auto-expiring accounts w/ FreeRadius
Hi, I've been asked to set up an authentication system with automatically expiring user access ... so, once the user first loggs in, and a certain time (like e.g. 24 hours) goes by, the account is supposed to be deleted. I recon based on MySQL authentication this should be possible with FreeRadius ... can FreeRadius be configured to store a first used timestamp with an authentication entry? That way, setting up an SQL script that regularly purges the old, used entries would be easy ... Tnx, -garry - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: auto-expiring accounts w/ FreeRadius
Hi, I've been asked to set up an authentication system with automatically expiring user access ... so, once the user first loggs in, and a certain time (like e.g. 24 hours) goes by, the account is supposed to be deleted. I recon based on MySQL authentication this should be possible with FreeRadius ... can FreeRadius be configured to store a first used timestamp with an authentication entry? That way, setting up an SQL script that regularly purges the old, used entries would be easy ... if you want to, FR logs every Access-Accept. So, finding the first usage is as easy as writing an SQL query that retrieves the first Access-Accept for the user. You can base your script to delete entries upon that. Stefan Winter -- Stefan WINTER RESTENA Foundation - Réseau Téléinformatique de l'Education Nationale et de la Recherche RD Engineer 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg email: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
multiple User-Passwords
Hi list, again something from the legacy-auth-backend to radius freak cabinet: I need to have more than one password for a small group of users (which had a seperate one for dial-up vs. other services). All of these pw are available in clear text, so I thought I could mis-use the mySQL tables to allow both with the following trick: Attribute: User-Password op: =~ Value: (pass1|pass2) This doesn't work; even though in my understanding it should. I found a different way: using the same syntax in the users file works beautifully: nameUser-Password =~ (pass1|pass2), Auth-Type := Accept That did it. However, I'd like to stick with pure SQL as a backend. Is there some reason why this doesn't work, or is it just a bug/inflexibility of the rlm_sql(_mysql) module? Greetings, Stefan Winter -- Stefan WINTER RESTENA Foundation - Réseau Téléinformatique de l'Education Nationale et de la Recherche RD Engineer 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg email: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problems with sqlcounter
Suyash napisał(a): It seems that the sum of check-item AcctSessionTime is always 0 in your case. Are you sure that the accounting start and stop records are being updated (inserted) into radacct table. Suyash Shrestha Yes, I am sure.. the whole problem is that, radius kick mi of after 30 sec - as max daily session is set. It is possible that query in sqlcounter.conf is wrong? -- Z powazaniem Przemyslaw Backiel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: auto-expiring accounts w/ FreeRadius
On Thu 02 Mar 2006 10:06, Stefan Winter wrote: Hi, I've been asked to set up an authentication system with automatically expiring user access ... so, once the user first loggs in, and a certain time (like e.g. 24 hours) goes by, the account is supposed to be deleted. I recon based on MySQL authentication this should be possible with FreeRadius ... can FreeRadius be configured to store a first used timestamp with an authentication entry? That way, setting up an SQL script that regularly purges the old, used entries would be easy ... if you want to, FR logs every Access-Accept. So, finding the first usage is as easy as writing an SQL query that retrieves the first Access-Accept for the user. You can base your script to delete entries upon that. Another way to do this is to have a database trigger on accounting (or Auth) requests which update your authentication table, and include a WHERE date() - stardate 24 HOURS::INTERVAL (or something to that effect) in your auth queries. That query is _probably_ correct for Postgresql. You will of course have to modify it for other databases. The advantage of this method is that you dont need to purge anything or run any cron scripts. Everything is handled automatically by the database.. -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgphT4yIzLZXr.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + mysql + AP
