction of this message or any part thereof isprohibited. Any views expressed in this message are those of the individualsender and may not necessarily reflect the views of Infinite Networks.
How best to patch md5.h problem?
I have a problem with getting FreeRADIUS to include gdbm.h. Here's what I tried: 1) CPPFLAGS=-I/opt/somewhere/include ./configure ... This did not work. I need to use CFLAGS. 2) CFLAGS=-I/opt/somewhere/include ./configure ... This fails when I compile several files as it finds the SASL copy of md5.h I have in /opt/somewhere/include. That one matches only part of the file included in FreeRADIUS. 3) ./configure ... --with-rlm-counter-include=/opt/somewhere/include That --with clause is not implemented. Besides, I would need a --with clause for many modules and radius.c would not use any of them. The basic problem seems to be a "name space collision" on md5.h. So, if I were to fix it, I am thinking that I could: a) Change all the compile steps in the Makefiles from something like: $(CC) $(CFLAGS) ... -I../../include ... to something like: $(CC) -I../../include $(CFLAGS) ... b) Change md5.h as supplied to match the "standard" of multiple files "md5global.h" and "md5.h" so that any SASL (or similar) include files will work. I then would need to modify each place that md5.h is included. c) Change md5.h as supplied to "freeradius-md5.h" and then modify each place that md5.h is included. The disadvantages of each as I see it: a) may only mask problems or even introduce other problems. b) may have problems if the "system" md5.h ever does not match. c) will "privatize" md5. Perhaps this could have problems if a linked, library function calls an md5 function with a different interface but the same function name and it links to a function in FreeRADIUS. All this is reminiscient of the old "my strlen is better than yours" days. (Anyone remember the "Whitesmith" compiler and its "better" interface?) Suggestions? -- Gary Algier, WB2FWZ gaa at ulticom.com +1 856 787 2758 Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054 Fax:+1 856 866 2033 Nielsen's First Law of Computer Manuals: People don't read documentation voluntarily. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
cisco_vsa_hack
Mr. Alan DeKok: For my application is very important to have the patch (cisco_vsa_hack patch) we are running a VoIP Billing application an is very important to have striped the Cisco-AVPpair from the RADIUS Account records stored in our Database for multiple reasons (statistics & more). Please send me more information about how to get, compile, install & run this patch. We appreciate. We are running a Box with Linux Red Hat 8.0, MySQL 3.23.53 & FreeRadius 0.9.1. Or, do you have a different solution for this scenario? Thanks in advance & Congrats for your efforts. Many people, I'm sure, have the same necessity. My best Regards => Alfonso _ Do You Yahoo!? La mejor conexión a internet y 25MB extra a tu correo por $100 al mes. http://net.yahoo.com.mx - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: -lssl needs -lcrypto
Alan DeKok wrote: Gary Algier <[EMAIL PROTECTED]> wrote: Swapping the tests fails because it won't look for -lcrypto until too late. I think the tests need to be rewritten. That's nice. Do you have a patch? Yes. See attached. 5 files modified: aclocal.m4 -- The AC_SMART_CHECK_LIB macro was modified to allow arguments before (not needed here) and after (for -lcrypto) the library. configure.in (in 2 places) -- Modified to: a) Not try to link -lssl unless -lcrypto worked b) Pass -lcrypto to AC_SMART_CHECK_LIB configure (in 2 places) -- I did not include these as they can be regenerated with autoconf. I tried the first time, but my email was too large so it was rejected. Alan DeKok. -- Gary Algier, WB2FWZ gaa at ulticom.com +1 856 787 2758 Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054 Fax:+1 856 866 2033 Nielsen's First Law of Computer Manuals: People don't read documentation voluntarily. Index: aclocal.m4 === RCS file: /u/itsrc/cvs/security/radius/freeradius/aclocal.m4,v retrieving revision 1.1.1.1 retrieving revision 1.1.1.1.2.1 diff -u -u -r1.1.1.1 -r1.1.1.1.2.1 --- aclocal.m4 10 Nov 2003 21:46:37 - 1.1.1.1 +++ aclocal.m4 11 Nov 2003 22:21:07 - 1.1.1.1.2.1 @@ -4037,21 +4037,21 @@ dnl # Try to link it first, using the default libs && library paths dnl # old_LIBS="$LIBS" - LIBS="$LIBS -l$1" + LIBS="$LIBS $3 -l$1 $4" AC_TRY_LINK([extern char $2();], [ $2()], - smart_lib="-l$1") + smart_lib="$3 -l$1 $4") if test "x$smart_lib" = "x"; then AC_LOCATE_DIR(smart_lib_dir,[lib$1${libltdl_cv_shlibext}]) AC_LOCATE_DIR(smart_lib_dir,[lib$1.a]) for try in $smart_try_dir $smart_lib_dir /usr/local/lib/ /opt/lib; do - LIBS="$old_LIBS -L$try -l$1" + LIBS="$old_LIBS -L$try $3 -l$1 $4" AC_TRY_LINK([extern