Re: Mail Delivery Status Notification
[cc listmaster] On Thu, 2002-09-05 at 11:53, [EMAIL PROTECTED] wrote: From: Postmaster [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Mail Delivery Status Notification boundary=_=_NextPart_1 Date: 5 Sep 2002 08:48:54 -0700 Reply-To: [EMAIL PROTECTED] MAIL ESSENTIALS SENDER NOTIFICATION The following message: TO: [EMAIL PROTECTED] FROM:[EMAIL PROTECTED] DATE: Thu, 05 Sep 2002 17:48:04 +0200 Subject: Freeradius-Users digest, Vol 1 #1032 - 1 msg has been held for later review by the administrator by Mail Essentials for the following reason(s): Body contains word(s)/phrase(s) 'XX X' Mail essentials [...] From: Postmaster [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Mail Delivery Status Notification boundary=_=_NextPart_1 Date: 5 Sep 2002 08:46:48 -0700 Reply-To: [EMAIL PROTECTED] MAIL ESSENTIALS SENDER NOTIFICATION The following message: TO: [EMAIL PROTECTED] FROM:[EMAIL PROTECTED] DATE: Thu, 05 Sep 2002 17:46:03 +0200 Subject: Freeradius-Users digest, Vol 1 #1031 - 1 msg has been held for later review by the administrator by Mail Essentials for the following reason(s): Body contains word(s)/phrase(s) 'XX X' Mail essentials This would be droll if it weren't so pathetic. Hmmm. I wonder what happens if I forge a message from itself, to itself containing $badwords. - chad -- Chad Miller [EMAIL PROTECTED] url: http://www.advogato.org/person/cmiller/ ``Having a smoking section in a restaurant is like having a peeing section in a pool.'' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Debian FreeRADIUS package and Woody
Hi, all. I've decided to withdraw the radiusd-freeradius* packages from Debian Woody (the upcoming release). If history is any indicator, any snapshot of the tree I take will need a signifigant patch not long after it's taken. Debian's standards are too high, and administrative software (and authentication in particular) is too important for me to allow that. It will remain in Sid (unstable), of course, in hopes we'll be ready for Woody+1. I'll still keep the debian/ directory up-to-date, so builds from CVS should be possible with minimal changes. - chad -- Chad Miller [EMAIL PROTECTED] url: http://www.advogato.org/person/cmiller/ ``Having a smoking section in a restaurant is like having a peeing section in a pool.'' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius/debian
On Tue, Apr 09, 2002 at 03:58:16PM +0400, Ilja A Marchew wrote: 2nd, FR has been removed from testing debian. What is better: compile FR from tarball or get FR from unstable debian? Right now, get the source from CVS or FTP, and build it yourself. -- Chad Miller [EMAIL PROTECTED] url: http://www.advogato.org/person/cmiller/ ``Having a smoking section in a restaurant is like having a peeing section in a pool.'' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: debian: compile error
On Tue, Apr 09, 2002 at 07:12:12PM +0400, Ilja A Marchew wrote: I try to build debian package from radiusd-freeradius (0.5+cvs20020408-1) with 'src/freeradius-snapshot-20020409# fakeroot debian/rules' command and get this error: rlm_dbm.c:27: gdbm/ndbm.h: No such file or directory The autoconf test is broken. where i must set HAVE_GDBMNDBM_H? what is my error? You can force it in the source, or try CVS in a few days. - chad -- Chad Miller [EMAIL PROTECTED] url: http://www.advogato.org/person/cmiller/ ``Having a smoking section in a restaurant is like having a peeing section in a pool.'' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius 0.5 and Debian 3.0
From: Andrew Tait [EMAIL PROTECTED] Subject: FreeRadius 0.5 and Debian 3.0 Date: Mon, 8 Apr 2002 15:34:20 +1000 The radiusd-freeradius packages have been REMOVED from Debian testing/woody, because of the severe bugs (http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=radiusd-freeradiusrepeatm erged=yes) outstanding, and the fact that the debian package is outdated (0.4) If freeradius is going to be in the Debian distribution, now is the time to get it in there. Woody is getting close to release (1st May is probable date). I (the current maintainer) am working on it. --- From: Matthew Wallis [EMAIL PROTECTED] Can apt be setup to get a nightly snapshot, compile, and install that? With some simple scripting, it's possible. While it would be nice to have FreeRadius in Debian, I think the current release cycle is entirely to fast for it. 0.5 was released less than a month ago, and the nightly builds already far surpass it. I don't believe packaging is the issue for FreeRadius, simply that the amount of work currently being done, means that no package would stay in Debian for more than a night. Matthew's right. The rate of development makes it awfully hard to plan releases. IMO, FreeRADIUS needs a stable branch that is pushed towards 1.0, instead of the whole tree being in a perpetual alpha-state. That means no EAP, no Python module, no $whiz_bang_untested_feature, and I'm not sure anyone is willing to draw a line, as yet, and that makes my job awfully hard. Freeze, branch a stable tree, backport bugfixes, wait, release. I'll release a CVS snapshot, likely. :( - chad -- Chad Miller [EMAIL PROTECTED] url: http://www.advogato.org/person/cmiller/ ``Having a smoking section in a restaurant is like having a peeing section in a pool.'' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
When your signature is longer than your message, you lose.
