Re: More Questions
1: I have read all the Doc's that come with radius and searche dthe web and still have not found how to log accounting info in radius. I have turned on log_auth, log_auth_badpass, and log_auth_goodpass in radiusd.conf. Having done this I am still not getting any accounting info in the database or log file. Am I missing something here? This question was asked earlier this week. I guess it might be a good idea to ask Alan to put sql as a commented option in the authorize and accounting sections of the radiusd.conf. You need to add sql to your accounting section of radiusd.conf if you want it to write accounting info the the database. You also need to make sure the sql queries in sql.conf that use the radacct table are correct for your database. 2: I am trying to limit simultaneous use and am a bit confused. One file says that it only works with users file and pam (i believe) but not with SQL, LDAP and so forth. In another doc it says to change in tablr radgruopcheck Attribute=Simultaneoius-use OP=:= and value to 1. I have done this and still allows multiples. Also saw in radiusd.conf where i need to uncomment simul_count_query but that appears to only work if you have accounting working. Am doing something wrong here as well? It works with SQL, as you describe in the radgroupcheck table. At the bottom of the radiusd.conf is a section called session, in there is a flag which tells it to use the sql or radutmp for Simult-use checking. If you don't you don't uncomment the queries simult-use needs in the sql.conf, it will not work. Take a look at my radiusd.conf for reference: http://mrtizmo.com/freeradius/ Concerns: 1: Does the traditional NAS send radius the accounting info or does radius insert as authed, denyied, etc? radius just sits there waiting for an NAS to send it data, then it auth's/denies it and then logs everything. Hope that helps! Nick -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: strange, but minor issue with 0.9.3 and ./debian/rules
So I need to put something into debian/changlog that indicates version 0.9.3 and the debian packaging system will then correctly name the deb files ??? I am trying to learn this this stuff, and am at the point I am very dangerous to my systems. :-) I try to procede with caution in areas I know very little about. Richard Richard, I have instructions on my website for building .deb freeradius packages if you'd like to take a look: http://mrtizmo.com/freeradius/ Step 7 instructs people to change the top of the changelog, which will then be used to name the .deb packages. Nick -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius 0.9.3 / mysql 4.0.16: no logging
modcall[authorize]: module preprocess returns ok for request 3
radius_xlat: '/var/log/radiusd/radacct/81.20.32.130/auth-detail-20031215'
rlm_detail:
/var/log/radiusd/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/radiusd/radacct/81.20.32.130/auth-detail-20031215
modcall[authorize]: module auth_log returns ok for request 3
[snip]
modcall: entering group post-auth for request 3
radius_xlat: '/var/log/radiusd/radacct/81.20.32.130/reply-detail-20031215'
rlm_detail:
/var/log/radiusd/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d
expands to /var/log/radiusd/radacct/81.20.32.130/reply-detail-20031215
modcall[post-auth]: module reply_log returns ok for request 3
[snip]
modcall[accounting]: module sql returns ok for request 4
radius_xlat: '/var/log/radiusd/radacct/81.20.32.130/detail-20031215'
rlm_detail: /var/log/radiusd/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /var/log/radiusd/radacct/81.20.32.130/detail-20031215
modcall[accounting]: module detail returns ok for request 4
modcall[accounting]: module unix returns ok for request 4
radius_xlat: '/var/log/radiusd/radutmp'
radius_xlat: '[EMAIL PROTECTED]'
modcall[accounting]: module radutmp returns ok for request 4
modcall: group accounting returns ok for request 4
Please bear in mind that authentication and authorisation is done using
flat files, accounting is done in a database. The latter doesn't work.
James,
All of your accounting data is being written to the details files. You must
not have put sql in the accounting section of radius.conf.
Also make sure the sql queries in sql.conf are correct for the radacct
table.
Take a look at my radius.conf for reference to using mysql for accounting and
user/pass/groups (auth).
http://mrtizmo.com/freeradius/
Hope some of this helps!
Nick
--
Nick Davis
Associate Systems Administrator
[EMAIL PROTECTED]
Internet Exposure, Inc.
http://www.iexposure.com
(612)676-1946
Web Development-Web Marketing-ISP Services
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Running FreeRADIUS with user other than root
On Tuesday 09 December 2003 17:25, Chris Parker wrote: At 05:18 PM 12/9/2003, Michael Shanafelt wrote: I actually already tried that, but still got the same error. Do I need to change the owner of radiusd to the user I want to run it as? What *is* the error message you get. Posting that might be helpful. Also note that you can start radiusd as root, and have it switch to a different user. See the comments in 'radiusd.conf'. You will also want to ensure that the user you are trying to run this as has appropriate permissions to read all of the config files, etc. in /path/to/raddb Just another reminder, that user needs access to write to the log files and rad[wu]tmp too! Nick -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 0.9.3 has been released
Paul, Here is the email I am referring to: http://lists.cistron.nl/pipermail/freeradius-users/2003-July/021375.html The dependencies of concern are: freetype fonts, gtk, xfree86, xlibs. Those dep's were from debian Woody, I didn't actually test if those dependencies had been removed in Sarge since the debian servers were down. As soon as the debian servers are back up to normal, I'll try to use your .deb packages and see what dependencies are required. Thanks! Nick On Friday 21 November 2003 20:58, Paul Hampson wrote: On Fri, Nov 21, 2003 at 09:12:31AM -0600, Nick Davis wrote: On Thursday 20 November 2003 20:07, Paul Hampson wrote: Paul, I see that these deb packages have the same dependency issues we discussed in September with libiodbc2 and libltdl3. The Depends says: freeradius: Depends: libiodbc2 (= 3.51.1-3) but 3.51.1-1 is installed Depends: libltdl3 (= 1.5-3) but 1.5-2 is installed freeradius-mysql: Depends: zlib1g (= 1:1.2.1) but 1:1.1.4-16 is installed To be honest, I don't remember discussing this in September, but my mail archives are currently in transit, so I can't check what I said. According to my local Debian mirror, (mirror.aarnet.edu.au), the current libiodbc2 in sid (/unstable) is 3.51.1-3, the current libltdl3 is 1.5-7, and the current zlib1g is 1:1.2.1-1 I am running Sarge, and I tried to search through unstable. Where do those versions of those libraries come from? Several of the debian web servers have been compromised and are down for inspection, so I am not able to search for the necessary versions of these libraries. Ah, that's the problem, testing's not up to date on these libraries. Since we're going for Debian archive acceptance, they have to be built against unstable. I may have previously built against testing, but I don't think I put those binaries anywhere, as they were built on a powerpc machine. On Fri, Nov 21, 2003 at 11:00:19AM -0600, Nick Davis wrote: All, I posted new versions of my slimed down debian packages: http://mrtizmo.com/freeradius/index.html The big thing I did was to remove the need for iodbc, since it has a lot of nasty dependencies. Apart from libc6, what other dependancies are you seeing from libiodbc2? (My unstable build machine is currently also in transit, so I can't check that myself. Last time I tried to get iodbc broken out into its own package, the lack of interesting dependancies was the deciding factor. I do intend to readdress this issue once we're in the Debian archive) -- Paul TBBle Hampson, from an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 0.9.3 has been released
On Thursday 20 November 2003 20:07, Paul Hampson wrote: As a bonus, the rlm_ippool pod2man call got fixed for perl 5.6, and rlm_eap has been silenced in the case where it is called upon a non-EAP packet. There are pacakges for Debian at http://www.tbble.com/freeradius/ They're numbered 0.9.2-4 since (a) I'm moving and don't have time to muck with the new source archive; and (b) we're this close to getting into Debian/unstable so I don't want to muck with things too much until that's done. Just to reiterate, the 0.9.2-4 packages at http://www.tbble.com/freeradius/ are the same as the 0.9.3 tarball above, but with major Debian packaging improvements (bg thanks to Steve Langasek for his guidance here) which will hopefully go into 1.0.0 and 0.9.4's tarballs. -- Paul, I see that these deb packages have the same dependency issues we discussed in December with libiodbc2 and libltdl3. The Depends says: freeradius: Depends: libiodbc2 (= 3.51.1-3) but 3.51.1-1 is installed Depends: libltdl3 (= 1.5-3) but 1.5-2 is installed freeradius-mysql: Depends: zlib1g (= 1:1.2.1) but 1:1.1.4-16 is installed I am running Sarge, and I tried to search through unstable. Where do those versions of those libraries come from? Several of the debian web servers have been compromised and are down for inspection, so I am not able to search for the necessary versions of these libraries. http://cert.uni-stuttgart.de/files/fw/debian-security-20031121.txt I am going to get the cvs and build my own deb packages without these dependencies and without the extra modules like before, but I just wanted to see what your current thoughts are on this issue. Thanks for your work! Nick -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 0.9.3 has been released
On Thursday 20 November 2003 20:07, Paul Hampson wrote: As a bonus, the rlm_ippool pod2man call got fixed for perl 5.6, and rlm_eap has been silenced in the case where it is called upon a non-EAP packet. There are pacakges for Debian at http://www.tbble.com/freeradius/ They're numbered 0.9.2-4 since (a) I'm moving and don't have time to muck with the new source archive; and (b) we're this close to getting into Debian/unstable so I don't want to muck with things too much until that's done. Just to reiterate, the 0.9.2-4 packages at http://www.tbble.com/freeradius/ are the same as the 0.9.3 tarball above, but with major Debian packaging improvements (bg thanks to Steve Langasek for his guidance here) which will hopefully go into 1.0.0 and 0.9.4's tarballs. -- Paul, Ignore the prevous msg, I put Dec instead of Sept in the first line. I see that these deb packages have the same dependency issues we discussed in September with libiodbc2 and libltdl3. The Depends says: freeradius: Depends: libiodbc2 (= 3.51.1-3) but 3.51.1-1 is installed Depends: libltdl3 (= 1.5-3) but 1.5-2 is installed freeradius-mysql: Depends: zlib1g (= 1:1.2.1) but 1:1.1.4-16 is installed I am running Sarge, and I tried to search through unstable. Where do those versions of those libraries come from? Several of the debian web servers have been compromised and are down for inspection, so I am not able to search for the necessary versions of these libraries. http://cert.uni-stuttgart.de/files/fw/debian-security-20031121.txt I am going to get the cvs and build my own deb packages without these dependencies and without the extra modules like before, but I just wanted to see what your current thoughts are on this issue. Thanks for your work! Nick -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
link to my debian packages based on 0.9.3
All, I posted new versions of my slimed down debian packages: http://mrtizmo.com/freeradius/index.html The big thing I did was to remove the need for iodbc, since it has a lot of nasty dependencies. The page explains what all I removed and how I did so. Please feel free to use what you can. Enjoy! Nick -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: loging problems after logrotate
Well there are a couple of things.