char $2();], [ $2()], - smart_lib="-L$try -l$1") + smart_lib="-L$try $3 -l$1 $4") if test "x$smart_lib" != "x"; then break; fi Index: src/modules/rlm_eap/types/rlm_eap_tls/configure.in === RCS file: /u/itsrc/cvs/security/radius/freeradius/src/modules/rlm_eap/types/rlm_eap_tls/configure.in,v retrieving revision 1.1.1.1 retrieving revision 1.1.1.1.2.1 diff -u -u -r1.1.1.1 -r1.1.1.1.2.1 --- src/modules/rlm_eap/types/rlm_eap_tls/configure.in 10 Nov 2003 21:46:56 - 1.1.1.1 +++ src/modules/rlm_eap/types/rlm_eap_tls/configure.in 11 Nov 2003 22:21:50 - 1.1.1.1.2.1 @@ -53,7 +53,9 @@ fail="$fail libcrypto" fi - AC_SMART_CHECK_LIB(ssl, SSL_new) +if test "x$ac_cv_lib_crypto_DH_new" = "xyes"; then + AC_SMART_CHECK_LIB(ssl, SSL_new, , -lcrypto) +fi if test "x$ac_cv_lib_ssl_SSL_new" != "xyes"; then fail="$fail libssl" fi Index: src/modules/rlm_ldap/configure.in === RCS file: /u/itsrc/cvs/security/radius/freeradius/src/modules/rlm_ldap/configure.in,v retrieving revision 1.1.1.1 retrieving revision 1.1.1.1.2.1 diff -u -u -r1.1.1.1 -r1.1.1.1.2.1 --- src/modules/rlm_ldap/configure.in 10 Nov 2003 21:46:52 - 1.1.1.1 +++ src/modules/rlm_ldap/configure.in 11 Nov 2003 22:21:51 - 1.1.1.1.2.1 @@ -49,7 +49,9 @@ AC_SMART_CHECK_LIB(sasl, sasl_encode) AC_SMART_CHECK_LIB(crypto, DH_new) - AC_SMART_CHECK_LIB(ssl, SSL_new) + if test "x$ac_cv_lib_crypto_DH_new" = "xyes"; then + AC_SMART_CHECK_LIB(ssl, SSL_new, ,-lcrypto) + fi smart_try_dir=$rlm_ldap_lib_dir AC_SMART_CHECK_LIB(lber, ber_init)
Re: SecureID support
Jay Wilson wrote: I have searched the mail archive for posts on SecureID support. I found a couple of hits from back in 2001. Does FreeRADIUS support SecureID today? No (not yet?). I want the same feature. I intend to run the Ace Server's own RADIUS server (which uses its own braindead GUI/CUI/FUI, etc.) for radius access to SecurID. I then intend to use FreeRADIUS as the frontend or proxy server. When I need a login to be SecurID authenticated it can refer the work to the Ace server. Other logins can use the FreeRADIUS server directly. If I have time and can figure it out, I may try writing an rlm_securid module. How hard can that be ;-)? BTW: In my searches for a RADIUS implementation that support SecurID, the best I could find was the old Livingston code. All the derivatives seem to have dropped it. Thank You --- Jay Wilson Extreme Networks -- Gary Algier, WB2FWZ gaa at ulticom.com +1 856 787 2758 Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054 Fax:+1 856 866 2033 Nielsen's First Law of Computer Manuals: People don't read documentation voluntarily. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CPPFLAGS not always used
Gary Algier <[EMAIL PROTECTED]> wrote: > CPP stands for C PreProcessor. The CPPFLAGS variable is for > passing values to the cpp phase. CFLAGS is for passing values > to the other phases. Ah yes, sorry. In any case, I don't know what configure does, but FreeRADIUS doesn't use CDPPFLAGS anywhere that I recall. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SecureID support
Jay Wilson <[EMAIL PROTECTED]> wrote: > I have searched the mail archive for posts on SecureID support. I > found a couple of hits from back in 2001. Does FreeRADIUS support > SecureID today? No. SecurID is proprietary. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Peap, XP, Aironet 1200
I am having trouble. I think I have peap mostly working. However I make it to here and no further: ... Tue Nov 11 17:30:15 2003 : Debug: auth: type "EAP" Tue Nov 11 17:30:15 2003 : Debug: modcall: entering group authenticate for request 0 Tue Nov 11 17:30:15 2003 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 0 Tue Nov 11 17:30:15 2003 : Debug: rlm_eap: EAP Identity Tue Nov 11 17:30:15 2003 : Debug: rlm_eap: processing type tls Tue Nov 11 17:30:15 2003 : Debug: rlm_eap_tls: Initiate Tue Nov 11 17:30:15 2003 : Debug: rlm_eap_tls: Start returned 1 Tue Nov 11 17:30:15 2003 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 0 Tue Nov 11 17:30:15 2003 : Debug: modcall[authenticate]: module "eap" returns ok for request 0 Tue Nov 11 17:30:15 2003 : Debug: modcall: group authenticate returns ok for request 0 Tue Nov 11 17:30:15 2003 : Auth: Login OK: [wer] (from client bill port 37 cli 000dbd05196d) Sending Access-Challenge of id 50 to xxx.xxx.xxx.xxx:1074 EAP-Message = 0x010300061920 Message-Authenticator = 0x State = 0x7ccfeaae99381eb63b6fa53680227296 EAP-Message = 0x010300061920 State = 0x6c5e42fb077a8f93a4122d3835f9a2f7 Tue Nov 11 17:30:15 2003 : Debug: Finished request 0 Tue Nov 11 17:30:15 2003 : Debug: Going to the next request Tue Nov 11 17:30:15 2003 : Debug: --- Walking the entire request list --- Tue Nov 11 17:30:15 2003 : Debug: Waking up in 6 seconds... Tue Nov 11 17:30:21 2003 : Debug: --- Walking the entire request list --- Tue