Re: Problem with Auth-Type
On Tue, Nov 16, 2004 at 08:02:42AM +, carlos akitani wrote: htmldiv style='background-color:'DIV class=RTEHi, I've go the same problem but no solution. /DIV DIV class=RTEI've added the Auth-Type:=Local in the users file but the same answer:/DIV DIV class=RTEauth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user /DIV DIV class=RTEand even (username/password) not valide (but I've declared them in the clients.conf)./DIV DIV class=RTEHow to do?/DIV DIV class=RTEnbsp;/DIV First of all; please NO HTML MAIL! You should really read documentation first before trying to achieve what you want. Clients.conf is not used to store usernames and passwords of the users. The users file is meant to do that. Read the comments in the users file and also the aaa.txt in the doc directory to get an idea of how the radius server works. Kostas -- Kostas Zorbadelos Systems Developer, Otenet SA mailto: [EMAIL PROTECTED] Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Little Details, WRT54GS
Wodan wrote: I posted this question on the Sveasoft board once. The WEP key you enter in WEP RADIUS mode is the key that is used for encryption. Usually, in normal WEP mode, you use the same key for encryption and authentication. In the WRT54GS RADIUS mode, you use RADIUS for authentication and WEP for encryption. You don't have to enter this key on your clients because the key is automatically distributed to all RADIUS authenticated clients via the 8021.x server, that runs on the WRT54GS. What about dynamic WEP re-keying? There is a HUGE advantage in using WPA if you want to profit from the additional security RADIUS offers. In WPA mode, the key for encryption is definitly generated dynamicly for each client. So if your clients all support WPA and your router runs fine with RADIUS WPA, you should definitely stick with the WPA variant. How could I tell that different keys are actually being assigned and that re-keying is taking place? For more information you could signup at www.sveasoft.com where you get first grade technical support form the guys that actually write a custom firmware for the WRT54G(S) ! Now I'm actually running Sveasoft's version 4.0 to which TinyPEAP has been added. I was able to use the embedded TinyPEAP server and an external FreeRADIUS server for the first time. I don't have much info on the stability yet. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Compiling freeradius with snmp-support
Hi, I'm using freeradius 0.9.3 on Suse 9.1 I authorize my users with mysql. My AccessPoint is a Cisco 350. How do I change the configuration of my precompiled freeradius on suse 9.1 after the installation. Freeradius was installed by default with no snmp-support. Is there any way to do this, or do i have to reinstall and/or update to 1.0? Thanks a lot winmail.dat
Stop packet with zero session length
Hi, in my logs I see this string: Error: rlm_sql: Stop packet with zero session length. Reading through the source code and the mailing list, I think that stop packets with zero session length must be dropped by FR. But in my logs I see the error above, the record is updated into the DB and FR executes also the acct_stop_query_alt query. This is very strange. I need these records so I removed CISCO_ACCOUNTING_HACK from the source. Thanks, Andrea --- If you start looking for symptoms of an illness, the illness itself will soon show up. --- Ing. Andrea Gabellini Email: [EMAIL PROTECTED] Tel: 0549 886111 (Italy) Tel. +378 0549 886111 (International) Intelcom San Marino S.p.A. Strada degli Angariari, 3 47891 Rovereta Repubblic of San Marino http://www.omniway.sm http://www.intelcom.sm - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: A question about port 1646
Alan DeKok [EMAIL PROTECTED] wrote: Andreas Meyer [EMAIL PROTECTED] wrote: I wanted to use ports 1812 and 1813. If I set port=0 in radiusd.conf, radacct wants to connect to 1646 although I edited /etc/services to use 1813 for radius-acct. I suggest finding out why that's happening. It does NOT happen in a normal configuration, so something's wrong with your system. Same when I set port=1812, radacct wants to connect to 1646. FreeRADIUS just doesn't work that way. If you set port = 1812, then it listens for authentication on port 1812, and accounting on port 1813. Did some tests again. I set port = 0 in radiusd.conf and /etc/services looks like this: radius 1812/tcp# RADIUS radius 1812/udp# RADIUS radius-acct 1813/tcp# RADIUS Accounting radius-acct 1813/udp# RADIUS Accounting In /var/log/messages with radlogin I get: Nov 16 12:55:30 gamma radlogin[12894]: rc_map2id: can't find tty /dev/pts/1 in map database Nov 16 12:55:35 gamma radlogin[12894]: authentication OK, username andreas, service Login-User Nov 16 12:55:35 gamma radacct[12916]: rc_map2id: can't find tty /dev/pts/1 in map database Nov 16 12:56:05 gamma radacct[12916]: rc_send_server: no reply from RADIUS server localhost:1646 Nov 16 12:56:05 gamma radacct[12916]: accounting FAILED, type Start, username andreas, service Login-User Nov 16 12:56:05 gamma radacct[13030]: rc_map2id: can't find tty /dev/pts/1 in map database No listen directive involved in radiusd.conf. # netstat -pantu |grep radius udp0 0 0.0.0.0:18120.0.0.0:* 12854/radiusd udp0 0 0.0.0.0:18130.0.0.0:* 12854/radiusd udp0 0 0.0.0.0:18140.0.0.0:* 12854/radiusd I then set port = 1812 in radiusd.conf and the same /etc/services. No listen directive involved in radiusd.conf. Nov 16 13:06:49 gamma radlogin[15588]: authentication OK, username andreas, service Login-User Nov 16 13:07:19 gamma radacct[15614]: rc_send_server: no reply from RADIUS server localhost:1646 Nov 16 13:07:19 gamma radacct[15614]: accounting FAILED, type Start, username andreas, service Login-User Nov 16 13:07:49 gamma radacct[15732]: rc_send_server: no reply from RADIUS server localhost:1646 Nov 16 13:07:49 gamma radacct[15732]: accounting FAILED, type Start, username andreas, service Login-User Nov 16 13:09:19 gamma radacct[16075]: rc_send_server: no reply from RADIUS server localhost:1646 Nov 16 13:09:19 gamma radacct[16075]: accounting FAILED, type Stop, username andreas, service Login-User # netstat -pantu |grep radius udp0 0 0.0.0.0:18120.0.0.0:* 14641/radiusd udp0 0 0.0.0.0:18130.0.0.0:* 14641/radiusd udp0 0 0.0.0.0:18140.0.0.0:* 14641/radiusd I then set port = 1645 in radiusd.conf # netstat -pantu |grep radius udp0 0 0.0.0.0:16450.0.0.0:* 21010/radiusd udp0 0 0.0.0.0:16460.0.0.0:* 21010/radiusd udp0 0 0.0.0.0:16470.0.0.0:* 21010/radiusd and with radlogin I get: Nov 16 13:33:18 gamma radlogin[21938]: authentication OK, username andreas, service Login-User Nov 16 13:33:18 gamma radacct[21960]: accounting OK, type Start, username andreas, service Login-User Nov 16 13:33:18 gamma radacct[21966]: accounting OK, type Start, username andreas, service Login-User Nov 16 13:34:18 gamma radacct[22199]: accounting OK, type Stop, username andreas, service Login-User I found another