1. After logrotate completes you need to restart radiusd so it will use the
new log file.
2. If you search the freeradius list archives there are several instructions
to make radius log to a different file every day/week/month etc.. You just
modify this line to make that happen:
detailfile = ${radacctdir}/%{Client-IP-Address}/detail
Nick
--
Nick Davis
Associate Systems Administrator
[EMAIL PROTECTED]
Internet Exposure, Inc.
http://www.iexposure.com
(612)676-1946
Web Development-Web Marketing-ISP Services
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Installing Freeradius on Debian
Is this enormous list a good enough reason to split the freeradius package into sub-packages? Nope. A massive list of _souce_ dependancies isn't a problem in any way... Happily, it looks like the source-dependancies on the package are correct, too. I was going to check that in a pbuilder some time, but your result gives me a little confidence boost. Well after making the necessary changes to the freeradius config files to work with my system, I started up freeradius and it works just fine as far as I can tell:) I ran it with -xx and used radtest to authenticate a user and it was successful. I'm going to make it my live system hopefully late tonight. The only thing I'll need to test once the system is live is the Simultaneous-Use via sql. I have Simult-Use setup to work the same as my current version, but I need to have users already logged in to know for sure if it works. Thanks for the help! Nick -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Installing Freeradius on Debian
So one think to keep in mind when splitting out the modules: if the module is not being installed, do not try to use it in radius.conf. You will probably want to work some sed magic to (un)comment the modules in the auth type sections at the bottom of the radius.conf based on which modules are installed. Interesting point... I might have to go fix it so that failing to start the server doesn't cause installation failure... To my mind server start failure is probably not so bad 'cause I suspect an unconfigured RADIUS server would not be a pleasant thing to have running. Actually it just occurred to me, I don't think the server should start on install. It would start a non-configured service on a potentially live system, potentially with all modules loaded. On the other hand, the idea of the default config is to have a running server as easily as possible, so I might indeed have to comment out those modules (ldap, krb5) which are split out but referenced by default... I can't do that in the main server CVS, it'll have to be a change in a Debian-local .diff.gz. So it'll have to wait until we're actually in Debian. If you want to be able to have a running system as easily as possible, does that imply the installation script should attempt to start the service? I think it should just configure it to be able to run, and then allow the user to start it when they are ready to. Funnily enough, these are the first two changes after 0.71's release, which was the last version in Debian and what I presume you used to be running. Yes I am running a source install from around the 0.71 time frame. There haven't been any changes that effect me, so I didn't see a good reason to upgrade. Now I am setting up a new server, I figured it would be a great time to get the latest version running. Thanks! Nick -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Installing Freeradius on Debian
If anyone else wants to use the debian packages I created from the 20030930 snapshot, you can find them here: http://www.mrtizmo.com/freeradius/ I removed these modules: rlm_dbm rlm_eap rlm_krb5 rlm_ldap rlm_mschap rlm_ns_mta_md5 rlm_x99_token Have fun! Nick -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Installing Freeradius on Debian
I have been using freeradius since 0.3 installed from source and I wanted to give the debian package a try. I did not see a freeradius package in unstable nor testing. Is freeradius still changing too fast for debian? Not anymore, I feel. The prospective Debian packaging of 0.9.1 is with the prospective sponsor, so hopefully in time for Sarge's release... Lets hope so! I'll just have to get my own .deb package to build for now then. I am building the debian package on a debian Woody stable system and am going to copy it over to a debian Sarge testing system. Wild. Any reason you're not building it on a testing system? I'd offer to do so, but my testing machine is also PowerPC, and so the packages probably aren't a lot of use to you. :-) I only have one system running testing and that is already setup to be a production server. I do not want to install any *dev or compiling packages on there. I figured that it would work fine if I build the packages on Woody and then installed them on Sarge. Sarge should have all of the required packages, but newer versions. So, it should still work. If I'm wrong on that assumption, please let me know! I found the instructions Paul H. wrote below along with his other post that has the patch to take iodbc out of the main freeradius package. I applied that patch with little trouble, and am now to the instructions in the email below. I'm still fielding good reasons to include that patch in the main package. :-) There're concerns about package-list-bloat, and I've yet to come up with a convincing argument that overrides that. I noticed while applying the patch was that it split iodbc out into it's own package, but didn't split out postgres, mysql, and ldap. If you are going to split out one, you should split them all (or at least most) out of the main package. Yes, I know that patch was only to split out iodbc, I'm just saying we should do an all or none scheme. A good way to do that would be to ask this question Is there more than one module that does a similar job as this module I am looking at? If yes, split out those modules into their own packages. If not, leave it as part of the main package. So, if you were looking at mysql, you would answer yes. Then you would split out mysql, postgresql, iodbc, and whatever other database modules there are. If you look at other server software that has a whole slew of modules, you will see many modules are broken out into their own packages. Examples: apache, php, mysql, postfix, perl So, lets add freeradius to that list. It will make the base package simpler. So, when a person wants to use a module they just grab the package containing said module. Here is another thought: If you break out the modules into separate packages, on installation of the main package you could present the user with a short menu to select which modules they would like to install. If they are installing in the debian mode where it doesn't ask the user for any input, just assume they selected all of them. My $0.02 towards that argument:) Here is the list I get: dpkg-checkbuilddeps: Unmet build dependencies: libltdl3-dev, libpam0g-dev, postgresql-dev, libgdbm-dev | libgdbmg1-dev, libldap2-dev, libsasl2-dev, libiodbc2-dev, libkrb5-dev I do not plan to use kerberos, ldap,nor postgres and I'm not so sure that I need libgdmg1 either. I use mysql for everything except the dictionaries. My question is: how can I remove some of the build dependencies for packages that I do not intent to use? libpam0g-dev is used by rlm_pam libgbmg1 is used by rlm_counter, rlm_gdbm and rlm_ippool postgresql-dev is for rlm_sql_postgresql libldap2-dev and libsasl2-dev are for rlm_ldap libiodbc2-dev is for rlm_sql_iodbc Why would this still be here if I already applied the iodbc patch? libkrb5-dev is for rlm_krb5 None of these build-dependancies are for the core daemon. The way I'd do it is remove those modules from the 'stable' file in src/modules or src/modules/rlm_sql/ depending on which modules they are. This step is basically optional, since it should skip that which it can't build. Then remove the entries for those things from debian/rules in the various 'for each' clauses. And remove the entries from the debian/control file. (ie. the opposite of the freeradius-iodbc patch you've already got. :-) Then remove the build-dependancies that trouble you so. Wow, what a pain in my behind! I can't wait for prebuilt debian packages. You'll need that libltdl3-dev, however. No way around it except building statically, and I dunno what that does to the build-dependancies, or the rlm_sql and rlm_eap modules. Good to know thanks! Nick -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org
Re: Installing Freeradius on Debian
. drwxr-xr-x4 507 postfix 4096 Sep 30 14:43 .. So there is a problem building mschap. I did an ls -al and the file is there, but it is a link to a file that does not exist. This command doesn't work: (cd . ln -s eap_mschapv2.lo eap_mschapv2.o) because the file eap_mschapv2.lo isn't there. Now, I'm going to prevent the building of mschap, but I thought someone might be interested in my findings. Thanks! Nick -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Installing Freeradius on Debian
The freeradius I downloaded is: freeradius-snapshot-20030930
My question is: how can I remove some of the build dependencies for
packages that I do not intent to use?
libpam0g-dev is used by rlm_pam
libgbmg1 is used by rlm_counter, rlm_gdbm and rlm_ippool
postgresql-dev is for rlm_sql_postgresql
libldap2-dev and libsasl2-dev are for rlm_ldap
libiodbc2-dev is for rlm_sql_iodbc
libkrb5-dev is for rlm_krb5
None of these build-dependancies are for the core daemon.