Nov 11 17:30:21 2003 : Debug: Cleaning up request 0 ID 50 with timestamp 3fb162f7 Tue Nov 11 17:30:21 2003 : Debug: Nothing to do. Sleeping until we see a request. >From this point on things just hang out. windows ends up thinking it is enabled, all the while it never got its attributes. The AP reports that there is an "eap pending". My user looks like this. wer User-Password == "testtest" Framed-IP-Address = xxx.xxx.xxx.234 Framed-IP-Netmask = 255.255.255.255 I compiled with openssl 0.9.7c I think my certs are fine (the root was installed on the client) though I don't know if I need to compile with openssl 0.9.7beta3 or not to use peap. Also I was not sure what the "DH" file is, does Diffie-Hellman want to store dynamic keys there? Should it just be an empty file ("dh_file =" under tls {})? Any obvious words of wisdom or did I not provide enough information? Thank you, -=Bill - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CPPFLAGS not always used
Alan DeKok wrote: Gary Algier <[EMAIL PROTECTED]> wrote: In trying to build FreeRadius 0.9.2 for the first time on Solaris 8, I set CPPFLAGS Nothing in the server is C++. CPPFLAGS is ignored entirely. No it isn't: "configure" uses it when running its tests. CPP stands for C PreProcessor. The CPPFLAGS variable is for passing values to the cpp phase. CFLAGS is for passing values to the other phases. CXXFLAGS is used for C++. (See the autoconf docs). How can we get these flag values to work properly? Use CFLAGS. Ok. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Gary Algier, WB2FWZ gaa at ulticom.com +1 856 787 2758 Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054 Fax:+1 856 866 2033 Nielsen's First Law of Computer Manuals: People don't read documentation voluntarily. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SecureID support
I have searched the mail archive for posts on SecureID support. I found a couple of hits from back in 2001. Does FreeRADIUS support SecureID today? Thank You --- Jay Wilson Extreme Networks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: -lssl needs -lcrypto
Gary Algier <[EMAIL PROTECTED]> wrote: > Swapping > the tests fails because it won't look for -lcrypto until too late. I > think the tests need to be rewritten. That's nice. Do you have a patch? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CPPFLAGS not always used
Gary Algier <[EMAIL PROTECTED]> wrote: > In trying to build FreeRadius 0.9.2 for the first time on Solaris 8, > I set CPPFLAGS Nothing in the server is C++. CPPFLAGS is ignored entirely. > How can we get these flag values to work properly? Use CFLAGS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-lssl needs -lcrypto
In trying to build FreeRadius 0.9.2 for the first time on Solaris 8, I found that the configure code (in several places) tries to find SSL_new in -lssl. However, to use -lssl, it needs -lcrypto _after_ -lssl. The search for -lcrypto places the link arguments in the wrong order. Swapping the tests fails because it won't look for -lcrypto until too late. I think the tests need to be rewritten. -- Gary Algier, WB2FWZ gaa at ulticom.com +1 856 787 2758 Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054 Fax:+1 856 866 2033 Nielsen's First Law of Computer Manuals: People don't read documentation voluntarily. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
CPPFLAGS not always used
In trying to build FreeRadius 0.9.2 for the first time on Solaris 8, I set CPPFLAGS (and LDFLAGS) in the environment when running "./configure". It uses these values to find (some) of the libraries, but when I do the "make", the compile for rlm_counter.c fails: rlm_counter.c:38:18: gdbm.h: No such file or directory How can we get these flag values to work properly? I don't think using "--with-rlm-FOO-include" is a good solution as I would essentially need to define these directories for each FOO. Also, one can't give --with-rlm-FOO-include multiple directories. -- Gary Algier, WB2FWZ gaa at ulticom.com +1 856 787 2758 Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054 Fax:+1 856 866 2033 Nielsen's First Law of Computer Manuals: People don't read documentation voluntarily. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 0.9.2 compile issues
"ERIC M REISCHER" <[EMAIL PROTECTED]> wrote: > When compiling 0.9.2 on a Debian/GNU machine with binutils 2.12.90.0.1, I > receive the following compile errors (same error on multiple machines): > > mode=link ld \ > -module -static -Wall -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall It's not using libtool to do the build. Allow it to use libtool, and it will work. To make a guess, I'd say you used 'configure' options, which you didn't tell us. Those options broke the build. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Status...
