RE: How tcan I translate old X-Ascend... attributes to Ascned...
I worked around the problem If somebody has the same pb, mail me Antoine CavaliƩ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Unable to do UNIX authentication (still failing)
Hey dude,
If your trying to authenticate it via /etc/passwd please make it sure that the service
that runs it can access /etc/shadow. Please try looking at radius.conf and comment out
user= and group and then run the service using root.
HTH
allanj
-Original Message-
From: John Sasso Jr [mailto:[EMAIL PROTECTED]
Sent: Sunday, January 11, 2004 2:10 PM
To: [EMAIL PROTECTED]
Subject: RE: Unable to do UNIX authentication (still failing)
Phil,
Thanks for the response. I checked radiusd.conf, which I never modified
after I installed freeradius, and the /etc/passwd et.al. entries were
commented out. I uncommented them, restarted radiusd, but still no go.
Regarding teh DEFAULT entry on line 152, I looked at the users file (which I
also never modified after installing freeradius); this entry is:
DEFAULT Auth-Type = System
Fall-Through = 1
which I understand to mean that authentication is done against /etc/passwd
etc.
BTW, someone suggesting restarting radiusd and even the system. I have done
this numerous times, so that is not a solution.
I ran radtest even against my account, but I still get Access-Reject. I
know for a fact, and have verified, that the passwords for accounts I have
tested against are valid..
Some other notes regarding the installation of freeradius that may lead to a
clue:
1. Fedora installed openssl-0.9.7a-23. I installed openssl-0.9.6l (by
compiling and building, not via rpm) into a separate area,
/usr/local/openssl, using the command:
./config --prefix=/usr/local/openssl shared
I used this version of openssl because config complained about not being
able to find 0.9.6 libs
2. The startup script /etc/rc.d/init.d/radiusd sets up the environment as
shown below, so it uses the openssl 0.9.6l libs:
-
prefix=/usr/local/freeradius
exec_prefix=${prefix}
sbindir=${exec_prefix}/sbin
localstatedir=${prefix}/var
logdir=/var/log/radius
rundir=${localstatedir}/run/radiusd
sysconfdir=${prefix}/etc
RADIUSD=$sbindir/radiusd
RADDBDIR=${sysconfdir}/raddb
DESC=FreeRADIUS
LD_LIBRARY_PATH=/usr/local/openssl/lib
LD_RUN_PATH=/usr/local/openssl/lib:
LD_PRELOAD=/usr/local/openssl/lib/libcrypto.so
export LD_LIBRARY_PATH LD_RUN_PATH LD_PRELOAD
#
# See 'man radiusd' for details on command-line options.
#
ARGS=
test -f $RADIUSD || exit 0
test -f $RADDBDIR/radiusd.conf || exit 0
case $1 in
start)
echo -n Starting $RADIUSD $ARGS:
$RADIUSD $ARGS
echo radiusd
;;
-
3. Links to openssl libraries:
# ls -l /lib/libcrypto*
lrwxrwxrwx1 root root 14 Jan 6 16:59
/lib/libcrypto.so.0.9.6 - libcrypto.so.4
-rwxr-xr-x1 root root 994000 Sep 30 18:00
/lib/libcrypto.so.0.9.7a
lrwxrwxrwx1 root root 19 Jan 6 16:59
/lib/libcrypto.so.4 - libcrypto.so.0.9.7a
# ls -l /lib/libssl*
lrwxrwxrwx1 root root 11 Jan 6 16:59
/lib/libssl.so.0.9.6 - libssl.so.4
-rwxr-xr-x1 root root 217512 Sep 30 18:00
/lib/libssl.so.0.9.7a
lrwxrwxrwx1 root root 16 Jan 6 16:59 /lib/libssl.so.4 -
libssl.so.0.9.7a
# ls -l /usr/lib/libcrypto*
-rw-r--r--1 root root 1893910 Sep 30 18:00 /usr/lib/libcrypto.a
-rw-r--r--1 root root 1893910 Sep 30 18:00
/usr/lib/libcrypto.a.orig
lrwxrwxrwx1 root root 29 Jan 6 16:54
/usr/lib/libcrypto.so - ../../lib/libcrypto.so.0.9.7a
lrwxrwxrwx1 root root 31 Jan 5 22:24
/usr/lib/libcrypto.so.0.9.6 - ../local/lib/libcrypto.so.0.9.6
lrwxrwxrwx1 root root 31 Jan 5 22:23
/usr/lib/libcrypto.so.0.9.6.1 - ../local/lib/libcrypto.so.0.9.6
lrwxrwxrwx1 root root 19 Jan 6 17:28
/usr/lib/libcrypto.so.4 - /lib/libcrypto.so.4
# ls -l /usr/lib/libssl*
-rwxr-xr-x1 root root 123928 Oct 30 17:07 /usr/lib/libssl3.so
-rw-r--r--1 root root 329464 Sep 30 18:00 /usr/lib/libssl.a
-rw-r--r--1 root root 329464 Sep 30 18:00
/usr/lib/libssl.a.orig
lrwxrwxrwx1 root root 26 Jan 6 16:54
/usr/lib/libssl.so - ../../lib/libssl.so.0.9.7a
lrwxrwxrwx1 root root 28 Jan 5 22:26
/usr/lib/libssl.so.0.9.6 - ../local/lib/libssl.so.0.9.6
lrwxrwxrwx1 root root 15 Jan 5 22:26
/usr/lib/libssl.so.0.9.6.1 - libssl.so.0.9.6
lrwxrwxrwx1 root root 15 Jan 5 17:44
/usr/lib/libssl.so.4 - libssl.so.0.9.6
4. I built freeradius 0.9.3 as follows:
Modified ./src/modules/rlm_eap/types/rlm_eap_tls/Makefile
./src/modules/rlm_ldap/Makefile
./src/modules/rlm_x99_token/Makefile
./src/modules/rlm_krb5/Makefile
and added the following to the end of RLM_CFLAGS
-L/usr/local/openssl/lib -I/usr/local/openssl/include
Then ran:
LDFLAGS=-L/usr/local/openssl/lib CPPFLAGS=-I/usr/local/openssl/include \
