Re: CHAP authentication
At Sun, 16 Nov 2003 05:15:53 -0800 (PST), apellido jr., wilfredo p [EMAIL PROTECTED] wrote: Good day Mr. Dekok, sorry if im asking stupid question. Im just asking so that i can sure that chap authentication doesnt work and maybe someone could give some comment. Hoping maybe i miss something. I test it already before asking this in mailing list and it doesnt work. = wilfredo pahilanga apellido jr. technical support mactan online bacolod city, philippines +63 34 4348311 If you can't hear me, it's because i'm in parentheses. It works fine. Make sure you have the User-Password attribute in radcheck with == operator for the user. Store the clear text password in the db. Also make sure that the chap in authorize and authenticate sections is not commented out. Read also http://www.frontios.com/freeradius.html == Kostas Zorbadelos Currently at: Otenet IT Department mailto: [EMAIL PROTECTED] Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
NETServer+FreeRADIUS+Callback
Hello. I've one problem. I've USR 3Com NETServer+FreeRADIUS. I've setup the callback on my NAS and also in Radius by do the Service-Type=Callback-Framed. All working fine, the server calls me back and I connected correctly BUT I've no networking. I can't ping NAS too. When without callback all works fine and net too. What problem can be? Thanks, Alex. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Add new Attributes to Radius
Am Fre, 2003-11-14 um 18.26 schrieb Sanjiv Thakor: I want to be able to add new Attributes to Radius. For example ATTRIBUTESpecial-Group10001string [...] What keeps you from using the class-attribute??? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + mysql problems
Am Sam, 2003-11-15 um 04.03 schrieb Rob Hinst: Hi all, My goal is to use Freeradius with the sql module for authenticating users. I'm using version 0.9.2 (installed from rpms i created with the specfile that came with the tarball). There doesn't seem to be a wealth of information available for using the sql module, but I've been working off of this tutorial: http://www.frontios.com/freeradius.html I got everything working using /etc/shadow to authenticate users, but then I proceeded to follow the instructions for sql and have run in to some trouble. I followed all of the required steps and am unable to authenticate. I'm using the following command to test the server: [...] Please post the debugging output (radiusd -X) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fw: Status... rlm_ldap problem
When runing ldapsearch did you bind with the problematic DNs or with the
admin
DN? I would suggest trying to bind with the user DNs and see what happens
I bind as admin DN but why i never received the error while running in
FreeBSD 4.8.. only in FreeBSD 5.1 the problem appear.. both accessing the
same LDAP server. Is there something to do with FreeBSD 5.1 ???
Also check out the ldap server logs for the freeradius bind operations.
There
should be something there that will explain what's happening. If there
isn't run
the ldap server in debug mode. I don't think there's much else to do in
rlm_ldap
to fix the problem.
OK...
--haizam
i) Error from radius.log
Mon Oct 20 18:37:00 2003 : Error: rlm_ldap:
uniqueIdentifier=227523,ou=RADIUS,ou=People,dc=com,dc=my bind to
x.x.x.x:389
failed: timeout
Mon Oct 20 18:37:00 2003 : Error: rlm_ldap:
uniqueIdentifier=717710,ou=RADIUS,ou=People,dc=com,dc=my bind to
x.x.x.x:389
failed: timeout
Mon Oct 20 18:37:03 2003 : Error: rlm_ldap:
uniqueIdentifier=983053,ou=RADIUS,ou=People,dc=com,dc=my bind to
x.x.x.x:389
failed: timeout
ii) From debug output
...
rlm_ldap: performing search in ou=People,dc=jaring,dc=my, with filter
(uid=spts)
rlm_ldap: checking if remote access for spts is allowed by
dialupAccess
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusSessionTimeout as Session-Timeout, value 21600
op=11
rlm_ldap: Adding radiusFramedCompression as Framed-Compression, value
Van-Jacobson-TCP-IP op=11
rlm_ldap: Adding radiusFramedMTU as Framed-MTU, value 1500 op=11
rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP
op=11
rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User
op=11
rlm_ldap: user spts authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module ldap1 returns ok for request 561
modcall: group redundant returns ok for request 561
modcall: group authorize returns ok for request 561
rad_check_password: Found Auth-Type LDAP
auth: type LDAP
modcall: entering group Auth-Type for request 561
modcall: entering group redundant for request 561
rlm_ldap: - authenticate
rlm_ldap: login attempt by spts with password
rlm_ldap: user DN:
uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my
rlm_ldap: (re)connect to 61.6.32.201:389, authentication 1
rlm_ldap: bind as
uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my/spts2003
to
61.6.32
.201:389
rlm_ldap: waiting for bind result ...
rlm_ldap: ldap_result()
rlm_ldap: uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my
bind
to 61.6.32.201:389 fai
led: timeout
rlm_ldap: ldap_connect() failed
modcall[authenticate]: module ldap1 returns fail for request 561
rlm_ldap: - authenticate
rlm_ldap: login attempt by spts with password
rlm_ldap: user DN:
uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my
rlm_ldap: (re)connect to 61.6.32.97:389, authentication 1
rlm_ldap: bind as
uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my/spts2003
to
61.6.32
.97:389
rlm_ldap: waiting for bind result ...
rlm_ldap: ldap_result()
rlm_ldap: uniqueIdentifier=687130,ou=RADIUS,ou=People,dc=jaring,dc=my
bind
to 61.6.32.97:389 fail
ed: timeout
rlm_ldap: ldap_connect() failed
modcall[authenticate]: module ldap2 returns fail for request 561
modcall: group redundant returns fail for request 561
modcall: group Auth-Type returns fail for request 561
auth: Failed to validate the user.
Login incorrect: [spts] (from client jhb34 port 239 cli 072270533)
Delaying request 561 for 1 seconds
Finished request 561
Going to the next request
.
Problem B
- ADDED to above problem.. I'm still having Unresponsive child
problem
- LDAP working fine...
- not that critical compare to above...
i) From radius.log
Wed Nov 12 00:59:52 2003 : Error: WARNING: Unresponsive child (id
136795136)
for request 322196
Wed Nov 12 01:00:13 2003 : Error: WARNING: Unresponsive child (id
136585216)
for request 322292
Wed Nov 12 08:42:48 2003 : Error: WARNING: Unresponsive child (id
135698432)
for request 15206
It's normal since rlm_ldap takes a long time to timeout
ii) My ldap setting in radiusd.conf - maybe tuning is needed here.
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 256000
hostname_lookups = yes
allow_core_dumps = no
start_servers = 20
max_servers = 1024
min_spare_servers = 10
max_spare_servers = 20
ldap ldap2 {
server = 10.1.1.1
identity =
cn=Sysadmin,ou=Applications,dc=jaring,dc=my
web access failed after LDAP auth. by freeradius
We use freeradius with LDAP authentication for dial-up PPP service. When Win2k/WinXP users get authenticated with LDAP through freeradius, they have problems loading some particular web sites. The webpages cannot be loaded. It returns normal after I stop using freeradius for authentication. Win98/ME users don't have the problem. I expect that freeradius will only do user authentication and nothing about the user's behaviour after login. I can't imagine how freeradius affects the browser's behaviour after successfully authenticated. Anyone knows any parameter in freeradius that will cause this? Fu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius newbie questions
hi alan Put a page on the web, and mail the URL to the list. The EAP-TLS documents should really be included with the server, but they're large, and need minor updates... Alan DeKok. a propos, what happened to those example certificates i've once mailed you? are they by any chance included with the server now? if not: do you want me to recreate them with some other options? i really think it would be helpful for many people, just to do the first tests and to see: oh yes, it's not the freeradius going crazy, it's me, not being able to create five simple certificates... ciao artur - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + mysql problems
Hi Ulrich,
Below is the full output from radiusd -X.