Alan, sorry about sending u the log. because if i attached to the mailing list never get any respone from the administrator, cause the file is too big. christopher [EMAIL PROTECTED] wrote: but my client manage to connected to the gateway for a while cause i am continue ping the gateway. it does reply, for few time then disconnected again. mean it does authenticated but just disconnected. If it gets *any* network access, then the problem is not RADIUS. And don't send me logs in private email. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Christopher Chong Chew Vun Enterprise Deployment Team SYNCHROWEB TECHNOLOGY SDN BHD (670983D) Unit No. CT-05-12, 5th Floor Corporate Tower, Subang Square, Jln SS 15/ 4G Subang Jaya, Selangor D. Ehsan, Malaysia. T. +[60]3 5621 9028 F. +[60]3 5621 8802 HP. +[60]12 3247432 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + mysql + AP
thanks i will give it a try man.. Install onother drivers to your WLAN card. I have the same problem. - Original Message - From: Alan DeKok [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Wednesday, March 01, 2006 7:38 PM Subject: Re: freeradius + mysql + AP christopher [EMAIL PROTECTED] wrote: but my client manage to connected to the gateway for a while cause i am continue ping the gateway. it does reply, for few time then disconnected again. mean it does authenticated but just disconnected. If it gets *any* network access, then the problem is not RADIUS. And don't send me logs in private email. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Christopher Chong Chew Vun Enterprise Deployment Team SYNCHROWEB TECHNOLOGY SDN BHD (670983D) Unit No. CT-05-12, 5th Floor Corporate Tower, Subang Square, Jln SS 15/ 4G Subang Jaya, Selangor D. Ehsan, Malaysia. T. +[60]3 5621 9028 F. +[60]3 5621 8802 HP. +[60]12 3247432 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with ntlm_auth
King, Michael wrote: I found that the windbindd_privileged directory was drwxr-x--- 2 root root 4096 2006-02-28 18:10 winbindd_privileged Is this a recent change of Samba? I didn't have to do this a few months ago. More importantly, did I do something wrong? Or is this normal, and I just did notate that I did this before. It is supposed to be like that. It's been like that forever as far as I know. I don't know why it was working for you - is your samba from an OS package and it's possible they changed the perms? (It's even worse on RHEL4 systems - there's a buggy SELinux policy that labels that directory so ntlm_auth can't access it!) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freradius and krb5 interaction
Hello, I am using freeradius with EAP-TTLS + kereros authentication + ldap authorization. Everyhtign works but I have this error: rlm_krb5: verify_krb_v5_tgt: host key not found : key table erntry not found I checked and the permissions on /etc/krb5.keytab are correct... anyone has a hint for me ? thanks Rick - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radiusd and PEAP
PEAP authentication will no work with kerberos is it irght ? I can use EAP-TTLS with kerberos and it works fine but not EAP-PEAP. is this because PEAP users mschapv2 which si a challenge ? thanks Rick - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
2 X Calling-Station-Id
Hello, I have to limit posibility of loging to the network for one user, just to only 2 Calling-Station-Id how Can I do that? If I put 2 Calling-Station-Id into Radcheck table I am not able to log on to the network so.. my question is how can I limit user, that he can log only from 2 Calling-Station-Id ? -- Z powazaniem Przemyslaw Backiel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
some users not authenticating
Ive got, well think I have, radius to accept all logins no matter what password they send. However some users still cannot login, its around 10 users out of 200. Ill show details for one user that can login ok and one user that cant. Im guessing its something the end user is doing because they all come in via the same NAS and have exactly the same radius entry. If I can get around this by just accepting anything that would be ideal, since our realm is the only radius logins that are sent to us. Here is a user that cant login: ## Thu Mar 2 09:59:03 2006 : Auth: Login incorrect (rlm_chap: Clear text password not available): [EMAIL PROTECTED]/CHAP-Password] (from client l2tp port 510) ## Here is someone that did authenticate ok: ## Thu Mar 2 09:55:26 2006 : Auth: Login OK: [EMAIL PROTECTED]/CHAP-Password] (from client l2tp port 492) ## My users file has: ## DEFAULT Auth-Type = Accept ## And the entries for both users above are identical apart from the username and IP assignment: ## [EMAIL PROTECTED] Auth-Type := Accept Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Address = 192.168.0.1, Framed-Netmask = 255.255.255.255, Framed-Compression = Van-Jacobsen-TCP-IP, [EMAIL PROTECTED] Auth-Type := Accept Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Address = 192.168.0.2, Framed-Netmask = 255.255.255.255, Framed-Compression = Van-Jacobsen-TCP-IP, ## Here is