ave Mason <[EMAIL PROTECTED]> wrote: > That's what I thought, but the Freeradius web site says this: "It > currently only supports Microsoft's MS-CHAPv2 version of tunneled EAP > authentication, so Cisco clients will most likely not work." Mostly because 90% of PEAP clients do only MS-CHAPv2. The other 10% do GTC, which isn't implemented. If your PEAP client will do another EAP method, FreeRADIUS should handle it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: relovation error with yesterday's snapshot (freeradius-snapshot-20031110)
hi andreas thanx for your post, however, in my snapshot, the RLM_LIBS isn't even used. there is a CLIENTLIBS instead and it is set to exactly the value as Markus proposed it. well, i don't quite understand what i should set to what. anyway, i will take a deeper look to it, but i wanted to mention this problem to the developers... ciao artur Andreas Wolf wrote: see Markus Obermeier's post from 11/09, it worked for me. In the makefile there is the link to the newly introduced libeap missing, therefore the correct way to fix it is to add the following line instead RLM_LIBS = -Llibeap -leap to the Makefile.in as shown above. Do a 'clean', 'configure' and 'make' again. Regards, Markus -A On Nov 11, 2003, at 11:41 AM, Artur Hecker wrote: hi after the build of the freeradius-snapshot-20031110 on a completely fresh debian (unstable) i have problems starting radiusd (without even touching to its config): radiusd: FreeRADIUS Version 1.0.0-pre0, for host i686-pc-linux-gnu extract of radiusd -s -X: <...> Module: Loaded eap eap: default_eap_type = "md5" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no ../../sbin/radiusd: relocation error: /usr/local/lib/rlm_eap-1.0.0-pre0.so: undefined symbol: eaptype_name2type but still ldd doesn't show any errors: wss:~# ldd /usr/local/lib/rlm_eap-1.0.0-pre0.so libnsl.so.1 => /lib/libnsl.so.1 (0x4000b000) libresolv.so.2 => /lib/libresolv.so.2 (0x4002) libpthread.so.0 => /lib/libpthread.so.0 (0x40033000) libc.so.6 => /lib/libc.so.6 (0x40084000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x8000) i tried to put /usr/local/lib in the /etc/ld.so.conf and rebuilding cache, but that of course didn't change anything. what is wrong and what could i do? :-) thanks in advance, artur -- __ Artur Heckerhttp://www.enst.fr/~hecker Groupe Accès et Mobilité / Computer Science and Networks E N S T Paris ___ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Andreas Wolf Apple Computer, Inc. Technologies, AirPort Engineering - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- __ Artur Heckerhttp://www.enst.fr/~hecker Groupe Accès et Mobilité / Computer Science and Networks E N S T Paris ___ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: relovation error with yesterday's snapshot (freeradius-snapshot-20031110)
see Markus Obermeier's post from 11/09, it worked for me. In the makefile there is the link to the newly introduced libeap missing, therefore the correct way to fix it is to add the following line instead RLM_LIBS = -Llibeap -leap to the Makefile.in as shown above. Do a 'clean', 'configure' and 'make' again. Regards, Markus -A On Nov 11, 2003, at 11:41 AM, Artur Hecker wrote: hi after the build of the freeradius-snapshot-20031110 on a completely fresh debian (unstable) i have problems starting radiusd (without even touching to its config): radiusd: FreeRADIUS Version 1.0.0-pre0, for host i686-pc-linux-gnu extract of radiusd -s -X: <...> Module: Loaded eap eap: default_eap_type = "md5" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no ../../sbin/radiusd: relocation error: /usr/local/lib/rlm_eap-1.0.0-pre0.so: undefined symbol: eaptype_name2type but still ldd doesn't show any errors: wss:~# ldd /usr/local/lib/rlm_eap-1.0.0-pre0.so libnsl.so.1 => /lib/libnsl.so.1 (0x4000b000) libresolv.so.2 => /lib/libresolv.so.2 (0x4002) libpthread.so.0 => /lib/libpthread.so.0 (0x40033000) libc.so.6 => /lib/libc.so.6 (0x40084000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x8000) i tried to put /usr/local/lib in the /etc/ld.so.conf and rebuilding cache, but that of course didn't change anything. what is wrong and what could i do? :-) thanks in advance, artur -- __ Artur Heckerhttp://www.enst.fr/~hecker Groupe Accès et Mobilité / Computer Science and Networks E N S T Paris ___ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Andreas Wolf Apple Computer, Inc. Technologies, AirPort Engineering - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
