Memory big problem
By the way, rlm_checkval meets in most cases losses ==8528== 200448 bytes in 783 blocks are definitely lost in loss record 178 of 190 ... ==8528==by 0x1BB83E41: regcomp (in /lib/tls/libc-2.3.2.so) ==8528==by 0x1D310FC3: do_checkval (rlm_checkval.c:275) ... ==8528== 60416 bytes in 59 blocks are possibly lost in loss record 162 of 190 ... ==8528==by 0x1BB88BF0: regexec (in /lib/tls/libc-2.3.2.so) ==8528==by 0x1D310FF4: do_checkval (rlm_checkval.c:281) ... ==8528== 55800 bytes in 15 blocks are possibly lost in loss record 159 of 190 ... ==8528==by 0x1BB83EBF: regcomp (in /lib/tls/libc-2.3.2.so) ==8528==by 0x1D310FC3: do_checkval (rlm_checkval.c:275) ... ==8528== 22320 bytes in 6 blocks are possibly lost in loss record 151 of 190 ... ==8528==by 0x1BB83EBF: regcomp (in /lib/tls/libc-2.3.2.so) ==8528==by 0x1D310FC3: do_checkval (rlm_checkval.c:275) ... etc. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Memory big problem
Thanks, I have tried Valgrind. Valgrind have given out as a result of 20 losses and possible losses of memory. Basically from several bytes up to 200 kbytes for 30 seconds of work. The largest following. ... ... ... ==8528== 11032016 (72220 direct, 10959796 indirect) bytes in 785 blocks are definitely lost in loss record 166 of 190 ==8528==at 0x1B90659D: malloc (vg_replace_malloc.c:130) ==8528==by 0x1B906FFA: realloc (vg_replace_malloc.c:188) ==8528==by 0x1BB84194: (within /lib/tls/libc-2.3.2.so) ==8528==by 0x1BB83EBF: regcomp (in /lib/tls/libc-2.3.2.so) ==8528==by 0x1D310FC3: do_checkval (rlm_checkval.c:275) ==8528==by 0x80579CF: call_modsingle (modcall.c:254) ==8528==by 0x8057F3E: modcall (modcall.c:590) ==8528==by 0x8057AB2: call_one (modcall.c:287) ==8528==by 0x8057B6D: call_modgroup (modcall.c:342) ==8528==by 0x8057FC7: modcall (modcall.c:575) ==8528==by 0x8057526: module_authorize (modules.c:936) ==8528==by 0x804D1ED: rad_authenticate (auth.c:548) ... ... ... ==8528== LEAK SUMMARY: ==8528==definitely lost: 275914 bytes in 1581 blocks. ==8528==indirectly lost: 10960904 bytes in 140534 blocks. ==8528== possibly lost: 236468 bytes in 234 blocks. ==8528==still reachable: 2190028 bytes in 32961 blocks. ==8528== suppressed: 0 bytes in 0 blocks. Also what with it is possible to do? To try me to correct rlm_checkval? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Load Test the radius server
Hello all, Is there any scripts or tools I could use to stress test our radius server? I need to test so to see if the server we have configured would be able to handle 5000 connections trying to login in a few seconds. Regards, __ Sajeewa Warnakulasuriya ispOne Pty Ltd. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SQL authenticate & Proxying
I'm looking to implement a type of double check authentication using freeradius. I want to use the sql authentication module to provide a list of users. Everyone in this list should be proxied. However, if you aren't in the table, then you should immediately be rejected. I don't have control of the home radius server, so I can't make any modifications there. Generally, I just want to allow a controlled sub-group of users to access the system. At this point the sql module seems to be working (it is accounting and in debug mode I do see if run queries), however, it proxies the request regardless if the user is in the usergroup table. Thanks John Engelman - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: NAS list and dynamic IP
Gunther wrote: Alan DeKok wrote: How can I use a unique secret for each NAS connected to the same ISP? You can't. There's no real way to tell them apart. Alan DeKok. Thanks Alan! I presume it is a radius protocol issue. Maybe good for a future enhancement with some form of additional ID coming from the NAS and not just using the IP address. Gunther Or do vpn tunnels from the nas with internal numbers. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: NAS list and dynamic IP
