Re: -lssl depends on -lcrypto

[Jan Satko]

> "-lssl -lcrypto -L_OpenSSL_Lib_Directory -lssl -lcrypto"
> which fails with "library -lssl: not found". I'm lost...

I think problem is with "-L_OpenSSL_Lib_Directory". It doesn't matter
if -l is before -L. Where are your openssl libraries ? (when openssl is
compiled it is /usr/local/ssl/lib". So try -L/usr/local/ssl/lib.

If openssl is a package try "crle". It is command for Solaris to
displaying default library path. Configuration file is /var/ld/ld.config.
I have Solaris9 but i hope it is same od Solaris7.

--
   Bc. Jan 'EIS' Satko   Slovak University of Agriculture
 network & system managerTr. A. Hlinku 2
  Tel: +421 37 7412 616   949 76 Nitra Slovakia

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: PEAP LDAP

[Alexandre Durand]

So how to configure password for it works??

Because i configure "clear" password in LDAP database but it doesn't work.

Can you explain me in details what i have to do.

In radiusd.conf i put in ldap section :

password_attribute = userPassword

So i test freeradius with many authentification methods like TTLS, TLS,...
but PEAP only doesn't work with me in LDAP mode.For example TTLS/LDAP works
fine !!

PEAP works without LDAP with me.

Thanks for your help


- Original Message - 
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, August 09, 2004 11:06 PM
Subject: Re: PEAP LDAP


> "Alexandre Durand" <[EMAIL PROTECTED]> wrote:
> > I want to make an authentication PEAP between Win XP, openldap, and
> > freeradius. I ve a problem between mschapv2 and openldap. Indeed, I make
a
> > test with PEAP without openldap and its works. But if i want to use
openldap
> > + freeradius with peap i get an error in eap-mschap module of
freeradius.
> >
> > error is :
> >
> > rlm_mschap: No User-Password configured. Cannot create LM-Password.
>
>   So... configure a password.
>
> > So, In my Openldap i precised a clear password for my users.
>
>   I'm not sure what you mean by that.
>
>   In any case, stop trying to use PEAP.  Instead, test your existing
> configuration with PAP requests, sent in via "radtest".  If you can
> get clear-text passwords from OpenLDAP && do PAP, you can do PEAP.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Postgresql.conf authenticate_query not used

[Thor Spruyt]

Alan DeKok wrote:
>   Perhaps I don't understand what you're getting excited about.
> You've just posted a number of messages about this topic, when I
> already told you that query wasn't used.

Is the authorize_query also used to retrieve the user's password from the
database?

-- 
Regards,

Thor Spruyt
E: [EMAIL PROTECTED]
W: www.thor-spruyt.com
M: +32 (0)475 67 22 65


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

unsubscribe

[Georgi Ivanov]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


- -- 
Aii Data Processing
System Administrator
IT Department

Ако не отговарям на писмото виж по надолу 
http://6lyokavitza.org

One OS to rule them all, One OS to find them, One OS to bring them all and in 
the darkness bind them
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBGIPT0dEkp0mjhDsRAoYoAJwKABNutq3pdksgHl6yVUlXaqI8UwCfUBt5
PwvTrkVg8FVJHC1xTZs/Mtc=
=pZHE
-END PGP SIGNATURE-
.+-ЉwиюЛ›±КвmпоћЛ›±Квmдћzm§ярГлyкЪv+¬ўё?–+-юл®Иmљ

[Help] duplicate radacct records in my postgresql database

[ac]

Hi! all,

I use postgresql to record all the radacct-pkts from the freeradius-0.9.3.
But sometimes the record with the same acctuniqueid, acctsessionid 
appears twice or much more times.
I don't know why it happened and how to avoid it.

   By the way, is there any sql statment which can help me to delete or skip 
the duplicate records with the same  acctuniqueid ?

   Thanks for your advise in advance

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

problem compiling mysql module

[Conosciani Mauro]

Hi everybody

I’m having problem compiling freeradius-1.0.0-pre3
on RH ES 3, running 

[freeradius-1.0.0-pre3]# ./configure --prefix=/usr/local/radius/
--with-mysql-dir=/usr/local/mysql/bin/
--with-mysql-lib-dir=/usr/local/mysql/lib/
--with-mysql-include-dir=/usr/local/mysql/include/

 

I receive

…….

configuring in ./drivers/rlm_sql_mysql

running /bin/sh ./configure 
--prefix=/usr/local/radius/ --with-mysql-dir=/usr/local/mysql/bin/
--with-mysql-lib-dir=/usr/local/mysql/lib/
--with-mysql-include-dir=/usr/local/mysql/include/ --enable-ltdl-install
--cache-file=../../../../.././config.cache --srcdir=.

loading cache ../../../../.././config.cache

checking for gcc... (cached) gcc

checking whether the C compiler (gcc -g -O2
-D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5   -Wall
-D_GNU_SOURCE -DNDEBUG ) works... yes

checking whether the C compiler (gcc -g -O2
-D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5   -Wall
-D_GNU_SOURCE -DNDEBUG ) is a cross-compiler... no

checking whether we are using GNU C... (cached) yes

checking whether gcc accepts -g... (cached) yes

checking how to run the C preprocessor... (cached)
gcc -E

checking for mysql_config... (cached) no

checking for compress in -lz... (cached) yes

checking for mysql/mysql.h... no

configure: warning: mysql headers not found. 
Use --with-mysql-include-dir=.  (I DID IT)

configure: warning: sql submodule 'mysql' disabled

……….

I don’t understand the line checking for mysql/mysql.h

 

ANY IDEA……

Thanks

Re: PEAP LDAP

[Tiago Fernandes]

hi.

 try to add ntPassword attribute or lmPassword to your ldap schema.
 define the ntPassword attribute for the user, using smbencrypt to generate the 
password hash.


Tiago Fernandes


On Tue, 10 Aug 2004 10:03:30 +0200
"Alexandre Durand" <[EMAIL PROTECTED]> wrote:

> So how to configure password for it works??
> 
> Because i configure "clear" password in LDAP database but it doesn't work.
> 
> Can you explain me in details what i have to do.
> 
> In radiusd.conf i put in ldap section :
> 
> password_attribute = userPassword
> 
> So i test freeradius with many authentification methods like TTLS, TLS,...
> but PEAP only doesn't work with me in LDAP mode.For example TTLS/LDAP works
> fine !!
> 
> PEAP works without LDAP with me.
> 
> Thanks for your help
> 
> 
> - Original Message - 
> From: "Alan DeKok" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, August 09, 2004 11:06 PM
> Subject: Re: PEAP LDAP
> 
> 
> > "Alexandre Durand" <[EMAIL PROTECTED]> wrote:
> > > I want to make an authentication PEAP between Win XP, openldap, and
> > > freeradius. I ve a problem between mschapv2 and openldap. Indeed, I make
> a
> > > test with PEAP without openldap and its works. But if i want to use
> openldap
> > > + freeradius with peap i get an error in eap-mschap module of
> freeradius.
> > >
> > > error is :
> > >
> > > rlm_mschap: No User-Password configured. Cannot create LM-Password.
> >
> >   So... configure a password.
> >
> > > So, In my Openldap i precised a clear password for my users.
> >
> >   I'm not sure what you mean by that.
> >
> >   In any case, stop trying to use PEAP.  Instead, test your existing
> > configuration with PAP requests, sent in via "radtest".  If you can
> > get clear-text passwords from OpenLDAP && do PAP, you can do PEAP.
> >
> >   Alan DeKok.
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


pgpBrNxlOhdkZ.pgp
Description: PGP signature

Re: problem compiling mysql module

[Jan Satko]

> [freeradius-1.0.0-pre3]# ./configure --prefix=/usr/local/radius/
> --with-mysql-dir=/usr/local/mysql/bin/

Try this without /bin/.

