from:"Evren Yurtesen"

Re: dialup_admin on different server

2003-09-18 Thread Evren Yurtesen

do you have your php compiled with radius support? do you have radius 
client libraries? something is missing obviously...

Bernie Liwanag wrote:

Dear Evren,

I have already changed the entry for sql_server:localhost to
sql_server:my_server_ip addr but it still won't work.When I access the
accounting options, it says "can't connect to sql server"
Below is the result of my "Check Server" test.

Warning: file("") - Permission denied in
/var/www/html/dialup_admin/htdocs/user_test.php3 on line 99
Warning: Unlink failed (No such file or directory) in
/var/www/html/dialup_admin/htdocs/user_test.php3 on line 100
Warning: The argument needs to be an array in
/var/www/html/dialup_admin/htdocs/user_test.php3 on line 115
Warning: Invalid argument supplied for foreach() in
/var/www/html/dialup_admin/htdocs/user_test.php3 on line 118
Thursday, 18 September 2003, 11:53:52 WAT
Server: server_ip_address :1812
(test user testuser)




Message: 1
Date: Thu, 18 Sep 2003 11:30:23 -0700
From: Evren Yurtesen <[EMAIL PROTECTED]>
To:  [EMAIL PROTECTED]
Subject: Re: dialup_admin on different server
Reply-To: [EMAIL PROTECTED]
see conf/admin.conf
change
sql_server: localhost
to your server address
also the user/pass information etc.
Bernie Liwanag wrote:


Dear Kostas,

Thanks for responding! Can you tell me how to configure the dialup_admin
on

a separate server that will lookup my other freeradius and mysql server.

TIA!

Bernie



-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html





- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: dialup_admin on different server

2003-09-18 Thread Evren Yurtesen

see conf/admin.conf
change
sql_server: localhost
to your server address
also the user/pass information etc.
Bernie Liwanag wrote:

Dear Kostas,

Thanks for responding! Can you tell me how to configure the dialup_admin on
a separate server that will lookup my other freeradius and mysql server.
TIA!

Bernie



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius and Mikrotik as NAS

2003-09-17 Thread Evren Yurtesen

This is not strictly a freeradius question but the solution requires 
some radius knowledge.

You should think about yourself as the boss and radius server as a lower 
level boss and NAS is the employee. Employee(NAS) ask to lower level 
boss(radius) a question about if he is allowed to do something. The 
boss(radius) looks from company policies(radius configure files or 
database) and decides if the employee(NAS) is allowed or not and returns 
an answer to the employee(NAS). The policies are dictated by the higher 
level boss (YOU).

So you feed in the radius what it should tell to mikrotik. If you tell 
to radius that a certain user should have 64k bandwidth limit, then when 
the mikrotik asks to radius about a user, radius would return, ok the 
password is correct but you should also enforce this bandwidth 
limit...blah blah.

The question is how you configure the radius that it will return this 
information? The answer is not easy, because many vendors support 
different attributes.

Well, luckily mikrotik has excellent support/documentation pages.
http://www.mikrotik.com/Documentation/manual_2.7/Basic/AAA.html#ht37996460
It is clearly explained what mikrotik asks from radius and what radius 
can send to mikrotik, well radius can send anything but it actually 
explains what mikrotik can understand.

So if you can make radius send anything you want then you have a green 
light :) and it is not that hard after all if you could install it etc.

Now it is best to use pppoe over wlan! if you use pppoe you can disable 
all the IP traffic over your wlan, one thing about using ppp is that if 
the people are able to connect to your APs and IP is enabled, then they 
can do their little own private networks which might not be able to 
connect to internet but they can transfer data to each other. Unless you 
use some kind of high end authentication method for the associations to 
your APs.

With PPPoE the IP packets do not need to travel over the lan. Yet it is 
possible that somebody might put up an PPPoE server himself but this, 
you can realize quickly and ban the user. Yet APs allow you to disallow 
communication in between clients etc. There can be done many complex setups.

There is always a way to crack a system and at the same time it is 
always possible make it virtually unusuable and expensive when you try 
to make your lan difficult to crack. For example you could ask for 
fingerprints or dna tests when you authenticate your users :))) They 
cant even share their passwords hehe

Evren

Evren

Evren

Martin Jessa wrote:

Hi Evren, guys.

I've installed mikrotik's router on my box, set up my radius server to work nicely 
with mysql and md5 hashed passwords.
Now I need to chose whether to use ppp or pppoe for users to authenticate and connect 
to the outside world.
I want my radius server to talk to the NAS (the mikrotik box) and give my users 
different bandwith based on their usernames.
Is there any software I can use for that ?
How can freeradius send that kind of info to the mikrotik router?
And what would be the best to use, ppp or pppoe for my Wlan users with LAN-range IP 
numbers?
Thanks again.

YazzY



On Sun, 14 Sep 2003 12:25:02 -0700
Evren Yurtesen <[EMAIL PROTECTED]> wrote:

If you have a bridged network and a pppoe server then your users can 
connect to pppoe server from any ap and plus roam.
About the AP stuff, still the best is to use mikrotik operating system, 
unless you are using high end ap's like cisco or orinoco.
old PCs do great as an AP, if you have some old PCs then why pay for an 
expensive AP

Evren

Martin Jessa wrote:


I forgot to mention one thing.
The bandwith limiting must be done on the routers, not on the AP's.
The reason for that is I need to be able to give different bw to users connected to 
the same AP. Also users must be able to connect from different places to different 
AP's. Be able to roam.
Pluss it must be easy to replace the AP's in case they broke, even for someone with 
little experience.
On Sun, 14 Sep 2003 02:29:24 -0700
Evren Yurtesen <[EMAIL PROTECTED]> wrote:


Hi :) I see you are a BSD guy like me :)
I had similar problem for my wireless clients, I came up with an 
excellent PPPoE solution. It is called www.Mikrotik.com
Its a shame that the pppoe implementation in FreeBSD cant do bandwidth 
limiting, but the mikrotik(linux yack) implementation does! I am almost 
sure it can do bandwidth limiting on pptp interfaces too.
You can download a trial version of mikrotik, although you cant use the 
trial version with wireless, you can try with ethernet, these pppoe and 
pptp connections.

I am sure you will be little alien to the interfaces of mikrotik for a 
while but it is similar to cisco ios and they have a quite nice 
graphical administration tool.

I wonder if your tunnels fail because of some MTU constraints.

If you use pppoe, you can give bandwidth from radius! upload/download 
different bandwidths are poss

Re: Bandwith limiting of wireless users.

2003-09-14 Thread Evren Yurtesen

No, you can do vpn tunnels inside pppoe connections even if the 
connection is encrypted.

Evren

Martin Jessa wrote:

I dont need encryption on that level. It will make it impossible for my users to 
create vpn tunnels.
As I mentioned before I need my Radius server to be able to talk to some kind of 
solution/device to enforce bandwith limit (not that off topic).
And I've no idea how that can be done...


On Sat, 13 Sep 2003 23:58:03 -0400
"Jeremy Davis" <[EMAIL PROTECTED]> wrote:

PPPoE can provide link encryption, I know this is starting to get off topic.
If you like a Cisco IOS like feel, then definitely microtik is probably the
way to go.
Jeremy

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Alan DeKok
Sent: Saturday, September 13, 2003 6:41 PM
To: [EMAIL PROTECTED]
Subject: Re: Bandwith limiting of wireless users.
Martin Jessa <[EMAIL PROTECTED]> wrote:

Is there a way to make radius do bandwith restrictions or run
commands against an external application?
 For the first question, it's not the responsibility of RADIUS to
enforce bandwidth restrictions.  The radius server can tell the NAS,
but it's the job of the NAS to do that enforcement.
 So the better question is: Can the NAS enforce bandwidth
restrictions?  If so, how?
 As for the second question, read the docs.

 Alan DeKok.

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Bandwith limiting of wireless users.

2003-09-14 Thread Evren Yurtesen

If you have a bridged network and a pppoe server then your users can
connect to pppoe server from any ap and plus roam.
About the AP stuff, still the best is to use mikrotik operating system,
unless you are using high end ap's like cisco or orinoco.
old PCs do great as an AP, if you have some old PCs then why pay for an
expensive AP

Evren

Martin Jessa wrote:

I forgot to mention one thing.
The bandwith limiting must be done on the routers, not on the AP's.
The reason for that is I need to be able to give different bw to users connected to
the same AP. Also users must be able to connect from different places to different
AP's. Be able to roam.
Pluss it must be easy to replace the AP's in case they broke, even for someone with
little experience.
On Sun, 14 Sep 2003 02:29:24 -0700
Evren Yurtesen <[EMAIL PROTECTED]> wrote:

Hi :) I see you are a BSD guy like me :)
I had similar problem for my wireless clients, I came up with an
excellent PPPoE solution. It is called www.Mikrotik.com
Its a shame that the pppoe implementation in FreeBSD cant do bandwidth
limiting, but the mikrotik(linux yack) implementation does! I am almost
sure it can do bandwidth limiting on pptp interfaces too.
You can download a trial version of mikrotik, although you cant use the
trial version with wireless, you can try with ethernet, these pppoe and
pptp connections.

I am sure you will be little alien to the interfaces of mikrotik for a
while but it is similar to cisco ios and they have a quite nice
graphical administration tool.

I wonder if your tunnels fail because of some MTU constraints.

If you use pppoe, you can give bandwidth from radius! upload/download
different bandwidths are possible. The sky is the limit.

Evren

Martin Jessa wrote:

Hi guys.

I have a setup for wireless clients where I use pptp vpn tunnels for my users to be able to auth and connect.
The vpn daemon (poptop) talks to freeradius server which against gets user info from MySQL database.
I use dialup_admin to be able to easly add new users.
Everything works great except for one thing.
The users (companies) are unable to create their own VPN tunnels (i.e IPsec) to other places.
It's impossible to tunnel IPsec inside of pptp vpn tunnels.
So maybe running plain PPPoE could solve that problem.
Then I could use WPA for traffic encryption.
Does that sound logical?
I also need some kind of system that will make it possible to give different bandwith to different users.
I though I could set up DUMMYNET with bw restrictions for different subnets with a subnet mask like /16 or similar.
Then give static IP's to my users depending on what bw they are allowed to use. But this approach does not seem to be very flexible.
Is there a way to make radius do bandwith restrictions or run commands against an external application?
I am not "locked" to use BSD, if this works better on Linux then I will use it too.

Thanks
YazzY

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Bandwith limiting of wireless users.

2003-09-14 Thread Evren Yurtesen

It does support wireless interfaces but not the trial version. With the
trial version you can have only 4 pppoe sessions at the same time. I
would just suggest you to experiment with mikrotik. I have carefully
considered every option and came up with one result. Mikrotik is quite
flexible and the license fee is affordable.

As well, you can use staros for the same thing! but it is a lot less
flexible and ugly!

radius doesnt do any bandwidth limiting, but it can tell to mikrotik
that mikrotik should do :) I am using mikrotik with freeradius but any
radius would do, freeradius is able to do mysql lookups. Perhaps you can
figure out some things to do with that :)

About the encryption. I dont use encryption because I decided that it
should be the user's responsibility. You should just test it and see. I
would guess that you will have a problem with MTU :) It is a common
problem, you cant browse but you can ping perfectly. Funny thing.

Centralizing everything is one thing, but do you really want all your
email users to connect wirelessly? then again one user might have 2
emails etc. Then you should change the database structure in your mail
server blah blah. :)

Well its your system.
good luck
Evren

Martin Jessa wrote:

Hi !

Thanks a bunch for your quick answer.
So basically what you can do with the mikrotic stuff is authorizing users, allow them
to connect to your network based on info from a radius server and let the radius to
the bandwith limiting?
What Radius servers does it support? How is encryption done and would it be possible
to make the radius server talk to a database?
You see, I want the radius server to use the same database as my email and web users.
I want to centralize everything.
I dont mind if it does not support wireless interfaces. I can just connect an AP to a
nic with a cross over cable. Thanks cool.
Thanks a lot again.
You are saving my skin (literally).

On Sun, 14 Sep 2003 02:29:24 -0700
Evren Yurtesen <[EMAIL PROTECTED]> wrote:

I am sure you will be little alien to the interfaces of mikrotik for a
while but it is similar to cisco ios and they have a quite nice
graphical administration tool.

I wonder if your tunnels fail because of some MTU constraints.

If you use pppoe, you can give bandwidth from radius! upload/download
different bandwidths are possible. The sky is the limit.

Evren

Martin Jessa wrote:

Hi guys.

Thanks
YazzY

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Bandwith limiting of wireless users.

2003-09-13 Thread Evren Yurtesen

I am sure you will be little alien to the interfaces of mikrotik for a
while but it is similar to cisco ios and they have a quite nice
graphical administration tool.

I wonder if your tunnels fail because of some MTU constraints.

If you use pppoe, you can give bandwidth from radius! upload/download
different bandwidths are possible. The sky is the limit.

Evren

Martin Jessa wrote:

Hi guys.

Thanks
YazzY

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: dialup_admin installation using PHP and HTTPD

2003-09-11 Thread Evren Yurtesen

Perhaps your web server is not processing PHP at all.
This was discussed in this list a few weeks ago. I am
not using redhat so I better not comment :) But you
surely can search from the mailing list archives.
Also the problem was with apache2, this is not a dialup_admin
issue.
But, to be sure, are you able to run any php scripts on your server?
You can do a simple php page and try, for example
phpinfo.php

inside


If this works then the problem might be that your server
doesnt recognise .php3 files as php files. If I remember
right dialup_admin had file extensions .php3, well, you can
easily fix this in apache config file also.
Evren

Evren

Bernie Liwanag wrote:
Hi to all!

I have configured freeradius, mysql and dialup_admin on the same machine
runing on Red Hat 9. I used the default httpd-2.0 and the php-4.2.My
freeradius and mysql are running.I followed the instructions on dialup_admin
installation guide but when I access  it in my web browser, i cant view the
buttons on left side portion of the web site and i can only see the php
commands for that portion. also I still can only see the title "DIALUP
ADMIN" in the main html page.
I have tried to run the dialup_admin tool from other linux box (Red Hat
7.2,http-1.3.2,php-4.0) without freeradius and mysql,just to isolate the
problem. From this setup I was able to view completely the main page of
dialup_admin web link. Perhaps there could be a problem in the version of
php and the http that im using thats why can't run it in Red Hat 9 linux
box.
Anybody here can give me an idea on how to run the dialup_admin tool in diff
linux box? Or perhaps help me configure my http and php in Redhat9 in such a
way i can run the dialup_admin in the server together w/ my freeradius and
mysql?
Thanks a lot and more power to all!

Bernie



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

cisco vpdn nas port id

2003-09-09 Thread Evren Yurtesen

Hi,

I wonder if anybody is using freeradius with vpdn connections?
I am getting weird port id numbers from the cisco. Not the virtual 
interface numbers. I dont know what is wrong. Any experiences?

Evren

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Group-Simultaneous-Use

2003-09-02 Thread Evren Yurtesen

I dont believe freeradius can do this. At least not with SQL because I 
didnt see any SELECT commands which satisfy this situation in sql.conf

But there could be a simple way to manage this problem. By assigning one 
username to your group and giving 20 as Simultaneous-Use limit. So
everybody use the same user/pass combination. Now I am sure, most 
probably you already thought of this :) but you cant use.

Well, it also shouldnt be very difficult to add a groupwise simultaneous 
use attribute to freeradius since it already has simultaneous use 
attribute, this should be trivial. Instead of writing a script, maybe 
you should dig into sources :)

Evren

Ali Gunduz wrote:

Hi,

I want to have a simultaneous-use limit for groups. E.g., I have, say,
50 users in group1 and I want to set limit for group1 to, say, 20... If
there are already 20 online dialup users at any given time, 21st users
will be denied access.
(user<->group relation is already set up in database)
Is there an attribute to achieve this or should I go for writing a small
script to execute externally upon every request??
Thanks..

Ali gunduz

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: log clear passwords

2003-08-30 Thread Evren Yurtesen

Yet you can see that they type the password wrong. If you are using chap 
then you should accept that you cant learn more than that.

As a matter of fact using CHAP is not any more secure than using PAP if 
you are using it for dialup. It is extremely difficult to spy on a 
dialup line anyhow (thus wouldnt worth for cracking either) If the 
password exchanged between the client and the NAS is not encrypted, who 
cares? :) The information exchanged between the NAS and the FreeRadius 
is already encrypted so there is also very little risk of compromising 
the security.

The downside of using CHAP is if you lose your user database, then you 
are doomed. You must change every user's password doh. If the user
forgets his password then it should be trivial to give a new one though.

So for dialup environment, using PAP is actually acceptable. Also you 
can use PAP with cleartext passwords too if you want.

Evren

Omar Armas wrote:
 Why would you want to log the password from the database?  You can
always look it up in the database, if you care what it is.


In my case, we migrated 2000 dial up users to a new ISP. We were given a
list of login and passwords, not fully updated with the real info in the
client side. 
I want to log the clear text password to be able to say to the client
"you are typing XXX as password".
It's incredible, but we have many dial up users who say "Im typing X as
password", but they are entering "Y".
Is just to give better support to clients.

Omar

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re:(2) log clear passwords

2003-08-30 Thread Evren Yurtesen

by the way, didnt they have a password database to authenticate users 
anyhow? how come they have an not up to date database of passwords? How 
were they authenticating anyhow?

Omar Armas wrote:

 Why would you want to log the password from the database?  You can
always look it up in the database, if you care what it is.


In my case, we migrated 2000 dial up users to a new ISP. We were given a
list of login and passwords, not fully updated with the real info in the
client side. 
I want to log the clear text password to be able to say to the client
"you are typing XXX as password".
It's incredible, but we have many dial up users who say "Im typing X as
password", but they are entering "Y".
Is just to give better support to clients.

Omar

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: log clear passwords

2003-08-28 Thread Evren Yurtesen

No, modifying sources wouldnt do any good, because when you use chap the 
password is not transmitted over the line. Thus there is no way for 
freeradius to know what password the client entered.

Pablo Veliz wrote:

El Thu, 28 Aug 2003 12:33:12 -0500
Omar Armas <[EMAIL PROTECTED]> escribió:

I have freeradius 0.9.0 under debian 3 with mysql authentication.
I wanto that in raidus.log appear the clear text password in login
failures. I have "log_auth = yes", "log_auth_badpass = yes", and in
radius.log I get:
Login incorrect (rlm_chap: Clear text password not available): 
[user/]

How should I configure radiusd.conf to make clear text passwords
available in logfile?
from my experience, you don't. Its a NAS "feature" that you have to change, if you use PAP you will see the misstyped password, but if you use CHAP as many, you won see the password... unless you modify the sources?



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: log clear passwords

2003-08-28 Thread Evren Yurtesen

You can not log passwords if you are using chap.
Because no password is transmitted over the line.
Try with pap if its ok.
Evren

Omar Armas wrote:

I have freeradius 0.9.0 under debian 3 with mysql authentication.
I wanto that in raidus.log appear the clear text password in login
failures. I have "log_auth = yes", "log_auth_badpass = yes", and in
radius.log I get:
Login incorrect (rlm_chap: Clear text password not available): 
[user/]

How should I configure radiusd.conf to make clear text passwords
available in logfile?
Omar

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: dialupadmin bug?