The way I'd do it is remove those modules from the 'stable' file in
src/modules or src/modules/rlm_sql/ depending on which modules they are.
This step is basically optional, since it should skip that which it can't
build.
Then remove the entries for those things from debian/rules in the various
'for each' clauses. And remove the entries from the debian/control file.
(ie. the opposite of the freeradius-iodbc patch you've already got. :-)
Then remove the build-dependancies that trouble you so.
You'll need that libltdl3-dev, however. No way around it except building
statically, and I dunno what that does to the build-dependancies, or the
rlm_sql and rlm_eap modules.
I followed your above instructions for removing unwanted modules and it
created and installed the .deb files just fine.
***
One thing to note, when installing the deb files with dpkg -i, it will try to
start the freeradius daemon. That failed because all of the modules that I
removed were still defined in radius.conf.
So one think to keep in mind when splitting out the modules: if the module is
not being installed, do not try to use it in radius.conf. You will probably
want to work some sed magic to (un)comment the modules in the auth type
sections at the bottom of the radius.conf based on which modules are
installed.
One other thing, if there is database module that is separate from the main
freeradius package, make sure to instruct the user to create the database and
modify sql.conf for things to work. It might be obvious to you and I, but
it will save some help questions!
I noticed a new change in sql.conf. My older version has these definitions:
1.
# simul_zap_query - query to close stale sessions where NAS
shows call
# - was disconnected, but no stop account packet
was received.
# - ( %s will be replaced with the appropriate
RadAcctId )
# - Leave blank or commented out to skip zapping
stale sessions
###
2.
simul_zap_query = DELETE FROM ${acct_table1} WHERE RadAcctId = '%s'
Why are these not in the new version?
I also noticed that this has been removed:
###
# Authentication Query
###
# This query is used only to get the password for the
# user we want to authenticate. The password MUST
# be the first field in the return row data.
# The 'Password' attribute is deprecated in favor of 'User-Password'.
###
authenticate_query = SELECT passwd,Attribute FROM ${authcheck_table}
WHERE userid = '%{User-Name}' AND ( Attribute = 'User-Password' OR Attribute
= 'Password' OR Attribute = 'Crypt-Password' ) ORDER BY Attribute DESC
I'm guessing this was removed because you cannot put the sql module in the
authentication section of radius.conf anymore, but I am not sure which sql
query takes its place. My guess is the authorize_check_query. If I am wrong
please correct me.
That's all for now. I'll test it more tomorrow.
Nick
--
Nick Davis
Associate Systems Administrator
[EMAIL PROTECTED]
Internet Exposure, Inc.
http://www.iexposure.com
(612)676-1946
Web Development-Web Marketing-ISP Services
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Installing Freeradius on Debian
I have been using freeradius since 0.3 installed from source and I wanted to give the debian package a try. I did not see a freeradius package in unstable nor testing. Is freeradius still changing too fast for debian? I am building the debian package on a debian Woody stable system and am going to copy it over to a debian Sarge testing system. The freeradius I downloaded is: freeradius-snapshot-20030925 I found the instructions Paul H. wrote below along with his other post that has the patch to take iodbc out of the main freeradius package. I applied that patch with little trouble, and am now to the instructions in the email below. When I run the command: dpkg-buildpackage -us -uc -b -rfakeroot I get a list of missing build dependencies like I am supposed to. Here is the list I get: dpkg-checkbuilddeps: Unmet build dependencies: libltdl3-dev, libpam0g-dev, postgresql-dev, libgdbm-dev | libgdbmg1-dev, libldap2-dev, libsasl2-dev, libiodbc2-dev, libkrb5-dev I do not plan to use kerberos, ldap,nor postgres and I'm not so sure that I need libgdmg1 either. I use mysql for everything except the dictionaries. My question is: how can I remove some of the build dependencies for packages that I do not intent to use? Is there a better way to do this now? Thanks! Nick On Friday 04 July 2003 01:35, Paul Hampson wrote: From: Aime Sent: Friday, 4 July 2003 1:27 AM Where can i find a step-by-step to install Freeradius on Debian ? - Packages that needs to be in place. - best way to proceed - etc... I dunno if there's one written, but here's what I do: Grab current CVS snapshot (or wait for 0.9) Extract tarball. Go into the directory, and run dpkg-buildpackage -us -uc -b -rfakeroot It should tell you what packages you're missing... If you're on Debian woody or Debian testing, you may be unable to fufill both libsasl2-dev and libopneldap-dev dependancies, so remove the '2' from the libsasl2-dev dependancy. Again run dpkg-buildpackage -us -uc -b -rfakeroot and you should get .debs in the directory above the current. That's basically it. I'm hoping that 0.9 will actually be part of Debian, so even this won't be neccessary unless you need something from CVS. -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Again problem with Simultaneous-Use
You should read the man page for users regarding the usage of =,:=, +=, etc... You usually need to use := with Simul-Use Nick On Wednesday 17 September 2003 09:25, Double wrote: why if I use Simultaneous-Use : testAuth-Type := Crypt-Local, Crypt-Password == $1$0MrvlCBQ$udnwuVmMLsn8GphGQQugF1, Simultaneous-Use = 1 Exec-Program-Wait = /usr/local/bin/start %u, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Routing = Broadcast-Listen, Framed-Filter-Id = std.ppp, Framed-MTU = 1500, Framed-Compression = Van-Jacobsen-TCP-IP I have a problem: Auth: Login incorrect [test/test] (from client condor port 0) if I don`t use Simultaneous-Use : testAuth-Type := Crypt-Local, Crypt-Password == $1$0MrvlCBQ$udnwuVmMLsn8GphGQQugF1 Exec-Program-Wait = /usr/local/bin/start %u, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Routing = Broadcast-Listen, Framed-Filter-Id = std.ppp, Framed-MTU = 1500, Framed-Compression = Van-Jacobsen-TCP-IP I have: Auth: Login OK: [qwerty/qwerty] (from client condor port 0) -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Missing rlm sql mysql
List, I know this thread is about dead, but I wanted to correct some things. On Monday 16 June 2003 11:35, [EMAIL PROTECTED] wrote: Hi Michael, The rlm_sql_mysql file is for building the mysql database. Under the /freeradius-0.8.1/src/modules/rlm_sql/drivers/rlm_sql_mysql directory you will find the configure file. Just run this script by entering ./configure and it will create your mysql database for you. rlm_sql is a module that freeradius uses to interact with databases. rlm_sql_mysql is a module that rlm_sql uses to interact with a mysql database. Running configure builds that module for you, it does not build the database. The database must by built by you, by hand! The tricky part is the fact that you must have the mysql development libraries installed on your system before these modules will build. The file ~/freeradius-0.8.1/src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sql is the file you pass into mysql to create the tables in the database for you. However, you must have created the database itself prior to trying to create the tables. If you look the the first few lines of db_mysql.sql you will see this: # db_mysql.sql rlm_sql - FreeRADIUS SQL Module # # # # Database schema for MySQL rlm_sql module# # # # To load:# # mysql -uroot -prootpass radius db_mysql.sql # This is assuming that you create a database called radius by hand before you run the above mysql command. The mysql libraries are kept in /usr/lib/mysql. The database is kept in /var/lib/mysql. Here you will find a directory for mysql and the mysql.sock driver file. If you create a new database, it will be stored in this directory under the database name. These above paths may be correct on your system, but different linux distributions and other OS's can have different paths. I don't want to sound like an a$$, I just wanted to make some clarifications. Hope this helps! Nick Kenneth L. Miller Information Technology Specialist CENWP-IM-C Portland, Oregon (503) 808-5056 -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Upcomming FreeRadius 0.9 release
Sir,
As I said in my message I downloaded the CVS snapshot i.e. the tarball. I
run debian and always do a source install, so the rpm fix is irrelevant for
me.
However, I'm sure your fix could help a Suse user though.
Thanks!
Nick
On Friday 13 June 2003 06:50, Alan Litster wrote:
Currently the script that builds the rpm package of FreeRADIUS does not
include the dictionary files as they are no longer in the /etc/raddb
directory. It's simply the case of adding the following to the %files
section in suse/freeradius.spec
# dictionary
%config /%{_prefix}/share/freeradius/*
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Nick Davis
Sent: 11 June 2003 17:31
To: [EMAIL PROTECTED]
Subject: Re: Upcomming FreeRadius 0.9 release
I just downloaded the CVS snapshotfreeradius-snapshot-20030611 .
Here is my
experience.
I compiled it with no erors. I installed it with no errors.
When I went to start radiusd it didn't start and the radius.log
had a message
telling me I was using an incorrect dictionary file. I looked at the
dictionary file in ~/snapshot-dir/raddb and found out that the dictionary
files are now installed in a different location.
I put my configs in /etc/raddb. So in my currently running
version all of the
dictionary files were in that folder. The new radius version puts the
dictionary files here: /usr/local/share/freeradius/dictionary
The end of the make install messages did not tell me the
dictionary files
were in a new location, nor inform me to update the INCLUDES in
/etc/raddb/dictionary to point to the new location.
