Re: Missing crypto error?
you're correct, it's part of OpenSSL. Install that and you should be ok - Original Message - From: "Jose DelaEspriella" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, August 08, 2003 3:07 PM Subject: Re: Missing crypto error? > Thanks for the prompt reply! > > A quick search on google turns up that > libcrypto.so belongs to the OpenSSL > package. > > Is this correct? Is there any other libcrypto > library that I missed? > > Of this I have the latest version installed, > OpenSSL 0.9.7b. > > Please let me know if there is anything I need to > do. Maybe revert to an older version of OpenSSL? > > Thanks again, > > Jose > > On Fri, 8 Aug 2003 14:07:30 -0500 (CDT) > Steven Fries <[EMAIL PROTECTED]> wrote: > > > Try installing the newest libcrypto RPM or package. > > > > You wrote: > > > Hi, > > > I have been using Freeradius for about a year now > > > and I'm very happy with the quality of the software, > > > thank you guys! > > > In attempting to build a new radius server I > > > have encountered some difficulties compiling the new > > > version 0.9.0. > > > ./configure runs fine but make stops when compiling the > > > module rlm_eap w/tls with the error: "/ld: cannot find -lcrypto" > > > I'm sure is a small thing I have overlooked but alas, > > > for the life of me I can't seem to find it. > > > I apologize for the length of the email. > > > Thanks so much in advance! > > > Jose. > > > Here are the stats: > > > Linux Kernel 2.4.20 > > > [EMAIL PROTECTED]:/usr/src/misc/freeradius-0.9.0# uname -a > > > Linux sabertooth 2.4.20 #2 Mon Mar 17 22:02:15 PST 2003 i686 unknown > > > GCC 3.2.2 > > > [EMAIL PROTECTED]:/usr/src/misc/freeradius-0.9.0# gcc --version > > > gcc (GCC) 3.2.2 > > > GlibC version: 2.3.1 > > > FreeRadius version: 0.9.0 > > > OpenSSL version: 0.9.7b > > > Variables Set: > > > CPPFLAGS="-I/usr/local/openssl-0.9.7b/include -I/usr/local/net-snmp-5.0. > > > 8/include -I/usr/local/BerkeleyDB.4.1/include -I/usr/local/cyrus-sasl-2.1. > > > 15/include -I/usr/local/openldap-2.1.22/include" > > > LDFLAGS="-L/usr/local/openssl-0.9.7b/lib -L/usr/local/net-snmp-5.0.8/lib > > > -L/usr/local/BerkeleyDB.4.1/lib -L/usr/local/cyrus-sasl-2.1.15/lib > > > -L/usr/local/openldap-2.1.22/lib" > > > ./configure: > > > [snip...] > > > checking for crypt.h... (cached) yes > > > [snip...] > > > checking for crypt in -lcrypt... (cached) yes > > > [snip...] > > > checking for openssl/ssl.h... yes > > > checking for DH_new in -lcrypto... yes > > > checking for SSL_new in -lssl... yes > > > checking how to run the C preprocessor... (cached) gcc -E > > > checking for openssl/err.h... (cached) yes > > > checking for openssl/engine.h... (cached) yes > > > [snip] > > > My /etc/ld.so.conf: > > > /usr/local/lib > > > /usr/X11R6/lib > > > /usr/i386-slackware-linux/lib > > > /usr/local/BerkeleyDB.4.1/lib > > > /usr/local/net-snmp-5.0.8/lib > > > /usr/local/openldap-2.1.22/lib > > > /usr/local/cyrus-sasl-2.1.15/lib > > > /usr/local/openssl-0.9.7b/lib > > > [** PERTINENT ERROR**] > > > gmake[10]: Entering directory `/usr/src/misc/freeradius-0.9. > > > 0/src/modules/rlm_eap/types/rlm_eap_tls' > > > /usr/src/misc/freeradius-0.9.0/libtool --mode=link gcc -release 0.9.0 \ > > > -module -export-dynamic -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -W all > > D_GNU_SOURCE -DNDEBUG -I../../../../include -I../..-DOPENSSL_NO_KRB5 \ > > > -o rlm_eap_tls.la -rpath /usr/local/lib rlm_eap_tls.lo eap_tls.lo cb.lo tls.lo > > > mppe_keys.lo -lcrypto -lssl -lnsl -lresolv -lpthread > > > rm -fr .libs/rlm_eap_tls.la .libs/rlm_eap_tls.* .libs/rlm_eap_tls-0.9.0.* > > > gcc -shared rlm_eap_tls.lo eap_tls.lo cb.lo tls.lo ppe_keys.lo -lcrypto > > > -lssl -lnsl -lresolv -lpthread -Wl,-soname -Wl,rlm_eap_tls-0.9.0.so -o . > > > libs/rlm_eap_tls-0.9.0.so > > > /usr/lib/gcc-lib/i386-slackware-linux/3.2.2/../../../.. > > > /i386-slackware-linux/bin/ld: cannot find -lcrypto > > > collect2: ld returned 1 exit status > > > gmake[10]: *** [rlm_eap_tls.la] Error 1 > > > gmake[10]: Leaving directory `/usr/src/misc/freeradius-0.9. > > > 0/src/modules/rlm_eap/types/rlm_eap_tls' > > > Trouble-shooting Error: "/ld: cannot find -
RE: RADIUS with LDAP authentication -- problems - rlm_ldap
Make sure you're using FreeRadius 0.9 at least. Best bet is to use latest version from
CVS snapshot. Had this problem with mysql.
You wrote:
> Install ldap (such as www.openldap.org)
> Use these if you install somewhere funky
> --with-rlm-ldap-include-dir=/path/to/ldap/include
> --with-rlm-ldap-lib-dir=/path/to/ldap/lib
> -Original Message-
> From: Octavio Ramirez Rojas [mailto[EMAIL
> PROTECTED]
> Sent: Tuesday, August 05, 2003 9:24 AM
> To: [EMAIL PROTECTED]
> Subject: RADIUS with LDAP authentication -- problems - rlm_ldap
> Hi, I want to make radius authentification with ldap.