2003-08-28 Thread Evren Yurtesen

If you have this in your sql.attrmap file then it should go to right place
checkItem   Expiration  Expiration
I am using dialupadmin also and works fine to me

alantu wrote:
> HI all
>  when use dialupadmin to add the expiration attribute to users,the attribute always 
> addes to the "radreply" not the "radcheck" .
> How to order it add to "radcheck" tables?
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Expiration with mysql

2003-08-22 Thread Evren Yurtesen

yeah, I dont know if it has any significance but my op column is before
value column.
and I used == in the op if I am not mistaken (that shouldnt matter though)

alantu wrote:

> freeradius-users
> I take off the double quotes but it still doesn't work
> 
> 
> Message: 4
> Date: Fri, 22 Aug 2003 10:05:07 -0700
> From: Evren Yurtesen <[EMAIL PROTECTED]>
> To:  [EMAIL PROTECTED]
> Subject: Re: Expiration with mysql
> Reply-To: [EMAIL PROTECTED]
> 
> did you try to take off the double quotes?
> 
> alantu wrote:
> 
> 
>>HI all
>>I get a question about Expiration .
>>when i make a user "boy" in the /raddb/users file,such as 
>>boy Auth-Type := Local, User-Password == "888", Expiration := "20 Aug 2003"
>>it works well
>>but when i put it in mysql ,like below ,it doesn't work
>>| id  | UserName| Attribute  | Value | op   |
>>+-+-++---+--+
>>| 1   | boy | Expiration | "20 Aug 2003" | :=   |
>>anybody can get me some message about Expiration use with mysql .Thanks
> 
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Expiration with mysql

2003-08-22 Thread Evren Yurtesen

did you try to take off the double quotes?

alantu wrote:

> HI all
> I get a question about Expiration .
> when i make a user "boy" in the /raddb/users file,such as 
> boy Auth-Type := Local, User-Password == "888", Expiration := "20 Aug 2003"
> it works well
> but when i put it in mysql ,like below ,it doesn't work
> | id  | UserName| Attribute  | Value | op   |
> +-+-++---+--+
> | 1   | boy | Expiration | "20 Aug 2003" | :=   |
> anybody can get me some message about Expiration use with mysql .Thanks
> 
> 
>  
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

NAS-Port-Type question

2003-08-14 Thread Evren Yurtesen

How can I set freeradius so that if nas port type is
Async OR Virtual then it will accept a user? when I put
nas port type to Async then the users with virtual are not able to 
connect. Is there a way to OR this item?

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: checkrad always returning 0?

2003-08-14 Thread Evren Yurtesen

for one thing, download latest release 0.9 something and try the 
checkrad which comes inside...
then did you set etc/clients.conf and etc/naspasswd ? what did you set ?
the important thing is nastype login and password ...
what kind of nas do you have? etc. if you use snmp, did you try to see 
manually if you can connect to nas? do you have ucd snmp...
and blah blah, and if you use telnet is Net::Telnet installed? perl 
module...



Ray wrote:

trying to setup Simultaneous-Use and it is working so far, but i haven't 
succesfully setup checkrad with it.

using freeRadius 0.8.1

checkrad -d netserver xx.xx.xx.4 366 user 22544538
and it keeps outputting 
Returning 0 (login ok)
even when the user is on.

i'm using MySQL for accounting and using 
NASIPAddress NASPortId UserName AcctSessionId 
from radacct for the paramaters to test checkrad

what should i check or change to get that working?

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: checkrad always returning 0? Solved

2003-08-11 Thread Evren Yurtesen

oh yes, I missed that damn, but you can better look for > in the line 
anywhere... should be like this (I think)
Prompt => '/\>/');
so perhaps that way it would work whatever the NAS name is...
If you have different names in different NASes that would be nasty :)

Evnren

Ray wrote:

turns out that the nas is using "HiPer>>" for a prompt so i had to modify the 
code to look for that prompt. before it was looking for just ">"

the two lines i ended up changing in the end are:

$telnet = new Net::Telnet (Timeout => 10,
   Prompt => '/HiPer\>\>/');
while ($curprompt ne "HiPer\>\>") {
($curline, $curprompt) = $telnet->waitfor
( String => "HiPer\>\>",
  Timeout => 5);
i'm not the ones who setup these NASs so i'm not sure if the prompt is 
something someone set to just be cute.  but it works now.  and the co-workers 
telling me they are USR/Total Contol are part right, some of them are some 
are other USRs, so i still have some poking around to do before i'll actually 
get it working correctly. but that is a completely different problem.


Ray wrote:
trying to setup Simultaneous-Use and it is working so far, but i
haven't succesfully setup checkrad with it.
using freeRadius 0.8.1

checkrad -d netserver xx.xx.xx.4 366 user 22544538
and it keeps outputting
Returning 0 (login ok)
even when the user is on.
i'm using MySQL for accounting and using
NASIPAddress NASPortId UserName AcctSessionId

from radacct for the paramaters to test checkrad

what should i check or change to get that working?


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: checkrad always returning 0? --

2003-08-10 Thread Evren Yurtesen

well what I would do is printing something else to test if the checkrad 
script is working until there. like
print("hello");

:) and then just before
$telnet->print("list connections");
you can put like
sleep(60);
so it will sleep 60 seconds
so you can see if your user is already inside this netserver thing :) 
never seen one so...if its not there then you can be sure that checkrad 
is having trouble. If the user is not there but hello prints then
you will know there is a problem with the telnet connection.

you can not print $curline because its an array...
you can try
foreach $line (@curline) {
   print($line);
}
this would print each element of the currline array
so after you test these you can return back to me :)
by the way my icq number is 913003 if you would prefer that.
well I just canceled my previous email after I pressed send because 
there was a semicolon missing after print :) just be careful...

Evren

Ray wrote:

On Wednesday 06 August 2003 23:44, you wrote:

did you realize these?
# uncomment this if you use the standard
# prefixes
#$user =~ s/^[PSC]//;
#$user =~ s/\.(ppp|slip|cslip)$//;
we aren't using prefixes as far as i know.


you can perhaps put
print($user);
right after these and you should see all the users in the nas
from the output also you might figure out what is wrong
dont put it inside the if clause though :)
well you can let us know what you get?


tried putting a print $user in different places, and for some reason they 
don't print anything.  but then i don't know perl, so i might be doing this 
wrong too.  

while ($curprompt ne "\>") {
($curline, $curprompt) = $telnet->waitfor
( String => "\>",
 Timeout => 10);
$ok = $telnet->print("");
push @curlines, split(/^/m, $curline);
print($curline);
}
...
#
# Check to see if $user is already connected
#
print($user);
if ($user eq $ARGV[3]) {
and i modified the print statement about user not found just to make sure i'm 
editing the correct module and file.  (and i am)


what does the output of
list connections
command look like?
HiPer>> list connections

CONNECTIONS

Start   Start
IfName  User Name   Type   DLL  DateTime
slot:1/mod:1jd613   DIALIN PPP  06-AUG-2003 13:58:58  
slot:1/mod:2david   DIALIN PPP  06-AUG-2003 08:50:36  
slot:1/mod:3allonmy DIALIN PPP  06-AUG-2003 11:03:46  


Ray wrote:

On Wednesday 06 August 2003 22:13, you wrote:

for one thing, download latest release 0.9 something and try the
checkrad which comes inside...
then did you set etc/clients.conf and etc/naspasswd ? what did you set ?
the important thing is nastype login and password ...
what kind of nas do you have? etc. if you use snmp, did you try to see
manually if you can connect to nas? do you have ucd snmp...
and blah blah, and if you use telnet is Net::Telnet installed? perl
module...
etc/clients.conf and etc/naspassword are setup, but since i'm only
calling checkrad manually at this point, only the naspassword file has
any affect. i was getting an error about bad password before setting up
naspassword, but the error message and documentation already got me past
that problem.
nas: i'm told it is USR/Total Control, but when i manually telnet into it
and mimic the commands of the tc module, it doesn't do what it should. 
but the commands in the module for netserver are correct, so i'm using
that. as for Net::Telnet, it is installed (3.02)
snmp isn't being used since i'm not using a nas that checkrad needs snmp
for, i'm not sure which version of snmp i have, but it doesn't seem like
that would matter in this case where the modules are using telnet to
check the nas.


Ray wrote:

trying to setup Simultaneous-Use and it is working so far, but i haven't
succesfully setup checkrad with it.
using freeRadius 0.8.1

checkrad -d netserver xx.xx.xx.4 366 user 22544538
and it keeps outputting
Returning 0 (login ok)
even when the user is on.
i'm using MySQL for accounting and using
NASIPAddress NASPortId UserName AcctSessionId

from radacct for the paramaters to test checkrad

what should i check or change to get that working?


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: checkrad always returning 0?

2003-08-10 Thread Evren Yurtesen

did you realize these?
# uncomment this if you use the standard
# prefixes
#$user =~ s/^[PSC]//;
#$user =~ s/\.(ppp|slip|cslip)$//;
you can perhaps put
print($user);
right after these and you should see all the users in the nas
from the output also you might figure out what is wrong
dont put it inside the if clause though :)
well you can let us know what you get?
what does the output of
list connections
command look like?
Evren
Ray wrote:

On Wednesday 06 August 2003 22:13, you wrote:

for one thing, download latest release 0.9 something and try the
checkrad which comes inside...
then did you set etc/clients.conf and etc/naspasswd ? what did you set ?
the important thing is nastype login and password ...
what kind of nas do you have? etc. if you use snmp, did you try to see
manually if you can connect to nas? do you have ucd snmp...
and blah blah, and if you use telnet is Net::Telnet installed? perl
module...


etc/clients.conf and etc/naspassword are setup, but since i'm only calling 
checkrad manually at this point, only the naspassword file has any affect.
i was getting an error about bad password before setting up naspassword, but 
the error message and documentation already got me past that problem.

nas: i'm told it is USR/Total Control, but when i manually telnet into it and 
mimic the commands of the tc module, it doesn't do what it should.  but the 
commands in the module for netserver are correct, so i'm using that.
as for Net::Telnet, it is installed (3.02)
snmp isn't being used since i'm not using a nas that checkrad needs snmp for, 
i'm not sure which version of snmp i have, but it doesn't seem like that 
would matter in this case where the modules are using telnet to check the nas.


Ray wrote:

trying to setup Simultaneous-Use and it is working so far, but i haven't
succesfully setup checkrad with it.
using freeRadius 0.8.1

checkrad -d netserver xx.xx.xx.4 366 user 22544538
and it keeps outputting
Returning 0 (login ok)
even when the user is on.
i'm using MySQL for accounting and using
NASIPAddress NASPortId UserName AcctSessionId
from radacct for the paramaters to test checkrad
what should i check or change to get that working?


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Advantages of Using SQL ?

2003-08-05 Thread Evren Yurtesen

maybe thats the problem, you are not designed to remember millions of 
girlfriends names/numbers etc. thats why you are inefficient by design 
in this area particular area of operation.

so you hire a secretary which will improve your efficiency :)

Evren

Robert LaGrasse wrote:

If I could remember the names and numbers of millions of girlfriends
simultaneously, I could still call any of them faster myself. Having a
secretary to keep track of my dates and remind me when special occasions
come up is also useful. Either way, I'm a pretty happy guy... 

;)

-Original Message-
From: SIMICRO ML [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 05, 2003 1:32 AM
To: [EMAIL PROTECTED]
Subject: Re: Advantages of Using SQL ?
Peter Nixon wrote:

On Tue August 5 2003 06:37, Evren Yurtesen wrote:


Its like saying that example B is faster than example A in the following 
scenario:

A) You need to call your girlfriend. You know her number, so you dial it
and 

talk to her.

B) You need to call your girlfriend, You don't know her number so you call


your secretary and ask her to look it up in the phone book. Your secretary


looks up the number, calls you back and give it to you, then you call your


girlfriend.

Which do you thing is faster?? Bzzzt. WRONG ANSWER. Just because the phone


book has a great, wonderfully efficient index, and your secretary is very 
good at using it, doesn't mean that it's faster than having the number in 
your own head


... and what if you had _millions_ of girlfriends :-D

@+


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Advantages of Using SQL ?

2003-08-05 Thread Evren Yurtesen

I think if you had millions of girlfriends you would be broke :)
*lol* and your memory would wear off because of too many write attempts
from millions of girlfriends. :)))
Jeremy Davis wrote:

It is a good analogy, obviously if you had millions of girlfriends it would
take more memory :)
Memory in both cases would still be faster, anything loaded in memory will
always be faster, anything accessing a harddrive will almost always be the
bottleneck compard to loading from memory.
Jeremy

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Peter Nixon
Sent: Tuesday, August 05, 2003 2:34 AM
To: [EMAIL PROTECTED]
Subject: Re: Advantages of Using SQL ?
On Tue August 5 2003 08:32, SIMICRO ML wrote:

Peter Nixon wrote:

On Tue August 5 2003 06:37, Evren Yurtesen wrote:

Its like saying that example B is faster than example A in the following
scenario:
A) You need to call your girlfriend. You know her number, so you dial it
and talk to her.
B) You need to call your girlfriend, You don't know her number so you
call your secretary and ask her to look it up in the phone book. Your
secretary looks up the number, calls you back and give it to you, then
you call your girlfriend.
Which do you thing is faster?? Bzzzt. WRONG ANSWER. Just because the
phone book has a great, wonderfully efficient index, and your secretary
is very good at using it, doesn't mean that it's faster than having the
number in your own head
... and what if you had _millions_ of girlfriends :-D


Yes. Like all analogies it not perfect, but it does illistrate the point we
were talking about.
--

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Advantages of Using SQL ?

2003-08-04 Thread Evren Yurtesen

How do you test this? or joke? :)
I would like to keep record of my server performances relative to each 
other too, it sounds like a cool idea

Evren

Tim McCracken wrote:

My testing confirms Alan's numbers, however he neglected to mention:

Solaris: 2.5
VMS on Alpha: 8.0  :)


On Mon, 04 Aug 2003 16:07:58 -0400
 "Alan DeKok" <[EMAIL PROTECTED]> wrote:
Evren Yurtesen <[EMAIL PROTECTED]> wrote:

Everybody argue about something and usually its so difficult to come 
to a conclusion. Microsoft says windows is good, linux people say 
linux is better, I say FreeBSD is best :)


  NetBSD...

Microsoft always says the newer version of windows works faster and 
more efficiently etc. But yet they require faster cpu's and more 
memory in their system requirements :) When we leave the memory out, 
I wonder why a more efficient system require faster cpu :) there is a 
problem in this
equation :)


  At work, we run CPU and memory intensive applications. On the same
hardward, the relative speed of our apps on the various OS's, relative
to NetBSD, are:
NetBSD: 1.0
Linux : 0.6
XP: 0.2
NT4   : >0.1
  So I agree, XP is twice as good as NT4. :)

  Alan DeKok.

- List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html


- List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Advantages of Using SQL ?

2003-08-04 Thread Evren Yurtesen

Ok lets make peace :)
Everybody argue about something and usually its so difficult to come to 
a conclusion. Microsoft says windows is good, linux people say linux is 
better, I say FreeBSD is best :)

Anyhow the hardware is so fast and cheap nowadays that we dont need to 
be so efficient :) It is better to install things the most productive 
way. Usually it is enough...

By the way I would like to finish this with something which I think funny:

I just remembered something when I thought about efficient.
Microsoft always says the newer version of windows works faster and more 
efficiently etc. But yet they require faster cpu's and more memory in 
their system requirements :) When we leave the memory out, I wonder why 
a more efficient system require faster cpu :) there is a problem in this
equation :)

Evren

Peter Nixon wrote:

On Tue August 5 2003 06:37, Evren Yurtesen wrote:

Well, if that is such a big problem then you can do a memory disk and
store your db files in memory disk. That would then definetely work
better than freeradius itself. How much are the memory prices now anyhow.


You could. This again uses more memory, which was one of the things you said 
you save by using a DB. You can't have it both ways.


About the operating system stuff, the load of exchanging few messages in
memory can not be so overwhelming compared to an inefficient search of a
few hundred thousands of users from a text database even when its in
memory already.


What is so inefficient about the search algorithm used by FreeRadius. (I have 
not looked currently) If is IS slow, then once again, we can simply use the 
"efficient" algorithm from MySQL instead of the one currently in use.


There so many programs running in background usually that I am sure that
many programs trigger the kernel context switching already even when
freeradius is searching from the users file. Now the point is if the
search is faster then it would be interrupted less since it would take
less time to finish. Thus using SQL would yet improve performance anyhow
since the searches would take a lot less time.


You are again basing your arguement on the hypothesis that FreeRadius uses an 
incredibly inefficient algorithm to search though memory. It would literally 
have to be several orders of magnitude slower than the search algorithm used 
by MySQL for them to be _even_ in terms of speed due to disk/context 
switch/socket/parsing overhead. I simply don't believe that this is the case.
If you show me a benchmark that proves this, I will shutup about it, but what 
you are saying currently just does not make sense. Even if it were true, it 
would be very simple to fix it (ie. Copy the algorithm that MySQL uses into 
FreeRadius).


Look at some statistics
http://cs.nmu.edu/~benchmark/index.php?page=context
The context switching occurs in microseconds. Lets try to calculate how
many context switching operations can be done in a second? Needless to
remind that a microsecond is 10^-6 of a second.
Then think about how much difference would it take to search 10
entries from users file in memory or in sql database. In which sql
already optimize the data to be searched. Then find out how many context
switching can be done in that much time :)
I am certainly uncertain about how much overhead it cause for freeradius
to call to mysql and back but it can not be so much.


It is enough to make a difference :-)


Plus if you have
10 users you do not want to reload the users file :) think about
reading 10 users from the disk. Now is that more efficient? in every
stupid reload. Then calculate the people who change their passwords or
new customers coming and new accounts added.


This is a seperate issue. We already agreed on this issue. I never told you 
otherwise.


You cant possible argue that using users file is faster.


I can and I am. If you are willing to provide benchmarks that prove otherwise 
then I will agree that you are right. (And probably rewrite the search 
algorithm in FR to make it faster :-) Until that time, what you are saying 
goes against common sense.

Its like saying that example B is faster than example A in the following 
scenario:

A) You need to call your girlfriend. You know her number, so you dial it and 
talk to her.

B) You need to call your girlfriend, You don't know her number so you call 
your secretary and ask her to look it up in the phone book. Your secretary 
looks up the number, calls you back and give it to you, then you call your 
girlfriend.

Which do you thing is faster?? Bzzzt. WRONG ANSWER. Just because the phone 
book has a great, wonderfully efficient index, and your secretary is very 
good at using it, doesn't mean that it's faster than having the number in 
your own head


But perhaps the
difference is so little when you have few thousand users that you can
omit the difference.
Evren

Peter Nixon wrote:

On Tue August 5 2003 05:34, Evren Yurtesen wrote:

Thats

Re: Advantages of Using SQL ?

2003-08-04 Thread Evren Yurtesen

Well, if that is such a big problem then you can do a memory disk and 
store your db files in memory disk. That would then definetely work 
better than freeradius itself. How much are the memory prices now anyhow.

About the operating system stuff, the load of exchanging few messages in 
memory can not be so overwhelming compared to an inefficient search of a 
few hundred thousands of users from a text database even when its in 
memory already.

There so many programs running in background usually that I am sure that 
many programs trigger the kernel context switching already even when 
freeradius is searching from the users file. Now the point is if the 
search is faster then it would be interrupted less since it would take 
less time to finish. Thus using SQL would yet improve performance anyhow 
since the searches would take a lot less time.

