Re: Proxying and setting the Pool-Name for ippool
On Mon, Nov 08, 2004 at 06:27:37PM +0200, Pasi Kärkkäinen wrote:
> On Mon, Nov 08, 2004 at 05:48:22PM +0200, Kostas Kalevras wrote:
> > On Mon, 8 Nov 2004, Pasi [iso-8859-1] K?rkk?inen wrote:
> >
> > >Hi!
> > >
> > >I have NAS, which is using freeradius (1.0.0) server r1.
> > >Freeradius server r1 is proxying some requests (based on realm, @ suffix)
> > >to
> > >radius server r2.
> > >
> > >Authentication and proxying works well. Now, the problem is assigning ip
> > >addresses (using ippool) on r1.
> > >
> > >r1 is the radius server that needs to assign the ip-address (from some
> > >ippool)
> > >always.
> > >
> > >So, How to specify Pool-Name in r1 when proxying? I'm not stripping realms
> > >when proxying.
> > >
> > >If I add entry to hints file, or users file to match suffix "@foo", and add
> > >the Pool-Name attribute, then the username will be always stripped
> > >(proxied as stripped)..
> > >and this means the authentication fails.
> > >
> > >How to add Pool-Name attribute (based on realm) while proxying, and not
> > >stripping usernames for proxying?
> >
> > I think you 're looking for the nostrip directive in proxy.conf
> >
>
> Thanks for the answer, I should have pasted the configuration..
>
> I'm already using nostrip option in proxy.conf! Proxying works well and the
> realm is not stripped as long as I add entry to hints file.
>
> when I add entry to hints (and set Strip-User-Name = No in the entry), the
> username will be proxied as stripped.. is that a bug?
>
proxy.conf:
realm foo.com {
type = radius
authhost = r2
accthost = r2
secret = secret
nostrip
}
This works well, and the users are proxied without the usernames being
stripped.
But now, If I add this to hints, the users's are proxied with stripped
usernames:
DEFAULT Suffix == "@foo.com", Strip-User-Name = No
Hint = "foo-pool",
Pool-Name = "foo-pool"
Is this a bug, or is this the wrong way to do this?
-- Pasi Kärkkäinen
^
. .
Linux
/-\
Choice.of.the
.Next.Generation.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Counter Problems
On Mon, 8 Nov 2004, Jordan Eunson wrote:
OK, so I checked for any accounting info in the logs and found a whole
folder with accounting details in it. Doesn't this mean that I'm receiving
accounting packets? Here's a snippet from my
Yes
${raddir}/var/log/radacct/clientip/detail-20041108 file
I'm still going to the whole DEBUG thing tho so if this isn't it then I'll
find more in the debug log.
DEBUG is to run the server in debug mode and see what's happening as Alan
explained. This is just a detail file snippet.
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxying and setting the Pool-Name for ippool
On Tue, Nov 09, 2004 at 01:11:47PM +0200, Pasi Kärkkäinen wrote:
> On Mon, Nov 08, 2004 at 06:27:37PM +0200, Pasi Kärkkäinen wrote:
> > On Mon, Nov 08, 2004 at 05:48:22PM +0200, Kostas Kalevras wrote:
> > > On Mon, 8 Nov 2004, Pasi [iso-8859-1] K?rkk?inen wrote:
> > >
> > > >Hi!
> > > >
> > > >I have NAS, which is using freeradius (1.0.0) server r1.
> > > >Freeradius server r1 is proxying some requests (based on realm, @
> > > >suffix)
> > > >to
> > > >radius server r2.
> > > >
> > > >Authentication and proxying works well. Now, the problem is assigning ip
> > > >addresses (using ippool) on r1.
> > > >
> > > >r1 is the radius server that needs to assign the ip-address (from some
> > > >ippool)
> > > >always.
> > > >
> > > >So, How to specify Pool-Name in r1 when proxying? I'm not stripping
> > > >realms
> > > >when proxying.
