Re: Simultaneous-Use - checkrad with diff. auth/acct systems
Andrea Gabellini wrote: At 14.38 20/01/2004, you wrote: hi, i have search the archive for some informations about an scenario where AUTHing and ACCTing take place on different machines. We have this situation what makes the use of checkrad (which needs a local radutmp on the AUTH-system - or have we here misunderstood someting?) a little bit difficult. checkrad is used also with sql simul_*_query, so if you are using sql to authenticate and for accounting you can use it. ok, thats a good idea! thx gerald - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problems with sql module
Hi thanx for your help with previous questions ive had.;) Freeradius: 0.9.3 running the experimental sql module with Postgres. We have a problem related to the attribute Max-All-Session. If this attribute is set pr user, in the radcheck table, freeradius fails to get this attribute from the radcheck table during authorize, see log below. On the other hand, as long as this attribute is set pr group, the radgroupcheck table, it works as expected. The documentation states it should work in either tables. Wed Jan 21 14:41:44 2004 : Debug: rlm_sql (sql): Reserving sql socketid: 4 Wed Jan 21 14:41:44 2004 : Debug: rlm_sql_postgresql: query: SELECT id, UserName, Attribute, Value, Op ??FROM radcheck ??WHERE Username = 'otto' ??ORDER BY id Wed Jan 21 14:41:44 2004 : Debug: rlm_sql_postgresql: Status: PGRES_TUPLES_OK Wed Jan 21 14:41:44 2004 : Debug: rlm_sql_postgresql: affected rows = Wed Jan 21 14:41:44 2004 : Error: rlm_sql: unknown attribute Max-All-Session Wed Jan 21 14:41:44 2004 : Error: rlm_sql (sql): Error getting data from database Wed Jan 21 14:41:44 2004 : Error: rlm_sql (sql): SQL query error; rejecting user Wed Jan 21 14:41:44 2004 : Debug: rlm_sql (sql): Released sql socket id: 4 And yes, i know this module is experimental and might have bugs, but im curious if anyone else have seen the same issues and if its not fixed in CVS-snapshots. Regards, Jon Arne Hegge -- Jon Arne Hegge <[EMAIL PROTECTED]> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[OT] USR805450 as NAS?
Hi, Has anyone configurate EAP/TLS with USR 805450 acting as NAS? Thanks. -- Omar. www.supervillanos.org
Re: LDAP and groups
Can you post the ldap section of your radiusd.conf file? Also, can you post an example of an entry in that groups section, as well as an entry for one of your users? On Wed, 21 Jan 2004, Daniel wrote: > I have freeradius 0.9.3 setup and running fine. Its is authing with my > Ldap server fine. > > I can't get it to reject a user with membership of a ldap group. > > users: > DEFAULT Ldap-Group == "disabled", Auth-Type := Reject > Reply-Message = "Sorry, you are not allowed" > > The groups are held under ou=Group,dc=test,dc=net,dc=au > > If I add a user to disabled ldap group the user is still authed. > > I dont understand what needs to be in the radius.conf file for this to > work. Can anyone shed some light on this for me. As I said everything > other that this is working fine. > > Thanks > Daniel > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem: apache & mod_auth_radius
I'd like to restrict whole my www-server (apache2) resources by radius. Everything is OK restricting subdirectory of www-server (http://myhost.com/info/), but things are worse restricting root-dir of www-server (http://myhost.com). 1) entering http://myhost.com (apache ask for username&password, entering these), I got an error-page (Authentication required!) 2) entering then http://myhost.com/index.html (no username&password asked), I got the same error-page But when I start vice versa: 1) entering http://myhost.com/index.html (apache ask for username&password, entering these), I got the valid page (index.html) 2) entering then http://myhost.com (no username&password asked), everything is OK, again. Index.html are displayed As I said, restricting subdirectory (http://myhost.com/test/) everything is OK. So problem occure when I restrict root-direcory and root-directory (without exact page, e.g. index.html) are asked. I use: - last mod_auth_radius-2.0.c (from freeradius page) - Redhat9.0 and apache2 httpd.conf: LoadModule radius_auth_module modules/mod_auth_radius-2.0.so AddRadiusAuth myradius.com mysecret AddRadiusCookieValid 5 Options Indexes FollowSymLinks AllowOverride All - /var/www/html/.htaccess: AuthType Basic AuthName "Radius" AuthAuthoritative Off AuthRadiusAuthoritative On AuthRadiusActive On require valid-user Does somebody knows solution to thiskind of problem? Tanel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Ascend-MOH-Timeout
[EMAIL PROTECTED] wrote: > Does FreeRadius support 16 bit attributes? As I said on the Cistron list, no. It's close, but not quite there. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem: apache & mod_auth_radius
Tanel Kokk <[EMAIL PROTECTED]> wrote: > I'd like to restrict whole my www-server (apache2) resources by radius. > Everything is OK restricting subdirectory of www-server > (http://myhost.com/info/), but things are worse restricting root-dir of > www-server (http://myhost.com). This is explained in the README which comes with the server. READ it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem: apache & mod_auth_radius
"Alan DeKok" <[EMAIL PROTECTED]> wrote: > This is explained in the README which comes with the server. I meant "apache module". Typing too quickly can be an issue. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using NAS IP as part of auth
Hiya
Thanks for your help, took me a while to get my head around what you were
doing, but I have the general gist of it now and a working config.