> --with-mysql-lib-dir=/usr/local/mysql/lib/
> --with-mysql-include-dir=/usr/local/mysql/include/

I don't type any --with-mysql-* parameters and configure script
automatically find my mysql_config. I have rh9.0

> checking for mysql_config... (cached) no



--
   Bc. Jan 'EIS' Satko   Slovak University of Agriculture
 network & system managerTr. A. Hlinku 2
  Tel: +421 37 7412 616   949 76 Nitra Slovakia

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: [Help] duplicate radacct records in my postgresql database

[Alexander M. Pravking]

On Tue, Aug 10, 2004 at 04:18:08PM +0800, ac wrote:
> I use postgresql to record all the radacct-pkts from the freeradius-0.9.3.
> But sometimes the record with the same acctuniqueid, acctsessionid 
> appears twice or much more times.
> I don't know why it happened and how to avoid it.

Check if Acct-Delay-Time differs in requests. If it does, looks like you
have one of the following problems:

1. Network problems, so Accounting-Ack sometimes does not reach NAS, so
it re-sends request.
2. Slow database, so it takes too long time to accomplish the request
and the NAS gets timed out, again, re-sending the request. In this case
you can try to configure your NAS for greater timeout.

Some people would suggest using UNIQUE constraint on acctUniqueId column,
which also seems reasonable.

>By the way, is there any sql statment which can help me to delete or skip 
> the duplicate records with the same  acctuniqueid ?

If you have a serial id column in default schema try using

SELECT * FROM radacct WHERE EXISTS (
SELECT  1 FROM radacct r2
WHERE   r2.id < radacct.id -- note the "<"
AND r2.acctUniqueId = radacct.acctUniqueId
);

Then, if you sure that's it, replace SELECT with DELETE.
If you want leave the first of dups, use "<", if you want the last - ">".

-- 
Fduch M. Pravking

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: PEAP LDAP

[Alexandre Durand]

But there is not an other solution because in this case i oblige to install
Samba and i can't do this.

Or how to try to add ntPassword attribute or lmPassword to your ldap
schema.??

Thanks

- Original Message - 
From: "Tiago Fernandes" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, August 10, 2004 10:44 AM
Subject: Re: PEAP LDAP


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

R: problem compiling mysql module SOLVED

[Mauro]

OK The problem was related to the path for mysql/mysql.h.in fact I've
moved the files from /usr/local/mysql/include to
/usr/local/mysql/include/mysql and now works.
Cheers

-Messaggio originale-
Da: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Per conto di Jan Satko
Inviato: martedì 10 agosto 2004 11.02
A: [EMAIL PROTECTED]
Oggetto: Re: problem compiling mysql module

> [freeradius-1.0.0-pre3]# ./configure --prefix=/usr/local/radius/
> --with-mysql-dir=/usr/local/mysql/bin/

Try this without /bin/.

> --with-mysql-lib-dir=/usr/local/mysql/lib/
> --with-mysql-include-dir=/usr/local/mysql/include/

I don't type any --with-mysql-* parameters and configure script
automatically find my mysql_config. I have rh9.0

> checking for mysql_config... (cached) no



--
   Bc. Jan 'EIS' Satko   Slovak University of Agriculture
 network & system managerTr. A. Hlinku 2
  Tel: +421 37 7412 616   949 76 Nitra Slovakia

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-Messaggio originale-

Da: Conosciani Mauro 
Inviato: martedì 10 agosto 2004 10.22
A: '[EMAIL PROTECTED]'
Oggetto: problem compiling mysql module

Hi everybody

I’m having problem compiling freeradius-1.0.0-pre3 on RH ES 3, running 

[freeradius-1.0.0-pre3]# ./configure --prefix=/usr/local/radius/
--with-mysql-dir=/usr/local/mysql/bin/
--with-mysql-lib-dir=/usr/local/mysql/lib/
--with-mysql-include-dir=/usr/local/mysql/include/

 I receive

configuring in ./drivers/rlm_sql_mysql
running /bin/sh ./configure  --prefix=/usr/local/radius/
--with-mysql-dir=/usr/local/mysql/bin/
--with-mysql-lib-dir=/usr/local/mysql/lib/
--with-mysql-include-dir=/usr/local/mysql/include/ --enable-ltdl-install
--cache-file=../../../../.././config.cache --srcdir=.
loading cache ../../../../.././config.cache
checking for gcc... (cached) gcc
checking whether the C compiler (gcc -g -O2 -D_REENTRANT
-D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5   -Wall -D_GNU_SOURCE -DNDEBUG
) works... yes
checking whether the C compiler (gcc -g -O2 -D_REENTRANT
-D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5   -Wall -D_GNU_SOURCE -DNDEBUG
) is a cross-compiler... no
checking whether we are using GNU C... (cached) yes
checking whether gcc accepts -g... (cached) yes
checking how to run the C preprocessor... (cached) gcc -E
checking for mysql_config... (cached) no
checking for compress in -lz... (cached) yes
checking for mysql/mysql.h... no
configure: warning: mysql headers not found.  Use
--with-mysql-include-dir=.  (I DID IT)
configure: warning: sql submodule 'mysql' disabled

……….

I don’t understand the line checking for mysql/mysql.h

 

ANY IDEA……

Thanks


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: -lssl depends on -lcrypto

[Stefan . Neis]

Jan Satko schrieb:
> > "-lssl -lcrypto -L_OpenSSL_Lib_Directory -lssl
> -lcrypto"
> > which fails with "library -lssl: not found". I'm
> lost...
> 
> I think problem is with "-L_OpenSSL_Lib_Directory". It
> doesn't matter
> if -l is before -L. 

Yes and no. Apparently, it does not matter, when linking
executables (at least the configure tests do succeed with
 -lssl -L/usr/local/openssl/lib -lcrypto),  but it _does_ matter
when linking shared objects, where it complains that it
cannot find -lssl when arguments are given in that order,
while everything works if I manually call it with 
-L/usr/local/openssl/lib -lssl -lcrypto.

I now got everything to compile by 
- first modifying aclocal.m4 to preprend new libraries
   (so I get working "-lssl -lcrypto" instead of broken
"-lcrypto -lssl", unfortunately, the -Lsomething is
 placed wrongly, though) - see below.
- regenerating all configure scripts.
- Calling
  LDFLAGS=-L/usr/local/openssl/lib ./configure \
   --with-openssl-includes=/usr/local/openssl/include \
   --with-openssl-libraries=/usr/local/openssl/lib
  [ Note: No, it does _not_ work without the LDFLAGS= ...]
- Adding $(LDFLAGS) to two or three Makefiles where it
  was missing, so gcc again did choke on
   -lssl -L/usr/local/openssl/lib -lcrypto

Not exactly an easy build, but now it seems to be working.