> > > >
> > > >If I add entry to hints file, or users file to match suffix "@foo", and
> > > >add
> > > >the Pool-Name attribute, then the username will be always stripped
> > > >(proxied as stripped)..
> > > >and this means the authentication fails.
> > > >
> > > >How to add Pool-Name attribute (based on realm) while proxying, and not
> > > >stripping usernames for proxying?
> > >
> > > I think you 're looking for the nostrip directive in proxy.conf
> > >
> >
> > Thanks for the answer, I should have pasted the configuration..
> >
> > I'm already using nostrip option in proxy.conf! Proxying works well and the
> > realm is not stripped as long as I add entry to hints file.
> >
> > when I add entry to hints (and set Strip-User-Name = No in the entry), the
> > username will be proxied as stripped.. is that a bug?
> >
>
> proxy.conf:
>
> realm foo.com {
> type = radius
> authhost = r2
> accthost = r2
> secret = secret
> nostrip
> }
>
>
> This works well, and the users are proxied without the usernames being
> stripped.
>
> But now, If I add this to hints, the users's are proxied with stripped
> usernames:
>
> DEFAULT Suffix == "@foo.com", Strip-User-Name = No
> Hint = "foo-pool",
> Pool-Name = "foo-pool"
>
>
> Is this a bug, or is this the wrong way to do this?
>
In fact, after adding the hints entry, the request will not be proxied at
all, because the realm is removed from the username, and it won't match
entry in the proxy.conf anymore..
I wonder what's the meaning of Strip-User-Name in hints..
-- Pasi Kärkkäinen
^
. .
Linux
/-\
Choice.of.the
.Next.Generation.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RadiusReport problems
Hi, perhaps i had already send this mail, but no-one reply. I use Radiusreport 0.3b6 to manage the file log, it works pretty good, but it doesn't display the traffic input and output of the users, for example if i use the string radiusreport -tba -l username -f pathfile it displays date, login, logout, time, port and total right, but the bandwt in-out every time are 0 and also total data transferred are 0. In the detail file of accounting, there are both the Acct-Output-Octets and Acct-Input-Octets, and I manual translate it to decimal, so there are more than 4 kilobyte of traffic (on the first time, i think that it doesn't work because i sent/received nothing enough byte). There is anyone else that has this problem? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fallback ?
On Tue, 9 Nov 2004, Garry Glendown wrote: Question - in order to get some basic fallback running, I was thinking about setting up some kind of mechanism where one FreeRadius was operating in proxy mode, querying our two radius servers, and in case both failed to answer, would deliver some kind of fallback authentication (like, always OK but with a 30min connection time or so) ... can this be done? In this way you create a single point of failure in the form of the proxy server. A better solution would be to configure your nas to ask two radius servers in a failover scenario. On each radius server you could configure a fallback authentication (redundant section with your favorite user db and a files module instance) and everything should work ok. Tnx, -gg - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to add attribute in post-proxy?