Look at some statistics
http://cs.nmu.edu/~benchmark/index.php?page=context
The context switching occurs in microseconds. Lets try to calculate how 
many context switching operations can be done in a second? Needless to 
remind that a microsecond is 10^-6 of a second.

Then think about how much difference would it take to search 10
entries from users file in memory or in sql database. In which sql 
already optimize the data to be searched. Then find out how many context 
switching can be done in that much time :)

I am certainly uncertain about how much overhead it cause for freeradius 
to call to mysql and back but it can not be so much. Plus if you have 
10 users you do not want to reload the users file :) think about 
reading 10 users from the disk. Now is that more efficient? in every 
stupid reload. Then calculate the people who change their passwords or 
new customers coming and new accounts added.

You cant possible argue that using users file is faster. But perhaps the 
difference is so little when you have few thousand users that you can 
omit the difference.

Evren



Peter Nixon wrote:

On Tue August 5 2003 05:34, Evren Yurtesen wrote:

Thats totally wrong, so you say same cpu works on both db lookups and
freeradius, now when freeradius is making a lookup inside users file
which is in ram, the same cpu doesnt work on db lookups in memory or
what? so thats out of question.


I am sorry to tell you Evren, but you ARE wrong. Even if you forget for a 
moment the fact that a DB server has to fetch the data from the disk and 
FreeRadius does not, It is MUCH more efficient for FreeRadius to search it's 
own memory space than to ask another program to supply the data.

Asking another program (A DB server or any other program) even if that program 
already has the data in memory is very slow comparitively as it forces a 
kernel context switch to load the other program onto the CPU, then another 
context switch to load FreeRadius onto the CPU.

Put simply you are wrong. Please read up about CPU design and operating system 
context switches before argueing this any more.


but mysql is optimized for that kind of lookups, there is huge
difference. then again, you can increase the mysql memory cache that
mysql can cache the whole db inside the ram if it is small enough.


It is not. There is not. You are wrong. Even if you have the entire DB inside 
ram (which would nullify your point of using a DB instead of a client file to 
save on RAM usage) the CPU still has to switch the running context from FR -> 
DB -> FR which flushes all CPU caches and is very slow. not to mention the 
fact that there is TCP (or UNIX) socket overhead to slow things down. Of 
course there is also Parsing and reparsing of SQL statements  etc etc..


Now about searching in ram is better than using a database backend. I
wonder why companies do not store their database data in text files and
load them to ram :)


They do. Of course they do. It is always faster to load data at run time than 
look it up later. using a DB is easier/better for maintenence. It is NOT 
faster.


now the problem is that also everytime you reload
radius it reloads the whole file since it cant know where the changed
data is. Thus uses far more cpu. 


this ONLY happens at startup. how can it possibly use more CPU than requesting 
from disk for every query???!!!


It is definetely not a good thing if
you want your users to change their passwords from web, then you need to
write to users file and reload radius if you do not use sql.


Yes. As mentioned before. DB is good for easy maintenence, NOT speed.


If you use
sql you can create a user which can only change some parts of the
database and limit the access. It is even more secure when configured
properly. It is 100 times easier to write a php script which does that
than writing it in c or perl


We were argueing about speed, not other issues. DBs are good, but you are VERY 
wrong about them being faster than a memory search of the clients file..

If case you were wondering I maintain the postgresql configs and driver for 
FreeRadius, and run a

Re: Advantages of Using SQL ?

2003-08-04 Thread Evren Yurtesen

Thats totally wrong, so you say same cpu works on both db lookups and
freeradius, now when freeradius is making a lookup inside users file
which is in ram, the same cpu doesnt work on db lookups in memory or
what? so thats out of question.

but mysql is optimized for that kind of lookups, there is huge
difference. then again, you can increase the mysql memory cache that
mysql can cache the whole db inside the ram if it is small enough.

Now about searching in ram is better than using a database backend. I
wonder why companies do not store their database data in text files and
load them to ram :) now the problem is that also everytime you reload
radius it reloads the whole file since it cant know where the changed
data is. Thus uses far more cpu. It is definetely not a good thing if
you want your users to change their passwords from web, then you need to
write to users file and reload radius if you do not use sql. If you use
sql you can create a user which can only change some parts of the
database and limit the access. It is even more secure when configured
properly. It is 100 times easier to write a php script which does that
than writing it in c or perl

Evren

Graeme Hinchliffe wrote:
On Mon, 4 Aug 2003 18:01:07 +0200
"Andrea Coppini" <[EMAIL PROTECTED]> wrote:

DB backends are good, and save alot of admin, but don't expect them to
be

faster than a memory scan :-)

I haven't done any tests, but I would presume an SQL backend would be
more 'robust' than freeradius.
The way I see it, having 1 request a minute is definitely faster with a
users file in memory, but when the load hits and you have 10,000 hits
per minute, freeradius would grind to a halt having to look up the
credentials and handling all NAS comms simultaneously, while freeradius
+ sql would just continue doing their respective jobs as normal.

But as the same CPU would be working on the DB lookups AND the freeRADIUS code as well, it would slow down by a much larger factor. You would now have 2 processes sharing the memory and CPU resources and bus of the system etc..

Fact is Disk access is horribly slow compared to memory.

Look at the spec of a fairly old (now) PC.. 100MHz FSB.. so thats around 100,000,000*4 bytes per SECOND which is a tiny bit faster than a HDD don't you think.

Just look at the clock speed of your PC.. even if the data wasn't indexed in memory and was searched in a linear manner it would still be extremely quick in comparison to a db.

Graeme

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Advantages of Using SQL ?

2003-08-04 Thread Evren Yurtesen

think about it yourself,

-easy data manipulation,
-reload of freeradius is not needed
-nice web interface dialup_admin
-you can make your own web interface with php easily with sql connectivity.
These are what I can think of at the moment. I also think it would be 
faster than using users file and freeradius would use less memory since 
it doesnt load the whole users file to memory (I think it loads it?!)
if you have many users for example. SQL is also designed for quick data 
retrieval so if you plan to have many users than it would give better 
performance when the server needs to find one user.

Perhaps you should also ask to yourself, what is the disadvantage?

Evren

Patrick wrote:

hi,

im a freeradius newbie but i was wondering if there are any major advantages
to running freeradius on an sql auth system or not ? other than of course
the obvious stuff like being able to replicate the tables etc...
Thanks
P
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: vs static route download on Cisco AS53xx

2003-08-01 Thread Evren Yurtesen

If you are going to assign a route to your dialup customers. Then you 
can use the following (I use MySQL so it looks like this)

UserNameAttribute   OP  Route
loginmame   Framed-Route=   217.21.71.136/29 0.0.0.0 1
If you are using some kind of routing protocol the router would also 
distribute this route to all routers, considering you might have 
multiple AS53xx routers.

This works for me...(I think, if I remember right. I should have 1 user
with this or something)
Evren

Arne Larsen wrote:

Hi.
 
Is there someone that can help me ??. I'm trying to get the router to 
fetch is route's from the radius-server.
Whatever I'm doing I end up with only one route on each request.
Here is the last thing I tried.
 
abdigtest-1 Auth-type := Local, User-Password == "cisco", Service-Type = 
 Outbound-User
Cisco-Avpair = "ip:route=170.170.0.16 255.255.255.255 Dialer1 
220 name pel",
Cisco-Avpair = "ip:route=170.170.0.10 255.255.255.255 Dialer1 
220 name fl02",
 
 
abdigtest-2 Auth-type:=Local, User-Password == "cisco", Service-Type = 
Outbound-User,
Cisco-Avpair = "ip:route=170.170.0.10 255.255.255.255 Dialer1 
220 name fl02",
Cisco-AVPair = "ip:route=170.170.236.57 255.255.255.255 Dialer1 
220 name fl06",
Cisco-AVPair = "ip:route=170.170.174.249 255.255.255.255 Dialer1 
220 name fl04",
Cisco-AVPair = "ip:route=170.170.39.94 255.255.255.255 Dialer1 
220 name fl00",
Cisco-AVPair = "ip:route=170.170.20.21 255.255.255.255 Dialer1 
220 name fl005100",
 
Regards
Arne Larsen
Tele Denmark
[EMAIL PROTECTED]  / [EMAIL PROTECTED] 



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: new users recognized without restarting radiusd

2003-07-28 Thread Evren Yurtesen

If you are using a database module then it works.
I dont know if there is any way to do it with users, perhaps somebody 
else would answer that :)

Merlin Kauffman wrote:
Is there any way a user file can be edited and new users can be accepted as valid logins without having to restart radiusd?
 
Thanks,
Merlin Kauffman
[EMAIL PROTECTED]

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: checkrad patch (a new patch also)

2003-07-27 Thread Evren Yurtesen

Thanks,

It is not so difficult but so far I got 4 blames about not doing it
right and none told me where the documentation is.
It is obviously there but not easy to find. At least was not for me.
DIFFS file name didnt even catch on my name. Also there is no section
in the main README file about how to contribute to this project.
Now when I know... next time will be different.

I also made a patch for the README file in 0.9.0 release :)

Evren

Alan DeKok wrote:
Evren Yurtesen <[EMAIL PROTECTED]> wrote:

Look now, I made a unified patch of checkrad but if it is wrong
then dont blame me :) put a page on www.freeradius.org about how
you want your patches please...


doc/DIFFS ?

Is it really that hard to find?

Alan DeKok.

- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--- README  Wed Feb 12 13:44:58 2003
+++ README.new  Sun Jul 27 16:54:59 2003
@@ -1,3 +1,22 @@
+INDEX
+  
+1. INTRO
+2. INSTALLATION
+3. CONFIGURATION FILES
+  3c. NASPASSWD
+  3d. HINTS
+  3e. HUNTGROUPS
+  3f. USERS
+  3g. NEW RADIUS ATTRIBUTES (to be used in the USERS file).
+4. LOG FILES
+  4a. /var/log/radutmp
+  4b. /var/log/radwtmp
+  4c. /var/log/radius.log
+  4d. /var/log/radacct//detail
+5. MORE INFO, SUPPORT
+6. HOW TO CONTRIBUTE
+7. OTHER INFORMATION
+
 1. INTRO
 
   All code in this server was written for this project.
@@ -206,7 +225,7 @@
   For more configuration options on the detail file please see
   README.rlm_detail as it expands upon this greatly.
 
-5.  MORE INFO, SUPPORT
+5. MORE INFO, SUPPORT
 
   We know that the documentation provided is sparse. However it is not in
   the scope of the radius server to provide a guide as to how terminal
@@ -225,7 +244,16 @@
 
http://lists.cistron.nl/archives/freeradius-devel/
 
-6.  OTHER INFORMATION
+6. HOW TO CONTRIBUTE
+
+  If you want to contribute to documentation, then you are welcome.
+  Web pages describing step by step your configuration and including diagrams
+  and settings in configuration files would be nice.
+
+  If you think that you found a bug or you want to add extra functionality
+  then please go through doc/bugs and doc/DIFFS files
+
+7. OTHER INFORMATION
 
   The files in other directories are:

checkrad patch

2003-07-27 Thread Evren Yurtesen

Look now, I made a unified patch of checkrad but if it is wrong then dont
blame me :) put a page on www.freeradius.org about how you want your
patches please...

The problem was in mikrotik module, I made a little update. It wasnt
working properly...

Evren



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: dialup_admin

2003-07-25 Thread Evren Yurtesen

You should really ask this to an Apache or PHP mailing list.

Also I use apache 1.3.x version. That must be the difference.
Make a search from google and use keywords
 how to configure php apache 2


Do you have these also in some of your conf files?
The important thing is that you should have .php3 otherwise you cant run
dialup admin

AddType application/x-httpd-php .php .php3 .phtml
AddType application/x-httpd-php-source .phps


On Fri, 25 Jul 2003, Alex Chen wrote:

> Evren,
>   My system is Linux 8.0 running Apache httpd-2.0.40-8.  It is in stock
> setting.
> I have not touched anything in it.
>
> If I have the following lines in /etc/httpd/conf.d/php.conf
>
> LoadModule php4_module modules/libphp4.so
> AddModule mod_php4.c
>
> I got the following errors when I stop and restart the httpd:
>
> [EMAIL PROTECTED] conf.d]# /etc/init.d/httpd stop
> Stopping httpd:[  OK  ]
> [EMAIL PROTECTED] conf.d]# /etc/init.d/httpd start
> Starting httpd: Syntax error on line 8 of /etc/httpd/conf.d/php.conf:
> Invalid command 'AddModule', perhaps mis-spelled or defined by a module not
> included in the server configuration
>[FAILED]
>
>
> If I change 'AddModule' to 'AddModuleInfo', I got the following error:
>
> [EMAIL PROTECTED] conf.d]# /etc/init.d/httpd start
> Starting httpd: Syntax error on line 8 of /etc/httpd/conf.d/php.conf:
> AddModuleInfo takes two arguments, a module name and additional information
> on that module
>[FAILED]
>
> The file /etc/httpd/conf/httpd.conf does not have any 'AddModule'
> directives.
>
> What is your setting?
>
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] Behalf Of Evren
> > Yurtesen
> > Sent: Friday, July 25, 2003 1:01 AM
> > To: [EMAIL PROTECTED]
> > Subject: RE: dialup_admin
> >
> >
> > look pal, I am using FreeBSD and it can install php
> > automatically and make
> > it work! So I dont know also waht that does. I have searched
> > in my WORKING
> > httpd.conf file for php and found those, and concluded that for php to
> > work, those must be set also! If you didnt of course set some
> > stuff about
> > your php after install
> >
> > Evren
> >
> > On Thu, 24 Jul 2003, Alex Chen wrote:
> >
> > > The LoadModule directive is already there.
> > >
> > > The AddModuleInfo needs two parameters.
> > > There is no 'AddModule' directive.  I do not see how this
> > > affects the web server.
> > >
> > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED]
> > > > [mailto:[EMAIL PROTECTED] Behalf Of Evren
> > > > Yurtesen
> > > > Sent: Thursday, July 24, 2003 3:12 PM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: RE: dialup_admin
> > > >
> > > >
> > > > I had similar problem.
> > > > You should also have
> > > >
> > > > LoadModule php4_module libexec/apache/libphp4.so
> > > >
> > > > AddModule mod_php4.c
> > > >
> > > > My problem was that these were under a IfDefine SSL clause
> > > > and I have started server without ssl (doh!)
> > > >
> > > > Evren
> > > >
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: dialup_admin

2003-07-25 Thread Evren Yurtesen

look pal, I am using FreeBSD and it can install php automatically and make
it work! So I dont know also waht that does. I have searched in my WORKING
httpd.conf file for php and found those, and concluded that for php to
work, those must be set also! If you didnt of course set some stuff about
your php after install

Evren

On Thu, 24 Jul 2003, Alex Chen wrote:

> The LoadModule directive is already there.
>
> The AddModuleInfo needs two parameters.
> There is no 'AddModule' directive.  I do not see how this
> affects the web server.
>
>
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] Behalf Of Evren
> > Yurtesen
> > Sent: Thursday, July 24, 2003 3:12 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: dialup_admin
> >
> >
> > I had similar problem.
> > You should also have
> >
> > LoadModule php4_module libexec/apache/libphp4.so
> >
> > AddModule mod_php4.c
> >
> > My problem was that these were under a IfDefine SSL clause
> > and I have started server without ssl (doh!)
> >
> > Evren
> >
> > On Thu, 24 Jul 2003, Alex Chen wrote:
> >
> > > Barry,
> > >   What kind of MIME type should it be?
> > >
> > > I added the following directive
> > >
> > > AddType application/x-httpd-php .php3
> > >
> > > in /etc/httpd/conf.d/php.conf
> > >
> > > Stop and re-started the httpd.
> > >
> > > The result is still the same, nothing on the left pane, except the
> > > " > > dialup_admin/htdocs.
> > >
> > > Am I starting from the wrong HTML file?
> > >
> > > If configuring the Apache still fails, I may have to go to
> > the extreme by
> > > changing all the reference to php3 and file suffix to php,
> > as suggested by
> > > Truong Manh.
> > >
> > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED]
> > > > [mailto:[EMAIL PROTECTED] Behalf Of
> > > > [EMAIL PROTECTED]
> > > > Sent: Thursday, July 24, 2003 7:36 AM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: Re: dialup_admin
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > > > -Original Message-
> > > > >
> > > > > > I copied the dialup_admin directory to
> > /var/www/html/dialup_admin
> > > > > > Which I type the following URL in the browser, I got an
> > > > dialup_admin
> > > > > > image on the right and some text bearing  > on the left.
> > > > >
> > > > > When I had this problem, it was due to permissions not
> > > > being set correctly
> > > > > on the server, IIRC
> > > > >
> > > > > Andrew
> > > > >
> > > > When you get php code displayed and not parsed, 9/10 times its the
> > > > mime-types that are not setup correctly.
> > > >
> > > >
> > > > -
> > > > List info/subscribe/unsubscribe? See
> > > > http://www.freeradius.org/list/users.html
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: dialup_admin

2003-07-24 Thread Evren Yurtesen

I had similar problem.
You should also have

LoadModule php4_module libexec/apache/libphp4.so

AddModule mod_php4.c

My problem was that these were under a IfDefine SSL clause
and I have started server without ssl (doh!)

Evren

On Thu, 24 Jul 2003, Alex Chen wrote:

> Barry,
>   What kind of MIME type should it be?
>
> I added the following directive
>
> AddType application/x-httpd-php .php3
>
> in /etc/httpd/conf.d/php.conf
>
> Stop and re-started the httpd.
>
> The result is still the same, nothing on the left pane, except the
> " dialup_admin/htdocs.
>
> Am I starting from the wrong HTML file?
>
> If configuring the Apache still fails, I may have to go to the extreme by
> changing all the reference to php3 and file suffix to php, as suggested by
> Truong Manh.
>
>
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] Behalf Of
> > [EMAIL PROTECTED]
> > Sent: Thursday, July 24, 2003 7:36 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: dialup_admin
> >
> >
> >
> >
> >
> > > > -Original Message-
> > >
> > > > I copied the dialup_admin directory to /var/www/html/dialup_admin
> > > > Which I type the following URL in the browser, I got an
> > dialup_admin
> > > > image on the right and some text bearing  > >
> > > When I had this problem, it was due to permissions not
> > being set correctly
> > > on the server, IIRC
> > >
> > > Andrew
> > >
> > When you get php code displayed and not parsed, 9/10 times its the
> > mime-types that are not setup correctly.
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re:(2) some bugs in dialup_admin

2003-07-24 Thread Evren Yurtesen

Sorry to bug the list... I have had serious email problems and I found
this email from archives even...
--

Now the thing about the usernames is;
Actually we dont have spaces in any of our usernames. But you know the
users! they make the most funny mistakes you wouldnt even imagine.
Now for a support person watching the failed logins, if he/she cant see
this user accidentally enters a space in the middle, front or end of the
username. Then it wouldnt be nice.

I just checked my radius log and I have this kind of entries...