  Regards,
Stefan

P.S.: Just for the record, here's my patch to aclocal.m4
that I used:
--- aclocal.m4.old  Sat Oct  4 02:15:42 2003
+++ aclocal.m4  Tue Aug 10 11:32:26 2004
@@ -4037,7 +4037,7 @@
 dnl #  Try to link it first, using the default libs && library paths
 dnl #
   old_LIBS="$LIBS"
-  LIBS="$LIBS -l$1"
+  LIBS="-l$1 $LIBS"
   AC_TRY_LINK([extern char $2();],
   [ $2()],
  smart_lib="-l$1")
@@ -4047,8 +4047,7 @@
 AC_LOCATE_DIR(smart_lib_dir,[lib$1.a])

 for try in $smart_try_dir $smart_lib_dir /usr/local/lib/ /opt/lib;
do
-  LIBS="$old_LIBS -L$try -l$1"
-
+  LIBS="-L$try -l$1 $old_LIBS"
   AC_TRY_LINK([extern char $2();],
   [ $2()],
  smart_lib="-L$try -l$1")
@@ -4065,8 +4064,8 @@
   if test "x$smart_lib" != "x"; then
 AC_MSG_RESULT(yes)
 eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes"
-LIBS="$old_LIBS $smart_lib"
-SMART_LIBS="$SMART_LIBS $smart_lib"
+LIBS="$smart_lib $old_LIBS"
+SMART_LIBS="$smart_lib $SMART_LIBS"
   else
 AC_MSG_RESULT(no)
 fi

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

make fail under Fedora

[Yyc]

hello ，

I install freeradius-1.0.0-pre3 under Fedora(i m not clear with the 
versionKernal:Linux version 2.6.5-1.358smp ).
./configure --prefix=/usr/local/radius
make

and the error info :

gcc  -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5   -Wall 
-D_GNU_SOURCE -DNDEBUG  -I../../include  -c rlm_krb5.c -o rlm_krb5.o
rlm_krb5.c:40:21: com_err.h: No such file or directory
rlm_krb5.c: In function `verify_krb5_tgt':
rlm_krb5.c:105: warning: passing arg 2 of `krb5_kt_read_service_key' discards 
qualifiers from pointer target type
rlm_krb5.c: In function `krb5_auth':
rlm_krb5.c:305: warning: implicit declaration of function 
`krb5_get_in_tkt_with_password'
gmake[6]: *** [rlm_krb5.o] Error 1
gmake[6]: Leaving directory `/home/yyc/freeradius-1.0.0-pre3/src/modules/rlm_krb5'
gmake[5]: *** [common] Error 1
gmake[5]: Leaving directory `/home/yyc/freeradius-1.0.0-pre3/src/modules'
gmake[4]: *** [all] Error 2
gmake[4]: Leaving directory `/home/yyc/freeradius-1.0.0-pre3/src/modules'
gmake[3]: *** [common] Error 1
gmake[3]: Leaving directory `/home/yyc/freeradius-1.0.0-pre3/src'
gmake[2]: *** [all] Error 2
gmake[2]: Leaving directory `/home/yyc/freeradius-1.0.0-pre3/src'
gmake[1]: *** [common] Error 1
gmake[1]: Leaving directory `/home/yyc/freeradius-1.0.0-pre3'
make: *** [all] Error 2



what 's the matter?



Regards.
Yyc







-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: make fail under Fedora

[Jan Satko]

> rlm_krb5.c:40:21: com_err.h: No such file or directory

Kerberos is in directory /usr/kerberos/. There is lib and include
directory. In include directory you can find com_err.h file. But gcc is
searching /usr/include.

I solve this problem with linking each header (*.h) from
/usr/kerberos/include/ to /usr/include/.

Another chance is inserting -I/usr/kerberos/include to the options in
Makefile.

--
   Bc. Jan 'EIS' Satko   Slovak University of Agriculture
 network & system managerTr. A. Hlinku 2
  Tel: +421 37 7412 616   949 76 Nitra Slovakia

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: PEAP LDAP

[Tiago Fernandes]

On Tue, 10 Aug 2004 11:31:35 +0200
"Alexandre Durand" <[EMAIL PROTECTED]> wrote:

> But there is not an other solution because in this case i oblige to install
> Samba and i can't do this.
> 
> Or how to try to add ntPassword attribute or lmPassword to your ldap
> schema.??

search for samba ldap schema, see how the attributes are defined.
then edit the radius ldap schema and insert the ntPassword attribute definition.

> 
> Thanks
> 
> - Original Message - 
> From: "Tiago Fernandes" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, August 10, 2004 10:44 AM
> Subject: Re: PEAP LDAP
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 



pgpglIiJFZjpI.pgp
Description: PGP signature

Re: PEAP LDAP

[Alexandre Durand]

If i earch for samba ldap schema, it means that i install a samba server!!
So, i won't install a samba server.

CAn i add a samba ldap shema whithout install Samba server?

I oblige to install Samba?


- Original Message - 
From: "Tiago Fernandes" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, August 10, 2004 12:17 PM
Subject: Re: PEAP LDAP


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: PEAP LDAP

[Tiago Fernandes]

On Tue, 10 Aug 2004 12:33:03 +0200
"Alexandre Durand" <[EMAIL PROTECTED]> wrote:

> If i earch for samba ldap schema, it means that i install a samba server!!

you don't need to install the samba server. just open the source and see the ldap
schema or use google :)

> So, i won't install a samba server.
> 
> CAn i add a samba ldap shema whithout install Samba server?
> 
> I oblige to install Samba?
> 
> 
> - Original Message - 
> From: "Tiago Fernandes" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, August 10, 2004 12:17 PM
> Subject: Re: PEAP LDAP
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


pgpPhKJCmBvRZ.pgp
Description: PGP signature

Re: -lssl depends on -lcrypto

[Stefan . Neis]

Alan DeKok schrieb:
> [EMAIL PROTECTED] wrote:
> > I'm trying to use FreeRadius-1.0.0-pre3 on Solaris7.
> 
>   That's fairly old.

Exactly the same problem with FreeRadius-1.0.0 - oh,
your point was not that pre3 is old, but rather that
Solaris 7 is old...
Well, yes, but I don't think newer Solaris functions have
a native (runtime) linker that's much different...

> > trying to link -lcrypto -lssl (wrong order) instead of
> using
> > -lssl -lcrypto.
> 
>   Hmm... it works in that order on the systems I've
> tested.

It depends on the linker.  GNU ld should be happy
with both, AFAIK, while Solaris native ld requires
the correct ordering. Moreover, I'm having static
libs for OpenSSL (simplifies distribution of  own
binaries), in that case even GNU ld would be
unhappy with -lcrypto -lssl, IIRC.

> > In contrast to last november's patch, I tried to get
> away with
> > just changing aclocal.m4 (changing AC_SMART_CHECK_LIB
> > to always add new libraries in front of the already
> known ones,
> > since that order seems much more reasonable anyway,
> 
>   I don't see why.

ld is/can be order sensitive, i.e. -llib1 -llib2 is not the
same as -llib2 -llib1 (i.e. if lib2 references symbols
from lib1, the first will fail while the second will succeed.
Thats always true (on Unix systems), if you are using
static libs, for dynamic libs it depends on the system).