>
> I working under linux mandrake 9.0, freeradius and openldap-2.1.21
>
> I modified radiusd.conf file like this:
>
> --
> ldap {
> server = "127.0.0.1"
> identity = "cn=Manager,dc=prism,dc=fr"
> password = nobodys
> basedn = "dc=prism,dc=fr"
> filter = "(&(objectclass=posixAccount)(uid=%u))"
> start_tls = no
> tls_mode = no
> ldap_connections_number = 5
> groupname_attribute = cn
> groupmembership_filter =
> "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUn
> iqueNames)(uniquemember=%{Ldap-UserDn})))"
> timeout = 4
> timelimit = 3
> net_timeout = 1
> }
>
>
>
> authenticate {
> # pam
> # unix
>
> # Uncomment it if you want to use ldap for authentication
> authtype LDAP {
> ldap
> }
> }
>
> but i have this error:
> read_config_files: entering modules setup
> Module: Library search path is /usr/local/lib
> radiusd.conf[636] Failed to link to module 'rlm_ldap': rlm_ldap.so:
> cannot open shared object
> file: No such file or directory
> ---
>
>
> I do not have this file "rlm_ldap.so', how I make to create it?
>
> Regards
>
> Octavio
>
>
>
>
> -
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Re: Missing crypto error?
Oops, should have finished reading your message Make sure the install path is right for cypto. Not sure where slackware puts it. [EMAIL PROTECTED] freeradius-snapshot-20030707]# locate libcrypto.so /usr/lib/libcrypto.so /lib/libcrypto.so.2 /lib/libcrypto.so.0.9.6b - Original Message - From: "Jose DelaEspriella" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, August 08, 2003 3:07 PM Subject: Re: Missing crypto error? > Thanks for the prompt reply! > > A quick search on google turns up that > libcrypto.so belongs to the OpenSSL > package. > > Is this correct? Is there any other libcrypto > library that I missed? > > Of this I have the latest version installed, > OpenSSL 0.9.7b. > > Please let me know if there is anything I need to > do. Maybe revert to an older version of OpenSSL? > > Thanks again, > > Jose > > On Fri, 8 Aug 2003 14:07:30 -0500 (CDT) > Steven Fries <[EMAIL PROTECTED]> wrote: > > > Try installing the newest libcrypto RPM or package. > > > > You wrote: > > > Hi, > > > I have been using Freeradius for about a year now > > > and I'm very happy with the quality of the software, > > > thank you guys! > > > In attempting to build a new radius server I > > > have encountered some difficulties compiling the new > > > version 0.9.0. > > > ./configure runs fine but make stops when compiling the > > > module rlm_eap w/tls with the error: "/ld: cannot find -lcrypto" > > > I'm sure is a small thing I have overlooked but alas, > > > for the life of me I can't seem to find it. > > > I apologize for the length of the email. > > > Thanks so much in advance! > > > Jose. > > > Here are the stats: > > > Linux Kernel 2.4.20 > > > [EMAIL PROTECTED]:/usr/src/misc/freeradius-0.9.0# uname -a > > > Linux sabertooth 2.4.20 #2 Mon Mar 17 22:02:15 PST 2003 i686 unknown > > > GCC 3.2.2 > > > [EMAIL PROTECTED]:/usr/src/misc/freeradius-0.9.0# gcc --version > > > gcc (GCC) 3.2.2 > > > GlibC version: 2.3.1 > > > FreeRadius version: 0.9.0 > > > OpenSSL version: 0.9.7b > > > Variables Set: > > > CPPFLAGS="-I/usr/local/openssl-0.9.7b/include -I/usr/local/net-snmp-5.0. > > > 8/include -I/usr/local/BerkeleyDB.4.1/include -I/usr/local/cyrus-sasl-2.1. > > > 15/include -I/usr/local/openldap-2.1.22/include" > > > LDFLAGS="-L/usr/local/openssl-0.9.7b/lib -L/usr/local/net-snmp-5.0.8/lib > > > -L/usr/local/BerkeleyDB.4.1/lib -L/usr/local/cyrus-sasl-2.1.15/lib > > > -L/usr/local/openldap-2.1.22/lib" > > > ./configure: > > > [snip...] > > > checking for crypt.h... (cached) yes > > > [snip...] > > > checking for crypt in -lcrypt... (cached) yes > > > [snip...] > > > checking for openssl/ssl.h... yes > > > checking for DH_new in -lcrypto... yes > > > checking for SSL_new in -lssl... yes > > > checking how to run the C preprocessor... (cached) gcc -E > > > checking for openssl/err.h... (cached) yes > > > checking for openssl/engine.h... (cached) yes > > > [snip] > > > My /etc/ld.so.conf: > > > /usr/local/lib > > > /usr/X11R6/lib > > > /usr/i386-slackware-linux/lib > > > /usr/local/BerkeleyDB.4.1/lib > > > /usr/local/net-snmp-5.0.8/lib > > > /usr/local/openldap-2.1.22/lib > > > /usr/local/cyrus-sasl-2.1.15/lib > > > /usr/local/openssl-0.9.7b/lib > > > [** PERTINENT ERROR**] > > > gmake[10]: Entering directory `/usr/src/misc/freeradius-0.9. > > > 0/src/modules/rlm_eap/types/rlm_eap_tls' > > > /usr/src/misc/freeradius-0.9.0/libtool --mode=link gcc -release 0.9.0 \ > > > -module -export-dynamic -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -W all > > D_GNU_SOURCE -DNDEBUG -I../../../../include -I../..-DOPENSSL_NO_KRB5 \ > > > -o rlm_eap_tls.la -rpath /usr/local/lib rlm_eap_tls.lo eap_tls.lo cb.lo tls.lo > > > mppe_keys.lo -lcrypto -lssl -lnsl -lresolv -lpthread > > > rm -fr .libs/rlm_eap_tls.la .libs/rlm_eap_tls.* .libs/rlm_eap_tls-0.9.0.* > > > gcc -shared rlm_eap_tls.lo eap_tls.lo cb.lo tls.lo ppe_keys.lo -lcrypto > > > -lssl -lnsl -lresolv -lpthread -Wl,-soname -Wl,rlm_eap_tls-0.9.0.so -o . > > > libs/rlm_eap_tls-0.9.0.so > > > /usr/lib/gcc-lib/i386-slackware-linux/3.2.2/../../../.. > > > /i386-slackware-linux/bin/ld: cannot find -lcrypto > > > collect2: ld returned 1 exit status > > > gmake[10]: *** [rlm_eap_tls.la] Error 1 > > >
RE: Missing crypto error?