strange behaviour. Configured freeradius with ./configure make and su make install. Logging is done in /var/log/radius and raddb is in /usr/local/etc. when I start radiusd -X I get the following: gamma:/var/log # /usr/local/sbin/radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf /usr/local/etc/raddb/radiusd.conf[429]: Unable to open file /etc/raddb/proxy.conf: No such file or directory Errors reading radiusd.conf In radiusd.conf I have: prefix = /usr/local exec_prefix = ${prefix} sysconfdir = /etc localstatedir = /var sbindir = ${exec_prefix}/sbin logdir = ${localstatedir}/log/radius raddbdir = ${sysconfdir}/raddb radacctdir = ${logdir}/radacct # Location of config and logfiles. confdir = ${raddbdir} run_dir = ${localstatedir}/run/radiusd ... proxy_requests = yes $INCLUDE ${confdir}/proxy.conf Very confusing! So I copied the whole directory /usr/local/raddb over to /etc. Nevertheless configuration must be done in /usr/local/etc/raddb. Unless.. did you set port = 1812 AND leave the listen directive in there? That might explain why the server is listening on 1646:
Re: Problem with Auth-Type
Excuse me, just a mistakethis morning in writting the files. I've read a lot the documentations and the files themselves. There are a descriptions for the files; users, clients.conf and proxy.conf : /raddb/users demolocal Auth-Type := Local, Password == demolocal Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Compression = Van-Jacobsen-TCP-IP, Framed-MTU = 1500 carlos Auth-Type := Local, Password == radius Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Compression = Van-Jacobsen-TCP-IP, Framed-MTU = 1500 /raddb/clients.conf client 127.0.0.1 { secret = demolocal shortname = localhost nastype = other } client 192.168.1.0/24 { secret = demolan shortname = Radius1 } /raddb/proxy.conf realm LOCAL { type = radius authhost = LOCAL accthost = LOCAL secret = demolocal } realm NULL { type = radius authhost = LOCAL accthost = LOCAL secret = demolan } realm DEFAULT type = radius authhost = LOCAL accthost = LOCAL secret = demolan } From this, please can you tell me where is wrong and make me the answer no Auth-Type for the reques, (carlos/radius) incorrect user rejected but authorization was OK but not the authentication - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Low cost APs that support EAP/TLS Freeradius??
Hi. I'd like to set up wireless at my home and do it securely. At work im using Cisco 1200s with Freeradius authenticating with EAP/TLS. I'd like to do the same thing at home, but the Cisco 1200s are *way* outside of my budget :-) Does anyone have any suggestions for a reasonably priced 802.11g access point that works well with Freeradius doing EAP/TLS?? Thanks, Joe Matuscak Rohrer Corporation 717 Seville Road Wadsworth, Ohio 44281 (330)335-1541 [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Little Details, WRT54GS
What about dynamic WEP re-keying? As far as i know this is not supported by Satori 4.0 and i could not get any more information from Sveasoft concerning this point. The wireless interface seems to be something they don't mess with much. How could I tell that different keys are actually being assigned and that re-keying is taking place? Well you could either track your WLAN traffic with something like Ethereal. If there is an easier way to do this, please let me know. But you can actually tell the configuration interface in which interval to change keys. Default is something like 3600 seconds. WPA always uses dynamic keys for encryption. The shared key or passphrase in WPA-PSK is used for authentication only. Now I'm actually running Sveasoft's version 4.0 to which TinyPEAP has been added. I was able to use the embedded TinyPEAP server and an external FreeRADIUS server for the first time. I don't have much info on the stability yet. I habe absolutely no experience with TinyPEAP and i read something about PEAP being only fairly secure. But don't take my work, i couldn't tell you where i read that. Stability of the Sveasoft pre-releases is pretty good as far as the PPPoE is concerned. The wireless- and PPTP interface vary though. I never had a router hangup or crash and i'm going pre-release ever since. Gruß, Philipp - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Low cost APs that support EAP/TLS Freeradius??
I was looking around yesterday, and I noticed that Linksys' new wireless router (WTV56G I believe) perports to support 802.1x. It retails for about $180 depending on where you look. It's more than just an AP though, it has full blown router functions. --Mike On Tue, 2004-11-16 at 08:00, Joe Matuscak wrote: Hi. I'd like to set up wireless at my home and do it securely. At work im using Cisco 1200s with Freeradius authenticating with EAP/TLS. I'd like to do the same thing at home, but the Cisco 1200s are *way* outside of my budget :-) Does anyone have any suggestions for a reasonably priced 802.11g access point that works well with Freeradius doing EAP/TLS?? Thanks, Joe Matuscak Rohrer Corporation 717 Seville Road Wadsworth, Ohio 44281 (330)335-1541 [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Secure TLS connection between Freeradius and Openldap
Hello, I'm trying to establish a secure TLS connection between a Freeradius and an Openldap server. The openssl s_client -connect command successfully establishes a connection to the openldap server on the mentioned port with the following certificates, but when trying to bind from freeradius I have the following error message: rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to 10.0.3.2:636, authentication 0 rlm_ldap: setting TLS mode to 1 rlm_ldap: setting TLS CACert File to /etc/openssl/certs/root.pem rlm_ldap: setting TLS CACert File to /etc/openssl/certs/ rlm_ldap: setting TLS Require Cert to never rlm_ldap: setting TLS Cert File to /etc/openssl/certs/cert.pem rlm_ldap: setting TLS Key File to /etc/openssl/certs/key.pem rlm_ldap: setting TLS Key File to /etc/openssl/certs/random rlm_ldap: bind as cn=Manager,dc=MYDOMAIN,dc=COM/password t o 10.0.3.2:636 rlm_ldap: cn=Manager,dc=MYDOMAIN,dc=COM bind to 10.0.3.2:636 fail ed: Can't contact LDAP server rlm_ldap: (re)connection attempt failed rlm_ldap: search failed Of course if I don't set the tls mode, the connection is ok. Any hints? Thanks. Konstantin _ Konstantin K. KABASSANOV LIP6/CNRS 8, rue du Capitaine Scott 75015 Paris, France Phone: +33 (0) 1 44 27 71 26 Fax: +33 (0) 1 44 27 74 95 E-mail: [EMAIL PROTECTED] Web: http://www.kabassanov.com _ IMPORTANT! If you have tried to reply to this mail and you received a stupid message, announcing that the mail had been rejected as spam, please, resend your reply to the address above. The certificate used to sign this e-mail can be verified at: http://igc.services.cnrs.fr/CNRS-Standard/recherche.html Too much is never enough. ( Me ;) ) smime.p7s Description: S/MIME cryptographic signature
Re: Low cost APs that support EAP/TLS Freeradius??