Date: Mon, 25 Mar 2002 12:55:31 +0100 Message-ID: [EMAIL PROTECTED] From: [EMAIL PROTECTED] Subject: RE: Compiling Problems. I have the same problems using the IBM compiler. In that case I also have the added problem that fcntl.h is not in /usr/include/sys but in /usr/include/. which breaks radzap. regards, Nico Baggus - ATTENTION: The information in this electronic mail message is private and confidential, and only intended for the addressee. Should you receive this message by mistake, you are hereby notified that any disclosure, reproduction, distribution or use of this message is strictly prohibited. Please inform the sender by reply transmission and delete the message without copying or opening it. Messages and attachments are scanned for all viruses known. If this message contains password-protected attachments, the files have NOT been scanned for viruses by the ING mail domain. Always scan attachments before opening them. - That is the most braindead .sig I have ever seen (aside, perhaps, from other similar ones). Oh ho! Here's another: Message-ID: [EMAIL PROTECTED] Date: Mon, 25 Mar 2002 18:39:47 +0530 From: Anchal Arora [EMAIL PROTECTED] Organization: Mahindra British Telecom Subject: Proxy not forwarding Access Accept to client I am using freeRADIUS 0.4 on Red Hat linux 7.2 and have set it up as a Proxy. [...] * Disclaimer This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. * Visit us at http://www.mahindrabt.com Stop it, guys. Really. I think the best way to ensure that your confi- dential information is protected (O! how bogus!) is to filter all messages that contain such .sigs into the trash at the list-server, wouldn't you agree? I mean, golly, if they're protected by law, we don't want to be liable! We've gotta make sure these .sig imperatives are followed! Maybe I can talk Mike into letting me add such a filter. Maybe I won't have to, though, eh? - chad -- Chad Miller [EMAIL PROTECTED] url: http://www.advogato.org/person/cmiller/ By reading this message, you agree to donate US$5000 to the FreeRADIUS project. Contact Alan for payment options. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using smbpasswd with freeradius?