Hi! How do I add new attribute in post-proxy section? I need to add "Pool-Name" attribute based on the realm of the user proxied.. Other solution would be to make the home-radius-server assign value for "Pool-Name" and use attrs in proxy-radius to make sure it is the correct value for realm of the user? Thanks! -- Pasi Kärkkäinen ^ . . Linux /-\ Choice.of.the .Next.Generation. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mod_auth_radius, Apache 2.0 reverse proxy, challenge-response issues
Hello- I've manged to get mod_auth_radius working with Apache 2.0 and a remote CryptoCard Server. Unfortunately, the CryptoCard is in Challenge-Response mode and the owner can't/won't change to Quicklog. No biggy, as the user just gets the first prompt, then the challenge-response prompt. The problem is, for every object that Apache is pulling from the backend server (reverse proxying), the user is being prompted. Is there a way to avoid the multiple prompts, yet retain RADIUS authentication? TIA - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
error in compilation (make)
Hello everybody. I have installed mysql-standard-4.0.21-sun-solaris2.9-sparc-64bit.tar.gz, Apache2, php4.3.9 and openldap. The problem is when I try to run make, though configure run ok, ( ./configure --prefix=/usr/local/freeradius --exec-prefix=/usr/local/freeradius --with-mysql-include-dir=/usr/local/mysql/include with-openldap-include-dir=/usr/local/openldap ) I get the following errors. I think it is all about mysql. The pltaform is Sol 9. Does anybody have any idea? I have stuck the whole day here. Thanks a lot. Eva Kolega gcc: sql_mysql.c: linker input file unused because linking not done /usr/local/src/freeradius-1.0.1/libtool --mode=link ld -module -static -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -W -Wredundant-decls -Wundef -I../.. -I../../../../include -I/usr/local/mysql/include -Xa -xstrconst -mt -D_FORTEC_ -xarch=v9 sql_mysql.o -o rlm_sql_mysql.a mkdir .libs (cd . && ln -s sql_mysql.lo sql_mysql.o) ar cru rlm_sql_mysql.a sql_mysql.o ar: cannot open sql_mysql.o No such file or directory ar: sql_mysql.o not found make[10]: *** [rlm_sql_mysql.a] Error 1 make[10]: Leaving directory `/usr/local/src/freeradius-1.0.1/src/modules/rlm_sql/drivers/rlm_sql_mysql' make[9]: *** [common] Error 1 make[9]: Leaving directory `/usr/local/src/freeradius-1.0.1/src/modules/rlm_sql/drivers' make[8]: *** [static] Error 2
'nas' table structure
Hello, does the order of colums in the 'nas' table make sense? I asking because, when i dropped 2nd column then added it, the radius 'stopped' to work. Errors like below are appearing in the logs: Tue Nov 9 18:28:13 2004 : Auth: Login incorrect: [edgars/,\314\334xv\023\216r8PG\225\315\347\321\256] (from client 10.5.8.103 port 125 cli 1.1.1.2) And for client who was already logged in before changes: Tue Nov 9 18:28:14 2004 : Error: Received Accounting-Request packet from 10.5.8.103 with invalid signature! (Shared secret is incorrect.) Tue Nov 9 18:28:14 2004 : Error: Received Accounting-Request packet from 10.5.8.103 with invalid signature! (Shared secret is incorrect.) Edgars - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius, EAP-TLS, MacOSX...
I have FreeRadius 1.0.1 compiled and installed on OS 10.3. I am able to authenticate a local user, but when I attempt to use TLS I get the following information from radtest... Tue Nov 9 09:11:55 2004 : Debug: rlm_eap: EAP Identity Tue Nov 9 09:11:55 2004 : Debug: rlm_eap: processing type md5 Tue Nov 9 09:11:55 2004 : Info: rlm_eap_md5: Issuing Challenge Tue Nov 9 09:11:55 2004 : Debug: Not-EAP proxy set. Not composing EAP Tue Nov 9 09:11:55 2004 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 5 Any guidance or suggestions would be greatly appreciated. The rex. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 'nas' table structure
On Tue, 9 Nov 2004, Edgars wrote: Hello, does the order of colums in the 'nas' table make sense? I asking because, when i dropped 2nd column then added it, the radius 'stopped' to work. Errors like below are appearing in the logs: Tue Nov 9 18:28:13 2004 : Auth: Login incorrect: [edgars/,\314\334xv\023\216r8PG\225\315\347\321\256] (from client 10.5.8.103 port 125 cli 1.1.1.2) And for client who was already logged in before changes: Tue Nov 9 18:28:14 2004 : Error: Received Accounting-Request packet from 10.5.8.103 with invalid signature! (Shared secret is incorrect.) Tue Nov 9 18:28:14 2004 : Error: Received Accounting-Request packet from 10.5.8.103 with invalid signature! (Shared secret is incorrect.) Edgars Yes rlm_sql expects specific row order for the nas table. Do a cvs update on rlm_sql.c this has just been fixed. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to add attribute in post-proxy?
