strange Exec-Program problem
Hello, when trying to execute some script on each user login attempt using local DB everythings works as it supposed to do. But if using another RADIUS server as specifying to use the previously mentioned DB (like remote DB), getting the following errors in the log file: Error: Exec-Program: FAILED to execute /var: No such file or directory For users for which i've not set the Exec-Wait as a Reply attribute, everything work perfectly. Can someone point me could be the problem? Edgars - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Errors with freeradius-snapshot-20050424 make install
Hello all, I try to build freeradius-snapshot-20050424 under rehat 3.2.3-47 (Kernel: 2.4.21-27.0.2.EL). Install gives the following errors: libtool: install: warning: relinking `rlm_eap_peap.la' (cd /service/freeradius/freeradius-snapshot- 20050424/src/modules/rlm_eap/types /rlm_eap_peap; /bin/sh /service/freeradius/freeradius-snapshot-20050424/libtool -- mode=relink gcc -release 1.1.0-pre0 -module -export-dynamic -g -O2 - DOPENSSL_NO_KRB5 -I../../../../include -I../.. -I../rlm_eap_tls -DOPENSSL_NO_KRB5 -I./../../libeap -o rlm_eap_peap.la -rpath /usr/local/freeradius/lib rlm_eap_peap.lo peap.lo ../../../../lib/libradius.la ../rlm_eap_tls/rlm_eap_tls.la -L./../../libeap -leap -lcrypto -lssl -lcrypto -lnsl -lresolv -lcrypto ) *** Warning: Linking the shared library rlm_eap_peap.la against the loadable module *** rlm_eap_tls.so is not portable! *** Warning: Linking the shared library rlm_eap_peap.la against the loadable module *** libeap.so is not portable! gcc -shared .libs/rlm_eap_peap.o .libs/peap.o -Wl,--rpath -Wl,/usr/local/freeradius/lib -L/usr/local/freeradius/lib -lradius -lrlm_eap_tls -L/service/freeradius/freeradius-snapshot- 20050424/src/modules/rlm_eap/lib eap -leap -lssl -lnsl -lresolv -lcrypto -Wl,-soname -Wl,rlm_eap_peap-1.1.0-pre0.so -o .libs/rlm_eap_peap-1.1.0- pre0.so /usr/bin/ld: cannot find -lrlm_eap_tls collect2: ld returned 1 exit status libtool: install: error: relink `rlm_eap_peap.la' with the above command before installing it gmake[11]: *** [install] Fehler 1 gmake[11]: Verlassen des Verzeichnisses Verzeichnis »/service/freeradius/freeradius-snapshot- 20050424/src/modules/rlm_eap/typ es/rlm_eap_peap« gmake[10]: *** [common] Fehler 2 gmake[10]: Verlassen des Verzeichnisses Verzeichnis »/service/freeradius/freeradius-snapshot- 20050424/src/modules/rlm_eap/typ es« gmake[9]: *** [install] Fehler 2 gmake[9]: Verlassen des Verzeichnisses Verzeichnis »/service/freeradius/freeradius-snapshot- 20050424/src/modules/rlm_eap/typ es« gmake[8]: *** [common] Fehler 2 gmake[8]: Verlassen des Verzeichnisses Verzeichnis »/service/freeradius/freeradius-snapshot- 20050424/src/modules/rlm_eap« gmake[7]: *** [install-types] Fehler 2 gmake[7]: Verlassen des Verzeichnisses Verzeichnis »/service/freeradius/freeradius-snapshot- 20050424/src/modules/rlm_eap« gmake[6]: *** [install] Fehler 2 gmake[6]: Verlassen des Verzeichnisses Verzeichnis »/service/freeradius/freeradius-snapshot- 20050424/src/modules/rlm_eap« gmake[5]: *** [common] Fehler 2 gmake[5]: Verlassen des Verzeichnisses Verzeichnis »/service/freeradius/freeradius-snapshot-20050424/src/modules« gmake[4]: *** [install] Fehler 2 gmake[4]: Verlassen des Verzeichnisses Verzeichnis »/service/freeradius/freeradius-snapshot-20050424/src/modules« gmake[3]: *** [common] Fehler 2 gmake[3]: Verlassen des Verzeichnisses Verzeichnis »/service/freeradius/freeradius-snapshot-20050424/src« gmake[2]: *** [install] Fehler 2 gmake[2]: Verlassen des Verzeichnisses Verzeichnis »/service/freeradius/freeradius-snapshot-20050424/src« gmake[1]: *** [common] Fehler 2 gmake[1]: Verlassen des Verzeichnisses Verzeichnis »/service/freeradius/freeradius-snapshot-20050424« make: *** [install] Fehler 2 [EMAIL PROTECTED] freeradius-snapshot-20050424]# some tips or hints? Grüße Hans-Peter Fuchs Hans-Peter Fuchs - RZKR, Zimmer 20 Zentrum fuer angewandte Informatik - Universitaetsweiter Service RRZK Universität zu Köln - Tel: 0221-470-6972 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius-Users digest, Vol 1 #4570 - 4 msgs