Thu Jul 24 09:50:17 2003 : Auth: Login incorrect: 
[%U4d1%K\\GWaSb6Uy\\m_\025vEH+)HC%4LurD%*P2_G[-;:$n([j7S+BZmc#IN(&=%fj0k4b)G%XU4d1%K\\GWaSb6Uy\\m_\025vEH+)HC%4LurD%*P2_G[-;:$n([j7S+BZmc#IN(&=%B`}Z]
 (from client as1 port 57 cli )
Thu Jul 24 10:16:46 2003 : Auth: Login incorrect: [astoto   ] (from client as1 port 
107)
Thu Jul 24 11:57:21 2003 : Auth: Login incorrect: [ENG\335N TEK] (from client as1 port 
4 cli 0XX)
Thu Jul 24 13:51:13 2003 : Auth: Login incorrect: [xy~j~LLL1L|IS_FfqxxxXA] (from 
client as1 port 38)
Thu Jul 24 12:21:06 2003 : Auth: Invalid user: [] (from client 
as1 port 48 cli 02XXX)
Anything is possible! Perhaps its better to get inside square brackets up
to 64 characters?

About the error messages, Isnt it a lot better to log the real message?
For example
Thu Jul 24 11:30:30 2003 : Auth: Multiple logins (max 1) [MPP attempt]: [myuser1] 
(from client as1 port 20119 cli 0)
Thu Jul 24 11:38:08 2003 : Auth: Multiple logins (max 1) : [mmyuser2] (from client as1 
port 20030)

It is more explanatory and perhaps diffferent people would have more
different messages anyway. I dont get the point of inserting "Login
Incorrect" instead of "Login incorrect" ? :)

Plus it is a lot easier to get the error message as it is from the logs

if ( ! /Login OK/ && /: Auth:.+\(from client.+/ ) {
  $cause = (split /:/,$_)[4];
  $cause =~ s/^\s+|\s+$//g;
}

Can get any error message easily...?
I attached the unified diff output of the patch. How could I know that you
want  that? I am a newbie at this after all.

Evren

On Sat, 19 Jul 2003, Evren Yurtesen wrote:

> First of all log_badlogins is getting confused if there is a space in
> username.

OK, although I don't like the idea of spaces inside the usernames I 've
added
support for that.

> Also I thought it is not very efficent to give the error a name
> and record this name to sql. I think its better to record the error
> as it is and then recall it from mysql as it is. Well I attached a patch
> for that to log_badlogins which breaks the failed_logins page which is
> waiting to find the names that log_badlogins put into mysql. But the fix
> for that is below also... The files were from freeradius-0.9.0-pre3
> release so patch apply to dialup_adminn log_badlogins in that release

First of all the patch is not unified. Also I don't quite follow the
reason for
this change.

>
> The other problem is in truncate_radacct... it gives this error. But it
> works when the commands are given line by line
>
> 2003-04-20 18:35:04
> DBD::mysql::db do failed: You have an error in your SQL syntax near
> ';DELETE FROM radacct WHERE AcctStopTime < '2003-04-20 18:35:04';UNLOCK
> TABLES' at line 1 at ./truncate_radacct line 30.

OK I 've made a few changes in the binary files and it should work now.

--- log_badlogins.orig  Fri Jul 18 02:58:53 2003
+++ log_badlogins   Fri Jul 18 03:04:34 2003
@@ -61,46 +61,24 @@
 seek LOG, 0, 2 if ($all_file eq 'no');
 for(;;){
while(){
-   $do=0;  
chomp;
if ($_ ne ''){
$user = $nas = $port = $caller = '-';
-   if (/Login incorrect/){
-   if (/Login incorrect \((.+?)\):/){
-   $cause = "Login-Incorrect ($1)";
-   }else{
-   $cause='Login-Incorrect';
-   }
-   $do=1;
-   }
-   elsif (/Invalid user/){
-   if (/Invalid user \((.+?)\):/){
-   $cause = "Invalid-User ($1)";
-   }else{
-   $cause='Invalid-User';
-   }
-   $do=1;
-   }
-   elsif (/Multiple logins/){
-   $cause='Multiple-Logins';
-   $do=1;
-   }
-   elsif (/(Outside allowed timespan \(.+?\)):/){
-   $cause = "$1";
-   $do=1;
-

Expiring Accounts page

2003-07-24 Thread Evren Yurtesen

Well, I tried to manipulate MySQL to my best.
It is impossible to make date calculation functions inside mysql because
the Expiration Attribute is not stored in date type column.
It is also stupid to get each user to php and manipulate there since that
would be very inefficient. This is what I could do at most.
Please let me know about what you think :)
Evren

Expiring User Accounts





Could not include SQL library functions. Aborting


EOM;
exit();
}

$now = time();
$now_str = ($now_str != '') ? "$now_str" : date("M Y",$now + 86400);
$min_str = ($min_str != '') ? "$min_str" : date("j",$now + 86400);
$max_str = ($max_str != '') ? "$max_str" : date("j",$now + 86400);
$num = 0;
$pagesize = ($pagesize) ? $pagesize : all;
$limit = ($pagesize == 'all') ? '' : "LIMIT $pagesize";
$selected[$pagesize] = 'selected';

echo <<
Expiring User Accounts










EOM;

echo <<






Expiring User Accounts 






For Date:
$min_str - $max $now_str
EOM;
?>




#userdate


= $min_str
ORDER BY substring(Value,1,2)*1 DESC $limit;");
if ($search){
while( $row = @da_sql_fetch_array($search,$config) ){
$num++;
$user = "$row[UserName]";
$date = "$row[Date]";
echo <<
$num
$user
$date

EOM;
}
}
else
echo "Database query failed: " . da_sql_error($link,$config) . 
"\n";
}
else
echo "Could not connect to SQL database\n";
echo <<








the from day matches any login after the 00:00 
that day,
and the to day any login before the 23:59 that 
day.
the default values shown are the next day.



from dayto 
daydatepagesize
 





05
10
15
20
40
80
all


EOM;
?>

some bugs in dialup_admin (fwd)

2003-07-23 Thread Evren Yurtesen

-- Forwarded message --
Date: Sat, 19 Jul 2003 18:41:45 +0300 (WET)
From: Evren Yurtesen <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: some bugs in dialup_admin

First of all log_badlogins is getting confused if there is a space in
username. Also I thought it is not very efficent to give the error a name
and record this name to sql. I think its better to record the error
as it is and then recall it from mysql as it is. Well I attached a patch
for that to log_badlogins which breaks the failed_logins page which is
waiting to find the names that log_badlogins put into mysql. But the fix
for that is below also... The files were from freeradius-0.9.0-pre3
release so patch apply to dialup_admin log_badlogins in that release

The other problem is in truncate_radacct... it gives this error normally.
But it works when the commands are given line by line
Also radius logs users who are online with AcctStoptime -00-00
00:00:00 so it is kind of funny because whatever date you enter to
truncate_radacct it erases all accounting info of all online users too!
Thus the delete query must be exclusive for -00-00 00:00:00

2003-04-20 18:35:04
DBD::mysql::db do failed: You have an error in your SQL syntax near
';DELETE FROM radacct WHERE AcctStopTime < '2003-04-20 18:35:04';UNLOCK
TABLES' at line 1 at ./truncate_radacct line 30.

-- Forwarded message --
Date: Fri, 18 Jul 2003 03:01:59 +0300 (WET)
From: Evren Yurtesen <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: fix to patch log_badlogins.patch :)

Oups I realized that the patch was adding other messages than auth
messages to mysql too :) So I fixed it. This should be bug free :)
and I used context output in diff so its better now...

Evren

On Fri, 18 Jul 2003, Evren Yurtesen wrote:

> Since I changed the log_badlogin script I realized the failed_logins page
> doesnt work :) I thought since the error is dynamically changing now.
> We can look for ServiceType and FramedProtocol if they are NULL
> I am pretty sure at least one wouldnt be NULL if a user logs in, so the
> SQL statement looks like this inside failed_logins page
> 
> $search = @da_sql_query($link,$config,
> "SELECT 
> AcctStopTime,UserName,NASIPAddress,NASPortId,AcctTerminateCause,CallingStationId,ServiceType,FramedProtocol
> FROM $config[sql_accounting_table]
> WHERE AcctStopTime <= '$now_str' AND AcctStopTime >= '$prev_str'
> AND ( ServiceType IS NULL AND
> FramedProtocol IS NULL ) $callerid_str $server_str
> ORDER BY AcctStopTime $order $limit;");
> 
> Also this way, if there are different kind of errors in future, the code
> doesnt need updating...
> 
> Evren
> 
> On Fri, 18 Jul 2003, Evren Yurtesen wrote:
> 
> > Hi,
> > I have realized that if people enter usernames with spaces in
> > (accidentally or not) then the log_badlogins script is getting
> > confused.
> > Example:
> > Thu Jul 17 23:49:03 2003 : Auth: Login incorrect: [Kullanici Adinizi Girin] (from 
> > client as1 port 55 cli 01231234567)
> > Thus I have devised a patch. I dont know if this is the right way to do
> > but I also removed the error detection part and changed it so that it
> > catches anything else than "Login OK"
> > Please just check it out and let me know.
> > 
> > Also I wonder why in sourgeforce the version number is 1.62 and in
> > freeradius it comes 1.63...
> > http://sourceforge.net/projects/dialup-admin/
> > I have installed sourceforge version thinking it would be newer though.
> > 
*** log_badlogins   Sat Apr 19 19:26:10 2003
--- log_bad Fri Jul 18 02:56:51 2003
***
*** 61,106 
  seek LOG, 0, 2 if ($all_file eq 'no');
  for(;;){
while(){
-   $do=0;  
chomp;
if ($_ ne ''){
$user = $nas = $port = $caller = '-';
!   if (/Login incorrect/){
!   if (/Login incorrect \((.+?)\):/){
!   $cause = "Login-Incorrect ($1)";
!   }else{
!   $cause='Login-Incorrect';
!   }
!   $do=1;
!   }
!   elsif (/Invalid user/){
!   if (/Invalid user \((.+?)\):/){
!   $cause = "Invalid-User ($1)";
!   }else{
!   $cause='Invalid-User';
!   }
!   $do=1;
!   }
!

some bugs in dialup_admin

2003-07-19 Thread Evren Yurtesen

First of all log_badlogins is getting confused if there is a space in
username. Also I thought it is not very efficent to give the error a name
and record this name to sql. I think its better to record the error
as it is and then recall it from mysql as it is. Well I attached a patch
for that to log_badlogins which breaks the failed_logins page which is
waiting to find the names that log_badlogins put into mysql. But the fix
for that is below also... The files were from freeradius-0.9.0-pre3
release so patch apply to dialup_adminn log_badlogins in that release

The other problem is in truncate_radacct... it gives this error. But it
works when the commands are given line by line

2003-04-20 18:35:04
DBD::mysql::db do failed: You have an error in your SQL syntax near
';DELETE FROM radacct WHERE AcctStopTime < '2003-04-20 18:35:04';UNLOCK
TABLES' at line 1 at ./truncate_radacct line 30.

-- Forwarded message --
Date: Fri, 18 Jul 2003 03:01:59 +0300 (WET)
From: Evren Yurtesen <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: fix to patch log_badlogins.patch :)

Oups I realized that the patch was adding other messages than auth
messages to mysql too :) So I fixed it. This should be bug free :)
and I used context output in diff so its better now...

Evren

On Fri, 18 Jul 2003, Evren Yurtesen wrote:

> Since I changed the log_badlogin script I realized the failed_logins page
> doesnt work :) I thought since the error is dynamically changing now.
> We can look for ServiceType and FramedProtocol if they are NULL
> I am pretty sure at least one wouldnt be NULL if a user logs in, so the
> SQL statement looks like this inside failed_logins page
> 
> $search = @da_sql_query($link,$config,
> "SELECT 
> AcctStopTime,UserName,NASIPAddress,NASPortId,AcctTerminateCause,CallingStationId,ServiceType,FramedProtocol
> FROM $config[sql_accounting_table]
> WHERE AcctStopTime <= '$now_str' AND AcctStopTime >= '$prev_str'
> AND ( ServiceType IS NULL AND
> FramedProtocol IS NULL ) $callerid_str $server_str
> ORDER BY AcctStopTime $order $limit;");
> 
> Also this way, if there are different kind of errors in future, the code
> doesnt need updating...
> 
> Evren
> 
> On Fri, 18 Jul 2003, Evren Yurtesen wrote:
> 
> > Hi,
> > I have realized that if people enter usernames with spaces in
> > (accidentally or not) then the log_badlogins script is getting
> > confused.
> > Example:
> > Thu Jul 17 23:49:03 2003 : Auth: Login incorrect: [Kullanici Adinizi Girin] (from 
> > client as1 port 55 cli 01231234567)
> > Thus I have devised a patch. I dont know if this is the right way to do
> > but I also removed the error detection part and changed it so that it
> > catches anything else than "Login OK"
> > Please just check it out and let me know.
> > 
> > Also I wonder why in sourgeforce the version number is 1.62 and in
> > freeradius it comes 1.63...
> > http://sourceforge.net/projects/dialup-admin/
> > I have installed sourceforge version thinking it would be newer though.
> > 
*** log_badlogins   Sat Apr 19 19:26:10 2003
--- log_bad Fri Jul 18 02:56:51 2003
***
*** 61,106 
  seek LOG, 0, 2 if ($all_file eq 'no');
  for(;;){
while(){
-   $do=0;  
chomp;
if ($_ ne ''){
$user = $nas = $port = $caller = '-';
!   if (/Login incorrect/){
!   if (/Login incorrect \((.+?)\):/){
!   $cause = "Login-Incorrect ($1)";
!   }else{
!   $cause='Login-Incorrect';
!   }
!   $do=1;
!   }
!   elsif (/Invalid user/){
!   if (/Invalid user \((.+?)\):/){
!   $cause = "Invalid-User ($1)";
!   }else{
!   $cause='Invalid-User';
!   }
!   $do=1;
!   }
!   elsif (/Multiple logins/){
!   $cause='Multiple-Logins';
!   $do=1;
!   }
!   elsif (/(Outside allowed timespan \(.+?\)):/){
!   $cause = "$1";
!   $do=1;
!   }
!   if ($do){
$date = (split / : /,$_)[0];

Tacacs+ to FreeRadius Migration

2003-07-14 Thread Evren Yurtesen

I would like to migrate from Tacacs+ to FreeRadius. I use the default
plain text configuration file of Tacacs+ and I use MySQL in FreeRadius.
Is there any way to at least copy the passwords of users and the expire
dates from Tacacs+ conf file to MySQL?

Evren


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Dialup_admin (...or smth else) not working properly

2003-03-10 Thread Evren Yurtesen

Well if you dont see any error messages then perhaps you might try to set
safe mode off in your php server although it is not safe if you have your
customers accessing the same server for web hosting etc. But little
earlier version of dialup_admin had this problem. But the one with 0.81
must have the fixed one though. Did you set the conf files etc. of dialup
admin?

Evren

On Mon, 10 Mar 2003, Redi Tela wrote:

> Hello,
> 
> I just installed freeradius 0.81 with mysql on a Redhat 7.1 machine.
> Everything seems to be working properly except for the web interface.
> Dialup_admin doesn't interact properly with freeradius and mysql, ex.
> When I try to add a new group, it doesn't show anything, or when I try
> to add a new user, it doesn't add anything to the mysql database. In the
> archive I read somewhere to use the latest CVS, but when I click that
> link on the freeradius.org, it shows an error.
> 
> Any help will be much appreciated,
> 
> Best Regards,
> 
> Redi 
> 
> Redi Tela
> Systems Administrator
> Mail [EMAIL PROTECTED]
> Phone: +355-4-256-001
> Fax: +355-4-256-002
> Mob: +355-69-20-80-710
> 
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: access ok with FreeRadius router but not with cisco router.

2003-03-06 Thread Evren Yurtesen

run radius with -sxxx and perhaps you can figure out whats wrong then.

On Thu, 6 Mar 2003, Rafa Marín López wrote:

> Hello all
> 
> I have installed FreeRadius 0.8.1 and I have a CISCO 3600 and a FreeBSD 
> 4.7 client.
> 
> When client starts up a PPPoE connection to router , this one sends 
> authentication information to FreeRadius server whose ouput is :
> 
> 
> Sending Access-Accept of id 18 to 155.54.95.1:1645
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Cisco-AVPair = "ipv6:prefix#1=2001:800:40:2c72::/64 autconfig"
> 
> I understand FreeRadius is able to athenticate the user. However, CISCO 
> router output is :
> 
> 
> Vi1 PPP: Authorization required
> 15:50:27: Vi1 PPP: Treating connection as a dedicated line
> 15:50:28: Vi1 PAP: I AUTH-REQ id 1 len 15 from "rafa"
> 15:50:28: Vi1 PAP: Authenticating peer rafa
> 15:50:28: Vi1 PPP: Sent PAP LOGIN Request to AAA
> 15:50:28: Vi1 PPP: Received LOGIN Response from AAA = FAIL
> 15:50:28: Vi1 PAP: O AUTH-NAK id 1 len 27 msg is "Authentication failure"
> 
> :(
> 
> could somebody help me?
> 
> Thank you very much.
> 
> -- 
> --
> Rafael Marin Lopez
> Faculty of Computer Science-University of Murcia
> 30071 Murcia - Spain
> Telf: +34968364644e-mail: [EMAIL PROTECTED]
> --
> 
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

(just ignore)Re: dialupadmin bug?

2003-03-06 Thread Evren Yurtesen

sorry, I think its my fault :)
but it could be nice to be able to set a default for dialupadmin for the
op fields of each pair

On Thu, 6 Mar 2003, Evren Yurtesen wrote:

> Dialupadmin puts = operator for expiration by default.
> freeradius complains
> Invalid operator for item Expiration: reverting to '=='
> 
> Is this a bug or I miss something?
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

dialupadmin bug?

2003-03-06 Thread Evren Yurtesen

Dialupadmin puts = operator for expiration by default.
freeradius complains
Invalid operator for item Expiration: reverting to '=='

Is this a bug or I miss something?


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: User freezing!!!

2003-03-03 Thread Evren Yurtesen

AFAIK the 'other' type doesnt make any checks on the NAS if a user logged
on or not. Radius then relies on the accounting packets received from the
NAS. If you know little perl then you can perhaps make an addition to
radcheck script. 

Evren

On Mon, 3 Mar 2003, Eric wrote:

> I use chinese nas hardware by Huawei (QuidwayA8010 refiner).
> Maybe somebody knows with what type of nas (in radius) it compartible?
> Now I'm use "other" type. But I have staled session with it.
> Thanks.
> 
> 
> On Saturday 01 March 2003 18:17, Kostas Kalevras wrote:
> > On Thu, 27 Feb 2003, Eric wrote:
> > > Hi, all
> > >
> > > I use freeradius with MySQL & I have problem with user freezing.
> > > I'm turn off any accounting & logging except MySQL (such as radutmp,
> > > radwtmp). My radius server works pretty well except one thing:
> > > When my users is disconnects unexpectedly (telephone line rapture & etc.)
> > > in the database his still online (AcctStopTime is still -00-00
> > > 00:00:00) & as effect his can't reconnect (radius tells him such login
> > > already exists). To solve it I'm every day check radacct table for
> > > redundancy
> > > AcctStopTime=-00-00 00:00:00 & delete all this records. I do this
> > > manualy every day. My users thinks that somebody steals his password.
> > >
> > > Question: How can I check for existance of incorrect entries & delete it
> > > automatically or at all debar from appearance of it?
> >
> > The fact that you get stale sessions in your database means that your NAS
> > does not work that well. It should always send accounting-stops. Also you
> > should setup the nas type in clients.conf so that freeradius can first ask
> > the nas about if the user is logged in before rejecting him. If you do this
> > then if the NAS reports back that the user is not logged in and we have a
> > stale entry in the database then we zap that entry.
> >
> > > Thanks in advance.
> > >
> > > Regards, Eric.
> > >
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Crazy Log File Entry

2003-03-01 Thread Evren Yurtesen

Well I think it is unlikely that only the password will be sent wrong.
There is usually so little time between username and password transfers.
If the connection has some problems that would effect the username too.