If one already determined that gcc something -llib1
works fine,  you know that lib1 does not depend on
lib2, so lib1 and lib2 are either independent or
lib2 could depend on lib1.  Appending new libs in
configure tests (i.e. testing -llib1 -llib2) now will
only work if either the libraries are independent
or if you are using dynamic libs and compiling on
one of the "lucky" systems. Prepending new
libs in configure tests (i.e. testing -llib2 -llib1) will
always work.

> $ LIBS="-L_OpenSSL_Lib_Directory -lssl -lcrypto"
> ./configure

Yes, right. That's much better than trying to use "LDFLAGS"
which aren't referenced in all (any?) makefiles.

However, it makes me wonder, what was the point of
--with-openssl-includes/libraries?

BTW, my other problem is that Solaris 7 _does_ have
inet_pton, but it doesn't know about AF_INET6 or
struct in6_addr, so compiling misc.c doesn't work
without changing something. Right now, I'm hacking
autoconf.h after running configure (undefining
HAVE_INET_PTON and HAVE_INET_NTOP), but
having a test for AF_INET6 in configure(.in) [e.g.
AC_CHECK_COMPILE some piece of source code
which includes the right header(s) for IPv6 and
references AF_INET6] and doing something like 
#if defined (HAVE_AF_INET6) && defined(HAVE_INET_NTOP)
in misc.c would be much nicer...

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: make fail under Fedora

[Thor Spruyt]

Yyc wrote:
> rlm_krb5.c:40:21: com_err.h: No such file or directory

I solved this with:
# ln -s /usr/include/et/com_err.h /usr/include/com_err.h

-- 
Regards,

Thor Spruyt
E: [EMAIL PROTECTED]
W: www.thor-spruyt.com
M: +32 (0)475 67 22 65


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: PEAP LDAP

[Alexandre Durand]

I oblige to install samba to get schema with lmpassword or ntPassword !!

So, haw can i resolve my problem without Samba ?
- Original Message - 
From: "Tiago Fernandes" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, August 10, 2004 12:46 PM
Subject: Re: PEAP LDAP


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: PEAP LDAP

[Alexandre Durand]

i open ldap.attrmap file and i can see 2 lines :

checkItemLM-PasswordlmPassword
checkItemNT-PasswordntPassword

So?

And in my schema file i can't see lmpassword or ntpassword !!!

- Original Message - 
From: "Alexandre Durand" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, August 10, 2004 2:09 PM
Subject: Re: PEAP LDAP


> I oblige to install samba to get schema with lmpassword or ntPassword !!
>
> So, haw can i resolve my problem without Samba ?
> - Original Message - 
> From: "Tiago Fernandes" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, August 10, 2004 12:46 PM
> Subject: Re: PEAP LDAP
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

filtering users

[SMS Mail]

I have purchased the O'Reilly radius book and 
looked online and have yet to find any information about how to add parameters 
to deny specific access for certain users. What I would like to do is deny login 
access for specific users to only specific clients that are on radius. I think I 
might be looking in the right place through using filter-ids. What is the format 
for these filter profiles? Am I even looking in the right area? Could someone 
point me in the right direction?
TYLER JORDAN

Two times authorization using same login but different passwords (users != sql)

[Bastien]

Hi there :)

I'm trying to setup FreeRADIUS to work with two times authorization with two
different hardware using the same login but two different passwords.

The first request is sent by some Network Access Server (NAS) using user's
login and some password like 'cisco' to get VPN information.

The second request is sent by some Provider Edge Router (PE LNS) to
authenticate user's login and password using the same RADIUS server.

It can be done easily using the 'users' file, but it doesn't seem to be
possible using rlm_sql!

Can anybody help me ?

Kind regards,
Bastien DOUCE.


-

bdo Huntgroup-Name == "NAS_DIAL", Auth-Type == "CHAP", Password ==
"cisco"
Service-Type := Outbound,
Cisco-AVPair += "ipsec:key-exchange=ike",
Cisco-AVPair += "ipsec:group-lock=1",
Cisco-AVPair += "ip:dns-servers=$ADR_DNS_P $ADR_DNS_S",
Cisco-AVPair += "ipsec:tunnel-password=$PRESHARED_KEY",
Cisco-AVPair += "ip:addr-pool=$NOM_POOL",
Fall-Through = Yes

bdo Huntgroup-Name == "PE_DIAL", Auth-Type == "CHAP", Password == "test"
Cisco-AVPair += "$STRING_PUC",
Fall-Through = Yes



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: PEAP LDAP

[Tiago Fernandes]

On Tue, 10 Aug 2004 14:30:48 +0200
"Alexandre Durand" <[EMAIL PROTECTED]> wrote:

> i open ldap.attrmap file and i can see 2 lines :
> 
> checkItemLM-PasswordlmPassword
> checkItemNT-PasswordntPassword
> 
> So?

right. that is for freeradius to know how radius atributes correspond to ldap 
atributes.

> 
> And in my schema file i can't see lmpassword or ntpassword !!!

see the attach and apply the patch on your radius schema (RADIUS-LDAPv3.schema), to 
get lmPassword and ntPassword.


> 
> - Original Message - 
> From: "Alexandre Durand" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, August 10, 2004 2:09 PM
> Subject: Re: PEAP LDAP
> 
> 
> > I oblige to install samba to get schema with lmpassword or ntPassword !!
> >
> > So, haw can i resolve my problem without Samba ?
> > - Original Message - 
> > From: "Tiago Fernandes" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Tuesday, August 10, 2004 12:46 PM
> > Subject: Re: PEAP LDAP
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


patch-RADIUS-LDAPv3.schema+samba_password.diff.gz
Description: Binary data


pgpN4C2vlrN9n.pgp
Description: PGP signature

Re: PEAP LDAP

[Alexandre Durand]

Thanks for your file but how-to patch this file ?? :)
- Original Message - 
From: "Tiago Fernandes" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, August 10, 2004 3:40 PM
Subject: Re: PEAP LDAP


> On Tue, 10 Aug 2004 14:30:48 +0200
> "Alexandre Durand" <[EMAIL PROTECTED]> wrote:
>
> > i open ldap.attrmap file and i can see 2 lines :
> >
> > checkItemLM-PasswordlmPassword
> > checkItemNT-PasswordntPassword
> >
> > So?
>
> right. that is for freeradius to know how radius atributes correspond to
ldap atributes.
>
> >
> > And in my schema file i can't see lmpassword or ntpassword !!!
>
> see the attach and apply the patch on your radius schema
(RADIUS-LDAPv3.schema), to get lmPassword and ntPassword.
>
>
> >
> > - Original Message - 
> > From: "Alexandre Durand" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Tuesday, August 10, 2004 2:09 PM
> > Subject: Re: PEAP LDAP
> >
> >
> > > I oblige to install samba to get schema with lmpassword or ntPassword
!!
> > >
> > > So, haw can i resolve my problem without Samba ?
> > > - Original Message - 
> > > From: "Tiago Fernandes" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Tuesday, August 10, 2004 12:46 PM
> > > Subject: Re: PEAP LDAP
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> > >
> >
> > -
> > List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
> >
>

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: user can't connect internet

[Alan DeKok]

=?big5?q?chung=20chia=20chuin?= <[EMAIL PROTECTED]> wrote:
> When wireless users try to
> access NAS/Radius Server, then everthing was go well ,
> both radius and user had show authentication success ,
> but wireless users can't connect to others, can't ping
> to others.Is that any extra config as needed

  Do they have IP addresses?

