Re: Auth: Login incorrect:
Joe Bonow wrote: >After searching the limited archive I am unable to find info on how > to have the Login Incorrect return the name of the nas that the login > failed on. The CVS version has support for a "postauth_query" stanza in sql.conf which allows you to insert any value you want in the SQL query : the User-Name, the User-Password and the NAS-IP-Address for example. See raddb/sql.conf and doc/Post-Auth-Type to use this feature. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 093 Crashes with unknown tokens
Greg G wrote: > How would you recommend that I do that? The file will parse > correctly. And it's not something that should be a *fatal* mistake. > It's not really a mistake, either. We use some custom items now and then. If despite what you said you're still using FreeRADIUS, you could use the script check-radiusd-config each time you update your config files and then avoid stopping an already running server. I think the script check-radiusd-config is installed in the same time with radiusd, or you can find it in the source tarball in the directory freeradius-0.9.3/scripts -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius API
Rajeev Agrawala wrote: > I have to write a module and radius client to talk to freeradius server. > I looked around for radius client/module API using freeradius library > but could not find anything comprehensive. See http://www.freeradius.org/radiusd/doc/module_interface -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: about duplicated attribute in freeradius
Kenneth Lee - Pacific Supernet Ltd wrote: > recently, i have tried to add Cisco-Avpair attribute in the users file, it > works fine when there is only one Cisco-Avpair attribute, however, if > there are multiple Cisco-Avpair attributes, ONLY the first one is sent to > the RAS. is that the bug for freeradius? how can i solve the problem? Look for operator += in the freeradius documentation. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: failed logins
Doron Shmaryahu wrote: > After much trying I have finally got freeradius on Freebsd with mysql > all working. The dialup admin interface is working. The only thing is > that it does not log failed login's. Can anyone give me a idea ?? With the CVS version you can add a post-auth query in your config. In your case, add in your sql.conf: sql { [lots of things...] postauth_table = "radpostauth" postauth_query = "INSERT into ${postauth_table} (id, user, pass, reply, date) values ('', '%{User-Name}', '%{User-Password}', '%{reply:Packet-Type}', NOW())" } And in radiusd.conf: post-auth { Post-Auth-Type REJECT { sql } } The table structure for table 'radpostauth' is in src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sql -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Small mod
En réponse à Olmo Gonzalez : > Thanks for your reply Paul, it will surely save me time and work. I > was wondering if there is some kind of "map" which explains how > freeradius is structured and that could help me get a global view of > the server + modules. Have a look at: http://www.freeradius.org/radiusd/doc/module_interface -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
init.d script (Was: Installing Freeradius on Debian)
Paul Hampson wrote: > > From: Nick Davis > > Sent: Wednesday, 1 October 2003 7:48 AM > > > One thing to note, when installing the deb files with dpkg -i, it > > will try to start the freeradius daemon. That failed because all > > of the modules that I removed were still defined in radius.conf. > > Interesting point... I might have to go fix it so that failing to > start the server doesn't cause installation failure... To my mind > server start failure is probably not so bad 'cause I suspect an > unconfigured RADIUS server would not be a pleasant thing to have > running. As an other possibility you might call check-radiusd-config in the debian init.d script before starting the serveur. The init.d script of Apache (for example) do that. It could be wise to call check-radiusd-config too before doing a reload. If radiusd.conf is broken we don't stop a already running server. Looking at the source of check-radiusd-config I think it doesn't proceed properly, or to be more accurate, it doesn't do what I expect it to do. It should _only_ test the config, but it launch the whole server on port 32768 (including instantiating modules, opening db connexions, etc.) and kill it 2 sec later. I think FreeRADIUS should provide a -t option (like Apache) to test its configuration file. It's a trivial thing to do. I'm going to do it very soon (so it may go in 0.9.2) and post a patch on the -devel mailing list. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to access authorization database from a different RLM than rlm_sql
Dave Mason wrote: > Thanks to you and Alan for the tips. I'll check the latest CVS. > Hopefully there is something in the doc directory or sql.conf comments > about the new behavior? In any case I can study the code. Sorry about > the HTML earlier, I forgot to turn it off. There is a sample query in sql.conf and some useful info about calling the module in doc/Post-Auth-Type. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to access authorization database from a different RLM than rlm_sql
Dave Mason wrote: > Beurk! It's really unreadable with my mail user agent. Please don't do it anymore. > Wow - that sounds great. I'd like to avoid having a second client > connection to the database. You were right - after my new RLM module > successfully authenticates a user, it needs to drop some things in > the sql database for a subsequent RADIUS Access-Request. That > request will be a normal username/password request, auth-type > Local. As you might guess I have a few more questions... Get the CVS version. From today there is a "postauth_query" support. Perhaps you don't have to write a new module or patch rlm_sql after all. Just put in your sql.conf a line postauth_query = "INSERT into radcheck (UserName, Attribute, op, Value) values (%s1, %s2, %s3, %s4)" -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [Patch] SQL authentication logging
