Re: Dialup-Admin
>When Apache was initially set up during the Caldera OpenLinux installation >the default php extension was set to just "php" rather than php3. So I >renamed all of the dialup-admin files to have a php extension and I edited >them all replacing php3 with php. Everything appears to be working for the why did you not just edit the httpd.conf file and add '.php3' after the .php include?? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CHAP-Password & LDAP Auth?
> > modcall: group authorize returns ok > > rad_check_password: Found Auth-Type ldap > > auth: type "Ldap" > > Why did you tell it to use Auth-Type LDAP? Don't do that! This setting btw is in your 'users' file for those that are wondering.. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: CHAP-Password & LDAP Auth?
>Can some tell me how to override the storing of encrypted passwords? This is a function of how you are, or the routine that enters the user data into your ldap database is defined. Define as crypt, it goes in encrypted. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: CHAP-Password & LDAP Auth?
>say I will never have questions again). I have identified my problem with
>CHAP as my ldap directory is storing encrypted passwords. I removed rootdn =
>{crypt}q2r124lojqslk and replaced it with rootdn = mypassword to see if that
>would trigger storing passwords in clear text but to no avail.
that will not work, as the LDAP module expects (NEEDS) the passwords
stored in LDAP to be plain text for CHAP to work.
If indeed your passwords are stored in LDAP as encrypted, you'll have to
figure out how your going to convert those p/w's to plain text.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
performance issues
I have ~10k users and having some performance issues on my two FreeRadius 0.4 servers. I am using MySQL for radius accounting and LDAP as my authentication methods, along with CHAP. I get consistent messages of the type: Error: Dropping duplicate authentication packet from client, from my research this means we are not answering the radius requests fast enough. When my load is broaching 200, 300, etc, I can understand that. What kind of tweaks do you guys have running to get better performance? Do I just need a more beefy server? I am running two servers of the following stats: P3 500mhz 256M Same HDD for /usr and /var max_request_time = 15 delete_blocked_requests = no cleanup_delay = 7 max_requests = 90 (i've played with many different values here) Both running RH 7.X I am in process of building a sparc 20 w/ solaris and a FreeBSD machine to see if I can get better results from them. Any help appreciated. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ldap + chap support
I noticed that there was some earlier posts about getting ldap + chap support working with freeradius. I currently am using .4 of freeradius and have it *almost* working.. Whats weird when running in debug mode is that the rlm_ldap processes the correct information (ie. password) in 'ldap_authorize', but the password is either hashed or just junk when it gets to 'ldap_authenticate'. I would expect the password to be the same, but maybe I'm missing something. Help would be appericated on this one.. Craig - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