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Permissions problem on the website

[Alan DeKok]

Ben Walding <[EMAIL PROTECTED]> wrote four times:
> The online docs are not available via the links on the website:
> 
> http://www.freeradius.org/radiusd/doc/

  The directory is not indexed.  See the CVS web for the files.

  And posting the same message 4 times doesn't help.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Postgresql.conf authenticate_query not used

[Alan DeKok]

"Thor Spruyt" <[EMAIL PROTECTED]> wrote:
> Is the authorize_query also used to retrieve the user's password from the
> database?

  Yes.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Redirection to a web page

[Lisa Casey]

Hi,

I think this has been asked before, but I cannot find it searching the list.

How would I (or can I) use free radius to redirect all authentications to a
specific web page based on Called-Station-ID?

Lisa Casey
Netlink 2000, Inc.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Redirection to a web page

[Thor Spruyt]

Lisa Casey wrote:
> How would I (or can I) use free radius to redirect all
> authentications to a specific web page based on Called-Station-ID?

You can't... the only thing radius can do is send an attribute with a
specific value back to the NAS.
It's up to the NAS to do something with that attribute. Look at the
documentation of your NAS which attribute it needs to redirect the user.

-- 
Regards,

Thor Spruyt
E: [EMAIL PROTECTED]
W: www.thor-spruyt.com
M: +32 (0)475 67 22 65


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Boot at Startup - Debian

[Nathan Blackham]

I am running FreeRadius1.0.0pre3 that was compiled from source along
with OpenSSL per jbibe's instructions on dslreports.com.  My server is
running fine.

My question is what I need to do for the init.d script to get it to
start up at boot time.  Should I steal the script from Debian's package
of the server 0.9.3 or should I create my own?  If I create my own what
should I include in it?

Thanks

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Starting Daemon in Debian

[Nathan Blackham]

I am using Debian for my FreeRadius server.  I compiled both OpenSSL and
FreeRadius1.0.0pre3 from code.  My question is not so much
troubleshooting the server but getting it started the way I want it.

My question is what I should use to start the server at boot.  Should I
steal the init.d script from Debian's package of 0.9.3 or should I
create my own?

If I do need to create my own what should I include in it?

Thanks

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Boot at Startup - Debian -- SORRY ABOUT THE DUPLICATE

[Nathan Blackham]

Evolution Crashed on me and I didn't know if the first message sent. 
Sorry.

On Tue, 2004-08-10 at 10:23, Nathan Blackham wrote:
> I am running FreeRadius1.0.0pre3 that was compiled from source along
> with OpenSSL per jbibe's instructions on dslreports.com.  My server is
> running fine.
> 
> My question is what I need to do for the init.d script to get it to
> start up at boot time.  Should I steal the script from Debian's package
> of the server 0.9.3 or should I create my own?  If I create my own what
> should I include in it?
> 
> Thanks
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

freeradius start on boot "rc.radiusd"

[Babar Shafiq]

Hello List,

I am using RedHat 9 and Freeradius 1.0pre3, and I was having little problem in adding 
radiusd at
boot time, now fixed.

If somebody have same problem like me try those steps:-
install -m 755 rc.radiusd /etc/rc.d/init.d/radiusd
and then 
chkconfig --add radiusd
*error* service radiusd does not support chkconfig

we have to add on top of /etc/rc.d/init.d/radiusd
# chkconfig: 2345 80 30
# description: FreeRadius 1.0pre3.
# processname: radiusd
# pidfile: $rundir/radiusd.pid

chkconfig --add radiusd
*this time radiusd will add to services*

radiusd on boot time is disable and enable from "ntsysv"



Regards,
Babar Shafiq Nazmi.



=
God is a great Programmer



__
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: freeradius start on boot "rc.radiusd"

[Bastien]

You should check for something like that at the head of the file :

#!/bin/sh
#
# chkconfig: 345 99 10
# description: Start/Stop the FreeRADIUS Daemon
#

Rgds,
Bastien

-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la part de Babar
Shafiq
Envoyé : mardi 10 août 2004 18:45
À : [EMAIL PROTECTED]
Objet : freeradius start on boot "rc.radiusd"

Hello List,

I am using RedHat 9 and Freeradius 1.0pre3, and I was having little problem
in adding radiusd at
boot time, now fixed.

If somebody have same problem like me try those steps:-
install -m 755 rc.radiusd /etc/rc.d/init.d/radiusd
and then 
chkconfig --add radiusd
*error* service radiusd does not support chkconfig

we have to add on top of /etc/rc.d/init.d/radiusd
# chkconfig: 2345 80 30
# description: FreeRadius 1.0pre3.
# processname: radiusd
# pidfile: $rundir/radiusd.pid

chkconfig --add radiusd
*this time radiusd will add to services*

radiusd on boot time is disable and enable from "ntsysv"



Regards,
Babar Shafiq Nazmi.



=
God is a great Programmer



__
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: freeradius start on boot "rc.radiusd"

[Bastien]

Sorry.. I read too fast :o(

-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la part de Bastien
Envoyé : mardi 10 août 2004 18:55
À : [EMAIL PROTECTED]
Objet : RE: freeradius start on boot "rc.radiusd"


You should check for something like that at the head of the file :

#!/bin/sh
#
# chkconfig: 345 99 10
# description: Start/Stop the FreeRADIUS Daemon
#

Rgds,
Bastien

-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la part de Babar
Shafiq
Envoyé : mardi 10 août 2004 18:45
À : [EMAIL PROTECTED]
Objet : freeradius start on boot "rc.radiusd"

Hello List,

I am using RedHat 9 and Freeradius 1.0pre3, and I was having little problem
in adding radiusd at
boot time, now fixed.

If somebody have same problem like me try those steps:-
install -m 755 rc.radiusd /etc/rc.d/init.d/radiusd
and then 
chkconfig --add radiusd
*error* service radiusd does not support chkconfig

we have to add on top of /etc/rc.d/init.d/radiusd
# chkconfig: 2345 80 30
# description: FreeRadius 1.0pre3.
# processname: radiusd
# pidfile: $rundir/radiusd.pid

chkconfig --add radiusd
*this time radiusd will add to services*

radiusd on boot time is disable and enable from "ntsysv"



Regards,
Babar Shafiq Nazmi.



=
God is a great Programmer



__
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius start on boot "rc.radiusd"

[Thor Spruyt]

Babar Shafiq wrote:
> If somebody have same problem like me try those steps:-
> install -m 755 rc.radiusd /etc/rc.d/init.d/radiusd
> and then
> chkconfig --add radiusd
> *error* service radiusd does not support chkconfig
> 
> we have to add on top of /etc/rc.d/init.d/radiusd
> # chkconfig: 2345 80 30
> # description: FreeRadius 1.0pre3.
> # processname: radiusd
> # pidfile: $rundir/radiusd.pid
> 
> chkconfig --add radiusd
> *this time radiusd will add to services*
> 
> radiusd on boot time is disable and enable from "ntsysv"

This works also:
1) cp /sbin/rc.radiusd /etc/rc.d/init.d/radiusd
2) vi /etc/rc.d/init.d/radiusd
# chkconfig 2345 90 10
3) chkconfig radiusd on

Or you might want to read supervise-radiusd.txt in the doc directory!