On Mon, 2003-11-17 at 04:22, Ulrich Walcher wrote:
Am Sam, 2003-11-15 um 04.03 schrieb Rob Hinst:
Hi all,
My goal is to use Freeradius with the sql module for authenticating
users. I'm using version 0.9.2 (installed from rpms i created with the
specfile that came with the tarball). There doesn't seem to be a wealth
of information available for using the sql module, but I've been working
off of this tutorial: http://www.frontios.com/freeradius.html
I got everything working using /etc/shadow to authenticate users, but
then I proceeded to follow the instructions for sql and have run in to
some trouble. I followed all of the required steps and am unable to
authenticate. I'm using the following command to test the server:
[...]
Please post the debugging output (radiusd -X)
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = /usr
main: localstatedir = /var
main: logdir = /var/log/radius
main: libdir = /usr/lib
main: radacctdir = /var/log/radius/radacct
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = yes
main: log_file = /var/log/radius/radius.log
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = /var/run/radiusd/radiusd.pid
main: user = root
main: group = root
main: usercollide = no
main: lower_user = no
main: lower_pass = no
main: nospace_user = no
main: nospace_pass = no
main: checkrad = /usr/sbin/checkrad
main: proxy_requests = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
Using deprecated realms file. Support for this will go away soon.
radiusd: entering modules setup
Module: Library search path is /usr/lib
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = crypt
Module: Instantiated pap (pap)
Module: Loaded preprocess
preprocess: huntgroups = /etc/raddb/huntgroups
preprocess: hints = /etc/raddb/hints
preprocess: with_ascend_hack = yes
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = yes
Module: Instantiated preprocess (preprocess)
Module: Loaded SQL
sql: driver = rlm_sql_mysql
sql: server = localhost
sql: port =
sql: login = mail
sql: password = eXo2003
sql: radius_db = exomail
sql: acct_table = radacct
sql: acct_table2 = radacct
sql: authcheck_table = radcheck
sql: authreply_table = radreply
sql: groupcheck_table = radgroupcheck
sql: groupreply_table = radgroupreply
sql: usergroup_table = usergroup
sql: nas_table = nas
sql: dict_table = dictionary
sql: sqltrace = yes
sql: sqltracefile = /var/log/radius/sqltrace.sql
sql: deletestalesessions = yes
sql: num_sql_socks = 5
sql: sql_user_name = %{Stripped-User-Name}
sql: default_user_profile = dialup
sql: query_on_not_found = yes
sql: authorize_check_query = SELECT id,UserName,Attribute,Value,op
FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id
sql: authorize_reply_query = SELECT id,UserName,Attribute,Value,op
FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id
sql: authorize_group_check_query = SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
sql: authorize_group_reply_query = SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
sql: accounting_onoff_query = UPDATE radacct SET AcctStopTime='%S',
AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime),
AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay =
%{Acct-Delay-Time} WHERE AcctSessionTime=0 AND AcctStopTime=0 AND
NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime
= '%S'
sql: accounting_update_query = UPDATE radacct SET FramedIPAddress =
'%{Framed-IP-Address}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND
UserName = '%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}' AND
AcctStopTime = 0
sql: accounting_start_query = INSERT into radacct (RadAcctId,
AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress,
Re: freeradius + mysql problems
Rob Hinst [EMAIL PROTECTED] wrote: radius_xlat: '' modcall[authorize]: module sql returns fail for request 0 modcall: group authorize returns fail for request 0 There was no response configured: rejecting request 0 Maybe those lines mean something... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with EAP-TTLS+AEGIS Client
Jason Haar [EMAIL PROTECTED] wrote: ..a bit off topic - but large certificates in general seem to be a problem with all sorts of SSL apps. I'm not surprised. I've run FreeRADIUS under 'valgrind', to catch buffer overflows, and reading uninitialized memory. Without any SSL code, it's fine. With OpenSSL (EAP-TLS, etc), there are tens of thousands of error messages. And when compiling FreeRADIUS against OpenSSL, there are large amounts of warnings about the broken SSL headers. I'm amazed that the SSL code works at *all*. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: web access failed after LDAP auth. by freeradius
Lai Fu Keung [EMAIL PROTECTED] wrote: I expect that freeradius will only do user authentication and nothing about the user's behaviour after login. I can't imagine how freeradius affects the browser's behaviour after successfully authenticated. It doesn't. You've configured FreeRADIUS so that the reply it sends is different than the reply sent by your other RADIUS server. Make the replies the same, and the clients will behave the same. Alan Dekok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + mysql problems
On Mon, 2003-11-17 at 10:17, Alan DeKok wrote: Rob Hinst [EMAIL PROTECTED] wrote: radius_xlat: '' modcall[authorize]: module sql returns fail for request 0 modcall: group authorize returns fail for request 0 There was no response configured: rejecting request 0 Maybe those lines mean something... Obviously.. but I thought I had configured a response (otherwise I wouldn't have written). I'm trying to auth as robtest/test. My radcheck table looks like this: ++--+---++---+ | id | UserName | Attribute | op | Value | ++--+---++---+ | 1 | robtest | Password | == | test | ++--+---++---+ and my usergroup table looks like this: ++--+---+ | id | UserName | GroupName | ++--+---+ | 1 | robtest | dialup| ++--+---+ I assumed that this means that radiusd will check for a response for the user named robtest in radreply (which is currently empty), and then fall back to use the default group settings for the group named dialup. My radgroupreplay table looks like this: ++---+++-+--+ | id | GroupName | Attribute | op | Value | prio | ++---+++-+--+ | 1 | dialup| Framed-Compression | := | Van-Jacobsen-TCP-IP |0 | | 2 | dialup| Framed-Protocol| := | PPP |0 | | 3 | dialup| Service-Type | := | Framed-User |0 | | 4 | dialup| Framed-MTU | := | 1500|0 | ++---+++-+--+ Apparently there's a flaw in my reasoning somewhere along the line otherwise it would work. I was hoping someone here would be able to point out the problem (sans sarcasm, please). Thanks, Rob Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Question on Attribute Value Operators
Is the '+=' Operator usedfor defining theAttribute Value pairs a standard operator used with all radius Servers or is this something that just freeRadius Provides. Thanks in advance, Sanjiv attachment: Blank Bkgrd.gif
Re: freeradius + mysql problems
Rob Hinst [EMAIL PROTECTED] wrote: Obviously.. but I thought I had configured a response (otherwise I wouldn't have written). I'm trying to auth as robtest/test. My radcheck table looks like this: The error messages were definitive, in that they showed the 'xlat' routine returning *nothing*. Apparently there's a flaw in my reasoning somewhere along the line otherwise it would work. I was hoping someone here would be able to point out the problem (sans sarcasm, please). To me, it doesn't look like the SQL database is being queried at all. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + mysql problems
Hi Alan,
Thanks for the response, sorry to be a continuing pest, but I've added a
few additional comments/questions inline:
On Mon, 2003-11-17 at 11:25, Alan DeKok wrote:
Rob Hinst [EMAIL PROTECTED] wrote:
Obviously.. but I thought I had configured a response (otherwise I
wouldn't have written). I'm trying to auth as robtest/test. My radcheck
table looks like this:
The error messages were definitive, in that they showed the 'xlat'
routine returning *nothing*.