Alan DeKok wrote: >> How can I use a unique secret for each NAS connected to the same ISP? > > You can't. There's no real way to tell them apart. > > Alan DeKok. Thanks Alan! I presume it is a radius protocol issue. Maybe good for a future enhancement with some form of additional ID coming from the NAS and not just using the IP address. Gunther - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: NAS list and dynamic IP
"Gunther" <[EMAIL PROTECTED]> wrote: > How can I use a unique secret for each NAS connected to the same ISP? You can't. There's no real way to tell them apart. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_digest: cannot do "auth-int" digest authentication to work
Bruno Negrao <[EMAIL PROTECTED]> wrote: > The correct H(A1) for this case should be: "4f36886771c77832be5c5a8de5a7ec82" > instead of "3fe46a5fca36d79d9b5567e49a5b9fa1". OK, that code was mostly untested. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_digest: cannot do "auth-int" digest authentication to work
Hi Alan, Thank you very much in answering. Since you confirmed it is a bug I'd like to let you know that my tests using MD5-sess algorithm also had failed. This time the error is when calculating the H(A1). Again, using the user 'bob' password 'zanzibar', when i run the following command: echo ' User-name = "bob", Digest-Response = "e4e4ea61d186d07a92c9e1f6919902e9", Digest-Realm = "biloxi.com", Digest-Nonce = "dcd98b7102dd2f0e8b11d0f600bfb0c093", Digest-Method = "INVITE", Digest-URI = "sip:[EMAIL PROTECTED]", Digest-Algorithm = "MD5-sess", Digest-User-Name = "bob", Digest-QOP = "auth", Digest-Nonce-Count = "0001", Digest-CNonce = "0a4f113b"' | /usr/bin/radclient localhost auth testing123 2>&1 the output of radiusd -X is: rad_recv: Access-Request packet from host 127.0.0.1:32937, id=87, length=194 User-Name = "bob" Digest-Response = "e4e4ea61d186d07a92c9e1f6919902e9" Digest-Attributes = 0x010c62696c6f78692e636f6d Digest-Attributes = 0x022464636439386237313032646432663065386231316430663630306266623063303933 Digest-Attributes = 0x0308494e56495445 Digest-Attributes = 0x04147369703a626f624062696c6f78692e636f6d Digest-Attributes = 0x060a4d44352d73657373 Digest-Attributes = 0x0a05626f62 Digest-Attributes = 0x050661757468 Digest-Attributes = 0x090a3030303030303031 Digest-Attributes = 0x080a3061346631313362 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 15 modcall[authorize]: module "preprocess" returns ok for request 15 modcall[authorize]: module "chap" returns noop for request 15 modcall[authorize]: module "mschap" returns noop for request 15 rlm_digest: Converting Digest-Attributes to something sane... Digest-Realm = "biloxi.com" Digest-Nonce = "dcd98b7102dd2f0e8b11d0f600bfb0c093" Digest-Method = "INVITE" Digest-URI = "sip:[EMAIL PROTECTED]" Digest-Algorithm = "MD5-sess" Digest-User-Name = "bob" Digest-QOP = "auth" Digest-Nonce-Count = "0001" Digest-CNonce = "0a4f113b" rlm_digest: Adding Auth-Type = DIGEST modcall[authorize]: module "digest" returns ok for request 15 rlm_realm: No '@' in User-Name = "bob", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 15 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 15 users: Matched entry bob at line 5 modcall[authorize]: module "files" returns ok for request 15 modcall: group authorize returns ok for request 15 rad_check_password: Found Auth-Type Digest auth: type "digest" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 15 A1 = bob:biloxi.com:zanzibar A2 = INVITE:sip:[EMAIL PROTECTED] H(A1) = 3fe46a5fca36d79d9b5567e49a5b9fa1 H(A2) = 13a14a3eb5e2c24732a1a04fff543e92 KD = 3fe46a5fca36d79d9b5567e49a5b9fa1:dcd98b7102dd2f0e8b11d0f600bfb0c093:0001:0a4f113b:auth:13a14a3eb5e2c24732a1a04fff543e92 EXPECTED 9c9e30a46fcc7a25a16cc7c4a1330ef8 RECEIVED e4e4ea61d186d07a92c9e1f6919902e9 rlm_digest: FAILED authentication The correct H(A1) for this case should be: "4f36886771c77832be5c5a8de5a7ec82" instead of "3fe46a5fca36d79d9b5567e49a5b9fa1". If you didn't fix this bug yet, use the examples from the draft http://ftp6.us.freebsd.org/pub/rfc/internet-drafts/draft-smith-sipping-auth-examples-01.txt They certainly will help you. Thank you, bnegrao - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
NAS list and dynamic IP