-- 
Regards,

Thor Spruyt
E: [EMAIL PROTECTED]
W: www.thor-spruyt.com
M: +32 (0)475 67 22 65


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

debugging the code

[Amedzekor Kafui]

Please can anyone help with debugging radius with gdb
or ddd.

I am particularly interested in looking at the
variables in rlm_preprocess.c during run time

Thanks.

Kafui Amedzekor



__
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

minimum required modules for EAP-TTLS

[Yi Zheng]

Hi,
 
I am tring to build a server with the smallest footprint that can do EAP-TTLS, with plain unix password file for authentication. No need for ldap, sql etc. In my current Make.enc, I have the default modules as the following:
 
RADIUSD_MAJOR_VERSION   = 1RADIUSD_MINOR_VERSION   = 0.0-pre3RADIUSD_VERSION = 1.0.0-pre3
MODULES =  rlm_acct_unique rlm_always rlm_attr_filter rlm_attr_rewrite rlm_chap rlm_counter rlm_dbm rlm_detail rlm_digest rlm_eap rlm_exec rlm_expr rlm_fastusers rlm_files rlm_ippool rlm_krb5 rlm_ldap rlm_mschap rlm_ns_mta_md5 rlm_pam rlm_pap rlm_passwd rlm_preprocess rlm_radutmp rlm_realm rlm_sql rlm_unix rlm_checkval
 
How do I find out what modules (and perhaps other features) EAP-TTLS is dependent on and eliminate the unnecessary modules/features to be compiled in as much as possible?
 
Also when running the server on a ARM based machine, I found some very interesting problems, which seems can be improved by proper coding. I would like some developer to take a look. Whom should I direct the question to?
 
Thanks,
 
- Yi

Re: freeradius start on boot "rc.radiusd"

[Kevin Bonner]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tuesday 10 August 2004 12:45, Babar Shafiq wrote:
> If somebody have same problem like me try those steps:-
> install -m 755 rc.radiusd /etc/rc.d/init.d/radiusd
> and then
> chkconfig --add radiusd
> *error* service radiusd does not support chkconfig

The redhat/rc.radiusd-redhat file supports chkconfig.

Kevin
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBGRFn/9i/ml3OBYMRAhaCAJ4lI7GCl1/YCGPl6vowTniiIAmf+QCeMYLm
se7KJzWoqvLheZYVLT4JUAY=
=w45s
-END PGP SIGNATURE-

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

web based billing

[Barry Murphy]

Hi,
 
I know this may be a little OT, however does anyone 
have a script / website where I can get a system that allows me to add products 
such as web hosting, email, domains, dial-up (flatrate, MB usage or hourly 
usage) sort of system.
 
I want to be able to add plans to the system, then 
it does all the work, emails customers their invoice on a monthly basis, 
allows the user to login and view their usage (MB and hours). I can either allow 
people to pay by paypal, or the rest will be doing a direct deposit where I can 
just tick a box, or enter the amount as a credit to the users account when they 
have paid. 
 
The ideal system would also have the ability to 
show me how much money has come in as aposed to gone out.
 
I know something like this would probably go for a 
bit of money as I have looked at a number of them on hotscripts.com but none do 
everything you need for an ISP like i have explained above. I don't have a lot 
of money to spend either being a student trying to start a small 
business.
 
Any advice welcomed.
 
Thanks
Barry 

FreeRadius 1.0.0 Compiler error in rlm_krb5.c

[RON FLORY]

- FreeRadius 1.0.0
- Linux, x86, Fedora Core 2-based, 2.6.7
- Kerberos 5 release 1.3.3
- gcc version 3.3.3 20040412 (Red Hat Linux 3.3.3-7)
Making static dynamic in rlm_krb5...
gmake[6]: Entering directory `/opt/x/freeradius-1.0.0/src/modules/rlm_krb5'
gcc  -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 
-Wall -D_GNU_SOURCE -DNDEBUG  -I../../include  -c rlm_krb5.c -o rlm_krb5.o
rlm_krb5.c:40:21: com_err.h: No such file or directory

--
 Changing the include of  at line 40 of
rlm_krb5/rlm_krb5.c from:
#include 
 to:
#include 
 Allows the build to procede.  I would also imagine adding
   -I /usr/include/et
 to cflags or the makefile would also work.
ron
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: web based billing

[Thor Spruyt]

Contact Siemens for the "ISP In A Rack" offering.
And post your message in text format next time :)

--
Regards,

Thor Spruyt
E: [EMAIL PROTECTED]
W: www.thor-spruyt.com
M: +32 (0)475 67 22 65

- Original Message - 
From: Barry Murphy
To: [EMAIL PROTECTED]
Sent: Tuesday, August 10, 2004 9:07 PM
Subject: web based billing


Hi,

I know this may be a little OT, however does anyone have a script / website
where I can get a system that allows me to add products such as web hosting,
email, domains, dial-up (flatrate, MB usage or hourly usage) sort of system.

I want to be able to add plans to the system, then it does all the work,
emails customers their invoice on a monthly basis, allows the user to login
and view their usage (MB and hours). I can either allow people to pay by
paypal, or the rest will be doing a direct deposit where I can just tick a
box, or enter the amount as a credit to the users account when they have
paid.

The ideal system would also have the ability to show me how much money has
come in as aposed to gone out.

I know something like this would probably go for a bit of money as I have
looked at a number of them on hotscripts.com but none do everything you need
for an ISP like i have explained above. I don't have a lot of money to spend
either being a student trying to start a small business.

Any advice welcomed.

Thanks
Barry


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: snapshot-20040807 - fedora core 1 - make fails - SOLVED

[Thor Spruyt]

Hi,

Just to let you know that this issue is gone in 1.0.0

Thanx!
Thor.

Paul Hampson wrote:
> On Sun, Aug 08, 2004 at 02:54:33PM +0200, Thor Spruyt wrote:
>> Paul Hampson wrote:
>>> On Sat, Aug 07, 2004 at 08:57:10PM +0200, Thor Spruyt wrote:
 Looking into the libltdl directory, I don't see a Makefile, but
 only a Makefile.in and Makefile.am
 In 1.0.0-pre3, the libltdl directory does contain a Makefile!
>>> 
>>> Check the list archives, the fix should be there somewhere.
>> 
>> Well, I found this:
> 
>> 
>> OK, so why is it trying to build in 'libltdl', when you've obviously
>> told it not to use the libltdl shipped with the system?
>> 
>>   What were your 'configure' options?  What is the value of
>> LIBLTDLPATH, in Make.inc?
>> 
>>   Alan DeKok.
>>> /QUOTE>
> 
>> Doesn't tell me anything new does it?
> 
> Keep searching the fix is (to the best of my memory) something to do
> with a bad value of base_dir in the libltdl directory.
> 
>> I didn't "tell it" anything. Just as in 1.0.0-pre3, I would expect
>> configure to handle this properly.
> 
> So you used the default configure options? Try passing an option to
> make FreeRADIUS use the system's libltdl instead of building its own.
> 
>> I'm still wondering why there's only Makefile.in and Makefile.am
> 
> Because the CVS HEAD has been converted to a more recent
> autoconf/automake combination than the 1.0 release branch. If you can
> help solve this (known) problem or find that it is in fact distinct
> from the known problem, that'd be quite handy.