some radius debug first for the user that cant login: ## rad_recv: Access-Request packet from host 10.0.0.2:1645, id=46, length=98 Framed-Protocol = PPP User-Name = [EMAIL PROTECTED] CHAP-Password = 0x01295999be562b2eab944deb9647c5a664 NAS-Port-Type = Virtual NAS-Port = 563 Service-Type = Framed-User NAS-IP-Address = 10.0.0.2 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module preprocess returns ok for request 1 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module chap returns ok for request 1 modcall[authorize]: module mschap returns noop for request 1 rlm_realm: Looking up realm dsl.realm.com for User-Name = [EMAIL PROTECTED] rlm_realm: No such realm dsl.realm.com modcall[authorize]: module suffix returns noop for request 1 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 1 users: Matched DEFAULT at 152 modcall[authorize]: module files returns ok for request 1 modcall: group authorize returns ok for request 1 rad_check_password: Found Auth-Type CHAP auth: type CHAP Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 1 rlm_chap: login attempt by [EMAIL PROTECTED] with CHAP password rlm_chap: Could not find clear text password for user [EMAIL PROTECTED] modcall[authenticate]: module chap returns invalid for request 1 modcall: group Auth-Type returns invalid for request 1 auth: Failed to validate the user. Login incorrect (rlm_chap: Clear text password not available): [ [EMAIL PROTECTED]/CHAP-Password] (from client l2tp port 563) ## And a user that can login: ## rad_recv: Access-Request packet from host 10.0.0.2:1645, id=200, length=97 Framed-Protocol = PPP User-Name = [EMAIL PROTECTED] CHAP-Password = 0x012d51dff5b1bda7f6a370e79ff84e0dcf NAS-Port-Type = Virtual NAS-Port = 717 Service-Type = Framed-User NAS-IP-Address = 10.0.0.2 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module preprocess returns ok for request 2 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module chap returns ok for request 2 modcall[authorize]: module mschap returns noop for request 2 rlm_realm: Looking up realm dsl.realm.com for User-Name = [EMAIL PROTECTED] rlm_realm: No such realm dsl.realm.com modcall[authorize]: module suffix returns noop for request 2 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 2 users: Matched DEFAULT at 152 users: Matched [EMAIL PROTECTED] at 243 modcall[authorize]: module files returns ok for request 2 modcall: group authorize returns ok for request 2 rad_check_password: Found Auth-Type Accept rad_check_password: Auth-Type = Accept, accepting the user Login OK: [EMAIL PROTECTED]/CHAP-Password] (from client l2tp port 717) Sending Access-Accept of id 200 to 10.0.0.2:1645 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 192.168.0.2 Framed-IP-Netmask = 255.255.255.255 Framed-Compression = Van-Jacobson-TCP-IP Finished request 2 ## I can see that it seems user33 is sending a blank white space before his username, but I dont see that this would make a difference since Im accepting everything anyway. And from the command line I can use radtest and send blank spaces and it works fine. Although I do see that the user
Re: freradius and krb5 interaction
I haven't tried rlm_krb5, but I've done a lot of kerberos management, so maybe I can help. If there are any kerberos-specific parameters that rlm_krb5 needs, someone else might be able to shed light on them for you. I presume kerberos is working on this system otherwise (eg. you can ssh or telnet -ax into this system)? I know Sun's kerberos packages look for /etc/krb5/krb5.keytab and /etc/krb5/krb5.conf, so if you're using Solaris, make sure those files are symlinked. Verify 'klist -k' shows the same keytab version number (KVNO) as your KDC, since creating a new keytab will wipe out the old one. Other than that, run radiusd under strace and check to see what keytab file rlm_krb5 is actually trying to open and what the error is. Riccardo.Veraldi wrote: Hello, I am using freeradius with EAP-TTLS + kereros authentication + ldap authorization. Everyhtign works but I have this error: rlm_krb5: verify_krb_v5_tgt: host key not found : key table erntry not found I checked and the permissions on /etc/krb5.keytab are correct... anyone has a hint for me ? thanks Rick - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius, user log in, simul use, and radius shut down
Hello What I have to do, when: user connect (simultaneous use 1) and while he is conncected to the network I shut down the radius. After that, when he reconnect he is not able to login to the network, so my question how I can clean sth in sql or what i have to run, to clear that dead sesions after what, the user will be able to connect to the network -- Z powazaniem Przemyslaw Backiel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Long mysql queries in sqlcounter get truncated.
