failover oracle database
Hi I want to configure freeradius with failover option, to write to another database if the working DB is down or the node goes down. I usually do that from tnsnames.ora file at the client side by adding the address of the standby database. How can I do this with freeRADIUS. Regards, Nader * The contents of this email and any attachments are confidential. It is intended for the named recipient(s) only. If you have received this email in error please notify the system manager or the sender immediately and do not disclose the contents to any one or make copies. * PALTEL E-Safety System scanned this email and found NO viruses, vandals or malicious content. * Should you need any information or clarifications regarding this system, please do not hesitate to contact our team at the IP Dep. <[EMAIL PROTECTED]>. *
Re: Accounting records
prabhan wrote: Hello, Where does freeradius store the accounting records ? By default in the log directory (/var/log/radiusd/radacct/...) Otherwise wherever you tell it to log them (by configuration in radiusd.conf) -- Regards, Thor Spruyt E: [EMAIL PROTECTED] W: www.thor-spruyt.com M: +32 (0)475 67 22 65 Bestel nu uw exemplaar van Operationele verkoop (Walter Spruyt - Liesbeth Huysmans) via www.salesguide.be Ontdek de Telenet Hotspot service op www.telenet.be/hotspots - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Errors in the initialization of EAP/PEAP with freeradius (URGENT HELPPP!!)
Hi list, I'm having some real issues configuring freeradius with EAP/PEAP to authorize our wifi users access to internet. When I configure freeradius following the directives in this document: http://www.broadbandreports.com/forum/remark,9286052~mode=flat I get this errors: radius:/usr/local/radius/etc/raddb # /usr/local/radius/sbin/run-radius -X -A+ LD_LIBRARY_PATH=/usr/local/openssl/lib+ LD_PRELOAD=/usr/local/openssl/lib/libcrypto.so+ export LD_LIBRARY_PATH LD_PRELOAD+ /usr/local/radius/sbin/radiusd -X -AStarting - reading configuration files ...reread_config: reading radiusd.confConfig: including file: /usr/local/radius/etc/raddb/proxy.confConfig: including file: /usr/local/radius/etc/raddb/clients.confConfig: including file: /usr/local/radius/etc/raddb/snmp.confConfig: including file: /usr/local/radius/etc/raddb/eap.confConfig: including file: /usr/local/radius/etc/raddb/sql.confmain: prefix = "/usr/local/radius"main: localstatedir = "/usr/local/radius/var"main: logdir = "/usr/local/radius/var/log/radius"main: libdir = "/usr/local/radius/lib"main: radacctdir = "/usr/local/radius/var/log/radius/radacct"main: hostname_lookups = nomain: max_request_time = 30main: cleanup_delay = 5main: max_requests = 1024main: delete_blocked_requests = 0main: port = 0main: allow_core_dumps = nomain: log_stripped_names = nomain: log_file = "/usr/local/radius/var/log/radius/radius.log"main: log_auth = nomain: log_auth_badpass = nomain: log_auth_goodpass = nomain: pidfile = "/usr/local/radius/var/run/radiusd/radiusd.pid"main: user = "(null)"main: group = "(null)"main: usercollide = nomain: lower_user = "no"main: lower_pass = "no"main: nospace_user = "no"main: nospace_pass = "no"main: checkrad = "/usr/local/radius/sbin/checkrad"main: proxy_requests = yesproxy: retry_delay = 5proxy: retry_count = 3proxy: synchronous = noproxy: default_fallback = yesproxy: dead_time = 120proxy: post_proxy_authorize = yesproxy: wake_all_if_all_dead = nosecurity: max_attributes = 200security: reject_delay = 1security: status_server = nomain: debug_level = 0read_config_files: reading dictionaryread_config_files: reading naslistUsing deprecated naslist file. Support for this will go away soon.read_config_files: reading clientsread_config_files: reading realmsradiusd: entering modules setupModule: Library search path is /usr/local/radius/libModule: Loaded execexec: wait = yesexec: program = "(null)"exec: input_pairs = "request"exec: output_pairs = "(null)"exec: packet_type = "(null)"rlm_exec: Wait=yes but no output defined. Did you mean output=none?Module: Instantiated exec (exec)Module: Loaded exprModule: Instantiated expr (expr)Module: Loaded PAPpap: encryption_scheme = "crypt"Module: Instantiated pap (pap)Module: Loaded CHAPModule: Instantiated chap (chap)Module: Loaded MS-CHAPmschap: use_mppe = yesmschap: require_encryption = yesmschap: require_strong = yesmschap: with_ntdomain_hack = nomschap: passwd = "(null)"mschap: authtype = "MS-CHAP"mschap: ntlm_auth = "(null)"Module: Instantiated mschap (mschap)Module: Loaded Systemunix: cache = nounix: passwd = "(null)"unix: shadow = "(null)"unix: group = "(null)"unix: radwtmp = "/usr/local/radius/var/log/radius/radwtmp"unix: usegroup = nounix: cache_reload = 600Module: Instantiated unix (unix)Module: Loaded eapeap: default_eap_type = "peap"eap: timer_expire = 60eap: ignore_unknown_eap_types = noeap: cisco_accounting_username_bug = norlm_eap: Loaded and initialized type md5rlm_eap: Loaded and initialized type leapgtc: challenge = "Password: "gtc: auth_type = "PAP"rlm_eap: Loaded and initialized type gtctls: rsa_key_exchange = yestls: dh_key_exchange = notls: rsa_key_length = 1024tls: dh_key_length = 1024tls: verify_depth = 0tls: CA_path = "(null)"tls: pem_file_type = notls: private_key_file = "/usr/local/radius/etc/raddb/certs/cert-srv.pem"tls: certificate_file = "/usr/local/radius/etc/raddb/certs/cert-srv.pem"tls: CA_file = "/usr/local/radius/etc/raddb/certs/demoCA/cacert.pem"tls: private_key_password = "rusifiw."tls: dh_file = "/usr/local/radius/etc/raddb/certs/dh"tls: random_file = "/usr/local/radius/etc/raddb/certs/random"tls: fragment_size = 1024tls: include_length = yestls: check_crl = notls: check_cert_cn = "(null)"2608:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:946:2608:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:304:Type=X5092608:error:140AD00D:SSL routines:SSL_CTX_use_certificate_file:ASN1 lib:ssl_rsa.c:536:rlm_eap_tls: Error reading certificate filerlm_eap: Failed to initialize type tlsradiusd.conf[9]: eap: Module instantiation failed. I've searched in Google, readed all the messages in the freeradius users list, searched a lot of forums, tried lot of possibities, and nothingI'm stucj on that problem and I need a solution fast or my boss will cut my head with a dulled knife...:) Please, someone send me some tip!!!
Re: Exec-Program
You should have something like this in radiusd.conf:
files {
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_users
compat = no
}
And you also should have something like this in radiusd.conf:
preacct {
preprocess
acct_unique
# Read the 'acct_users' file
files
}
Then the acct-users file will be processed and your scripts should be
executed.
I have this in the acct-users file and that works for me:
DEFAULT Acct-Status-Type == Start
Exec-Program = /opt/radhome/bin/acct.pl
DEFAULT Acct-Status-Type == Alive
Exec-Program = /opt/radhome/bin/acct.pl
DEFAULT Acct-Status-Type == Stop
Exec-Program = /opt/radhome/bin/acct.pl
Is there any way to put this information about the program to execute in
(start, alive, Stop) status in the MySQL DB?