Pasi Kärkkäinen wrote: > How do I add new attribute in post-proxy section? See module rlm_attr_rewrite. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius, EAP-TLS, MacOSX...
[EMAIL PROTECTED] wrote: > I have FreeRadius 1.0.1 compiled and installed on OS 10.3. I am able > to authenticate a local user, but when I attempt to use TLS I get the > following information from radtest... > > Tue Nov 9 09:11:55 2004 : Debug: rlm_eap: EAP Identity > Tue Nov 9 09:11:55 2004 : Debug: rlm_eap: processing type md5 Well, you're not using EAP-TLS. > Any guidance or suggestions would be greatly appreciated. What do you think is wrong? What do you expect the server to do? What you've posted is a piece from the middle of the server doing something. Without knowing the larger context, it's impossible to say if anything is going wrong, or if the server is doing what you expect. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Configuring Freeradius to authenticate with MySQL
Hello folks I'm trying to configure freeradius to authenticate with MySQL. I made tests without MySQL and works fine. But With MySQL I'm having problems. I create the database radius and create the tables with the mysql file that come in the tgz of the sources using the command mysql -root radius < db_mysql.sql I have edited the file sql.conf ajusting it to connect in my mysql server, in the file radiusd.conf the entry sql in the authenticate field is uncommented. When I start freeradius in debug mode I show the following rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linkedrlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radiusrlm_sql (sql): starting 0rlm_sql (sql): Attempting to connect rlm_sql_mysql #0rlm_sql_mysql: Starting connect to MySQL server for #0rlm_sql (sql): Connected new DB handle, #0rlm_sql (sql): starting 1rlm_sql (sql): Attempting to connect rlm_sql_mysql #1rlm_sql_mysql: Starting connect to MySQL server for #1rlm_sql (sql): Connected new DB handle, #1rlm_sql (sql): starting 2rlm_sql (sql): Attempting to connect rlm_sql_mysql #2rlm_sql_mysql: Starting connect to MySQL server for #2rlm_sql (sql): Connected new DB handle, #2rlm_sql (sql): starting 3rlm_sql (sql): Attempting to connect rlm_sql_mysql #3rlm_sql_mysql: Starting connect to MySQL server for #3rlm_sql (sql): Connected new DB handle, #3rlm_sql (sql): starting 4rlm_sql (sql): Attempting to connect rlm_sql_mysql #4rlm_sql_mysql: Starting connect to MySQL server for #4rlm_sql (sql): Connected new DB handle, #4 I don't know if this mean that the freeradius is connected to the MySQL server or this is an error... And when I try to authenticate it show the following: This test was maded with radtest. rad_recv: Access-Request packet from host 127.0.0.1:1024, id=229, length=70 User-Name = "00045700A43B" User-Password = "\373\346\367\211*Xw\362fSeb\023s\224\001" NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 Framed-Protocol = PPPrlm_sql (sql): Reserving sql socket id: 4rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00045700A43B' ORDER BY idrlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '00045700A43B' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.idrlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '00045700A43B' ORDER BY idrlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '00045700A43B' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.idrlm_sql: unknown attributerlm_sql (sql): Error getting data from databaserlm_sql (sql): No matching entry in the database for request from user [00045700A43B]rlm_sql (sql): Released sql socket id: 4rad_recv: Access-Request packet from host 127.0.0.1:1024, id=229, length=70Sending Access-Reject of id 229 to 127.0.0.1:1024 Please if some one could help me with this issue I will be very grateful. Probably I'm forget something. Thanks very much, André Zenun __Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: Configuring Freeradius to authenticate with MySQL
<[EMAIL PROTECTED]> wrote: > But With MySQL I'm having problems. > I create the database radius and create the tables with the mysql file that > come in the tgz of the sources using the command mysql -root radius < > db_mysql.sql > > I have edited the file sql.conf ajusting it to connect in my mysql server, in > the file radiusd.conf the entry sql in the authenticate field is uncommented. Did you populate the MySQL tables with data? > rlm_sql (sql): Connected new DB handle, #4 > > I don't know if this mean that the freeradius is connected to the MySQL > server or this is an error... It says "Connected". It probably means "Connected". > And when I try to authenticate it show the following: ... > rlm_sql: unknown attribute You didn't populate the table with anything the server understands. See doc/rlm_sql. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius, EAP-TLS, MacOSX...