much appreciated
Graeme
On Mon, 19 Jan 2004 16:12:53 +0100
Thomas MARCHESSEAU <[EMAIL PROTECTED]> wrote:
> Hi,
>
> Im not sure to understand exactly your request but im selecting the auth
> via the NAS-IP-Address :
>
> * first the user.conf file , i have created huntgroups (lns, bas,
> lns-rtc , and even wifi)
>
> - a part of user.conf -
> DEFAULT Realm == "XXX.net", Huntgroup-Name == "bas", Autz-Type :=
> "autz.XXX.net"
> DEFAULT Realm == "XXX.net", Huntgroup-Name == "lns", Autz-Type :=
> "autz1.XXX.net"
> DEFAULT Realm == "XXX.net", Huntgroup-Name == "nas", Autz-Type :=
> "autz2.XXX.net"
> DEFAULT Realm == "XXX.net", Huntgroup-Name == "lns-rtc", Autz-Type :=
> "autz.XXX.net"
> -end-
>
> * then here comes the huntgroups file :
>
> - a part of huntgroups -
>
> # BAS #
> bas NAS-IP-Address == xx.124.255.2
> # a verif si existe
> bas NAS-IP-Address == xx.124.255.128
> # LNS #
> lns NAS-IP-Address == xx.223.42.14
> lns NAS-IP-Address == xx.223.238.197
> lns-rtc NAS-IP-Address == xx.223.14.226
> lns-rtc NAS-IP-Address == xx.115.111.13
>
> # les dupont (supervision Nagios)
> lns-rtc NAS-IP-Address == 192.168.7.229
> lns-rtc NAS-IP-Address == 192.168.7.230
>
>
> *then your can find a parts of my sql.conf
>
> authorize_check_query = "select USER_ID,
> USER_LOGIN, \"User-Password\", USER_PWD, ':=' from USER where USER_LOGIN
> = '%{User-Name}' and USER_ETAT = 'TRUE'"
>
> # utilise pour remonter la variable
> Post-Auth-Type, en vue de l'utilisation du loadbalancing de LNS
> authorize_group_check_query = "select GATTR_ID,
> USER_LOGIN,GATTR_NOM , GATTR_VALEUR, GATTR_OPERATION \
> from USER,GATTR where USER_LOGIN =
> '%{User-Name}' and GATTR.GROUPE_ID = USER.GROUPE_ID and GATTR_CLTTYPE =
> '%{Huntgroup-Name}' and GATTR_QUERYTYPE = 'check' "
>
> # remonte les attributs de user
> authorize_reply_query = "select UATTR_ID,
> USER_LOGIN, UATTR_NOM , UATTR_VALEUR, UATTR_OPERATION \
> from USER,UATTR where USER_LOGIN =
> '%{User-Name}' and UATTR.USER_ID = USER.USER_ID and UATTR_CLTTYPE =
> '%{Huntgroup-Name}'and GATTR_QUERYTYPE = 'reply' "
>
> # remonte les attributs de groupe
> authorize_group_reply_query = "select GATTR_ID,
> USER_LOGIN, GATTR_NOM , GATTR_VALEUR, GATTR_OPERATION \
> from USER,GATTR where USER_LOGIN =
> '%{User-Name}' and GATTR.GROUPE_ID = USER.GROUPE_ID and GATTR_CLTTYPE =
> '%{Huntgroup-Name}' and GATTR_QUERYTYPE = 'reply' "
> }
>
>
> * and may be you need to have a look on radiusd.conf
>
>
> authorize {
> preprocess
> suffix
> files
>
>
> Autz-Type autz.XXX.net {
> chap
> sql.XXX.net
> }
>
> Autz-Type autz.david.cl {
> chap
> sql.david.cl
> }
>
> Autz-Type autz.valerie.cl {
> chap
> sql.valerie.cl
> }
>
> }
>
>
> ok may be its not clear :/
> if you feel it can help you tell me :)
>
>
>
> Graeme Hinchliffe wrote:
>
> >Hiya
> > I am building a centralised authentication system for our routers, we are
> > using RADIUS (well freeRADIUS :) ) as the authentication and authorization system.
