Re: Problems getting eap-mschapv2 working.
Did you generate the certificates that are mentioned
there? The one's that ship with the server are expired, you have to
generate your owncertificate.I generated the certificates myself, these are working fine. I can use md5 no problem, but peap complains about mschapv2.
What version of FreeRADIUS. Version
1.1.1 fixed alot
of little PEAP things.
Version 1.1.3 of course is what you should be
running.Using the latest version 1.1.3, compiled with all options enabled. Also, it looks like your actual problem is that you have
re-written the eap section... and missed a
ParenThey are all there, checked this morning, nothing missing.
This is Mine. In yours you have included mschapv2
inside of PEAP. It is its own section, outside of the PEAP
section.I did have it like this originally, and it still didn't work.Any ideas appreciated.
From:
freeradius-users-bounces+mking=[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
] On
Behalf Of Ian WalkerSent: Friday, September 01, 2006 8:36
AMTo: freeradius-users@lists.freeradius.orgSubject:
Problems getting eap-mschapv2 working.
Been trying to get eap working with peap/mschapv2 but it doesn't
seem to work.This is my radiusd.conf file:
prefix = /usr/localexec_prefix = ${prefix}sysconfdir = ${prefix}/etclocalstatedir = /var/runsbindir = ${exec_prefix}/sbinlogdir = /var/lograddbdir = ${sysconfdir}/raddbradacctdir = ${logdir}/radacct
confdir = ${raddbdir}run_dir = ${localstatedir}/radiusdlog_file = ${logdir}/radius.loglibdir = ${exec_prefix}/libpidfile = ${run_dir}/radiusd.pidmax_request_time = 30delete_blocked_requests = no
cleanup_delay = 5max_requests = 1024bind_address = *port = 0hostname_lookups = noallow_core_dumps = noregular_expressions = yesextended_expressions = yeslog_stripped_names = nolog_auth = no
log_auth_badpass = nolog_auth_goodpass = nousercollide = nolower_user = nolower_pass = nonospace_user = nonospace_pass = nocheckrad = ${sbindir}/checkradsecurity { max_attributes = 200
reject_delay = 1 status_server = no}$INCLUDE ${confdir}/clients.confthread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0
}modules { eap { default_eap_type = md5 timer_expire = 60 md5 { } tls { private_key_password = private_key_file = /usr/local/etc/raddb/new.cert.key certificate_file = /usr/local/etc/raddb/new.cert.cert
CA_file = /usr/local/etc/raddb/cacert.pem dh_file = /dev/urandom random_file = /dev/urandom fragment_size = 1024 include_length = yes } peap { default_eap_type = mschapv2
mschapv2 {authtype = mschapv2use_mppe = yesrequire_encryption = yesrequire_strong = yes } } } files { usersfile = ${confdir}/users compat = no } exec cerb {
wait = yes program = /usr/local/bin/cerbauth -e freeradius input_pairs = request output_pairs = reply } preprocess { }}authorize { preprocess eap files
}authenticate { Auth-Type eap { eap } Auth-Type CERB { cerb }}as you can see, I'm currently working with md5 and this works
perfectly well. But when I set the client and configure the server to
default for peap/tls, then it fails saying:No such EAP type mschapv2
I believe if I can get passed this, that my system will authenticate
with peap/mschapv2 successfully.Hope you can
help.RegardsIan
-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems getting eap-mschapv2 working.
You have some items misplaced. Check against the default configuration that came with the server. In particular, mschapv2 and the contents of that
stanza.I've now re-written the stanza and placed it correctly, so it appears like this:peap { default_eap_type=mschapv2}mschapv2 {}however, there is no default/sample config that tells me how mschapv2 should be configured. With this config, which I tried previously, it didn't work, which was why I thought maybe it should exist in the peap stanza.
Zoltan Ori-List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems getting eap-mschapv2 working.
On 9/4/06, Ian Walker [EMAIL PROTECTED] wrote:
however, there is no default/sample config that tells me how mschapv2 should
hmhm. the very default eap.conf says inter alia:
#
# This takes no configuration.
#
[...]
mschapv2 {
}
Do you still encounter problems? If so, would you please follow the
various FAQ, hints in doc etc. and provide a debug output.
Oh, and btw a quick test with 1.1.3 shows that at least with that, the
statement about the (unconditional) need for configuration of the main
mschap module doesn't hold.