Alan, Thanks for the info. I will include an entire list of the RADIUS responses to a single login request. I am using the instructions available on Andreas Wolf's site for setting up an OS X client, AirPort Basestation and Radius. The rex. Tue Nov 9 11:42:46 2004 : Debug: Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.51.254.29:1026, id=126, length=190 Framed-MTU = 1466 NAS-IP-Address = 10.0.1.1 NAS-Identifier = "Alpha Test Base Station" User-Name = "shay" Service-Type = Framed-User NAS-Port = 256 NAS-Port-Type = Ethernet NAS-Port-Id = "wl0" Called-Station-Id = "00-03-93-eb-f4-bb" Calling-Station-Id = "00-0d-93-84-a4-11" Connect-Info = "CONNECT Ethernet 54Mbps Half duplex" EAP-Message = 0x020100090173686179 Message-Authenticator = 0xf07d66ad6f003db3b153dfc017304fd1 Tue Nov 9 11:52:52 2004 : Debug: modcall: entering group authorize for request 5 Tue Nov 9 11:52:52 2004 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 5 Tue Nov 9 11:52:52 2004 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 5 Tue Nov 9 11:52:52 2004 : Debug: modcall[authorize]: module "preprocess" returns ok for request 5 Tue Nov 9 11:52:52 2004 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 5 Tue Nov 9 11:52:52 2004 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 5 Tue Nov 9 11:52:52 2004 : Debug: modcall[authorize]: module "chap" returns noop for request 5 Tue Nov 9 11:52:52 2004 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 5 Tue Nov 9 11:52:52 2004 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 5 Tue Nov 9 11:52:52 2004 : Debug: modcall[authorize]: module "mschap" returns noop for request 5 Tue Nov 9 11:52:52 2004 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 5 Tue Nov 9 11:52:52 2004 : Debug: rlm_realm: No '@' in User-Name = "shay", looking up realm NULL Tue Nov 9 11:52:52 2004 : Debug: rlm_realm: No such realm "NULL" Tue Nov 9 11:52:52 2004 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 5 Tue Nov 9 11:52:52 2004 : Debug: modcall[authorize]: module "suffix" returns noop for request 5 Tue Nov 9 11:52:52 2004 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 5 Tue Nov 9 11:52:52 2004 : Debug: rlm_eap: EAP packet type response id 1 length 9 Tue Nov 9 11:52:52 2004 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Tue Nov 9 11:52:52 2004 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 5 Tue Nov 9 11:52:52 2004 : Debug: modcall[authorize]: module "eap" returns updated for request 5 Tue Nov 9 11:52:52 2004 : Debug: modsingle[authorize]: calling files (rlm_files) for request 5 Tue Nov 9 11:52:52 2004 : Debug: users: Matched DEFAULT at 152 Tue Nov 9 11:52:52 2004 : Debug: users: Matched DEFAULT at 171 Tue Nov 9 11:52:52 2004 : Debug: users: Matched shay at 216 Tue Nov 9 11:52:52 2004 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 5 Tue Nov 9 11:52:52 2004 : Debug: modcall[authorize]: module "files" returns ok for request 5 Tue Nov 9 11:52:52 2004 : Debug: modcall: group authorize returns updated for request 5 Tue Nov 9 11:52:52 2004 : Debug: rad_check_password: Found Auth-Type EAP Tue Nov 9 11:52:52 