To my knowledge usually this kind of trouble happens when the modem change
the DTE speed after connection and the terminal can not adapt. :) But then
it shouldnt work the second time user tries. Weird :)

Evren

On Sat, 1 Mar 2003, tarvid wrote:

> I've seen dozens of these although not usually that long.
> 
> Two from this morning.
> 
> Sat Mar  1 07:56:38 2003: Auth: Login incorrect: [xxx/ñKÏ8?Z4?? ?Ôò6?t] 
> (from nas diana/S22)
> Sat Mar  1 07:57:26 2003: Auth: Login incorrect: [xxx/§ì`¡×]$Bô¾±ÕÍïJ] 
> (from nas diana/S23)
> 
> Mine are always in the password, yours are in the username.
> 
> If they persist mine usually go away with a modem replacement at the user end. 
> Cheap Lucent chipsets work best for us.
> 
> Jim Tarvid
> 
> On Saturday 01 March 2003 12:46 am, [EMAIL PROTECTED] wrote:
> > Has anybody on the list seen dialup log files that look like this:
> >
> > Fri Feb 28 23:49:18 2003 : Auth: Login incorrect: [EMAIL PROTECTED]"} }7}"}&} }*} }
> > }%}&} 4!}'}"}(}"}-}#}&[EMAIL PROTECTED] }7}"}&} }*} } }%}&}
> > 4!}'}"}(}"}-}#}&[EMAIL PROTECTED] }7}"}&} }*} } }%}&}
> > 4!}'}"}(}"}-}#}&[EMAIL PROTECTED] }4}"}&} }*} } }%}&} 4!}'}"}(}"q}&[EMAIL 
> > PROTECTED]&}
> > }4}"}&} }*} } }%}&} 4!}'}"}(}";;[EMAIL PROTECTED]'} }$d}1~A/] (from client as5200
> > port 40)
> > The user called support notified us, and logged in ok the second time.
> > The problem is random but we are starting to see more logs just like the
> > one above.
> > Does anybody have any ideas of what it could be?
> >
> >
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Dialup admin

2003-03-01 Thread Evren Yurtesen

do you have any other .php3 files working? maybe you should set in your
apache conf file that not only .php files should be treated as php files
but also .php3 fiels

On Sat, 1 Mar 2003, Eric wrote:

> Hello,
> I have such problem with Dialup admin:
> When i run it in my browser the left frame (buttons) is stay unloaded & showa 
> the content of buttons.html.php3 file.
> I use php-4.3.0 & apache 1.3.27 & all off my other php-applications works 
> perfectly except Dialup admin :(
> Have somebody any ideas about it?
> Thanks in advance!!!
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius with mysql

2003-02-19 Thread Evren Yurtesen

One thing is that it should be
Simultaneous-Use and not Simultaneus-Use
Can this be the problem?

On Wed, 19 Feb 2003, Apostolis Ayianoglou wrote:

> I use freeradius 0.8.1 with Suse 8 and mysql to authenticate users
> Try to authenticate and everything is work fine but,
> when I put option Simultaneus-Use in radcheck or in radgroupcheck table the
> authntication is not working with message Pair is not match.
> 
> DISCLAIMER: The information in this message is confidential and may be
> legally privileged. It is intended solely for the addressee.  Access to this
> message by anyone else is unauthorised.  If you are not the intended
> recipient, any disclosure, copying, or distribution of the message, or any
> action or omission taken by you in reliance on it, is prohibited and may be
> unlawful.  Please immediately contact the sender if you have received this
> message in error. Thank you.
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius-Users digest, Vol 1 #1540 - 1 msg

2003-02-16 Thread Evren Yurtesen

I think you can read the section 1
http://www.freeradius.org/faq/

On Sun, 16 Feb 2003, Marat wrote:

> Hello colleagues,
> 
> I want RADIUS server,
> How can I implement it, what software and harware have I to use 
> Any help will be appreciated
> Thanks
> 
> Marat
> 
> --
> 
> 
> --
> > ïÔ: [EMAIL PROTECTED]
> > ëÏÍÕ: [EMAIL PROTECTED]
> > ôÅÍÁ: Freeradius-Users digest, Vol 1 #1540 - 1 msg
> > äÁÔÁ: 16 ÆÅ×ÒÁÌÑ 2003 Ç. 9:25
> > 
> > Send Freeradius-Users mailing list submissions to
> > [EMAIL PROTECTED]
> > 
> > To subscribe or unsubscribe via the World Wide Web, visit
> > http://lists.cistron.nl/mailman/listinfo/freeradius-users
> > or, via email, send a message with subject or body 'help' to
> > [EMAIL PROTECTED]
> > 
> > You can reach the person managing the list at
> > [EMAIL PROTECTED]
> > 
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of Freeradius-Users digest..."
> > 
> > 
> > Today's Topics:
> > 
> >1. Re: how to start simple accounting (Ramprasad A Padmanabhan)
> > 
> > --__--__--
> > 
> > Message: 1
> > Date: Sat, 15 Feb 2003 11:32:13 +0530
> > From: Ramprasad A Padmanabhan <[EMAIL PROTECTED]>
> > Organization: Netcore Solns
> > To: [EMAIL PROTECTED]
> > Subject: Re: how to start simple accounting
> > Reply-To: [EMAIL PROTECTED]
> > 
> > Tim D. McCracken wrote:
> > > Are your NAS's sending the accounting packets?  Have you run it in
> debug 
> > > mode to see what is happening to them?
> > > 
> > > -Original Message-
> > > *From:* [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED]]*On Behalf Of
> > > *Ramprasad A Padmanabhan
> > > *Sent:* Friday, February 14, 2003 3:57 AM
> > > *To:* [EMAIL PROTECTED]
> > > *Subject:* how to start simple accounting
> > > 
> > > Hello all,
> > > I dont know why i am not able to find it any of the docs or
> > > mailing lists , I have installed freeradius 0.8 and am able to use
> > > authentication with  system and LDAP.
> > > 
> > >What I am not able to figure out is how to start the accounting,
> > > even radwho radlast  etc return just empty results. The files
> > > radutmp radwtmp and sradutmp are all 0 bytes
> > 
> > Well sir , I am a total beginner . I havent written any NAS script that 
> > will produce any accounting packets. I assume that there will be a 
> > default script that logs in plain text files.
> > 
> >Till now I have just compiled freeradius and made it use my LDAP 
> > server for authentication by enabling ldap in radiusd.conf and putting 
> > Default auth-type in users file
> > 
> >Do I have to do anyting more for getting the accounting on
> > 
> > Thanks for your patience
> > Ram
> > 
> > 
> > 
> > 
> > NETCORE SOLUTIONS *** Ph: +91 22 5662 8000 Fax: +91 22 5662 8134
> > 
> > MailServ: Email, IM, Proxy, Firewall, Anti-Virus, LDAP
> > Fleximail: Mail Storage, Management and Relaying 
> > http://www.netcore.co.in
> > 
> > Emergic Freedom: Linux-based Thin Client-Thick Server Computing
> > http://www.emergic.com
> > 
> > BlogStreet: Top Blogs, Neighborhoods, Search and Utilities
> > http://www.blogstreet.com
> > 
> > Rajesh Jain's Weblog on Technology: http://www.emergic.org
> > 
> > 
> > 
> > 
> > 
> > 
> > --__--__--
> > 
> > - 
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> > 
> > 
> > End of Freeradius-Users Digest
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: -dictionary.livingston-

2003-02-12 Thread Evren Yurtesen

they come with freeradius, see the share directory in the sources.

Evren

On Wed, 12 Feb 2003, Richard A. Bradley wrote:

> oh-oh, I didn't have a dictionary file (really).  I had a debug error 
> that the dictionary file could not be found. Does anyone have a 
> dictionary file laying around that I could use?
> 
> Thanks
> On Wednesday, February 12, 2003, at 09:49 AM, Miquel van Smoorenburg 
> wrote:
> 
> > In article <[EMAIL PROTECTED]>,
> > Richard A. Bradley  <[EMAIL PROTECTED]> wrote:
> >> whew, when I run radtest I now get
> >>
> >> "Unknown attribute User-Name"
> >>
> >> I copied the dictionary.livingston into the proper directory (without
> >> ".livingston")
> >
> > In doing so you overwrote the original dictionary file. 
> > dictionary.livingston
> > isn't a replacement, it is an addition.
> >
> > Restore the original situation, edit the main dictionary file and
> > just $INCLUDE dictionary.livingston
> >
> > Mike.
> > -- 
> > Anyone who is capable of getting themselves made President should
> > on no account be allowed to do the job -- Douglas Adams.
> >
> >
> > -
> > List info/subscribe/unsubscribe? See 
> > http://www.freeradius.org/list/users.html
> >
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Different reply-items depending on Called-Station-ID

2003-02-11 Thread Evren Yurtesen

Well I just check the Called-Station-ID and see if the user has access
rights to that place. Then deny or allow
I just put Called-Station-ID == XXYY etc. to radcheck or radgroupcheck.
Radius doesnt allow user to connect if the NAS sends another ID.
I dont know about sending different reply items but I guess you can make
different groups and if the users are allowed for that group and the
freeradius sends the reply items for that group.

Evren

On Tue, 11 Feb 2003, Jonas wrote:

>Hi,
> I'm currently trying to implement something that's probably been done a million 
>times before, but I haven't found anything about it neither on the Web nor in the 
>mailing list. I've been looking...
> 
> We've got Freeradius running on Linux, connecting to a MySQL server on the same 
>machine. Users can dial in using different numbers, one for each: Modem with Callback 
>(CBCP), Modem without Callback, ISDN with Callback and ISDN without Callback. Based 
>on the number they dial in to (Called-Station-ID), I want to be able to deny or allow 
>them access AND to set different reply-items as well (to set Callback, for instance). 
>Problem is, a user can be permitted to call in to several numbers, e.g. ISDN w/ 
>Callback and ISDN w/o Callback.
> 
> So far I've created different groups for every number, but I don't seem to be able 
>to assign a user to several groups. What I'm trying to achieve is:
> 
> 1. FreeRadius checks the Called-Station-ID and assembles several reply-items 
>depending on that
> 2. It checks the name to see if the user is allowed to use this number
> 3. It assembles several DEFAULT-reply-items, not specific to the Called-Station-ID.
> 
> It'd be perfect if all this could be achieved using the MySQL-Database (to ease 
>remote administration), without resorting to configuration files.
> 
> I'd be grateful for every hint or pointer to some information,
> Jonas
> -- 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: empty password

2003-02-11 Thread Evren Yurtesen

I dont think so. I didnt use regular expressions before so... :)
I think you are right at using =~ I didnt check what it was...

But is your problem really matching any password or is it ok if the
password is empty? You can maybe try to have an empty password.

Also did you try radius -sxxx and what do you see as the problem?

I think if you are using CHAP the regular expressions wouldnt work.
Perhaps only with PAP (and maybe something else but I only am experienced
in PAP and CHAP)

Evren

On Tue, 11 Feb 2003, stambazzi andrea wrote:

> 
> > I think a simple ^.* or .* would match all the characters int he password.
> I have tried this one too ... but nothing ... it failed again
> 
> > I use := operator for the passwords but...
> > Well I do not know if the regulare expressions in freeradius work for
> > passwords. It was just a guess that it might work.
> In "man 5 users" is written :
> 
>  Attribute =~ Expression
> As  a  check  item,  it matches if the request contains an 
> attribute which matches the given regular expression.  
> This operator may
> only be applied to string attributes.
> Not allowed as a reply item.
> 
> is there a mistake?!
> 
> 
> > You should check out the output of radiusd -sxx or -sxxx and see whats
> > going wrong exactly.
> ok i'm ready to try... tell me good luck :-) 
> 
> Stamba
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: empty password

2003-02-11 Thread Evren Yurtesen

I think a simple ^.* or .* would match all the characters int he password.
I use := operator for the passwords but...
Well I do not know if the regulare expressions in freeradius work for
passwords. It was just a guess that it might work.
You should check out the output of radiusd -sxx or -sxxx and see whats
going wrong exactly.

Evren

On Tue, 11 Feb 2003, stambazzi andrea wrote:

> 
> > well I dont know if this would work but you could try regex in password so
> > it might accept any password like * as the password.
> I have enabled regexp in radius.conf with parameters
> 
> regular_expression == yes 
> extended expression = yes
> 
> and after i have put in radchek table a record like the following
> 
> | Username | Attribute | Value| op |
> +--+---+--++
> | stamba   | User-Password | ^[\w\W]$ | =~ |
> 
> 
> but login with user "stamba" failed, have i missed anythig?!
> where was i wrong?!
> 
> 
> thank you 
> 
> By 
> Stamba
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: empty password

2003-02-11 Thread Evren Yurtesen

well I dont know if this would work but you could try regex in password so
it might accept any password like * as the password.


On Tue, 11 Feb 2003, stambazzi andrea wrote:

> Hi
> 
> I have to autenticate my ppp users with free radius without checking password 
> but only the username. I have no idea how to do this because i don't know any 
> settings in configure file or in database table which can enable this mode.
> 
> Anybody can help me?! 
> 
> By Stamba
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

diff question

2003-02-02 Thread Evren Yurtesen

Sorry to ask here but I would like to download the latest version of a
file and diff it then send the result back. But in the case of 
checkrad.pl.in
that is not the same as checkrad, is it so that I should copy the
changes I made to original to this file and then make diff or ?
How should I proceed?

Evren


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Compiling Freeradius v0.8.1 on FreeBSD v3.4

2003-02-01 Thread Evren Yurtesen

Well I think maybe he wanted to write 5.0 and wrote 4.0 instead,
accidentally. :)

On Sat, 1 Feb 2003, Alan DeKok wrote:

> "VPM Support" <[EMAIL PROTECTED]> wrote:
> > But when I run this same configuration on a FreeBSD v4.0
> > system everything compiles just fine.  The problem is the FreeBSD v4.0
> > is not yet in production and won't be for some time to come
> 
>   Huh?  FreeBSD 5.0 was just released.  3.4 is *ancient*, and even
> 4.0 is very old.
> 
>   Upgrade to FreeBSD 4.0, 4.3, or 5.0.  FreeRADIUS wasn't designed to
> run on 10-year old systems.
> 
>   Alan DeKok.
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: MAC Auth. for Orinoco AP-1000 not working (log attached)

2003-01-30 Thread Evren Yurtesen

well it is sending mac address as username,
you should perhaps set the usernames in users file as mac addresses.
what do you have in users file now?

Evren

On Thu, 30 Jan 2003, Shahid M. Bhatti wrote:

> Hi,
> I'm trying to authenticate Wireless Access Point of
> Orinoco/Lucent/Avaya/Agere/Proxim with Free Radius server. I've made the
> user as AP's MAC address in /etc/raddb/users file and conf file, but when
> I start the radius server in debig mode I get the following messages which
> I have attached below. Please have a look at it and help me in figuring
> out what should I do? Thanks a bunch.
> 
> -Shahid
> 
> Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on
> 1814/udp.
> Ready to process requests.
> rad_recv: Access-Request packet from host 128.111.20.96:192, id=1,
> length=59
> NAS-IP-Address = 128.111.20.96
> User-Name = "00022d-677c37"
> User-Password = "testing123"
> modcall: entering group authorize
>   modcall[authorize]: module "preprocess" returns ok
> rlm_chap: Could not find proper Chap-Password attribute in request
>   modcall[authorize]: module "chap" returns noop
>   modcall[authorize]: module "mschap" returns notfound
> rlm_realm: No '@' in User-Name = "00022d-677c37", looking up realm
> NULL
> rlm_realm: No such realm NULL
>   modcall[authorize]: module "suffix" returns noop
> users: Matched DEFAULT at 162
>   modcall[authorize]: module "files" returns ok
> modcall: group authorize returns ok
>   rad_check_password:  Found Auth-Type System
> auth: type "System"
> modcall: entering group authenticate
>   modcall[authenticate]: module "unix" returns notfound
> modcall: group authenticate returns notfound
> auth: Failed to validate the user.
> Delaying request 0 for 1 seconds
> Finished request 0
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> rad_recv: Access-Request packet from host 128.111.20.96:192, id=1,
> length=59
> Sending Access-Reject of id 1 to 128.111.20.96:192
> --- Walking the entire request list ---
> Waking up in 5 seconds...
> --- Walking the entire request list ---
> Cleaning up request 0 ID 1 with timestamp 3e39a2f4
> Nothing to do.  Sleeping until we see a request.
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Trying to do accounting on freeradius+mysql

2003-01-20 Thread Evren Yurtesen

Well if I am not mistaken, you can see in dialupadmin, the daily totals
etc. But again if I am not mistaken there is mysql commands for adding up
the search results. You should either figure out the mysql commands from
the mysql manual or dig into dialup_admin files to find how its doing it,
then you write your own scripts or use the same commands

Perhaps somebody else on the list might have more information but I just
wanted to write a quick reply. =)

Evren

On Tue, 21 Jan 2003, Iq wrote:

> Hi Everyone,
>I have steup freeradius+mysqlfairly easy with the
> following links.
> http://www.ccs.neu.edu/home/peterm/freeradiusbuild.html
> http://www.frontios.com/freeradius.html
> 
> I did connect for a while to my POP as well using mysql at the backend. But
> i don't know how to do accounting. I did setup dialup_admin
> www.dialup.goldenwireless.com.au
> but I am doing something wring their is it is not working properlyl.  I have
> all the values in radacct table but I don't know how to calculate the time a
> customer is on and the data he has utilized.
> "iraja" is the username that get connected to the server rest of the
> usernames are just wrong attempts.
> 
> mysql> select * from radacct;
> 
> | RadAcctId | AcctSessionId | AcctUniqueId | UserName | Realm |
> NASIPAddress | NASPortId | NASPortType | AcctStartTime   | AcctStopTime
> | AcctSessionTime | AcctAuthentic | ConnectInfo_start | ConnectInfo_stop  |
> AcctInputOctets | AcctOutputOctets | CalledStationId | CallingStationId |
> AcctTerminateCause | ServiceType | FramedProtocol | FramedIPAddress |
> AcctStartDelay | AcctStopDelay |
> +---+---+--+--+---+-
> -+---+-+-+-+
> -+---+---+---+--
> ---+--+-+--+
> +-++-+--
> --+---+
> | 1 | 71000344  |  | p.richardson |   |
> 203.14.183.2 |16 | Async   | -00-00 00:00:00 | 2002-11-26
> 22:26:56 |2197 | RADIUS|   | 49333
> LAPM/V42BIS |  434240 |  3449921 | 87966000|
> | User-Request   | Framed-User | PPP| 203.14.183.82   |
> 0 |45 |
> | 2 | 7100034B  |  | iraja|   |
> 203.14.183.2 |12 | Async   | 2002-11-26 22:27:39 | 2002-11-26
> 22:29:08 |  89 | RADIUS| 38666 LAPM/V42BIS | 24000
> LAPM/V42BIS |1399 | 1064 | 87966000|
> | User-Request   | Framed-User | PPP| 203.14.183.68   |
> 0 | 0 |
> | 3 | 7100033F  |  | mbc  |   |
> 203.14.183.2 | 0 | Async   | -00-00 00:00:00 | 2002-11-26
> 22:30:45 |4705 | RADIUS|   | 49333
> LAPM/V42BIS |  179854 |  1081219 | 87966000|
> | User-Request   | Framed-User | PPP| 203.14.183.84   |
> 0 | 0 |
> | 4 | 7100034C  |  | iraja|   |
> 203.14.183.2 |11 | Async   | 2002-11-26 22:30:46 | 2002-11-26
> 22:36:12 | 326 | RADIUS| 52000 LAPM/V42BIS | 52000
> LAPM/V42BIS |  159179 |  1355687 | 87966000|
> | User-Request   | Framed-User | PPP| 203.14.183.87   |
> 0 | 0 |
> | 5 | 71000348  |  | colrado  |   |
> 203.14.183.2 | 6 | Async   | -00-00 00:00:00 | 2002-11-26
> 22:31:29 | 847 | RADIUS|   | 52000
> LAPM/V42BIS |   30517 |   245308 | 87966000|
> | User-Request   | Framed-User | PPP| 203.14.183.75   |
> 0 | 0 |
> | 6 | 71000341  |  | arma |   |
> 203.14.183.2 |14 | Async   | -00-00 00:00:00 | 2002-11-26
> 22:33:25 |3580 | RADIUS|   | 26400
> LAPM/V42BIS |  617265 |  4066119 | 87966000|
> | User-Request   | Framed-User | PPP| 203.14.183.79   |
> 0 | 0 |
> | 7 | 71000345  |  | hjbems   |   |
> 203.14.183.2 | 5 | Async   | -00-00 00:00:00 | 2002-11-26
> 22:33:37 |1988 | RADIUS|   | 4
> LAPM/V42BIS |  517318 |  6394135 | 87966000|
> | User-Request   | Framed-User | PPP| 203.14.183.94   |
> 0 | 0 |
> +---+---+--+--+---+-
> -+---+-+-+-+
> -+---+---+-

Re: Problem with 1,000,000 users

2003-01-20 Thread Evren Yurtesen

Well did you check the system messages right before the process is
killed? If you ran out of memory and swap, definetely there should be
something coming.