regards
K. Hoercher
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Postgresql configuration
Hi; I have my freeradius running with postgresql. I have everything configured but still on more thing to do. The freeradius is authenticating locally, but not through the database. I have made the proper configuration for the file postgresql.conf I have configured the parameters in the database, in the radcheck, and the radreply, and while testing it, I have the access-accept message. But when trying to configure the radgroupcheck and radgroupreply, I'll get then no answer from the database. I have followed the configuration that says that the first line in the users files is for the request and the rest is the reply, and the radcheck and radreply are made following this scenario. But my question is what should I follow to configure the radgroupcheck and radgroupreply, since I tried the same concept but with no luck. Thanks Elie - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Interface binding problem
Nicolas Baradakis wrote: I'd like to set it up with the commandline switch (-i ip-addr), but this does not seem to work (tested on versions 0.2, 1.0.1 and 1.2): the server only takes the address from the configuration file and completely ignores the commandline switch. I do realise that the commandline switch is deprecated, but is it possible to get this to work somehow? You may try a nightly CVS snapshot. I think the -i and -p options are fixed in CVS. It took a while to check out the 1.1.x CVS branch (company proxy server was in the way...), but I managed to test it with that version too; although the options are fixed in 2.0, it doesn't work in 1.1. I've tried to backport the changes from the 2.0 branch, but there are too many changes for me to properly port it... We'd prefer to use version 1.1.3 for our test setups, because most of our customers probably won't be upgrading to 2.0 until it's been out for quite some time.. Kind regards, Marcel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: AP point support 802.1x but only with WPA
Hi, Someone would know to tell me what Firmware use to be able exclusively to use 802.1x without using for WPA (and from where I can download it)? 802.1x almost exclusively comes with some sort of encrytion on the wireless link. If you don't want to/can't use WPA, you may be able to configure the AP for 802.1X + dynamic WEP, which is the poor man's variant of decent encryption with older devices. But without *any* encryption? Never seen that, sorry. Greetings, Stefan -- Stefan WINTER Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche - Ingénieur de recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Everything lookslike it works, but PC is not authentified
Hi Alan, It looks like it is doing machine authentication, in which case the Correct. certs (both client and server) need the machine authentication OIDs, I read that again and again, but I already have these OID in the certs. Here a dump of my server-cert: Certificate: Data: Version: 3 (0x2) Serial Number: 40 (0x28) Signature Algorithm: sha1WithRSAEncryption Issuer: C=DE, ST=Berlin, L=Berlin, O=KHB HfM HfS, OU=ServiceCenter-IT, CN=ServiceCenter-IT_KHB_HfM_HfS/[EMAIL PROTECTED] Validity Not Before: Aug 10 09:33:43 2006 GMT Not After : Aug 10 09:33:43 2007 GMT Subject: C=DE, ST=Berlin, L=Berlin, O=KHB HfM HfS, OU=ServiceCenter-IT, CN=radius.verwaltung.kh-berlin.de/[EMAIL PROTECTED] Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) Modulus (4096 bit): [...] Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Cert Type: SSL Server Netscape Comment: TinyCA Generated Certificate X509v3 Subject Key Identifier: 42:A9:4A:9F:04:88:71:B1:78:D4:1A:5D:00:A5:66:8E:78:C0:45:FF X509v3 Authority Key Identifier: keyid:B9:39:B6:CE:8A:52:91:2E:AE:CE:16:24:18:B1:F4:D8:30:3D:04:2E DirName:/C=DE/ST=Berlin/L=Berlin/O=KHB HfM HfS/OU=ServiceCenter-IT/CN=ServiceCenter-IT_KHB_HfM_HfS/[EMAIL PROTECTED] serial:89:0D:6F:61:AC:0C:E0:05 X509v3 Issuer Alternative Name: email:[EMAIL PROTECTED] X509v3 Subject Alternative Name: email:[EMAIL PROTECTED] X509v3 Extended Key Usage: critical TLS Web Server Authentication !! Signature Algorithm: sha1WithRSAEncryption [...] Isn't that exactly what it should like? And here the client: Certificate: Data: Version: 3 (0x2) Serial Number: 42 (0x2a) Signature Algorithm: sha1WithRSAEncryption Issuer: C=DE, ST=Berlin, L=Berlin, O=KHB HfM HfS, OU=ServiceCenter-IT, CN=ServiceCenter-IT_KHB_HfM_HfS/[EMAIL PROTECTED] Validity Not Before: Sep 1 11:18:32 2006 GMT Not After : Sep 1 11:18:32 2007 GMT Subject: C=DE, ST=Berlin, L=Berlin, O=KHB HfM HfS, OU=ServiceCenter-IT, CN=vinfo-t1/[EMAIL PROTECTED] Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) Modulus (4096 bit): [...] Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Cert Type: SSL Client, S/MIME, Object Signing Netscape Comment: TinyCA Generated Certificate X509v3 Subject Key Identifier: C0:72:0A:91:71:D9:E7:A9:73:CC:B4:B0:AD:17:B4:ED:61:AF:06:B9 X509v3 Authority Key Identifier: keyid:B9:39:B6:CE:8A:52:91:2E:AE:CE:16:24:18:B1:F4:D8:30:3D:04:2E DirName:/C=DE/ST=Berlin/L=Berlin/O=KHB HfM HfS/OU=ServiceCenter-IT/CN=ServiceCenter-IT_KHB_HfM_HfS/[EMAIL PROTECTED] serial:89:0D:6F:61:AC:0C:E0:05 X509v3 Issuer Alternative Name: email:[EMAIL PROTECTED] X509v3 Subject Alternative Name: email:[EMAIL PROTECTED] X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: critical TLS Web Client Authentication ! Signature Algorithm: sha1WithRSAEncryption [...] What else could be a problem? How do you guys handle the host/netbiosname problem? Could that brake the cert? TIA Alex -- ServiceCenter IT - Alexandros Gougousoudis (Leiter) Gemeinsame Einrichtung der Kunsthochschule Berlin-Weissensee, Hochschule für Musik Hanns Eisler und der Hochschule für Schauspielkunst Ernst Busch. Tel.: 030 / 477 05 - 444 * Fax.: 030 / 477 05 - 445 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius-Users Digest, Vol 17, Issue 8