2004 : Debug: auth: type "EAP" Tue Nov 9 11:52:52 2004 : Debug: modcall: entering group authenticate for request 5 Tue Nov 9 11:52:52 2004 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 5 Tue Nov 9 11:52:52 2004 : Debug: rlm_eap: EAP Identity Tue Nov 9 11:52:52 2004 : Debug: rlm_eap: processing type md5 Tue Nov 9 11:52:52 2004 : Info: rlm_eap_md5: Issuing Challenge Tue Nov 9 11:52:52 2004 : Debug: Not-EAP proxy set. Not composing EAP Tue Nov 9 11:52:52 2004 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 5 Tue Nov 9 11:52:52 2004 : Debug: modcall[authenticate]: module "eap" returns handled for request 5 Tue Nov 9 11:52:52 2004 : Debug: modcall: group authenticate returns handled for request 5 Tue Nov 9 11:52:52 2004 : Debug: There was no response configured: rejecting request 5 Tue Nov 9 11:52:52 2004 : Debug: Server rejecting request 5. Tue Nov 9 11:52:52 2004 : Debug: Finished request 5 Tue Nov 9 11:52:52 2004 : Debug: Going to the next request Tue Nov 9 11:52:52 2004 : Debug: --- Walking the entire request list --- Tue Nov 9 11:52:52 2004 : Debug: Waking up in 1 seconds... rad_recv: Access-Request packet from host 10.51.254.29:1026, id=126, length=190 Sending Access-Reject of id 126 to 10.51.254.29:1026 Reply-Message = "Hello, %u" Tue Nov 9 11:52:53 2004 : Debug: --- Walking the entir
Re: FreeRadius, EAP-TLS, MacOSX...
[EMAIL PROTECTED] wrote: > Thanks for the info. I will include an entire list of the RADIUS > responses to a single login request. I am using the instructions > available on Andreas Wolf's site for setting up an OS X client, > AirPort Basestation and Radius. So... as I asked before, what are you trying to do? That web site is nice, but there's no reason to believe you've followed it's instructions exactly. You're not using EAP-TLS. Are you trying to use EAP-TLS, or something else? The debug log CLEARLY shows the server doing EAP-MD5. Why have you configured the server to do EAP-MD5 if you're trying to do EAP-TLS? > Tue Nov 9 11:52:52 2004 : Debug: modsingle[authorize]: calling files > (rlm_files) for request 5 > Tue Nov 9 11:52:52 2004 : Debug: users: Matched DEFAULT at 152 > Tue Nov 9 11:52:52 2004 : Debug: users: Matched DEFAULT at 171 > Tue Nov 9 11:52:52 2004 : Debug: users: Matched shay at 216 What do those entries do? They're not in the default configuration. I can't read your mind. You need to explain what you're doing, how you've configured the server, and exactly what is going on. If you answer half of my questions, and respond with the minimal possible information, it will be impossible for me to help you. > Tue Nov 9 11:52:52 2004 : Debug: Not-EAP proxy set. Not composing EAP That message is set only if you're doing EAP-TTLS, with tunneled EAP-MD5, where you're trying to proxy the inner session to another RADIUS server. I have no idea how you managed to get the server to produce that message. And until you describe your configuration in terms other than "I followed a web page', it's impossible to help you. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re:Re: FreeRadius, EAP-TLS, MacOSX...