help needed for dialupadmin configuration --- [EMAIL PROTECTED] wrote: Send Freeradius-Users mailing list submissions to freeradius-users@lists.freeradius.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than Re: Contents of Freeradius-Users digest... Today's Topics: 1. Snmp trap (Yoram Baruchian) 2. RE: Snmp trap (Anson Rinesmith) 3. Hi (Akram Mohammad) 4. Crash - 1.0.2 - undefined symbol: eaptls_process (Pieter E Smit) --__--__-- Message: 1 Subject: Snmp trap Date: Sun, 1 May 2005 10:24:31 +0200 From: Yoram Baruchian [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Reply-To: freeradius-users@lists.freeradius.org This is a multi-part message in MIME format. --_=_NextPart_001_01C54E27.32EEDBD4 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Hi Can free radius send an snmp trap to nms (hp/ov or similar) when a user is unauthenticated? BEST REGARDS * Bar Yoram Senior Security Systems Engineer Technical Services Division Tel: 972 (3) 9278472 Mobile: 972 (53) 878472 Fax: 972 (3) 9229218 mailto:[EMAIL PROTECTED] * --_=_NextPart_001_01C54E27.32EEDBD4 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 3.2//EN HTML HEAD META HTTP-EQUIV=3DContent-Type CONTENT=3Dtext/html; = charset=3Dus-ascii META NAME=3DGenerator CONTENT=3DMS Exchange Server version = 6.5.7226.0 TITLESnmp trap/TITLE /HEAD BODY !-- Converted from text/rtf format -- BR P DIR=3DLTRSPAN LANG=3Den-usFONT COLOR=3D#800080 = FACE=3DCourier NewHi/FONT/SPAN/P P DIR=3DLTRSPAN LANG=3Den-usFONT COLOR=3D#800080 = FACE=3DCourier NewCan free radius send an snmp trap to nms (hp/ov or = similar) when a user is unauthenticated?/FONT/SPAN/P UL DIR=3DLTR P DIR=3DLTRSPAN LANG=3Den-usBFONT COLOR=3D#800080 SIZE=3D2 = FACE=3DArialBEST REGARDS/FONT/B/SPAN/P P DIR=3DLTRSPAN LANG=3Den-usFONT COLOR=3D#800080 SIZE=3D2 = FACE=3DArial*/FON= T/SPAN/P P DIR=3DLTRSPAN LANG=3Den-usBFONT COLOR=3D#80 = FACE=3DArialBar Yoram/FONT/B/SPAN/P P DIR=3DLTRSPAN LANG=3Den-usBFONT SIZE=3D2 = FACE=3DArialSenior Security amp; Systems = Engineer/FONT/B/SPAN/P P DIR=3DLTRSPAN LANG=3Den-usBFONT SIZE=3D2 = FACE=3DArialTechnical Services Division/FONT/B/SPAN/P P DIR=3DLTRSPAN LANG=3Den-usFONT SIZE=3D2 FACE=3DArialTel: 972 = (3) 9278472/FONT/SPAN/P P DIR=3DLTRSPAN LANG=3Den-usFONT SIZE=3D2 FACE=3DArialMobile: = 972 (53) 878472/FONT/SPAN/P P DIR=3DLTRSPAN LANG=3Den-usFONT SIZE=3D2 FACE=3DArialFax: 972 = (3) 9229218/FONT/SPAN/P P DIR=3DLTRSPAN LANG=3Den-usUFONT COLOR=3D#FF = FACE=3DTimes New Romanlt;/FONT/U/SPANA = HREF=3Dmailto:[EMAIL PROTECTED]SPAN LANG=3Den-usU/UUFONT = COLOR=3D#FF FACE=3DTimes New = Romanmailto:[EMAIL PROTECTED]/FONT/U/SPAN/ASPAN = LANG=3Den-usUFONT COLOR=3D#FF FACE=3DTimes New = Romangt;/FONT/U/SPAN/P P DIR=3DLTRSPAN LANG=3Den-usFONT COLOR=3D#800080 SIZE=3D2 = FACE=3DArial*/FON= T/SPAN/P /UL /BODY /HTML --_=_NextPart_001_01C54E27.32EEDBD4-- --__--__-- Message: 2 From: Anson Rinesmith [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Subject: RE: Snmp trap Date: Sun, 1 May 2005 10:49:45 -0500 Reply-To: freeradius-users@lists.freeradius.org This is a multi-part message in MIME format. --=_NextPart_000_0011_01C54E3B.7DE89A40 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit It wouldn't be hard to write your own script to either a) plug in as a module to execute sending a trap on failure or b) monitor the log file and do the same. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Yoram Baruchian Sent: Sunday, May 01, 2005 3:25 AM To: freeradius-users@lists.freeradius.org Subject: Snmp trap Hi Can free radius send an snmp trap to nms (hp/ov or similar) when a user is unauthenticated? BEST REGARDS * Bar Yoram === message truncated === __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Error: Dropping conflicting packet from client ...