Michael Griego [EMAIL PROTECTED] wrote: I was looking around yesterday, and I noticed that Linksys' new wireless router (WTV56G I believe) perports to support 802.1x. It retails for about $180 depending on where you look. It's more than just an AP though, it has full blown router functions. The Gateway 7000 series AP's include a 4-port switch, and routing. They also implement PEAP EAP-TTLS within the AP. I strongly suspect that this means they're running FreeRADIUS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How-to use Framed-Route Attribute
Nirmal [EMAIL PROTECTED] wrote: how can i use Framed-Route Attribute in radius ? what is the exact format for this attribute ? http://www.freeradius.org/rfc/attributes.html Click on the attribute to find documentation for it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Compiling freeradius with snmp-support
Tobias Amon [EMAIL PROTECTED] wrote: How do I change the configuration of my precompiled freeradius on suse 9.1 after the installation. Freeradius was installed by default with no snmp-support. Is there any way to do this, or do i have to reinstall and/or update to 1.0? You have to re-install. You can still use 0.9.3, but I suggest you try upgrading. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: A question about port 1646
Andreas Meyer [EMAIL PROTECTED] wrote: Did some tests again. I set port = 0 in radiusd.conf and /etc/services looks like this: radius 1812/tcp# RADIUS That's nice. What ports does the server say it's listening on when you run it in debugging mode? # netstat -pantu |grep radius See comments above. I then set port = 1645 in radiusd.conf Yes... the client has been telling you it's sending to port 1646. It's important, therefore, to configure FreeRADIUS to listen on that port. and with radlogin I get: Nov 16 13:33:18 gamma radlogin[21938]: authentication OK, username andreas, service Login-User Nov 16 13:33:18 gamma radacct[21960]: accounting OK, type Start, username andreas, service Login-User ... I'm not sure why you think this information is important. How does having this information help solve your problem? found another strange behaviour. Configured freeradius with ./configure make and su make install. Logging is done in /var/log/radius and raddb is in /usr/local/etc. when I start radiusd -X I get the following: gamma:/var/log # /usr/local/sbin/radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf /usr/local/etc/raddb/radiusd.conf[429]: Unable to open file /etc/raddb/proxy.conf: No such file or directory Ok... In radiusd.conf I have: prefix = /usr/local exec_prefix = ${prefix} sysconfdir = /etc localstatedir = /var sbindir = ${exec_prefix}/sbin logdir = ${localstatedir}/log/radius raddbdir = ${sysconfdir}/raddb The files are in /etc/raddb. That's what the above quote says. You also said earlier: Logging is done in /var/log/radius and raddb is in /usr/local/etc. This disagrees with what's in the configuration file: raddbdir=/etc/raddb Which is correct? Why do you have two raddb directories? The make and make install process install everything in one place. If the server is looking in two different directories for configuration files, then it's because you edited the configuration files to tell it to do that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with Auth-Type
Carlos [EMAIL PROTECTED] wrote: Excuse me, just a mistakethis morning in writting the files. I've read a lot the documentations and the files themselves. There are a descriptions for the files; users, clients.conf and proxy.conf : ... But not the debug logs. Please go back, and READ the file called README. It says to run the server in debugging mode. If you're not going to do that, you're never going to solve the problem. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Segmentation fault reading clients
Hi all, i get a segmentation fault when starting freeradius. read_config_files: reading clients Segmentation fault Any ideas? Kind regards, Peter see gdb output below. -- (gdb) set args -x -x (gdb) break clients_free Breakpoint 1 at 0x8074faa: file client.c, line 52. (gdb) run Starting program: /usr/local/sbin/radiusd -x -x [New Thread 1024 (LWP 10971)] Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /usr/local/var main: logdir = /usr/local/var/log/radius main: libdir = /usr/local/lib main: radacctdir = /usr/local/var/log/radius/radacct main: hostname_lookups = no main: snmp = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /usr/local/var/log/radius/radius.log main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /usr/local/var/run/radiusd/radiusd.pid main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients [Switching to Thread 1024 (LWP 10971)] Breakpoint 1, clients_free (cl=0x81a0950) at client.c:52 52 while(cl) { (gdb) step 53 next = cl-next; (gdb) step 54 free(cl); (gdb) step 55 cl = next; (gdb) step 56 } (gdb) step 53 next = cl-next; (gdb) step Program received signal SIGSEGV, Segmentation fault. clients_free (cl=0x81a0950) at client.c:53 53 next = cl-next; (gdb) bt #0 clients_free (cl=0x81a0950) at client.c:53 #1 0x08074ffe in read_clients_file (file=0xbfffe60c /etc/raddb/clients) at client.c:76 #2 0x08077f53 in read_mainconfig (reload=0) at mainconfig.c:1202 #3 0x08067d85 in main (argc=3, argv=0xbbc4) at radiusd.c:941 (gdb) (gdb) print next $1 = (RADCLIENT *) 0x1613dc90 (gdb) print cl $2 = (RADCLIENT *) 0x1613dc90 (gdb) print cl-next Cannot access memory at address 0x1613de38 (gdb) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusdb - no such file or directory
Janakan, I tried to disable rlm_x99_token as you say you did. I ran ./configure --disable-rlm_x99_token. Is this not right? only to get the same errors: In file included from x99_rlm.c:54: x99.h:26:42: openssl/des.h: No such file or directory gmake[6]: *** [x99_rlm.o] Error 1 gmake[6]: Leaving directory `/downloads/freeradius-1.0.1/src/modules/rlm_x99_token' gmake[5]: *** [common] Error 1 gmake[5]: Leaving directory `/downloads/freeradius-1.0.1/src/modules' gmake[4]: *** [all] Error 2 gmake[4]: Leaving directory `/downloads/freeradius-1.0.1/src/modules' gmake[3]: *** [common] Error 1 gmake[3]: Leaving directory `/downloads/freeradius-1.0.1/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/downloads/freeradius-1.0.1/src' gmake[1]: *** [common] Error 1 gmake[1]: Leaving directory `/downloads/freeradius-1.0.1' make: *** [all] Error 2 On Mon, 15 Nov 2004 16:55:30 -0500 Janakan Rajendran [EMAIL PROTECTED] wrote: Hi Alen, Thanks for your input. I had the freeradius running after disabling rlm_x99_token while giving configure command. It works fine. Thx again. Regards, Janakan Rajendran -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Janakan Rajendran Sent: Monday, November 15, 2004 3:46 PM To: [EMAIL PROTECTED] Subject: RE: radiusdb - no such file or directory Hi Alen, I am getting the same error Michael is getting. I'm trying to install Freeradius 1.0.1 on solaris 9. As per your suggestion, I could delete /src/modules/rlm_x99_token. After deleting what should I do know. Should I run make install or start from the configure again?. If I want to redo it, what command should I use to reverse the changes that I made before? (make clean?). I am new to solaris and freeradius but trying hard to catch up by studying. Would appreciate your help. Thx in advance. Regards, Janakan Rajendran. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Monday, November 15, 2004 3:12 PM To: [EMAIL PROTECTED] Subject: Re: radiusdb - no such file or directory Michael Basso [EMAIL PROTECTED] wrote: In file included from x99_rlm.c:54: x99.h:26:42: openssl/des.h: No such file or directory If you're not using X9.9 tokens, deleted src/modules/rlm_x99_token. when I then run make install the last lines are: If make doesn't work, then make install won't work, either. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Michael Basso Network Specialist Bedford Central School District (914) 241-6186 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segmentation fault reading clients