-- 
Regards,

Thor Spruyt
E: [EMAIL PROTECTED]
W: www.thor-spruyt.com
M: +32 (0)475 67 22 65


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: minimum required modules for EAP-TTLS

[Alan DeKok]

Yi Zheng <[EMAIL PROTECTED]> wrote:
> How do I find out what modules (and perhaps other features)
> EAP-TTLS is dependent on and eliminate the unnecessary
> modules/features to be compiled in as much as possible?

  EAP-TTLS depends on rlm_eap/*.[ch], rlm_eap/types/rlm_eap_tls/*

  And you'll need some way to get usernames & passwords.

> MODULES =  rlm_acct_unique rlm_always rlm_attr_filter 
> rlm_attr_rewrite rlm_chap rlm_counter rlm_dbm rlm_detail rlm_digest rlm_eap rlm_exec 
> rlm_expr rlm_fastusers rlm_files rlm_ippool rlm_krb5 rlm_ldap rlm_mschap 
> rlm_ns_mta_md5 rlm_pam rlm_pap rlm_passwd rlm_preprocess rlm_radutmp rlm_realm 
> rlm_sql rlm_unix rlm_checkval

  Look through each one to see what it does, and whether or not you'll
need it.

  You can simply delete any module you don't want.

  Alan DeKok.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: web based billing

[Julius Igugu]

sisd.com/freeside

--- Barry Murphy <[EMAIL PROTECTED]> wrote:

> Hi,
> 
> I know this may be a little OT, however does anyone have a script /
> website where I can get a system that allows me to add products such
> as web hosting, email, domains, dial-up (flatrate, MB usage or hourly
> usage) sort of system.
> 
> I want to be able to add plans to the system, then it does all the
> work, emails customers their invoice on a monthly basis, allows the
> user to login and view their usage (MB and hours). I can either allow
> people to pay by paypal, or the rest will be doing a direct deposit
> where I can just tick a box, or enter the amount as a credit to the
> users account when they have paid. 
> 
> The ideal system would also have the ability to show me how much
> money has come in as aposed to gone out.
> 
> I know something like this would probably go for a bit of money as I
> have looked at a number of them on hotscripts.com but none do
> everything you need for an ISP like i have explained above. I don't
> have a lot of money to spend either being a student trying to start a
> small business.
> 
> Any advice welcomed.
> 
> Thanks
> Barry 


=
Julius Igugu
SouthWork Co. Ltd.



__
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius 1.0.0 Compiler error in rlm_krb5.c

[Kevin Bonner]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tuesday 10 August 2004 15:26, RON FLORY wrote:
>   Changing the include of  at line 40 of
> rlm_krb5/rlm_krb5.c from:
>
> #include 
>
>   to:
>
> #include 

Yes, but is it portable?  Probably not.

>   Allows the build to procede.  I would also imagine adding
>
> -I /usr/include/et
>
>   to cflags or the makefile would also work.

This is probably the easiest solution for people to do, as it doesn't involve 
editing the source code.

Kevin Bonner
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBGT1O/9i/ml3OBYMRAjACAJ9pI27nthvm/ePC9WokbvtHCxwJ/QCeIKJu
KaxJCoYRmrS8tNCQfqIymQY=
=iYQv
-END PGP SIGNATURE-

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Problem with FreeRADIUS 0.9.3 using LDAP Auth

[Oscar Caballero Chavanel]

Hello,

I started using and configuring FreeRADIUS 0.9.3 on SuSE Linux
Enterprise Server 8.

I need to authenticate RADIUS users to eDirectory server using LDAP.
After some research, I found how to accomplish that, however, the
performance is extremely slow. I am getting responses from LDAP after 10
seconds of waiting... THe LDAP server is running OK and the performance
using other software to query or authenticate is just fine.

I guess that maybe I am doing something wrong with the configuration
options.

Maybe you guys, could give me a hand and take a look at the following
lines:

Extracted from the radiusd.conf file...

ldap {
server = "192.168.1.3"
port = 389
identity = "cn=admin,o=novell"
password = novell
basedn = "o=novell"
# authtype = "MS-CHAP"
filter = "(uid=%u)"
start_tls = no
# default_profile = "cn=radprofile,ou=dialup,o=My
Org,c=UA"
# profile_attribute = "radiusProfileDn"
# access_group = "cn=clients,ou=dialup,o=My Org,c=UA"
# access_attr = "dialupAccess"
dictionary_mapping = ${raddbdir}/ldap.attrmap
# ldap_cache_timeout = 120
# ldap_cache_size = 0
ldap_connections_number = 5
# password_header = "{clear}"
password_attribute = userPassword
# groupname_attribute = cn
# groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
timeout = 4
timelimit = 3
net_timeout = 1
}

I also changed my users configuration file, to use LDAP as the default
(and unique) Auth-Type. Is there anything else I should configure or
modify in the configuration files?

Thanks so much for your help!

Oscar Caballero

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

missing EAP-TTLS outer User-Name

[David Hart]

This issue was discussed on the list several months ago, but I haven't
seen any resolution posted.

Recent Broadcom wireless drivers in Dell laptops natively support
EAP-TTLS but do not send an outer User-Name. Apparently the standard
permits this behavior, but it causes EAP authentication to fail on
FreeRADIUS (latest CVS) with the error 'UserIdentity Unknown':

rad_recv: Access-Request packet from host 172.16.83.5:21650, id=100, 
length=153
User-Name = ""
Framed-MTU = 1400
Called-Station-Id = "000f.f7a7.bee0"
Calling-Station-Id = "0090.96b6.6fa9"
Cisco-AVPair = "ssid=cwu"
Service-Type = Login-User
Message-Authenticator = 0xfb434f263f2d7616f14bdbca628e665c
EAP-Message = 0x0201000501
NAS-Port-Type = Wireless-802.11
Cisco-NAS-Port = "399"
NAS-Port = 399
NAS-IP-Address = 172.16.83.5
NAS-Identifier = "ap1231-bou-2c-1"
rad_lowerpair:  User-Name now ''
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
  modcall[authorize]: module "preprocess" returns ok for request 4
  rlm_eap: EAP packet type response id 1 length 5
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 4
users: Matched DEFAULT at 21
  modcall[authorize]: module "files" returns ok for request 4
modcall: group authorize returns updated for request 4
  Processing the authorize section of radiusd.conf
modcall: entering group Autz-Type for request 4
radius_xlat:  'anonymous'
rlm_attr_rewrite: Added attribute User-Name with value 'anonymous'
  modcall[authorize]: module "add-username" returns ok for request 4
modcall: group Autz-Type returns ok for request 4
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: UserIdentity Unknown
rlm_eap: Identity Unknown, authentication failed
  rlm_eap: Failed in handler
  modcall[authenticate]: module "eap" returns invalid for request 4
modcall: group authenticate returns invalid for request 4
auth: Failed to validate the user.
Login incorrect: [] (from client ap1231-bou-2c-1 port 399 cli 
0090.96b6.6fa9)