Or like this other email on the list, you might have hit to some ulimit
limits.

Evren

On Mon, 20 Jan 2003, leaobicalho wrote:

> Yes, the freeradius load for memory, but i think that 
> problem is not memory, because, im have 256RAM, 
> AtholonXP 1.5XP, and the size of file are only 50MB. 
> 
> > are you running out of memory? did you check?
> > a guess would be that freeradius is trying to load the 
> file into memory.
> > 
> > On Mon, 20 Jan 2003, leaobicalho wrote:
> > 
> > > Why when use  1,000,000 of users, with users file, sh
> ow 
> > > this message??? if i use 100,000 no have problem, but
>  
> > > when i use many always have problem...why? my struct 
> of 
> > > uses files:
> > > login1  auth-type=accept
> > > login2  auth-type=accept
> > > login3  auth-type=accept
> > > login4  auth-type=accept
> > > 
> > > root@lala> radiusd -x
> > > Load
> > > Loading fastusers
> > >  Usesfile...
> > > Killed
> > > root@lala>
> > > 
> > >  
> > > _
> _
> > > E-mail Premium BOL
> > > Antivírus, anti-
> spam e até 100 MB de espaço. Assine já!
> > > http://email.bol.com.br/
> > > 
> > > 
> > > 
> > > - 
> > > List info/subscribe/unsubscribe? See http://www.freer
> adius.org/list/users.html
> > > 
> > 
> > 
> > - 
> > List info/subscribe/unsubscribe? See http://www.freerad
> ius.org/list/users.html
> > 
> 
> ___
> Animation Design®
> www.animationdesign.com.br
> 
>  
> __
> E-mail Premium BOL
> Antivírus, anti-spam e até 100 MB de espaço. Assine já!
> http://email.bol.com.br/
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problem with 1,000,000 users

2003-01-20 Thread Evren Yurtesen

are you running out of memory? did you check?
a guess would be that freeradius is trying to load the file into memory.

On Mon, 20 Jan 2003, leaobicalho wrote:

> Why when use  1,000,000 of users, with users file, show 
> this message??? if i use 100,000 no have problem, but 
> when i use many always have problem...why? my struct of 
> uses files:
> login1  auth-type=accept
> login2  auth-type=accept
> login3  auth-type=accept
> login4  auth-type=accept
> 
> root@lala> radiusd -x
> Load
> Loading fastusers
>  Usesfile...
> Killed
> root@lala>
> 
>  
> __
> E-mail Premium BOL
> Antivírus, anti-spam e até 100 MB de espaço. Assine já!
> http://email.bol.com.br/
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: DHCP & Freeradius

2003-01-14 Thread Evren Yurtesen

yes but isnt freeradius supporting ip pools as an experimental feature
nowadays?

Evren

On 14 Jan 2003, Mike Varley wrote:

> I looked into this solution (using DHCP as the ip address manager for
> RADIUS clients) but in the end hooking in the dhcpclient code to work
> with freeradius seemed like a lot of work, and an incomplete solution
> (for our specific needs). So we ended up just writing our own IP address
> management stuff; it was pretty straightforward.
> 
> I am using Linux, I dunno what platform you are developing on.
> 
> 
> MV
> 
> On Tue, 2003-01-14 at 08:11, [EMAIL PROTECTED] wrote:
> > Hi everyone,
> > 
> > My problem concern how to assign the IP address to a client after the radius 
>server (Freeradius) performed md5 authentication. Maybe it's necessary to install a 
>DHCP server too? If yes which is the right way to configure Freeradius to interact 
>with DHCP server ?
> > 
> > Thanks very much
> > 
> > 
> > - 
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> -- 
> ~~~
> Mike Varley -= SOMA Networks =-
> Tel: 416.977.1414   x1578
> email: [EMAIL PROTECTED]
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Making Radiusd a service

2003-01-13 Thread Evren Yurtesen

Well it depends on your operating system if your system has the manual
page for rc then look for it
man rc 
would do =)
For example in FreeBSD you put an .sh script into /usr/local/etc/rc.d
and at startup and shutdown it would be executed with "start" and "stop"
arguments automatically

On Tue, 14 Jan 2003, Mike Paneth wrote:

> I have got FreeRadius working as a program.
> 
> Can anyone please help me get it now to start at boot time automatically.
> 
> Mike Paneth
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: cisco av-pairs rear their ugly heads

2003-01-10 Thread Evren Yurtesen

you can search only inside abc.com domain in google, if you give the right
parameters

On Fri, 10 Jan 2003, Frank Cusack wrote:

> On Fri, Jan 10, 2003 at 10:24:43AM -0600, Chris Parker wrote:
> > At 10:04 AM 1/10/2003 -0500, Alan DeKok wrote:
> > If I need to search for cisco info, I use the following:
> > 
> > http://cisco.google.com/cisco
> > 
> > It is a google index of *just* cisco's site.  :)  Far better than
> > trying to search from www.cisco.com.
> 
> Cisco uses Google for their search.  Perhaps they weight results differently
> on their own site.
> 
> /fc
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius - dialupadmin - op field

2003-01-08 Thread Evren Yurtesen

What do you think is appropriate for Expiration then?
Just wondered...

On Wed, 8 Jan 2003, Kostas Kalevras wrote:

> On Wed, 8 Jan 2003, Evren Yurtesen wrote:
> 
> > I wonder why the dialupadmin sets the op field := in passwords even though
> > it should be ==
> >
> > Or I am the one who knows wrong?
> 
> It sets the password to be used by PAP/CHAP/whatever. Since it is setting
> instead of testing I think the := operator is more appropriate.
> 
> >
> > Evren
> >
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >
> 
> --
> Kostas Kalevras   Network Operations Center
> [EMAIL PROTECTED]National Technical University of Athens, Greece
> Work Phone:   +30 210 7721861
> 'Go back to the shadow'   Gandalf
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

freeradius - dialupadmin - op field

2003-01-08 Thread Evren Yurtesen

I wonder why the dialupadmin sets the op field := in passwords even though
it should be == 

Or I am the one who knows wrong?

Evren


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: AS5300, selecting IP pool

2003-01-07 Thread Evren Yurtesen

You just cant get radius send the required attribute or it sends the
attribute but the as5300 somehow doesnt care?

Here is a good example(although this is not actually freeradius)
http://lists.cistron.nl/pipermail/cistron-radius/2001-July/001555.html

Evren

On Wed, 8 Jan 2003, Nader Skaros wrote:

> 
> Hi Guys,
> 
> Im a bit of a newbie when it comes to access servers, but we have got a cisco as5300 
>for our dialup customers and also our admin. We would like two different ip-address 
>pools, and securing users access using ACL's.
> 
> Would anyone be able to give me a quick rundown on how to do this? I have tried many 
>different ways of doing this and in each case I just cant get free radius to send the 
>Cisco-AVPair attribute over. the nas keeps giving ip's from the default pool
> 
> Thanx in advance
> =)
> 
> 
> MyVoice http://www.myvoiceonline.net
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Dialup-Admin

2003-01-06 Thread Evren Yurtesen

About the questions, I put SSL server so I am using dialup_admin with ssl
and you can use any kind of security the apache or your web server 
software supports for accessing the pages. I put a simple
username/password which was enough for me.

Evren

On Mon, 6 Jan 2003, Evren Yurtesen wrote:

> no, he is on the right list I think, freeradius version is 0.81 but
> dialupadmin version is about 1.61 if I am not mistaken?
> 
> On Mon, 6 Jan 2003, Tim D. McCracken wrote:
> 
> > Obviously you are not using FreeRadius, so you are on the wrong list.
> > FreeRadius is currently on version .8
> >   -Original Message-
> >   From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Mike Paneth
> >   Sent: Monday, January 06, 2003 12:06 AM
> >   To: [EMAIL PROTECTED]
> >   Subject: Dialup-Admin
> > 
> > 
> >   I have just started to use version 1.61 and I have the following
> > questions.
> > 
> >   When I select "Statistics" (and select "sessions", "uploads" and
> > "downloads", the results are all zero, even though the radacct table has
> > entries.
> > 
> >   When I select a user, how do I change the "allowed session" time?  My
> > users are volume based not time based.
> > 
> >   Also the account status is all zeros.
> > 
> >   Is it possible to convert the html to shtml so I can pass this securely
> > over the network?
> > 
> >   Is it possible to have login security, so only valid users can access
> > these pages?
> > 
> >   Sorry, but I am not a programmer and don't fully understand these issues,
> > or how to solve them.
> > 
> >   Mike Paneth
> >   Melbourne Australia
> > 
> > 
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Dialup-Admin

2003-01-06 Thread Evren Yurtesen

no, he is on the right list I think, freeradius version is 0.81 but
dialupadmin version is about 1.61 if I am not mistaken?

On Mon, 6 Jan 2003, Tim D. McCracken wrote:

> Obviously you are not using FreeRadius, so you are on the wrong list.
> FreeRadius is currently on version .8
>   -Original Message-
>   From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Mike Paneth
>   Sent: Monday, January 06, 2003 12:06 AM
>   To: [EMAIL PROTECTED]
>   Subject: Dialup-Admin
> 
> 
>   I have just started to use version 1.61 and I have the following
> questions.
> 
>   When I select "Statistics" (and select "sessions", "uploads" and
> "downloads", the results are all zero, even though the radacct table has
> entries.
> 
>   When I select a user, how do I change the "allowed session" time?  My
> users are volume based not time based.
> 
>   Also the account status is all zeros.
> 
>   Is it possible to convert the html to shtml so I can pass this securely
> over the network?
> 
>   Is it possible to have login security, so only valid users can access
> these pages?
> 
>   Sorry, but I am not a programmer and don't fully understand these issues,
> or how to solve them.
> 
>   Mike Paneth
>   Melbourne Australia
> 
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Hmmmm, is it working

2003-01-03 Thread Evren Yurtesen

Well I am not sure, I searched little on the mailing lists and made some
trying...
I have something like this in my conf file and it works perfectly.
You can run radius with -sxx and see the debugging info if it is even
trying to connect to database or not

#  Authorization. First preprocess (hints and huntgroups files),
#  then realms, and finally look in the "users" file.
#
#  The order of the realm modules will determine the order that
#  we try to find a matching realm.
#
#  Make *sure* that 'preprocess' comes before any realm if you 
#  need to setup hints for the remote radius server
authorize {
#
#  The preprocess module takes care of sanitizing some bizarre
#  attributes in the request, and turning them into attributes
#  which are more standard.
#
#  It takes care of processing the 'raddb/hints' and the
#  'raddb/huntgroups' files.
#
#  It also adds a Client-IP-Address attribute to the request.
#   preprocess

#
#  The chap module will set 'Auth-Type := CHAP' if we are
#  handling a CHAP request and Auth-Type has not already been set
chap

#
#  If the users are logging in with an MS-CHAP-Challenge
#  attribute for authentication, the mschap module will find
#  the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'
#  to the request, which will cause the server to then use
#  the mschap module for authentication.
#   mschap

#   counter
#   attr_filter
#   eap
#   suffix
#   files
sql
#   etc_smbpasswd

# The ldap module will set Auth-Type to LDAP if it has not already been
set
#   ldap
}

# Authentication.
#
#  This section lists which modules are available for authentication.
#  Note that it does NOT mean 'try each module in order'.  It means
#  that you have to have a module from the 'authorize' section add
#  a configuration attribute 'Auth-Type := FOO'.  That authentication type
#  is then used to pick the apropriate module from the list below.
#
#  The default Auth-Type is Local.  That is, whatever is not included
inside
# an authtype section will be called only if Auth-Type is set to Local.
#
# So you should do the following:
# - Set Auth-Type to an appropriate value in the authorize modules above.
#   For example, the chap module will set Auth-Type to CHAP, ldap to LDAP,
etc.
# - After that create corresponding authtype sections in the
#   authenticate section below and call the appropriate modules.
authenticate {
#
#  PAP authentication, when a back-end database listed
#  in the 'authorize' section supplies a password.  The
#  password can be clear-text, or encrypted.
#   authtype PAP {
#   pap
#   }

#
#  Most people want CHAP authentication
#  A back-end database listed in the 'authorize' section
#  MUST supply a CLEAR TEXT password.  Encrypted passwords
#  won't work.
authtype CHAP {
chap
}

#
#  MSCHAP authentication.
#   authtype MS-CHAP {
#   mschap
#   }

#   pam

#
#  See 'man getpwent' for information on how the 'unix'
#  module checks the users password.  Note that packets
#  containing CHAP-Password attributes CANNOT be authenticated
#  against /etc/passwd!  See the FAQ for details.
#  
#   unix

# Uncomment it if you want to use ldap for authentication
#   authtype LDAP {
#   ldap
#   }

#   eap
}

#  Pre-accounting. Look for proxy realm in order of realms, then 
#  acct_users file, then preprocess (hints file).
preacct {
#   preprocess
#   suffix
#   files
}

#  Accounting. Log to detail file, and to the radwtmp file, and maintain
#  radutmp.
accounting {
#   acct_unique
#   detail
#   counter
#   unix# wtmp file
#   radutmp
#   sradutmp
sql
}

#  Session database, used for checking Simultaneous-Use. Either the
radutmp 
#  or rlm_sql module can handle this.
#  The rlm_sql module is *much* faster
session {
#   radutmp
sql
}

#  Post-Authentication
#  Once we KNOW that the user has been authenticated, there are
#  additional steps we can take.
post-auth {
  #  Get an address from the IP Pool.
  #main_pool
}

On Fri, 3 Jan 2003, Robert Canary wrote:

> Where is the documentation that explains this.  I can't seem to find it.
> 
> Evren Yurtesen wrote:
> > 
> > you should have sql in authorize section
> > 
> > authrorize {
> > 
> >   chap
> >   sql
> > 
> > }
> > 
> > and chap or pap or whatever else you use
> > 
> > On

Re: Hmmmm, is it working

2003-01-03 Thread Evren Yurtesen

you should have sql in authorize section

authrorize {

  chap
  sql

}

and chap or pap or whatever else you use

On Fri, 3 Jan 2003, Robert Canary wrote:

> I am a new user to freeradius, and the mailing-list.
> 
> Greetings everyone
> 
> I have compiled and installed the latest version of freeradius on an
> updates RH7.1 box.  MYSql was already installed since I use it allot.
> 
> If i do a radtest and watch the MySql logs it never shows the radius
> ever trying to talk to the MySql.  I include the module name in the
> radiusd.conf file as instructed.  The databse is there, as well as the
> tables and everything (via the MySql Schema).  But even if that was the
> problem then MySql would simply log an error about a bad request being
> made.  But I see nothing.
> 
> I can't seem to find anything tell me what to do with it, I pick through
> makefiles to findout what was what and figured out the db structure, by
> I guess it isn't using it.
> 
> H, wait a minuteisn't there something in the user.txt file that
> should point it over to the sql
> 
> --
> robert canary
> system services
> OhioCounty.Net
> [EMAIL PROTECTED]
> (270)298-9331 Office
> (270)298-7449 Fax
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Framed route problem on ppp users

2003-01-02 Thread Evren Yurtesen

shouldnt you use += instead of = ?

   Attribute += Value
Always  matches as a check item, and adds the current
attribute with value to  the  list  of  configuration
items.
As a reply item, it has an identical meaning, but the
attribute is added to the reply items.

Evren

On Thu, 2 Jan 2003, Marios Soteriou wrote:

> Hi,
> i have a freeradius 0.8 and cisco AS 5300 and i have a problem with ppp 
> users. When i want to have more than one Framed-route  it only only works 
> the first framed route.
> 
> For example
> 
> testuser  Password == "testpass"
>   Framed-IP-Address = 192.168.5.1 ,
>   Framed-Route = "192.168.5.32/28 0.0.0.0 ",
>   Framed-Route = "192.168.5.48/29 0.0.0.0 ",
>   Service-Type = Framed-User,
>   Framed-Protocol = PPP,
> 
> I used to have tacacs+ for authentication and it worked fine.
> Can anyone please tell me if there is something i can do to make this work
> 
> Regards
> marsot
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Cisco AS

2003-01-02 Thread Evren Yurtesen

Yeah, I wonder how do you know that your access server is dropping the
connections and its not related to your telco. I think cisco would have
made a few tests on this equipment before putting it to market. Do you
think they just made this product and put for sale without testing?

The modem boards on cisco access servers have onboard hardware DSP's and I
don't see any reason why high load would make your users drop out. Since
the modems are independent from the system itself. But of course slow data
transfer is possible if the cisco access server is busy, for example if
you enable compression on ISDN lines and 60 ISDN people are connected.
Then its not good for the CPU unless you have an compression hardware
onboard.

By the way I have an AS5300 also and I never had any problem so far.