I am running FR 1.0.5 using MySQL including the nas list in a table. So far I have to use the same secret for a number of different NAS units which are connected to the Internet via a dynamic IP. My FR server is on the Internet and has to accept connections from the various NAS units, which can be connected with a variety of different IPs. One ISP has several IP ranges and all of these addresses have to be recognised. So far I am using a masked IP address as nas identifier (e.g. 123.123.0.0/16). How can I use a unique secret for each NAS connected to the same ISP? This is the fixed position format of the nas list in sql (rlm_sql.c): /* * Format: * Row1 Row2Row3Row4Row5Row6Row7Row8 * * id nasname shortname typeports secret community description * */ >From what I understand and experienced, the nasname must be either a DNS resolveable name or an IP address or IP range with netmask. Since my nas clients are on dynamic IP addresses and the nas list will only be read during the radius startup, I am using IP addresses with netmasks. Startup: Sun Dec 12 13:03:44 2005 : Debug: rlm_sql_mysql: query: SELECT * FROM phs_nas Sun Dec 12 13:03:44 2005 : Debug: rlm_sql (sql): Read entry nasname=123.123.0.0/16,shortname=MyShortName,secret=mySecretHere Sun Dec 12 13:03:44 2005 : Debug: rlm_sql (sql): Adding client 123.123.0.0/16 (MyShortName) to clients list ... read nas next entry Is there another way of handling dynamic NAS IP addresses and unique nas secrets? Gunther - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How many Request handle by Free Radius at same time form same client.
On Thu 08 Dec 2005 06:59, Manojkumar Patel wrote: > Hi All > I have one question? > How many Request handle by Free Radius at same time form same client. > I have one Free Radius Server, One client and one other server.Client > send request to radius server and then radius server will send it to > other server and wait for replay for that request. After getting reply > form other server radius will do some process and send replay to client. > > I want to implement a Radius system such as my radius server will be > able to handle 5000 request form client as same time. > Mean radius is able to listen 5000 request form client and then send all > request to other server and wait. After Getting replay from other server > , radius will send replay to client. > How can I implement such requirements . If I understand correctly what you want to do than a decent dual CPU machine should handle this load as long as you dont use a slow database backend. -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpcEDfFfFG2q.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_digest: cannot do "auth-int" digest authentication to work
Bruno Negrao <[EMAIL PROTECTED]> wrote: > What is going wrong is the calculation of H(A2). See the output of "radiusd > -X" in response to that command above: ... > A2 =3D INVITE:sip:[EMAIL PROTECTED]:=C1=ED???=C4=A3=B1p=C0??[VNH That looks bad. > So, why is rlm_digest calculating it as "7a3ae801f64033d060b8209ec071569c"? > > Is it really a bug or am I making a some silly mistake? It's a bug. See revision 1.15 -> 1.16 of rlm_digest.c for a patch. You'll have to add it by hand to your build, though. The fix should be in all versions after 1.0.5. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Wiki is now live
On Mon 12 Dec 2005 22:20, Thor Spruyt wrote: > Alan DeKok wrote: > > http://wiki.freeradius.org/ > > > > Please feel free to add documentation, configuration examples, etc. > > Right now it's pretty minimal and free-form. > > > > Thanks to Peter Nixon for setting it up and hosting it. > > > > Alan DeKok. > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > Yet another thing to maintain... something that nobody has time for :( Well, I will be maintaining the wiki server installation, and as I already have much of the FreeRADIUS documentation in my company wiki and customer documentation I will be maintaining a fair percentage of the module documentation (The ones I use and deploy for customers at least) as a matter of course. I will take me a few days to migrate the rest of the appropriate parts of my wiki over to wiki.freeradius.org but there start is there now. I have also done an initial import of the FreeRADIUS FAQ into: http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ Hopefully that will give others a chance to add questions and answers as http://www.freeradius.org/faq/ has not been updated in 18 months.. Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpgeIwJjsyud.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Wiki is now live