Apparently there's a flaw in my reasoning somewhere along the line
otherwise it would work. I was hoping someone here would be able to
point out the problem (sans sarcasm, please).
To me, it doesn't look like the SQL database is being queried at
all.
Right. In my original e-mail, I said that the sql database isn't being
queried at all. I set up query logging and nothing was coming across. As
you can see from the debug output, however, the server is successfully
making the connections to sql when the sql module initializes.
This is what the authorize and authenticate sections of my radiusd.conf
file look like. Basically, I had it working properly off of the unx
passwd file, and then i added sql to the authorize section and removed
files. I also removed unix from the authenticate section. Can you
offer any suggestions as to why the server wouldn't even attempt to
query sql?
authorize {
preprocess
sql
}
authenticate {
Auth-Type PAP {
pap
}
}
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + mysql problems
and also (and probably the more important question), what would cause xlat to return nothing? I can't seem to find what the xlat routine does. On Mon, 2003-11-17 at 11:25, Alan DeKok wrote: Rob Hinst [EMAIL PROTECTED] wrote: Obviously.. but I thought I had configured a response (otherwise I wouldn't have written). I'm trying to auth as robtest/test. My radcheck table looks like this: The error messages were definitive, in that they showed the 'xlat' routine returning *nothing*. Apparently there's a flaw in my reasoning somewhere along the line otherwise it would work. I was hoping someone here would be able to point out the problem (sans sarcasm, please). To me, it doesn't look like the SQL database is being queried at all. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + mysql problems
Rob Hinst [EMAIL PROTECTED] wrote: and also (and probably the more important question), what would cause xlat to return nothing? I can't seem to find what the xlat routine does. It's the dynamic translation of strings in the configuration file. See 'sql.conf' for the SQL queries. The attribute names there get dynamically replaced with the values of those attributes from the packet. It looks to me like the SQL queries are empty or undefined. Therefore, they're never performed, and the user is always unknown. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + mysql problems
Rob Hinst [EMAIL PROTECTED] wrote: This is what the authorize and authenticate sections of my radiusd.conf file look like. Basically, I had it working properly off of the unx passwd file, and then i added sql to the authorize section and removed files. I also removed unix from the authenticate section. Can you offer any suggestions as to why the server wouldn't even attempt to query sql? Because the queries aren't defined, or there is an error processing them. e.g. The queries require some attribute which isn't in the packet. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + mysql problems
Thanks very much, I'll try to figure out the rest on my own. On Mon, 2003-11-17 at 11:51, Alan DeKok wrote: Rob Hinst [EMAIL PROTECTED] wrote: and also (and probably the more important question), what would cause xlat to return nothing? I can't seem to find what the xlat routine does. It's the dynamic translation of strings in the configuration file. See 'sql.conf' for the SQL queries. The attribute names there get dynamically replaced with the values of those attributes from the packet. It looks to me like the SQL queries are empty or undefined. Therefore, they're never performed, and the user is always unknown. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + mysql problems
Hi Alan,
Thanks again. I managed to get it working by changing this line:
sql_user_name = %{Stripped-User-Name}
to this:
sql_user_name = %{User-Name}
I just have one last question. Is there any simple way (a config
setting) to enable encrypted passwords in sql, or do I have to do some
hacking around in the sql statements to make it work?
-Rob
On Mon, 2003-11-17 at 11:53, Alan DeKok wrote:
Rob Hinst [EMAIL PROTECTED] wrote:
This is what the authorize and authenticate sections of my radiusd.conf
file look like. Basically, I had it working properly off of the unx
passwd file, and then i added sql to the authorize section and removed
files. I also removed unix from the authenticate section. Can you
offer any suggestions as to why the server wouldn't even attempt to
query sql?
Because the queries aren't defined, or there is an error processing
them.
e.g. The queries require some attribute which isn't in the packet.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + mysql problems
nevermind. figured that out too. feel free to flame me on that one.
didn't bother to look around first. ;)
On Mon, 2003-11-17 at 12:32, Rob Hinst wrote:
Hi Alan,
Thanks again. I managed to get it working by changing this line:
sql_user_name = %{Stripped-User-Name}
to this:
sql_user_name = %{User-Name}
I just have one last question. Is there any simple way (a config
setting) to enable encrypted passwords in sql, or do I have to do some
hacking around in the sql statements to make it work?
-Rob
On Mon, 2003-11-17 at 11:53, Alan DeKok wrote:
Rob Hinst [EMAIL PROTECTED] wrote:
This is what the authorize and authenticate sections of my radiusd.conf
file look like. Basically, I had it working properly off of the unx
passwd file, and then i added sql to the authorize section and removed
files. I also removed unix from the authenticate section. Can you
offer any suggestions as to why the server wouldn't even attempt to
query sql?
Because the queries aren't defined, or there is an error processing
them.
e.g. The queries require some attribute which isn't in the packet.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RADIUS-Header ID disabled during processing?
Hi everyone, i need to know if the NAS blocks a REQUEST-ID for the time of processing this request por is it possible that 2 identical ids are used from one NAS at the same time for different REQUESTs. thanks in advance _ 5 neue Buddies = 50 FreeSMS. http://messenger-mania.msn.de MSN Messenger empfehlen und kräftig abräumen! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Cisco Call Detail
Cisco conf: aaa group server radius WHATEVER server 5.5.5.5 auth-port 1812 acct-port 1813 aaa accounting connection h323 start-stop group WHATEVER I believe the radacct db structure for mysql is somewhere in the freeradius docs. -g This will log everything that happens over the dial peers to the radius db. On Thu, 2003-11-13 at 15:56, Mail_Man wrote: Can someone point me in the right direction to where I can find information on setting up Free Radius so that it collects all the call detail records from a cisco as5300 gateway and stores it in a database? TIA -Seth - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RADIUS-Header ID disabled during processing?
At 12:04 PM 11/17/2003, Enrico Starke wrote: Hi everyone, i need to know if the NAS blocks a REQUEST-ID for the time of processing this request por is it possible that 2 identical ids are used from one NAS at the same time for different REQUESTs. Request-ID is 1 octet. It can/will roll-over pretty quickly, especially on the dense NAS you have today. For this reason there are other methods used to identify distinct radius packets from the same NAS, such as the 16 octet Request-Authenticator, which is per the RFC uniquely generated for each distinct session. Additionally, the RFC says this about the Indentifier field: http://www.freeradius.org/rfc/rfc2865.html Section 3. Packet Format Identifier The Identifier field is one octet, and aids in matching requests and replies. The RADIUS server can detect a duplicate request if it has the same client source IP address and source UDP port and Identifier within a short span of time. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
cisco authorization through freeradius
I am having trouble getting freeradius to return values to my cisco box. My goal is to be able to capture this data through tcl on the cisco. I can authenticate a call using information from radcheck, but the corresponding values (h323-credit-time) in radreply are not being sent. radcheck +++---++-+ | id | UserName | Attribute | op | Value | +++---++-+ | 3 | 12345 | Password | == | 777 | +++---++-+ radreply ++--+--++---+ | id | UserName | Attribute| op | Value | ++--+--++---+ | 11 | 12345| h323-credit-time | = | 10| ++--+--++---+ Ideas? Questions? -g UserN - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cisco authorization through freeradius
At 12:28 PM 11/17/2003, Glen wrote: I am having trouble getting freeradius to return values to my cisco box. My goal is to be able to capture this data through tcl on the cisco. I can authenticate a call using information from radcheck, but the corresponding values (h323-credit-time) in radreply are not being sent. radreply ++--+--++---+ | id | UserName | Attribute| op | Value | ++--+--++---+ | 11 | 12345| h323-credit-time | = | 10| ++--+--++---+ Is this a valid attribute? Or is this need to be encapsulated in a Cisco-VSA attriubte ala: id UserName Attributeop Value 11 12345Cisco-VSA=h323-credit-time=10 -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: How to insert an attribuite into a proxy-reply packet ?