Hi! I'm running freeradius-1.0.2, for authentication and accounting under Linux Box. This radius receives about 6 or 10 new calls per minute using a simple authentiaction method, using MySQL as backend for registering the calls. Every day I'm seeing this error logs on my radius.log file: Mon May 2 12:34:44 2005 : Error: Dropping conflicting packet from client 212.100.235.227:1812 - ID: 11 due to unfinished request 2064 Mon May 2 12:34:47 2005 : Error: Dropping conflicting packet from client 212.100.235.227:1812 - ID: 11 due to unfinished request 2064 Mon May 2 12:34:50 2005 : Error: Dropping conflicting packet from client 212.100.235.227:1812 - ID: 11 due to unfinished request 2064 Mon May 2 12:34:53 2005 : Error: Dropping conflicting packet from client 212.100.235.227:1812 - ID: 11 due to unfinished request 2064 Mon May 2 12:34:56 2005 : Error: Dropping conflicting packet from client 212.100.235.227:1812 - ID: 11 due to unfinished request 2064 Mon May 2 12:34:58 2005 : Error: Dropping conflicting packet from client 212.100.235.227:1812 - ID: 12 due to unfinished request 2065 Mon May 2 12:35:01 2005 : Error: Dropping conflicting packet from client 212.100.235.227:1812 - ID: 12 due to unfinished request 2065 Mon May 2 12:35:04 2005 : Error: Dropping conflicting packet from client 212.100.235.227:1812 - ID: 12 due to unfinished request 2065 Mon May 2 12:35:07 2005 : Error: Dropping conflicting packet from client 212.100.235.227:1812 - ID: 12 due to unfinished request 2065 Mon May 2 12:35:10 2005 : Error: Dropping conflicting packet from client 212.100.235.227:1812 - ID: 12 due to unfinished request 2065 Mon May 2 12:35:14 2005 : Error: Dropping conflicting packet from client 212.100.235.227:1812 - ID: 11 due to unfinished request 2064 Mon May 2 12:35:17 2005 : Error: Dropping conflicting packet from client 212.100.235.227:1812 - ID: 11 due to unfinished request 2064 Mon May 2 12:35:19 2005 : Error: Dropping conflicting packet from client 212.100.235.227:1812 - ID: 15 due to unfinished request 2068 Mon May 2 12:35:21 2005 : Error: Dropping conflicting packet from client 212.100.235.227:1812 - ID: 11 due to unfinished request 2064 Mon May 2 12:35:23 2005 : Error: Dropping conflicting packet from client 212.100.235.227:1812 - ID: 15 due to unfinished request 2068 Mon May 2 12:35:24 2005 : Error: Dropping conflicting packet from client 212.100.235.227:1812 - ID: 11 due to unfinished request 2064 I couldn't find many info on this error on the net... I've seen a couple of threads that mention it can be due to the radius taking too much time to authenticate while using scripts, but I'm using any perl script, just simple authentication accepting everything... I tried increasing max_request_time to 60 (it was on 30) and max_requests to 6400 (I've got 25 clients) on radiusd.conf, but that didn't solve it... What factors can be causing this error?? Thanks in advance, Abdul __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: proxy reply attributes
hi,
On Fri, 2005-04-22 at 12:46 -0400, Alan DeKok wrote:
Tiago Fernandes [EMAIL PROTECTED] wrote:
pre-proxy {
...
pre_proxy_filter
That filters attributes BEFORE the packet is sent to the home server.
so with this config, i say that any attributes Tunnel-* in proxy
replies packets are removed (i suppose).