You are most welcome :-) -Peter On Mon 12 Dec 2005 19:55, Joel Eddy wrote: > Thanks Peter. > > > Joel > > - Original Message - > From: "Alan DeKok" <[EMAIL PROTECTED]> > To: > Sent: Monday, December 12, 2005 11:55 AM > Subject: Wiki is now live > > > http://wiki.freeradius.org/ > > > > Please feel free to add documentation, configuration examples, etc. > > Right now it's pretty minimal and free-form. > > > > Thanks to Peter Nixon for setting it up and hosting it. > > > > Alan DeKok. > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpGHGcX7T2ps.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_digest: cannot do "auth-int" digest authentication to work
Hi all,I'm testing the rlm_digest module in freeradius 1.0.5 to make a digest authentication.To test, I'm using radclient and I'm passing to it the Digest attributes in order to authenticate on the localhost. I'm using the command bellow to authenticate the user "bob" password "zanzibar" in my radius server but it's not working.echo ' User-name = "bob", Digest-Response = "bdbeebb2da6adb6bca02599c2239e192", Digest-Realm = "biloxi.com", Digest-Nonce = "dcd98b7102dd2f0e8b11d0f600bfb0c093", Digest-Method = "INVITE", Digest-URI = "sip:[EMAIL PROTECTED]", Digest-Algorithm = "MD5", Digest-User-Name = "bob", Digest-QOP = "auth-int", Digest-Nonce-Count = "0001", Digest-CNonce = "0a4f113b", Digest-Body-Digest = "c1ed018b8ec4a3b170c0921f5b564e48"' | /usr/bin/radclient localhost auth testing123 2>&1The values in I'm passing in the attributes are supposed to be correct. I extracted them from the draft http://ftp6.us.freebsd.org/pub/rfc/internet-drafts/draft-smith-sipping-auth-examples-01.txtWhat is going wrong is the calculation of H(A2). See the output of "radiusd -X" in response to that command above: Cleaning up request 0 ID 111 with timestamp 439dbec1Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 127.0.0.1:32937, id=117, length=229 User-Name = "bob"Digest-Response = "bdbeebb2da6adb6bca02599c2239e192" Digest-Attributes = 0x010c62696c6f78692e636f6dDigest-Attributes = 0x022464636439386237313032646432663065386231316430663630306266623063303933Digest-Attributes = 0x0308494e56495445 Digest-Attributes = 0x04147369703a626f624062696c6f78692e636f6dDigest-Attributes = 0x06054d4435 Digest-Attributes = 0x0a05626f62Digest-Attributes = 0x050a617574682d696e74 Digest-Attributes = 0x090a3030303030303031Digest-Attributes = 0x080a3061346631313362 Digest-Attributes = 0x07226331656430313862386563346133623137306330393231663562353634653438 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1rlm_digest: Converting Digest-Attributes to something sane... Digest-Realm = "biloxi.com" Digest-Nonce = "dcd98b7102dd2f0e8b11d0f600bfb0c093"Digest-Method = "INVITE" Digest-URI = "sip:[EMAIL PROTECTED]"Digest-Algorithm = "MD5" Digest-User-Name = "bob"Digest-QOP = "auth-int" Digest-Nonce-Count = "0001"Digest-CNonce = "0a4f113b" Digest-Body-Digest = "c1ed018b8ec4a3b170c0921f5b564e48" rlm_digest: Adding Auth-Type = DIGEST modcall[authorize]: module "digest" returns ok for request 1 rlm_realm: No '@' in User-Name = "bob", looking up realm NULLrlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 1 users: Matched entry bob at line 5 modcall[authorize]: module "files" returns ok for request 1 modcall: group authorize returns ok for request 1 rad_check_password: Found Auth-Type Digest auth: type "digest" Processing the authenticate section of radiusd.confmodcall: entering group authenticate for request 1 A1 = bob:biloxi.com:zanzibarA2 = INVITE:sip:[EMAIL PROTECTED]:Áí???Ä£±pÀ??