_
¿Estás pensando en cambiar de coche? Todas los modelos de serie y extras en
MSN Motor. http://motor.msn.es/researchcentre/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: failover oracle database
Check out doc/configurable_failover after unpacking the source code. On Wed, 29 Dec 2004, Nader Sayeh wrote: Hi I want to configure freeradius with failover option, to write to another database if the working DB is down or the node goes down. I usually do that from tnsnames.ora file at the client side by adding the address of the standby database. How can I do this with freeRADIUS. Regards, Nader * The contents of this email and any attachments are confidential. It is intended for the named recipient(s) only. If you have received this email in error please notify the system manager or the sender immediately and do not disclose the contents to any one or make copies. * PALTEL E-Safety System scanned this email and found NO viruses, vandals or malicious content. * Should you need any information or clarifications regarding this system, please do not hesitate to contact our team at the IP Dep. [EMAIL PROTECTED]. * - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
compiling on a virutal 64bit platform
Hello, I try to compile freeradius-1.0.1, both original version and the newest CVS. The compile fails with creating .libs/radiusdS.c (cd .libs gcc -c -fno-builtin -fno-rtti -fno-exceptions radiusdS.c) cc1: warning: -fno-rtti is valid for C++ but not for C/ObjC rm -f .libs/radiusdS.c .libs/radiusd.nm .libs/radiusd.nmS .libs/radiusd.nmT gcc .libs/radiusdS.o -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -W -Wredundant-decls -Wundef -I../include -DHOSTINFO=\\ -DRADIUSD_VERSION=\1.0.1\ -o .libs/radiusd radiusd.o files.o util.o acct.o nas.o log.o valuepair.o version.o proxy.o exec.o auth.o timestr.o conffile.o modules.o modcall.o session.o xlat.o threads.o smux.o radius_snmp.o client.o request_list.o mainconfig.o -Wl,--export-dynamic -L/root/freeradius/radiusd/src/lib -lcrypt -lnsl -lresolv -lpthread -lcrypto -lssl /root/freeradius/radiusd/src/lib/.libs/libradius.so /usr/lib/libltdl.so -ldl -lcrypt -Wl,--rpath -Wl,/usr/lib/freeradius /usr/lib/libltdl.so: could not read symbols: Invalid operation collect2: ld returned 1 exit status The system is identified as Linux hostname 2.6.8-24.10-smp #1 SMP Wed Dec 22 11:54:27 UTC 2004 x86_64 x86_64 x86_64 GNU/Linux Any clue, anyone? I have to catalogues, /usr/lib and /usr/lib64 - which both includes the libltdl.so - but I dont know if this makes any difference. -- Med vennlig hilsen/Sincerely Alfred H. Dahl Hostmaster Élla Kommunikasjon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: restrict ldap user search
Does anyone know how to restrict user search to an specific LDAP branch?
the basedn setting in radiusd.conf ldap section.
I want to find in an specific ldap branch if an specific DNIS arrives.
I tried these setting, but when the user is noy found in the specific branch,
the search then try to find the user in the other ldaps that I set.
Are you saying you want to try the search in the other branch if not found
in the first branch? Or, are you saying it is searching in the other
branch, but you don't want it to?
I tried setting the user file:
DEFAULT Called-Station-Id == 123456, Auth-type := client1 , Autz-Type :=
ldap_client1
and in the radiusd.conf:
ldap ldap_client1 { server = 192.168.1.1
basedn = ou=client1, dc=abc , dc=com
.
.
}
authorize {
preprocess
files
chap
group {
ldap1
ldap2
}
autztype ldap_client1
ldap_client1
}
Authenticate
{
authtype CHAP{chap}
authtype LDAP {
redundant{
ldap1
ldap2
}
}
authtype client1 {
ldap_client1}
}
What does radiusd -X show? Please be more specific in what you want to
happen and then include the radiusd -X debug showing what is happening.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_mschap compilation error - Where to look ?
All, When compiling Freeradius , i have the following error during rlm_mschap compilation. Where do I have to look ? Making all in rlm_mschap... make[6]: Entering directory `/root/freeradius-snapshot-20041229/src/modules/rlm_mschap' /root/freeradius-snapshot-20041229/libtool --mode=compile gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -I../../include -c rlm_mschap.c gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -I../../include -c rlm_mschap.c -fPIC -DPIC -o .libs/rlm_mschap.o rlm_mschap.c: In function `do_mschap': rlm_mschap.c:769: error: too many arguments to function `radius_exec_program' make[6]: *** [rlm_mschap.lo] Error 1 make[6]: Leaving directory `/root/freeradius-snapshot-20041229/src/modules/rlm_mschap' make[5]: *** [common] Error 1 make[5]: Leaving directory `/root/freeradius-snapshot-20041229/src/modules' make[4]: *** [all] Error 2 make[4]: Leaving directory `/root/freeradius-snapshot-20041229/src/modules' make[3]: *** [common] Error 1 make[3]: Leaving directory `/root/freeradius-snapshot-20041229/src' make[2]: *** [all] Error 2 make[2]: Leaving directory `/root/freeradius-snapshot-20041229/src' make[1]: *** [common] Error 1 make[1]: Leaving directory `/root/freeradius-snapshot-20041229' make: *** [all] Error 2 proxysvr:~/freeradius-snapshot-20041229# __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_mschap compilation error - Where to look ?