There have not been any problems posting to the list for the last couple of weeks that I know of.. -Peter On Mon 04 Sep 2006 04:24, Ravi S M wrote: Hi Alan DeKok Thanks for Answers, actually I was replied for your questions but those were bouncing back. So you have mistaken. Any how sorry for that. Thanks Regards Ravi -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] r.g] On Behalf Of [EMAIL PROTECTED] Sent: Saturday, September 02, 2006 10:08 PM To: freeradius-users@lists.freeradius.org Subject: Freeradius-Users Digest, Vol 17, Issue 8 Send Freeradius-Users mailing list submissions to freeradius-users@lists.freeradius.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than Re: Contents of Freeradius-Users digest... Today's Topics: 1. Re: Everything lookslike it works, but PC is not authentified (Alexandros Gougousoudis) 2. Re: Everything lookslike it works, but PC is not authentified (Alexandros Gougousoudis) 3. Regarding handling of threads (Ravi S M) 4. Re: Everything lookslike it works, but PC is not authentified (Alan DeKok) 5. Re: Regarding handling of threads (Alan DeKok) 6. Proxy IP Address (Doug Hardie) -- Message: 1 Date: Sat, 02 Sep 2006 12:58:48 +0200 From: Alexandros Gougousoudis [EMAIL PROTECTED] Subject: Re: Everything lookslike it works, but PC is not authentified To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-15; format=flowed Hi, Stefan Winter schrieb: this list, is that the server cert doesn't have the MS TLS Web Server Authentication OID in the cert. Please read the various documentation about Nope, the cert has this extension. I checked that again and again. Server is in DNS and the CN of the cert is the FQDN of the server. The CN of the PC is the netbios-name. Both certs have their extenstion (Webserver and Client). Maybe it's something else? TIA Alex -- ServiceCenter IT - Alexandros Gougousoudis (Leiter) Gemeinsame Einrichtung der Kunsthochschule Berlin-Weissensee, Hochschule für Musik Hanns Eisler und der Hochschule für Schauspielkunst Ernst Busch. Tel.: 030 / 477 05 - 444 * Fax.: 030 / 477 05 - 445 -- Message: 2 Date: Sat, 02 Sep 2006 13:03:29 +0200 From: Alexandros Gougousoudis [EMAIL PROTECTED] Subject: Re: Everything lookslike it works, but PC is not authentified To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Hi, K. Hoercher schrieb: 1. Don't set Auth-Type. See http://deployingradius.com/documents/configuration/auth_type.html Thanks to your reply. The problem is, there are now a lot of partial howtos in the net, but not even one covers all. I did that, because it was in an howto... I'll try something else. and finally what the supplicant sends. What is host/vinfo-t1 supposed to be? vinfo-t1 is the netbiosname of the client, the realm(?) host/ comes from Windows or the AP, I don't know. Probably it breaks the cert, because the name differs and this bothers EAP/TLS. But I don't know how to handle or shorten this. Maybe somebody has a good idea to handle that. TIA Alex -- ServiceCenter IT - Alexandros Gougousoudis (Leiter) Gemeinsame Einrichtung der Kunsthochschule Berlin-Weissensee, Hochschule für Musik Hanns Eisler und der Hochschule für Schauspielkunst Ernst Busch. Tel.: 030 / 477 05 - 444 * Fax.: 030 / 477 05 - 445 -- Message: 3 Date: Sat, 2 Sep 2006 16:53:32 +0530 From: Ravi S M [EMAIL PROTECTED] Subject: Regarding handling of threads To: freeradius-users@lists.freeradius.org Cc: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii Hi I have some doubts regarding free radius server. 1) When we run server parent exits by spawning a child to handle client's requests, so during this time purify also exits but shows 95 leaks. (leak report shows from src/main/modules.c from line num 207) * My doubt is whether these leaks which are shown with purify are freed in child or how these leaks get rid off?? * Or when parents calls exit(0), do all memory are freed ?? 2) For handling multiple requests, is threads implemented? If so how? 3) If threads are not implemented how multiple requests are handled? Please I am grateful if
Re: Postgresql configuration
hi Elie i noticed that u had configured ur free radius so if u can help me to do this step on my linux server i'll be so thankfull as soon as possible On 9/4/06, Elie Hani [EMAIL PROTECTED] wrote: Hi;I have my freeradius running with postgresql.I have everything configured but still on more thing to do. The freeradius is authenticating locally, but not through the database.I have made the proper configuration for the file postgresql.confI have configured the parameters in the database, in the radcheck, and the radreply, and while testing it, I have the access-accept message.But when trying to configure the radgroupcheck and radgroupreply, I'll getthen no answer from the database.I have followed the configuration that says that the first line in the users files is for the request and the rest is the reply, and the radcheck andradreply are made following this scenario.But my question is what should I follow to configure the radgroupcheck andradgroupreply, since I tried the same concept but with no luck. ThanksElie-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Everything lookslike it works, but PC is not authentified
On 9/4/06, Alexandros Gougousoudis [EMAIL PROTECTED] wrote: I read that again and again, but I already have these OID in the certs. Here a dump of my server-cert: No, you don't. from Alan's post: # 1.3.6.1.4.1.311.17.2 while TLS Web Server Authentication is 1.3.6.1.5.5.7.3.1 and TLS Web Client Authentication is 1.3.6.1.5.5.7.3.2 What else could be a problem? How do you guys handle the host/netbiosname problem? Could that brake the cert? Currently that doesn't even get considered, as according to your log you don't check for the CN. Afaik you might strip it by using the with_ntdomain_hack directive. Further changes changes depend on the eap type you want to use. I have already asked about that. regards K. Hoercher - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dynamic port assignment to exec program