> > Ideally we want to just have one radius server running on the machine that will
> > be responcible for this, but there are several different types of router. So we
> > have people that can enable on router A but not B and vice-versa.
> >
> > For this to work nicely I need to take into account the NAS IP address from
> > which the auth request is comming and use a lookup in another table to determine
> > the users access level on the router. Is this possible in freeRADIUS without
> > using an external call? I was looking at the sql_xlat call, or am I barking up the
> > wrong tree?
> >
> >thanks for any help,
> >
> >
> >
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
-
Graeme Hinchliffe (BSc)
Core Team Member
Zen Internet (http://www.zen.co.uk)
ICQ 3842605 (link)
Direct: 0845 058 9074
Main : 0845 058 9000
Fax : 0845 058 9005
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP-MD5
Hello, freeradius users, I've a question that maybe stupid: I'm doing some tests with freeradius 0.9.3, mysql database, zyxel wireless cards and AEGIS client to use 802.1x with EAP-MD5 authentication. My results is that the AEGIS client authenticates correctly, but I cannot ping anything on the net, and in the mysql radius database there is no record in the radacct table about the user authentication. Could somebody give me few info to understand where I have to investigate ? Thank you in advance. Best regards. MS - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(no subject)
unsubscribe = Miguel Hernández y López SysAdmin / Cisco Systems Certified icq: 25041228 __ Do you Yahoo!? Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes http://hotjobs.sweepstakes.yahoo.com/signingbonus - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject)
Gee, Thanks--- Original Message Follows --From: [EMAIL PROTECTED] (Miguel Hernandez y Lspez)Date: 1/21/2004 01:02 PM (Eastern Standard Time)To: [EMAIL PROTECTED]Subject: (no subject)unsubscribe =Miguel Hernandez y Lspez SysAdmin / Cisco Systems Certified icq: 25041228 __Do you Yahoo!?Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakeshttp://hotjobs.sweepstakes.yahoo.com/signingbonus- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Ascend-MOH-Timeout
Sorry about this, I saw the reply on the Cistron list after I had posted to FreeRadius. I was just curious if someone on this list may have found a way to get it working. Thanks for the info. - Jeroen On Wed, 21 Jan 2004, Alan DeKok wrote: > [EMAIL PROTECTED] wrote: > > Does FreeRadius support 16 bit attributes? > > As I said on the Cistron list, no. It's close, but not quite there. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP + System passwords?
Hello all, I'm trying to set up my network switches to authenticate to my freeradius server and allow access based on their system password. It works if I add a test user to 'users' with a plaintext password. However, since the system password is encrypted, there's no way to use md5. I suppose this is where TLS comes in, but I've found it doesn't work: rad_recv: Access-Request packet from host 130.203.x.x:2050, id=56, length=104 User-Name = "nate" NAS-Port = 305 NAS-Port-Type = Ethernet NAS-IP-Address = 130.203.x.x Service-Type = Framed-User Framed-MTU = 1024 Calling-Station-Id = "00-0A-95-BC-9E-C6" EAP-Message = 0x02360009016e617465 Message-Authenticator = 0x4b00ef6de3685827fd57934007877a0c modcall: entering group authorize rlm_eap: EAP packet type notification id 54 length 9 rlm_eap: EAP Start not found modcall[authorize]: module "eap" returns updated modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: EAP packet type notification id 54 length 9 rlm_eap: EAP Start not found rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns ok modcall: group authenticate returns ok Login OK: [nate] (from client 3com port 305 cli 00-0A-95-BC-9E-C6) Sending Access-Challenge of id 56 to 130.203.126.22:2050 EAP-Message = 0x013700060d20 Message-Authenticator = 0x State = 0x20176ed82e3445ac575b0435ee536df8400ee093bad82b882a262918ab06f774ddfb2a94 This seems to indicate that rlm_eap_tls is failing? Is there any indication why? --nate - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dialup Admin and CHAP
Is there a way to use dialup admin if you have to use CHAP authentication? I haven't found anywhere to tell dialup admin to store passwords in clear text. Thanks, Ryan Yaldor - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP + System passwords?