Try installing the newest libcrypto RPM or package. You wrote: > Hi, > I have been using Freeradius for about a year now > and I'm very happy with the quality of the software, > thank you guys! > In attempting to build a new radius server I > have encountered some difficulties compiling the new > version 0.9.0. > ./configure runs fine but make stops when compiling the > module rlm_eap w/tls with the error: "/ld: cannot find -lcrypto" > I'm sure is a small thing I have overlooked but alas, > for the life of me I can't seem to find it. > I apologize for the length of the email. > Thanks so much in advance! > Jose. > Here are the stats: > Linux Kernel 2.4.20 > [EMAIL PROTECTED]:/usr/src/misc/freeradius-0.9.0# uname -a > Linux sabertooth 2.4.20 #2 Mon Mar 17 22:02:15 PST 2003 i686 unknown > GCC 3.2.2 > [EMAIL PROTECTED]:/usr/src/misc/freeradius-0.9.0# gcc --version > gcc (GCC) 3.2.2 > GlibC version: 2.3.1 > FreeRadius version: 0.9.0 > OpenSSL version: 0.9.7b > Variables Set: > CPPFLAGS="-I/usr/local/openssl-0.9.7b/include -I/usr/local/net-snmp-5.0. > 8/include -I/usr/local/BerkeleyDB.4.1/include -I/usr/local/cyrus-sasl-2.1. > 15/include -I/usr/local/openldap-2.1.22/include" > LDFLAGS="-L/usr/local/openssl-0.9.7b/lib -L/usr/local/net-snmp-5.0.8/lib > -L/usr/local/BerkeleyDB.4.1/lib -L/usr/local/cyrus-sasl-2.1.15/lib > -L/usr/local/openldap-2.1.22/lib" > ./configure: > [snip...] > checking for crypt.h... (cached) yes > [snip...] > checking for crypt in -lcrypt... (cached) yes > [snip...] > checking for openssl/ssl.h... yes > checking for DH_new in -lcrypto... yes > checking for SSL_new in -lssl... yes > checking how to run the C preprocessor... (cached) gcc -E > checking for openssl/err.h... (cached) yes > checking for openssl/engine.h... (cached) yes > [snip] > My /etc/ld.so.conf: > /usr/local/lib > /usr/X11R6/lib > /usr/i386-slackware-linux/lib > /usr/local/BerkeleyDB.4.1/lib > /usr/local/net-snmp-5.0.8/lib > /usr/local/openldap-2.1.22/lib > /usr/local/cyrus-sasl-2.1.15/lib > /usr/local/openssl-0.9.7b/lib > [** PERTINENT ERROR**] > gmake[10]: Entering directory `/usr/src/misc/freeradius-0.9. > 0/src/modules/rlm_eap/types/rlm_eap_tls' > /usr/src/misc/freeradius-0.9.0/libtool --mode=link gcc -release 0.9.0 \ > -module -export-dynamic -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall > -D_GNU_SOURCE -DNDEBUG -I../../../../include -I../..-DOPENSSL_NO_KRB5 \ > -o rlm_eap_tls.la -rpath /usr/local/lib rlm_eap_tls.lo eap_tls.lo cb.lo tls.lo > mppe_keys.lo -lcrypto -lssl -lnsl -lresolv -lpthread > rm -fr .libs/rlm_eap_tls.la .libs/rlm_eap_tls.* .libs/rlm_eap_tls-0.9.0.* > gcc -shared rlm_eap_tls.lo eap_tls.lo cb.lo tls.lo mppe_keys.lo -lcrypto > -lssl -lnsl -lresolv -lpthread -Wl,-soname -Wl,rlm_eap_tls-0.9.0.so -o . > libs/rlm_eap_tls-0.9.0.so > /usr/lib/gcc-lib/i386-slackware-linux/3.2.2/../../../.. > /i386-slackware-linux/bin/ld: cannot find -lcrypto > collect2: ld returned 1 exit status > gmake[10]: *** [rlm_eap_tls.la] Error 1 > gmake[10]: Leaving directory `/usr/src/misc/freeradius-0.9. > 0/src/modules/rlm_eap/types/rlm_eap_tls' > Trouble-shooting Error: "/ld: cannot find -lcrypto" > [EMAIL PROTECTED]:/usr/src/misc/freeradius-0.9.0# ldconfig -p | grep -i crypto > libcrypto.so.0.9.7 (libc6) => /usr/local/openssl-0.9.7b/lib/libcrypto.so.0.9.7 > libcrypto.so.0 (libc6) => /usr/local/openssl-0.9.7b/lib/libcrypto.so.0 > libcrypto.so (libc6) => /usr/local/openssl-0.9.7b/lib/libcrypto.so > [EMAIL PROTECTED]:/usr/src/misc/freeradius-0.9.0# file /usr/local/openssl-0.9. > 7b/lib/libcrypto.so > /usr/local/openssl-0.9.7b/lib/libcrypto.so: symbolic link to libcrypto.so.0 > [EMAIL PROTECTED]:/usr/src/misc/freeradius-0.9.0# file /usr/local/openssl-0.9. > 7b/lib/libcrypto.so.0 > /usr/local/openssl-0.9.7b/lib/libcrypto.so.0: symbolic link to libcrypto.so.0.9. > 7 > [EMAIL PROTECTED]:/usr/src/misc/freeradius-0.9.0# file /usr/local/openssl-0.9. > 7b/lib/libcrypto.so.0.9.7 > /usr/local/openssl-0.9.7b/lib/libcrypto.so.0.9.7: ELF 32-bit LSB shared object, > Intel 80386, version 1 (SYSV), not stripped > [EMAIL PROTECTED]:/usr/src/misc/freeradius-0.9.0# ldd /usr/local/openssl-0.9. > 7b/lib/libcrypto.so.0.9.7 > libdl.so.2 => /lib/libdl.so.2 (0x40104000) > libc.so.6 => /lib/libc.so.6 (0x40108000) > /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x8000) > [EMAIL PROTECTED]:/usr/src/misc/freeradius-0.9.0# file /lib/libdl.so.2 > /lib/libdl.so.2: symbolic link to libdl-2.3.1.so > [EMAIL PROTECTED]:/usr/src/misc/freeradius-0.9.0# file /lib/libdl-2.3.1.so > /lib/libdl-2.3.1.so: ELF 32-bit LSB shared object, Intel 80386, version 1 > (SYSV), not stripped > [EMAIL PROTECTED]:/usr/src/misc/freeradius-0.9.0# file /lib/libc.so.6 > /lib/libc.so.6: symbolic link to libc-2.3.1.so > [EMAIL PROTECTED]:/usr/src/misc/freeradius-0.9.0# file /lib/libc-2.3.1.so > /lib/libc-2.3.1.so: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), > not stripped > [EMAIL PROTECTED]:/usr/src/misc/freeradius-0.9.0# file /lib/ld-linux.so.2 > /li
Re: Advantages of Using SQL ?