I am not sure how to achieve this using rlm_attr_rewrite (probably others can help), but you can write your own post-proxy method. Add that module in the post-proxy section of radius.conf, so that your post-proxy method is called whenever the Radius server receives a reply for the proxied request. In that post-proxy method you can have whatever case you need based on your requirements. -Original Message- From: Allen Chung [mailto:[EMAIL PROTECTED] Sent: Sunday, November 16, 2003 6:16 PM To: [EMAIL PROTECTED] Subject: Re: How to insert an attribuite into a proxy-reply packet ? Sorry, I don't know how to make it work. Could you tell me more about it ? I use freeradius to be a proxy server.A === MySite = B I want each Auth-Reply to be one of below cases. 1. If the Session-Timeout is defined and the value is great than 0, proxy the reply-packet without change. 2. If the Session-Timeout is undefined, proxy the reply-packet without change. 3. If the Session-Timeout is defined BUT the value is 0, set the value to be 36000 before sending it. Thanks a lot ... - Original Message - From: Liyan Tan mailto:[EMAIL PROTECTED] To: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Sent: Thursday, November 13, 2003 8:00 PM Subject: Re: How to insert an attribuite into a proxy-reply packet ? rlm_attr_filters may work? Liyan Tan [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] 2003-11-13 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cisco authorization through freeradius
I tried this configuration as recommended, to no avail. id UserName Attributeop Value 11 12345Cisco-VSA=h323-credit-time=10 Maybe I'm missing something; I'm expecting the value to show up in the debug output on either the cisco or the radius (-X). Or at least in the response from the radtest utility. -g On Mon, 2003-11-17 at 13:33, Chris Parker wrote: At 12:28 PM 11/17/2003, Glen wrote: I am having trouble getting freeradius to return values to my cisco box. My goal is to be able to capture this data through tcl on the cisco. I can authenticate a call using information from radcheck, but the corresponding values (h323-credit-time) in radreply are not being sent. radreply ++--+--++---+ | id | UserName | Attribute| op | Value | ++--+--++---+ | 11 | 12345| h323-credit-time | = | 10| ++--+--++---+ Is this a valid attribute? Or is this need to be encapsulated in a Cisco-VSA attriubte ala: id UserName Attributeop Value 11 12345Cisco-VSA=h323-credit-time=10 -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cisco authorization through freeradius
At 12:56 PM 11/17/2003, Glen wrote: I tried this configuration as recommended, to no avail. id UserName Attributeop Value 11 12345Cisco-VSA=h323-credit-time=10 Maybe I'm missing something; I'm expecting the value to show up in the debug output on either the cisco or the radius (-X). Or at least in the response from the radtest utility. radiusd -x -x -x will show you the sql queries being executed. What happens when you run them by hand? -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
NetGear ME103 with freeRadius
Hi,
I'm trying to get freeRadius 0.9.1 work with the
NetGear ME103 AP (it has the latest November
firmware).
Not sure why the AP didn't response to the
Access-Challenge from the radius server. Has any one
configured ME103 with freeRadius before? Is cisco 350
better and easy to configure?
I configured freeRadius with mySQL and openssl
0.9.7c and try to get the EAP-TLS work.
Log as below:
# start_radius
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file:
/usr/local/etc/raddb/proxy.conf
Config: including file:
/usr/local/etc/raddb/clients.conf
Config: including file:
/usr/local/etc/raddb/snmp.conf
Config: including file:
/usr/local/etc/raddb/sql.conf
main: prefix = /usr/local
main: localstatedir = /usr/local/var
main: logdir = /usr/local/var/log/radius
main: libdir = /usr/local/lib
main: radacctdir =
/usr/local/var/log/radius/radacct
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file =
/usr/local/var/log/radius/radius.log
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile =
/usr/local/var/run/radiusd/radiusd.pid
main: user = (null)
main: group = (null)
main: usercollide = no
main: lower_user = no
main: lower_pass = no
main: nospace_user = no
main: nospace_pass = no
main: checkrad = /usr/local/sbin/checkrad
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will
go away soon.
read_config_files: reading clients
Using deprecated clients file. Support for this will
go away soon.
read_config_files: reading realms
Using deprecated realms file. Support for this will
go away soon.
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = crypt
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: passwd = (null)
mschap: authtype = MS-CHAP
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = (null)
unix: shadow = (null)
unix: group = (null)
unix: radwtmp = /usr/local/var/log/radius/radwtmp
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = tls
eap: timer_expire = 60
rlm_eap: Loaded and initialized the type md5
rlm_eap: Loaded and initialized the type leap
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = (null)
tls: pem_file_type = yes
tls: private_key_file =
/usr/local/etc/raddb/localhost.pem
tls: certificate_file =
/usr/local/etc/raddb/localhost.pem
tls: CA_file = /usr/local/etc/raddb/root.pem
tls: private_key_password = richardy
tls: dh_file = /usr/local/etc/raddb/DH
tls: random_file = /usr/local/etc/raddb/random
tls: fragment_size = 1024
tls: include_length = yes
rlm_eap_tls: conf N ctx stored
rlm_eap: Loaded and initialized the type tls
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups =
/usr/local/etc/raddb/huntgroups
preprocess: hints = /usr/local/etc/raddb/hints
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = suffix
realm: delimiter = @
Module: Instantiated realm (suffix)
Module: Loaded SQL
sql: driver = rlm_sql_mysql
sql: server = localhost
sql: port =
sql: login = root
sql: password =
sql: radius_db = radius
sql: acct_table = radacct
sql: acct_table2 = radacct
sql: authcheck_table = radcheck
sql: authreply_table = radreply
sql: groupcheck_table = radgroupcheck
sql: groupreply_table = radgroupreply
sql: usergroup_table = usergroup
sql: nas_table = nas
sql: dict_table = dictionary
sql: sqltrace = no
sql: sqltracefile =
/usr/local/var/log/radius/sqltrace.sql
sql: deletestalesessions = yes
sql: num_sql_socks = 5
sql: sql_user_name = %{User-Name}
sql: default_user_profile =
Re: cisco authorization through freeradius
Fantabulous! I looked in dictionary.cisco, saw Cisco-AVPair as the attribute name. It seems everything I read about how VSA AV-Pairs is starting to click. For those finding this message in a search, the following works in FreeRadius v0.91: id UserName Attributeop Value 11 12345Cisco-AVPair =h323-credit-time=10 Thank you very much Chris! -g On Mon, 2003-11-17 at 14:07, Chris Parker wrote: At 12:56 PM 11/17/2003, Glen wrote: I tried this configuration as recommended, to no avail. id UserName Attributeop Value 11 12345Cisco-VSA=h323-credit-time=10 Maybe I'm missing something; I'm expecting the value to show up in the debug output on either the cisco or the radius (-X). Or at least in the response from the radtest utility. radiusd -x -x -x will show you the sql queries being executed. What happens when you run them by hand? -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius newbie questions
Artur Hecker [EMAIL PROTECTED] wrote: a propos, what happened to those example certificates i've once mailed you? are they by any chance included with the server now? if not: do you want me to recreate them with some other options? They're gathering dust somewhere... Send them to me again, and I'll try to find some time this week to look at them. i really think it would be helpful for many people, just to do the first tests and to see: oh yes, it's not the freeradius going crazy, it's me, not being able to create five simple certificates... Oh, yes. Having a working certificate script included in the server is nice, but nothing points to it... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cisco authorization through freeradius
At 01:58 PM 11/17/2003, Glen wrote: Fantabulous! I looked in dictionary.cisco, saw Cisco-AVPair as the attribute name. It seems everything I read about how VSA AV-Pairs is starting to click. For those finding this message in a search, the following works in FreeRadius v0.91: id UserName Attributeop Value 11 12345Cisco-AVPair =h323-credit-time=10 Ahh, that's what I get for trusting my memory rather than checking the dictionary. Glad it pointed you in the correct direction. :) Thank you very much Chris! You are welcome. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: xlat.c bug ?