Don't suppose. Read the debugging output of the server.
Is this config right ? What can be the problem ?? Any idea's ??
The config is wrong for what you say you want to do. The debug
output of the server would tell you this.
right.
So what i want is to tell home server to remove some attributes from a
reply, if that reply is going to be sent to a specific proxy server.
How can i do this ??
can't find any config to do this in radiusd.conf or other file...
To debug problems like this, run it in debugging mode, and read the
output. All of it.
done
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
signature.asc
Description: This is a digitally signed message part
Re: Errors with freeradius-snapshot-20050424 make install
This will all be fixed shortly. I'm getting close to finishing up the move to libeaptls to fix these inter-module linking problems. --Mike Hans-Peter Fuchs wrote: Hello all, I try to build freeradius-snapshot-20050424 under rehat 3.2.3-47 (Kernel: 2.4.21-27.0.2.EL). Install gives the following errors: libtool: install: warning: relinking `rlm_eap_peap.la' (cd /service/freeradius/freeradius-snapshot- 20050424/src/modules/rlm_eap/types /rlm_eap_peap; /bin/sh /service/freeradius/freeradius-snapshot-20050424/libtool -- mode=relink gcc -release 1.1.0-pre0 -module -export-dynamic -g -O2 - DOPENSSL_NO_KRB5 -I../../../../include -I../.. -I../rlm_eap_tls -DOPENSSL_NO_KRB5 -I./../../libeap -o rlm_eap_peap.la -rpath /usr/local/freeradius/lib rlm_eap_peap.lo peap.lo ../../../../lib/libradius.la ../rlm_eap_tls/rlm_eap_tls.la -L./../../libeap -leap -lcrypto -lssl -lcrypto -lnsl -lresolv -lcrypto ) *** Warning: Linking the shared library rlm_eap_peap.la against the loadable module *** rlm_eap_tls.so is not portable! *** Warning: Linking the shared library rlm_eap_peap.la against the loadable module *** libeap.so is not portable! gcc -shared .libs/rlm_eap_peap.o .libs/peap.o -Wl,--rpath -Wl,/usr/local/freeradius/lib -L/usr/local/freeradius/lib -lradius -lrlm_eap_tls -L/service/freeradius/freeradius-snapshot- 20050424/src/modules/rlm_eap/lib eap -leap -lssl -lnsl -lresolv -lcrypto -Wl,-soname -Wl,rlm_eap_peap-1.1.0-pre0.so -o .libs/rlm_eap_peap-1.1.0- pre0.so /usr/bin/ld: cannot find -lrlm_eap_tls collect2: ld returned 1 exit status libtool: install: error: relink `rlm_eap_peap.la' with the above command before installing it gmake[11]: *** [install] Fehler 1 gmake[11]: Verlassen des Verzeichnisses Verzeichnis »/service/freeradius/freeradius-snapshot- 20050424/src/modules/rlm_eap/typ es/rlm_eap_peap« gmake[10]: *** [common] Fehler 2 gmake[10]: Verlassen des Verzeichnisses Verzeichnis »/service/freeradius/freeradius-snapshot- 20050424/src/modules/rlm_eap/typ es« gmake[9]: *** [install] Fehler 2 gmake[9]: Verlassen des Verzeichnisses Verzeichnis »/service/freeradius/freeradius-snapshot- 20050424/src/modules/rlm_eap/typ es« gmake[8]: *** [common] Fehler 2 gmake[8]: Verlassen des Verzeichnisses Verzeichnis »/service/freeradius/freeradius-snapshot- 20050424/src/modules/rlm_eap« gmake[7]: *** [install-types] Fehler 2 gmake[7]: Verlassen des Verzeichnisses Verzeichnis »/service/freeradius/freeradius-snapshot- 20050424/src/modules/rlm_eap« gmake[6]: *** [install] Fehler 2 gmake[6]: Verlassen des Verzeichnisses Verzeichnis »/service/freeradius/freeradius-snapshot- 20050424/src/modules/rlm_eap« gmake[5]: *** [common] Fehler 2 gmake[5]: Verlassen des Verzeichnisses Verzeichnis »/service/freeradius/freeradius-snapshot-20050424/src/modules« gmake[4]: *** [install] Fehler 2 gmake[4]: Verlassen des Verzeichnisses Verzeichnis »/service/freeradius/freeradius-snapshot-20050424/src/modules« gmake[3]: *** [common] Fehler 2 gmake[3]: Verlassen des Verzeichnisses Verzeichnis »/service/freeradius/freeradius-snapshot-20050424/src« gmake[2]: *** [install] Fehler 2 gmake[2]: Verlassen des Verzeichnisses Verzeichnis »/service/freeradius/freeradius-snapshot-20050424/src« gmake[1]: *** [common] Fehler 2 gmake[1]: Verlassen des Verzeichnisses Verzeichnis »/service/freeradius/freeradius-snapshot-20050424« make: *** [install] Fehler 2 [EMAIL PROTECTED] freeradius-snapshot-20050424]# some tips or hints? Grüße Hans-Peter Fuchs Hans-Peter Fuchs - RZKR, Zimmer 20 Zentrum fuer angewandte Informatik - Universitaetsweiter Service RRZK Universität zu Köln - Tel: 0221-470-6972 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: strange Exec-Program problem
Hello, when trying to execute some script on each user login attempt using local DB everythings works as it supposed to do. But if using another RADIUS server as specifying to use the previously mentioned DB (like remote DB), getting the following errors in the log file: Error: Exec-Program: FAILED to execute /var: No such file or directory For users for which i've not set the Exec-Wait as a Reply attribute, everything work perfectly. Can someone point me could be the problem? Edgars Looks like it can't find the script. Want to show us how you have it setup in the users file? Maybe some radiusd -X output as well. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Logging shortname
Wondering if there is a way to log the nas shortname to my sql database, using mysql, looking to do it for the accounting and for the postauth reply logging. I see it logs it to the flatfile but not anywhere else, looking to pull some statistics on each modem pool we have and would be very helpful if this was possible. Scott
Logging/accounting regardless whether Accounting-Request packet sent
I have a set up with LDAP backend and a Chillispot run unencrypted
network and WPA running off a WRT54G wireless router. Accounting works
like a champ coming from the Chillispot network however it doesn't work
at all coming from WRT54G. I look through the debug logs and I notice
that Chillispot sends an Accounting Request packet while WRT54G doesn't.
I checked the set up for both and true Chillispot does have
radius-accounting turned on while WRT54G doesn't even have that option.
Is it somehow possible to log the details regardless whether NAS sends
the request ?
My set up is as follows
accounting {
detail
reply_log
pre_proxy_log
post_proxy_log
unix
radutmp
}
This is what I get from Chillispot debug
--- Walking the entire request list ---
Cleaning up request 17 ID 108 with timestamp 42765dfb
Nothing to do. Sleeping until we see a request.
rad_recv: Accounting-Request packet from host 192.168.2.227:1654,
id=108, length=132
Acct-Status-Type = Start
User-Name = testuser
Calling-Station-Id = 00-0D-93-EE-7E-F3
Called-Station-Id = 00-0A-5E-41-8A-89
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
NAS-Port-Id = 0001
NAS-IP-Address = 0.0.0.0
NAS-Identifier = nas01
Framed-IP-Address = 192.168.182.92
Acct-Session-Id = 42765de20001
Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 18
modcall[preacct]: module preprocess returns noop for request 18
rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address =
192.168.2.227,NAS-IP-Address = 0.0.0.0,Acct-Session-Id =
42765de20001,User-Name = testuser'
rlm_acct_unique: Acct-Unique-Session-ID = 4fb8b84ec8c9dec5.