On Mon, Feb 25, 2002 at 01:18:33PM -0500, Kurt Hockenbury wrote: Here's my situation. I have a few thousand users, and they'd like to be able to do VPN. I have a cisco VPN box, that supports radius. I have a crypt(3) unix passwd file, and an smbpasswd file, with entries in both for all users. Now I could use freeradius with PAP authentication against the crypt(3) passwords -- but then passwords are going to be flying around in the clear, which is no good, especially since some of those VPN users could be coming in over a wireless connection. Inside of the RADIUS protocol, the password is not in the clear. Choose care- fully the shared secret between RADIUS server and client, and change it at the same rate you expire users' passwords. Where could it be in the clear? Only at the user's keyboard, and potentially in the communication between the user and the RADIUS client. Make suer that communication between the RADIUS client and the user-controlled software is protected, if possible. (Sorry -- I don't know about Cisco's product.) So that implies using CHAP. But I don't have plaintext passwords for these users. Right. Without having plaintext or decryptable passwords, you can't do cryptographic authentication. Tanstaafl. Perhaps you should do PAP auth for a little while, and ask users to change their passwords, and when they do, store the plaintext version. I have seen tantalizing glimpses that it may be possible use our smbpasswd file to do MS-CHAP authentication, but I can't find any specific instructions as to how to make this happen. An aside: A SMB password file is nearly as good as plaintext. It's trivial to extract the majority of the passwords (all fall with a little computation, but few users choose good passwords), though not the case of the letters. So my question is, is this possible? And if so, can some one point me a (even rough) instructions? Yes. The example exec-program program might give you tips about a way to implement it. There may be other ways, too. -- Chad Miller [EMAIL PROTECTED] url: http://www.advogato.org/person/cmiller/ ``Having a smoking section in a restaurant is like having a peeing section in a pool.'' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: can u gime some advice
[removed crosspost to -devel; this is not about development] On Thu, Feb 21, 2002 at 02:58:30PM +0800, skycony wrote: I want to use freeradius in our commercial product, should I use the release freeradius0.4 or the snapshot? Unfortunately, FreeRADIUS doesn't have a formal release schedule or proce- dure. In most software projects, I'd recommend the 0.4 branch, but there's no good answer, here. The snapshot has fixed a few bugs that the last release had. But, there are almost certainly a few new bugs introduced in the new code. In software projects that haven't ever released a major release (usually 1.0), there's usually a point at which the developers decide that there are the right amount of features for a major release. FreeRADIUS hasn't yet done that, so untested code is always intermingled with tested code, and at any point, there are a dozen bugs to fix before a real release could be possible. So, you're screwed either way. I'd suggest getting the 0.4 release and back- porting the current bugfixes. Be sure you understand the license on FreeRADIUS, too. - chad -- Chad Miller [EMAIL PROTECTED] url: http://www.advogato.org/person/cmiller/ ``Having a smoking section in a restaurant is like having a peeing section in a pool.'' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Exec-Program attribute
html On Wed, Feb 20, 2002 at 08:36:40PM +0800, ?d?K?? wrote: Hi, I am just a beginner. Yes. blinkDon't send HTML! Could anyone tell me how to use the Exec-Program attribute? I want to use freeradius with some other program so I set the USERS files as follows: Bob Auth-Type:=Local, Password=asfd, Exec-Program:=/bin/ls /root/test Reply-Message=hello Are you sure that the user the server is running as can write to /root/test ? I haven't checked the code, but redirection man not work, anyway, if the code isn't running a shell. If you must do redirection, you may have to use /bin/sh -c ... Alan's suggestion of looking at the tarball-included example file should help. Thanking in advance Thank us by changing your mailer to send text ONLY./blink -- Chad Miller [EMAIL PROTECTED] url: http://www.advogato.org/person/cmiller/ ``Having a smoking section in a restaurant is like having a peeing section in a pool.'' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius+mysql accounting issues
On Wed, Dec 26, 2001 at 12:14:40PM -0500, Jeremy Kusnetz wrote: For some reason the only way I can get freeradius to update the radacct tables in my mysql database is to run it in debug mode, either -x or -X When running it in debug mode everything works great. But as soon as I start freeradius with no debugging. Authentication still works, but it doesn't seem to insert or update any of my radacct tables. Running tcpdump I see requests are being made to the accounting port, but freeradius just doesn't seem to be listening. I've also tried starting it with the -sf options, but it still doesn't work. Only in debug mode does it work. Any ideas? What further info can I give about my configuration? Does MySQL use a Unix socket or named pipe that only root has access to? (Or more specifically, that the radius user and group _doesn't_ have access to.) In debug mode (IIRC), the server doesn't give up it's identity as root, where normal mode does. Maybe your problem is related to that. - chad -- Chad Miller [EMAIL PROTECTED] url: http://www.advogato.org/person/cmiller/ ``Is it wrong to donate Kool-Aid to one's favorite kook organizations when the comets come around?'' - C. M. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Programming language support