relovation error with yesterday's snapshot (freeradius-snapshot-20031110)
hi after the build of the freeradius-snapshot-20031110 on a completely fresh debian (unstable) i have problems starting radiusd (without even touching to its config): radiusd: FreeRADIUS Version 1.0.0-pre0, for host i686-pc-linux-gnu extract of radiusd -s -X: <...> Module: Loaded eap eap: default_eap_type = "md5" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no ../../sbin/radiusd: relocation error: /usr/local/lib/rlm_eap-1.0.0-pre0.so: undefined symbol: eaptype_name2type but still ldd doesn't show any errors: wss:~# ldd /usr/local/lib/rlm_eap-1.0.0-pre0.so libnsl.so.1 => /lib/libnsl.so.1 (0x4000b000) libresolv.so.2 => /lib/libresolv.so.2 (0x4002) libpthread.so.0 => /lib/libpthread.so.0 (0x40033000) libc.so.6 => /lib/libc.so.6 (0x40084000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x8000) i tried to put /usr/local/lib in the /etc/ld.so.conf and rebuilding cache, but that of course didn't change anything. what is wrong and what could i do? :-) thanks in advance, artur -- __ Artur Heckerhttp://www.enst.fr/~hecker Groupe Accès et Mobilité / Computer Science and Networks E N S T Paris ___ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: 0.9.2 compile issues
> From: ERIC M REISCHER > Sent: Wednesday, 12 November 2003 5:10 AM > When compiling 0.9.2 on a Debian/GNU machine with binutils 2.12.90.0.1, I > receive the following compile errors (same error on multiple machines): > mode=link ld \ > -module -static -Wall -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall > -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align > -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations > -Wnested-externs -D_LIBRADIUS -I../include dict.o print.o radius.o valuepair.o > token.o misc.o log.o filters.o missing.o md4.o md5.o sha1.o hmac.o snprintf.o > isaac.o smbdes.o crypt.o -o libradius.a > ld: unrecognised emulation mode: odule > Supported emulations: elf_i386 i386linux > make[5]: [libradius.a] Error 1 (ignored) > ...and... > mode=link gcc -release 0.9.2 \ > -module -Wall -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall > -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align > -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations > -Wnested-externs -D_LIBRADIUS -I../include -o libradius.la -rpath > /usr/lib/freeradius dict.lo print.lo radius.lo valuepair.lo token.lo misc.lo > log.lo filters.lo missing.lo md4.lo md5.lo sha1.lo hmac.lo snprintf.lo isaac.lo > smbdes.lo crypt.lo > gcc: 0.9.2: No such file or directory > gcc: /usr/lib/freeradius: No such file or directory > gcc: dict.lo: No such file or directory > ... > gcc: crypt.lo: No such file or directory > gcc: unrecognized option `-release' > gcc: unrecognized option `-rpath' > gcc: No input files > make[5]: [libradius.la] Error 1 (ignored) > > The build continues on, but eventually fails later on due to the above libraries > not being built. The last version I attempted to compile was 0.5, and it ran > successfully. What version of the libtool and/or libtool1.4 packages do you have installed? This looks _like_ (but is not identical to) the errors that not having libtool1.4 caused. -- Paul "TBBle" Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] On a sidewalk near Portland State University someone wrote `Trust Jesus', and someone else wrote `But Cut the Cards'. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 0.9.2 compile issues