modcall[preacct]: module acct_unique returns ok for request 18
rlm_realm: No '@' in User-Name = testuser, looking up realm NULL
rlm_realm: No such realm NULL
modcall[preacct]: module suffix returns noop for request 18
modcall[preacct]: module files returns noop for request 18
modcall: group preacct returns ok for request 18
Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 18
radius_xlat: '/var/log/radacct/192.168.2.227/detail-20050502'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to /var/log/radacct/192.168.2.227/detail-20050502
modcall[accounting]: module detail returns ok for request 18
radius_xlat: '/var/log/radacct/192.168.2.227/reply-detail-20050502'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d
expands to /var/log/radacct/192.168.2.227/reply-detail-20050502
modcall[accounting]: module reply_log returns ok for request 18
radius_xlat: '/var/log/radacct/192.168.2.227/detail'
rlm_detail: %A/%{Client-IP-Address}/detail expands to
/var/log/radacct/192.168.2.227/detail
modcall[accounting]: module pre_proxy_log returns ok for request 18
radius_xlat: '/var/log/radacct/192.168.2.227/detail'
rlm_detail: %A/%{Client-IP-Address}/detail expands to
/var/log/radacct/192.168.2.227/detail
modcall[accounting]: module post_proxy_log returns ok for request 18
modcall[accounting]: module unix returns fail for request 18
modcall: group accounting returns fail for request 18
Thanks a lot,
Vladimir
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
WPA Auth w/users file
I have the same problem as: http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg15436.html Running Freeradius 1.0.1. I've made the changes listed in that thread, but.. I'm using the raddb/users file (only 7 entries), and am not finding a way to auth against My-Local-User-Name :( Any pointers, thwaps over the head, or pushes in the right direction appreciated ;) -- Homer Parker [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Logging/accounting regardless whether Accounting-Request packet sent
On Mon, 2 May 2005, Vladimir Vuksan wrote: I have a set up with LDAP backend and a Chillispot run unencrypted network and WPA running off a WRT54G wireless router. Accounting works like a champ coming from the Chillispot network however it doesn't work at all coming from WRT54G. I look through the debug logs and I notice that Chillispot sends an Accounting Request packet while WRT54G doesn't. I checked the set up for both and true Chillispot does have radius-accounting turned on while WRT54G doesn't even have that option. Is it somehow possible to log the details regardless whether NAS sends the request ? Nope. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: WPA Auth w/users file
Vladimir Vuksan [EMAIL PROTECTED] wrote:
Homer Parker wrote:
I have the same problem as:
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg15436.html
Running Freeradius 1.0.1. I've made the changes listed in that thread,
but.. I'm using the raddb/users file (only 7 entries), and am not
finding a way to auth against My-Local-User-Name :( Any pointers, thwaps
over the head, or pushes in the right direction appreciated ;)
Send your debug log and configuration ?
I don't know as there's any point to that. His problem is identical to
the one discussed in the thread he referenced (started by me), except
he's trying to authenticate against a users file, instead of an
smbpasswd file.
In my case, I was able to do this, in order to use the new
My-Local-User-Name variable:
/usr/local/etc/raddb/radiusd.conf:
...
passwd etc_smbpasswd {
filename = ...
format =
*My-Local-User-Name::LM-Password:NT-Password:SMB-Account-CTRL-TEXT::
...
}
...
Of course: What's normally where My-Local-User-Name is, above, is
simply User-Name.
What Homer needs is a way to do the same thing for authenticating
against the users file, if possible. (Near as I can tell.)
(I had showed him how to reduce PCNAME\\username to username, into
My-Local-User-Name.)
Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at http://jimsun.linxnet.com/scform.php.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Best Way to Run Radius Server over Multi - Satellite Pops
Hello All, At the moment i am running a local radius server on one of my pops, and the business is expanding steadily and we are going to have multiple pops. All pops are linked to a Satellite Dish with a 550ms Delay to the provider, I am looking for the best way to centralise the Main Radius Server. Ideas i have played about with. - Archive radius database once in the evening and upload it to the pops Via cron and process it at the other end, means running multiple radius servers. - Put a central Server at the provider and get all radius request going there. problem clog of BW at a point will request timeout the authentication. So what do you guys out there think.. Thanks Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Best Way to Run Radius Server over Multi - Satellite Pops
On Mon, 2 May 2005, Sarkis Gabriel wrote: Hello All, At the moment i am running a local radius server on one of my pops, and the business is expanding steadily and we are going to have multiple pops. All pops are linked to a Satellite Dish with a 550ms Delay to the provider, I am looking for the best way to centralise the Main Radius Server. Ideas i have played about with. - Archive radius database once in the evening and upload it to the pops Via cron and process it at the other end, means running multiple radius servers. - Put a central Server at the provider and get all radius request going there. problem clog of BW at a point will request timeout the authentication. So what do you guys out there think.. Thanks Sarky You could use ldap or mysql as the backend and setup a master server at one location with all your user accounts. This doesn't even need to run radius, just a mysql db or ldap directory that contains all users. Then setup slave mysql or ldap servers at each remote location. Have the radius servers at the remote locations authenticate to the local database/directory. Your accounts will be in sync up to the delay for the replication to take place. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Best Way to Run Radius Server over Multi - Satellite Pops