Peter L. [EMAIL PROTECTED] wrote: i get a segmentation fault when starting freeradius. read_config_files: reading clients Segmentation fault This happens when the code in the server disagrees with itself. e.g. Version X of the server is using modules from version Y, or the header files were updated, and onlysome parts of the server were re-built. Try deleting your entire install, and then doing make clean;make;make install. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radiusdb - no such file or directory
Michael, The command is correct. What I did is I manually delete the free radius folder and then started new with the configure command disabling rlm_x99_token(your syntax is correct) and it worked. No errors during make and make install. Try deleting the folder and redo again. It might help. Regards, Janakan Rajendran -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Basso Sent: Tuesday, November 16, 2004 10:38 AM To: [EMAIL PROTECTED] Subject: Re: radiusdb - no such file or directory Janakan, I tried to disable rlm_x99_token as you say you did. I ran ./configure --disable-rlm_x99_token. Is this not right? only to get the same errors: In file included from x99_rlm.c:54: x99.h:26:42: openssl/des.h: No such file or directory gmake[6]: *** [x99_rlm.o] Error 1 gmake[6]: Leaving directory `/downloads/freeradius-1.0.1/src/modules/rlm_x99_token' gmake[5]: *** [common] Error 1 gmake[5]: Leaving directory `/downloads/freeradius-1.0.1/src/modules' gmake[4]: *** [all] Error 2 gmake[4]: Leaving directory `/downloads/freeradius-1.0.1/src/modules' gmake[3]: *** [common] Error 1 gmake[3]: Leaving directory `/downloads/freeradius-1.0.1/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/downloads/freeradius-1.0.1/src' gmake[1]: *** [common] Error 1 gmake[1]: Leaving directory `/downloads/freeradius-1.0.1' make: *** [all] Error 2 On Mon, 15 Nov 2004 16:55:30 -0500 Janakan Rajendran [EMAIL PROTECTED] wrote: Hi Alen, Thanks for your input. I had the freeradius running after disabling rlm_x99_token while giving configure command. It works fine. Thx again. Regards, Janakan Rajendran -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Janakan Rajendran Sent: Monday, November 15, 2004 3:46 PM To: [EMAIL PROTECTED] Subject: RE: radiusdb - no such file or directory Hi Alen, I am getting the same error Michael is getting. I'm trying to install Freeradius 1.0.1 on solaris 9. As per your suggestion, I could delete /src/modules/rlm_x99_token. After deleting what should I do know. Should I run make install or start from the configure again?. If I want to redo it, what command should I use to reverse the changes that I made before? (make clean?). I am new to solaris and freeradius but trying hard to catch up by studying. Would appreciate your help. Thx in advance. Regards, Janakan Rajendran. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Monday, November 15, 2004 3:12 PM To: [EMAIL PROTECTED] Subject: Re: radiusdb - no such file or directory Michael Basso [EMAIL PROTECTED] wrote: In file included from x99_rlm.c:54: x99.h:26:42: openssl/des.h: No such file or directory If you're not using X9.9 tokens, deleted src/modules/rlm_x99_token. when I then run make install the last lines are: If make doesn't work, then make install won't work, either. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Michael Basso Network Specialist Bedford Central School District (914) 241-6186 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AW: Segmentation fault reading clients
read_config_files: reading clients Segmentation fault This happens when the code in the server disagrees with itself. e.g. Version X of the server is using modules from version Y, or the header files were updated, and onlysome parts of the server were re-built. Try deleting your entire install, and then doing make clean;make;make install. thanks. works great. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: A question about port 1646
Alan DeKok [EMAIL PROTECTED] wrote: radius 1812/tcp# RADIUS That's nice. What ports does the server say it's listening on when you run it in debugging mode? I made a fresh install. Debugging mode says this: Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /usr/local/var main: logdir = /usr/local/var/log/radius main: libdir = /usr/local/lib main: radacctdir = /usr/local/var/log/radius/radacct main: hostname_lookups = no main: snmp = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /usr/local/var/log/radius/radius.log main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /usr/local/var/run/radiusd/radiusd.pid main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = (null) exec: input_pairs = request exec: output_pairs = (null) exec: packet_type = (null) rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = (null) mschap: authtype = MS-CHAP mschap: ntlm_auth = (null) Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = (null) unix: shadow = (null) unix: group = (null) unix: radwtmp = /usr/local/var/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = md5 eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = Password: gtc: auth_type = PAP rlm_eap: Loaded and initialized type gtc mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = /usr/local/etc/raddb/huntgroups preprocess: hints = /usr/local/etc/raddb/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = suffix realm: delimiter = @ realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = /usr/local/etc/raddb/users files: acctusersfile = /usr/local/etc/raddb/acct_users files: preproxy_usersfile = /usr/local/etc/raddb/preproxy_users files: compat = no Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = /usr/local/var/log/radius/radutmp radutmp: username = %{User-Name} radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Listening on proxy *:1814 Ready to
Re: radiusdb - no such file or directory
Janakan, Thanks for your help. Still no luck. I deleted the freeradius folder that is created after untaring the initial file. Is there another freeradius folder I should delete before running configure again? Does it matter where I untar the freeradius file to? On Tue, 16 Nov 2004 11:18:28 -0500 Janakan Rajendran [EMAIL PROTECTED] wrote: Michael, The command is correct. What I did is I manually delete the free radius folder and then started new with the configure command disabling rlm_x99_token(your syntax is correct) and it worked. No errors during make and make install. Try deleting the folder and redo again. It might help. Regards, Janakan Rajendran -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Basso Sent: Tuesday, November 16, 2004 10:38 AM To: [EMAIL PROTECTED] Subject: Re: radiusdb - no such file or directory Janakan, I tried to disable rlm_x99_token as you say you did. I ran ./configure --disable-rlm_x99_token. Is this not right? only to get the same errors: In file included from x99_rlm.c:54: x99.h:26:42: openssl/des.h: No such file or directory gmake[6]: *** [x99_rlm.o] Error 1 gmake[6]: Leaving directory `/downloads/freeradius-1.0.1/src/modules/rlm_x99_token' gmake[5]: *** [common] Error 1 gmake[5]: Leaving directory `/downloads/freeradius-1.0.1/src/modules' gmake[4]: *** [all] Error 2 gmake[4]: Leaving directory `/downloads/freeradius-1.0.1/src/modules' gmake[3]: *** [common] Error 1 gmake[3]: Leaving directory `/downloads/freeradius-1.0.1/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/downloads/freeradius-1.0.1/src' gmake[1]: *** [common] Error 1 gmake[1]: Leaving directory `/downloads/freeradius-1.0.1' make: *** [all] Error 2 On Mon, 15 Nov 2004 16:55:30 -0500 Janakan Rajendran [EMAIL PROTECTED] wrote: Hi Alen, Thanks for your input. I had the freeradius running after disabling rlm_x99_token while giving configure command. It works fine. Thx again. Regards, Janakan Rajendran -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Janakan Rajendran Sent: Monday, November 15, 2004 3:46 PM To: [EMAIL PROTECTED] Subject: RE: radiusdb - no such file or directory Hi Alen, I am getting the same error Michael is getting. I'm trying to install Freeradius 1.0.1 on solaris 9. As per your suggestion, I could delete /src/modules/rlm_x99_token. After deleting what should I do know. Should I run make install or start from the configure again?. If I want to redo it, what command should I use to reverse the changes that I made before? (make clean?). I am new to solaris and freeradius but trying hard to catch up by studying. Would appreciate your help. Thx in advance. Regards, Janakan Rajendran. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Monday, November 15, 2004 3:12 PM To: [EMAIL PROTECTED] Subject: Re: radiusdb - no such file or directory Michael Basso [EMAIL PROTECTED] wrote: In file included from x99_rlm.c:54: x99.h:26:42: openssl/des.h: No such file or directory If you're not using X9.9 tokens, deleted src/modules/rlm_x99_token. when I then run make install the last lines are: If make doesn't work, then make install won't work, either. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Michael Basso Network Specialist Bedford Central School District (914) 241-6186 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Michael Basso Network Specialist Bedford Central School District (914) 241-6186 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusdb - no such file or directory
--without, (instead of --disable) worked!!! On Tue, 16 Nov 2004 11:40:51 -0500 Michael Basso [EMAIL PROTECTED] wrote: Janakan, Thanks for your help. Still no luck. I deleted the freeradius folder that is created after untaring the initial file. Is there another freeradius folder I should delete before running configure again? Does it matter where I untar the freeradius file to? On Tue, 16 Nov 2004 11:18:28 -0500 Janakan Rajendran [EMAIL PROTECTED] wrote: Michael, The command is correct. What I did is I manually delete the free radius folder and then started new with the configure command disabling rlm_x99_token(your syntax is correct) and it worked. No errors during make and make install. Try deleting the folder and redo again. It might help. Regards, Janakan Rajendran -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Basso Sent: Tuesday, November 16, 2004 10:38 AM To: [EMAIL PROTECTED] Subject: Re: radiusdb - no such file or directory Janakan, I tried to disable rlm_x99_token as you say you did. I ran ./configure --disable-rlm_x99_token. Is this not right? only to get the same errors: In file included from x99_rlm.c:54: x99.h:26:42: openssl/des.h: No such file or directory gmake[6]: *** [x99_rlm.o] Error 1 gmake[6]: Leaving directory `/downloads/freeradius-1.0.1/src/modules/rlm_x99_token' gmake[5]: *** [common] Error 1 gmake[5]: Leaving directory `/downloads/freeradius-1.0.1/src/modules' gmake[4]: *** [all] Error 2 gmake[4]: Leaving directory `/downloads/freeradius-1.0.1/src/modules' gmake[3]: *** [common] Error 1 gmake[3]: Leaving directory `/downloads/freeradius-1.0.1/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/downloads/freeradius-1.0.1/src' gmake[1]: *** [common] Error 1 gmake[1]: Leaving directory `/downloads/freeradius-1.0.1' make: *** [all] Error 2 On Mon, 15 Nov 2004 16:55:30 -0500 Janakan Rajendran [EMAIL PROTECTED] wrote: Hi Alen, Thanks for your input. I had the freeradius running after disabling rlm_x99_token while giving configure command. It works fine. Thx again. Regards, Janakan Rajendran -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Janakan Rajendran Sent: Monday, November 15, 2004 3:46 PM To: [EMAIL PROTECTED] Subject: RE: radiusdb - no such file or directory Hi Alen, I am getting the same error Michael is getting. I'm trying to install Freeradius 1.0.1 on solaris 9. As per your suggestion, I could delete /src/modules/rlm_x99_token. After deleting what should I do know. Should I run make install or start from the configure again?. If I want to redo it, what command should I use to reverse the changes that I made before? (make clean?). I am new to solaris and freeradius but trying hard to catch up by studying. Would appreciate your help. Thx in advance. Regards, Janakan Rajendran. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Monday, November 15, 2004 3:12 PM To: [EMAIL PROTECTED] Subject: Re: radiusdb - no such file or directory Michael Basso [EMAIL PROTECTED] wrote: In file included from x99_rlm.c:54: x99.h:26:42: openssl/des.h: No such file or directory If you're not using X9.9 tokens, deleted src/modules/rlm_x99_token. when I then run make install the last lines are: If make doesn't work, then make install won't work, either. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Michael Basso Network Specialist Bedford Central School District (914) 241-6186 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Michael Basso Network Specialist Bedford Central School District (914) 241-6186 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Michael Basso Network Specialist Bedford Central School District (914) 241-6186 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radiusdb - no such file or directory
Thatz great! Michael. I'm wondering do you have any documentation to configure the freeradius. If you could share that with me, I'd really appreciate. Thank you, Regards, Janakan Rajendran -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Basso Sent: Tuesday, November 16, 2004 11:57 AM To: [EMAIL PROTECTED] Subject: Re: radiusdb - no such file or directory --without, (instead of --disable) worked!!! On Tue, 16 Nov 2004 11:40:51 -0500 Michael Basso [EMAIL PROTECTED] wrote: Janakan, Thanks for your help. Still no luck. I deleted the freeradius folder that is created after untaring the initial file. Is there another freeradius folder I should delete before running configure again? Does it matter where I untar the freeradius file to? On Tue, 16 Nov 2004 11:18:28 -0500 Janakan Rajendran [EMAIL PROTECTED] wrote: Michael, The command is correct. What I did is I manually delete the free radius folder and then started new with the configure command disabling rlm_x99_token(your syntax is correct) and it worked. No errors during make and make install. Try deleting the folder and redo again. It might help. Regards, Janakan Rajendran -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Basso Sent: Tuesday, November 16, 2004 10:38 AM To: [EMAIL PROTECTED] Subject: Re: radiusdb - no such file or directory Janakan, I tried to disable rlm_x99_token as you say you did. I ran ./configure --disable-rlm_x99_token. Is this not right? only to get the same errors: In file included from x99_rlm.c:54: x99.h:26:42: openssl/des.h: No such file or directory gmake[6]: *** [x99_rlm.o] Error 1 gmake[6]: Leaving directory `/downloads/freeradius-1.0.1/src/modules/rlm_x99_token' gmake[5]: *** [common] Error 1 gmake[5]: Leaving directory `/downloads/freeradius-1.0.1/src/modules' gmake[4]: *** [all] Error 2 gmake[4]: Leaving directory `/downloads/freeradius-1.0.1/src/modules' gmake[3]: *** [common] Error 1 gmake[3]: Leaving directory `/downloads/freeradius-1.0.1/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/downloads/freeradius-1.0.1/src' gmake[1]: *** [common] Error 1 gmake[1]: Leaving directory `/downloads/freeradius-1.0.1' make: *** [all] Error 2 On Mon, 15 Nov 2004 16:55:30 -0500 Janakan Rajendran [EMAIL PROTECTED] wrote: Hi Alen, Thanks for your input. I had the freeradius running after disabling rlm_x99_token while giving configure command. It works fine. Thx again. Regards, Janakan Rajendran -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Janakan Rajendran Sent: Monday, November 15, 2004 3:46 PM To: [EMAIL PROTECTED] Subject: RE: radiusdb - no such file or directory Hi Alen, I am getting the same error Michael is getting. I'm trying to install Freeradius 1.0.1 on solaris 9. As per your suggestion, I could delete /src/modules/rlm_x99_token. After deleting what should I do know. Should I run make install or start from the configure again?. If I want to redo it, what command should I use to reverse the changes that I made before? (make clean?). I am new to solaris and freeradius but trying hard to catch up by studying. Would appreciate your help. Thx in advance. Regards, Janakan Rajendran. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Monday, November 15, 2004 3:12 PM To: [EMAIL PROTECTED] Subject: Re: radiusdb - no such file or directory Michael Basso [EMAIL PROTECTED] wrote: In file included from x99_rlm.c:54: x99.h:26:42: openssl/des.h: No such file or directory If you're not using X9.9 tokens, deleted src/modules/rlm_x99_token. when I then run make install the last lines are: If make doesn't work, then make install won't work, either. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Michael Basso Network Specialist Bedford Central School District (914) 241-6186 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Michael Basso Network Specialist Bedford Central School District (914) 241-6186 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Michael Basso Network Specialist Bedford Central School District (914) 241-6186 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: A question about port 1646
On Tue, 16 Nov 2004 at 17:39 (+0100), Andreas Meyer wrote: AM Listening on authentication *:1812 AM Listening on accounting *:1813 AM Listening on proxy *:1814 AM Ready to process requests. AM AM When I do now a radlogin I get this in /var/log/messages: AM AM Nov 16 17:24:59 gamma radlogin[6208]: authentication OK, username andreas, service Login-User AM Nov 16 17:25:29 gamma radacct[6242]: rc_send_server: no reply from RADIUS server localhost:1646 AM Nov 16 17:25:29 gamma radacct[6242]: accounting FAILED, type Start, username andreas, service Login-User AM Nov 16 17:25:59 gamma radacct[6365]: rc_send_server: no reply from RADIUS server localhost:1646 AM Nov 16 17:25:59 gamma radacct[6365]: accounting FAILED, type Start, username andreas, service Login-User AM Nov 16 17:27:29 gamma radacct[6711]: rc_send_server: no reply from RADIUS server localhost:1646 AM Nov 16 17:27:29 gamma radacct[6711]: accounting FAILED, type Stop, username andreas, service Login-User AM AM As far as I understand that, radacct is trying to connect to port 1646. AM Of course I can configure freeradius with port = 1645, then accounting AM works. AM The client I am using is using the /etc/services. I can tell the client AM to use port 1645 with radlogin -i 1645. I haven't really followed this thread, but if you look at the top three lines you see that it is listening on 1812, 1813, and 1814 not 1645, and 1646 which radacct is trying to use. I don't remember exactly when the standard ports for RADIUS changed to the 1812 and 1813 (not positive on 1814). You might try leaving the FreeRADIUS install on 1812 and change radlogin to use 1812. Now, if radlogin is using /etc/services you might verify that you had the correct information in there. This is what I have on one machine that works fine. It has been a while since I did that though. radiusd 1812/udp# RADIUS radacct 1813/udp# RADIUS Accounting Michael -- Michael J. Hartwick, VE3SLQ [EMAIL PROTECTED] Hartwick Communications Consulting (519) 396-7719 Kincardine, ON, CA http://www.hartwick.com -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Tcpdump Attribute Question
I have a question to tcpdumping FreeRADIUS. in some auth-replies there a missing some attributes but instead of them i can see at the end of a tcpdump line the following: [|radius] what does this exactly mean? f.e.: --- 12:58:05.215548 x.x.x.x.1645 x.x.x.x.1645: rad-access-accept 217 [id 14] Attr[ Framed_ipaddr{10.10.10.10} [|radius] --- normaly i can see a lot of more output: --- 13:14:56.867709 x.x.x.x.1645 x.x.x.x.1645: rad-access-accept 38 [id 37] Attr[ Framed_ipaddr{11.1.1.11} Framed_proto{PPP} Service_type{Framed} ] --- does somebody have an idea? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: A question about port 1646
Michael J. Hartwick [EMAIL PROTECTED] wrote: I haven't really followed this thread, but if you look at the top three lines you see that it is listening on 1812, 1813, and 1814 not 1645, and 1646 which radacct is trying to use. I don't remember exactly when the standard ports for RADIUS changed to the 1812 and 1813 (not positive on 1814). You might try leaving the FreeRADIUS install on 1812 and change radlogin to use 1812. Now, if radlogin is using /etc/services you might verify that you had the correct information in there. This is what I have on one machine that works fine. It has been a while since I did that though. radiusd 1812/udp# RADIUS radacct 1813/udp# RADIUS Accounting I am very sorry for all the confusion but I just found out that radacct is not part of freeradius but part of the radiusclient I am using. And it seems that radacct is compiled to use port 1646. My god, excuse my ignorance! I am wondering if I can use freeradius to protect a subnetwork when clients connect to a radiusclient over ethernet or WLAN. -- Andreas Meyer We only do well the things we like doing. - Colette - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusdb - no such file or directory
On Tue, 16 Nov 2004 12:06:52 -0500 Janakan Rajendran [EMAIL PROTECTED] wrote: Thatz great! Michael. I'm wondering do you have any documentation to configure the freeradius. If you could share that with me, I'd really appreciate. I wish I did. If I get any documentation I will be sure to let you know. I'm looking through the radiusd.conf file at the moment and I am a bit overwhelmed. Michael - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP-MD5 help
Hi all, I 'am trying to authenticate using EAP-MD5. After some requests Free RADIUS server resends the Access Challenge multiple times. It does not say what's the error is and output of the log is Resending the access chanllenge to the client. But it works for the same user in new call. Can anybody help me. Where and what I have made wrong. i 'am writing client in java. Thanks, Jagadeesha T . __ Do you Yahoo!? Meet the all-new My Yahoo! - Try it today! http://my.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusdb - no such file or directory
Michael Basso [EMAIL PROTECTED] wrote: I wish I did. If I get any documentation I will be sure to let you know. I'm looking through the radiusd.conf file at the moment and I am a bit overwhelmed. The O'Reilly RADIUS book is a good beginning for people starting with RADIUS. FreeRADIUS *does* include a lot of documentation. There just isn't an easy howto with a series of steps telling you how to confiogure it on your local system. If you don't know what something is in radiusd.conf, then don't touch it. 99% of the common configurations involve telling the server a user and clear-text password. Almost everything will work after that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-MD5 help