Paul Hampson wrote: > > I think it'd be better to have a separate patch to fix > > sql_finish_query() usage everywhere and not only in > > rlm_sql_postauth() > > SOunds good. Are you going to make it call it always? I expect > such a function would be safe to call at any time... From memory, > the mySQL provides such a function, but its not implemented in > rlm_sql_mysql at the moment. I'll also have to look into that > sometime. mySQL provides a mysql_free_result() that you're supposed to call after a mysql_store_result(). So I'm thinking that: * sql_select_query() calls mysql_store_result() and therefore sql_finish_select_query() calls mysql_free_result() * sql_query() don't allocate supplementary resources so sql_finish_query() does nothing and it's just fine. Moreover (now that I read the entire source code) if you really want to call sql_finish_query() after a failed sql_query() I think the best place to do it is the function rlm_sql_query() in sql.c and not in a lot of different places in rlm_sql.c Since this issue has nothing to do with rlm_sql_postauth() I think you could safely commit the patch now. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: [Patch] SQL authentication logging
Paul Hampson wrote: > > > > With one minor change, to call > > > > (inst->module->sql_finish_query)(sqlsocket, inst->config); > > > > even for failed queries. (As is done in _some_ of the other > > > > sql_ function in rlm_sql.c. And PostgresSQL's docs also do > > > > it... Only postgres and Sybase (off hand, Oracle too maybe) > > > > actually implement the function anyway. > > > > I don't understand. There is a return RLM_MODULE_FAIL just above, > > so sql_finish_query() is not called on failed query. > > That's my point. My reading says it _should_ be. This certainly > needs to be cleaned up in other places too. I'm sorry, I've completely misunderstood your previous post. The fact is it's unclear when you should call sql_finish_query(). Looking more closely at rlm_sql.c I observed that: (i) after a failed rlm_sql_query() there no call to sql_finish_query() except in rlm_sql_accounting() (ii) sql_finish_query() may sometimes be called 2 times (see lines 812 and 815 for example) I think it'd be better to have a separate patch to fix sql_finish_query() usage everywhere and not only in rlm_sql_postauth() -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: porting to windows
son nguyen wrote: > how do you port freeradius to windows? See http://www.freeradius.org/radiusd/doc/CYGWIN -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: src/lib/smbdes.c and src/modules/rlm_smb/smbdes.c
Alan DeKok wrote: > "Paul Hampson" <[EMAIL PROTECTED]> wrote: > > > From: Nicolas Baradakis > > Sent: Thursday, 11 September 2003 7:56 PM > > > > Maybe it's a anecdotic question, but... > > > > > > I noted there's 2 source files with the same name and with little > > > differences. Is it in accordance with the expected behaviour ? [...] > > And the modules/rlm_smb file supplies two extra functions... Maybe > > modules/rlm_smb should be calling the code in libradius? > > Yes. [...] I was wondering if there were other doublons in the source, so I ran the following command $ find . -name \*.c -exec basename '{}' \; | sort | uniq -d log.c md4.c session.c smbdes.c smbencrypt.c valuepair.c Sometimes the files just happened to have the same name but have different purposes, sometimes I just can't tell. The interesting files are: src/lib/md4.c and src/modules/rlm_smb/md4.c src/lib/smbdes.c and src/modules/rlm_smb/smbdes.c (already discussed) src/modules/rlm_mschap/smbencrypt.c and src/modules/rlm_smb/smbencrypt.c -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [Patch] SQL authentication logging
Paul Hampson wrote: > > > The following patch allow for SQL logging after authentication. It > > > extends the rlm_sql module so now you can put one more query in your > > > sql.conf file. > > > > I'll commit this once either you tell me that it doesn't depend on > > Post-Auth-Type, or I commit the Post-Auth-Type patch. (Which I'm > > going to look at now.) Well, the patch will apply without a problem but it is much less interesting because you can query the db only if the authentication step is successful. For the hotline service for example (ie the bad guys who made me write this patch ^_^) it is much more useful to gather information about failed attempts. > > With one minor change, to call > > (inst->module->sql_finish_query)(sqlsocket, inst->config); > > even for failed queries. (As is done in _some_ of the other sql_ > > function in rlm_sql.c. And PostgresSQL's docs also do it... Only > > postgres and Sybase (off hand, Oracle too maybe) actually implement > > the function anyway. I don't understand. There is a return RLM_MODULE_FAIL just above, so sql_finish_query() is not called on failed query. > Bugger. That patch got boned as well. Can you either attach it to an > email for me, or put it up on a website so I can wget it? It's troubling because I don't copy / paste from my terminal but I do a M-x insert-file in the message. Never mind, I'll send the attached file to you. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Logging Failed Attempts to MySql database