Bad Dobby!! Install libtool and all is well again. Sorry. Eric --- When compiling 0.9.2 on a Debian/GNU machine with binutils 2.12.90.0.1, I receive the following compile errors (same error on multiple machines): mode=link ld \ -module -static -Wall -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -D_LIBRADIUS -I../include dict.o print.o radius.o valuepair.o token.o misc.o log.o filters.o missing.o md4.o md5.o sha1.o hmac.o snprintf.o isaac.o smbdes.o crypt.o -o libradius.a ld: unrecognised emulation mode: odule Supported emulations: elf_i386 i386linux make[5]: [libradius.a] Error 1 (ignored) ...and... mode=link gcc -release 0.9.2 \ -module -Wall -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -D_LIBRADIUS -I../include -o libradius.la -rpath /usr/lib/freeradius dict.lo print.lo radius.lo valuepair.lo token.lo misc.lo log.lo filters.lo missing.lo md4.lo md5.lo sha1.lo hmac.lo snprintf.lo isaac.lo smbdes.lo crypt.lo gcc: 0.9.2: No such file or directory gcc: /usr/lib/freeradius: No such file or directory gcc: dict.lo: No such file or directory ... gcc: crypt.lo: No such file or directory gcc: unrecognized option `-release' gcc: unrecognized option `-rpath' gcc: No input files make[5]: [libradius.la] Error 1 (ignored) The build continues on, but eventually fails later on due to the above libraries not being built. The last version I attempted to compile was 0.5, and it ran successfully. Regards, Eric - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
0.9.2 compile issues
When compiling 0.9.2 on a Debian/GNU machine with binutils 2.12.90.0.1, I receive the following compile errors (same error on multiple machines): mode=link ld \ -module -static -Wall -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -D_LIBRADIUS -I../include dict.o print.o radius.o valuepair.o token.o misc.o log.o filters.o missing.o md4.o md5.o sha1.o hmac.o snprintf.o isaac.o smbdes.o crypt.o -o libradius.a ld: unrecognised emulation mode: odule Supported emulations: elf_i386 i386linux make[5]: [libradius.a] Error 1 (ignored) ...and... mode=link gcc -release 0.9.2 \ -module -Wall -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -D_LIBRADIUS -I../include -o libradius.la -rpath /usr/lib/freeradius dict.lo print.lo radius.lo valuepair.lo token.lo misc.lo log.lo filters.lo missing.lo md4.lo md5.lo sha1.lo hmac.lo snprintf.lo isaac.lo smbdes.lo crypt.lo gcc: 0.9.2: No such file or directory gcc: /usr/lib/freeradius: No such file or directory gcc: dict.lo: No such file or directory ... gcc: crypt.lo: No such file or directory gcc: unrecognized option `-release' gcc: unrecognized option `-rpath' gcc: No input files make[5]: [libradius.la] Error 1 (ignored) The build continues on, but eventually fails later on due to the above libraries not being built. The last version I attempted to compile was 0.5, and it ran successfully. Regards, Eric - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dialupAccess attribute
I have freeradius running on RH 9 doing ldap authentication to eDirectory within ttls. The one thing I can't find is how to map the dialupAccess attribute to eDirectory. We would like to be able to deny access based on the value of this. Is anyone using eDirectory for ldap with freeRadius? Any insight would be most appreciated. thanks rick... Rom.5:8 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: One mount account ?
On Tuesday 11 November 2003 06:27, Alan DeKok wrote: > Zoup <[EMAIL PROTECTED]> wrote: > > i think one way must be running an perl script to do this job... but i > > dont know who ! > > each acount must active for one month and then expire ... > > See rlm_counter > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html my database is Mysql , am i must use SqlCounter ( which is experimental ? ) thanks :) -- It's a poor workman who blames his tools. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Are there any downfalls of using SuSE Linux versus other flavors Linux/Unix with FreeRadius?