jagadish gowda [EMAIL PROTECTED] wrote: i 'am writing client in java. I would say that your client has bugs. Read the RFC's to see how EAP-MD5 is implemented. And the debug log from FreeRADIUS will tell you what's going on, and why. Read it. If you're not going to read it, you'll never solve your problem. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Tcpdump Attribute Question
jesk [EMAIL PROTECTED] wrote: in some auth-replies there a missing some attributes but instead of them i can see at the end of a tcpdump line the following: [|radius] what does this exactly mean? I suggest asking the tcpdump people. They wrote. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proxied EAP authentication
Hi I am working my university thesis using Freeradius. Its about WLAN Roaming. We want to reduce the messages that are sent during an EAP authentication between the foreign and home server( so we use proxy ). No matter how i have searched i cannt find an rfc describing the sequence of messages between 2 servers (i looked at RFC 3579,3580 and generally all RFCs in radius docs). So the question is are there any RFC decribing the procedure? I would also like to know if i can alter freeradius source code so as to cut some attributes it sents. These attributes are probably State and Proxy-State. Thanks _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.com/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
LDAP radiusprofile
HI, I am currently setting up freeradius with openldap as a backend for testing. I have read through the various walk-throughs and have noticed that most show the radiusprofile objectclass to be structural. But looking at the RADIUS-LDAPv3.schema, it shows that objectclass as auxiliary. I am guessing that this is a recent change. What are most people using for the structural objectclass? Currently I am looking to use the ldap server for radius only. BTW, great job on getting freeradius to 1.0! Thanks, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[securew2@alfa-ariss.com: Alfa Ariss Make SecureW2 Available as Open Source] (fwd)
Maybe this will interest a few of the list members. - Forwarded message from SecureW2 [EMAIL PROTECTED] - Subject: Alfa Ariss Make SecureW2 Available as Open Source From: SecureW2 [EMAIL PROTECTED] To: undisclosed-recipients: ; Date: Tue, 16 Nov 2004 15:37:29 +0100 Thread-Topic: Alfa Ariss Make SecureW2 Available as Open Source Thread-Index: AcTL6cxMSm7LCozsRiKXnzJHNh/iMA== Dear SecureW2 users, Alfa Ariss today announced that SecureW2 will soon be available as open source. Alfa Ariss believes that by releasing SecureW2 as open source, the quality and feature set of SecureW2 will be prolonged. SecureW2 with hundred of thousands of users worldwide gives users the means of connecting to 802.1X enabled networks in a secure and convenient way. SecureW2 is scheduled to become Open Source within the course of January 2005. Alfa Ariss will continue to support customers who have a support contract until their support contract expires. Alfa Ariss will postpone services for new customers until SecureW2 is released as open source. More precise details about the release date and the location of the source code will be communicated to the media within the following weeks. Thank you for using SecureW2. Tom Rixom CTO / Alfa Ariss - End forwarded message - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: URGENT: IP Pool allocation based on LDAP attribute value
On Mon, 15 Nov 2004, Nishen Narandas wrote: Good day all, I am currently implementing FreeRadius for testing with our GGSN (Radius client) in our GPRS network. We have an External LDAP server which contains all usernames, passwords and other attributes. I would like to if it is possible to configure FreeRadius to do the ffg: The call flow process will be as follows: * The Radius client forwards the username and password of the user to the Radius Server (FreeRadius). FreeRadius then forwards the Username and Password to the LDAP server (OpenLDAP) for authentication. * Once authenticated, the authorisation begins. In freeradius authorization happens *before* authentication. * For authorisation, FreeRadius should be able to send a request to the LDAP server to query the value of a particular attribute for each subscriber (this attribute is called the SubscriberTypeAttribute) * The LDAP returns a value for this SubscriberTypeAttribute to FreeRadius and the value could either be an integer 8 or 100 * Based on the value returned, FreeRadius should then assign an IP address from 1 of 2 pools to the user. (i.e: if a value of 8 is received, then FreeRadius must assign an IP address from Pool_A, but if a value of 100 is received, FreeRadius must then assign an IP address from Pool_B. The easiest way is to assign the SubscriberTypeAttribute ldap attribute to the Pool-Name in ldap.attrmap and then configure the corresponding two ippool module instances. meaning: ippool 8 { [...] } ippool 100 { [...] } We need this solution so that we can allocate a different range of IP addresses for different SubscriberTypes. Your assistance will be greatly appreciated. Thanking you Regards Nishen Narandas GPRS Planning Cell C Operations 150 Rivonia Road Sandton 2196 Private bag X36 Benmore 2010 Tel: +27 11 324 4939 Cell: +27 84 777 4319 Fax: +27 11 324 4400 Website: http://www.cellc.net http://www.cellc.net/ -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: interface for the users
On Mon, 15 Nov 2004, Osvaldo Alvarez Pozo wrote: Hy hello everybody, this is my first email to the list. I have just installed freeradius and configured it to work with mysql for storing user information. As a admin interface I have dialup_admin. But I have a problem, I need a user interface, so my users can change their passwd. Does any body know anyone? It shouldn't be so hard to create another dialupadmin page to do just that. Open an enhancement bug report on bugs.freeradius.org and it will probably be done shortly. Thanks Osvaldo _ Consigue aqu? las mejores y mas recientes ofertas de trabajo en Am?rica Latina y USA: http://latam.msn.com/empleos/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxied EAP authentication
jh vg [EMAIL PROTECTED] wrote: I am working my university thesis using Freeradius. Its about WLAN Roaming. We want to reduce the messages that are sent during an EAP authentication between the foreign and home server( so we use proxy ). I'm not sure that's possible. No matter how i have searched i cannt find an rfc describing the sequence of messages between 2 servers (i looked at RFC 3579,3580 and generally all RFCs in radius docs). There is no such document. RADIUS proxies are nothing more than a RADIUS server which passes requests to a RADIUS client. proxy +---+ client | server client | server +---+ A proxy acts like a server to it's clients, and as a client to it's servers. There is no extra document needed because the documents already describe how clients and servers interact. So the question is are there any RFC decribing the procedure? I would also like to know if i can alter freeradius source code so as to cut some attributes it sents. These attributes are probably State and Proxy-State. Uh... why? Those attributes have very well-defined meanings. They're needed. If you don't have them, EAP RADIUS stop working. Read the RFC's to see why. Perhaps you could say WHY you're trying to reduce the messages. Is it the number of messages? The size? I don't think you'll be able to reduce either unless you define your own version of EAP RADIUS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: to Kostas Kalevras!