So it might be good to put a message at the end of the make
install in the
WARNING section informing people of this.
This brings a question to mind. If radiusd has a set location
for the main
dictionary file, and that file just contains an include to the actual
dictionary files why not just put the INCLUDE line in the
radius.conf and get
rid of this extra step?
Once I fixed the dictionary file issue, radiusd started properly.
I then went and used radtest on a valid user and it worked correctly.
I am using mysql for my users and accounting. I know it can read the db,
because it accepted my radtest user. I'll just have to keep an eye on the
logs and watch for other random errors.
The dictionary file is a simple problem. Overall think freeradius is an
excellent product!
Thanks!
Nick D.
--
Nick Davis
Associate Systems Administrator
[EMAIL PROTECTED]
Internet Exposure, Inc.
http://www.iexposure.com
(612)676-1946
Web Development-Web Marketing-ISP Services
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Upcomming FreeRadius 0.9 release
I just downloaded the CVS snapshotfreeradius-snapshot-20030611 . Here is my experience. I compiled it with no erors. I installed it with no errors. When I went to start radiusd it didn't start and the radius.log had a message telling me I was using an incorrect dictionary file. I looked at the dictionary file in ~/snapshot-dir/raddb and found out that the dictionary files are now installed in a different location. I put my configs in /etc/raddb. So in my currently running version all of the dictionary files were in that folder. The new radius version puts the dictionary files here: /usr/local/share/freeradius/dictionary The end of the make install messages did not tell me the dictionary files were in a new location, nor inform me to update the INCLUDES in /etc/raddb/dictionary to point to the new location. So it might be good to put a message at the end of the make install in the WARNING section informing people of this. This brings a question to mind. If radiusd has a set location for the main dictionary file, and that file just contains an include to the actual dictionary files why not just put the INCLUDE line in the radius.conf and get rid of this extra step? Once I fixed the dictionary file issue, radiusd started properly. I then went and used radtest on a valid user and it worked correctly. I am using mysql for my users and accounting. I know it can read the db, because it accepted my radtest user. I'll just have to keep an eye on the logs and watch for other random errors. The dictionary file is a simple problem. Overall think freeradius is an excellent product! Thanks! Nick D. On Wednesday 11 June 2003 09:27, Peter Nixon wrote: Hello List As Alan is going away on holidays, and no-one else was stupid enough to put up their hand, it seems that I am going to be the one rolling the new 0.9 release of FreeRadius. What this means is that we need everyone who can to test the current CVS snapshots available from ftp://ftp.freeradius.org/pub/radius/CVS-snapshots/ These should be in a pretty stable condition right now, but we need to get any remaining bugs ironed out before we release 0.9 in a few weeks time. So please download, compile and report any problems you might have. Cheering in the streets and yay it works posted to the mailing list will be taken as a sign that everything is ok, bug reports to the list (with system information please) will be taken as notice that we need to do some more work before release, and a deathly silence will be taken as a sign that no-one reads my emails :-) -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How do I dynamically insert and delete users with mysql?
Yes. If you put sql in your authorize section of radius.conf there should be no need to have users in the users file. Provided your sql.conf is setup correctly. Just make sure you comment out the files entry in your authorize section or put sql before files. One you are correctly using the user entries from the database, you can add and remove them on the fly. Nick On Tuesday 03 June 2003 16:41, Michael Davis wrote: I am using mysql to populate my users list but I still have to insert each user name into the users file in order for radius to recognize it. It there a way to set up a table in mysql and change a config setting so that I can insert users dynamically without having to use the users file at all? Thanks Michael -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: myql purge
On Monday 17 February 2003 08:46, Duane Barnes wrote: Does anyone have any radacct myql purge scripts. For example, say I only wanted to keep 45 days of accounting data in my mysql db. Here is the one that I use in my cron.monthly. It is run once a month and deletes everything that is older than 1 month. Modify to suit your needs. #! /bin/bash echo delete from radacct where AcctStartTime date_sub(now(),INTERVAL 1 MONTH); | mysql -uUSERNAME -pPASSWORD DATABASE_NAME The above should all be in one line, I'm sure the email system will word wrap it! Nick -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mysql neat trick
I just figured this out and thought some others might benefit from it! Here is how you dump database(s) on one server into a database on another server! mysqldump --opt -a LOCALDBNAME [LOCALTABLE1 [LOCALTABLE2]] -u USER -pPASSWORD | mysql --host=REMOTEHOST REMOTEDBNAME -u USER -pPASSWORD See man mysqldump and man mysql for further options! I am going to use this for periodic updates from the main mysql server to the backup mysql server. Much simpler than dumping the database on the main server, ftp/scping it to the backup server, then inserting it into the backup db. Enjoy! Nick -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[OT] Re: mysql neat trick
Yes, I am aware of doing Replication. Due to some system issues, I cannot do that. That is why I am happy to use that nice long command I found in the mysqldump man page. Thanks for the idea though! Nick On Friday 31 January 2003 18:10, Jonathan Hassell wrote: ...which is also described on pp. 111-112 of the RADIUS book. Replication is a lot easier to control and use. -Original Message- From: Pete [mailto:[EMAIL PROTECTED]] Why not just backup the db using it's replication features: http://www.mysql.com/doc/en/Replication.html Pete -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL Authorization / Authentication
Shannon, My users file isn't very large. I'm not going to pretend to know what most of this means, but suffice it to say that I don't have any dial-in users, so I'm not sure that the PPP, CSLIP, or SLIP parts apply. If they don't, should I comment them out? If there is something in your user file that is not being used, you can comment it out, delete it or just leave it. If it's not being used, it is just ignored. My users file looks just like yours, however I don't use it so it really doesn't matter. Also, I don't think the Default Auth-type should be System, but I didn't see any other option, besides Reject. Is there an SQL option? Auth-Type could be System, Reject, sql or a few others too. You base that on what is in the Authorize section of radius.conf. I think you might not be understanging what Alan said in his previous post. Look through the SQL configuration, seeing why the user doesn't match. This means look at sql.conf and see how the username and password are entered into the sql queries. Are the queries missing something? I'd suggest debugging it with the 'users' file first, though. Get the config working for the user, and then move it over to SQL. That way you're tracking down one problem at a time. This does NOT mean, look at the users file to see what might be wrong with it. It does mean that if you can't get it to work with sql right away, comment out sql in the Authorize and Accounting sections of your radius.conf, and use files instead to get radius working in the first place. Once you know it is working and understand what is going on, then you can move on to a more difficult scenario... using sql. Nick -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: re: rlm_sql errors
Shannon, Which options should I pass? I install all the MySQL parts (including devel) to their default places... the configuring and the compiling don't give me any errors, so I'm assuming it found mysql and enabled support for it. --with-mysql-include-dir=DIRDirectory where the MySQL includes can be found --with-mysql-lib-dir=DIRDirectory where the MySQL libraries can be found --with-mysql-dir=DIRBase directory where MySQL is installed --with-thread-pool Use a pool of threads for high-load systems. (default=no) ***very important to turn on*** --localstatedir=/varDirectory for logfiles [LOCALSTATEDIR/log] Here is what I use on a debian machine. Just change the paths to match your file locations. ./configure --localstatedir=/var --sysconfdir=/etc --with-thread-pool --with-mysql-include-dir=/usr/include/mysql/ --with-mysql-lib-dir=/usr/lib/ --with-mysql-dir=/usr/bin/ Where are the mysql shared libraries installed by default? I'm not exactly a mysql expert... This has nothing to do with being a mysql expert. It has to do with being a system admin and knowing how your system works. I don't know if you are new to linux or what.. but here it how to find out the answer to this question: try this: rpm -ql package name It will list all files and their locations that came from that rpm. If you don't know what it is expecting for package name, try this rpm -qa | grep mysql It will list all packages with mysql in their name:) Read man rpm for more info! Nick -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: re: rlm_sql errors [OT] how to use RPM
Shannon, try this: rpm -ql package name It will list all files and their locations that came from that rpm. It doesn't give me back any information at all, except on builds that were installed by the system when it was first built. If this is in fact true. Your rpm database is corrupt. EVERY rpm you install should get added to the rpm database. This means that these commands I told you to run, should give your current information on what mysql packages are installed. Note this only works for packages installed via rpm. If you don't know what it is expecting for package name, try this rpm -qa | grep mysql It will list all packages with mysql in their name:) Read man rpm for more info! Nick 'rpm -qa | grep mysql ' gives me only 3 packages... those packages were installed at build time. And before you ask, yes, I DID install all the mysql packages, and all of them are working (I can access the databases both at the machine and remotely). Is there any other command that I might not have thought of to give me information on an rpm that I've installed? What 3 packages? The only command that will give you information on rpms you have installed is rpm itself. Read through it's man pages for more details. You might try: rpm --rebuilddb to rebuild rpms database. Nick -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Restarting radiusd remotly
We have side stepped this problem by using MySQL for everything that could change, instead of the local files. When you add/remove users etc. from the database, there is no need to restart radiusd. Not sure if that helps you, but that is one way around that problem. Nick On Wednesday 15 January 2003 09:47, Dickon Newman wrote: Again, I've tried to search the archives without much luck. I have multiple radius boxes (FreeBSD), and currently use rsync to update the users file (and others). However, I need to restart radiusd to notice the changes in the files. I can make a script that sends a kill -9 locally, but what about remotely? Root cannot ssh, and normal users cannot send a kill -9 to a root process? Has anyone else had this problem? I understand that proxying may be a better approach, however, I have to work within certain constraints :-/ Dickon... -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error attribute 87 - permission denied?