Hi , I have a requirment to have a socket communication in the exec program from freeradius for an accounting start. I understand that for evey accounting request from free radius a exec program will be executed. How can i assign the exec program a dynamic port from the freeradius when it is invoked ? Is there any configuration needs to be done ? Thanks and regards Shankar ganesh - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Everything lookslike it works, but PC is not authentified
Hi, K. Hoercher schrieb: No, you don't. from Alan's post: # 1.3.6.1.4.1.311.17.2 and TLS Web Client Authentication is 1.3.6.1.5.5.7.3.2 Hm, with Alans OID there is no communication between Radius and the client. If I use the OID indicated in most HowTOs (like http://www.hep.phys.soton.ac.uk/~jhe/documents/WPA-Authentication+RADIUS-HOWTO.html) there is a conversation between them. Ok the authentification fails at last. To write it again, I use W2k not XP, maybe the problem is somewhere in there, but I doubt it, because menus and functions are the same as in XP. you don't check for the CN. Afaik you might strip it by using the with_ntdomain_hack directive. I've seen that directive, but exactly where should it be enabled in the config? I think it can't be set in the eap.conf, where it makes the most sense. Further changes changes depend on the eap type you want to use. I have already asked about that. I didn't understand that question. I want to make a machine-based authentification based on certificates on the clients. If the cert is ok, the Ethernet-Port will be switched through. AFAIK this is done with Windows-CLients using EAP-TLS. Thats all auth I need, the user at the client must not be checked, even the clients name must not be checked against an sql or ldap (maybe later). The HowTO says AuthType := EAP would be right. Ok, here on the list everybody says Don't use AuthType, but nobody says what to use else... :-) TIA Alex -- ServiceCenter IT - Alexandros Gougousoudis (Leiter) Gemeinsame Einrichtung der Kunsthochschule Berlin-Weissensee, Hochschule für Musik Hanns Eisler und der Hochschule für Schauspielkunst Ernst Busch. Tel.: 030 / 477 05 - 444 * Fax.: 030 / 477 05 - 445 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Everything lookslike it works, but PC is not authentified
Hi, I can't even remotely unstand why you seem to look for help on one hand, but on the other one keep declining answers to questions put to you and insisting on false assumptions. That's why I might not understand what you're asking. :-) -- verify error:num=9:certificate is not yet valid rlm_eap_tls: TLS 1.0 Alert [length 0002], fatal bad_certificate TLS Alert write:fatal:bad certificate I fixed that problem. The time on the certificate issueing server, the radius server and the client was different. So the cert wasn't valid, because the create-time was in the future. I've put all now in my NTP-server. The check_cert_cn was a test to check if the username has something to do the failing certs and is disabled now again. I found, if the certs are valid, the username is not important. I used the OIDs mentionend in the HowTOs, not Alans. And while it doesn't cause any problem for now, would you please get rid of the host/vinfo-t1 and vinfo-t1 stanzas in your users file The idea of that was to control the logon of already authorized clients, i.e. to not accept a client with a valid cert. This could be done more elegant with the CRL of SSL, but for now it's easier to maintain in the users file. Of course passwords are useless if nothing like PEAP is done (this entry was for testing). I conclude, it works now with W2K SP4. The main problem were different times on all participating computers. If confs and certs are done according to the ealier mentioned HowTo it'll work. Although the setting of the users file still stays unclear for me, because I don't know how to handle the acceptance of the clients, if the client can not be described via AuthType in the users file. Maybe somebody could enlighten me. I still have to check, if I really need the registry hack ( Set the HKEY_LOCAL_MACHINE\Software\Microsoft\EAPOL\Parameters \General\Global\AuthMode value to '2) mentioned by Thibault LeMeur earlier on the list. Next I'll try to check the clients name against our LDAP-Database (for the samba domain) in the users file to allow only these clients, which are in our domain. Thanks for help Alex -- ServiceCenter IT - Alexandros Gougousoudis (Leiter) Gemeinsame Einrichtung der Kunsthochschule Berlin-Weissensee, Hochschule für Musik Hanns Eisler und der Hochschule für Schauspielkunst Ernst Busch. Tel.: 030 / 477 05 - 444 * Fax.: 030 / 477 05 - 445 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems getting eap-mschapv2 working.
- Original Message -
From: Ian Walker [EMAIL PROTECTED]
You have some items misplaced. Check against the default configuration
that
came with the server. In particular, mschapv2 and the contents of that
stanza.
I've now re-written the stanza and placed it correctly, so it appears like
this:
peap {
default_eap_type=mschapv2
}
mschapv2 {
}
Ok, that should be fine for eap.conf.
however, there is no default/sample config that tells me how mschapv2
should
be configured.
You will find default/sample configs in the source under raddb. Also, see
http://www.tldp.org/HOWTO/8021X-HOWTO/ which is mentioned on the home page
of www.freeradius.org. Especially section 3. There is probably plenty on the
wiki as well, though I can't seem to get to it at the moment.
With this config, which I tried previously, it didn't work,
which was why I thought maybe it should exist in the peap stanza.
You are still missing mschap? Debug output would help.
Zoltan Ori
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems getting eap-mschapv2 working.
Hi, just to avoid confusion: On 9/4/06, K. Hoercher [EMAIL PROTECTED] wrote: Oh, and btw a quick test with 1.1.3 shows that at least with that, the statement about the (unconditional) need for configuration of the main mschap module doesn't hold. That's nonsense, I just messed up different test setups. It looked strange, but I was in a hurry and so didn't check carefully, sorry for that. regards K. Hoercher - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems getting eap-mschapv2 working.