As the log indicates, I'm using rlm_attr_rewrite to supply the missing
User-Name, but this seems to occur too late for EAP processing to pick
it up.

relevant portions of users:

# rewrite empty User-Name
DEFAULT User-Name =~ "^$", Autz-Type := rewrite

# avoid LDAP lookup for user outside EAP-TTLS tunnel
anonymous Autz-Type := NULL

# only use SQL for MAC authentication
DEFAULT User-Name =~ "^[0-9a-f]{12}$", Autz-Type := SQL

# LDAP for rest
DEFAULT Autz-Type := LDAP

relevant portions of radiusd.conf:

modules {
...
attr_rewrite add-username {
attribute = User-Name
searchin = packet
searchfor = "^$"
replacewith = "anonymous"
maxmatches = 1
new_attribute = yes
}
...
}


authorize {
preprocess
eap
files

# only use LDAP for authorization when explicity told to
Autz-Type LDAP {
ldap
}
# ditto for SQL (MAC authentication only)
Autz-Type SQL {
sql
}
Autz-Type rewrite {
add-username
}
}

authenticate {
eap
authtype PAP {
pap
}
authtype LDAP {
ldap
}
}

EAP-TTLS works fine if I send any non-empty value for the outer
User-Name, which I can do with other supplicants but not the one in
question. Has anyone solved this problem? From my research, it appears
that configuration directives aren't enough, and changes to the code are
required.

David Hart
Central Washington University


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

re:user can't connect internet

[chung chia chuin]

=?big5?q?chung=20chia=20chuin?=
<[EMAIL PROTECTED]> wrote:
>> When wireless users try to
>> access NAS/Radius Server, then everthing was go
well ,
>> both radius and user had show authentication
success ,
>> but wireless users can't connect to others, can't
ping
>> to others.Is that any extra config as needed

>  Do they have IP addresses?

>  Alan DeKok.

i had assign static ip address to all remote user,
and also failed to use dhcp service from access
point...and still same problem

-
Yahoo!奇摩Messenger6.0
即時通送你巴里島六人行！
http://tw.messenger.yahoo.com/promo/2004/mgm/index.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: snapshot-20040807 - fedora core 1 - make fails - SOLVED

[Paul Hampson]

On Tue, Aug 10, 2004 at 10:35:00PM +0200, Thor Spruyt wrote:
> Just to let you know that this issue is gone in 1.0.0

1.0.0 is basically 1.0.0-pre3, which you had said was already
working. I expect the problem still exists in CVS HEAD.

-- 
Paul "TBBle" Hampson, on an alternate email client.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Starting Daemon in Debian

[Paul Hampson]

On Tue, Aug 10, 2004 at 10:23:10AM -0600, Nathan Blackham wrote:
> I am using Debian for my FreeRadius server.  I compiled both OpenSSL and
> FreeRadius1.0.0pre3 from code.  My question is not so much
> troubleshooting the server but getting it started the way I want it.
> 
> My question is what I should use to start the server at boot.  Should I
> steal the init.d script from Debian's package of 0.9.3 or should I
> create my own?
> 
> If I do need to create my own what should I include in it?

Why not use the one that comes in the Debian package 1.0.0pre3 produces?

You _did_ build it with dpkg-buildpackage, didn't you? ^_^

-- 
Paul "TBBle" Hampson, on an alternate email client.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problem with FreeRADIUS 0.9.3 using LDAP Auth

[Robert Banniza]

Run 'radiusd -X -A' and report back where it seems to be hanging up.

Robert

On Tue, Aug 10, 2004 at 03:38:17PM -0600, Oscar Caballero Chavanel wrote:
> Hello,
> 
> I started using and configuring FreeRADIUS 0.9.3 on SuSE Linux
> Enterprise Server 8.
> 
> I need to authenticate RADIUS users to eDirectory server using LDAP.
> After some research, I found how to accomplish that, however, the
> performance is extremely slow. I am getting responses from LDAP after 10
> seconds of waiting... THe LDAP server is running OK and the performance
> using other software to query or authenticate is just fine.
> 
> I guess that maybe I am doing something wrong with the configuration
> options.
> 
> Maybe you guys, could give me a hand and take a look at the following
> lines:
> 
> Extracted from the radiusd.conf file...
> 
> ldap {
> server = "192.168.1.3"
> port = 389
> identity = "cn=admin,o=novell"
> password = novell
> basedn = "o=novell"
> # authtype = "MS-CHAP"
> filter = "(uid=%u)"
> start_tls = no
> # default_profile = "cn=radprofile,ou=dialup,o=My
> Org,c=UA"
> # profile_attribute = "radiusProfileDn"
> # access_group = "cn=clients,ou=dialup,o=My Org,c=UA"
> # access_attr = "dialupAccess"
> dictionary_mapping = ${raddbdir}/ldap.attrmap
> # ldap_cache_timeout = 120
> # ldap_cache_size = 0
> ldap_connections_number = 5
> # password_header = "{clear}"
> password_attribute = userPassword
> # groupname_attribute = cn
> # groupmembership_filter =
> "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
> timeout = 4
> timelimit = 3
> net_timeout = 1
> }
> 
> I also changed my users configuration file, to use LDAP as the default
> (and unique) Auth-Type. Is there anything else I should configure or
> modify in the configuration files?
> 
> Thanks so much for your help!
> 
> Oscar Caballero
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

command-line option -p to radiusd not working

[Nils Rønhovde]

Hello,

I am a bit puzzled that radiusd says "Ignoring deprecated command-line option -p" 
while usage() says:
" -p port Bind to 'port', and not to the radius/udp, or 1646/udp."

I must admit that I haven't read the list thoroughly for the last year or so, so can I 
have missed a discussion whether the -p option should work or not?

Is there a reason why -p should not work? 

Or why isn't usage() or the check-radiusd-config updated accordingly?


-- 
best regards
Nils Rønhovde
Telenor Networks

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Radutmp and Simultaneous-use

[David]

Hi,

I have a stand alone radius server set up in a test enviroment so that
I can test and learn more about simultaneous use.

I am using radclient to send auth requests, start and stop packets.
I have radutmp/radwtmp enabled in radiusd.conf. I have created
a test user in my user file:

"test"  Auth-Type := Local, User-Password == "test",
Simultaneous-Use := 1
Reply-Message = "Hello World"

At this time I do not have a hardware NAS to check simultaneous use against.

1.  Even with simultaneous use set to one, using radclient I can login
multiple times with my test user.

2.  Radwho does not return any users logged in.

3.  I notice the size of radutmp never increases, it is always 0. Should
the size of this file increase?

4. For testing, is it possible to test/use Simultaneous-Use with just radius
alone?
- If so, any suggestions on what I should check to get it working?

5. Is their a way to simulate a hardware NAS or test without NAS?

Thanks,


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

How to force PAP and disable CHAP?

[ecsd]

freeradius-1.0.0 pre3
How do I tell FreeRadius to DO pap and NOT do chap?
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html