On Mon, 2 May 2005, Sarkis Gabriel wrote: Hello All, At the moment i am running a local radius server on one of my pops, and the business is expanding steadily and we are going to have multiple pops. All pops are linked to a Satellite Dish with a 550ms Delay to the provider, I am looking for the best way to centralise the Main Radius Server. Ideas i have played about with. - Archive radius database once in the evening and upload it to the pops Via cron and process it at the other end, means running multiple radius servers. - Put a central Server at the provider and get all radius request going there. problem clog of BW at a point will request timeout the authentication. So what do you guys out there think.. Thanks Sarky BTW. doc/ldap_howto.txt shows how to do ldap replication and use that with freeradius. http://www.openldap.org/doc/admin22/replication.html more details on ldap replication http://dev.mysql.com/doc/mysql/en/replication.html more details on mysql replication - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Best Way to Run Radius Server over Multi - Satellite Pops
Brilliant that is something to work on, i am already using mysql as a backend for my user list, so i can use that with replication. I just want to make sure does it replicate both ways or just main Replication server to Slave. The reason i ask that because of alot of Accounting stuff will be gathered localy. Thank you Sarkis -- This Mail Was Created Using WebOnLan WebMail (http://www.webonlan.com) -- Original Message --- From: Dustin Doris [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Sent: Mon, 2 May 2005 17:11:18 -0400 (EDT) Subject: Re: Best Way to Run Radius Server over Multi - Satellite Pops On Mon, 2 May 2005, Sarkis Gabriel wrote: Hello All, At the moment i am running a local radius server on one of my pops, and the business is expanding steadily and we are going to have multiple pops. All pops are linked to a Satellite Dish with a 550ms Delay to the provider, I am looking for the best way to centralise the Main Radius Server. Ideas i have played about with. - Archive radius database once in the evening and upload it to the pops Via cron and process it at the other end, means running multiple radius servers. - Put a central Server at the provider and get all radius request going there. problem clog of BW at a point will request timeout the authentication. So what do you guys out there think.. Thanks Sarky BTW. doc/ldap_howto.txt shows how to do ldap replication and use that with freeradius. http://www.openldap.org/doc/admin22/replication.html more details on ldap replication http://dev.mysql.com/doc/mysql/en/replication.html more details on mysql replication - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- End of Original Message --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAp/TSL authorization problem
28 2005 11:38 Sergey Guriev : Here is one big log of session. Please help me understand what realy wrong. I'm asking one more time, PLEASE look at my Log (previous message in this thread) and help me to understand what is wrong? Regards, Sergey. -- Sergey A. Guriev Organization: New Telephone Company e-mail: [EMAIL PROTECTED] -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAp/TSL authorization problem
Sergey Guriev wrote: Im' using freeradius 1.02 (under linux), Cisco AiroNet 1230B and PC-station under Win-XP. And I have some problem with authorization. Here parts of my configs: users: - ttt Password == I believe this should be User-Password == Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAp/TSL authorization problem
3 2005 09:48 Vladimir Vuksan : I believe this should be User-Password == I made it and User-Password and Password - no change. -- Regards, Sergey. -- Sergey A. Guriev Organization: New Telephone Company e-mail: [EMAIL PROTECTED] -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAp/TSL authorization problem
Sergey Guriev wrote: 3 2005 09:48 Vladimir Vuksan : I believe this should be User-Password == I made it and User-Password and Password - no change The log contains something peculiar ie. rad_recv: Access-Request packet from host 80.243.64.30:14123, id=138, length=142 User-Name = [EMAIL PROTECTED] However then it goes off strips off wlan.lan as the Realm and says Thu Apr 28 11:33:53 2005 : Debug: users: Matched entry www at line 228 Are you sure that the entry on line 228 has the correct password. I am not quite sure where the [EMAIL PROTECTED] comes from. Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAp/TSL authorization problem
3 2005 10:14 Vladimir Vuksan : Thu Apr 28 11:33:53 2005 : Debug: users: Matched entry www at line 228 Are you sure that the entry on line 228 has the correct password. I am not quite sure where the [EMAIL PROTECTED] comes from. Yes, I sure, becouse Matched entry www at line 228 means Username and password matched. Regards, Sergey. -- Sergey A. Guriev Organization: New Telephone Company e-mail: [EMAIL PROTECTED] -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error: Dropping conflicting packet from client ...