On Friday 07 November 2003 17:36, Michael Melanson wrote: > Folks > > It was not my intent to start a "Holy War". > My appologies. > > > Allow me to explain. Maybe I should have don this from the word go. > I do not speak a lick of Linux, period. > I have not a clue on how to use it. Having said that I am seeking your > > experieince, insight and knowledge on the easiest and fastest way to > get freeradius up and running with the least amount of learning curve. > > Does this make sense? I am not saying I want to do a "quick & dirty" > setup. > > We are mix of primarily Netware 6, with winblows servers along with > RedHat boxes. > > >From some the feedback thus far, it make sense to either looks at > > RedHat Fedora or > SUSE at this point. Having reduced it to these two options which is > better for a Linux > illiterate like me to start with? I have done some research and the > comment that was > made was > "IF you can install windows you can install SuSE" Any truth to it? I am a FreeRADIUS developer.. I have used SuSE for 5 years. I can use SuSE but I struggle to do alot of things in Windows. I maintain the FreeRADIUS RPM spec file for SuSE Linux and frequently sync patches with the SuSE maintainer. I build SuSE rpms of FreeRADIUS for my own servers and sometimes get around to uploading them to freeradius.org My SuSE FreeRADIUS P4 servers handle up to 500 radius accounting requests per second with a Postgresql backend. RedHat annoys/confuses the hell out of me, but then I like things to just work :-) I hope that helps.. Others will probably disagree with my last statement. Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
caller-id
Hi! I cant get caller id to work, the feature is enabled in .conf file, the phone lines have caller id enabled, but it doesn work. any ideas? Thanks in advance. -- Juan Pablo Fava Ing. en Sistemas de Información Departamento Técnico de Informática Procuración General Buenos Aires - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Kerberos krb5
You need a key for host/[hostname] in the krb5 keytab by default. You can use the 'service_principal' configuration parameter to change the principal required; for example you could specify 'radius' and then the krb5 authenticator would look for radius/[hostname] in the krb5 keytab. Aside from that, there is no other configuration done in the RADIUS server. To specifically address a previous question, the krb5 authenticator just requests tickets using the supplied password, and generates the appropriate accept/reject from the success of obtaining valid tickets. The tickets are then discarded. -Kevin --On Tuesday, November 11, 2003 6:10 PM +0200 Juha Sievi-Korte <[EMAIL PROTECTED]> wrote: What I thought is that you just need a working kerberos environment in your box to use that module. So configure your machine first (/etc/krb5.conf). I never got it working but it was with freeradius 0.5 or 0.6, so it might be better now. --- Kevin C. Miller <[EMAIL PROTECTED]> Network Development Carnegie Mellon University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Kerberos krb5
On Tue, 11 Nov 2003, Ron Wahler wrote: > You need to be able to point it to the KDC ( Key Distribution Center ) > an > IP address or domain, and set up a shared key between them. So there has > To be a way to configure it. What I thought is that you just need a working kerberos environment in your box to use that module. So configure your machine first (/etc/krb5.conf). I never got it working but it was with freeradius 0.5 or 0.6, so it might be better now. -- _ | | "... Think about all the positive sides in life, they _ | |_ _ _ _ ___ never last forever ... (c)Sentenced | || | | | || |_| || O |+-+ AMD Duron 1300MHz & ATI Radeon +--+ || |_| || | | || | || http://students.oamk.fi/~sijuma00 | | E-mail: [EMAIL PROTECTED] | - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Kerberos krb5
You need to be able to point it to the KDC ( Key Distribution Center ) an IP address or domain, and set up a shared key between them. So there has To be a way to configure it. > -Original Message- > From: Alan DeKok [mailto:[EMAIL PROTECTED] > Sent: Monday, November 10, 2003 7:04 PM > To: [EMAIL PROTECTED] > Subject: Re: Kerberos krb5 > > "Ron Wahler" <[EMAIL PROTECTED]> wrote: > > Is there an example of how to set up the krb5 authentication module? > > I don't think it takes any configuration, so it should just be an > empty: > > > modules { > ... > krb5 { > } > > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem in authenticating user in NIS+ compat mode
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Status...
Hi, That's what I thought, but the Freeradius web site says this: "It currently only supports Microsoft's MS-CHAPv2 version of tunneled EAP authentication, so Cisco clients will most likely not work." Dave Alan DeKok wrote: Here's another question, while I'm here. I believe the current PEAP module only supports MsChapv2, but I'll need to use it with my own EAP type. Will that be possible? If that won't work out of the box, what will be involved in making it work? It should be possible out of the box. That's why there's a 'default_eap_type', it's just a default, and not the *only* type. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: One mount account ?
Zoup <[EMAIL PROTECTED]> wrote: > i think one way must be running an perl script to do this job... but i dont > know who ! > each acount must active for one month and then expire ... See rlm_counter Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem in authenticating user in NIS+ compat mode
akongr <[EMAIL PROTECTED]> wrote: > There was no problem if the user entry was entered in the /etc/passwd > and /etc/shadow. However the user cound not be authenticated if the user > was added in NIS format: > +testuser: Then I would say that the problem lies with configuring the user in NIS+ on your system. So far as FreeRADIUS is concerned, it just asks for the password from the "system", and doesn't know (or care) if it comes from /etc/passwd, or NIS+ Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: script/create-users.pl - db support
On Friday 07 November 2003 17:13, Ulrich Walcher wrote: > Hi list, > I enhanced create-users.pl to write 'new' unique users directly to > Postgres or MySQL DBs if required. > As my knowledge in perl is limited someone will find some things are not > written in the most efficient way. Anyway, some people are using it and > so far it's working properly. > Uli Thanks Ulrich I will take a look at this.. In future can you post things like this (ie. code) to the devel list as not all the developers keep a close eye on the users list. Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Error: rlm_sql: Stop packet with zero session length.