Paul Hampson wrote: > There's only one issue for me to resolve, which is the same thing > holding up the documentation... What happens when there's no section > found or the Post-Auth-Type is not set? This is an issue for backwards > compatibility. :-) In this example: Post-Auth { foo_module Post-Auth-Type bar { bar_module } } The current behaviour experimented (I only lauched some tests, I didn't look at the source) * if Post-Auth-Type is not set then call foo_module * if Post-Auth-Type is set to "bar" then call bar_module only It sounds correct to me. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[Patch] SQL authentication logging
== '\0') + return RLM_MODULE_NOOP; + + /* Expand variables in the query */ + memset(querystr, 0, MAX_QUERY_LEN); + radius_xlat(querystr, sizeof(querystr), inst->config->postauth_query, + request, sql_escape_func); + query_log(request, inst, querystr); + DEBUG2("rlm_sql (%s) in sql_postauth: query is %s", + inst->config->xlat_name, querystr); + + /* Initialize the sql socket */ + sqlsocket = sql_get_socket(inst); + if (sqlsocket == NULL) + return RLM_MODULE_FAIL; + + /* Process the query */ + if (rlm_sql_query(sqlsocket, inst, querystr)) { + radlog(L_ERR, "rlm_sql (%s) in sql_postauth: Database query error - %s", + inst->config->xlat_name, + (char *)(inst->module->sql_error)(sqlsocket, inst->config)); + sql_release_socket(inst, sqlsocket); + return RLM_MODULE_FAIL; + } + (inst->module->sql_finish_query)(sqlsocket, inst->config); + + sql_release_socket(inst, sqlsocket); + return RLM_MODULE_OK; +} + /* globally exported name */ module_t rlm_sql = { "SQL", @@ -1086,7 +1131,7 @@ rlm_sql_checksimul, /* checksimul */ NULL, /* pre-proxy */ NULL, /* post-proxy */ - NULL/* post-auth */ + rlm_sql_postauth/* post-auth */ }, rlm_sql_detach, /* detach */ rlm_sql_destroy,/* destroy */ -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[Patch] Post-Auth-Type
est); return result; } $ cat doc/post-authentication The post-authentication step process the response before it's sent to the NAS. You should put there a list of modules to alter the reply or do some logging activities after the authentication step. These actions are defined in the "post-auth" section of the "radiusd.conf" file. For example, if you want to do server side IP pool management: post-auth { # Get an address from the IP Pool. my_ippool } The "post-auth" section may contain one or more "Post-Auth-Type" blocks to select between different lists of modules or between multiple instances of a module which have been configured differently. When the authentication step says the user the is rejected, the "Post-Auth-Type" attribute is overwritten with the value "REJECT". It gives the possibility to alter Access-Accept and Access-Reject replies with a different list of modules. Let's see an example where you want to give an IP address to authenticated users and write some info in a log file for rejected users. The "users" file should look something like this: DEFAULT Post-Auth-Type := dyn_ip And the "radiusd.conf" file: post-auth { Post-Auth-Type dyn_ip { # Get an address from the IP Pool. my_ippool } Post-Auth-Type REJECT { # Write a detailed log. my_detail } } -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Logging Failed Attempts to MySql database
Paul Hampson wrote: > > In fact I posted on freeradius-devel a set of patches: one adds > > support for "Post-Auth-Type REJECT" > > I'll get on to adding this to CVS over the weekend. Sorry, I've > been a little busy with the 0.9.1 release, and then the stuff I > was ignoring while worrying about the 0.9.1 release. :-) You don't have to apology. You did a great job with the 0.9.1 release and we (I and my coworkers in Cegetel) are really grateful. > There's only one issue for me to resolve, which is the same thing > holding up the documentation... What happens when there's no section > found or the Post-Auth-Type is not set? This is an issue for backwards > compatibility. :-) I read the patch again and I didn't see any problem. It looks for a "Post-Auth-Type REJECT" subsection before invoking rad_postauth() function. If not found, it keeps the previous behaviour: it doesn't do anything. > > and an other provides an "authlog_query" in sql.conf > > I'd have to go dig this patch up again, but wouldn't a postauth-query > work better? That way it's more general than just logging. The only > provisio is that the return value gets chucked, so INSERT, DELETE or > UPDATE are the only sensible options. You're absolutely right. It can do what you describe but I mess up the name of the option. It should be renamed "postauth_query". Minor things should be changed too (since Alan patched xlat.c later I have to modify the sample table I provided, and the sample query as well). I'm going to fix this and post the patch again as soon as possible. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: libpam not found
En réponse à Mark Moody : > I'm trying to install Freeradius 0.9.1 on a Debian system (2.4.30), > everything is fine except for the following: [...] > I've also tried it with --with-rlm-pam-lib-dir=/usr/lib and I get the > same result. I've searched the archives, and not found any clues, what > gives? If you're installing FreeRadius on a Debian system you should use the command `dpkg-buildpackage'. It will check the dependencies and invoke configure with the correct options. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS & MySQL40