[EMAIL PROTECTED] (Nathan Coraor) wrote: > Sending Access-Challenge of id 56 to 130.203.126.22:2050 > EAP-Message = 0x013700060d20 > Message-Authenticator = 0x > State = > 0x20176ed82e3445ac575b0435ee536df8400ee093bad82b882a262918ab06f774ddfb2a94 > > This seems to indicate that rlm_eap_tls is failing? What part of that output leads you to conclude that EAP-TLS is failing? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How Could We configure an empty Username and Password ? HELP
Nader Sayeh wrote: I tried to configure an empty username and password but it didn't work, how could I do so? i think an empty user is not really a user ;). maybe you sould have a look @ the DEFAULT records that are described in the doc's. with DEFAULT records you can define logins that do not need usernames and/or passwords. gerald - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_passwd usage?
I'm trying to get my head around the rlm_passwd module, and around freeradius in general :-) The rlm_passwd documentation isnt totally clear on this specific issue (an example in the documentation to parse a traditional /etc/shadow file would be helpful). If I have a flatfile of the format user:unix-crypted-password:someotherstuff:morestuff The proper format would be format = "*User-name:Crypt-Password:Some-Other-Attributes:More-Attributes" ? -Dan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help using rlm_passwd and rlm_krb5 with a huntgroup?
Hi, i've been successfully using 0.9 thru 0.9.3 in a simple config
in which all authentication is done by rlm_krb5. Now, i also need
to authenticate a certain subgroup of users with rlm_passwd. This
new subgroup of users will be identified by an IP-based huntgroup.
The huntgroup selection, and authentication with krb5 or passwd all
seem to work fine, when tested individually. My problem is for
cases when a user is to be authenticated by rlm_krb5 as determined
by huntgroup, but also happens to exist in the passwd file. In
this case, the user's password is checked against the passwd file
entry before rlm_krb gets called. This behavior is not what i was
hoping for.
Does it have to do with rlm_passwd being an authorize module, while
rlm_krb5 is an authenticate module? Is there a way around this?
Freeradius version is 0.9.3, built on Redhat 9. The relevant config
info (i think) is below. Output from radiusd -X -x is in an attached
text file.
# radius.conf: #
modules {
...
passwd 1aix-passwd {
filename = ${raddbdir}/aix-passwd
format = "*User-Name:Crypt-Password"
hashsize = 100
}
...
}
authenticate {
krb5
...
}
authorize {
...
1aix-passwd
...
}
# huntgroups: #
aixusersNAS-IP-Address == 1.1.1.1
# users: #
DEFAULTHuntgroup-Name == aixusers, Auth-Type := 1aix-passwd
DEFAULTAuth-Type := Kerberos
#
BTW, another weird thing is that radiusd was not able to instantiate
the rlm_passwd module unless i began the instance name with a digit.
In other words, if i used "aix-passwd", radiusd complained:
/opt/radius/etc/raddb/users[1]: Parse error (check) for entry DEFAULT: Unknown
value aix-passwd for attribute Auth-Type
Errors reading /opt/radius/etc/raddb/users
radiusd.conf[931]: files: Module instantiation failed.
But when i stuck a 1 at the beginning, it worked. Is this expected?
Thanks in advance,
-Matt
###
### radiusd -X -x startup output:
###
[...]
Wed Jan 21 17:32:40 2004 : Debug: Module: Loaded passwd
Wed Jan 21 17:32:40 2004 : Debug: passwd: filename =
"/opt/radius/etc/raddb/aix-passwd"
Wed Jan 21 17:32:40 2004 : Debug: passwd: format = "*User-Name:Crypt-Password"
Wed Jan 21 17:32:40 2004 : Debug: passwd: authtype = "(null)"
Wed Jan 21 17:32:40 2004 : Debug: passwd: delimiter = ":"
Wed Jan 21 17:32:40 2004 : Debug: passwd: ignorenislike = yes
Wed Jan 21 17:32:40 2004 : Debug: passwd: allowmultiplekeys = no
Wed Jan 21 17:32:40 2004 : Debug: passwd: hashsize = 100
Wed Jan 21 17:32:40 2004 : Info: rlm_passwd: nfields: 2 keyfield 0(User-Name)
listable: no
Wed Jan 21 17:32:40 2004 : Debug: Module: Instantiated passwd (1aix-passwd)
[...]