I'm still confused why you're arguing over this...It's implemented both ways for a reason I assume. So if the flat file is so great, why even bother with SQL code? AH! Choice! Kudos to the dev team. You wrote: > On Mon August 4 2003 20:34, Steven Fries wrote: > > Maybe you're both right? But who really wants to win a "Who's the bigger > > nerd contest"? If I have a small set of users, I'm using the flat file. But > > if my user list growsno doubt use SQL. The best thing for me is I don't > > have to write fancy text handlers to parse through the users file, I just > > use SQL statements. > Yes > > So as far as speed, it's negligible either way. Separation of datanow > > that's where it's at.. > Yes. > You are right in both instances, but we were arguing speed. If you read my > initial email on this thread you will see that I said that asking a backend > for information will be _slower_ than consulting an in memory list. Slower is > a relative term. ı never said it was too slow and I never said that you > should not use a DB because of it. I simply argued that if you pick a DB > backend that you do it for the right reasons. Speed is not one of them. You > can argue ram disks, or separate servers until you are blue in the face, but > on identical hardware, especially if it is memory constrained standalone > FreeRdius should be quicker. > This is the mailing list for an Open Source project. Argueing about how one > fast one implimentation or another is is definately on topic. If we get > better code, or better documentation of even a better understanding of how > things work out of the discussion thats great.. > -- > Peter Nixon > http://www.peternixon.net/ > PGP Key: http://www.peternixon.net/public.asc > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --
Re: Advantages of Using SQL ?
Maybe you're both right? But who really wants to win a "Who's the bigger nerd contest"? If I have a small set of users, I'm using the flat file. But if my user list growsno doubt use SQL. The best thing for me is I don't have to write fancy text handlers to parse through the users file, I just use SQL statements. So as far as speed, it's negligible either way. Separation of datanow that's where it's at.. Steven You wrote: > Well, if that is such a big problem then you can do a memory disk and > store your db files in memory disk. That would then definetely work > better than freeradius itself. How much are the memory prices now anyhow. > About the operating system stuff, the load of exchanging few messages in > memory can not be so overwhelming compared to an inefficient search of a > few hundred thousands of users from a text database even when its in > memory already. > There so many programs running in background usually that I am sure that > many programs trigger the kernel context switching already even when > freeradius is searching from the users file. Now the point is if the > search is faster then it would be interrupted less since it would take > less time to finish. Thus using SQL would yet improve performance anyhow > since the searches would take a lot less time. > Look at some statistics > http://cs.nmu.edu/~benchmark/index.php?page=context > The context switching occurs in microseconds. Lets try to calculate how > many context switching operations can be done in a second? Needless to > remind that a microsecond is 10^-6 of a second. > Then think about how much difference would it take to search 10 > entries from users file in memory or in sql database. In which sql > already optimize the data to be searched. Then find out how many context > switching can be done in that much time > I am certainly uncertain about how much overhead it cause for freeradius > to call to mysql and back but it can not be so much. Plus if you have > 10 users you do not want to reload the users file SRC="/images/emoticon14.gif"> think about > reading 10 users from the disk. Now is that more efficient? in every > stupid reload. Then calculate the people who change their passwords or > new customers coming and new accounts added. > You cant possible argue that using users file is faster. But perhaps the > difference is so little when you have few thousand users that you can > omit the difference. > Evren > Peter Nixon wrote: > > On Tue August 5 2003 05:34, Evren Yurtesen wrote: > > > >>Thats totally wrong, so you say same cpu works on both db lookups and > >>freeradius, now when freeradius is making a lookup inside users file > >>which is in ram, the same cpu doesnt work on db lookups in memory or > >>what? so thats out of question. > > > > > > I am sorry to tell you Evren, but you ARE wrong. Even if you forget for a > > moment the fact that a DB server has to fetch the data from the disk and > > FreeRadius does not, It is MUCH more efficient for FreeRadius to search it's > > own memory space than to ask another program to supply the data. > > > > Asking another program (A DB server or any other program) even if that > >program > > already has the data in memory is very slow comparitively as it forces a > > kernel context switch to load the other program onto the CPU, then another > > context switch to load FreeRadius onto the CPU. > > > > Put simply you are wrong. Please read up about CPU design and operating > >system > > context switches before argueing this any more. > > > > > >>but mysql is optimized for that kind of lookups, there is huge > >>difference. then again, you can increase the mysql memory cache that > >>mysql can cache the whole db inside the ram if it is small enough. > > > > > > It is not. There is not. You are wrong. Even if you have the entire DB inside > > > > ram (which would nullify your point of using a DB instead of a client file to > > > > save on RAM usage) the CPU still has to switch the running context from FR -> > > > > DB -> FR which flushes all CPU caches and is very slow. not to mention the > > fact that there is TCP (or UNIX) socket overhead to slow things down. Of > > course there is also Parsing and reparsing of SQL statements etc etc.. > > > > > >>Now about searching in ram is better than using a database backend. I > >>wonder why companies do not store their database data in text files and > >>load them to ram > > > > > > They do. Of course they do. It is always faster to load data at run time than > > > > look it up later. using a DB is easier/better for maintenence. It is NOT > > faster. > > > > > >>now the problem is that also everytime you reload > >>radius it reloads the whole file since it cant know where the changed > >>data is. Thus uses far more cpu. > > > > > > this ONLY happens at startup. how can it possibly use more CPU than > >requesting > > from disk for every query???!!! > >
Re: Need Help with SNMP