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.10.254.252/detail-20030107
rlm_detail: Failed to create directory
/usr/local/var/log/radius/radacct/10.10.254.252: Permission denied
It tells you right here exactly what is wrong. Radius is trying to log to this
directory, but you didn't set the permissions on this directory such that it
can write files here! Radius needs to have write permission to the radacct
directory specified above, and it needs rx permission to all directories
above that!
Nick
--
Nick Davis
Associate Systems Administrator
[EMAIL PROTECTED]
Internet Exposure, Inc.
http://www.iexposure.com
(612)676-1946
Web Development-Web Marketing-ISP Services
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mySQL with Groups
: group authorize returns ok auth: type Local auth: user supplied User-Password matches local User-Password Login OK: [eaglevillage] (from client flyer port 0) -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re[2]: mySQL with Groups
If your radius.conf has files listed before sql in the authorize section, than your entries in mysql are irrelavant. So yes it's possible. However, if you have both the sql and files in the authorize section.. the one that overrides will depend on which :=, = equals symbol you are using.. read man 5 users for more info on that! Nick On Friday 04 October 2002 13:40, William Ragsdale wrote: On Fri, 4 Oct 2002 13:32:00 -0500 Nick Davis [EMAIL PROTECTED] wrote: To diable a group do this: #select * from radgroupcheck; ++---+--+++ | id | GroupName | Attribute| Value | op | ++---+--+++ | 21 | reject| Auth-Type| Reject | := | the all users with in the group reject will not be able to connect. You do not need an entry in radgroupreply for this group, but you can.. it doesn't matter. Atleast this works for me. You can change the GroupName from reject to whatever you want.. I just use this for simplicity sake. Nick Greetings, I have this, and it still ignorse the group. I'm not sute why, and have no idea why it isn't working. The only thing I forgot in my original posting is that I have Auth-Type = System in my users file. Could that be causing the problem? -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Odd thing happening...
On Wednesday 21 August 2002 13:26, Mark Hennessy wrote: Framed-IP-Address := 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, How can it work with that netmask? That seems wrong to me. That netmask leaves no IP addresses left for use. Nick Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: HELP Please...
It looks like it is the port number on the NAS where that user is connected to. Nick On Tuesday 20 August 2002 05:27, stuartc wrote: Just going throught these logs Can someone tell me please what the /S means on the end of each log. Thanks Stu Tue Aug 20 04:05:28 2002: Auth: Login OK: [0161010] (from nas 17.0.64.102/S20309) Tue Aug 20 04:05:47 2002: Auth: Login OK: [01-004E967E-01-000E-0960-01BD8210-@dim] (from nas 17.0.64.102/S20088) Tue Aug 20 04:06:31 2002: Auth: Login OK: [0161012] (from nas 17.0.64.100/S20118) Tue Aug 20 04:06:49 2002: Auth: Login OK: [01-0017F2C9-01-007E-0960-0041B049-@dim] (from nas 17.0.64.100/S20145) Tue Aug 20 04:06:54 2002: Auth: Login OK: [0161032] (from nas 17.0.64.102/S20709) Tue Aug 20 04:07:03 2002: Auth: Login OK: [0161010] (from nas 17.0.64.102/S20223) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Override using DEFAULT
If you put Fall through = Yes on each of your users and then put the DEFAULTS below them in the users file, the DEFAULT will override what you have set per user. You might want to check out man 5 users for the proper usage of ==, := in this instance! If you have your users in mysql/postgresql? You could put the users in the sql table and then the Defaults in the users file and then have the users file parsed after the sql tables. Nick On Tuesday 20 August 2002 09:52, Mark Hennessy wrote: For the purposes of maintaining as small a users database as possible, I wanted to know if it was possible for a specific DEFAULT record's reply attributes to override any conflicting reply attributes of an individual user entry? Say I had the following user entries in the following format: foo Framed-Type = User, Framed-Address = 192.168.1.17 bar Framed-Type = User, Framed-Address = 192.168.1.18 Here are the defaults: DEFAULT Auth-Type := System, Framed-Protocol == PPP, Huntgroup-Name == local Service-Type = Framed-User, Framed-MTU = 1500, Framed-Netmask = 255.255.255.255, Framed-Compression = Van-Jacobson-TCP-IP, Framed-Routing = None, Idle-Timeout = 1200, Session-Timeout = 129600 DEFAULT Auth-Type := System, Framed-Protocol == PPP, Huntgroup-Name == roaming Service-Type = Framed-User, Framed-MTU = 1500, Framed-Address = 255.255.255.254, Framed-Netmask = 255.255.255.255, Idle-Timeout = 600, Session-Timeout = 28800 I would want foo coming in from the roaming huntgroup to lose their individually defined address and reply using the reply attribute under the default entry for the roaming huntgroup instead. -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius Newbee
Download the lastest snapshot. Read the README, the files in doc/*, and the files in raddb/*. Then you should understand everything you have just asked. If you have more questions, read through the past messages of this mailing list. All of your answers are there. Just look for them! Nick On Wednesday 14 August 2002 01:29, Stefan Hilfiker wrote: Hello all Im a newbee with FreeRadius. Now I have got any problems to configure the server. Finaly, I'd like to have the follow sitation: I have a firewall with one VPN-Key. It work, but 50 Clients with one VPN-Key is not controllably. The solution seems to me a Radius-server. Now is my question, how to configure this server? I have seen that I must use the users file, but I don't know how to add a new user for this job. And must I change any things on the *.conf Files? Thanks a lot and greets Stefan = Gesendet von Stefan Hilfiker ([EMAIL PROTECTED]) http://get.to/Stefhilfiker __ Gesendet von Yahoo! Mail - http://mail.yahoo.de Möchten Sie mit einem Gruß antworten? http://grusskarten.yahoo.de - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Auth-Type:=Reject troubles
To diable a group do this: #select * from radgroupcheck; ++---+--+++ | id | GroupName | Attribute| Value | op | ++---+--+++ | 21 | reject| Auth-Type| Reject | := | the all users with in the group reject will not be able to connect. You do not need an entry in radgroupreply for this group, but you can.. it doesn't matter. Atleast this works for me. You can change the GroupName from reject to whatever you want.. I just use this for simplicity sake. Nick On Monday 12 August 2002 14:52, Ruslan Balkin wrote: I have installed FreeRadius 0.6 and then FreeRadius 0.7 on our server. But, we now have a trouble - I need to disable one account. We use PostgreSQL for managing our users database. We made user-group frozen with Auth-Type:=Reject : radius=# SELECT * FROM radgroupreply WHERE groupname='frozen'; id | groupname | attribute | value | op +---+---++ 13 | frozen| Auth-Type | Reject | := (1 row) And also I inserted similar reply but for username 'baron': radius=# SELECT * FROM radreply WHERE username='baron'; id | username | attribute | value | op +--+---++ 18 | baron| Auth-Type | Reject | := (1 row) But it seems to me, it doesn't work: [baron@aqua baron]$ radtest baron xx localhost 0 testing123 Sending Access-Request of id 252 to 127.0.0.1:1812 User-Name = baron User-Password = \202G\341\304\022: \223\334\253\037(1q\031$ NAS-IP-Address = aqua NAS-Port-Id = 0 rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=252, length=20 (Result = Access-Accept). Then I took output of radiusd -X: [baron@aqua baron]$ cat query.sql SELECT id,UserName,Attribute,Value FROM radreply WHERE Username = 'baron' ORDER BY id; SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgro upreply.Value FROM radgroupreply,usergroup WHERE usergroup.Username = 'baron' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id; SELECT Value,Attribute FROM radcheck WHERE UserName = 'baron' AND ( Attribute = 'User-Password' OR Attribute = 'Crypt-Password' ) ORDER BY Attribute DESC; And here are results: [baron@aqua baron]$ psql radius postgres query.sql id | username | attribute | value +--+---+ 18 | baron| Auth-Type | Reject (1 row) id | groupname | attribute | value +---+---+ 13 | frozen| Auth-Type | Reject (1 row) value | attribute +--- xx | User-Password (1 row) Please tell me, how to disable one username or groupname? What am I doing wrong? If not, how to fix problem? Thanks for advice. -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Auth-Type:=Reject troubles
Sorry I hit Send before I was done.. I noticed that the sql query is looking for UserName and your table is called username. It is possible that your query is being ignored! Nick On Monday 12 August 2002 14:52, Ruslan Balkin wrote: I have installed FreeRadius 0.6 and then FreeRadius 0.7 on our server. But, we now have a trouble - I need to disable one account. We use PostgreSQL for managing our users database. We made user-group frozen with Auth-Type:=Reject : radius=# SELECT * FROM radgroupreply WHERE groupname='frozen'; id | groupname | attribute | value | op +---+---++ 13 | frozen| Auth-Type | Reject | := (1 row) And also I inserted similar reply but for username 'baron': radius=# SELECT * FROM radreply WHERE username='baron'; id | username | attribute | value | op +--+---++ 18 | baron| Auth-Type | Reject | := (1 row) But it seems to me, it doesn't work: [baron@aqua baron]$ radtest baron xx localhost 0 testing123 Sending Access-Request of id 252 to 127.0.0.1:1812 User-Name = baron User-Password = \202G\341\304\022: \223\334\253\037(1q\031$ NAS-IP-Address = aqua NAS-Port-Id = 0 rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=252, length=20 (Result = Access-Accept). Then I took output of radiusd -X: [baron@aqua baron]$ cat query.sql SELECT id,UserName,Attribute,Value FROM radreply WHERE Username = 'baron' ORDER BY id; SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgro upreply.Value FROM radgroupreply,usergroup WHERE usergroup.Username = 'baron' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id; SELECT Value,Attribute FROM radcheck WHERE UserName = 'baron' AND ( Attribute = 'User-Password' OR Attribute = 'Crypt-Password' ) ORDER BY Attribute DESC; And here are results: [baron@aqua baron]$ psql radius postgres query.sql id | username | attribute | value +--+---+ 18 | baron| Auth-Type | Reject (1 row) id | groupname | attribute | value +---+---+ 13 | frozen| Auth-Type | Reject (1 row) value | attribute +--- xx | User-Password (1 row) Please tell me, how to disable one username or groupname? What am I doing wrong? If not, how to fix problem? Thanks for advice. -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mysql freeradius0.07 reject users
The was I have this setup is this:
uncommnet preprocess and sql in my authorize section and comment out
everything else
uncomment authtype PAP{ PAP} in my authenticate section and in the modules
section and comment everything else in my authentication section, you can use
others of course CHAP etc...