Aime [EMAIL PROTECTED] wrote: When compiling Freeradius , i have the following error during rlm_mschap compilation. Where do I have to look ? The radius_exec_program function was changed yesterday. rlm_mschap wasn't updated, but it should be updated in a day or so. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: restrict ldap user search
I already set the specific basedn in the radiusd.conf.
I want to search only in the specific ldap branch for an specific
called-station-id.
Here is the debug log:
rad_recv: Access-Request packet from host 10.160.4.7:3459, id=27, length=55
User-Name = admin
User-Password = pass123
Called-Station-Id = 40004015
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
users: Matched DEFAULT at 57
modcall[authorize]: module files returns ok for request 0
modcall[authorize]: module chap returns noop for request 0
modcall: entering group group for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for admin
radius_xlat: '((objectClass=aRadiusAccount)(uid=admin))'
radius_xlat: 'dc=company,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 192.168.220.100:389, authentication 0
rlm_ldap: bind as cn=Manager,dc=company,dc=com/secret to 192.168.220.100:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=company,dc=com, with filter
((objectClass=aRadiusAccount)(uid=admin))
rlm_ldap: Added password {SHA}65klKnzqoLdyHTcDnLVHwNNxTo4= in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user admin authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module ldap1 returns ok for request 0
modcall: group group returns ok for request 0
modcall: group authorize returns ok for request 0
Processing the authorize section of radiusd.conf
modcall: entering group autztype for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for admin
radius_xlat: '((objectClass=aRadiusAccount)(uid=admin))'
radius_xlat: 'ou=client1,dc=company,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 192.168.220.100:389, authentication 0
rlm_ldap: bind as cn=Manager,dc=company,dc=com/secret to 192.168.220.100:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=client1,dc=company,dc=com, with filter
((objectClass=aRadiusAccount)(uid=admin))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module ldap_client1 returns notfound for request 0
modcall: group autztype returns notfound for request 0
rad_check_password: Found Auth-Type CLIENT1
auth: type CLIENT1
Processing the authenticate section of radiusd.conf
modcall: entering group authtype for request 0
rlm_ldap: - authenticate
rlm_ldap: login attempt by admin with password pass123
rlm_ldap: user DN: uid=admin,ou=a,ou=bender,dc=company,dc=com
rlm_ldap: (re)connect to 192.168.220.100:389, authentication 1
rlm_ldap: bind as uid=admin,ou=a,ou=bender,dc=company,dc=com/pass123 to
192.168.220.100:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: user admin authenticated succesfully
modcall[authenticate]: module ldap_client1 returns ok for request 0
modcall: group authtype returns ok for request 0
radius_xlat: 'Welcome a CLIENT1.'
Login OK: [admin/pass123] (from client Esteban port 0)
Sending Access-Accept of id 27 to 10.160.4.7:3459
Reply-Message = Bienvenido a CLIENT1.
Finished request 0
Going to the next request
Mensaje citado por Dustin Doris [EMAIL PROTECTED]:
Does anyone know how to restrict user search to an specific LDAP branch?
the basedn setting in radiusd.conf ldap section.
I want to find in an specific ldap branch if an specific DNIS arrives.
I tried these setting, but when the user is noy found in the specific
branch,
the search then try to find the user in the other ldaps that I set.
Are you saying you want to try the search in the other branch if not found
in the first branch? Or, are you saying it is searching in the other
branch, but you don't want it to?
I tried setting the user file:
DEFAULT Called-Station-Id == 123456, Auth-type := client1 , Autz-Type
:=
ldap_client1
and in the radiusd.conf:
ldap ldap_client1 { server = 192.168.1.1
basedn = ou=client1, dc=abc , dc=com
.