I answer any questions where I have experience in the subject. Since my needs for FreeRadius are limited, I don't want to say anything that could be counterproductive for someone. As I become more familiar with the system, I will gladly pitch in and spend more time answering others' questions so that you may devote more time to development. I appreciate very much your efforts, I've just seen some of the replies you've given as somewhat abrupt. My apologies, Steven - Original Message - From: "Alan DeKok" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, July 31, 2003 12:53 PM Subject: Re: Need Help with SNMP > Steven Fries <[EMAIL PROTECTED]> wrote: > > What Mr. DeKok means is... > > > > He's a giant jerk and thinks he's too important to answer your questions, so > > he has to make snide remarks questioning your intelligence to make himself > > feel all nerdy and stuff. > > Hmm... I answer about 100x more questions on this list than you do, > so I don't see what you're complaining about. If you don't like my > responses, you should have the balls to answer questions yourself. > > But you don't. Instead, you whine about how you don't like my > answers. So even though I'm provably friendlier and more helpful than > you are, you think I should be doing more. That's not rude, it's just > stupid. > > I've got a simple response: Pay me to help you, and I'll be > endlessly polite. If you're not going to pay me, and if you're not > going to lift a finger to help people, then shut up, and stop > complaining about my answers. > > Alan DeKok. > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need Help with SNMP
What Mr. DeKok means is... He's a giant jerk and thinks he's too important to answer your questions, so he has to make snide remarks questioning your intelligence to make himself feel all nerdy and stuff. Best advice, keep playing till you get something. You wrote: > "Atanu Das" <[EMAIL PROTECTED]> wrote: > > But while I run the snmpget query in the test environment I get the > > following message > > > > [EMAIL PROTECTED] snmp]# snmpget -v2c -c myradius localhost > > .1.3.6.1.2.1.67.1.1.1.1.5.0 > > SNMPv2-SMI::mib-2.67.1.1.1.1.5.0 = Counter32: 0 > > [EMAIL PROTECTED] snmp]# snmpget -v2c -c myradius localhost > > .1.3.6.1.2.1.67.2.1.1.1.5.0 > > SNMPv2-SMI::mib-2.67.2.1.1.1.5.0 = Counter32: 0 > So... what are the values you're querying? Most people don't keey > ~8 digit numbers in their heads for every MIB query, and if you can't > be bothered to look them up, I don't think you should expect that > anyone else would, either. > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --
Re: Cisco Access Levels
Actually, I believe this will work: aaa new-model ! ! aaa authentication login default local aaa authentication login group radius aaa authentication login localauth local group radius aaa authorization exec default local group radius aaa authorization network default local group radius aaa accounting delay-start aaa accounting exec default start-stop group radius aaa accounting network default start-stop group radius aaa session-id common - Original Message - From: "Steven Fries" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, July 31, 2003 6:38 AM Subject: Re: Cisco Access Levels > Refer to the cisco documentation under doc/cisco > > I use the local users on the router to authenticate telnet logins for > simplicity, but you can do it with: > > aaa new-model > aaa authentication login default group radius > aaa authorization exec default group radius > aaa authorization network default group radius > aaa accounting delay-start > aaa accounting exec default start-stop group radius > aaa accounting network default start-stop group radius > aaa processes 6 > > If you wish to use the cisco's users as a backup, which i HIGHLY recommend, > place local at the end of each line. If you're radius server is > misconfigured or down, the authentication will fallthrough to the cisco > device itself. > > Steven > > - Original Message - > From: "Robert LaGrasse" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, July 30, 2003 4:07 PM > Subject: Cisco Access Levels > > > > Hi All: > > > > I didn't see this in the FAQ, but I'm sure someone has done this before: > > > > I want to set the server up to authenticate/authorize telnet access > against > > the local linux user database. I need one group of users to have regular > old > > login access, and the other to have priviledge level (15) access. > > > > If there is an example of this somewhere, just point the way. > > > > I'm a newbie here, so please be gentle :) Thanks in advance for your help. > > > > -B > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco Access Levels
Refer to the cisco documentation under doc/cisco I use the local users on the router to authenticate telnet logins for simplicity, but you can do it with: aaa new-model aaa authentication login default group radius aaa authorization exec default group radius aaa authorization network default group radius aaa accounting delay-start aaa accounting exec default start-stop group radius aaa accounting network default start-stop group radius aaa processes 6 If you wish to use the cisco's users as a backup, which i HIGHLY recommend, place local at the end of each line. If you're radius server is misconfigured or down, the authentication will fallthrough to the cisco device itself. Steven - Original Message - From: "Robert LaGrasse" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, July 30, 2003 4:07 PM Subject: Cisco Access Levels > Hi All: > > I didn't see this in the FAQ, but I'm sure someone has done this before: > > I want to set the server up to authenticate/authorize telnet access against > the local linux user database. I need one group of users to have regular old > login access, and the other to have priviledge level (15) access. > > If there is an example of this somewhere, just point the way. > > I'm a newbie here, so please be gentle :) Thanks in advance for your help. > > -B > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: RADIUS/LDAP, help!
Make sure 'rlm_ldap.so' is in the path specified as your library directory in your
radius.conf file. If it is, you should probably try the newest release of FreeRadius.
Had this problem with rlm_sql but was resolved when I used CVS snapshot version.
Steven
You wrote:
> Hi,
> I working under linux mandrake 9.0
> I installed RADIUS and OpenLDAP.
> I was modified the file "radiusd.conf" like this:
> ldap {
> server = localhost
> identity = "cn=Manager,o=prism,c=fr"
> password = secret
> basedn = "ou=users,dc=prism,dc=fr"
> filter = "(posixAccount)(uid=%u)"
> }
> ...and the file "dictionary" like this
> # Non-Protocol Integer Translations
> #
> VALUE Auth-Type Local 0
> VALUE Auth-Type System 1
> VALUE Auth-Type SecurID 2
> VALUE Auth-Type Crypt-Local 3
> VALUE Auth-Type Reject 4
> VALUE Auth-Type ActivCard 4
> VALUE Auth-Type LDAP5
> VALUE Auth-Type EAP 6
> VALUE Auth-Type ARAP7
> and the file "users" :
> DEFAULT Auth-Type := LDAP
> Fall-Through = 1
> ... but, when I execute the command radiusd -X -A, I have this error:
> Module: Instantiated unix (unix)
> radiusd.conf[637] Failed to link to module 'rlm_ldap': rlm_ldap.so:
> cannot open shared object file: No such file or directory
> [EMAIL PROTECTED] sbin]#
>
> Any idea??