Alain cocconi [EMAIL PROTECTED] wrote: I had a problem with xlat that didn't care about last char if it was '$' or '%' or '\' so I trace it and found that if the last char was one of them the code was not executed... so if I'm not wrong this little patch should solve it Yes, it does, thanks. I'll add it in later today. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Users File and Hashed Passwords
I am using freeRadius with a plain users file. Is there a way I can replace the plain text passwords in the file with hashed passwords? How do I generate the hashes? I manually edit the file whenever I add or remove a user. Matt - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/TTLS /etc/shadow
On Fri, 14 Nov 2003, Alan DeKok wrote: Ralf Paffrath [EMAIL PROTECTED] wrote: I set Auth-Type to System but no TTLS-tunnel session would be established and I got the following debugging output: ... modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type EAP rad_check_password: Found Auth-Type System Warning: Found 2 auth-types on request for user 'HUGO' sigh Did you READ what i wrote? I did READ what you wrote! I wasn't sure how to set Auth-Type to System for the tunneled user. ;-) Set Auth-Type to System for the tunneled user, The username inside of the tunnel IS different that the username outside of the tunnel, isn't it? Right! Now, I let: username Auth-Type := System and deleted DEFAULT Auth-Type :=System Fall-Through = Yes from users file. After configuring SecureW2 to set the username used for secure tunnel to [EMAIL PROTECTED] and let SecureW2 prompting for users credentials it's working. Now I can autenticate the tunneld user against /etc/shadow. Thanks Alan for the hints! Ralf. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Realease 1.0??
Anyone knows when release 1.0 comes out? Ralf. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: OSX Installation Using Mysql
Hello Thanks again for your time ... Ok I have tryed many things last weeks but effectively mysql can t be installed with shared libraries on a Jaguar. But anyway , today, I have received our brand new Panther CD. So i m working with it, but I still having some trouble in the installation as static or shared. So what should be the correct configure command to compile it correctly (with dynamic libs without a glitch!) It should be nice to give me some clues about... Thanks you in advance Julien - Original Message - From: Andreas Wolf [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 1:29 AM Subject: Re: OSX Installation Using Mysql Actually, on a second look, I think the problem is that you try to configure MySQL with --disable-shared. You should have MySQL built _with_ shared libraries (ie. omit the --disabled-shared option), and I am not sure Jaguar allows for that. Only then can freeRADIUS build the rlm_sql_mysql driver successfully. This is mentioned in a compiler warning. Make sure freeRADIUS built the rlm_sql_mysql driver. -Andreas On Nov 10, 2003, at 11:35 AM, Julien Gabry wrote: Hello, Thanks you for your fast answer. I have tryed your pertinent solutions about dylib, tried also to recompile rlm-sql dynamically and many other things without any more success. But anyway I will switch to panther soon. So thanks you very much for your help PS: sorry for my previous double post Julien - Original Message - From: Andreas Wolf [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 07, 2003 9:05 PM Subject: Re: OSX Installation Using Mysql On Sep 6, 2003, at 9:24 PM, Julien Gabry wrote: Hello I have been able to compile freeradius on mac os X 10.2.8 (jaguar) The freeradius is ok I can authentify, everything look great I have also install mysql and import all needed database for dialup_admin. But I can't activate the rlm_sql_mysql driver. The error message that i get while launching the check-config script or radiusd with option -X is : rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. I have tryed many things to solve it without success I have tryed to compile mysql from the source instead of using apple package I have try several different path for the configure option ./configure --with-mysql-dir=/usr/local/bin --with-mysql-lib-dir=/usr/local/ lib/mysql --with-mysql-include-dir=/usr/local/include/mysql --disable-shared ./configure --with-mysql-dir=/Library/MySQL/bin --with-mysql-lib-dir=/Librar y/MySQL/lib/mysql --with-mysql-include-dir=/Library/MySQL/include/mysql --di sable-shared and many others ... I have also tryed to link the lib manually with common OSX tool (dyld, ld, libtool, ar, ...) So my questions are the following : Did someone has been able to use the mysql modules with free radius on OSX? What should be the way to link properly/correctly the rlm_sql_mysql lib ? How can i check that my MySQL is link as static ? Thanks you in advance I bet you are running into the limitations of having build everything statically. Some rlm modules appear to not work well when linked statically on any platform (so I've been told). On Jaguar I also haven't been able to compile freeRADIUS without the --disable-shared option. On Panther freeRadius builds and runs just fine with dynamic libs without a glitch! One thing you may try on Jaguar is to force linking the rlm_sql_mysql library: % setenv DYLD_INSERT_LIBRARIES path_to_mysqllib -Andreas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Andreas Wolf Apple Computer, Inc. Technologies, AirPort Engineering - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Realease 1.0??
Beginning 2004 Thor. - Original Message - From: Ralf Paffrath [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, November 17, 2003 10:35 PM Subject: Realease 1.0?? Anyone knows when release 1.0 comes out? Ralf. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hola ayudame Gustavo Lozano
Hola Gustavo como estas me llamo Tomas Lagunas he estado buscado informacion de freeradius tengo un freeradius 9.0. en linux lo tengo trabajando con mysql y phpmyadmin, ya lo conecte al cisco y lo congifure. y funciona cada ves que se hace una llamada el freeradius la detecta y muestra el tiempo que tracurrio la llamda. pero mi problema Gustavo es que deseo establecer la cuota a cada usuario para que durante cada llamada se valla descontando su saldo. Vi tu correo y comentaste que Utilizara el modulo rlm_counter, entre a esa carpeta pero encontre algunos archivos que estaban vacios, pero encontre un archivo llamado configure, no se si se tenga que ejecutar ./configure. Por favor Gustavo ayudame te lo suplico no se como le voy hacer. si quieres pasame tu telefono y llamo. Te mando un Fuerte Saludo esperando que me contestes por favor por que el radius me quita el sueño. _ Do You Yahoo!? La mejor conexión a internet y 25MB extra a tu correo por $100 al mes. http://net.yahoo.com.mx - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Multiple realm authentication with FreeRADIUS back to Active Directory?