Hello, I am running FreeRADIUS 0.9.1 on Redhat 9.0 and MySQL 4.x with all the necessary MySQL stuff. I have been working on setting up my radius accounting logs to go to MySQL. I am seeing the following errors in radius.log: Error: rlm_sql: Stop packet with zero session length. (user '[EMAIL PROTECTED]', nas '10.1.4.22') I can see the insert trying to be performed from the sql traces but I am not sure why the accounting stop insert is failing. Any suggestions or guidance on how to troubleshoot the problem would be appreciated. Thanks, Dave
Re: One mount account ?
On Tuesday 11 November 2003 12:31, Zoup wrote: > On Tuesday 11 November 2003 11:38, Zoup wrote: > > i want to make up users wit 1 mount access , what i must do ? > > you know , i must create user name , but how can i say "hey ! start > > counting at first connection of user and after 30 day finish it ! " i think one way must be running an perl script to do this job... but i dont know who ! each acount must active for one month and then expire ... -- It's a poor workman who blames his tools. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RES: MySQL and encrypted passwords
Hi Nikolas, Try : to plain password : | 1 | [EMAIL PROTECTED] | User-Password | == | password | to Crypt password : | 1 | [EMAIL PROTECTED] | Crypt-Password | == | f07aac8d7d9a859726ddcc7a96b0af8c | Sergio Jose Ferreira WGO Internet Catalao - Go - Brazil -Mensagem original-De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Em nome de Nikolas GeyerEnviada em: segunda-feira, 10 de novembro de 2003 23:26Para: [EMAIL PROTECTED]Assunto: MySQL and encrypted passwords Hi all, Hoping someone can help me. I have just installed FreeRadius on a FreeBSD 5.1-STABLE system, using MySQL as the database backend. The problem I am running into is it wont seem to authenticate users unless they are using plain passwords. I have set pap in radiusd.conf to authenticate via MD5, and here is an excerpt of a user in the database; | 1 | [EMAIL PROTECTED] | Password | == | f07aac8d7d9a859726ddcc7a96b0af8c | If I authenticate using the password that has been made into a MD5 hash, it fails. If I authenticate using the md5 hash as a clear text password, it authenticates (im using NTRadPing to test). If anyone has had these problems, or could help out it would be most appreciated. Regards, Nikolas. -- Nikolas GeyerSystems AdministrationInfinite NetworksPh: 02 6239 2152Fax: 02 6239 2041 13 Wiluna StreetFyshwick ACT 2609 http://www.infinite.net.au/ IMPORTANT NOTICE: This message may contain privileged and confidentialinformation intended only for the above named addressee. If you are not theintended recipient of this message, you are hereby notified that any use,distribution or reproduction of this message or any part thereof isprohibited. Any views expressed in this message are those of the individualsender and may not necessarily reflect the views of Infinite Networks.
Re: One mount account ?
On Tuesday 11 November 2003 11:38, Zoup wrote: > i want to make up users wit 1 mount access , what i must do ? > you know , i must create user name , but how can i say "hey ! start > counting at first connection of user and after 30 day finish it ! " Grasias !! i mean mouth !! -- It's a poor workman who blames his tools. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem in authenticating user in NIS+ compat mode
Hi, The user exists in the NIS+ system. Do I need rlm_passwd module included when compile? This was how I config. before comile: ./configure --prefix=/usr/local/freeradius.0.9.2 --localstatedir=/var --enabl e-ltdl-install --enable-ltdl-install This was added to the beginning of "users" file came with the tar ball: testuser Auth-Type := System Fall-Through = 1 There was no problem if the user entry was entered in the /etc/passwd and /etc/shadow. However the user cound not be authenticated if the user was added in NIS format: +testuser: Pls advise whether I have missed some moduels or config. Thank you very much. Regards Alan Alan DeKok wrote: akongr <[EMAIL PROTECTED]> wrote: I have no problem in authenticate users if the user entry in "users" file is:testuser Auth-Type = local password="testing123"However I could not get users authenticated when I tried to authenticateusers using system as follows: ... modcall: entering group authenticate for request 2 modcall[authenticate]: module "unix" returns notfound for request 2 Does the user exist in the NIS+ system? Alan DeKok.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
One mount account ?
i want to make up users wit 1 mount access , what i must do ? you know , i must create user name , but how can i say "hey ! start counting at first connection of user and after 30 day finish it ! " -- It's a poor workman who blames his tools. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html