.
}
authorize {
preprocess
files
chap
group {
ldap1
ldap2
}
autztype ldap_client1
ldap_client1
}
Authenticate
{
authtype CHAP{chap}
authtype LDAP {
redundant{
ldap1
ldap2
}
}
authtype client1 {
RE: Errors in the initialization of EAP/PEAP with freeradius (URGENT HELPPP!!)
Thanx for the response... Yep, I've tried to regenerate the certificates, and nothing... Maybe the problem is related with the distribution? I'm using Suse Linux Pro 9.1, but seems that all of you are using RedHatI'm cosidering buiding from scratch in RH. Juan Campanini Chipsur Sistemas Informáticos S.L. www.chipsur.es -Mensaje original- De: Alan DeKok [mailto:[EMAIL PROTECTED] Enviado el: miércoles, 29 de diciembre de 2004 16:33 Para: freeradius-users@lists.freeradius.org Asunto: Re: Errors in the initialization of EAP/PEAP with freeradius (URGENT HELPPP!!) Juan Andres Campanini [EMAIL PROTECTED] wrote: When I configure freeradius following the directives in this document: http://www.broadbandreports.com/forum/remark,9286052~mode=flat http://www.broadbandreports.com/forum/remark,9286052~mode=flat Hmm... try using the documentation included with FreeRADIUS, or the docs pointed to from http://www.freeradius.org/doc/ rlm_eap_tls: Error reading certificate file Yup. OpenSSL doesn't produce useful errors. I've searched in Google, readed all the messages in the freeradius users list, searched a lot of forums, tried lot of possibities, and nothingI'm stucj on that problem and I need a solution fast or my boss will cut my head with a dulled knife...:) Regenerate the certificates using the scripts that are included with the server. See scripts/CA.certs, for example. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FR installation
Alan, Please, I am a newbie in FR and Linux. I am using a RH 9.0 for my installation. From various materials I read on the internet, I was able to get to editing of the clients.conf,users and radius.conf files. a.) What are the editting tools available for these files? b.)When I started radius by issuing radiusd command I get the following; [EMAIL PROTECTED] freeradius-1.0.1]# radiusd Wed Dec 29 03:52:56 2004 : Info: Starting - reading configuration files ... Wed Dec 29 03:52:56 2004 : Error: /usr/local/etc/raddb/clients.conf[1]: Line is not in 'attribute = value' format Wed Dec 29 03:52:56 2004 : Error: Errors reading radiusd.conf [EMAIL PROTECTED] freeradius-1.0.1]# radiusd Wed Dec 29 03:56:16 2004 : Info: Starting - reading configuration files ... Wed Dec 29 03:56:16 2004 : Error: /usr/local/etc/raddb/clients.conf[1]: Line is not in 'attribute = value' format Wed Dec 29 03:56:16 2004 : Error: Errors reading radiusd.conf [EMAIL PROTECTED] freeradius-1.0.1]# radiusd Wed Dec 29 04:44:44 2004 : Info: Starting - reading configuration files ... Wed Dec 29 04:44:44 2004 : Error: /usr/local/etc/raddb/clients.conf[1]: Line is not in 'attribute = value' format Wed Dec 29 04:44:44 2004 : Error: Errors reading radiusd.conf You have new mail in /var/spool/mail/root [EMAIL PROTECTED] freeradius-1.0.1]# --- Alan DeKok [EMAIL PROTECTED] wrote: Alfred H. Dahl [EMAIL PROTECTED] wrote: /usr/lib/libltdl.so: could not read symbols: Invalid operation It looks like libltdl.so isn't 64-bit. I have to catalogues, /usr/lib and /usr/lib64 - which both includes the libltdl.so - but I dont know if this makes any difference. Try /usr/lib64/libltdl.so Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html = Michael-Olumide Johnson B.Sc.(Phy), PG.D(Fin.Mgt), MCP, CCNA 08033133324 __ Do you Yahoo!? Yahoo! Mail - now with 250MB free storage. Learn more. http://info.mail.yahoo.com/mail_250 = Michael-Olumide Johnson B.Sc.(Phy), PG.D(Fin.Mgt), MCP, CCNA 08033133324 __ Do you Yahoo!? The all-new My Yahoo! - Get yours free! http://my.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FR installation