On Mon, Dec 03, 2001 at 05:23:42PM -0800, [EMAIL PROTECTED] wrote: What programming languages can I use when specifying Exec-program-wait?. Can I use pretty much anything that outputs to stdout?. I need to execute some database queries and cannot do it in shell. The server's only interface to that is exec(), so anything that your system can handle with that call is valid. To be more specific: The server doesn't know or care about the language. -- Chad Miller [EMAIL PROTECTED] url: http://web.chad.org/home/ ``Is it wrong to donate Kool-Aid to one's favorite kook organizations when The Comets come around?'' - C. M. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Decent docs
Hi, Chris. On Wed, Nov 28, 2001 at 01:42:02PM -0600, Chris Parker wrote: However, in order to use it, I have to learn a whole new markup language. Irony of ironies, the documentation for JADE ( the editor recommended on the docbook site ) sucks. Ugh. That site must really suck, if it led you to believe jade is an editor. 'jade' is a renderer. It will render the DocBook SGML to any format that it has a backend for (usually HTML, PDF, and RTF). Docbook really is nice. Please try it. An excellent site is URL: http://www.oreilly.com/catalog/docbook/chapter/book/docbook.html . Here's how useful DocBook is: O'Reilley's authors use Docbook (usually). ORA used jade on the very same source to render it to ROFF for the print-house and HTML for the webmonster. Both look really good. I'm becomming to grok the Buddha-nature of DSSSL (we use it at work), so feel free to ask me to make the rendering phase do what you want. Attached is the single-page HTML rendering of what I have so far. - chad -- Chad Miller [EMAIL PROTECTED] url: http://web.chad.org/home/ ``Is it wrong to donate Kool-Aid to one's favorite kook organizations when The Comets come around?'' - C. M. Title: FreeRADIUS Operating Manual FreeRADIUS Operating ManualCopyright 2001 by The FreeRADIUS ProjectTable of Contents1. Overview1.1. Compilation and Installation1.2. Execution2. Configuration Concepts and Files2.1. Configuration Structure and Parsing2.2. Actual Sections and Variables2.2.1. Five Execution Sections2.2.2. Top-level Variables2.2.3. Proxy Section2.2.4. Thread Pool Section2.2.5. Clients Section2.2.6. Module Section3. TroubleshootingA. Format of the users fileB. Username Collision HandlingB.1. AuthenticationB.2. AccountingC. String TranslationIndexList of Examples1-1. Compiling and Installing FreeRADIUS2-1. Sections, Subsections, and Comments2-2. Defining proxy realms2-3. Listing for a RADIUS clientB-1. Collision in a users fileB-2. Collision information in a passwd fileChapter 1. Overview FreeRADIUS is an implementation of the RADIUS protocol. It aims to be a free, fast, robust, feature-rich server. Livingston's RADIUS server, the first decent free (libre) RADIUS server, is the basis of most RADIUS implementations today. From it grew many attempts at improvement and redesign. One of those reimplementations, Cistron's, became popular for its features and rapid development and it became a staple for those in the ISP business who were dissatisfied with other servers. Eventually, Cistron's server was well entrenched, and development and redesign issues begat The FreeRADIUS Project. Cistron's server is still in usage, but active development on it has ceased and been moved to development of FreeRADIUS The RADIUS protocol is a means of authentication and accounting sessions, usually of dialin users, but feasably of any kind of session. It does not address other concerns like billing, user organization, or data management. A RADIUS server listens on a network for authentication requests, and upon receipt of requests, either answers with a rejection or with confirmation and optional session attribute suggestions. Upon recipt of an accounting packet, it can store evidence of the session starting or terminating. 1.1. Compilation and InstallationThe FreeRADIUS server is written in the C programming language, and a POSIX environment with a ANSI C compiler and GNU Make is necessary to create an executable from source code. There are plenty of optional features of the server that require additional software to be installed for one to use those features. At present, The FreeRADIUS Project does not distribute binary packages; you might get some from your OS vendor or by asking the freeradius-users email list. All the components necessary to build a binary are freely available, though, so you should be able to build it yourself. One should get the server's source code by reading the instructions at http://www.freeradius.org/getting.html. The steps for compiling and installing from FreeRADIUS source (in an example ~/freeradius directory) should be something like... Example 1-1. Compiling and Installing FreeRADIUSfoo:~/freeradius$ ./configure --help (browse the options) foo:~/freeradius$ ./configure [options] loading cache ./config.cache checking for gcc... gcc checking whether the C compiler (gcc ) works... yes checking whether the C compiler (gcc ) is a cross-compiler... no checking whether we are using GNU C... yes checking whether gcc accepts -g... yes checking how to run the C preprocessor... gcc -E [...] foo:~/freeradius$ make make[1]: Entering directory `/home/bar/freeradius' [...] foo:~/freeradius$ su Password: foo:~/freeradius# make install make[1]: Entering directory `/home/bar/freeradius' [...] 1.2. ExecutionThe server executable should be at sbin
Re: core dumps where?