andrew bogorodsky wrote: > rlm_sql/rlm_sql_mysql trouble undre FreeBSD: > > Making dynamic in rlm_sql_mysql... > gmake[5]: Entering directory > `/usr/ports/net/freeradius/work/freeradius-0.8.1/src/modules/rlm_sql/drivers/rlm_sql_mysql' > /usr/ports/net/freeradius/work/freeradius-0.8.1/libtool --mode=link cc > -module -export-dynamic -O -pipe -pthread -D_THREAD_SAFE -Wall > -D_GNU_SOURCE -DNDEBUG -I../.. -I../../../../include \ > -I/usr/local/include > -I/usr/ports/net/freeradius/work/freeradius-0.8.1/libltdl -o > rlm_sql_mysql.la -rpath /usr/local/lib sql_mysql.lo > -L/usr/local/lib/mysql -lmysqlclient -lz > rm -fr .libs/rlm_sql_mysql.la .libs/rlm_sql_mysql.* .libs/rlm_sql_mysql.* > cc -shared sql_mysql.lo -Wl,--rpath -Wl,/usr/local/lib/mysql/.libs > -Wl,--rpath -Wl,/usr/local/lib/mysql -L/usr/local/lib/mysql > /usr/local/lib/mysql/.libs/libmysqlclient.so -lz -lc -Wl,-soname > -Wl,rlm_sql_mysql.so.0 -o .libs/rlm_sql_mysql.so.0 > cc: /usr/local/lib/mysql/.libs/libmysqlclient.so: No such file or directory > gmake[5]: *** [rlm_sql_mysql.la] Error 1 > gmake[5]: Leaving directory > `/usr/ports/net/freeradius/work/freeradius-0.8.1/src/modules/rlm_sql/drivers/rlm_sql_mysql' > gmake[4]: *** [common] Error 1 > > What can be wrong? > FreeRADIUS can't work with MySQL4 ? 1. Did you try a more recent version of FreeRadius ? (0.9.1 has been released on 4 September) 2. What version of libtool are you using ? (actually FreeRadius won't build with libtool 1.5) -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Logging Failed Attempts to MySql database
Thor Spruyt wrote: > > The second point is you'll only get the login / password in the > > database. For example the hotline staff may need the Calling-Station-Id > > too. Therefore you need the rlm_sql module to execute the SQL query of > > your choice after authentication. > > After authentication might mean: after a successful authentication You're right. In fact I posted on freeradius-devel a set of patches: one adds support for "Post-Auth-Type REJECT" and an other provides an "authlog_query" in sql.conf This way you can log goodpass or badpass with distinct queries if you want to. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Logging Failed Attempts to MySql database
Alan DeKok wrote: > I would suggest configuring it to log to per-day and per-hour > 'detail' files, and then have a 'cron' job delete old files. I'm not > sure that there's any benefit to having authentication requests logged > permanently in a MySQL database. When you have multiple freeradius servers, you want to store authentication attempts in a database rather than a flat file. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Logging Failed Attempts to MySql database
Thor Spruyt wrote: > Drew Decker wrote: > > > Is it possible to log the failed attempts to a mysql database? I > > would like to develop a web interface for the technical support > > staff to let them view the Failed attempts with out having to > > teach them how to use SSH etc. If this is possible to do could you > > point me to a how-to or at least give me a little information on > > where to get started? Thanks for you help in advance > > Install msyslog. That's a syslog server to replace the standard > syslog server. Msyslog can put all syslog messages in a MySql > database after which you can extract the necessary info from the > database. The first point is you'll get a lot of useless data, but that's not an important issue. The second point is you'll only get the login / password in the database. For example the hotline staff may need the Calling-Station-Id too. Therefore you need the rlm_sql module to execute the SQL query of your choice after authentication. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Logging Failed Attempts to MySql database
Drew Decker wrote: > Is it possible to log the failed attempts to a mysql database? I would like > to develop a web interface for the technical support staff to let them view > the Failed attempts with out having to teach them how to use SSH etc. If > this is possible to do could you point me to a how-to or at least give me a > little information on where to get started? Thanks for you help in advance I needed this too and I already made a patch. I posted the patch in the freeradius-devel mailing but nobody with CVS write access put it in FreeRadius. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
LGPL headers
oundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA + * + * Copyright 2000 The FreeRADIUS server project */ static const char rcsid[] = "$Id: print.c,v 1.20 2002/10/15 15:04:07 aland Exp $"; Index: src/lib/radius.c === RCS file: /source/radiusd/src/lib/radius.c,v retrieving revision 1.104 diff -u -r1.104 radius.c --- src/lib/radius.c3 Sep 2003 15:19:28 - 1.104 +++ src/lib/radius.c12 Sep 2003 08:46:19 - @@ -3,6 +3,21 @@ * * Version:$Id: radius.c,v 1.104 2003/09/03 15:19:28 cparker Exp $ * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA + * + * Copyright 2000 The FreeRADIUS server project */ static const char rcsid[] = "$Id: radius.c,v 1.104 2003/09/03 15:19:28 cparker Exp $"; Index: src/lib/token.c === RCS file: /source/radiusd/src/lib/token.c,v retrieving revision 1.16 diff -u -r1.16 token.c --- src/lib/token.c 21 Nov 2002 17:37:16 - 1.16 +++ src/lib/token.c 12 Sep 2003 08:46:19 - @@ -4,6 +4,21 @@ * * Version:$Id: token.c,v 1.16 2002/11/21 17:37:16 aland Exp $ * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA + * + * Copyright 2000 The FreeRADIUS server project */ #include Index: src/lib/valuepair.c === RCS file: /source/radiusd/src/lib/valuepair.c,v retrieving revision 1.64 diff -u -r1.64 valuepair.c --- src/lib/valuepair.c 3 Sep 2003 15:19:28 - 1.64 +++ src/lib/valuepair.c 12 Sep 2003 08:46:19 - @@ -3,6 +3,21 @@ * * Version:$Id: valuepair.c,v 1.64 2003/09/03 15:19:28 cparker Exp $ * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA + * + * Copyright 2000 The FreeRADIUS server project */ static const char rcsid[] = "$Id: valuepair.c,v 1.64 2003/09/03 15:19:28 cparker Exp $"; -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Calling-Station-Id
En réponse à Eric : > Excuse me, I unterstood, but one more question. > What means "^" in "^69"? > Thank you! "^" matches the null string at the beginning of a line. Read man page regex(7) -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + mysql + minicom Test