Evren

By the way

On Wed, 1 Jan 2003, Gene Parks wrote:

> We run Cisco AS5300's here and have never had a problem.
>  
> Gene Parks
> VIP Direct
> Atlanta
> 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Disconnecting a user

2002-12-30 Thread Evren Yurtesen

Well I think there is no way to logout the user without logging in if
there is no SNMP command in the other router which provides this. So
you can disconnect users with SNMP without logging in, which means you
should have write access to SNMP variables in the other router, the router
owner should give you this access. You should check the router MIBs
perhaps. Otherwise it would be little stupid if you could log out users so
easily without any authentication I guess =)

Evren

On Wed, 30 Oct 2002, Troy Davis wrote:

> Has mentioned in my email, the nas is not mine, so I can not log into it.
> Else it would be an easy fix
> I will do a search for radkill
> Thanks
> 
> - Original Message -----
> From: "Evren Yurtesen" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, December 30, 2002 10:01 PM
> Subject: Re: Disconnecting a user
> 
> 
> > Well you can write a small script which logs in to your NAS and sends the
> > command to disconnect your user. Or there was this program called radkill
> > you should check from google perhaps.
> >
> > Also maybe there are better ways to do this, maybe somebody in the list
> > can suggest a better way.
> >
> > Evren
> >
> > On Wed, 30 Oct 2002, Troy Davis wrote:
> >
> > > Ok here a funny request, which I already say is not possible.
> > > But, if I know the nas ip address and port number my user is one can I
> sent
> > > a command to the nas to disconnect the user?
> > > I don't have direct access to the nas, as I am a virtual ISP
> > > If so what would this command be, I would like to set-up a bot to dump
> users
> > > when my lines start to full up..
> > >
> > > Thanks Troy
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> > >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Disconnecting a user

2002-12-30 Thread Evren Yurtesen

Well you can write a small script which logs in to your NAS and sends the
command to disconnect your user. Or there was this program called radkill
you should check from google perhaps.

Also maybe there are better ways to do this, maybe somebody in the list
can suggest a better way.

Evren

On Wed, 30 Oct 2002, Troy Davis wrote:

> Ok here a funny request, which I already say is not possible.
> But, if I know the nas ip address and port number my user is one can I sent
> a command to the nas to disconnect the user?
> I don't have direct access to the nas, as I am a virtual ISP
> If so what would this command be, I would like to set-up a bot to dump users
> when my lines start to full up..
> 
> Thanks Troy
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Can Run on Multi IP and Port?

2002-12-30 Thread Evren Yurtesen

I think it listens to all IPs so that shouldnt be a problem, you should
perhaps run 2 radiusd processes with different ports only. You can set
this in conf file if I remember right?

On Mon, 30 Dec 2002, whc wrote:

> Can FreeRadius run on a server for listenning two different IP and Port?
> How would I configure it?

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: ???

2002-12-24 Thread Evren Yurtesen

Well I am sure you can get any assistance if you open your wallet enough =)
Perhaps there would be many volunteers here to provide commercial support!
Bad for your company if you cant compile a program and you have to buy it
because of that but well some people just have lots of money to spend =)
You never know...

Evren

On Tue, 24 Dec 2002, Drew Weaver wrote:

> If you haven't the time to RTFM then i doubt you're going to get a whole lot
> of assistance from the community.
>  
> Its very very easy to compile and install freeradius from source (as well as
> almost any other package)
>  
> Thanks,
> -Drew
>  
> 
> -Original Message-
> From: Brian Johnson [mailto:[EMAIL PROTECTED]] 
> Sent: Tuesday, December 24, 2002 9:30 AM
> To: [EMAIL PROTECTED]
> Subject: RE: ???
> 
> 
> Anyone have a RP? for freeRadius 0.8 (RedHat 7.2 i386)?
>  
> If not anyone want to make one for me as I'm a newbie to such things and
> haven't the time?  :)
>  
> Brian J.
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On Behalf Of Murat Hakan
> Sent: Monday, December 23, 2002 3:02 PM
> To: [EMAIL PROTECTED]
> Subject: ???
> 
> 
> 
> Hello all,
> 
> Sorry for the subject since I could not find a subject for my problem.
> 
> First, thanks for building such a flexible RADIUS server.
> 
> I am trying to authenticate the Wireless Users by FreeRADIUS. I have managed
> to do MAC address authentication. Since in MAC authentication the user does
> not do anything, the Access Point sends the MAC address automatically to the
> RADIUS server. But I cannot do username/password authentication, this is
> because I do not know how to send the username/password combination to the
> Avaya Access Point which has RADIUS support.
> 
> I think I must use a software like Dial-Up Networking software, but in
> Wireless Networks I can not dial a number like traditional ISP connection. 
> 
> And, I cannot see any "detail" file or any file in the "radacct" directory,
> I think this means that, Avaya Access Point does not send accounting packets
> (I read this from the FAQ).
> 
> Thanks for anyhelp,
> 
> Murat
> 
> 
> 
> 
>   _  
> 
> Do you Yahoo!?
> Yahoo!   Mail
> Plus - Powerful. Affordable. Sign up
>  now
> 
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: ???

2002-12-24 Thread Evren Yurtesen

Well you could at least change the subject =)
If you pay to the freeradius developers perhaps they can build you an RPM
Why cant you install from sources anyway?

$$$

Evren

On Tue, 24 Dec 2002, Brian Johnson wrote:

> Anyone have a RP? for freeRadius 0.8 (RedHat 7.2 i386)?
>  
> If not anyone want to make one for me as I'm a newbie to such things and
> haven't the time?  :)
>  
> Brian J.
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On Behalf Of Murat
> Hakan
> Sent: Monday, December 23, 2002 3:02 PM
> To: [EMAIL PROTECTED]
> Subject: ???
> 
> 
> 
> Hello all,
> 
> Sorry for the subject since I could not find a subject for my problem.
> 
> First, thanks for building such a flexible RADIUS server.
> 
> I am trying to authenticate the Wireless Users by FreeRADIUS. I have
> managed to do MAC address authentication. Since in MAC authentication
> the user does not do anything, the Access Point sends the MAC address
> automatically to the RADIUS server. But I cannot do username/password
> authentication, this is because I do not know how to send the
> username/password combination to the Avaya Access Point which has RADIUS
> support.
> 
> I think I must use a software like Dial-Up Networking software, but in
> Wireless Networks I can not dial a number like traditional ISP
> connection. 
> 
> And, I cannot see any "detail" file or any file in the "radacct"
> directory, I think this means that, Avaya Access Point does not send
> accounting packets (I read this from the FAQ).
> 
> Thanks for anyhelp,
> 
> Murat
> 
> 
> 
> 
>   _  
> 
> Do you Yahoo!?
> Yahoo! Mail
>  Plus -
> Powerful. Affordable. Sign up
>  now
> 
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: ???

2002-12-23 Thread Evren Yurtesen

I have an interesting question to you too =) I also give a hint to your
question at the end also =)

Are you the Murat Hakan who made "Motorola's $2 billion turkish bath" ?
http://www.business2.com/articles/mag/print/0,1643,44017,FF.html

Also are you using a proxy server in italy 193.205.206.25(proxy.unitn.it)
while sending your email to be anonymous?

Just wondered... =)

I havent used a lot of avaya products but if they dont have anything about
username's in their documentations perhaps you should see KarlNet who
produce the firmware's for these products (avaya=~orinoco)
http://www.karlnet.com/products/wheretofind/productindex.html
If you spend more $$$ and but software from KarlNet you can get this
feature into your access point perhaps. Also they promise improved
performance over standart software.

Evren

On Mon, 23 Dec 2002, Murat Hakan wrote:

> 
> Hello all,
> 
> Sorry for the subject since I could not find a subject for my problem.
> 
> First, thanks for building such a flexible RADIUS server.
> 
> I am trying to authenticate the Wireless Users by FreeRADIUS. I have managed to do 
>MAC address authentication. Since in MAC authentication the user does not do 
>anything, the Access Point sends the MAC address automatically to the RADIUS server. 
>But I cannot do username/password authentication, this is because I do not know how 
>to send the username/password combination to the Avaya Access Point which has RADIUS 
>support.
> 
> I think I must use a software like Dial-Up Networking software, but in Wireless 
>Networks I can not dial a number like traditional ISP connection. 
> 
> And, I cannot see any "detail" file or any file in the "radacct" directory, I think 
>this means that, Avaya Access Point does not send accounting packets (I read this 
>from the FAQ).
> 
> Thanks for anyhelp,
> 
> Murat
> 
> 
> 
> -
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Are you smarter than George W. Bush?

2002-12-19 Thread Evren Yurtesen

well what if the sender say 'my database problem' ?

On Thu, 19 Dec 2002, Ray wrote:

> so, who has been signing up the mailing list for stuff?
> and can't you (the list maintainers) add a filter to the list, something like 
> the mysql list has.  on the mysql list, it doesn't get through unless it has 
> the words 'mysql' or 'sql'. 
> 
> On Tuesday 17 December 2002 8:07, you wrote:
> > You received this message because you joined Wow Offers
> > or one of its affiliates. If you received this email in error, please reply
> > to this email or follow the unsubscribe instructions below. All products
> > and services promoted in this email are offered exclusively by third party
> > advertisers. Wow Offers makes no representations or warranties with respect
> > to these offers and all claims for injury and damages related to such
> > offers are the sole responsibility of the advertiser. 
> >  > color='#00'>To unsubscribe, click  > href="http://xbrd.com/u1.php?m=BRD_12354704&[EMAIL PROTECTED]
> >on.nl&id=6234413">here. 
> > 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Script to run if user fails authentication

2002-12-13 Thread Evren Yurtesen

I am not an expert but it might be possible to set a DEFAULT entry which
will send your private IP's to everyone connected then you can override
this for the authenticated users. The only problem is that I dont know how
to accept the user even when the password check fails.

Evren

On Fri, 13 Dec 2002, Chris A. Kalin wrote:

> I've looked over the documentation, but I can't seem to find how to run a
> script if the user fails authentication.
> 
> Basically, for a variety of goofy reasons, I need the following
> functionality:
> 
> If a user dials in with a correct username/password, everything works
> normally.
> If a user dials in and either gets the username/password combination wrong
> OR gives a nonexistant username, I want a script to run that returns
> different Reply values (gives them a private IP, reassigns the DNS server,
> etc etc.)  I've got the particulars of the custom replies worked out - I
> just need a way to return them.
> 
> Is the Exec-Program even the way to go here?  Or can I do some voodoo in the
> users files that gives all rejected users certain RADIUS attributes?
> 
> Thanks for any help, and I'm going to keep pounding on this on this end.
> 
> Chris Kalin
> [EMAIL PROTECTED]
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: (no subject)

2002-12-11 Thread Evren Yurtesen

did you try setting
User-Password
instead of
Password ?

On Wed, 11 Dec 2002 [EMAIL PROTECTED] wrote:

> I have instaled freeradius with ./configure, make and make install. I have 
> added  
> 
>lolo Password = "lolo"
>Reply-Message = "Hola, lolo"
> 
> to the file users, and starts the server with radiusd -X. But when I use 
> radtest the server doesn't accept the user:
> 
> >>> radtest lolo lolo localhost 0 testing123
> 
> and the server show:
> 
> 
> rad_recv: Access-Request packet from host 127.0.0.1:1047, id=233, length=56
>   User-Name = "lolo"
>   User-Password = "lolo"
>   NAS-IP-Address = 255.255.255.255
>   NAS-Port = 0
> modcall: entering group authorize
>   modcall[authorize]: module "preprocess" returns ok
> rlm_chap: Could not find proper Chap-Password attribute in request
>   modcall[authorize]: module "chap" returns noop
>   modcall[authorize]: module "mschap" returns notfound
> rlm_realm: No '@' in User-Name = "lolo", looking up realm NULL
> rlm_realm: No such realm NULL
>   modcall[authorize]: module "suffix" returns noop
> users: Matched DEFAULT at 152
>   modcall[authorize]: module "files" returns ok
> modcall: group authorize returns ok
>   rad_check_password:  Found Auth-Type System
> auth: type "System"
> modcall: entering group authenticate
> rlm_unix: [lolo]: invalid password
>   modcall[authenticate]: module "unix" returns reject
> modcall: group authenticate returns reject
> auth: Failed to validate the user.
> Delaying request 0 for 1 seconds
> Finished request 0
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Sending Access-Reject of id 233 to 127.0.0.1:1047
> Waking up in 4 seconds...
> --- Walking the entire request list ---
> Cleaning up request 0 ID 233 with timestamp 3df74acc
> Nothing to do.  Sleeping until we see a request.
> 
> 
> somebody can help me to configure freeradius
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: set up question

2002-12-10 Thread Evren Yurtesen

I dont know about radius but its a lot easier configuration when the ip's
in the cisco =)

Evren

On Mon, 9 Dec 2002, Bill wrote:

> Hello!
> 
> I have a question.  I have a Cisco AS5200.  It was suggested that I 
> place the public IP's into the AS5200, however there are provisions in 
> freeradius to do this also.  Which is the correct way, put the Public IP's 
> into the RAS or the radius?
> 
> Thanks,
> 
> Bill 
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: := or ==

2002-12-09 Thread Evren Yurtesen

I dont understand actually, if == checks if the a/v is 'equal' then it
must also ensure that it is present.

About := replacing passwords =) I feel like from another planet. It might
only work in a reply item I think. Wouldnt the person authenticate all the
time if it was replacing the a/v pairs in the request?

Anyhow I will change to == just to obey the standarts although I think :=
is working also for me...

Evren

On Mon, 9 Dec 2002, Ray a PowerWeb Tech wrote:

> the only thing that seems to give any clue for := vs == is doc/rlm_attr_filter
> [snip]
>  o  The operators used for specifying the attributes are as follows:
> 
>=-  NOT ALLOWED.  If used, it becomes "=="
> 
>:=   -  Set ( used to ensure a specific a/v is present )
>==   -  Equal  ( exact )
>=*   -  Always Equal ( will allow all values for attribute )
>!*   -  Always Not Equal ( will block all values for attribute )
>!=   -  Not equal
>>=   -  Greater than or equal to
><=   -  Less than or equal to
>>-  Greater than
><-  Less than
> 
>If you have regular expressions enabled you also have:
> 
>=~   -  Regular expression equal
>!~   -  Regular expression not equal
> [/snip]
> 
> so in theory, if these operators are the same everywhere (just an assumption, 
> but i don't feel like digging into the source to find out for sure) then a 
> radcheck with password := 123456 would set the password to 123456 and 
> password == 123456 would see if the password is 123456
> 
> 
> On Monday 09 December 2002 8:03, you wrote:
> > so what would it matter if it is := ?
> > I use that one in my conf files? I checked man 5 users but it is not very
> > clear to me what it means by 'repalaces' etc.
> >
> > Evren
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

:= or ==

2002-12-09 Thread Evren Yurtesen

so what would it matter if it is := ?
I use that one in my conf files? I checked man 5 users but it is not very
clear to me what it means by 'repalaces' etc.

Evren

On Mon, 9 Dec 2002, Ray wrote:

> On Monday 09 December 2002 6:51, you wrote:
> 
> > [root@Psyche root]# radtest root emptar1
> > Sending Access-Request of id 197 to
> > 127.0.0.1:1812
> > User-Name = "root"
> > rad_recv: Access-Accept packet from host
> 
> > [root@Psyche root]# radtest bob bobbob
> > Sending Access-Request of id 201 to
> > 127.0.0.1:1812
> > User-Name = "bob"
> > rad_recv: Access-Reject packet from host
> 
> >
> > The user bob has been set up on MySQL
> > mysql> select * from radcheck;
> > ++--+---++--+
> > | id | UserName | Attribute | Value  | op   |
> > |  1 | bob  | password  | bobbob | NULL |
> > 1 row in set (0.00 sec)
> 
> the op in radcheck should be == (though := < > and the others are valid)
> 
> > mysql> select * from radacct;
> 
> radacct is just an accounting table, radtest normally doesn't cause anything 
> to show up here, nor do you normally manually add anything to it.
> 
> 
> > mysql> select * from usergroup;
> > ++--+---+
> > | id | UserName | GroupName |
> > |  1 | bob  | dynamic   |
> 
> is there anything setup in radgroupcheck or radgroupreply? if not, then there 
> isn't much point in assigning groups.
> 
> though you could just do something like
> MySQL> insert into radgroupreply values (null, 'dynamic', 'Framed-MTU', 
> '576', ':=');
> 
> > modcall: entering group authenticate
> >   modcall[authenticate]: module "unix"
> > returns notfound
> 
> it says bob/bobbob is not a user on your machine, but since your trying to 
> auth via MySQL you probably aren't looking to auth via real users.
> if so then in radius.conf you should comment out the unix from the auth 
> section. 
> 
> i've only been playing with FR for the past few month a few hours here and 
> there. so don't assume i know what i'm talking about, but if it works for 
> you, then great.
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Can't authenticate with MySQL

2002-12-09 Thread Evren Yurtesen

do you think its even checking the mysql database? did you try to run
freeradius with -xx option?
by the way the op field should be := shouldnt it ?

Evren

On Tue, 10 Dec 2002, Mike Paneth wrote:

> 
> I have got FR 0.8 & MySQL up and running on
> LINUX 8, but I cannot authenticate.  Where am
> I going wrong?
> 
> Mike Paneth
> 
> I issue the following test message
> [root@Psyche root]# radtest root emptar1
> localhost 0 testing123
> 
> and get the following response
> 
> Sending Access-Request of id 197 to
> 127.0.0.1:1812
> User-Name = "root"
> User-Password =
> "\303\343W\035W\376\372\016\277\315\311x\220\341\255-"
> NAS-IP-Address = Psyche
> NAS-Port = 0
> rad_recv: Access-Accept packet from host
> 127.0.0.1:1812, id=197, length=20
> [root@Psyche root]# radtest bob bobbob
> localhost 0 testing123
> Sending Access-Request of id 201 to
> 127.0.0.1:1812
> User-Name = "bob"
> User-Password =
> "\272-\207W\306\206\372\316\200\214\202q\002WeQ"
> NAS-IP-Address = Psyche
> NAS-Port = 0
> rad_recv: Access-Reject packet from host
> 127.0.0.1:1812, id=201, length=20
> 
> The user bob has been set up on MySQL
> mysql> select * from radcheck;
> ++--+---++--+
> | id | UserName | Attribute | Value  | op   |
> ++--+---++--+
> |  1 | bob  | password  | bobbob | NULL |
> ++--+---++--+
> 1 row in set (0.00 sec)
> 
> mysql> select * from radacct;
> Empty set (0.00 sec)
> 
> mysql> select * from usergroup;
> ++--+---+
> | id | UserName | GroupName |
> ++--+---+
> |  1 | bob  | dynamic   |
> ++--+---+
> 1 row in set (0.00 sec)
>  
> Looking at the FR dialog I get the following.
> 
> rad_recv: Access-Request packet from host
> 127.0.0.1:32769, id=201, length=55
> User-Name = "bob"
> User-Password = "bobbob"
> NAS-IP-Address = 255.255.255.255
> NAS-Port = 0
> modcall: entering group authorize
>   modcall[authorize]: module "preprocess"
> returns ok
> rlm_realm: No '@' in User-Name = "bob",
> looking up realm NULL
> rlm_realm: No such realm NULL
>   modcall[authorize]: module "suffix" returns
> noop
> radius_xlat:  'bob'
> rlm_sql (sql): sql_set_user escaped user -->
> 'bob'
> radius_xlat:  'SELECT
> id,UserName,Attribute,Value,op FROM radcheck
> WHERE Username = 'bob' ORDER BY id'
> rlm_sql (sql): Reserving sql socket id: 0
> rlm_sql: The 'op' field for attribute
> 'password = bobbob' is NULL, or non-existent.
> rlm_sql: You MUST FIX THIS if you want the
> configuration to behave as you expect.
> radius_xlat:  'SELECT
> 
>radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
>  FROM radgroupcheck,usergroup WHERE
> usergroup.Username = 'bob' AND
> usergroup.GroupName = radgroupcheck.GroupName
> ORDER BY radgroupcheck.id'
> radius_xlat:  'SELECT
> id,UserName,Attribute,Value,op FROM radreply
> WHERE Username = 'bob' ORDER BY id'
> radius_xlat:  'SELECT
> 
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
>  FROM radgroupreply,usergroup WHERE
> usergroup.Username = 'bob' AND
> usergroup.GroupName = radgroupreply.GroupName
> ORDER BY radgroupreply.id'
> rlm_sql (sql): Released sql socket id: 0
>   modcall[authorize]: module "sql" returns ok
> users: Matched DEFAULT at 152
>   modcall[authorize]: module "files" returns ok
> modcall: group authorize returns ok
>   rad_check_password:  Found Auth-Type System
> auth: type "System"
> modcall: entering group authenticate
>   modcall[authenticate]: module "unix"
> returns notfound
> modcall: group authenticate returns notfound
> auth: Failed to validate the user.
> Delaying request 4 for 1 seconds
> Finished request 4
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radiusd.conf