[VNH H(A1) = 12af60467a33e8518da5c68bbff12b11H(A2) = 7a3ae801f64033d060b8209ec071569c KD = 12af60467a33e8518da5c68bbff12b11:dcd98b7102dd2f0e8b11d0f600bfb0c093:0001:0a4f113b:auth-int:7a3ae801f64033d060b8209ec071569cEXPECTED 6b2a26c4371e4bbac1d5e71763443f5f RECEIVED bdbeebb2da6adb6bca02599c2239e192rlm_digest: FAILED authentication modcall[authenticate]: module "digest" returns reject for request 1 modcall: group authenticate returns reject for request 1auth: Failed to validate the user.PS: The value of H(A2) should be 3e8ec46a56447dbb073e1171b1be0683. You verify it by running te command: echo -n "INVITE:sip:[EMAIL PROTECTED]:c1ed018b8ec4a3b170c0921f5b564e48" | md5sumThat draft also confirms that H(A2) should be " 3e8ec46a56447dbb073e1171b1be0683".So, why is rlm_digest calculating it as "7a3ae801f64033d060b8209ec071569c "?Is it really a bug or am I making a some silly mistake?Any help will be greatly appreciated.bnegrao - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Wiki is now live
Alan DeKok wrote: > http://wiki.freeradius.org/ > > Please feel free to add documentation, configuration examples, etc. > Right now it's pretty minimal and free-form. > > Thanks to Peter Nixon for setting it up and hosting it. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html Yet another thing to maintain... something that nobody has time for :( -- Groeten, Regards, Salutations, Thor Spruyt M: +32 (0)475 67 22 65 E: [EMAIL PROTECTED] W: www.thor-spruyt.com www.salesguide.be www.telenethotspot.be - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Wiki is now live
Alan DeKok wrote: > > http://wiki.freeradius.org/ > > Please feel free to add documentation, configuration examples, etc. > Right now it's pretty minimal and free-form. > > Thanks to Peter Nixon for setting it up and hosting it. > Cool !! Applied already some minor modification(s). - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: RedHat - Fedora - mod_auth_radius and Apache
Redhat already has the RPM Built in the fedore core iso's From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank ReissSent: Monday, December 12, 2005 12:19 PMTo: freeradius-users@lists.freeradius.orgSubject: RedHat - Fedora - mod_auth_radius and Apache Hi, I need some help I am trying to setup FreeRadius on a Red Hate Fedora 4 system running Apache 2.0.54. I can not build the module for the source I have found at FreeRadius for Apache 2. Does any one have some tips no building the module mod_auth_radius.so for red hat systems? Frank ReissImpeva Labs, Inc.Phone: 1-850-872-7099 COMPANY CONFIDENTIAL NOTICEThis electronic mail transmission and any accompanying documents containinformation belonging to the sender which may be company confidential and legallyprivileged. If you are not the intended recipient, any disclosure, copying,distribution or action taken in reliance on the message is strictlyprohibited. If you have received this message in error, please delete it.Thank You --No virus found in this incoming message.Checked by AVG Free Edition.Version: 7.1.371 / Virus Database: 267.13.13/197 - Release Date: 12/9/2005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Wiki is now live
Awesome!!! Thanks guys. Alhagie Puye - Network Engineer Datawave Group of Companies (604)295-1817 > >-Original Message- > >From: [EMAIL PROTECTED] > >[mailto:[EMAIL PROTECTED] On > >Behalf Of Alan DeKok > >Sent: December 12, 2005 9:55 AM > >To: freeradius-users@lists.freeradius.org > >Subject: Wiki is now live > > > > http://wiki.freeradius.org/ > > > > Please feel free to add documentation, configuration examples, etc. > >Right now it's pretty minimal and free-form. > > > > Thanks to Peter Nixon for setting it up and hosting it. > > > > Alan DeKok. > >- > >List info/subscribe/unsubscribe? See > >http://www.freeradius.org/list/users.html > > This message (including any attachments) is confidential, may be privileged and is only intended for the person to whom it is addressed. If you have received it by mistake please notify the sender by return e-mail and delete this message from your system. Any unauthorized use or dissemination of this message in whole or in part is strictly prohibited. E-mail communications are inherently vulnerable to interception by unauthorized parties and are susceptible to change. We will use alternate communication means upon request. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Wiki is now live