> This simple script shell should be convenient. Just replace the IP > address of your freeradius server (and the username / password / > secret if you've changed the default configuration). What I posted earlier is ugly and could be like this: #!/bin/sh # steve authenticates radclient -x 172.16.16.17 auth testing123 << EOF User-Name = steve User-Password = testing NAS-IP-Address = localhost NAS-Port = 0 EOF # steve starts accounting radclient -x 172.16.16.17 acct testing123 << EOF NAS-IP-Address = localhost NAS-Port = 0 NAS-Port-Type = 2 User-Name = steve Acct-Status-Type = Start EOF # steve is doing something else sleep 1 # steve stops accounting radclient -x 172.16.16.17 acct testing123 << EOF NAS-IP-Address = localhost NAS-Port = 0 NAS-Port-Type = 2 User-Name = steve Acct-Status-Type = Stop EOF -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: GPL headers
ed warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - * + * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. Index: src/modules/rlm_unix/compat.c === RCS file: /source/radiusd/src/modules/rlm_unix/compat.c,v retrieving revision 1.2 diff -u -r1.2 compat.c --- src/modules/rlm_unix/compat.c 3 Sep 2003 15:19:32 - 1.2 +++ src/modules/rlm_unix/compat.c 11 Sep 2003 10:08:52 - @@ -6,15 +6,16 @@ * * Version: $Id: compat.c,v 1.2 2003/09/03 15:19:32 cparker Exp $ * - * This program is is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License, version 2 if the - * License as published by the Free Software Foundation. - * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - * + * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
src/lib/smbdes.c and src/modules/rlm_smb/smbdes.c
Maybe it's a anecdotic question, but... I noted there's 2 source files with the same name and with little differences. Is it in accordance with the expected behaviour ? -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + mysql + minicom Test
En réponse à [EMAIL PROTECTED] : > sorry for my poor english (im Brasilian), well, i'm starting at > freeradius and mysql, i've installed freeradius + mysql following > the www.frontios.com/freeradius.html howto, seems all ok, localy > with radtest radius returns a message of OK using the table in > mysql, but i want to test the authentication and logging (radacct) > with mysql. Well, i heard that this test can be done with minicom + > portslave localy, without the necessity of a modem installed, it > true? if .. someone that already have passed of this it could help > me? If I'm not misunderstanding, you just want to send accounting packets to you freeradius server and want to see whether accounting packets goes in your database. This simple script shell should be convenient. Just replace the IP address of your freeradius server (and the username / password / secret if you've changed the default configuration). #!/bin/sh # steve authenticates cat << EOF | radclient -x 172.16.16.17 auth testing123 User-Name = steve User-Password = testing NAS-IP-Address = localhost NAS-Port = 0 EOF # steve starts accounting cat << EOF | radclient -x 172.16.16.17 acct testing123 NAS-IP-Address = localhost NAS-Port = 0 NAS-Port-Type = 2 User-Name = steve Acct-Status-Type = Start EOF # steve is doing something else sleep 1 # steve stops accounting cat << EOF | radclient -x 172.16.16.17 acct testing123 NAS-IP-Address = localhost NAS-Port = 0 NAS-Port-Type = 2 User-Name = steve Acct-Status-Type = Stop EOF -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: GPL headers
Paul Hampson wrote: > I am not a lawyer, but I play one on TV... [...] You should look at src/lib/snprintf.c too. There is no licence in the header but it comes from mutt source code which is GPL... -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 0.9.1, gethostbyname_r again
Alex Kasatkin wrote: > > > > > When I've add -lc_r, rlm_dbm_parser links normally, but with some warnings. > > > > What's c_r? Is that where the ghostby{addr,name}_r stuff lives? I guess that > > > > could be detected as > > > > a required library for the gethostby{addr,name}_r function-using modules > > > > (hopefully just libradius) > > > > > AFAIR it's threaded c library. > > > > > man 3 pthread_create > > > > > > NAME > > > pthread_create - create a new thread > > > > > > LIBRARY > > > Reentrant C Library (libc_r, -pthread) > > > > Is this a FreeBSD-only thing? > > AFAIK OpenBSD has it too, not sure about NetBSD. There is no such library in NetBSD. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: GPL headers
the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * Copyright 2000 The FreeRADIUS server project + * Copyright 2000 David Kerry <[EMAIL PROTECTED]> + */ + #include #include #include Index: src/modules/rlm_sql/drivers/rlm_sql_sybase/sql_sybase.c === RCS file: /source/radiusd/src/modules/rlm_sql/drivers/rlm_sql_sybase/sql_sybase.c,v retrieving revision 1.6 diff -u -r1.6 sql_sybase.c --- src/modules/rlm_sql/drivers/rlm_sql_sybase/sql_sybase.c 2 Sep 2003 18:38:53 - 1.6 +++ src/modules/rlm_sql/drivers/rlm_sql_sybase/sql_sybase.c 10 Sep 2003 15:32:12 - @@ -1,12 +1,24 @@ -/*** -* sql_sybase.crlm_sql - FreeRADIUS SQL Module * -* * -* Sybase (ctlibrary) routines for rlm_sql * -* * -* Error handling stolen from Sybase example code "firstapp.c" * -* * -* Mattias Sjostrom <[EMAIL PROTECTED]> * -***/ +/* + * sql_sybase.cSybase (ctlibrary) routines for rlm_sql + * Error handling stolen from Sybase example code "firstapp.c" + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * Copyright 2000 The FreeRADIUS server project + * Copyright 2000 Mattias Sjostrom <[EMAIL PROTECTED]> + */ #include #include Index: src/modules/rlm_sql/drivers/rlm_sql_unixodbc/sql_unixodbc.c === RCS file: /source/radiusd/src/modules/rlm_sql/drivers/rlm_sql_unixodbc/sql_unixodbc.c,v retrieving revision 1.9 diff -u -r1.9 sql_unixodbc.c --- src/modules/rlm_sql/drivers/rlm_sql_unixodbc/sql_unixodbc.c 2 Sep 2003 18:38:53 - 1.9 +++ src/modules/rlm_sql/drivers/rlm_sql_unixodbc/sql_unixodbc.c 10 Sep 2003 15:32:12 - @@ -1,9 +1,23 @@ -/** - * sql_unixodbc.c unixODBC rlm_sql driver * - * * - * * - * Dmitri Ageev <[EMAIL PROTECTED]> * - **/ +/* + * sql_unixodbc.c unixODBC rlm_sql driver + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * Copyright 2000 The FreeRADIUS server project + * Copyright 2000 Dmitri Ageev <[EMAIL PROTECTED]> + */ #include #include -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: GPL headers