Hi Folks, I have been using FreeRADIUS for a while now, but with a pretty simple configuration. Now I have been asked to do some more on a different server. Here's the scoop, I need to have a number of Cisco Access Servers authenticate to a Linux server with FreeRADIUS. The tricks are 1) need to have about 5 different realms, and 2) need to have the FreeRADIUS server mostly just act as a pass through back to an (Micro$oft) Active Directory server which does the real authentication. The FreeRADIUS server would do the accounting as well as preventing mulitple logins. I am assuming I need to somehow have FreeRADIUS add a realm to the incoming information first, then pass that back to the Active Directory server? Second, what is the best way to authenticate to an AD? Has anyone done this before? Can anyone point me in the right direction? I have the Hassell book here, but it seems like the book is extremely out of date with FreeRADIUS already, etc. It seems like the book should already have a new edition out. Anyway, any help or advice would be EXTREMELY appreciated! I need to get a prototype up and running very soon. Thanks! John Heiden Network Engineer The University of Toledo Toledo, OH 43606 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with EAP-TTLS+AEGIS Client
On Mon, Nov 17, 2003 at 10:20:36AM -0500, Alan DeKok wrote: I'm amazed that the SSL code works at *all*. Have you looked at the GNU TLS code? - http://www.gnu.org/software/gnutls/ -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Hola ayudame Gustavo Lozano
Tomas, first of all please write to the list in English. I dont mind to write in spanish as it is my native language but talking in english here is the default :) Second, writing in the list to a direct person (just like you are doing to me) is not a good idea, you can probably write direct to me and if your mail is not spam, you can be sure the mail will arrive to my inbox and I will take a minute or two to send you a reply, may be after that, you can take the time to write something back to the list showing your work and what you did in order to help others. Well, after the politics, I will take a look of your problem and send a more detailed answer (than the one with the rlm_counter thing) directly to you in spanish. Regards!! On Mon, 2003-11-17 at 18:08, Tomas Lagunas wrote: Hola Gustavo como estas me llamo Tomas Lagunas he estado buscado informacion de freeradius tengo un freeradius 9.0. en linux lo tengo trabajando con mysql y phpmyadmin, ya lo conecte al cisco y lo congifure. y funciona cada ves que se hace una llamada el freeradius la detecta y muestra el tiempo que tracurrio la llamda. pero mi problema Gustavo es que deseo establecer la cuota a cada usuario para que durante cada llamada se valla descontando su saldo. Vi tu correo y comentaste que Utilizara el modulo rlm_counter, entre a esa carpeta pero encontre algunos archivos que estaban vacios, pero encontre un archivo llamado configure, no se si se tenga que ejecutar ./configure. Por favor Gustavo ayudame te lo suplico no se como le voy hacer. si quieres pasame tu telefono y llamo. Te mando un Fuerte Saludo esperando que me contestes por favor por que el radius me quita el sueño. _ Do You Yahoo!? La mejor conexión a internet y 25MB extra a tu correo por $100 al mes. http://net.yahoo.com.mx - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Gustavo A. Lozano Noldata Corporation [EMAIL PROTECTED] Calle 46 No. 40-19 CTO Bogota D.C. Colombia Noldata Corporation http://noldata.com I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. Albert Einstein - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi, freeradius-users The Malaysia Email Package will be for sale soonly!
Hi freeradius-users Use EAMIL to strengthen your business and find out all potential customers and parters! Now the promotion price of the 300,000 Singapore Email Database is only US$399!!! · The finally results could have three fields including: Email addresses, Reference web site address and Reference tittles. · The format of searching recorders could be saved as the Ms-Excel format. · The accuracy of email addresses could get to 90%.Only active addresses have been recordered by our system. · All the service fee will be charged after customers approve the searching results. · Ensuring all services are legal. Give youself a chance, Maybe the world is defferent! Shell Team 18.11.2003 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Where can I find a complete Linux manual?
Hello, everyone! I am a newbie of RADIUS and know very little about this software and also its concepts (also the basic ones). But I am interested in RADIUS because it is popular and I want to learn how to use it. :) I have searched http://www.freeradius.org/ and also FAQ of this site, but I can not find a complete manual on how to configuare RADIUS server (I have successfully installed the server on RH8.0). Where can I find some simple manuals or tutorials on how to setup, configure and tuning both the server side and the client side? Better provide me some cases, because I am not very clear about what RADIUS can do and what RADIUS can not do, for example, how to set Windows client priviledges, or IP accessing previledge. Best regards, Geo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Where can I find a complete Linux manual?
Please pick up a copy of the O'Reilly book [EMAIL PROTECTED] 11/18/03 10:58AM Hello, everyone! I am a newbie of RADIUS and know very little about this software and also its concepts (also the basic ones). But I am interested in RADIUS because it is popular and I want to learn how to use it. :) I have searched http://www.freeradius.org/ and also FAQ of this site, but I can not find a complete manual on how to configuare RADIUS server (I have successfully installed the server on RH8.0). Where can I find some simple manuals or tutorials on how to setup, configure and tuning both the server side and the client side? Better provide me some cases, because I am not very clear about what RADIUS can do and what RADIUS can not do, for example, how to set Windows client priviledges, or IP accessing previledge. Best regards, Geo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
VPN authentication using freeradius
Hi, Pls forgive me if this question is not entirely related to free-radius. I have set up free-radius 0.9.2 runnig on Solaris to authenticate VPN access from VPN server running on MS-Win2000 server. The authentication method is PAP. There is no problem in authentication for computers running XP. But it could not be authenticated for computers running Win98. I could see from the radiusd -X that the authentication was using PAP. Wonder anyone on the list has come across this problem and provide a solution. Thank you. Regards ALan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: OSX Installation Using Mysql
On Nov 17, 2003, at 1:40 PM, Julien Gabry wrote: Hello Thanks again for your time ... Ok I have tryed many things last weeks but effectively mysql can t be installed with shared libraries on a Jaguar. But anyway , today, I have received our brand new Panther CD. So i m working with it, but I still having some trouble in the installation as static or shared. So what should be the correct configure command to compile it correctly (with dynamic libs without a glitch!) It should be nice to give me some clues about... Since Panther I simply need to do % ./configure % make % sudo make install (well, you might have to specify the path to the mysql libs and headers depending on your installation). Since snapshots aren't always guaranteed to work on every platform you either have to be patient or make your own modifications to make it work (monitoring the postings here also helps a lot of times). I did the latter for a recent snapshot and it works for me now (yes, incl. MySQL). see http://homepage.mac.com/andreaswolf/public/freeradius_installer.html for the diffs. The modifications are minor. -A Thanks you in advance Julien - Original Message - From: Andreas Wolf [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 1:29 AM Subject: Re: OSX Installation Using Mysql Actually, on a second look, I think the problem is that you try to configure MySQL with --disable-shared. You should have MySQL built _with_ shared libraries (ie. omit the --disabled-shared option), and I am not sure Jaguar allows for that. Only then can freeRADIUS build the rlm_sql_mysql driver successfully. This is mentioned in a compiler warning. Make sure freeRADIUS built the rlm_sql_mysql driver. -Andreas On Nov 10, 2003, at 11:35 AM, Julien Gabry wrote: Hello, Thanks you for your fast answer. I have tryed your pertinent solutions about dylib, tried also to recompile rlm-sql dynamically and many other things without any more success. But anyway I will switch to panther soon. So thanks you very much for your help PS: sorry for my previous double post Julien - Original Message - From: Andreas Wolf [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 07, 2003 9:05 PM Subject: Re: OSX Installation Using Mysql On Sep 6, 2003, at 9:24 PM, Julien Gabry wrote: Hello I have been able to compile freeradius on mac os X 10.2.8 (jaguar) The freeradius is ok I can authentify, everything look great I have also install mysql and import all needed database for dialup_admin. But I can't activate the rlm_sql_mysql driver. The error message that i get while launching the check-config script or radiusd with option -X is : rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. I have tryed many things to solve it without success I have tryed to compile mysql from the source instead of using apple package I have try several different path for the configure option ./configure --with-mysql-dir=/usr/local/bin --with-mysql-lib-dir=/usr/local/ lib/mysql --with-mysql-include-dir=/usr/local/include/mysql --disable-shared ./configure --with-mysql-dir=/Library/MySQL/bin --with-mysql-lib-dir=/Librar y/MySQL/lib/mysql --with-mysql-include-dir=/Library/MySQL/include/mysql --di sable-shared and many others ... I have also tryed to link the lib manually with common OSX tool (dyld, ld, libtool, ar, ...) So my questions are the following : Did someone has been able to use the mysql modules with free radius on OSX? What should be the way to link properly/correctly the rlm_sql_mysql lib ? How can i check that my MySQL is link as static ? Thanks you in advance I bet you are running into the limitations of having build everything statically. Some rlm modules appear to not work well when linked statically on any platform (so I've been told). On Jaguar I also haven't been able to compile freeRADIUS without the --disable-shared option. On Panther freeRadius builds and runs just fine with dynamic libs without a glitch! One thing you may try on Jaguar is to force linking the rlm_sql_mysql library: % setenv DYLD_INSERT_LIBRARIES path_to_mysqllib -Andreas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Where can I find a complete Linux manual?