Mike-Olumide, Johnson wrote: From various materials I read on the internet, I was able to get to editing of the clients.conf,users and radius.conf files. a.) What are the editting tools available for these files? Any text editor (e.g. vi) There's a web based admin tool also called Dialup Admin (see www.freeradius.org) b.)When I started radius by issuing radiusd command I get the following; [EMAIL PROTECTED] freeradius-1.0.1]# radiusd Wed Dec 29 03:52:56 2004 : Info: Starting - reading configuration files ... Wed Dec 29 03:52:56 2004 : Error: /usr/local/etc/raddb/clients.conf[1]: Line is not in 'attribute = value' format Wed Dec 29 03:52:56 2004 : Error: Errors reading radiusd.conf [EMAIL PROTECTED] freeradius-1.0.1]# radiusd Wed Dec 29 03:56:16 2004 : Info: Starting - reading configuration files ... Wed Dec 29 03:56:16 2004 : Error: /usr/local/etc/raddb/clients.conf[1]: Line is not in 'attribute = value' format Wed Dec 29 03:56:16 2004 : Error: Errors reading radiusd.conf [EMAIL PROTECTED] freeradius-1.0.1]# radiusd Wed Dec 29 04:44:44 2004 : Info: Starting - reading configuration files ... Wed Dec 29 04:44:44 2004 : Error: /usr/local/etc/raddb/clients.conf[1]: Line is not in 'attribute = value' format Wed Dec 29 04:44:44 2004 : Error: Errors reading radiusd.conf You have new mail in /var/spool/mail/root [EMAIL PROTECTED] freeradius-1.0.1]# Well: seems like in /usr/local/etc/raddb/clients.conf, you have a line that is not in 'attribute = value' format -- Regards, Thor Spruyt E: [EMAIL PROTECTED] W: www.thor-spruyt.com M: +32 (0)475 67 22 65 Bestel nu uw exemplaar van Operationele verkoop (Walter Spruyt - Liesbeth Huysmans) via www.salesguide.be Ontdek de Telenet Hotspot service op www.telenet.be/hotspots - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Errors in the initialization of EAP/PEAP with freeradius (URGENT HELPPP!!)
Just to dispell your myth we all use redhat ... I've got clients running it on Debian and also on FreeBSD .. :P -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Juan Andres Campanini Sent: 29 December 2004 15:58 To: freeradius-users@lists.freeradius.org Cc: Alan DeKok Subject: RE: Errors in the initialization of EAP/PEAP with freeradius (URGENT HELPPP!!) Thanx for the response... Yep, I've tried to regenerate the certificates, and nothing... Maybe the problem is related with the distribution? I'm using Suse Linux Pro 9.1, but seems that all of you are using RedHatI'm cosidering buiding from scratch in RH. Juan Campanini Chipsur Sistemas Informáticos S.L. www.chipsur.es -Mensaje original- De: Alan DeKok [mailto:[EMAIL PROTECTED] Enviado el: miércoles, 29 de diciembre de 2004 16:33 Para: freeradius-users@lists.freeradius.org Asunto: Re: Errors in the initialization of EAP/PEAP with freeradius (URGENT HELPPP!!) Juan Andres Campanini [EMAIL PROTECTED] wrote: When I configure freeradius following the directives in this document: http://www.broadbandreports.com/forum/remark,9286052~mode=flat http://www.broadbandreports.com/forum/remark,9286052~mode=flat Hmm... try using the documentation included with FreeRADIUS, or the docs pointed to from http://www.freeradius.org/doc/ rlm_eap_tls: Error reading certificate file Yup. OpenSSL doesn't produce useful errors. I've searched in Google, readed all the messages in the freeradius users list, searched a lot of forums, tried lot of possibities, and nothingI'm stucj on that problem and I need a solution fast or my boss will cut my head with a dulled knife...:) Regenerate the certificates using the scripts that are included with the server. See scripts/CA.certs, for example. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
compiling on a virutal 64bit platform
/usr/lib/libltdl.so: could not read symbols: Invalid operation It looks like libltdl.so isn't 64-bit. That was my guess to... I have to catalogues, /usr/lib and /usr/lib64 - which both includes the libltdl.so - but I dont know if this makes any difference. Try /usr/lib64/libltdl.so I really, really want to try that - but I am not a programmer; how to I tell gcc to use /usr/lib64/libltdl.so instead of /usr/lib/libltdl.so ??? -- Med vennlig hilsen/Sincerely Alfred H. Dahl Hostmaster Élla Kommunikasjon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FR installation
Mike-Olumide, Johnson [EMAIL PROTECTED] wrote: b.)When I started radius by issuing radiusd command I get the following; That message isn't printed out for the normal configuration files, so I'd guess that you edited clients.conf. The solution is to not edit it like you did. Either use a different editor, or read clients.conf again, to see what it expects. And could you explain why you didn't post that line here? It would have made it a lot easier for people on the list to help you. Making us play twenty questions is annoying. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Errors in the initialization of EAP/PEAP with freeradius (URGENT HELPPP!!)