gram is is free software; you can redistribute it and/or modify + * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License, version 2 if the * License as published by the Free Software Foundation. * Index: src/modules/rlm_unix/compat.c === RCS file: /source/radiusd/src/modules/rlm_unix/compat.c,v retrieving revision 1.2 diff -u -r1.2 compat.c --- src/modules/rlm_unix/compat.c 3 Sep 2003 15:19:32 - 1.2 +++ src/modules/rlm_unix/compat.c 10 Sep 2003 15:15:17 - @@ -6,7 +6,7 @@ * * Version: $Id: compat.c,v 1.2 2003/09/03 15:19:32 cparker Exp $ * - * This program is is free software; you can redistribute it and/or modify + * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License, version 2 if the * License as published by the Free Software Foundation. * -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Wireless
Rio Martin wrote: > On Wednesday 10 September 2003 00:14, Alan DeKok wrote: > > "Troy Sanders" <[EMAIL PROTECTED]> wrote: > > > I am looking for a document that shows how to configure the Free Radius > > > Server and wireless access points; > > > > http://www.freeradius.org/doc/ ? > > There are a number of such documents. > > Alan, > Please check the website, URL broken. http://www.freeradius.org/radiusd/doc/ -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: GPL headers
_sybase.crlm_sql - FreeRADIUS SQL Module * -* * -* Sybase (ctlibrary) routines for rlm_sql * -* * -* Error handling stolen from Sybase example code "firstapp.c" * -* * -* Mattias Sjostrom <[EMAIL PROTECTED]> * -***/ +/* + * sql_sybase.cSybase (ctlibrary) routines for rlm_sql + * Error handling stolen from Sybase example code "firstapp.c" + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * Copyright 2000 The FreeRADIUS server project + * Copyright 2000 Mattias Sjostrom <[EMAIL PROTECTED]> + */ #include #include Index: src/modules/rlm_sql/drivers/rlm_sql_unixodbc/sql_unixodbc.c === RCS file: /source/radiusd/src/modules/rlm_sql/drivers/rlm_sql_unixodbc/sql_unixodbc.c,v retrieving revision 1.9 diff -u -r1.9 sql_unixodbc.c --- src/modules/rlm_sql/drivers/rlm_sql_unixodbc/sql_unixodbc.c 2 Sep 2003 18:38:53 - 1.9 +++ src/modules/rlm_sql/drivers/rlm_sql_unixodbc/sql_unixodbc.c 8 Sep 2003 15:06:51 - @@ -1,9 +1,23 @@ -/** - * sql_unixodbc.c unixODBC rlm_sql driver * - * * - * * - * Dmitri Ageev <[EMAIL PROTECTED]> * - **/ +/* + * sql_unixodbc.c unixODBC rlm_sql driver + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * Copyright 2000 The FreeRADIUS server project + * Copyright 2000 Dmitri Ageev <[EMAIL PROTECTED]> + */ #include #include Index: src/modules/rlm_unix/cache.c === RCS file: /source/radiusd/src/modules/rlm_unix/cache.c,v retrieving revision 1.23 diff -u -r1.23 cache.c --- src/modules/rlm_unix/cache.c3 Sep 2003 15:19:32 - 1.23 +++ src/modules/rlm_unix/cache.c8 Sep 2003 15:06:51 - @@ -13,7 +13,7 @@ * * Version: $Id: cache.c,v 1.23 2003/09/03 15:19:32 cparker Exp $ * - * This program is is free software; you can redistribute it and/or modify + * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License, version 2 if the * License as published by the Free Software Foundation. * Index: src/modules/rlm_unix/compat.c === RCS file: /source/radiusd/src/modules/rlm_unix/compat.c,v retrieving revision 1.2 diff -u -r1.2 compat.c --- src/modules/rlm_unix/compat.c 3 Sep 2003 15:19:32 - 1.2 +++ src/modules/rlm_unix/compat.c 8 Sep 2003 15:06:51 - @@ -6,7 +6,7 @@ * * Version: $Id: compat.c,v 1.2 2003/09/03 15:19:32 cparker Exp $ * - * This program is is free software; you can redistribute it and/or modify + * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License, version 2 if the * License as published by the Free Software Foundation. * -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: "doc/Autz-Type" and "doc/PostAuth-Type"
Paul Hampson wrote: > > In the freeradius tarball, why is there two files "doc/Autz-Type" and > > "doc/PostAuth-Type" with the same content ? (only two lines are > > different) > > I _think_ it's because we initially had Autz-Type, and then we added > Post-Auth-Type which worked basically the same, so the documentation > was copied. (PostAuth-Type was later changed to Post-Auth-Type, hence > the filename) > > I'm wondering what to do about that for 0.9.1... As users, would you > be able to find the Post-Auth-Type docs in doc/Autz-Type? Maybe we > could just make a copy of Autz-Type, or is the fact that the other > xxx-Type Attributes are mentioned only at the end confusing? > > Patches and suggestions appreciated. :-) Then I'd suggest the following: Since all the xxx-Type Attributes are used the same way you may put in the missing files Post-Auth-Type and Session-Type a very short description of the attribut and finally a line "See Autz-Type for further explanations". -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
GPL headers
As I was reading pieces of the freeradius source code, I noticed some files don't include a GPL header with the usual text "This program is free software..." As FreeRADIUS is developed under the GNU General Public License, all the contributions fall under the GPL too. Therefore I was thinking it would be better to make it explicit in all files in the source tree. Or is it ok to leave it like that ? I don't really know. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
"doc/Autz-Type" and "doc/PostAuth-Type"