./configure --with-experimental-modules
mysql accounting question
Hi! I see messages like this in radius.log: Sun Jan 11 13:00:06 2004 : Info: rlm_sql (sql): There are no DB handles to use! skipped 0, tried to connect 0 When it happens, the accounting will be continous or this message indicates lost data? Thanks, Andras -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: mysql accounting question
hi This error indicates of a slow MYSQL machine Do you have a big radacct table? Cheers ~~ Mustafa N. Deeb Technical Director Palnet Communications Ltd. Tel: +970-2-2403434 Fax: +970-2-2403430 www.palsms.com www.paltime.net www.palnet.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fogarasi Andras Sent: Sunday, January 11, 2004 2:08 PM To: [EMAIL PROTECTED] Subject: mysql accounting question Hi! I see messages like this in radius.log: Sun Jan 11 13:00:06 2004 : Info: rlm_sql (sql): There are no DB handles to use! skipped 0, tried to connect 0 When it happens, the accounting will be continous or this message indicates lost data? Thanks, Andras -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mysql connection problem
I've noticed a strange behaviuor of radius and mysql: When starting radius presistent connections created to the mysql server. then load goes higher, once freeradius stops using one or more of the connections. When connection timeout reached (nothing done on that connection) or the mysql connection killed, radius stops doing sql accounting, only if restart. mysql server version 3.23.49, freeradius 0.9.2 Any solution or workaround? Thanks, Andras - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: haevy Performance and load requirements
Stefan [EMAIL PROTECTED] wrote: I'm not sure, how performant a Freeradius can be build up. http://lists.cistron.nl/pipermail/freeradius-users/2002-November/014040.html http://lists.cistron.nl/pipermail/freeradius-users/2003-June/019644.html Better than many other servers. Would it be possible, to set up a system, which is able to support a peak load of 500+ Access Requests/s for a time frame of about 15 s? Yes. Is there anybody, who has build a system like that? What kind of HW do I need (wee will need 99.% system reliability) Then you probably want a UPS, and multiple RADIUS servers. BTW: somebody in my company told me, it would all fit in a 'pizza box' ... which should mean a small SUN System How far is he away from the reality, beside the fact, that this would not meet our fault tolerance requirement? It would probably work. But for high reliability, you'd want multiple machines. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: haevy Performance and load requirements
Of course it should be possible with fast enough CPU's :) If not you can load balance the requests. It shouldnt be difficult to stack up your friend's pizza boxes over each other :) Also achieving fault tolerance at the same time (maybe 100% unless your power supply fails :) then you can use multiple power supplies) There is a document in freeradius distribution in doc/performance-testing by following that document you might be able to make a nice test and figure out the speed of freeradius in those pizza boxes. :) Then stack up enough pizza boxes to support 500+ access requests. In future you can stack up more pizza boxes to even increase performance when you need so. (I doubt you will need many) By the way a personal opinion, when a pizza box is branded as Sun, its too expensive compared to functionality :) Evren Stefan wrote: Gurus, I'm not sure, how performant a Freeradius can be build up. Would it be possible, to set up a system, which is able to support a peak load of 500+ Access Requests/s for a time frame of about 15 s? As my users are stored in an LDAP directory (which does support about 1000 queries/s peak) the requested configuration must lookup the user there. Also, the system must be able to assign the IP addresses for the users. I will have to build a database, to store all RADIUS sessions to be able to retrieve for actual and past sessions. As of my knowledge, the main performance issues are the Database, the IP address assignment and the online database replication (for fault tolerance reasons). Is there anybody, who has build a system like that? What kind of HW do I need (wee will need 99.% system reliability) BTW: somebody in my company told me, it would all fit in a 'pizza box' ... which should mean a small SUN System How far is he away from the reality, beside the fact, that this would not meet our fault tolerance requirement? rg. Stefan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