yep...I know...and it's clear that the error is related with the certificates, but I can't get rid of it. I'v tried different versions of opeenssl, different versions of freeradius, different procedures, but nothing... No one had the same error? Juan Campanini Chipsur Sistemas Informáticos S.L. www.chipsur.es -Mensaje original- De: Stuart Harris [mailto:[EMAIL PROTECTED] Enviado el: miércoles, 29 de diciembre de 2004 17:17 Para: freeradius-users@lists.freeradius.org Asunto: RE: Errors in the initialization of EAP/PEAP with freeradius (URGENT HELPPP!!) Just to dispell your myth we all use redhat ... I've got clients running it on Debian and also on FreeBSD .. :P -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Juan Andres Campanini Sent: 29 December 2004 15:58 To: freeradius-users@lists.freeradius.org Cc: Alan DeKok Subject: RE: Errors in the initialization of EAP/PEAP with freeradius (URGENT HELPPP!!) Thanx for the response... Yep, I've tried to regenerate the certificates, and nothing... Maybe the problem is related with the distribution? I'm using Suse Linux Pro 9.1, but seems that all of you are using RedHatI'm cosidering buiding from scratch in RH. Juan Campanini Chipsur Sistemas Informáticos S.L. www.chipsur.es -Mensaje original- De: Alan DeKok [mailto:[EMAIL PROTECTED] Enviado el: miércoles, 29 de diciembre de 2004 16:33 Para: freeradius-users@lists.freeradius.org Asunto: Re: Errors in the initialization of EAP/PEAP with freeradius (URGENT HELPPP!!) Juan Andres Campanini [EMAIL PROTECTED] wrote: When I configure freeradius following the directives in this document: http://www.broadbandreports.com/forum/remark,9286052~mode=flat http://www.broadbandreports.com/forum/remark,9286052~mode=flat Hmm... try using the documentation included with FreeRADIUS, or the docs pointed to from http://www.freeradius.org/doc/ rlm_eap_tls: Error reading certificate file Yup. OpenSSL doesn't produce useful errors. I've searched in Google, readed all the messages in the freeradius users list, searched a lot of forums, tried lot of possibities, and nothingI'm stucj on that problem and I need a solution fast or my boss will cut my head with a dulled knife...:) Regenerate the certificates using the scripts that are included with the server. See scripts/CA.certs, for example. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
close and open sessions on a month change
Hello. intro: i'm running freeradius-1.0.1 on a freebsd-5.3R box. my clients have no time restrictions, but they are limited by traffic. radiusd is configured to store accounting information in mysql. i've written php script for my clients so they can see how much of their limit they used so far. when client run out all his traffic to the limit, he can still authorize to the system, but he receive IP address from restricted ip pool, so he can still use inner network services, i.e. provided by mail or web server, but have no access to internet. couple of days ago one of my clients says to me that he cannot open no internet site but still able to see his statistics page. as for radiusd, he has no traffic left, but php script says that he have another 110MB. it's not a bug. when radiusd gets information about user traffic, point of reality is AcctStopTime, and for the script this point is AcctStartTime. no problem, i've edit php script so there is also was AcctStopTime as an reality point. this client have worked 30 november till the night of 1 december. so his entry in accounting table is this one: +-+-+-+-+--+ | AcctStartTime | AcctStopTime| AcctSessionTime | AcctInputOctets | AcctOutputOctets | +-+-+-+-+--+ | 2004-11-30 16:25:05 | 2004-12-01 00:12:51 | 28066 |49882434 | 65886575 | +-+-+-+-+--+ the question is: is there a possibility to radiusd close a session in accounting table and right after that opens a new one for the new day/month? or can i force radiusd to close all sessions in some moment of time? what can be a solution for this situation? -- Alexander Lunyov [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dialup admin Question