In the freeradius tarball, why is there two files "doc/Autz-Type" and "doc/PostAuth-Type" with the same content ? (only two lines are different) -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlcounter cannot compile in FreeBSD 4.8
En réponse à apellido jr., wilfredo p : > Hello guys, after sucessfully installed freeradius > without experimental module. Our company decided to > launch an prepaid internet. Now, im tried to > reconfigure my freeradius with experimental module and > here's the error after compiling. Exactly the same question was asked in this mailing list last week. The answer was "{Free,Net}BSD users have to use gmake instead of make" -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Patch for high load radius servers (against release_0_9_0_final)
Paul Hampson wrote: > > From: Hindrik Buining > > Sent: Friday, 22 August 2003 11:54 AM > > > + while( !threads_available() ) { > > + radlog(L_ERR, "No threads available yet. Sleeping..."); > > + select(0,NULL,NULL,NULL,&sleep_time); > > + } > > + > > status = select(max_fd + 1, &readfds, NULL, NULL, tv); > > Shouldn't the loop appear after the select? That way if > there's no pending requests in the socket buffer, we don't > busy-wait needlessly when an io-wait would suffice. I don't understand why you say it's a busy loop: it isn't going to take 100% CPU time. Using select(2) is a portable way to sleep for a short period of time. Perhaps you want to change it with nanosleep(2) to make the code easier to understand. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS now part of Red Hat Linux
Paul Hampson wrote: > I'm always happy to hear about bugs in the Debian build process. > No, let me rephrase that. If there are bugs in the Debian build > process, I'm happy to hear them. I'm happier if there are no bugs, > but I'm not that delusional. :-) The "libtool" package in SID is now version 1.5 so you have to use package "libtool1.4" to build freeradius because the projet uses old version of the autotools. >From description of package "libtool1.4" <<<<< Description: Generic library support script (obsolete version) Obsolete compatibility package of GNU Libtool 1.4. Only required for developing software using Autoconf 2.13. >>>>> I suggest to put "libtool | libtool1.4" in the line Build-Depends of debian/control file, and it should be fine with all Debian distributions. Index: debian/control === RCS file: /source/radiusd/debian/control,v retrieving revision 1.34 diff -u -r1.34 control --- control 10 Jul 2003 20:43:06 - 1.34 +++ control 21 Aug 2003 11:38:35 - @@ -1,5 +1,5 @@ Source: freeradius -Build-Depends: debhelper (>= 3.4.4), libltdl3-dev, libpam0g-dev, postgresql-dev, libmysqlclient10-dev | libmysqlclient-dev, libgdbm-dev | libgdbmg1-dev, libldap2-dev, libsasl2-dev, libsnmp4.2-dev, libiodbc2-dev, libkrb5-dev, libssl-dev, libtool, snmp, autoconf2.13, autotools-dev +Build-Depends: debhelper (>= 3.4.4), libltdl3-dev, libpam0g-dev, postgresql-dev, libmysqlclient10-dev | libmysqlclient-dev, libgdbm-dev | libgdbmg1-dev, libldap2-dev, libsasl2-dev, libsnmp4.2-dev, libiodbc2-dev, libkrb5-dev, libssl-dev, libtool | libtool1.4, snmp, autoconf2.13, autotools-dev Section: net Priority: optional Maintainer: Chad Miller <[EMAIL PROTECTED]> -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Authentication Logging
Adam Carmichael wrote: > I was considering relearning C/C++ all over again so I could help > with this just because we need this feature quite badly. I'd love to > finally submit something back to an opensource product, but I don't > think my coding skills are quite up to scratch for this kind of > challenge yet. I'd be more than happy to provide feedback and help > with testing however, and I'll help patch what I can. Thanks for the offer of assistance but I can manage the coding part alone. Since the architecture of FR is really clean it's not a big problem. And of course it much better if you do more tests on your side when it's done. > Users of this might need additional features, such as the ability to > log other kinds of errors (such as RADIUS clients not in > clients.conf (or the deprecated clients file) trying to > authenticate, or if for example a particular NAS / LNS is running an > old secret) so perhaps an auth_default_log() might also be required > to log anything that doesn't match one of the other authentication > types it could be logged into a kind of table that has a few BLOB or > TEXT fields and places the entire log entry into that field. Another > scenario is if you use ENCRYPT()'ed passwords within MySQL, and a > user tries to log in using CHAP. While writing the patch I gave up about the "auth_badpass_table" and the "auth_goodpass_table". Just one "authlog_table" is sufficient, and you chose what you put inside with the "authlog_query". > What do you think? (with regards to the above outlined mysql logging > scenarios). If you'd like to further development, then I'll > subscribe to freeradius-developers and help out where I can. I think indeed we should follow the discussion in the freeradius-devel mailing list. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Authentication Logging
Alan DeKok wrote: > "Adam Carmichael" <[EMAIL PROTECTED]> wrote: > > > I'm currently running FreeRADIUS 0.9.0 on several *BSD boxes with MySQL4 > > for logging accounting and retrieving authentication information. I am > > interested in knowing how to log authentication attempts and even > > possibly why an attempt failled. > > See the 'detail' module in the latest CVS snapshot. It will create > "detail" style files for authentication requests, responses, proxied > packets, and replies from a home server. > > It won't log all of the information you see in debugging mode, but > it will log a fair amount of useful data. It's nice to get a lot of data in the detail files, but as I already said before : <<<<< When you have multiple freeradius servers, you want to store authentication attempts in a database rather than a flat file. >>>>> I'm doing a patch in rlm_sql to put information in a "authlog table" after authentification. In fact it's nearly finished, but I want to do more tests and add more commentaries in my source. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlcounter freebsd compile error