Alan, Do you realize that this is all I was looking for? > Tue Nov 9 11:52:52 2004 : Debug: Not-EAP proxy set. Not composing EAP > > That message is set only if you're doing EAP-TTLS, with tunneled >EAP-MD5, where you're trying to proxy the inner session to another >RADIUS server. I admit to being new to this. I struggled alone for as long as I could before signing up to this list to get help. I can appreciate tough love where needed, but frankly we can't all be as gifted as you. I pointed you to the exact instructions I followed. I told you exactly the configuration I was using. If there is a better (written more patient) resource you can point me to, please let me know where that is. You were new to this once. Didn't YOU need help? I'm not looking for a free ride. Just some hard to find answers. The rex. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: error in compilation (make)
On Tue, Nov 09, 2004 at 05:49:56PM +0200, Eva Kolega at NTUA wrote: > I have installed > mysql-standard-4.0.21-sun-solaris2.9-sparc-64bit.tar.gz, Apache2, > php4.3.9 and openldap. > The problem is when I try to run make, though configure run ok, > gcc: sql_mysql.c: linker input file unused because linking not done Can we have the lines above this? At this point whatever the problem is has already occurred and so we get the error messages below. > /usr/local/src/freeradius-1.0.1/libtool --mode=link ld -module -static > -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall > -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align > -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes > -Wmissing-declarations -Wnested-externs -W -Wredundant-decls -Wundef > -I../.. -I../../../../include -I/usr/local/mysql/include -Xa -xstrconst > -mt -D_FORTEC_ -xarch=v9 sql_mysql.o -o rlm_sql_mysql.a > mkdir .libs > (cd . && ln -s sql_mysql.lo sql_mysql.o) > ar cru rlm_sql_mysql.a sql_mysql.o > ar: cannot open sql_mysql.o >No such file or directory > ar: sql_mysql.o not found > make[10]: *** [rlm_sql_mysql.a] Error 1 -- Paul "TBBle" Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius, EAP-TLS, MacOSX...
[EMAIL PROTECTED] wrote: > Do you realize that this is all I was looking for? No. I didn't feel comfortable coming to any conclusion from your post. There wasn't sufficient information. > I admit to being new to this. I struggled alone for as long as I > could before signing up to this list to get help. I can appreciate > tough love where needed, but frankly we can't all be as gifted as > you. I pointed you to the exact instructions I followed. I don't have time to go out of my way to read web pages outside of this list, which you may or may not have followed exactly. You're asking me to go do work to help you, and telling me that you're not willing to take the time to post quotes from your debug log & configuration files. So... why should I do work to help you, when you're not prepared to do the work to help me help you? > I told you exactly the configuration I was using. Absolutely not. That was my point, which you appeared to have missed. The web page is irrelevant. What you ACTUALLY DID is the only thing that's important. I can't figure out what you did by reading a web page. I can figure out what you did by reading pieces of your configuration files and debug logs that you post to the list. And from what little you posted, it was clear to me that what you did was very different from what was on any "802.1X howto" page. > If there is a better (written more patient) resource you can point > me to, please let me know where that is. You were new to this > once. Didn't YOU need help? Sure, but when I asked questions, I went out of my way to give enough information that someone could figure out what I was doing by reading my message. I didn't make them guess. And I didn't get angry when they told me to supply more information, or to go read some documentation. > I'm not looking for a free ride. Just some hard to find answers. And I'm telling you that in order to answer your questions, you need to do certain things. Like supply the data I've asked for (and which the README and FAQ say to supply). Like answer the questions I've asked. Rather than doing as I say, you've gotten upset that I'm asking you to do something. This says to me that even if I do tell you exactly what's going wrong and how to fix it, that that you'll probably argue with me over the answer. I've seen this behavior a LOT in the past 5 years on this list. It's frustrating for me. I would LIKE to be able to help you, but if you're going to argue over my responses, and not follow directions, I have no idea why you're asking for help in the first place. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(no subject)
HI , all I installed RADIUS 1.0.1 ON LINUX 9.0 BOX and is working fine except generating log files. The log directory and log file are configured as they r in usual configuration.. But still i am not seeing any logs genarating in that file. Should i change any configuration files . Should i have to give any extra parameter in executing RADIUSD to generate log files. More over no file with name radius.log is automatically created after installing RADIUS . So i created one file with that name and kept it there. But still it is not receiving any logs. So what should i have to do. Just reinstalling RADIUS . Thanks and Regards Rajesh