On Thursday 02 March 2006 00:49, Gunther wrote: Had the same trouble with long SQL queries. It seems the RADIUS standard only allows up to 253 characters or so. I ended up modifying my table column names to a shorter name. Not nice, but it works. I also 'merged' some tables information to shorten the queries. I heard of the 253 limitation of the Radius protocol - but that should have no bearing on the length of the query (the query itself never goes over the wire to the radius client). Initially I changed the max string length within the code, but the main disadvantage is that every upgrade you have to do the same. Now I use 100% unmodified FreeRadius code and the upgrade to 1.1.0 went without any problems. Were in the code you modified it? Can you prepare a patch? (or give me directions) Shortening the table/column names can only be a temporal solution, as my queries are bound to become more complex, and if the restriction if indeed relationed with the length of the response, perhaps we should open a bug report and submit a patch... and get a working system while it gets merged. Thanks for your time, Zarrabeitia. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Problem with ntlm_auth
-Original Message- On Behalf Of Phil Mayers It is supposed to be like that. It's been like that forever as far as I know. I don't know why it was working for you - is your samba from an OS package and it's possible they changed the perms? (It's even worse on RHEL4 systems - there's a buggy SELinux policy that labels that directory so ntlm_auth can't access it!) Ack, it's even worse than I thought. I was running my previous FreeRADIUS server as root! So, that's why it didn't bite me before, it had root access. When I setup my new server, I had it running as it's own user account. Thanks for the answer. It always seems to be the simple things. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_eap_tls.so is missing
Hi List! This might be off-topic but I couldn't find any solution so far. I am running FreeRADIUS 1.1.0 on Solaris 9 (SPARC) and cannot get it configured with PEAP support. Both FreeRADIUS and OpenSSL 0.9.8 are built from sources with no errors or warnings. When I start radiusd with PEAP section in config file, it gives me segmentation fault. truss shows that radiusd tries to open files rlm_eap_tls.so etc. Those files I cannot find among binaries after installation. Does someone have a clue what is going on here? Cheers, A. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Replace Cisco Secure ACS 3 with FreeRadius
On Wed 01 Mar 2006 19:36, Michael Castillo wrote: For our dial in users and some vpn clients we are using Cisco Secure ACS3 which is authenticating with Novell NDS. Would that configuration be possible using FreeRadius? Integrating Novell eDirectory with FreeRADIUS Overview You can integrate Novell® eDirectoryTM 8.7.1 or later with FreeRADIUS 1.0.2 onwards to allow wireless authentication for eDirectory users. By integrating eDirectory with FreeRADIUS, you can do the following: * Use universal password for RADIUS authentication. Universal password provides single login and authentication for eDirectory users. Therefore, the users need not have a separate password for RADIUS and eDirectory authentication. * Enforce eDirectory account policies for users. The existing eDirectory policies on the user accounts can still be applied even after integrating with RADIUS. Also, you can make use of the intruder lockout facility of eDirectory by logging the failed logins into eDirectory. For configuration information please refer to the Novell documentation http://www.novell.com/documentation/edir_radius/index.html -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpGXcpVk50sD.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL Accounting and Null Attribute Values
Thanks Peter. It seems I'm using the wrong sql.conf :/.
I'm using postgres, and while setting this up I thought the
postgresql.conf file was included in the sql.conf for stuff specific
to postgres. So instead of using that for sql.conf, I modified the
default sql.conf to use the postgres driver. Lesson learned.
I'll be a bit more attentive next time. Thanks again.
On 3/2/06, Peter Nixon [EMAIL PROTECTED] wrote:
On Thu 02 Mar 2006 08:39, trs wrote:
Accounting queries fail if an attribute is null when supplied as a
value for certain column types.
Partial line from debug output:
radius_xlat: 'UPDATE radacct SET AcctStartTime = '2006-03-02
01:18:04', AcctStartDelay = '',
It fails with:
rlm_sql (sql): Couldn't update SQL accounting START record - ERROR:
invalid input syntax for type bigint:
Can freeradius substitute a zero if an integer attribute is missing
from an accounting packet, instead of just a null value?