Valentin M wrote: [...] > host# make > "../rules.mak", line 65: Missing dependency operator > "../rules.mak", line 82: Missing dependency operator > "../rules.mak", line 84: Need an operator > "../rules.mak", line 86: Need an operator > "../rules.mak", line 92: Missing dependency operator > "../rules.mak", line 94: Need an operator > "../rules.mak", line 123: Need an operator > "../rules.mak", line 129: Need an operator > make: fatal errors encountered -- cannot continue Try using gmake instead of make. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Authentication Logging
Chris van Meerendonk wrote: > On Mon, 2003-08-18 at 05:30, Adam Carmichael wrote: > > > I'm currently running FreeRADIUS 0.9.0 on several *BSD boxes with > > MySQL4 for logging accounting and retrieving authentication > > information. I am interested in knowing how to log authentication > > attempts and even possibly why an attempt failled. > > I'm using a simple script that reads radius.log and put that in a > mysql table that can be accessed by our helpdesk by using a simple > php-interface to help people with their dialin problems. Maybe you > can do something with it. The situation isn't so easy when you have multiple freeradius servers, and in that case you want to store authentication attempts in a database rather than a flat file. For different reasons I need also logging connexion requests and I already thought a little about it. I'm considering writing a patch for this problem, and I would like advice from the developpers to do it the efficiently. Please correct me if the following doesn't make sense. The extension should be made in module rlm_sql because here you have all you need to connect the database and make a request (and the administrator may store the authcheck_table, the acct_table and the authentication attempts in the same db). Then in sql.conf you should add four lines with auth_badpass_table, auth_goodpass_table, auth_badpass_query, auth_goodpass_query (or something like that). We know in authentication whether the password is valid, so you have to enter module rlm_sql at this time. It requires to add a function rlm_sql_authenticate() to manage it... If I get something working from this idea I'll submit the patch in the mailing list later. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlcounter freebsd compile error
En réponse à Valentin M : > i am having a hard time compiling rlm_sqlcounter on a freebsd machine > any suggestions? If you want somebody to help, you should first say which version of freeradius you are using (0.9.0 or the current CVS) and the error messages from gcc. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Debian compilation problems
En réponse à Sevcik Berndt : > Thanks for the help it works now. > > But you have to change the lines in src/modules/rlm_dbm/configure (line > 1445 and 1566). Chaning it in confugre.in and then running autoconf has > not worked. No idea why. configure script is auto-generated using autoconf, so you shouldn't modify it yourself. The autotools contain sometimes many changes between two releases, and even break compatibility with previous versions. Try apt-get install autoconf2.13 and run autoconf2.13 instead of autoconf to build the scripts with FreeRadius' sources. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Debian compilation problems
Paul Hampson wrote: > > Jan Berkel wrote: > > > > > > try changing line 70 in src/modules/rlm_dbm/configure.in: > > > - if test "x$ac_cv_lib_gdbm_dbm_open" != "xyes"; then > > > + if test "x$ac_cv_lib_gdbm_compat_dbm_open" != "xyes"; then > > > > ... and after that run autoconf to generate a correct configure > > script. > > From the description above, wouldn't this fix break attempts > to build with libgdbm2? Or was it just a typo the first time? I never tried it with libgdbm2 which is now neither in woody nor in sarge but it seems clearly it's a typo when you read the lines above and below the test. AC_SMART_CHECK_LIB(gdbm_compat, dbm_open) - if test "x$ac_cv_lib_gdbm_dbm_open" != "xyes"; then + if test "x$ac_cv_lib_gdbm_compat_dbm_open" != "xyes"; then fail="$fail (libndbm or libgdm)" fi Indeed the macro AC_SMART_CHECK_LIB() sets the variable ac_cv_lib_${sm_lib_safe}_${sm_func_safe} when the library is found. So you're supposed to test ac_cv_lib_gdbm_compat_dbm_open and not ac_cv_lib_gdbm_dbm_open. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Debian compilation problems
Jan Berkel wrote: > Sevcik Berndt wrote: > > > checking for dbm_open in -lgdbm_compat... yes > > configure: warning: FAILURE: rlm_dbm requires: (libndbm or libgdm). > > configure: error: set --without-rlm_dbm to disable it explicitly. > > configure: error: ./configure failed for src/modules/rlm_dbm > > this happens when using a new version of libgdbm (libgdbm3), but > apparently on some systems the package builds ok (if an old version is > still installed and hasn't been removed). > > try changing line 70 in src/modules/rlm_dbm/configure.in: > - if test "x$ac_cv_lib_gdbm_dbm_open" != "xyes"; then > + if test "x$ac_cv_lib_gdbm_compat_dbm_open" != "xyes"; then ... and after that run autoconf to generate a correct configure script. It's the second time the problem shows up on the mailing lists, it would be nice if a maintainer of freeradius corrects it in the CVS. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html