With these declarations I do not use the users file.. assuming a properly
setup sql.conf.. You can check through the last few months of this list for
details on that. If you can't get it let me know.
Nick
rad_check_password: Found Auth-Type System
auth: type System WHAT IS THIS?
auth: Failed to validate the user.
Login incorrect: [smoke/kwon12] (from client localhost port 0)
It seems to be trying to use the database. And I can run a manual queries
on the database just with the user 'smoke' with out problem.
I have sql in the authorize section of radiusd.conf in between suffix and
files. These three things with the addition of preprocess are all that is
not commented out of this section.
The authenticate section has nothing uncommented in it. I tried to put
'sql' in there but get this radiusd.conf: SQL modules aren't allowed in
'authenticate' sections -- they have no such method.
The accounting section has sql in it.
Is there anything I need to do to the user file or make changes to the
radiusd.conf file. I want all users to be in the database only.
Thanks for the help,
rick
--
Nick Davis
Associate Systems Administrator
[EMAIL PROTECTED]
Internet Exposure, Inc.
http://www.iexposure.com
(612)676-1946
Web Development-Web Marketing-ISP Services
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: R: MySQL and simultaneous use check
On Tuesday 30 July 2002 09:29, Niccolo Rigacci wrote:
[EMAIL PROTECTED] wrote:
I want to add simultaneous access check so I uncommented
simul_count_query in sql.conf and added sql into session{} section
of
radiusd.conf.
From the radiusd log I see that the query is defined, but never used.
What
am I missing?
Are you using the 'Simultaneous-Use' attribute anywhere for that
user? If not, then the server will never do session checking.
DEFAULT Simultaneous-Use = 1
This is wrong, should be :=.
Read man 5 users
Nick
--
Nick Davis
Associate Systems Administrator
[EMAIL PROTECTED]
Internet Exposure, Inc.
http://www.iexposure.com
(612)676-1946
Web Development-Web Marketing-ISP Services
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and MySQL
On Tuesday 16 July 2002 02:56, Jorge Lanza wrote: Hi... I think I've managed to run my radius server and client, but only through the text files. Now I need to run it interacting with mysql. Any help, pleeeeee. And the accounting how does it work? If you read the documentation, the FAQ, and the past few weeks of this mailing list you will find all of those answers. You can search this mailing list via google groups if you want. Nick -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius on FreeBSD info
I came across this link on how to setup freeradius on FreeBSD. I just thought I'd post it in case it helps anyone! http://my.lostinfo.com/files_other/radius/ It was written just after 0.3 came out, but most of the info is still quite valid. Nick -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_sql_checksimul compile error
Here is the error I get when I run make on freeradius-snapshot-20020605 rlm_sql.c: In function `rlm_sql_accounting': rlm_sql.c:633: warning: pointer of type `void *' used in arithmetic rlm_sql.c: At top level: rlm_sql.c:811: `rlm_sql_checksimul' undeclared here (not in a function) rlm_sql.c:811: initializer element for `rlm_sql.methods[4]' is not constant gmake[6]: *** [rlm_sql.o] Error 1 gmake[6]: Leaving directory `/root/freeradius-snapshot-20020605/src/modules/rlm_sql' gmake[5]: *** [common] Error 1 gmake[5]: Leaving directory `/root/freeradius-snapshot-20020605/src/modules' gmake[4]: *** [all] Error 2 gmake[4]: Leaving directory `/root/freeradius-snapshot-20020605/src/modules' gmake[3]: *** [common] Error 1 gmake[3]: Leaving directory `/root/freeradius-snapshot-20020605/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/root/freeradius-snapshot-20020605/src' gmake[1]: *** [common] Error 1 gmake[1]: Leaving directory `/root/freeradius-snapshot-20020605' make: *** [all] Error 2 Does anybody have an idea how to get make to complete properly? Thanks! Nick -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with MySQL authentication
root@localhost# radtest radman2 testing localhost 10 sekret 2 NAS hostname Sending Access-Request of id 128 to 127.0.0.1:1812 User-Name = radman2 User-Password = \2529M\234\353,\006w\2657K\346m\301\022@ NAS-IP-Address = NAS hostname NAS-Port-Id = 10 Framed-Protocol = PPP rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=128, length=20 rad_decode: Received Access-Reject packet from 127.0.0.1 with invalid signature! ^^^ ^ output from radiusd -X [...] WARNING: Unprintable characters in the password. ? Double-check the shared secret on the server and the NAS! This WARNING says check my secret, but I know that is correct for sure. From Are you _really really_ sure you have your shared secret correct? Both the invalid signature error radtest gives and the warning from radiusd indicate that the shared secrets don't match. Could you paste the relevant section from raddb/clients.conf? You were correct in saying that I used an incorrect secret. I looked at my clients.conf and I saw that there are different secrets for localhost, and my NAS's. I guess I didn't understand that I needed to use the secret for localhost, I was using the secret for my NAS. Once, I used the secret for localhost, everything works great!! Thanks for the excellent support everyone! Nick -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
suggestion re: rad_lowerpair/rmspace_pair
I have the following in my radiusd.conf: lower_user = after lower_pass = after nospace_user = after nospace_pass = after According to the notes in that file # [...] If after, the server # will first auth using the values provided by the # user. If that fails it will reprocess the request # after modifying it as you specify below. In practice, I do not see the above statement as true. What I see is that it will always modify the password even if it was true in the first place. Here is what I see: modcall: group authtype returns ok modcall: entering group session modcall[session]: module radutmp returns ok modcall: group session returns ok Login OK: [radman2] (from client localhost port 0) rad_lowerpair: User-Name now 'radman2' rad_lowerpair: User-Password now 'testing' rad_rmspace_pair: User-Name now 'radman2' rad_rmspace_pair: User-Password now 'testing' Sending Access-Accept of id 246 to 127.0.0.1:1087 So, it was correct in the first place, and login was accepted, then it does the lowerpair and rmspace_pair after being accepted. Isn't that a waste? Am I interpreting this correctly? Not that this is of huge importantance, but if it doesn't work as advertised, I think it should be fixed. Nick -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with MySQL Auth-Type
Wow you have been most helpful!! Thanks! Also, if PAP can do cleartext, crypt and md5 passwords, why would anyone need to use Auth-Type := Local while using a sql database to store user names and pwds? Beats me :), less complexity perhaps? You can do both cleartext and standard unix crypted passwords with just the local auth-type which might be fine for some (most?) cases. That also removes the need of setting any auth-type at all, it appears to be set automatically if you have either Password or Crypt-Password set and no Auth-Type set. I've tried cleartext, crypt and md5 with PAP against latest cvs, and they all seem to work fine. On a side note, it seem that you should use Password, and not Crypt-Password with all three PAP encryption schemes, unlike with the local auth-type. One more question.. I thought it was recommended that we use User-Password instead of Password? Should I just stick w/ Password if I want to use PAP? I am starting out w/ clear passwords, but intend to switch to crypt in the near future. Thanks again! Nick -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with MySQL Auth-Type
Yes, you should use User-Password. However there's no real harm in using Password, so if it means rebuilding a db it's not worth it. update radcheck set attribute='User-Password' where attribute='Password'; The charms of sql :) Excellent thanks! Nick -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problems with MySQL authentication was Re: Problems with MySQL Auth-Type
secret on the server and the NAS! This WARNING says check my secret, but I know that is correct for sure. From the rest of the above messages I see that the password doesn't match. And from this [radman2/\340\\z] I can see that it is not comparing the correct password. Why does radtest always encrypt my password and how I can go about testing my radius setup if I cannot use radtest? Thanks for all your help thus far! Nick -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with MySQL Auth-Type
We're trying to set up a web front, where all of this stuff can be
changed without having to know any linux commands or mysql commands. I
have the web front basically done, but tying it into FreeRadius would be
nearly impossible from what I'm understanding. That means the password
needs to also be stored in one of the configuration files correct? Such
as clients.conf? Or is PAP just used to verify the password stored in the
SQL database?