Yes. You need:
AcctStopDelay = '%{Acct-Delay-Time:-0}'
I already fixed this in the Postgresql queries a long time ago (Several years
ago from memory). I will check and update the other database queries in cvs
now :-)
If you don't have a particular preference for sql server I recommend using
Postgresql as I spent allot of time beating on those queries to make them
robust with many different types of NAS and PG is generally more robust than
the other databases supported by FreeRADIUS including Oracle (although we
have a few installations of it for customers who have a one database to rule
them all policy)
Cheers
--
Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: multiple User-Passwords
Stefan Winter [EMAIL PROTECTED] wrote: That did it. However, I'd like to stick with pure SQL as a backend. Is there some reason why this doesn't work, or is it just a bug/inflexibility of the rlm_sql(_mysql) module? It's that much of the time, you *don't* want to compare passwords, because they don't exist in the request packet. e.g. CHAP, MS-CHAP, EAP, etc. Alan DEKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd and PEAP
Riccardo.Veraldi [EMAIL PROTECTED] wrote: PEAP authentication will no work with kerberos is it irght ? I can use EAP-TTLS with kerberos and it works fine but not EAP-PEAP. is this because PEAP users mschapv2 which si a challenge ? Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: some users not authenticating
Tony Spencer [EMAIL PROTECTED] wrote: DEFAULT Auth-Type = Accept Read man users. This means accept, unless another module has already set Auth-Type. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL Accounting and Null Attribute Values
You're welcome.
Given that MySQL speaks a fairly basic dialect of (mostly) ANSI SQL sql.conf
should actually work with most different brands of SQL servers. Using
posgresql.conf will give you some Posgres specific optimisations though.
Cheers
Peter
On Thu 02 Mar 2006 20:36, trs wrote:
Thanks Peter. It seems I'm using the wrong sql.conf :/.
I'm using postgres, and while setting this up I thought the
postgresql.conf file was included in the sql.conf for stuff specific
to postgres. So instead of using that for sql.conf, I modified the
default sql.conf to use the postgres driver. Lesson learned.
I'll be a bit more attentive next time. Thanks again.
On 3/2/06, Peter Nixon [EMAIL PROTECTED] wrote:
On Thu 02 Mar 2006 08:39, trs wrote:
Accounting queries fail if an attribute is null when supplied as a
value for certain column types.
Partial line from debug output:
radius_xlat: 'UPDATE radacct SET AcctStartTime = '2006-03-02
01:18:04', AcctStartDelay = '',
It fails with:
rlm_sql (sql): Couldn't update SQL accounting START record - ERROR:
invalid input syntax for type bigint:
Can freeradius substitute a zero if an integer attribute is missing
from an accounting packet, instead of just a null value?
Yes. You need:
AcctStopDelay = '%{Acct-Delay-Time:-0}'
I already fixed this in the Postgresql queries a long time ago (Several
years ago from memory). I will check and update the other database
queries in cvs now :-)
If you don't have a particular preference for sql server I recommend
using Postgresql as I spent allot of time beating on those queries to
make them robust with many different types of NAS and PG is generally
more robust than the other databases supported by FreeRADIUS including
Oracle (although we have a few installations of it for customers who have
a one database to rule them all policy)
Cheers
--
Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
pgpaOdQ0yMyjW.pgp
Description: PGP signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
special characters in passwords + FR + ldap
Hello all, Do somebody know how to handle passwords having special characters in between (e.g. $ ) when doing freeradius-ldap authentication? Thank you, Natalia. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP module Problem
[EMAIL PROTECTED] schrieb: Hi, tls: private_key_file = /etc/lbs-certs/priv-srv.pem tls: certificate_file = /etc/lbs-certs/cert-srv.pem tls: CA_file = /usr/src/802/radius/freeradius-snapshot-20060227/scripts/demoCA/cacert.pem tls: private_key_password = wasnt sure if that was your passphrase...so obfuscated. are you sure you're using the correct passphrase...as if you used the CA.all script without changes then the passphrase will be the default phrase. also, by default you find that the private-key and the certificate file are the one and same pem file...you seem to pulling in two different files. the CA_File is generally just a .crt rather than the pem too. SSL is fun :-) yes ssl, is fun :-) now i have another problem, it seems that the the peap module isnt loading... because when i will compile ./configure rlm_eap_tls or other ssl modules he says me that iv not installed openssl but i have installed it. whats the problem??? /usr/local/openssl i compiled it by myself... its openssl-0.9.8a, and later ive installed with apt-get but the same error... alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