Hi Geo It's a book called RADIUS. This book will give a good overall view of radius using freeradius as an exampleMatthew [EMAIL PROTECTED] 11/18/03 12:04PM Thanks, Wei buddy! Which book do you mean? Geo ++-? -+ -++-+°+¡ ß +: From: Wei Ming Long [EMAIL PROTECTED] Reply-To: To: [EMAIL PROTECTED] Subject: Re: Where can I find a complete Linux manual? Please pick up a copy of the O'Reilly book [EMAIL PROTECTED] 11/18/03 10:58AM Hello, everyone! I am a newbie of RADIUS and know very little about this software and also its concepts (also the basic ones). But I am interested in RADIUS because it is popular and I want to learn how to use it. :) I have searched http://www.freeradius.org/ and also FAQ of this site, but I can not find a complete manual on how to configuare RADIUS server (I have successfully installed the server on RH8.0). Where can I find some simple manuals or tutorials on how to setup, configure and tuning both the server side and the client side? Better provide me some cases, because I am not very clear about what RADIUS can do and what RADIUS can not do, for example, how to set Windows client priviledges, or IP accessing previledge. Best regards, Geo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: OSX Installation Using Mysql
Ok thanks you very much again Andreas... in fact I can make it work if I don't use any option on the configure, but there is just Mysql module working. But for all All other module radiusd.conf[1186] Failed linking to rlm_expr structure in radiusd.conf: dlcompat: Symbol _rlm_expr not found And the same for all other module (except mysql) on the other way by disabling shared Everything work except mysql ... so I m working on a way to build static rlm_mysql and dynamic for other module (for now without success) Thanks for your package, I will try it in a few minutes. (some info about my system ) mysql 4.0.13 (apple binary) Panther 10.3 Devtools provided on Panther cd 4 (MAC OS X Xcode Tools) gcc (GCC) 3.3 20030304 (Apple Computer, Inc. build 1495) Thanks for your help ++ Julien - Original Message - From: Andreas Wolf [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 18, 2003 6:07 AM Subject: Re: OSX Installation Using Mysql On Nov 17, 2003, at 1:40 PM, Julien Gabry wrote: Hello Thanks again for your time ... Ok I have tryed many things last weeks but effectively mysql can t be installed with shared libraries on a Jaguar. But anyway , today, I have received our brand new Panther CD. So i m working with it, but I still having some trouble in the installation as static or shared. So what should be the correct configure command to compile it correctly (with dynamic libs without a glitch!) It should be nice to give me some clues about... Since Panther I simply need to do % ./configure % make % sudo make install (well, you might have to specify the path to the mysql libs and headers depending on your installation). Since snapshots aren't always guaranteed to work on every platform you either have to be patient or make your own modifications to make it work (monitoring the postings here also helps a lot of times). I did the latter for a recent snapshot and it works for me now (yes, incl. MySQL). see http://homepage.mac.com/andreaswolf/public/freeradius_installer.html for the diffs. The modifications are minor. -A Thanks you in advance Julien - Original Message - From: Andreas Wolf [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 1:29 AM Subject: Re: OSX Installation Using Mysql Actually, on a second look, I think the problem is that you try to configure MySQL with --disable-shared. You should have MySQL built _with_ shared libraries (ie. omit the --disabled-shared option), and I am not sure Jaguar allows for that. Only then can freeRADIUS build the rlm_sql_mysql driver successfully. This is mentioned in a compiler warning. Make sure freeRADIUS built the rlm_sql_mysql driver. -Andreas On Nov 10, 2003, at 11:35 AM, Julien Gabry wrote: Hello, Thanks you for your fast answer. I have tryed your pertinent solutions about dylib, tried also to recompile rlm-sql dynamically and many other things without any more success. But anyway I will switch to panther soon. So thanks you very much for your help PS: sorry for my previous double post Julien - Original Message - From: Andreas Wolf [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 07, 2003 9:05 PM Subject: Re: OSX Installation Using Mysql On Sep 6, 2003, at 9:24 PM, Julien Gabry wrote: Hello I have been able to compile freeradius on mac os X 10.2.8 (jaguar) The freeradius is ok I can authentify, everything look great I have also install mysql and import all needed database for dialup_admin. But I can't activate the rlm_sql_mysql driver. The error message that i get while launching the check-config script or radiusd with option -X is : rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. I have tryed many things to solve it without success I have tryed to compile mysql from the source instead of using apple package I have try several different path for the configure option ./configure --with-mysql-dir=/usr/local/bin --with-mysql-lib-dir=/usr/local/ lib/mysql --with-mysql-include-dir=/usr/local/include/mysql --disable-shared ./configure --with-mysql-dir=/Library/MySQL/bin --with-mysql-lib-dir=/Librar y/MySQL/lib/mysql --with-mysql-include-dir=/Library/MySQL/include/mysql --di sable-shared and many others ... I have also tryed to link the lib manually with common OSX tool (dyld, ld, libtool, ar, ...) So my questions are the following : Did someone has been able to use the mysql modules with free radius on OSX? What should be the way to link properly/correctly the rlm_sql_mysql lib ? How can i check that my
Re: Where can I find a complete Linux manual?
