Limiting access at a proxy server based on Called-Station-ID

2003-11-19 Thread Mark Moody 
I've been asked if the following is possible. We operate a pair of
radius servers that proxy several realms to their respective home
servers.  We need to limit their users access based on
Called-Station-ID.  When the Auth request comes in from the NAS, I need
to be able to consult a (possibly large) list of access numbers and
determine if the user called an approved number, if so allow the request
to proceed to the home server.  If not, return an Access-Reject to the
NAS.  I've experimented with the DEFAULT entries in the users file, and
looked at pre-proxy as well.  So far I haven't come up with a good way
to do this.  If anyone is currently doing something like this could you
let me know how you're doing it?  Keep in mind the potential list of
Called-Station-IDs is potentially very large, management of and updates
to this list need to be straight forward.  Any help will be most
appreciated. 

-- 
Mark Moody 



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: libpam not found

2003-09-17 Thread Mark Moody 
Removing the config.cache file seems to have done it.  I had already
installed the libppam0g-dev package, but for some reason a subsequent
run of configure didn't detect it as it did other added packages. 
Thanks for the pointer.

On Wed, 2003-09-17 at 03:18, Geller Sandor wrote:
 On Wed, 16 Sep 2003, Mark Moody wrote:
 
  checking for pam_start in -lpam... (cached) no
  checking for security/pam_appl.h... (cached) no
  checking for pam/pam_appl.h... (cached) no
 
 Remove the config.cache file, install the libpam0g-dev package, and rerun
 configure
 
   Geller Sandor [EMAIL PROTECTED]
 
 - 
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- 
Mark Moody 
Serious ISP   888-243-7011 x5108 
[EMAIL PROTECTED] 
GPG Key fingerprint = ED26 261A E08F BCBC 4AB0  7C0D A483 F309 A856 ABEF


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

libpam not found

2003-09-16 Thread Mark Moody 
I'm trying to install Freeradius 0.9.1 on a Debian system (2.4.30),
everything is fine except for the following:

configuring in src/modules/rlm_pam
running /bin/sh ./configure  --prefix=/usr --sysconfdir=/etc
--localstatedir=/var --with-experimental-modules --with-snmp
--with-rlm-pam-lib-dir=/usr/lib --enable-ltdl-install
--cache-file=../../.././config.cache --srcdir=.
loading cache ../../.././config.cache
checking for gcc... (cached) gcc
checking whether the C compiler (gcc -g -O2 -D_REENTRANT
-D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG ) works... yes
checking whether the C compiler (gcc -g -O2 -D_REENTRANT
-D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG ) is a
cross-compiler... no
checking whether we are using GNU C... (cached) yes
checking whether gcc accepts -g... (cached) yes
checking how to run the C preprocessor... (cached) gcc -E
checking for dlopen in -ldl... (cached) yes
checking for pam_start in -lpam... (cached) no
checking for security/pam_appl.h... (cached) no
checking for pam/pam_appl.h... (cached) no
configure: warning: silently not building rlm_pam.
configure: warning: FAILURE: rlm_pam requires:  libpam.
creating ./config.status
creating Makefile
creating config.h
config.h is unchanged

When I look in /usr/lib I find:

-rw-r--r--1 root root   224608 Jan 21  2002 libpam.a
lrwxrwxrwx1 root root   19 Sep 16 19:19 libpam.so -
/lib/libpam.so.0.72
-rw-r--r--1 root root 6436 Jan 21  2002 libpam_misc.a
lrwxrwxrwx1 root root   24 Sep 16 19:19 libpam_misc.so
- /lib/libpam_misc.so.0.72
-rw-r--r--1 root root10050 Jan 21  2002 libpamc.a
lrwxrwxrwx1 root root   20 Sep 16 19:19 libpamc.so -
/lib/libpamc.so.0.72

I'm using the following configure statement:

./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
--with-experimental-modules --with-snmp

I've also tried it with --with-rlm-pam-lib-dir=/usr/lib and I get the
same result.  I've searched the archives, and not found any clues, what
gives?



-- 
Mark Moody 
Serious ISP   888-243-7011 x5108 
[EMAIL PROTECTED] 
GPG Key fingerprint = ED26 261A E08F BCBC 4AB0  7C0D A483 F309 A856 ABEF


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Round robin proxy not working

2003-03-11 Thread Mark Moody 
We have several realms configured to do round robin between two downstream
radius servers.  We have observed that our freeradius (0.8.1) servers are
sending all traffic for a realm to the first server listed for that realm.
I have seen in the logs where it does do failover however.  Here's an
example of how we have these realms configured:

realm  downstream.net {
type= radius
authhost= 10.10.10.10:1645
accthost= 10.10.10.10:1646
secret  = s
ldflag  = round_robin
nostrip
}
realm  downstream.net {
type= radius
authhost= 10.10.10.11:1645
accthost= 10.10.10.11:1646
secret  = s
ldflag  = round_robin
nostrip
}

Are there special compile time flags we may have missed?  We are running
freeradius 0.8.1 on redhat 7.3 systems, with a mysql server on a separate
backend machine.  Any help would be appreciated.
--
Mark Moody
Serious ISP   888-243-7011 x5108
[EMAIL PROTECTED]



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html