Ian Walker [EMAIL PROTECTED] wrote: however, there is no default/sample config that tells me how mschapv2 should be configured. The default configuration of mschapv2 works. Massive edits to the configuration will almost always break it. http://deployingradius.com/documents/configuration/setup.html Small changes, with tests, will almost always get it to work Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Support for disconnect request and ACK messages
Shankar Ganesh C [EMAIL PROTECTED] wrote: Can any body help me how to add the support for disconnect request and ack in freeradius ? This is more a question for the freeradius-devel list. And my suggestion is to first get familiar with the server. The code is reasonably well organised, so if you have *specific* questions about what to do, they may be answered. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ippool causes Auth-Type error
Hello
this is my second try:
im using freeradius 1.1.3 under solaris10. i got it installed and configured
with mysql. everything works fine, I added a user with Password and all and
radtest works fine.
next i configured an ippool and added it to post-auth and acct.
ippool main_pool {
# range-start,range-stop: The start and end ip
# addresses for the ip pool
range-start = 192.168.1.1
range-stop = 192.168.1.254
# netmask: The network mask used for the ip's
netmask = 255.255.255.255
# cache-size: The gdbm cache size for the db
# files. Should be equal to the number of ip's
# available in the ip pool
cache-size = 800
# session-db: The main db file used to allocate ip's to clients
session-db = ${raddbdir}/db.ippool
# ip-index: Helper db index file used in multilink
ip-index = ${raddbdir}/db.ipindex
# override: Will this ippool override a Framed-IP-Address
already set
override = yes
# maximum-timeout: If not zero specifies the maximum time in
seconds an
# entry may be active. Default: 0
maximum-timeout = 0
}
still everything works fine.
now i added a Pool-Name to the check attributes of my test user.
Then I get:
rad_recv: Access-Request packet from host 127.0.0.1:45506, id=185, length=55
User-Name = SVD
User-Password = secret
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module preprocess returns ok for request 1
modcall[authorize]: module chap returns noop for request 1
modcall[authorize]: module mschap returns noop for request 1
rlm_realm: No '@' in User-Name = SVD, looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module suffix returns noop for request 1
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module eap returns noop for request 1
radius_xlat: 'SVD'
rlm_sql (sql): sql_set_user escaped user -- 'SVD'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM
radcheck WHERE Username = 'SVD' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'SVD' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM
radreply WHERE Username = 'SVD' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'SVD' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 3
rlm_sql (sql): No matching entry in the database for request from user [SVD]
modcall[authorize]: module sql returns notfound for request 1
modcall: leaving group authorize (returns ok) for request 1
auth: No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
auth: Failed to validate the user.
Login incorrect: [SVD/secret] (from client localhost port 0)
Delaying request 1 for 1 seconds
BTW:
setting Auth-Type in radcheck for the user or in radgroupcheck for his group
doesnt change anything.
Anybody knows what im doing wrong?
Thx in advance for your help.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Failed Logins
So we've had many thousands of succcessful AD/PEAP authentications. Today, the thing just died. I shut the server off so that all the AP's started using my backup server. This is the logs that I have from when it happened. Unfortuanly, everything seemed fine after I rebooted the server (my emergency panic hit the reset button response) I've included a couple of good Auths. 11:58:35 seems to be when it all tanked. Mon Sep 4 11:58:34 2006 : Error: TLS_accept:error in SSLv3 read client certificate A Mon Sep 4 11:58:34 2006 : Error: rlm_eap: SSL error error::lib(0):func(0):reason(0) Mon Sep 4 11:58:34 2006 : Error: rlm_eap: SSL error error::lib(0):func(0):reason(0) Mon Sep 4 11:58:34 2006 : Error: rlm_eap: SSL error error::lib(0):func(0):reason(0) Mon Sep 4 11:58:35 2006 : Auth: Login OK: [BSC\\nshigenari] (from client localhost port 0) Mon Sep 4 11:58:35 2006 : Info: rlm_eap_mschapv2: Issuing Challenge Mon Sep 4 11:58:35 2006 : Auth: Login OK: [BSC\\nshigenari] (from client BUWiSM-1-1 port 29 cli 00-11-F5-31-43-B6) Mon Sep 4 11:58:35 2006 : Info: rlm_eap_mschapv2: Issuing Challenge Mon Sep 4 11:58:35 2006 : Error: TLS_accept:error in SSLv3 read client certificate A Mon Sep 4 11:58:35 2006 : Error: rlm_eap: SSL error error::lib(0):func(0):reason(0) Mon Sep 4 11:58:35 2006 : Error: rlm_eap: SSL error