> Regards
> Octavio RAMIREZ ROJAS
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Re: Cisco VPN 3000 + FreeRADIUS
You pick the authentication..PAP, CHAP, or MSCHAP. Just gotta make sure both of them are speaking the same. You wrote: > On Tue, 22 Jul 2003 06:47 pm, idriss.mamodaly wrote: > > Hello folks, > > > > I would like to know what is the authentication protocol used between a > > Cisco VPN 3000 concentrator and FreeRADIUS ? > RADIUS... > -- > Peter Nixon > http://www.peternixon.net/ > PGP Key: http://www.peternixon.net/public.asc > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --
Re: Compiling freeradius with rlm_sql_sybase
I had problems with MySQL with 0.8.1. Maybe try the newest snapshot from CVS? - Original Message - From: "Eivind Ravndal" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, July 15, 2003 7:09 AM Subject: Compiling freeradius with rlm_sql_sybase > Using version 0.8.1 > > Anybody successfully compiled freeradius with rlm_sql_sybase ? > I think there's something wrong with my Makefile > /freeradius-0.8.1/src/modules/rlm_sql/drivers/rlm_sql_sybase/Makefile > > could anyone please paste your Makefile for Sybase ? > > > Mvh, > Regards, > Eivind Ravndal > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MS-CHAP problem
Labis,
Here's the jist of my setup. The only difference is that I'm using mysql to
store the usernames instead of the users file. When i first tested it, I
just used a line in the user file:
username Auth-Type := System, Password == "Password"
You probably need to set up AAA on the Cisco side as follows:
aaa new-model
aaa authentication login default group radius local
aaa authentication login localauth local
aaa authentication ppp default if-needed group radius local
aaa authorization exec default group radius local
aaa authorization network default group radius local
aaa accounting delay-start
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
aaa processes 6
radius-server host 10.1.1.200 auth-port 1812 acct-port 1813 key 7
encryptedkeyhere
radius-server retransmit 3
Be very careful after you type 'aaa new-model'. If you log out of the
router, you could lose your local authentication for the router.
In clients.conf I have..
client 10.1.1.3 {
secret = secret
shortname = cisco2600
nastype = cisco
}
And for radius.confg you need
mschap {
#
# As of 0.9, the mschap module does NOT support
# reading from /etc/smbpasswd.
#
# If you are using /etc/smbpasswd, see the 'passwd'
# module for an example of how to use /etc/smbpasswd
# authtype value, if present, will be used
# to overwrite (or add) Auth-Type during
# authorization. Normally should be MS-CHAP
authtype = MS-CHAP
# if use_mppe is not set to no mschap will
# add MS-CHAP-MPPE-Keys for MS-CHAPv1 and
# MS-MPPE-Recv-Key/MS-MPPE-Send-Key for MS-CHAPv2
# use_mppe = yes
# if mppe is enabled require_encryption makes
# encryption moderate
# require_encryption = yes
# require_strong always requires 128 bit key
# encryption
# require_strong = yes
}
authorize {
...
file
mschap
}
authenticate {
Auth-Type MS-CHAP {
mschap
}
}
- Original Message -
From: "labis siegfried" <[EMAIL PROTECTED]>
To: "Steven Fries" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, July 15, 2003 8:40 AM
Subject: Re: MS-CHAP problem
> it don't work , can i have your config, but i don't use mysql but a cisco
> router
>
> A 08:16 15/07/03 -0500, Steven Fries a écrit :
> >you only need...
> >
> >username Auth-Type := System, User-Password="pass"
> >
> >simple. I just configured mysql with MS-CHAP so if you want that config,
I
> >can send it to you.
> >
> >Steven
> >
> >- Original Message -
> >From: "labis siegfried" <[EMAIL PROTECTED]>
> >To: <[EMAIL PROTECTED]>
> >Sent: Tuesday, July 15, 2003 5:27 AM
> >Subject: MS-CHAP problem
> >
> >
> > > i have a problem with MS-CHAP, the authentification does not work
> > >
> > > my config :
> > >
> > > name Auth-Type := Local , Auth-Type += MS-CHAP , User-Password ==
"pass" ,
> > > Password == "pass" , CHAP-Password == "pass"
> > >Service-Type = Framed-user,
> > > Framed-protocol = PPP,
> > > Fall-Through = Yes
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> >http://www.freeradius.org/list/users.html
> >
> >
> >-
> >List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MS-CHAP problem
you only need... username Auth-Type := System, User-Password="pass" simple. I just configured mysql with MS-CHAP so if you want that config, I can send it to you. Steven - Original Message - From: "labis siegfried" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, July 15, 2003 5:27 AM Subject: MS-CHAP problem > i have a problem with MS-CHAP, the authentification does not work > > my config : > > name Auth-Type := Local , Auth-Type += MS-CHAP , User-Password == "pass" , > Password == "pass" , CHAP-Password == "pass" >Service-Type = Framed-user, > Framed-protocol = PPP, > Fall-Through = Yes > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: URGENT HELP rlm_ippool
Why not use the cisco device to do the actual assigning of IP's? I do
something like this with a Cisco 2600 and a VPN module. I have 2 sets of
IP's, one for the local network, and one range for VPN Dial-ins. Unless you
need something with the accounting of Radius, but can't you just use the
cisco logs?
Hope this helps
ip dhcp pool private-LAN
network 10.1.0.0 255.255.0.0
domain-name neondsl.com
dns-server 65.171.232.2 209.248.58.6
default-router 10.1.1.3
vpdn-group vpngroup
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
ip local pool vpnpool 10.1.100.1 10.1.101.254
- Original Message -
From: "ARC Informatique" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, July 12, 2003 11:09 AM
Subject: URGENT HELP rlm_ippool
> Hi,
>
> I just installed freeradius 0.9 pre1 with postgresql and rlm_ippool.
> I have to migrate tonight so this is an urgent request
>
> I have a Cisco AS5300 and here is what I would like to do:
>
> 1. Assign public dynamic ip pool say from 1.1.1.1 to 1.1.1.254
>
> 2. Assign private dynamic ip pool say from 172.16.1.1 to 172.16.1.254
>
> So I am trying to setup rlm_ippool.
>
> Here is what I have so far:
>
> in radiusd.conf
>
> ippool public_pool {
>
> range-start = 1.1.1.1
> range-stop = 1.1.1.254
> netmask = 255.255.255.0
> cache-size = 255
> session-db = ${raddbdir}/db.ippool
> ip-index = ${raddbdir}/db.ipindex
> override = no
> }
>
> ippool private_pool {
>
> range-start = 172.16.1.1
> range-stop = 172.16.1.254
> netmask = 255.255.255.0
> cache-size = 255
> session-db = ${raddbdir}/db.ippool
> ip-index = ${raddbdir}/db.ipindex
> override = no
> }
>
> In radgroupcheck, I have:
>
> groupname | attribute | op | value
> publicgroup | Pool-Name | := | public_pool
> privategroup | Pool-Name | := | private_pool
>
> In radgroupreply : what do I put exactly to tell my cisco what IP address
is
> assigned
>
> Basically, I am lacking documentation here - Can someone give a sample
> configuration
> on what I have to put exactly in my freeradius config as well as my cisco
> config.