Abdul Lateef wrote: [...] Mon May 2 12:34:44 2005 : Error: Dropping conflicting packet from client 212.100.235.227:1812 - ID: 11 due to unfinished request 2064 [...] heheh.. it seems you read my e-mail from last month: http://lists.freeradius.org/archives/freeradius-users/2005/04/frm00119.html almost textual!!! :P anyway... If you follow this thread you'll see I was also having some similar errors when using Exec-Program-Wait but with a php script I was then told there was a bug on the Exec-Program-Wait code, and that I should upgrade to latest CVS version. I upgraded and the errors I mentioned on my first e-mail disappeared, and Exec-Program-Wait started working fine, without having any of the other similar errors. Regards, Juan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Best Way to Run Radius Server over Multi - Satellite Pops
On Mon, May 02, 2005 at 11:28:52PM +0200, Sarkis Gabriel wrote: Brilliant that is something to work on, i am already using mysql as a backend for my user list, so i can use that with replication. I just want to make sure does it replicate both ways or just main Replication server to Slave. The reason i ask that because of alot of Accounting stuff will be gathered localy. MySQL only replicates one way. In theory you can have two dbs circularly replicating back and forth (maybe only with 4.1?) but for this you will probably be better with radrelay, since you really just want to push accounting data up to a central server, while authentication data flows down _from_ the central server. -- Paul TBBle Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error: Dropping conflicting packet from client ...
Hi Joun, You are right, i read your thread because i was searching the solutions for the same. and i found just copy paste in my new thread. ): BTW, What is CVS? really i am new in linux box. if you can tell me how i can upgrade the Exec-Program-Wait, i really i will be approciated. And i wanted to ask you, is this danger error. because already i released for the production. Thank You Abdul Lateef __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Upgrading freeradius 1.0.2 with freeradius-snapshot-20050502
Hi guys, I installed freeradius 1.0.2 on my redhat box. all thing is working well. But there is some error like: Mon May 2 14:43:09 2005 : Error: Exec-Program: Abnormal child exit: No child processes Mon May 2 15:06:36 2005 : Error: Dropping conflicting packet from client 10.0.0.28:1812 - ID: 12 due to unfinished request 2065 In radius log file. I read more threads about this error, and at last i found, that i have to upgrade with snapshot. I don't have any idea how to upgrade but for the test I downloaded it from the web site and i tried to install using following commond: $ ./configure $ make $ make install But when i am running make. I found 2 error which i am going to post following macsha1.c -fPIC -DPIC -o .libs/hmacsha1.o In file included from hmacsha1.c:15: ../include/sha1.h:15: syntax error before uint32_t ../include/sha1.h:15: warning: no semicolon at end of struct or union ../include/sha1.h:16: warning: data definition has no type or storage class ../include/sha1.h:17: syntax error before buffer ../include/sha1.h:17: warning: data definition has no type or storage class ../include/sha1.h:18: syntax error before '}' token ../include/sha1.h:18: warning: data definition has no type or storage class ../include/sha1.h:20: syntax error before state ../include/sha1.h:21: syntax error before '*' token ../include/sha1.h:22: syntax error before '*' token ../include/sha1.h:23: syntax error before digest ../include/sha1.h:29: syntax error before digest ../include/sha1.h:34: syntax error before mk hmacsha1.c: In function `lrad_hmac_sha1': hmacsha1.c:37: syntax error before context hmacsha1.c:49: syntax error before tctx hmacsha1.c:51: `tctx' undeclared (first use in this function) hmacsha1.c:51: (Each undeclared identifier is reported only once hmacsha1.c:51: for each function it appears in.) hmacsha1.c:124: `context' undeclared (first use in this function) gmake[4]: *** [hmacsha1.lo] Error 1 gmake[4]: Leaving directory `/usr/local/freeradius-snapshot-20050502/src/lib' gmake[3]: *** [common] Error 2 gmake[3]: Leaving directory `/usr/local/freeradius-snapshot-20050502/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/usr/local/freeradius-snapshot-20050502/src' gmake[1]: *** [common] Error 2 gmake[1]: Leaving directory `/usr/local/freeradius-snapshot-20050502' make: *** [all] Error 2 [EMAIL PROTECTED] freeradius-snapshot-20050502]# Can any one help me how i can do it? Abdul Lateef __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