error::lib(0):func(0):reason(0) Mon Sep 4 11:58:35 2006 : Info: rlm_eap_mschapv2: Issuing Challenge Mon Sep 4 11:58:35 2006 : Error: TLS_accept:error in SSLv3 read client certificate A Mon Sep 4 11:58:35 2006 : Error: rlm_eap: SSL error error::lib(0):func(0):reason(0) Mon Sep 4 11:58:35 2006 : Auth: Login OK: [cflorence] (from client localhost port 0) Mon Sep 4 11:58:35 2006 : Auth: Login OK: [cflorence] (from client BUWiSM-1-2 port 29 cli 00-13-02-A6-68-3C) Mon Sep 4 11:58:35 2006 : Error: TLS_accept:error in SSLv3 read client certificate A Mon Sep 4 11:58:35 2006 : Error: rlm_eap: SSL error error::lib(0):func(0):reason(0) Mon Sep 4 11:58:35 2006 : Auth: Login OK: [BSC\\zsimko] (from client localhost port 0) Mon Sep 4 11:58:35 2006 : Auth: Login OK: [BSC\\jmartinuk] (from client localhost port 0) Mon Sep 4 11:58:35 2006 : Auth: Login OK: [BSC\\jmartinuk] (from client BUWiSM-1-1 port 29 cli 00-90-4B-B3-6A-59) Mon Sep 4 11:58:35 2006 : Auth: Login OK: [BSC\\zsimko] (from client BUWiSM-1-2 port 29 cli 00-12-F0-39-A5-DE) Mon Sep 4 11:58:35 2006 : Error: rlm_eap: SSL error error::lib(0):func(0):reason(0) Mon Sep 4 11:58:35 2006 : Auth: Login OK: [BSC\\m1lyons] (from client localhost port 0) Mon Sep 4 11:58:35 2006 : Auth: Login OK: [BSC\\m1lyons] (from client BUWiSM-1-2 port 29 cli 00-90-4B-66-65-5C) Mon Sep 4 11:58:35 2006 : Info: rlm_eap_mschapv2: Issuing Challenge Mon Sep 4 11:58:35 2006 : Error: TLS_accept:error in SSLv3 read client certificate A Mon Sep 4 11:58:35 2006 : Error: rlm_eap: SSL error error::lib(0):func(0):reason(0) Mon Sep 4 11:58:35 2006 : Error: TLS_accept:error in SSLv3 read client certificate A Mon Sep 4 11:58:35 2006 : Error: rlm_eap: SSL error error::lib(0):func(0):reason(0) Mon Sep 4 11:58:35 2006 : Error: rlm_eap: SSL error error::lib(0):func(0):reason(0) Mon Sep 4 11:58:35 2006 : Error: rlm_eap: SSL error error::lib(0):func(0):reason(0) Mon Sep 4 11:58:35 2006 : Info: rlm_eap_mschapv2: Issuing Challenge Mon Sep 4 11:58:35 2006 : Info: rlm_eap_mschapv2: Issuing Challenge Mon Sep 4 11:58:35 2006 : Error: TLS_accept:error in SSLv3 read client certificate A Mon Sep 4 11:58:35 2006 : Error: rlm_eap: SSL error error::lib(0):func(0):reason(0) Mon Sep 4 11:58:35 2006 : Error: TLS Alert write:fatal:bad record mac Mon Sep 4 11:58:35 2006 : Error: TLS_accept:error in SSLv3 read certificate verify A Mon Sep 4 11:58:35 2006 : Error: rlm_eap: SSL error error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad rec ord mac Mon Sep 4 11:58:35 2006 : Error: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. Mon Sep 4 11:58:35 2006 : Auth: Login incorrect: [BSC\\bwallis] (from client BUWiSM-2-2 port 29 cli 00-0E-35-B6-53-29) Mon Sep 4 11:58:35 2006 : Error: TLS_accept:error in SSLv3 read client certificate A Mon Sep 4 11:58:35 2006 : Error: rlm_eap: SSL error error::lib(0):func(0):reason(0) Mon Sep 4 11:58:35 2006 : Error: rlm_eap: SSL error error::lib(0):func(0):reason(0) Mon Sep 4 11:58:35 2006 : Error: TLS Alert write:fatal:bad record mac Mon Sep 4 11:58:35 2006 : Error: TLS_accept:error in SSLv3 read certificate verify A Mon Sep 4 11:58:35 2006 : Error: rlm_eap: SSL error error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad rec ord mac Mon Sep 4 11:58:35 2006 : Error: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. Mon Sep 4 11:58:35 2006 : Auth: Login incorrect: [BSC\\ecoughlan] (from client BUWiSM-1-2 port 29 cli
Re: ippool causes Auth-Type error
Sascha Djuric [EMAIL PROTECTED] wrote: still everything works fine. now i added a Pool-Name to the check attributes of my test user. Then I get: ... not found. Can you please post the entry from SQL? Odds are you used a comparison operator like '==', rather than ':=' Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ippool causes Auth-Type error
On Mon 04 Sep 2006 16:20, Sascha Djuric wrote:
Hello
this is my second try:
im using freeradius 1.1.3 under solaris10. i got it installed and
configured with mysql. everything works fine, I added a user with Password
and all and radtest works fine. next i configured an ippool and added it to
post-auth and acct.
ippool main_pool {
# range-start,range-stop: The start and end ip
# addresses for the ip pool
range-start = 192.168.1.1
range-stop = 192.168.1.254
# netmask: The network mask used for the ip's
netmask = 255.255.255.255
# cache-size: The gdbm cache size for the db
# files. Should be equal to the number of ip's
# available in the ip pool
cache-size = 800
# session-db: The main db file used to allocate ip's to
clients session-db = ${raddbdir}/db.ippool
# ip-index: Helper db index file used in multilink
ip-index = ${raddbdir}/db.ipindex
# override: Will this ippool override a Framed-IP-Address
already set override = yes
# maximum-timeout: If not zero specifies the maximum time
in seconds an # entry may be active. Default: 0
maximum-timeout = 0
}
still everything works fine.
now i added a Pool-Name to the check attributes of my test user.