>
> Thanks in advance for you help
>
> Mohsen
> --
-
> Ce mail ne contient pas de virus. This mail is virus free
> Scanné par Escan Checked by Escan
>
>
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius doesn't update MySQL database
Do you have sql in your accounting {} section in the radius.conf file?
- Original Message -
From: "destan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, July 12, 2003 1:16 AM
Subject: FreeRadius doesn't update MySQL database
> Hello list,
> I have a Cisco AS5350 sending start-stop accounting info to my freeRadius
> 0.8.1. I have set the sql.conf correctly and created a user for freeradius
> in mysql and given it all priveledges to radius.* tables. Also created the
> radius database & tables according to the schema from db_mysql.sql file
from
> the sources. I receive Radius packets from the cisco perfectly and
> freeradius logs them into radaact directory as a details text file. But I
> want this data also sent to the MySQL database. I don't think freeradius
> ever tries to talk to mysql, the tables are empty.
> What could be the problem? Doesn't sql modules get run if I just configure
> sql.conf ?
>
> Thanks in advance, and have a great weekend.
> Umut
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to polpulate Postgres database for MPPE/MS-CHAP ?
The file src/modules/rlm_sql/drivers/rlm_sql_postgresql contains the structure you need. I used the mysql and it works great. Only problem is my passwords are stored in plain text. I read you could use the Crypt-Password attribute instead of Password, but what type of crypt is it using? LM-Password, NT-Password, MySQL's Encrypt function, or something else? Steven - Original Message - From: "Ilia E. Chipitsine" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, July 12, 2003 7:14 AM Subject: how to polpulate Postgres database for MPPE/MS-CHAP ? > Dear Sirs, > > does anyone know how to populate Postgres database for MPPE/MS-CHAP ? > > Cheers, > Ilia > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius only works in Debug Mode
Hi All, Back at it again. I can only get the radius server to start in debug mode. If I try to run the Red Hat start up script, the message says it loads, but when I run: ps -aux | grep radiusd I get nothing back. That and my VPN users are unable to authenticate. Are there more parameters I need to pass? I had some other problems and resolved them by changing the user radius runs as back to root. Is there a permissions problem? Thanks Again, Steven
Re: LDAP authent/authorize and CHAP- Kostas Kalevras
update to the newest radius from the CVS snapshot - Original Message - From: "Michael Davidson" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, June 16, 2003 5:06 PM Subject: RE: LDAP authent/authorize and CHAP- Kostas Kalevras > > Hi Kostas, I'm now confused. I posted the following to this list a few moons > back I got this reply from ALan. > > >In the following debug trace it's my expectation > >that the MS-CHAP module would set the Auth-Type to > > MS-CHAP, but obviously it doesn't > > modcall[authorize]: module "mschap" returns notfound > > List 'mschap' after 'ldap', that should help. > > The issue is that the MSCHAP module looks for MS-CHAP to set > Auth-Type:= MSCHAP. But it ALSO looks for User-Password, to create NT > passwords. The second step is what's failing. > > The MSCHAP module should be updated to do the second step only > during the authentication phase. > > Alan DeKok. > > It's a bit different to what you have said below, or is it? > > Regards Mike D. > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Kostas > Kalevras > Sent: 16 June 2003 02:29 > To: [EMAIL PROTECTED] > Subject: RE: LDAP authent/authorize and CHAP > > > On Mon, 16 Jun 2003, Michael Davidson wrote: > > > Hi > > You need to re-order your authorize section so that MS_CHAP and CHAP > appear > > after LDAP. The LDAP module will read the client's details into memory for > > use by the 'CHAP authenticate modules. > > > ** NO ** > > The mschap/chap modules should come *before* the ldap module to set > Auth-Type > correctly. The ldap module just needs to be present in the authrize section > to > extract the user password from the user ldap entry and make it available for > the > mschap/chap modules in the authenticate section. > > > > > Regards Mike D. > > -- > Kostas Kalevras Network Operations Center > [EMAIL PROTECTED] National Technical University of Athens, Greece > Work Phone: +30 210 7721861 > 'Go back to the shadow' Gandalf > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mschap returns not found
Well.finally it works. Just a cisco/port issue in the replys. Thank you for you help. - Original Message - From: "Alan DeKok" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, June 25, 2003 10:06 AM Subject: Re: mschap returns not found > "Steven Fries" <[EMAIL PROTECTED]> wrote: > > Well Now it returns ok...But I get an error..Cannot find NT > > Password. > > Did you even read what you posted? That is NOT the error: > > > modcall: entering group Auth-Type > > rlm_mschap: No User-Password configured. Cannot create LM-Password. > > rlm_mschap: No User-Password configured. Cannot create NT-Password. > > THAT is the real error. Did you give the MSCHAP module a clear-text > password to use to authenticate the user? Nope. > > > rlm_mschap: No LM-Password or NT-Password attribute found. Cannot perform > > This is ONLY printed out because of the previous two error messages. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mschap returns not found
Well Now it returns ok...But I get an error..Cannot find NT Password. Is this the password specified in the users file? Or is this coming from my NAS? modcall[authorize]: module "files" returns ok rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type := MS-CHAP' modcall[authorize]: module "mschap" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type MS-CHAP auth: type "MS-CHAP" modcall: entering group Auth-Type rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: No LM-Password or NT-Password attribute found. Cannot perform MS-CHAP authentication. - Original Message - From: "Alan DeKok" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, June 24, 2003 4:42 PM Subject: Re: mschap returns not found > "Steven Fries" <[EMAIL PROTECTED]> wrote: > > What does mschap returns not found mean? Is the mschap module in the wrong > > place? It's in the default install location and the config files seem to > > point to it. > > Use the latest CVS snapshot, and look at the updates to > radiusd.conf. The MSCHAP module has been modified & simplified, with > the result that it's easier to get it working, and easier to > understand why it doesn't work. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mschap returns not found
What does mschap returns not found mean? Is the mschap module in the wrong place? It's in the default install location and the config files seem to point to it. Thanks, Steven rad_recv: Access-Request packet from host 10.1.1.3:1645, id=78, length=133 Framed-Protocol = PPP User-Name = "slfries" MS-CHAP-Challenge = 0x9af275c4376dd713 MS-CHAP-Response = 0x5a01aff693f6f212e8f63a6b32 9b303976b8e7d442993371b87d NAS-Port = 2 NAS-Port-Type = Virtual Service-Type = Framed-User NAS-IP-Address = 10.1.1.3 modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_chap: Could not find proper Chap-Password attribute in request modcall[authorize]: module "chap" returns noop modcall[authorize]: module "mschap" returns notfound - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MS-CHAP Anyone?