Nono, you can store the password in the (per default) radcheck table in
the sql database. PAP (for example) is, like you said, only used to
verify the password returned from the sql module. PAP can check
cleartext, crypt and md5 passwords at the moment.
clients.conf is used for the secrets etc. for communicating with other
'clients', NAS'es etc, and has nothing to do with the actual user
authentication, i think you meant the 'users' file above.
You can also set the Auth-Type attribute in the radgroupcheck table if
you want to avoid the users file alltogether.
Ie. you never need to touch anything other then the sql database with
your web frontend.
I'm in the process of setting up something very similar (wanting to use the
database only). What you said above has me somewhat confused now.
If I set Auth-Type := PAP in my radgroupcheck table, I also need to set
authenticate{
authtype PAP {
pap
}
}
Is there anything else I need to do as far as authentication goes? Do I still
need to use the files module like radius.conf says:
# Uncomment the following if you want to support PAP and you extract user
# passwords from the user database (LDAP,SQL etc). You should use the files
# module to set Auth-Type to PAP for this to work.
because the files module looks for 'users' and 'acct_users'.
Also, if PAP can do cleartext, crypt and md5 passwords, why would anyone need
to use Auth-Type := Local while using a sql database to store user names and
pwds?
Have a great day!
Nick
--
Nick Davis
Associate Systems Administrator
[EMAIL PROTECTED]
Internet Exposure, Inc.
http://www.iexposure.com
(612)676-1946
Web Development-Web Marketing-ISP Services
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
configure options question
Hello,
I just wanted to check to see if anyone else noticed this.
In doc/README it states this:
To get the defaults that Cistron Radius used up to 1.5.4.3-beta18, use:
./configure --localstatedir=/var --sysconfdir=/etc
That means binaries will get installed in /usr/local/{bin,sbin},
manpages in /usr/local/man, configuration files in /etc/raddb,
and logfiles in /var/log and /var/log/radacct.
If I run configure with these flags:
./configure
--with-localstatedir=/var --with-sysconfdir=/etc --with-thread-pool
--with-mysql-include-dir=/usr/include/mysql/ --with-mysql-lib-dir=/usr/lib/
--with-mysql-dir=/usr/bin/
The localstatdir and sysconfdir flags seem to get ignored. The result is this:
binaries will get installed in /usr/local/{bin,sbin}
manpages in /usr/local/man
configuration files in /usr/local/etc/raddb
logfiles in /usr/local/var/log and /usr/local/var/log/radacct
pid file in /usr/local/var/run
I then went and edited the configure script and changed them myself:
sysconfdir='${prefix}/etc' changed to sysconfdir='/etc'
localstatedir='${prefix}/var' changed to localstatedir='/var'
these changes gave the desired effect as described in doc/README
This leads me to a couple possible conclusions.
1) I am using the configure flags wrong
2) the localstatdir and sysconfdir flags are now ignored
3) I am misunderstanding something
Can someone fill me in on the real reasons why it works this way?
Thanks and have a great day!
Nick
--
Nick Davis
Associate Systems Administrator
[EMAIL PROTECTED]
Internet Exposure, Inc.
http://www.iexposure.com
(612)676-1946
Web Development-Web Marketing-ISP Services
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: configure options question
Alan,
Thanks for the prompt response!
If I run configure with these flags:
./configure
--with-localstatedir=/var --with-sysconfdir=/etc --with-thread-pool
--with-mysql-include-dir=/usr/include/mysql/
--with-mysql-lib-dir=/usr/lib/ --with-mysql-dir=/usr/bin/
configuration files in /usr/local/etc/raddb
Which is the 'raddbdir', which SHOULD be set to '$(sysconfdir)/raddb'
So then, if I use the flag --with-sysconfdir=/etc, my raddbdir should now be
/etc/raddb and not ${prefix}/etc . Also, since I use
--with-localstatedir=/var, my localstatedir should be /var and not
${prefix}/var. Is that correct? That is what makes sense to me, but here is
what happens when I run configure with those flags:
*** from the Make.inc.in ***
# Location of files.
prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = ${prefix}/var
libdir = ${exec_prefix}/lib
bindir = ${exec_prefix}/bin
sbindir = ${exec_prefix}/sbin
mandir = ${prefix}/man
logdir = ${localstatedir}/log/radius
raddbdir= ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
This is why I think that either:
1)I am not understanding something, and the /usr/local must always be there
even if I use those two flags.
or
2)Those two flags are being ignored.
logfiles in /usr/local/var/log and /usr/local/var/log/radacct
pid file in /usr/local/var/run
I then went and edited the configure script and changed them myself:
sysconfdir='${prefix}/etc' changed to sysconfdir='/etc'
localstatedir='${prefix}/var' changed to localstatedir='/var'
these changes gave the desired effect as described in doc/README
This leads me to a couple possible conclusions.
1) I am using the configure flags wrong
Did you 'rm -f config.cache'? The configure script does weird
things with the cache.
I did a fresh tar xvzf freeradius-snapshot-20020503.tar.gz and then ran the
above configure and flags.
It's not that I am unable to change the configure script myself, because I did
that and I already have the radius server up and running. I just want to make
sure that the configure script flags work properly for everyone else, just
in case there was an error in there somewhere.
Another thing I noticed. While installing freeradius it also installs
libltdl from the libtool set which radiusd needs. This is fine, but it
installed libltdl.* in /usr/local/lib/ and /usr/local/lib was not in my
ld.so.conf, so radiusd couldn't run. I fixed it for my install but, should
something in the configure, make, or make install sequence check my
ld.so.conf to see if that path is valid and possibly add it and run ldconf?
Or is that beyond what the install sequence should be checking for?
Thanks!
Nick
--
Nick Davis
Associate Systems Administrator
[EMAIL PROTECTED]
Internet Exposure, Inc.
http://www.iexposure.com
(612)676-1946
Web Development-Web Marketing-ISP Services
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: configure options question
On Monday 06 May 2002 14:37, Alan DeKok wrote:
Nick Davis [EMAIL PROTECTED] wrote:
That is what makes sense to me, but here is
what happens when I run configure with those flags:
*** from the Make.inc.in ***
# Location of files.
prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
Uh, NO.
The 'Make.inc.in' file is a file which is processed by 'configure',
to generate 'Make.inc'. The distribution version of Make.inc.in says:
# Location of files.
prefix = @prefix@
exec_prefix = @exec_prefix@
sysconfdir= @sysconfdir@
Where the @prefix@, etc. are edited by configure, to generate
Make.inc.
Look at Make.inc. It SHOULD be correct.
Alan DeKok.
Oops, I wrote Make.inc.in above when I meant Make.inc
Here is a head of each file.
hostname:~/work/freeradius-snapshot-20020503# head -20 Make.inc.in
#
# Make.inc.in
#
# Version: $Id: Make.inc.in,v 1.39 2002/04/24 20:15:17 aland Exp $
#
# Location of files.
prefix = @prefix@
exec_prefix = @exec_prefix@
sysconfdir = @sysconfdir@
localstatedir = @localstatedir@
libdir = @libdir@
bindir = @bindir@
sbindir = @sbindir@
mandir = @mandir@
logdir = @logdir@
raddbdir= @raddbdir@
radacctdir = @radacctdir@
top_builddir= @top_builddir@
hostname:~/work/freeradius-snapshot-20020503# head -20 Make.inc
#
# Make.inc.in says Make.inc.in eventhough the file is Make.inc??
#
# Version: $Id: Make.inc.in,v 1.39 2002/04/24 20:15:17 aland Exp $
#
# Location of files.
prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = ${prefix}/var
libdir = ${exec_prefix}/lib
bindir = ${exec_prefix}/bin
sbindir = ${exec_prefix}/sbin
mandir = ${prefix}/man
logdir = ${localstatedir}/log/radius
raddbdir= ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
top_builddir= /root/work/freeradius-snapshot-20020503
Any ideas?
Nick
--
Nick Davis
Associate Systems Administrator
[EMAIL PROTECTED]
Internet Exposure, Inc.
http://www.iexposure.com
(612)676-1946
Web Development-Web Marketing-ISP Services
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
compile errors due to rlm_counter.c?