Then I get:
rad_recv: Access-Request packet from host 127.0.0.1:45506, id=185,
length=55 User-Name = SVD
User-Password = secret
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
A NAS-Port of 0 will likely confuse a module which hands out IP addresses
based on NAS-Port :-)
--
Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
pgpwTt4J7EKml.pgp
Description: PGP signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Failed Logins
King, Michael [EMAIL PROTECTED] wrote: This is the logs that I have from when it happened. Unfortuanly, everything seemed fine after I rebooted the server (my emergency panic hit the reset button response) It looks like a memory corruption issue. Either there's a bug in the server, or there's bad RAM in the system. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ippool causes Auth-Type error
Hello Alan := really did the trick, now the Auth-Type error is gone, but im now getting the message: rlm_ippool: enter postauth rlm_ippool: Could not find Pool-Name attribute. modcall[post-auth]: module main_pool retur which is really strange coz ive got the name both in radcheck and radgroupcheck with ':=' op. Thx for Your help Original-Nachricht Datum: Mon, 04 Sep 2006 12:33:59 -0400 Von: Alan DeKok [EMAIL PROTECTED] An: FreeRadius users mailing list freeradius-users@lists.freeradius.org Betreff: Re: ippool causes Auth-Type error Sascha Djuric [EMAIL PROTECTED] wrote: still everything works fine. now i added a Pool-Name to the check attributes of my test user. Then I get: ... not found. Can you please post the entry from SQL? Odds are you used a comparison operator like '==', rather than ':=' Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: monitoring freeradius with snmp
Hi Allan
Thanks for you suggestions.
After running configure --with-snmp I noticed (following your notes
below) that the '#define WITH_SNMP 1' was missing from autoconf.h.
So I added the line manually in autoconf.h as ...
/* Include SNMP subagent */
/* #undef WITH_SNMP */
#define WITH_SNMP 1
... and got a stream of error from 'make'.
Here is a small snippet of the errors.
-- make errors
make[4]: Entering directory `/tmp/freeradius-1.1.2/src/main'
/tmp/freeradius-1.1.2/libtool --mode=compile gcc -g -O2 -D_REENTRANT
-D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../include
-DHO STINFO=\\ -DRADIUSD_VERSION=\1.1.2\ -c radius_snmp.c rm -f
.libs/radius_snmp.lo gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS
-Wall -D_GNU_SOURCE -DNDEBUG -I../include -DHOSTINFO=\\
-DRADIUSD_VERSION=\1.1.2\ -c radi
us_snmp.c-fPIC -DPIC -o .libs/radius_snmp.lo
In file included from radius_snmp.c:39:
../include/smux.h:60: error: parse error before oid
../include/smux.h:64: error: parse error before oid
../include/smux.h:94: error: parse error before oid
../include/smux.h:94: warning: no semicolon at end of struct or union
../include/smux.h:101: error: parse error before oid
../include/smux.h:101: warning: no semicolon at end of struct or union
../include/smux.h:115: error: parse error before '}' token
../include/smux.h:136: error: parse error before '[' token
--
Obviously I've completely buggered something up.
A little advice would be great.
I downloaded the latest version i.e. freeradius-1.1.2 I also have
NET-SNMP version: 5.2.rc3 installed.
I can see from the list you are a very busy person, so thanks for your
time.
I've attached the complete output from make, along with autoconf.h.
Regards
Andy
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
us.org] On Behalf Of Alan DeKok
Sent: 04 August 2006 18:16
To: FreeRadius users mailing list
Subject: Re: monitoring freeradius with snmp
Andy Ford [EMAIL PROTECTED] wrote:
1. compiled freeradius with the '--with-snmp' option
Did the configure process find the SNMP information it needed?
Does src/include/autoconf.h have a line like:
#define WITH_SNMP 1
?
2. modified the radiusd.conf file with
snmp = yes
$INCLUDE ${confdir}/snmp.conf
When the server starts, does it say anything about connecting to
SMUX peer?
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
This e-mail is private and may be confidential and is for the intended
recipient only. If misdirected, please notify us by telephone and confirm that
it has been deleted from your system and any copies destroyed. If you are not
the intended recipient you are strictly prohibited from using, printing,
copying, distributing or disseminating this e-mail or any information contained
in it. We use reasonable endeavours to virus scan all e-mails leaving the
Company but no warranty is given that this e-mail and any attachments are virus
free. You should undertake your own virus checking. The right to monitor
e-mail communications through our network is reserved by us.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: monitoring freeradius with snmp
-snip- Obviously I've completely buggered something up. A little advice would be great. I downloaded the latest version i.e. freeradius-1.1.2 I also have NET-SNMP version: 5.2.rc3 installed. This may not make any difference to your problem, but my openSUSE boxes are currently running net-snmp 5.3.0.1 (Why run an old Release Candidate?) and the latest release of FreeRADIUS is 1.1.3 Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpxb9j21Oa10.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: WPA/RADIUS Problems
Hi, On 04/09/2006, at 11:36 AM, Alan DeKok wrote: Loukas Kalenderidis [EMAIL PROTECTED] wrote: I've been trying to use an existing user that works with dialup access, but kept having authorization rejected, so I decided to try configuring that test user with Auth-Type:= Accept to simplify the problem. Bad idea? I was under the impression I don't need certificates unless I'm using TLS, is this incorrect? As I said in my previous message, you need to configure users, passwords, and certificates for it to work. You can believe me, or you can continue doing what you're doing now, which doesn't work. I asked you questions relating to your statement in your previous message and you didn't really answer them. Can you elaborate on configure users, passwords and certificates for it to work please? Do you mean the users file needs specific configuration to work with WPA-EAP? And as I said before, I was under the impression I don't need certificates unless I'm using TLS, am I wrong? I'm happy