Wed Jan 21 17:32:40 2004 : Info: Listening on IP address *, ports 1812/udp and
1813/udp.
Wed Jan 21 17:32:40 2004 : Info: Ready to process requests.
###
### success case, when rlm_passwd is expected:
###
rad_recv: Access-Request packet from host 127.0.0.1:32782, id=2, length=65
User-Name = "test"
User-Password = "pswdpass"
NAS-IP-Address = 1.1.1.1
NAS-Port = 1
Framed-Protocol = PPP
Wed Jan 21 17:33:28 2004 : Debug: modcall: entering group authorize for request 0
Wed Jan 21 17:33:28 2004 : Debug: modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 0
Wed Jan 21 17:33:28 2004 : Debug: modsingle[authorize]: returned from preprocess
(rlm_preprocess) for request 0
Wed Jan 21 17:33:28 2004 : Debug: modcall[authorize]: module "preprocess" returns ok
for request 0
Wed Jan 21 17:33:28 2004 : Debug: modsingle[authorize]: calling chap (rlm_chap) for
request 0
Wed Jan 21 17:33:28 2004 : Debug: modsingle[authorize]: returned from chap
(rlm_chap) for request 0
Wed Jan 21 17:33:28 2004 : Debug: modcall[authorize]: module "chap" returns noop for
request 0
Wed Jan 21 17:33:28 2004 : Debug: modsingle[authorize]: calling eap (rlm_eap) for
request 0
Wed Jan 21 17:33:28 2004 : Debug: modsingle[authorize]: returned from eap (rlm_eap)
for request 0
Wed Jan 21 17:33:28 2004 : Debug: modcall[authorize]: module "eap" returns noop for
request 0
Wed Jan 21 17:33:28 2004 : Debug: modsingle[authorize]: calling suffix (rlm_realm)
for request 0
Wed Jan 21 17:33:28 2004 : Debug: rlm_realm: No '@' in User-Name = "test", looking
up realm NULL
Wed Jan 21 17:33:28 2004 : Debug: rlm_realm: No such realm "NULL"
Wed Jan 21 17:33:28 2004 : Debug: modsingle[authorize]: returned from suffix
(rlm_realm) for request 0
Wed Jan 21 17:33:28 2004 : Debug: modcall[authorize]: module "suffix" returns noop
for request 0
Wed Jan 21 17:33:28 2004 : Debug: modsingle[authorize]: calling 1aix-passwd
(rlm_passwd) for request 0
Wed Jan 21 17:33:28 2004 : Debug: rlm_passwd: Added Crypt-Password: 'z' to
config_items
Wed Jan 21 17:33:28 2004 : Debug: modsingle[authorize]: returned from 1aix-passwd
(rlm_passwd) for request 0
Wed Jan 21 17:33:28 2004 : Debug: modcall[authorize]: module "1aix-passwd" return
LDAP and groups
Sorry should have included it in the first place.