2002-12-09 Thread Evren Yurtesen

good point, cisco use 1645 default if you dont specify in the
configuration. =)

Evren

On Mon, 9 Dec 2002, William Ragsdale wrote:

> On Mon, 09 Dec 2002 17:01:05 -0600 Bill <[EMAIL PROTECTED]> wrote:
> 
> > Hello!
> > Can someone send me a radiusd.conf example that would show a connection
> > for 
> > an AS5200 or similar? I have FreeRadius running on Suse 8.0. I'm
> > currently 
> > a wireless provider going to dial-up also. When I try to connect, the
> > Cisco 
> > box says that it can't find the Radius server. I have port 1645 loaded
> > on 
> > both units as well as the key "secret". I'm thinking I'm still missing 
> > something in the radiusd.conf file.
> > Thanks,
> 
> Greetings,
>   Did you specify port 1645 on your FreeRadius daemon?  By default it uses
> port 1812 for authentication.
> 
> 
> -- 
> 
> ·William Ragsdale   ·http://www.netonecom.net
> ·Server Administrator ·Office Hours ·NetOne Communications, Inc.
> ·Work: 231-734-2917 10AM - 7PM  ·2186 US 10
> ·FAX:  231-734-6395 ·Sears, MI  49679
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: please kindly get back to me

2002-12-09 Thread Evren Yurtesen

So since there is not much secret about this since you submit this email
to a mailing list, can you please donate the diamonds to the developers of
the freeradius software? what should we do to get the diamonds? you can
keep the cash, no problem ;)

On Mon, 9 Dec 2002, MPETI L. KABILA (Jnr) wrote:

> REQUEST FOR URGENT BUSINESS ASSISTANCE
> --
> Your contact was availed to me by the chamber of
> commerce. It was given  to me because of my diplomatic 
> status as I did not disclose the actual reasons for 
> which I sought your contact. But I was
> assured That you are reputable and trustworthy if you
> will be of assistance. 
> I am Laurent Mpeti Kabila (Jnr) the second son of
> Late President LAURENT DESIRE KABILA the immediate
> Past president of the DEMOCRATIC REPUBLIC OF CONGO in
> Africa who was murdered by his opposition through his 
> personal bodyguards in his bedroom on Tuesday 16th January, 2001.
> I have the privilege of being mandated by my father colleagues 
> to seek your immediate and urgent co-operation to receive into
> your bank account the sum of US $25m.(twenty-five million Dollars)
> and some thousands carats of Diamond. 
> This money and treasures was lodged in a vault with a
> security firm in Europe and South-Africa.
> 
> SOURCES OF DIAMONDS AND FUND
> In August 2000, my father as a defence minister and president has a 
> meeting with his cabinet and armychief about the defence budget for
> 2000 to 2001 which was US $700m. so he directed one of his best
> friend. Frederic Kibasa Maliba who was a minister of
> mines and a political party leader known as the Union Sacree de, 
> I opposition radicale et ses allies (USORAL) to buy arms
> with US $200m on 5th January 2001; for him to finalized the arms
> deal,
> my father was murdered. f.K. Maliba (FKM) and I have decided to keep
> the money with a foreigner after which he will use it to contest for
> the political election. Inspite of all this we have resolved to
> present your or your company for the firm to pay it into your
> nominated 
> account the above sum and diamonds. This transaction should be
> finalized within
> seven (7) working days and for your co-operation and partnership, we
> have unanimously agreed that you will be entitled to 5.5% of the money
> when successfully receive it in your account. The nature of your
> business is not relevant to the successful execution of this
> transaction what we
> require is your total co-operation and commitment to ensure 100%
> risk-free transaction at both ends and to protect the persons
> involved in this
> transaction, strict confidence and utmost secrecy is required
> even after the successful conclusion of this transaction. If this
> proposal is acceptable to you, kindly provide me with your personal
> telephone
> and fax through my E-mail box for immediate commencement of the
> transaction. 
> All correspondence is for the attention of my counsel: 
> I count on your honour to keep my secret, SECRET.
> Looking forward for your urgent reply
> Thanks.
> Best Regards
>   
> MPETI L. KABILA (Jnr)
> 
> 
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: HInts, Huntgroups and Users Files

2002-12-09 Thread Evren Yurtesen

if you installed freeradius into linux then look at
man 5 users
if you still have questions then you are welcome to send email =)

PS. also see the sample users file which came with freeradius
Evren

On Mon, 9 Dec 2002, Miller, Kenneth L NWP wrote:

> Good morning,
> 
>   I am very new to Radus Server and especially new to freeradius.  I
> have inherited a very old Ascend Radius Server that is running on a SUN box.
> I want to move this to Linux and run it under freeradius.  The USERS file on
> the Sun box is just a flat text file, which contains the usernames,
> passwords, and attributes such as Framed-Protocol, Filter-ID, etc., but it
> appears that freeradius handles thing differently. If the username and
> passwords are not placed in the users file, then where are they put.
> 
>   The "How the USERS file is processed"  states "After the items of a
> request have been mangled by the "hints" and "huntgroups" files, the users
> file is processed."
> 
>   What does this mean?  Do I put the username and passwords in the
> "hints" file or what?
> 
> Can anyone help me out here? 
> 
> Thanks
> 
> Ken
> 
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: radius

2002-12-08 Thread Evren Yurtesen

I am happy if that solved your problem =) But if you use checkrad then you
wouldnt need to delete these users manually perhaps. You can also use
radzap program perhaps. (I just remembered such thing exists) =)

Evren

On Sat, 7 Dec 2002, Craig Witter wrote:

> Thanks
> 
> Craig Witter
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On Behalf Of Evren Yurtesen
> Sent: Saturday, December 07, 2002 6:15 PM
> To: [EMAIL PROTECTED]
> Subject: Re: radius
> 
> try deleting /usr/local/var/log/radwtmp for radlast
> the rest are in radutmp or sradutmp files
> dont you use checkrad ?
> 
> Evren
> 
> 
> On Sat, 7 Dec 2002, Craig Witter wrote:
> 
> > I have two radius servers, a primary and a secondary, I'm running free rad
> > 0.7 I issue a radwho on my primary server, I see the users logged on, I
> > issue that command on the secondary server, and I a list of users that
> were
> > logged in. My primary radius server went down for a restart, so the
> > secondary took over, when the clients logged off, all the accounting info
> > was sent to the primary, not to the secondary. How do  I clear the radius
> > accounting info on my secondary server? I tried going into
> > /usr/local/var/log/radius/radacct and deleting the folders inside there of
> > the ip's of the access servers, but radwho still shows people as being
> > logged in.
> > 
> > Thanks,
> > 
> >  
> > 
> > Craig
> > 
> >  
> > 
> > 
> 
> 
> - 
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radius

2002-12-07 Thread Evren Yurtesen

try deleting /usr/local/var/log/radwtmp for radlast
the rest are in radutmp or sradutmp files
dont you use checkrad ?

Evren


On Sat, 7 Dec 2002, Craig Witter wrote:

> I have two radius servers, a primary and a secondary, I'm running free rad
> 0.7 I issue a radwho on my primary server, I see the users logged on, I
> issue that command on the secondary server, and I a list of users that were
> logged in. My primary radius server went down for a restart, so the
> secondary took over, when the clients logged off, all the accounting info
> was sent to the primary, not to the secondary. How do  I clear the radius
> accounting info on my secondary server? I tried going into
> /usr/local/var/log/radius/radacct and deleting the folders inside there of
> the ip's of the access servers, but radwho still shows people as being
> logged in.
> 
> Thanks,
> 
>  
> 
> Craig
> 
>  
> 
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Hello

2002-12-05 Thread Evren Yurtesen

well some users are very intelligent =)

perhaps changing the queries about usernames in sql.conf file to case
insensitive would help. (assuming checkrad is working case insensitive)

Evren

On Thu, 5 Dec 2002, Alan DeKok wrote:

> "System Administrator" <[EMAIL PROTECTED]> wrote:
> > I am trying to solve a problem with auth. users with UPPERCASE letters
> > in their usenames and passwords..I have turned them on in the
> > radius.conf file but now I find that some users can get on two different
> > machines 1 using allupercase and the other using lowercase and it
> > works..any thoughts?
> 
>   Convince your users to log in using a standard user name.
> 
>   Hmm... some patches to the radutmp module module might be good.
> 
>   Alan DeKok.
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: logging to mysql?

2002-12-05 Thread Evren Yurtesen

check out the conf file, there is an option to log them to log file. (I
dont know about mysql) you can login to this freeradius server with ssh
and as many people you like can watch =)

Evren

On Thu, 5 Dec 2002, Ray wrote:

> is there a way to get freeRadius to log good and bad logins to MySQL?
> 
> the techsupport frequantly gets calls from people who don't spell their 
> username/password the same way we do. with our current system, there is a 
> computer that we can PC Anywhere into and watch, and it shows the last 2 
> logins (good or bad) but since we will be running freeRadius as a deamon, 
> there isn't really a screen to watch.  
> 
> i don't think the issue will come up much since 80% of the time its a space 
> in the username or password. the rest is usually using their email address 
> rather then username or nt_domains got turned on somehow.
> 
> also, how can you trim the username to remove junk like their email address? 
> 
> most of our users have the same email address as username 
> ie:
> username: bob
> email: [EMAIL PROTECTED]
> so if they use [EMAIL PROTECTED], it will check for bob
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Password

2002-12-04 Thread Evren Yurtesen

I am little bit newbie to radius too. But in tacacs+ it would be possible
to run a shell script when a user logs on. It is possible to run a script
before authorization.

Also in freeradius faq it mentions about

o  Exec-Program-Wait, allows you to set up an external program which
   is executed after authentication and outputs a list of A/V pairs
   which is then added to the reply.

So maybe its possible to make such script which will change the password
of the user right after authentication. Also in docs README file it says

  Exec-Program  string  program to execute after authentication
  Exec-Program-Wait string  ditto, but wait for program to finish
before sending back auth. reply 

In any case you can fix this with a script perhaps =) What do you say?

Evren

On Thu, 5 Dec 2002, Mail Admin wrote:

> Dear Evren,
> 
> Yes it is crucial that they can only logon once. This is the most important
> factor and unfortunately cannot be changed. So I was thinking of trying to
> change the code that will change their password to null once they have
> authenicated but am finding great difficulty being a C beginner. Is there a
> better way to allow them to logon only once than the way I have suggested?
> 
> Thanks in advance
> Alan
> 
> 
> - Original Message -
> From: "Evren Yurtesen" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, December 05, 2002 11:35 AM
> Subject: Re: Password
> 
> 
> > Why dont you search the accounting logs then delete the users which logged
> > in once with a script? Lets say every day? or you can actually change
> > their passwords too. Is it very crucial that they only logon once? or is
> > it ok if they can use the account for 1 day?
> >
> > Evren
> >
> > On Thu, 5 Dec 2002, Alan Wong wrote:
> >
> > >
> > > >> I need your advice regarding the password. I want to know how to set
> the
> > > >> password to null after authentication.
> > >
> > > >  Huh?  Why would you want to do that?
> > >
> > > Because Im trying to set up a system where people can only use there
> > > accounts only once.
> > >
> > > Alan
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> > >
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> > >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Password

2002-12-04 Thread Evren Yurtesen

Why dont you search the accounting logs then delete the users which logged
in once with a script? Lets say every day? or you can actually change
their passwords too. Is it very crucial that they only logon once? or is
it ok if they can use the account for 1 day?

Evren

On Thu, 5 Dec 2002, Alan Wong wrote:

> 
> >> I need your advice regarding the password. I want to know how to set the
> >> password to null after authentication.
> 
> >  Huh?  Why would you want to do that?
> 
> Because Im trying to set up a system where people can only use there
> accounts only once.
> 
> Alan
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re:(2) Can LDAP be used to authenticate /etc/passwd ?

2002-12-04 Thread Evren Yurtesen

or actually if you can keep the /etc/passwd /etc/shadow syncronised with
LDAP that would also do the trick. Perhaps with a script you can convert
/etc/passwd /etc/shadow into LDAP or only the changed accounts etc. or
even syncronise the add/remove user functions both in LDAP and in system
files.

Evren

On Wed, 4 Dec 2002, Simon White wrote:

> 04-Dec-02 at 20:23, jmc_cs ([EMAIL PROTECTED]) wrote :
> > 
> > 
> > Hi Simon,
> > - Original Message -
> > From: "Simon White" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Wednesday, December 04, 2002 7:23 PM
> > Subject: Re: Can LDAP be used to authenticate /etc/passwd ?
> > 
> > 
> > > 04-Dec-02 at 19:12, Sarick ([EMAIL PROTECTED]) wrote :
> > > > Hi all,
> > > > Can the LDAP be used to authenticate a user whose username and password
> > is
> > > > stored in /etc/passwd??
> > >
> > > How is the LDAP server going to read the username in /etc/passwd?
> > >
> > > Passwords are not stored in /etc/passwd, just usernames.
> > > Passwords are usually in /etc/shadow, YMMV
> > yes. My question is, can I use LDAP to authenticate the users who having the
> > accounts on Linux , with EAP-MD5 authentication?
> > That is, to read the usernames from /etc/passwd  and passwords from
> > /etc/shadow.
> > How?
> 
> You can't. You can store the hashes that are in shadow in LDAP probably.
> I think, however, that your approach is probably wrong.
> 
> -- 
> |-Simon White, Internet Services Manager, Certified Check Point CCSA.
> |-MTDS  Internet, Security, Anti-Virus, Linux and Hosting Solutions.
> |-MTDS  14, rue du 16 novembre, Agdal, Rabat, Morocco.
> |-MTDS  tel +212.3.767.4861 - fax +212.3.767.4863
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Can LDAP be used to authenticate /etc/passwd ?

2002-12-04 Thread Evren Yurtesen

You can perhaps use some kind of script to transfer /etc/passwd and
/etc/shadow into LDAP and then use PAM to authenticate all your linux
users from LDAP database. Also when you add new users you can add to ldap
and create directories in linux (with a script perhaps).
This way you can get rid of the whole /etc/passwd and /etc/shadow files at
the same time so you dont have to deal with 2 things.
But then you should find a sendmail which is patched to support LDAP,PAM 
etc. and your pop3,imap servers should support PAM or LDAP too also all
your programs like apache etc. should somehow find users from LDAP.
I tried to do this once but then I thought what the hell, too much
work for having an LDAP database. FreeBSD already keeps users in DB so
this wont improve performance at all. That was also when I decided LDAP
sucks little bit =) Although it is easier to reach to a database like LDAP
or MySQL from anywhere you like.

Evren

On Wed, 4 Dec 2002, Simon White wrote:

> 04-Dec-02 at 20:23, jmc_cs ([EMAIL PROTECTED]) wrote :
> > 
> > 
> > Hi Simon,
> > - Original Message -
> > From: "Simon White" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Wednesday, December 04, 2002 7:23 PM
> > Subject: Re: Can LDAP be used to authenticate /etc/passwd ?
> > 
> > 
> > > 04-Dec-02 at 19:12, Sarick ([EMAIL PROTECTED]) wrote :
> > > > Hi all,
> > > > Can the LDAP be used to authenticate a user whose username and password
> > is
> > > > stored in /etc/passwd??
> > >
> > > How is the LDAP server going to read the username in /etc/passwd?
> > >
> > > Passwords are not stored in /etc/passwd, just usernames.
> > > Passwords are usually in /etc/shadow, YMMV
> > yes. My question is, can I use LDAP to authenticate the users who having the
> > accounts on Linux , with EAP-MD5 authentication?
> > That is, to read the usernames from /etc/passwd  and passwords from
> > /etc/shadow.
> > How?
> 
> You can't. You can store the hashes that are in shadow in LDAP probably.
> I think, however, that your approach is probably wrong.
> 
> -- 
> |-Simon White, Internet Services Manager, Certified Check Point CCSA.
> |-MTDS  Internet, Security, Anti-Virus, Linux and Hosting Solutions.
> |-MTDS  14, rue du 16 novembre, Agdal, Rabat, Morocco.
> |-MTDS  tel +212.3.767.4861 - fax +212.3.767.4863
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: how to add a user

2002-12-04 Thread Evren Yurtesen

yeah well there is example users file and if you are using sql then you
can try dialup_admin etc. 

On Wed, 4 Dec 2002, Simon White wrote:

> 03-Dec-02 at 16:24, Maurizio Martinoli ([EMAIL PROTECTED]) wrote :
> > can anyone tell me how to add a user in freeradius?
> > thank you
> 
> There is no way you're going to get an answer to this kind of question.
> RTFM.
> 
> -- 
> |-Simon White, Internet Services Manager, Certified Check Point CCSA.
> |-MTDS  Internet, Security, Anti-Virus, Linux and Hosting Solutions.
> |-MTDS  14, rue du 16 novembre, Agdal, Rabat, Morocco.
> |-MTDS  tel +212.3.767.4861 - fax +212.3.767.4863
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: (3) now checkrad is working but freeradius dont wait for itsreply!

2002-12-03 Thread Evren Yurtesen

Yes I posted a few times maybe but I am not a developer and I dont want to
track the latest sources etc. I couldnt find fix for this problem in the
mailing list archives and the same problem was existing previous versions
of freeradius. At least now somebody who downloaded 0.8 version or another 
from download page might be able to find the solution from mailing list
archives.

By the way how do I check the cvs history from command line? without
downloading the sources? so next time I find out easily if something is
fixed?

It could be nicer and easier for people like me who doesnt use cvs very
often to have a web interface for checking cvs histories...actually...
Like at http://www.freebsd.org/cgi/cvsweb.cgi/

Evren

On Tue, 3 Dec 2002, Alan DeKok wrote:

> Evren Yurtesen <[EMAIL PROTECTED]> wrote:
> > actually I already fixed the problem by changing child_pid <=0 to 
> > childpid < 0
> 
>   Yes, I know.  You said that *repeatedly*, and *repeatedly* posted
> the code.  Once would have been enough, we're not deaf.
> 
> > About CVS. I dont usually track software with CVS since I believe the
> > latest is not usually the most stable. But thanks for the advice =)
> 
>   Then you wasted your time tracking down the problem.
> 
>   If you're going to track down a problem, the FIRST thing you should
> do is to check if it's fixed in the CVS head.  If so, then you can
> back-port the fix to the release you're using.  Or, you can ask on the
> list if the fix can be back-ported.
> 
>   Either way, it's a whole lot easier to grab other people's bug
> fixes, than it is to track down the problem, and come up with the fix
> yourself.
> 
>   Alan DeKok.
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

1 2 >

1 - 100 of 122 matches

Mail list logo