to follow your advice, if you give me some that isn't just configure stuff dude. This is what the debug log says when I connect now: rad_recv: Access-Request packet from host 10.0.0.100:1026, id=0, length=193 Message-Authenticator = 0x5206d718f6573c1eb840261956ec4ed5 Service-Type = Framed-User User-Name = pants Framed-MTU = 1488 Called-Station-Id = 00-11-95-DB-37-0B:TestWPA Calling-Station-Id = 00-0D-93-86-48-8E NAS-Identifier = D-Link Access Point NAS-Port-Type = Wireless-802.11 Connect-Info = CONNECT 54Mbps 802.11g EAP-Message = 0x020a0170616e7473 NAS-IP-Address = 10.0.0.100 NAS-Port = 1 NAS-Port-Id = STA port # 1 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_eap: EAP packet type response id 0 length 10 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 0 rlm_realm: No '@' in User-Name = pants, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 0 radius_xlat: 'pants' rlm_sql (sql): sql_set_user escaped user -- 'pants' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM dialup_radcheck WHERE Username = 'pants' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): User pants not found in radcheck radius_xlat: 'SELECT dialup_radgroupcheck.id,dialup_radgroupcheck.GroupName,dialup_radgroupch eck.Attribute,dialup_radgroupcheck.Value,dialup_radgroupcheck.op FROM dialup_radgroupcheck,dialup_usergroup WHERE dialup_usergroup.Username = 'pants' AND dialup_usergroup.GroupName = dialup_radgroupcheck.GroupName ORDER BY dialup_radgroupcheck.id' radius_xlat: 'SELECT dialup_radgroupreply.id,dialup_radgroupreply.GroupName,dialup_radgroupre ply.Attribute,dialup_radgroupreply.Value,dialup_radgroupreply.op FROM dialup_radgroupreply,dialup_usergroup WHERE dialup_usergroup.Username = 'pants' AND dialup_usergroup.GroupName = dialup_radgroupreply.GroupName ORDER BY dialup_radgroupreply.id' rlm_sql (sql): User pants not found in radgroupcheck rlm_sql (sql): User not found rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns notfound for request 0 users: Matched entry pants at line 47 users: Matched entry DEFAULT at line 156 users: Matched entry DEFAULT at line 175 modcall[authorize]: module files returns ok for request 0 modcall[authorize]: module mschap returns noop for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type Accept rad_check_password: Auth-Type = Accept, accepting the user Login OK: [pants] (from client testap port 1 cli 00-0D-93-86-48-8E) Sending Access-Accept of id 0 to 10.0.0.100:1026 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Accept packet from host 10.0.0.100:1026, id=0, length=38 Authentication reply packet code 2 sent to a non-proxy reply port from client testap:1026 - ID 0 : IGNORED --- Walking the entire request list --- Waking up in 3 seconds... rad_recv: Access-Request packet from host 10.0.0.100:1026, id=1, length=193 Message-Authenticator = 0x593aef9381f04eb85805621b1ee22f6d Service-Type = Framed-User User-Name = pants Framed-MTU = 1488 Called-Station-Id = 00-11-95-DB-37-0B:TestWPA Calling-Station-Id = 00-0D-93-86-48-8E NAS-Identifier = D-Link Access Point NAS-Port-Type = Wireless-802.11
Re: WPA/RADIUS Problems
Loukas Kalenderidis [EMAIL PROTECTED] wrote: I asked you questions relating to your statement in your previous message and you didn't really answer them. Can you elaborate on configure users, passwords and certificates for it to work please? I'm not sure what is unclear about that. You need a server certificate, as documented in many of the EAP howto's. You need at least one user, with a known good password. Simply saying Auth-Type := Accept will not work. Ever. Do you mean the users file needs specific configuration to work with WPA-EAP? As in a user with a password... And as I said before, I was under the impression I don't need certificates unless I'm using TLS, am I wrong? Yes, you're wrong. PEAP *does* use TLS. The comments in the eap.conf file make this clear. I'm happy to follow your advice, if you give me some that isn't just configure stuff dude. The server comes with documentation that describes what to do, and how to configure it. Read eap.conf, it points you to web pages that desribe describe in *detail* what to do. rad_check_password: Auth-Type = Accept, accepting the user My previous message explained that this won't work, and why. Yet you're not only trying it again, you're posting essentially the same debug log as last time. I don't see why. Now, you can keep trying what you're doing, which is obviously not working. Or, you can read the documentation that comes with the server, and the web pages it points to. I'm sorry if this sounds abrupt, but I've put a lot of work into making the server easy to use, into documenting exactly what to do, and in answering questions on this list. You're still arguing with me over my answers, rather than following my directions. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: monitoring freeradius with snmp
Andy Ford [EMAIL PROTECTED] wrote: Thanks for you suggestions. After running configure --with-snmp I noticed (following your notes below) that the '#define WITH_SNMP 1' was missing from autoconf.h. Because configure didn't find the SNMP libraries it needs. So I added the line manually in autoconf.h as ... Which won't work. I downloaded the latest version i.e. freeradius-1.1.2 I also have NET-SNMP version: 5.2.rc3 installed. The server *should* be able to work with net-snmp, especially if you have built net-snmp with ucd-snmp compatibility. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Help to modify the reply list for accounting response packets.
Hi Vladimir, I have created the tables and added the queries for the same in the below files. I understand that I need to change the rad_accounting function in acct.c file. But please let me know where i need to update or insert the values for the reply tables. Looking forward for your help. Thanks and regards Shankar ganesh -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ius.org]On Behalf Of V.Kukushkin Sent: Thursday, August 24, 2006 7:21 PM To: Free RADIUS Subject: Re: Help to modify the reply list for accounting response packets. You have to modify src/modules/rlm_sql/conf.h src/modules/rlm_sql/rlm_sql.c src/modules/rlm_sql/drivers/rlm_sql_mysql/sql_mysql.c /etc/raddb/sql.conf .. and forget about RFC :-) -- regards, Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