What does the Online Users function use to generate the list of online users? I know it calls user_finger.php but what utility like radwho or what does it use, or is it a call to the database or the NAS unit? Nick Marino - IT Solutions - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP problems
see: http://www.missl.cs.umd.edu/wireless/eaptls/ http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/8021X-HOWTO.html --- WiFi Administrator [EMAIL PROTECTED] wrote: Hi all I am attempting to use freeradius to authenticate wireless users and am having problems. If you know of a howto, or site with the specifics that I am looking for, please let me know. Setup - Proxim 4000 AP which will do the following authentication: none wep wpa 802.1x I can get the 'none' part working just fine |:) I won't use WEP I haven't been able to figure out where to put the cooresponding information when a user selects the different security profiles. From what I have gathered so far, wpa and 802.1x both use the MAC addy as radcheck.UserName with redcheck.Attribute being the type of security and the value being the secret or PSK. I have tried to input this directly with no luck. = Julius Igugu SouthWork Co. Ltd. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_mschap compilation error - Where to look ?
On Wed, Dec 29, 2004 at 10:37:20AM -0500, Alan DeKok wrote: Aime [EMAIL PROTECTED] wrote: When compiling Freeradius , i have the following error during rlm_mschap compilation. Where do I have to look ? The radius_exec_program function was changed yesterday. rlm_mschap wasn't updated, but it should be updated in a day or so. Actually, it was the other way 'round. The changes to rlm_mschap got comitted by accident, but radius_exec_program wasn't. I've comitted them now, so this problem should go away. I apologise for the inconvinience. -- Paul TBBle Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: NAS from MYSQL
Hi Neil, Please restart you Freeradius after you add NAS entry in 'nas' table. Also to see whether radius is reading from 'nas' table, run radius with following command # radiusd -X This will show from where radius is reading NAS info. I hope you will get your problem resolved now. If not then you are welcome to chat with me. Bye Amit Gupta Mobile: 91-9818052171 Yahoo IM: amitguptainn MSN IM : amitguptainn -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Neil Craig Sent: Wednesday, December 29, 2004 5:14 AM To: freeradius-users@lists.freeradius.org Subject: NAS from MYSQL I'm trying to set Freeradius to read the NAS list from MySQL but not having much luck. All SQL is working for user auth etc and line in sql.conf is set to yes to have it read the nas list from the nas table. If I have the entry in clients.conf then it works fine but never seems to read from the db... any ideas? Thanks in advance.. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radreply
How do you get an attribute that you have added to the user_edit.attrs file to be put in the radreply table instead of the radcheck. I have added an attribute to the list and everytime I put a value in and set it to = it puts the entry in the radcheck table. Is there some documentation that discusses this or explains it? Nick Marino - IT Solutions - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: acct_users file
Hello Prabha, I think doc directory in Freeradius sources will be of great help to you. Amit Gupta Mobile: 91-9818052171 Yahoo IM: amitguptainn MSN IM : amitguptainn -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of prabhan Sent: Wednesday, December 29, 2004 7:55 PM To: freeradius-users@lists.freeradius.org Subject: acct_users file Hello, Why is acct_users file is used ?? How to configure in the radius server if any specific attribute is to be sent in the access accept packet ??? When we specify a path for Exec-Program as Exec Program = /usr/local/acct/start in the acct_users file , what is to be specified in start file. Can i get a sample example ?? Thanks, Prabha N - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