Here it is:
ldap {
server = "127.0.0.1"
identity = "cn=Manager,dc=test,dc=net,dc=au"
password =
basedn = "dc=test,dc=net,dc=au"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
start_tls = no
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
# password_header = "{clear}"
# password_attribute = userPassword
groupname_attribute = cu
groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
#groupmembership_attribute =
timeout = 4
timelimit = 3
net_timeout = 1
#compare_check_items = yes
#access_attr_used_for_allow = yes
}
User entry:
# testtest, People, test.net.au
dn: uid=testtest,ou=People,dc=test,dc=net,dc=au
objectClass: posixAccount
objectClass: shadowAccount
uid: testtest
homeDirectory: /home/testtest
cn: testtest account
gidNumber: 1002
loginShell: /bin/sh
uidNumber: 502
userPassword::
Group entry:
# disabled, Group, test.net.au
dn: cn=disabled,ou=Group,dc=test,dc=net,dc=au
cn: disabled
gidNumber: 1002
userPassword:
objectClass: posixGroup
memberUid: testtest
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: how to compile 0.9.3 at suse 9.0
Hi there, I have SuSE 8.2 and 9.0 both with the RPM that comes with SuSE and a found that the file rml_sqlcounter wasn't at the adress /usr/lib/freeradius Where supose to be rlm_sqlcounter Any ideas ??? /var/log/radius/radius.log Wed Jan 21 17:23:56 2004 : Info: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked Wed Jan 21 17:23:56 2004 : Info: rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius Wed Jan 21 17:23:56 2004 : Info: rlm_sql_mysql: Starting connect to MySQL server for #0 Wed Jan 21 17:23:56 2004 : Info: rlm_sql_mysql: Starting connect to MySQL server for #1 Wed Jan 21 17:23:56 2004 : Info: rlm_sql_mysql: Starting connect to MySQL server for #2 Wed Jan 21 17:23:56 2004 : Info: rlm_sql_mysql: Starting connect to MySQL server for #3 Wed Jan 21 17:23:56 2004 : Info: rlm_sql_mysql: Starting connect to MySQL server for #4 Wed Jan 21 17:23:56 2004 : Error: radiusd.conf[1] Failed to link to module 'rlm_sqlcounter': file not found Atte. CC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Spetzler, Arne (DZ-SH) Sent: Lunes, 19 de Enero de 2004 05:23 a.m. To: [EMAIL PROTECTED] Subject: how to compile 0.9.3 at suse 9.0 Hello there, i've recently tried to compiled the freeradius-0.9.3.tar.gz but could not get it to work properly :( After adding _much_ librarys i ended up with: [...] checking for krb5.h... no checking for krb5_encrypt_data in -lk5crypto... no checking for DH_new in -lcrypto... yes checking for set_com_err_hook in -lcom_err... no configure: warning: the comm_err library isn't found! checking for krb5_init_context in -lkrb5... no configure: warning: silently not building rlm_krb5. configure: warning: FAILURE: rlm_krb5 requires: krb5. [...] checking for pam_start in -lpam... (cached) no checking for security/pam_appl.h... (cached) no checking for pam/pam_appl.h... (cached) no configure: warning: silently not building rlm_pam. configure: warning: FAILURE: rlm_pam requires: libpam. [...] checking for oci.h... no configure: warning: oracle headers not found. Use --with-oracle-home-dir=. configure: warning: sql submodule 'oracle' disabled [...] checking for DES_cbc_encrypt in -lcrypto... (cached) no checking for des_cbc_encrypt in -lcrypto... (cached) no configure: warning: silently not building rlm_x99_token. configure: warning: FAILURE: rlm_x99_token requires: des_cbc_encrypt. [...] exept for the oracle issue i think i have installed all needed libs. Because i need no kerberos, pam and oracle i gave it a trie and run the resulting radiusd: but it crashed, when receiving the first packet: rad_recv: Access-Request packet from host 10.1.50.10:1046, id=120, length=119 User-Name = "T12" User-Password = "netzi" NAS-Port = 0 Service-Type = Framed-User Framed-Protocol = PPP Called-Station-Id = "10.1.50.10" Calling-Station-Id = "10.1.3.18" Tunnel-Client-Endpoint:0 = "10.1.3.18" Attr-201588758 = 0x0001 NAS-IP-Address = 10.1.50.10 NAS-Port-Type = Virtual modcall: entering group authorize for request 0 Segmentation fault what's the matter? Has anyone compile 0.9.3 on suse9.0 ? Any help would be appreciated, because I think i need the ippool fix for my server side pools regards, Arne Spetzler - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP + System passwords?
"Alan DeKok" said: > > > This seems to indicate that rlm_eap_tls is failing? > > What part of that output leads you to conclude that EAP-TLS is failing? > > Alan DeKok. > That was posed as a question because that was a guess. It indicated a return 1 and then didn't log anything else... that lead me to believe that was not the intended behaviour. Have I configured something improperly? Thanks, --nate - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: how to compile 0.9.3 at suse 9.0
Hi, On Wed, 21 Jan 2004, carlos collart wrote: > I have SuSE 8.2 and 9.0 both with the RPM that comes with SuSE and a found > that the file rml_sqlcounter wasn't at the adress > /usr/lib/freeradius > Where supose to be > rlm_sqlcounter rlm_sqlcounter is an "experimental" module which we do not deliver per default. CU, Wolfgang -- SUSE LINUX AG -o) Tel: +49-(0)911-740 53 0 Maxfeldstr. 5 /\\ Fax: +49-(0)911-740 53 489 90409 Nuernberg, Germany _\_v simply change to www.suse.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