I'm trying to set up FreeRadius to validate VPN users coming from a Cisco 2600 using MS-CHAP and 128-mppe. Does anyone have a working configuration I could take a look at? I've not seen anything on the net and I even bought the O'Reilly Radius book..nothing in there. Does 'modcall[authorize]: module "mschap" returns notfound' mean that mschap is not configured correctly or not even installed? Am I supposed to use smbpasswd to authenticate the users? Please help! Users File: slfries Auth-Type := MS-CHAP Framed-Protocol = PPP, NAS-Port = 2, NAS-Port-Type = Virtual, Service-Type = Framed-User Server Output: rad_recv: Access-Request packet from host 10.1.1.3:1645, id=78, length=133 Framed-Protocol = PPP User-Name = "slfries" MS-CHAP-Challenge = 0x9af275c4376dd713 MS-CHAP-Response = 0x5a01aff693f6f212e8f63a6b32 9b303976b8e7d442993371b87d NAS-Port = 2 NAS-Port-Type = Virtual Service-Type = Framed-User NAS-IP-Address = 10.1.1.3 modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_chap: Could not find proper Chap-Password attribute in request modcall[authorize]: module "chap" returns noop modcall[authorize]: module "mschap" returns notfound rlm_realm: No '@' in User-Name = "slfries", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched slfries at 97 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type MS-CHAP auth: type "MS-CHAP" modcall: entering group authtype rlm_mschap: No LM/NT password configured. Check authorization. modcall[authenticate]: module "mschap" returns invalid modcall: group authtype returns invalid auth: Failed to validate the user. Delaying request 16 for 1 seconds Finished request 16 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 78 to 10.1.1.3:1645 MS-CHAP-Error = "ZE=691 R=1" MS-CHAP-Challenge = 0xb71e9278f330cfea Waking up in 4 seconds... rad_recv: Access-Request packet from host 10.1.1.3:1645, id=78, length=133 Sending duplicate reply to client cisco2600:1645 - ID: 78 Re-sending Access-Reject of id 78 to 10.1.1.3:1645 MS-CHAP-Error = "ZE=691 R=1" MS-CHAP-Challenge = 0xb71e9278f330cfea --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 16 ID 78 with timestamp 3ef6638a Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.1.1.3:1645, id=78, length=133 Framed-Protocol = PPP User-Name = "slfries" MS-CHAP-Challenge = 0x9af275c4376dd713 MS-CHAP-Response = 0x5a01aff693f6f212e8f63a6b32 9b303976b8e7d442993371b87d NAS-Port = 2 NAS-Port-Type = Virtual Service-Type = Framed-User NAS-IP-Address = 10.1.1.3 modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_chap: Could not find proper Chap-Password attribute in request modcall[authorize]: module "chap" returns noop modcall[authorize]: module "mschap" returns notfound rlm_realm: No '@' in User-Name = "slfries", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched slfries at 97 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type MS-CHAP auth: type "MS-CHAP" modcall: entering group authtype rlm_mschap: No LM/NT password configured. Check authorization. modcall[authenticate]: module "mschap" returns invalid modcall: group authtype returns invalid auth: Failed to validate the user. Delaying request 18 for 1 seconds Finished request 18 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 78 to 10.1.1.3:1645 MS-CHAP-Error = "ZE=691 R=1" MS-CHAP-Challenge = 0xb71e9278f330cfea Waking up in 4 seconds... rad_recv: Access-Request packet from host 10.1.1.3:1645, id=78, length=133 Sending duplicate reply to client cisco2600:1645 - ID: 78 Re-sending Access-Reject of id 78 to 10.1.1.3:1645 MS-CHAP-Error = "ZE=691 R=1" MS-CHAP-Challenge = 0xb71e9278f330cfea --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 18 ID 78 with timestamp 3ef66394 Nothing to do. Sleeping until we see a r
FreeRadius, MS-CHAP, mppe, and 128-bit encryption
After reading one of the files that is in the docs/ directory, it says 128-bit encryption with mppe is not possible because of some confusion with the Cisco RFCIs this true? And if so, are there any current versions beyond 0.8.1? I'm trying to use Radius to validate VPN PPTP users and am having alot of difficulties. I need to use the strongest encryption possible as this is for patient data. Anyone have similar experience?
Re: MySQL.h not found no matter what
Ok, I think something's wrong with the configure script..I moved the files under /usr/local/mysql/include to /usr/local/include/mysql and the files under /usr/local/mysql/lib to /usr/local/lib and now it seems to work. Maybe the --with-mysql-include-dir isn't overriding the default settings in the script? Thanks anyways - Original Message ----- From: "Steven Fries" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, June 02, 2003 7:12 PM Subject: MySQL.h not found no matter what > Hi All, > > I'm new at this so bear with me. I'm trying to run > './configure --with-msyql-include-dir=/usr/local/mysql/include/'. I check > the output and I get this > > checking for mysql/mysql.h... no > configure: warning: mysql headers not found. > Use --with-mysql-include-dir=. > configure: warning: sql submodule 'mysql' disabled > > I checked to see if mysql.h is in the directory '/usr/local/mysql/include' > and it's there. I also downloaded the source distribution of mysql and tried > pointing the option to its include directory but that doesn't work either. > > Any help would be appreciated. > > Thanks > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MySQL.h not found no matter what
Hi All, I'm new at this so bear with me. I'm trying to run './configure --with-msyql-include-dir=/usr/local/mysql/include/'. I check the output and I get this checking for mysql/mysql.h... no configure: warning: mysql headers not found. Use --with-mysql-include-dir=. configure: warning: sql submodule 'mysql' disabled I checked to see if mysql.h is in the directory '/usr/local/mysql/include' and it's there. I also downloaded the source distribution of mysql and tried pointing the option to its include directory but that doesn't work either. Any help would be appreciated. Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