On Mon, 15 Nov 2004, Edgars wrote: doesn't this project recall something? dialpup-admin2? Certainly not dialupadmin2 :-) From the screenshots it's just a lot less pages than dialupadmin with a little bit more info (in the online users page for instance) specifically designed for mikrotik administration (as is obvious from the user edit page). It seems to mostly carry the dialupadmin skin, not dialupadmin code although i can't be sure. I don't know if the way they 've packaged it (you can get it only if you pay) creates any license issues (at least regarding freeradius). www.dmasoftlab.com http://www.dmasoftlab.com Edgars - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP radiusprofile
On Tue, 16 Nov 2004, Dave wrote: HI, I am currently setting up freeradius with openldap as a backend for testing. I have read through the various walk-throughs and have noticed that most show the radiusprofile objectclass to be structural. But looking at the RADIUS-LDAPv3.schema, it shows that objectclass as auxiliary. I am guessing that this is a recent change. What are most people using for the structural objectclass? Currently I am looking to use the ldap server for radius only. Take a look at the person,organizationalPerson,ietOrgPerson objectclass hierarchy BTW, great job on getting freeradius to 1.0! Thanks, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Low cost APs that support EAP/TLS Freeradius??
On 11/16/2004 10:11 AM, Alan DeKok wrote: Michael Griego [EMAIL PROTECTED] wrote: I was looking around yesterday, and I noticed that Linksys' new wireless router (WTV56G I believe) perports to support 802.1x. It retails for about $180 depending on where you look. It's more than just an AP though, it has full blown router functions. The Gateway 7000 series AP's include a 4-port switch, and routing. They also implement PEAP EAP-TTLS within the AP. I strongly suspect that this means they're running FreeRADIUS. Alan DeKok. A quick search on that turns up a GW 7001 lists for $299 (g only) and $399 (a/g) at Gateway's web size and the A/G $359 at CDW. I am interested in an AP that can do 802.1x (authenticator without being a server) that's a bit cheaper than that. I'd also like a firewall/NAT router functions, you know, the typical Cable/DSL/router configuration. Suggestions? A Linksys WRT54GS with Sveasoft looks like a bargin functionally. Amazon.com has the WRT54GS for $81.99 - $10 Rebate. Dave. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Low cost APs that support EAP/TLS Freeradius??
David Mitton wrote: A Linksys WRT54GS with Sveasoft looks like a bargin functionally. Amazon.com has the WRT54GS for $81.99 - $10 Rebate. Yeah, that's a good price. I use the WRT54GS with the tinyPEAP embedded RADIUS server. The firmware is based on Sveasoft's version 4.0, because it's freely available I guess. Works for me. I paid under $76 after $10 rebate and $10 gift card at Staples. (Staples has a great return policy, just in case.) The Amazon deal is nice because it's tax free with free shipping. Free shipping can be as quick as regular shipping. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Server is being hit by requests as old as one week..... how to stop?
Hi guys, We had a problem with multiple accounting records, which we resolved by adding unique key to radacct table and modifying the insert/update SQL for accounting records. It seems that by solving this problem we had taken on a bigger problem. Because server is now returning error for any duplicate accounting record, clients are submitting the request again and again we are being hit by requests as old as one week. I guess, my question is that if there is any way to stop this requests. Thanks Prabh __ Post your free ad now! http://personals.yahoo.ca - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How-to use Framed-Route Attribute
Hi, i have read rfc 2865 and rlm_sql module also and i used "=" as an Op but in any case secondary route is not being added on primary ppp interface... i don't know wheather [Framed-Route] it works or not. Nirmal Nachko Halachev [EMAIL PROTECTED] wrote: Hello,About how to use Framed-Route read rfc 2865.Also in radreply table you must have value "=" for Op field. Please read documentation for rlm_sql module fro Freeradius.On Tuesday 16 November 2004 09:14, Nirmal wrote: Hi, i m using freeradius. how can i use Framed-Route Attribute in radius ? what is the exact format for this attribute ? what i tried is 192.192.168.1 is the static ip user and route would be added for 192.192.168.2 gw would be 192.192.168.1 metric 1 In RadReply Table: Id Attribute Op Value == 259 Framed-Route := 192.192.168.2/32 192.192.168.1 1 while running radius in debug mode i can see above parameters. but route is not being added for secondary ip address. Please Help me out. Thanks in advance, Nirmal - Do you Yahoo!? Discover all thats new in My Yahoo!-- Regards,Nachko HalachevField engineerOrbitel, Inc. - office Stara Zagoratel.: +359 42 601514; fax: +359 42 600091-Orbitel - the Next Generation Telecom!See www.orbitel.bg. -List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Do you Yahoo!? Meet the all-new My Yahoo! Try it today!
Re: How-to use Framed-Route Attribute
On Wednesday 17 November 2004 08:34, Nirmal wrote: i don't know wheather [Framed-Route] it works or not. Well, thet run radiusd in debug mode - radiusd -X. If everything is OK within database, you should see reply message from freeradius to NAS after user authenticate. If you see that reply message, the you NAS maybe is misconfigured or bugy. -- Regards, Nachko Halachev Field engineer Orbitel, Inc. - office Stara Zagora tel.: +359 42 601514; fax: +359 42 600091 - Orbitel - the Next Generation Telecom! See www.orbitel.bg. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Acounting problem using mysql
gentlemen, I am using free radius and its fantastic Took me some time, and some questions, so thanks for the help. I have one problem still though. I am using mysql integration but accounting does not seem to work. data seems to be writtem but all records show as deleted any ideas ? cheers Terence - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How-to use Framed-Route Attribute
Yes when i run radiusd in debug mode it shows the framed-route entry there in radius reply messages... can u tell me what part in NAS could be misconfigured ? i saw my ppp source files... there are some files ip-up and login.radius which contains code to add Framed-Route. there is a parameter $routelist passed from login.radius and given to ip-up file and ip-up file has for loop to add these additional routes.Nachko Halachev [EMAIL PROTECTED] wrote: On Wednesday 17 November 2004 08:34, Nirmal wrote: i don't know wheather [Framed-Route] it works or not.Well, thet run radiusd in debug mode - radiusd -X. If everything is OK within database, you should see reply message from freeradius to NAS after user authenticate. If you see that reply message, the you NAS maybe is misconfigured or bugy.-- Regards,Nachko HalachevField engineerOrbitel, Inc. - office Stara Zagoratel.: +359 42 601514; fax: +359 42 600091-Orbitel - the Next Generation Telecom!See www.orbitel.bg. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Do you Yahoo!? Discover all thats new in My Yahoo!