Thanks Peter. Joel - Original Message - From: "Alan DeKok" <[EMAIL PROTECTED]> To: Sent: Monday, December 12, 2005 11:55 AM Subject: Wiki is now live http://wiki.freeradius.org/ Please feel free to add documentation, configuration examples, etc. Right now it's pretty minimal and free-form. Thanks to Peter Nixon for setting it up and hosting it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Wiki is now live
http://wiki.freeradius.org/ Please feel free to add documentation, configuration examples, etc. Right now it's pretty minimal and free-form. Thanks to Peter Nixon for setting it up and hosting it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Postgres
On Thu, 2005-08-12 at 15:57 -0500, Brian A. Seklecki wrote: > On Wed, 7 Dec 2005, leunam atebro wrote: > > > I am new to this freeradius server, can you give me > > some idea on how to authenticate freeradius in a > > postgres database? Also, I need sample configuration > > Working, tested, proven sample configuration files are [what this project > is in] in desperate need of. Very few changes need to be made to make FreeRadius work with PostgreSQL using the default configuration files, the main change is selecting the postgres configuration file. The schema and configuration files are included. There isn't information on how to configure PostgreSQL, because they have their own documentation and mailing list. I have provided data sets for testing PostgreSQL in the past and are likely still in the archives. I did extensive testing prior to the release of version 1.0 to ensure that the PostgreSQL driver had equivalent capability to the default MySQL driver. Most problems configuring FreeRadius for use with SQL backends is misconfiguration of the SQL system. Test the SQL connection using the username, password, host and port from the radius server using the values you have configured in the config files using the databases command line utilities to ensure you have properly configured your database. In many cases you will need to edit the host based authentication and configuration files to enable IP connectivity and allow authentication for the SQL backend from the FreeRadius server. All of this is part of the SQL server configuration and is not covered by FreeRadius, because it is covered by the database documentation. > > In the mean time, search the mailing list archives. > > Just out of curiousity, are you just wanting to control AAA access to the > CLI or are you authenticating a dialin port on the AUX? > > ~BAS > > > to test the server. My NAS client is CISCO(2500) with > > 11.3 IOS. > > > > Help is highly appreciated.. > > > > Thank you... > > > > Nuel > > > > __ > > Do You Yahoo!? > > Tired of spam? Yahoo! Mail has the best spam protection around > > http://mail.yahoo.com > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > l8* > -lava > > x.25 - minix - bitnet - plan9 - 110 bps - ASR 33 - base8 > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Guy Fraser Network Administrator The Internet Centre 1-888-450-6787 (780)450-6787 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RedHat - Fedora - mod_auth_radius and Apache
Hi, I need some help I am trying to setup FreeRadius on a Red Hate Fedora 4 system running Apache 2.0.54. I can not build the module for the source I have found at FreeRadius for Apache 2. Does any one have some tips no building the module mod_auth_radius.so for red hat systems? Frank ReissImpeva Labs, Inc.Phone: 1-850-872-7099 COMPANY CONFIDENTIAL NOTICEThis electronic mail transmission and any accompanying documents containinformation belonging to the sender which may be company confidential and legallyprivileged. If you are not the intended recipient, any disclosure, copying,distribution or action taken in reliance on the message is strictlyprohibited. If you have received this message in error, please delete it.Thank You - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Installation FreeRadius in Solaris 8