I downloaded the CVS snapshot freeradius-snapshot-20020225 and went to compile it with these flags: ./configure --localstatedir=/var --sysconfdir=/etc --with-thread-pool --with-mysql-include-dir=/usr/include/mysql/ --with-mysql-lib-dir=/usr/lib/ --with-mysql-dir=/usr/bin/mysql/ the configure went perfectly. The problems came when I started the make. Here are the errors that it reported: rlm_counter.c: In function `counter_instantiate': rlm_counter.c:330: `GDBM_NOLOCK' undeclared (first use in this function) rlm_counter.c:330: (Each undeclared identifier is reported only once rlm_counter.c:330: for each function it appears in.) rlm_counter.c:336: warning: implicit declaration of function `gdbm_fdesc' rlm_counter.c: In function `counter_accounting': rlm_counter.c:384: `GDBM_NOLOCK' undeclared (first use in this function) rlm_counter.c: In function `counter_authorize': rlm_counter.c:517: `GDBM_NOLOCK' undeclared (first use in this function) make[6]: *** [rlm_counter.o] Error 1 make[6]: Leaving directory `/root/freeradius-snapshot-20020225/src/modules/rlm_counter' make[5]: *** [common] Error 1 make[5]: Leaving directory `/root/freeradius-snapshot-20020225/src/modules' make[4]: *** [all] Error 2 make[4]: Leaving directory `/root/freeradius-snapshot-20020225/src/modules' make[3]: *** [common] Error 1 make[3]: Leaving directory `/root/freeradius-snapshot-20020225/src' make[2]: *** [all] Error 2 make[2]: Leaving directory `/root/freeradius-snapshot-20020225/src' make[1]: *** [common] Error 1 make[1]: Leaving directory `/root/freeradius-snapshot-20020225' make: *** [all] Error 2 ___ Does anyone have any ideas on how to get this to finish the make? I really don't need the counter module, so I am going to try commenting it out and seeing if it will then finish the make. I just wanted to see if there was something else that I might be doing wrong. I am compiling this on a debian 2.2 system. -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: compile errors due to rlm_counter.c?
grumble It's obviously too much for me to expect that gdbm doesn't have massive variations between versions. Upgrade your gdbm libraries header files. The latest version is 1.8 The alternative is to go back to the previous version of the 'counter' module. I'll try to put an update in tonight. Alan DeKok. It looks like gdbm is not very well maintained. Here is what I found while searching for a 1.8 debian package... gdbm (1.7.3-27) unstable; urgency=low * No 1.8 yet because a) the soname has changed, making packaging it less trivial, b) the upstream changes are not hugely important and c) 1.8 appears after 5 years of upstream inactivity and has since been followed by another 18 months of upstream inactivity despite some trivial and annoying build bugs in 1.8 which must hit almost everyone who tries to build it from source. * Migration warnings are left unchanged as a result of (c) above. This is from the changelog.Debian.gz file that comes with the debian package version 1.7.3-27 Just wanted to post this info as an FYI for everyone. -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius
Bret, The new version of free radius should have a web based frontend called dialup-admin with it. Not sure what all it does. but we should look into it. -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Errors with snapshot
Error: Accounting: logout: entry for NAS xxx.xxx.xxx.xxx port xx has wrong ID Error: rlm_sql: Stop packet with zero session length. (user 'thatguy', nas 'xxx.xxx.xxx.xxx') What do these errors mean? Is there a way to make it work properly? I have the USR Total Control for a NAS. The user that it is complaining about, is not even logged in. Then your NAS is broken. Does anyone know enough about NAS's to give me some hints on what causes this. Is there a way to fix it or will it do this forever. Thanks, Nick -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
how to log the number dialed
Hi, We are looking at setting up a second phone number to access our Total Control Unit. I was wondering if anyone has a good way to log what number a person dials when they are connecting?? I looked through the dictionary file and I see these attributes concerning Call: ATTRIBUTE Callback-Number 19 string ATTRIBUTE Callback-Id 20 string ATTRIBUTE Called-Station-Id 30 string ATTRIBUTE Calling-Station-Id 31 string VALUE Service-TypeCallback-Login-User 3 VALUE Service-TypeCallback-Framed-User4 VALUE Service-TypeCallback-NAS-Prompt 9 VALUE Service-TypeCall-Check 10 VALUE Service-TypeCallback-Administrative 11 VALUE Acct-Terminate-CauseCallback16 This leads me to wonder if I just need to log one of these attributes. I could just add a column to my sql table if need be. Or is there a better way? I am using the latest CVS snapshot of freeradius and logging to mysql. Thanks! -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
debug?
Hi,
I have a question..
Tue Sep 11 17:45:25 2001 : Debug: rlm_sql: Reserving sql socket id: 4
Tue Sep 11 17:45:25 2001 : Debug: rlm_sql: Released sql socket id: 4
Tue Sep 11 17:46:37 2001 : Debug: rlm_sql: Reserving sql socket id: 4
Tue Sep 11 17:46:37 2001 : Debug: rlm_sql: Released sql socket id: 4
Tue Sep 11 17:46:37 2001 : Debug: rlm_sql: Reserving sql socket id: 4
Tue Sep 11 17:46:37 2001 : Debug: rlm_sql: Released sql socket id: 4
Why does radiusd.log have 4 of these for every minute? I am running radiusd
-y and logging to mysql, Freeradius 0.2, slackware 7.0.
In my sql.conf I have:
# Print all SQL statements when in debug mode (-x)
sqltrace = no
sqltracefile = ${logdir}/sqltrace.sql
Thanks,
Nick
--
Nick Davis
Associate Systems Administrator
[EMAIL PROTECTED]
Internet Exposure, Inc.
http://www.iexposure.com
(612)676-1946
Web Development-Web Marketing-ISP Services
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: compile w/ mysql
I now have freeradius running and loading the mysql module, but it
doesn't actually write log entries to the database. I installed db_mysql.sql
into the mysql database. I can see radiusd log in to mysql, but it does not
make any log entries into the database. Users still authenticate just fine
and the logs go to /var/log/radacct/ipaddy/detail
and
/var/log/radius.log
Here is what I have in my logs referring to sql:
Info: rlm_sql: Driver rlm_sql_mysql loaded and linked
Info: rlm_sql: Attempting to connect to root@xxx:/dbname
Debug: rlm_sql: Connected new DB handle, #0
Debug: rlm_sql: Connected new DB handle, #1
Debug: rlm_sql: Connected new DB handle, #2
Debug: rlm_sql: Connected new DB handle, #3
Debug: rlm_sql: Connected new DB handle, #4
I might be missing something simple. Here is where radiusd -xx shows
where it is set to log:
Module: Instantiated files (files)
Module: Loaded detail
detail: detailfile = /var/log/radacct/%{Client-IP-Address}/detail
detail: detailperm = 384
detail: dirperm = 493
Module: Instantiated detail (detail)
It looks like I need to tell radiusd that it needs to use mysql for the
details logs, but how do I do that?
Can someone provide some insite for me? Does anyone have a radiusd.conf that
works with mysql, that I can use for reference?
Thanks,
Nick
--
Nick Davis
Associate Systems Administrator
[EMAIL PROTECTED]
Internet Exposure, Inc.
http://www.iexposure.com
(612)676-1946
Web Development-Web Marketing-ISP Services
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: compile w/ mysql
Here is what the output of the ./configure script says: checking for mysql/mysql.h... yes checking for mysql_init in -lmysqlclient... no configure: warning: mysql libraries not found. Use --with-mysql-lib-dir=path. configure: warning: sql submodule 'mysql' disabled Here is the command that I am trying to run: ./configure --with-thread-pool --with-mysql-include-dir=/usr/include/mysql/ --with-mysql-lib-dir=/usr/lib/mysql/ --with-mysql-dir=/usr/bin/ I finally figured this one out. It seems that when I installed the mysql.gz slackware package that the slackware packagetool pkgtool didn't check the dependencies. This lead to the problem that when the configure script from freeradius tried to check for mysql_init in the libmysqlclient that the glibc version was wrong, so it couldn't work. I then compiled mysql from source and did the same configure script that I was trying to do all along and it worked fine:) Alan, thanks for the help. If anyone has any tips on using mysql w/ freeradius or any neat scripts to monitor usage, my ears are open. Nick -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: compile w/ mysql
I am trying to compile freeradius-snapshot-20010730 with mysql. For some reason I am unable to get it to work properly. I hope someone can assist me with this problem. Here is what the output of the ./configure script says: checking for mysql/mysql.h... yes checking for mysql_init in -lmysqlclient... no configure: warning: mysql libraries not found. Use --with-mysql-lib-dir=path. configure: warning: sql submodule 'mysql' disabled Here is the command that I am trying to run: ./configure --with-thread-pool --with-mysql-include-dir=/usr/include/mysql/ --with-mysql-lib-dir=/usr/lib/mysql/ --with-mysql-dir=/usr/bin/ After doing the top-level compile, try doing: cd src/modules/rlm_sql/drivers/rlm_sql_mysql ./configure --with-mysql-include-dir=/usr/include/mysql/ --with-mysql-lib-dir=/usr/lib/mysql/ --with-mysql-dir=/usr/bin/ The output of this is the same as I get from the top-level compile. Is there a way I can just make it work? Can I edit the Makefile such that it will make the mysql module and work properly? Do you have any other ideas? Thanks for the help thus far! -- Nick Davis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