On Thu, Nov 01, 2001 at 10:33:01AM +0100, Thomas Jalsovsky wrote: don't forget tho the shell... in RH7.x the default core filesize is zero. You can change this with ulimit -c 1000 (means unlimited). (/etc/profile) 'ulimit -c unlimited' should work better. An exabyte of RAM won't be far-fetched for long. :) -- Chad Miller [EMAIL PROTECTED] url: http://web.chad.org/home/ ``Is it wrong to donate Kool-Aid to one's favorite kook organizations when The Comets come around?'' - C. M. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: trying to build 0.3 on debian potato
On Thu, Oct 18, 2001 at 06:31:41PM +1000, Mervyn Jack wrote: I have used it as is and used debuild to build a copy on a Debian Woody Testing platform no problems. Good. I wanted to use it on a Potato system. There is no reverse-compatibility. Build it like everybody else, except using './configure -prefix=/usr/local'. The Stable/Potato build-tools and environment aren't sufficient to make a package. You _could_ build the prerequisites by hand. The problem is that the build rules make four packages, not one. Three of those packages aren't possible under Stable/Potato. - chad -- Chad Miller [EMAIL PROTECTED] url: http://web.chad.org/home/ ``Is it wrong to donate Kool-Aid to one's favorite kook organizations when The Comets come around?'' - C. M. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
debian freeradius package
Hi, guys. The Debian package is alive and well. I last uploaded 0_2+20010917-1 to sid on (you guessed it) 17 Sept. It should fall into woody RSN. I'm ready to make one for 0.3 at the drop of a hat. Btw, there is an initscript in the debian/ directory, and the build rules use it. It works properly with the location of the pidfile. (All of that changed on the 17th, so use a recent tree.) When Alan tags 0.3, I'll update the changelog and retag it to 0.3, and upload to sid again. You can wait and get the official package for your particular architecture, or set the date and version in the changelog and make your own, or apt-get source whenever you like. - chad - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: duplicated logs: lot more details
On Mon, Jul 30, 2001 at 04:51:19PM +0200, Samuel Maftoul wrote: Neither the first nor the second answer seem to be the solution. Here is a detailed configuration of how things works for me: Try tcpdump on the RADIUS-serving machine, and debug radius authentication (?) on the Cisco. The answer's there somewhere. You're sure you don't have the detail module listed in your config a few times? - chad -- Chad Miller [EMAIL PROTECTED] | If you keep your mind sufficiently unix brujo, shutterbug, bookworm | open, people will throw a lot of URL: http://web.chad.org/home/ | rubbish into it. --William Orton - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: duplicated loging
On Fri, Jul 27, 2001 at 09:30:55AM +0200, Samuel Maftoul wrote: On Thu, Jul 26, 2001 at 05:41:01PM +, Miquel van Smoorenburg wrote: Samuel Maftoul [EMAIL PROTECTED] wrote: I'm encountering troubles using freeradius-0.1 with an AS 5300 cisco nas: I have four (no more or less) duplication of every action. Does the machine you're running the radius server on have more than one IP address? If so, bind the server to the IP address you're using for the radius server by using the '-i' command line option or the 'myip' parameter in the config file. This is in the FAQ, btw That's why i've already tested. :) It doesn't do anything. (in the faq it's written that masseages are sent a lot of time like if there was network connexion problem or things like that. My message are just repeated 4 times. Maybe something can help you to help me (:)) I have splet something:It's not an AS 5300 but a cisco 2514. If the server is replying with the wrong address on the packets, then the NAS would ignore them and retry sending them, hoping to get a response. You're using the wrong address. Really. - chad -- Chad Miller [EMAIL PROTECTED] | If you keep your mind sufficiently unix brujo, shutterbug, bookworm | open, people will throw a lot of URL: http://web.chad.org/home/ | rubbish into it. --William Orton - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html