Thanks, Wei buddy! Is that book free? Do you know where can I find one electronic version? Maybe you can send it to me. :) Best regards, Geo ÔÚÄúµÄÀ´ÐÅÖÐÔø¾Ìáµ½: From: Wei Ming Long [EMAIL PROTECTED] Reply-To: To: [EMAIL PROTECTED] Subject: Re: Where can I find a complete Linux manual? Hi Geo It's a book called RADIUS. This book will give a good overall view of radius using freeradius as an exampleMatthew [EMAIL PROTECTED] 11/18/03 12:04PM Thanks, Wei buddy! Which book do you mean? Geo ++-? -+ -++-+???+: From: Wei Ming Long [EMAIL PROTECTED] Reply-To: To: [EMAIL PROTECTED] Subject: Re: Where can I find a complete Linux manual? Please pick up a copy of the O'Reilly book [EMAIL PROTECTED] 11/18/03 10:58AM Hello, everyone! I am a newbie of RADIUS and know very little about this software and also its concepts (also the basic ones). But I am interested in RADIUS because it is popular and I want to learn how to use it. :) I have searched http://www.freeradius.org/ and also FAQ of this site, but I can not find a complete manual on how to configuare RADIUS server (I have successfully installed the server on RH8.0). Where can I find some simple manuals or tutorials on how to setup, configure and tuning both the server side and the client side? Better provide me some cases, because I am not very clear about what RADIUS can do and what RADIUS can not do, for example, how to set Windows client priviledges, or IP accessing previledge. Best regards, Geo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: OSX Installation Using Mysql
For infos, the package file installl it correctly, but I still got undefined symbol dlcompat: Symbol _rlm_expr So I think it's the configuration of my system itself that should be corrupt. Are you using a complete panther installation or an update of 10.2.8 to panther ? Thanks for your help PS: great job for the package, I wish to be able to make it work and so maybe provide you some key info to make your help you make your pkg work on more Panther version ... Julien - Original Message - From: Julien Gabry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 18, 2003 6:54 AM Subject: Re: OSX Installation Using Mysql Ok thanks you very much again Andreas... in fact I can make it work if I don't use any option on the configure, but there is just Mysql module working. But for all All other module radiusd.conf[1186] Failed linking to rlm_expr structure in radiusd.conf: dlcompat: Symbol _rlm_expr not found And the same for all other module (except mysql) on the other way by disabling shared Everything work except mysql ... so I m working on a way to build static rlm_mysql and dynamic for other module (for now without success) Thanks for your package, I will try it in a few minutes. (some info about my system ) mysql 4.0.13 (apple binary) Panther 10.3 Devtools provided on Panther cd 4 (MAC OS X Xcode Tools) gcc (GCC) 3.3 20030304 (Apple Computer, Inc. build 1495) Thanks for your help ++ Julien - Original Message - From: Andreas Wolf [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 18, 2003 6:07 AM Subject: Re: OSX Installation Using Mysql On Nov 17, 2003, at 1:40 PM, Julien Gabry wrote: Hello Thanks again for your time ... Ok I have tryed many things last weeks but effectively mysql can t be installed with shared libraries on a Jaguar. But anyway , today, I have received our brand new Panther CD. So i m working with it, but I still having some trouble in the installation as static or shared. So what should be the correct configure command to compile it correctly (with dynamic libs without a glitch!) It should be nice to give me some clues about... Since Panther I simply need to do % ./configure % make % sudo make install (well, you might have to specify the path to the mysql libs and headers depending on your installation). Since snapshots aren't always guaranteed to work on every platform you either have to be patient or make your own modifications to make it work (monitoring the postings here also helps a lot of times). I did the latter for a recent snapshot and it works for me now (yes, incl. MySQL). see http://homepage.mac.com/andreaswolf/public/freeradius_installer.html for the diffs. The modifications are minor. -A Thanks you in advance Julien - Original Message - From: Andreas Wolf [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 1:29 AM Subject: Re: OSX Installation Using Mysql Actually, on a second look, I think the problem is that you try to configure MySQL with --disable-shared. You should have MySQL built _with_ shared libraries (ie. omit the --disabled-shared option), and I am not sure Jaguar allows for that. Only then can freeRADIUS build the rlm_sql_mysql driver successfully. This is mentioned in a compiler warning. Make sure freeRADIUS built the rlm_sql_mysql driver. -Andreas On Nov 10, 2003, at 11:35 AM, Julien Gabry wrote: Hello, Thanks you for your fast answer. I have tryed your pertinent solutions about dylib, tried also to recompile rlm-sql dynamically and many other things without any more success. But anyway I will switch to panther soon. So thanks you very much for your help PS: sorry for my previous double post Julien - Original Message - From: Andreas Wolf [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 07, 2003 9:05 PM Subject: Re: OSX Installation Using Mysql On Sep 6, 2003, at 9:24 PM, Julien Gabry wrote: Hello I have been able to compile freeradius on mac os X 10.2.8 (jaguar) The freeradius is ok I can authentify, everything look great I have also install mysql and import all needed database for dialup_admin. But I can't activate the rlm_sql_mysql driver. The error message that i get while launching the check-config script or radiusd with option -X is : rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. I have tryed many things to solve it without success I have tryed to compile mysql from the source
Makefile problems when using static libs
Hello all, I found a little bug in the src/main/Makefile.in. In the normal setup, radius uses dynamic libraries and default search paths. Problem arises when I give this: ./configure --with-threads=no --enable-static=yes --enable-shared=no --prefix=somedir --exec-prefix=somedir After doing this everything the Make, make install goes well. But when I run somedir/sbin/radiusd -X it shows that it cannot find module md5 for eap. To get around this problem I added some lines to src/main/Makefile.in which are as follows: Originally a particular section looked like: ifneq ($(USE_SHARED_LIBS),yes) MODULE_LIBS += $(shell for x in $(MODULES);do test -f ../modules/$$x/$$x.la echo -dlpreopen ../modules/$$x/$$x.la;done) MODULE_OBJS += $(shell for x in $(MODULES);do test -f ../modules/$$x/$$x.la echo ../modules/$$x/$$x.la;done) endif I changed it to: ifneq ($(USE_SHARED_LIBS),yes) MODULE_LIBS += $(shell for x in $(MODULES);do test -f ../modules/$$x/$$x.la echo -dlpreopen ../modules/$$x/$$x.la;done) MODULE_LIBS += $(shell test -f ../modules/rlm_eap/types/rlm_eap_md5/rlm_eap_md5.la echo -dlpreopen ../modules/rlm_eap/types/rlm_eap_md5/rlm_eap_md5.la) MODULE_LIBS += $(shell test -f ../modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.la echo -dlpreopen ../modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.la) MODULE_OBJS += $(shell for x in $(MODULES);do test -f ../modules/$$x/$$x.la echo ../modules/$$x/$$x.la;done) MODULE_OBJS += $(shell test -f ../modules/rlm_eap/types/rlm_eap_md5/rlm_eap_md5.la echo ../modules/rlm_eap/types/rlm_eap_md5/rlm_eap_md5.la) MODULE_OBJS += $(shell test -f ../modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.la echo ../modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.la) endif After that all went well. Actually, the rlm_eap_md5.la and rlm_eap_leap.la were not deing dlpreopen-ed in case of static modules. I hope what I said was correct. Please let me know if there is any other way to get around the problem. Thanking you, Arindam Roy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Where can I find a complete Linux manual?
On Tue, Nov 18, 2003 at 02:00:35PM +0800, [EMAIL PROTECTED] wrote: Is that book free? Do you know where can I find one electronic version? Maybe you can send it to me. :) You can get it here: http://www.amazon.com/exec/obidos/tg/detail/-/0596003226 Alternatively you can go with the docs that come with freeradius, the provide enough basics. There are also lots of tutorials in the net, and your friend Google will certainly help you to find them ;) Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