Hy all, I have just joined the list. It is my first job and I am new using a UNIX System (in my case Solaris 8) so pardon my stupid questions. I am going to try to install FreeRadius: * Which version of FreeRadius do you recommend me to install? * I don´t know which software is required for the installation besides gcc compiler (SMCgcc). Any idea? Thank you very much for your help, Rafa - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Documentation on Group Locking using FreeRADIUS/AD/Cisco VPNConcentrator
No suggestions on this? This is an awesome product. No doubt!!! However I think we will benefit more with better documentation. Alhagie Puye - Network Engineer Datawave Group of Companies (604)295-1817 > >-Original Message- > >From: [EMAIL PROTECTED] > >[mailto:[EMAIL PROTECTED] On > >Behalf Of Alhagie Puye > >Sent: December 9, 2005 3:05 PM > >To: FreeRadius users mailing list > >Subject: Documentation on Group Locking using > >FreeRADIUS/AD/Cisco VPNConcentrator > > > >Hello all, > > > >I have spent a few bit of time trying to get > >FreeRADIUS/Active Directory/Cisco VPN Concentrator 3005 to > >lock users into group using the class attribute. Dusty Doris > >gave me a hand too. It has been tested and it works as expected. > > > >http://www.cisco.com/warp/public/471/altigagroup.html > > > >This feature is very, very neat and flexible. > > > > > >I would now like to write up a step-by-step document on how > >to make these work together. I don't have a public web site > >to host this page. > >I'm looking for suggestions on how to make it readily > >available to other users since the VPN Concentrator is > >gaining popularity. > > > > > >Is the wiki page mentioned here a while back going to > >materialize? Or should I write up a text document so that it > >could be added to doc/ directory in the source code? > > > >I would hate for someone to have to reinvent the wheel on this issue. > > > > > >Alhagie Puye - Network Engineer > >Datawave Group of Companies > >(604)295-1817 > > > > > >This message (including any attachments) is confidential, > >may be privileged and is only intended for the person to > >whom it is addressed. If you have received it by mistake > >please notify the sender by return e-mail and delete this > >message from your system. Any unauthorized use or > >dissemination of this message in whole or in part is > >strictly prohibited. E-mail communications are inherently > >vulnerable to interception by unauthorized parties and are > >susceptible to change. We will use alternate communication > >means upon request. > > > >- > >List info/subscribe/unsubscribe? See > >http://www.freeradius.org/list/users.html > > This message (including any attachments) is confidential, may be privileged and is only intended for the person to whom it is addressed. If you have received it by mistake please notify the sender by return e-mail and delete this message from your system. Any unauthorized use or dissemination of this message in whole or in part is strictly prohibited. E-mail communications are inherently vulnerable to interception by unauthorized parties and are susceptible to change. We will use alternate communication means upon request. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Memory big problem
Dimple wrote: > I installed latest freeradius cvs-snapshot freeradius-snapshot-20051130 on > Debian Linux 10 vs Oracle db 10 and Oracle Internet Directory (LDAP) 10. I > have about 30 clients in clients.conf and about 30 connections in a second, > including accounting requests. I have 8G RAM on server and freeradius daemon > takes away all free memory within two day! "max_requests_per_server = 300" > option did not help. You may try to rebuild FreeRADIUS with debug symbols (with the command ./configure --enable-developer) and after that run FreeRADIUS with Valgrind. $ valgrind --tool=memcheck --leak-check=yes radiusd -f -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html