Radius with SNMP -- Urgent

[Kshitij Korde]

 
After compiling
freeradius with  "--with-snmp" option and when i try to run the server in
the debug mode I see.
 


Module:
Instantiated radutmp (radutmp)   
main:
smux_password = "verysecret"
main:
snmp_write_access = no
SMUX
connect try 1
Can't
connect to SNMP agent with SMUX: Connection refused
Listening
on authentication *:1918
Listening
on accounting *:1919
Ready to
process requests. 
___ 
I am still trying to figure out what step should i take
next.
Can anybody help me
 -Kshitij



Tech Mahindra, formerly Mahindra-British Telecom.
 
Disclaimer:

This message and the information contained herein is proprietary and confidential and subject to the Tech Mahindra policy statement, you may review at http://www.techmahindra.com/Disclaimer.html externally and http://tim.techmahindra.com/Disclaimer.html internally within Tech Mahindra.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Attribute Operators

[Edward.Shih]

Thank you, Peter. You are so kind! Truly appreciated!!

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
g] On Behalf Of Peter Nixon
Sent: Thursday, September 14, 2006 2:48 PM
To: FreeRadius users mailing list
Subject: Re: Attribute Operators

On Thu 14 Sep 2006 19:09, Cliff Hayes wrote:
> Hello everyone,
>
> Does anyone know of a good reference site for the attribute operators
(:=,
> ==, +=) that shows what each means?

http://wiki.freeradius.org/index.php/Operators


-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Attribute Operators

[Kevin Bonner]

On Thursday 14 September 2006 17:47, Peter Nixon wrote:
> On Thu 14 Sep 2006 19:09, Cliff Hayes wrote:
> > Hello everyone,
> >
> > Does anyone know of a good reference site for the attribute operators
> > (:=, ==, +=) that shows what each means?
>
> http://wiki.freeradius.org/index.php/Operators

The := operator display is fixed.  The wiki is responding much faster than it 
was earlier today.

-Kevin


pgpoQ156XexJb.pgp
Description: PGP signature
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Attribute Operators

[Peter Nixon]

On Thu 14 Sep 2006 23:19, Francois-Xavier GAILLARD wrote:
> Le Thu, Sep 14, 2006 at 12:35:39PM -0400, Alan DeKok ecrivait:
> > "Cliff Hayes" <[EMAIL PROTECTED]> wrote:
> > > Does anyone know of a good reference site for the attribute operators
> > > (:=, ==, +=) that shows what each means?
> >
> >   "man users", or "man 5 users", depending on your OS.
>
> I was going to tell him to have a look at the wiki, the SQL part of it,
> but I can't get to it. Port 80 is open but no response and no timeout:

There is something causing Apache to occasionally hang on the server. When I 
figure out what it it I will fix it :-)

-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc


pgp4xOoKAWurz.pgp
Description: PGP signature
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Attribute Operators

[Peter Nixon]

On Thu 14 Sep 2006 19:09, Cliff Hayes wrote:
> Hello everyone,
>
> Does anyone know of a good reference site for the attribute operators (:=,
> ==, +=) that shows what each means?

http://wiki.freeradius.org/index.php/Operators


-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc


pgpaBeSCxVydt.pgp
Description: PGP signature
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Attribute Operators

[Francois-Xavier GAILLARD]

Le Thu, Sep 14, 2006 at 12:35:39PM -0400, Alan DeKok ecrivait:
> "Cliff Hayes" <[EMAIL PROTECTED]> wrote:
> > Does anyone know of a good reference site for the attribute operators (:=,
> > ==, +=) that shows what each means?
> 
>   "man users", or "man 5 users", depending on your OS.

I was going to tell him to have a look at the wiki, the SQL part of it,
but I can't get to it. Port 80 is open but no response and no timeout:

[EMAIL PROTECTED] :~$telnet wiki.freeradius.org 80
Trying 66.139.73.209...
Connected to wiki.freeradius.org.
Escape character is '^]'.
get /

And I can wait hours.

A normal connection would be:

[EMAIL PROTECTED] :~$telnet 212.43.246.10 80
Trying 212.43.246.10...
Connected to 212.43.246.10.
Escape character is '^]'.
get /


501 Method Not Implemented

Method Not Implemented
get to /index.html not supported.
Invalid method in request get /

Apache/1.3.33 Server at mailto:[EMAIL PROTECTED]">host1.thefox.com.fr Por
t 80

Connection closed by foreign host.
[EMAIL PROTECTED] :~

Don't you have any monitoring for the wiki website ? if none, do you want some ?


Regards,
Fox.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: denying access to user from device

[Garrett . Marks]

> Rob Shepherd wrote:
> TYPO!
> 
> DEFAULT HuntGroup-Name == ciscovpnc
>          Autz-Type := ldap
> 
> ...is how it looks in raddb/user.

You need to put the Autz-Type on the first line as
a check item.

DEFAULT HuntGroup-Name == ciscovpnc, Autz-Type :=
ldap

If I understand correctly, with the Autz-Type on the
second line you are trying to set it as a reply item.  However, Autz-Type
is a server configuration attribute not a standard RADIUS attribute that
a client (NAS) would understand, which is why you need to set it on the
first line.  

I've been using a similar configuration for awhile,
except we use multiple ldap modules and I also set Auth-Type as well as
the Autz-Type.  
 
> Oh, and I tried various combos of
> 
> Autz-Type ldap{
>    ldap
> }
> 
> in authorize{ too. No joy.

This looks fine to me, probably just need to fix the
DEFAULT line.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: denying access to user from device

[Rob Shepherd]

Rob Shepherd wrote:

Dear freeradiuseers,

I have my wireless network working great... PEAP supplicants are 
authenticated from either LDAP or MySQL and the appropriate 
Tunnel-Private-Group-ID is set to allocate the correct vlan.


I also have a cisco VPN concentrator. I must only allow ldap users to 
authenticate to this. mysql users mustn't get a look in...


I tried making a huntgroup in raddb/huntgroups...

ciscovpnc   NAS-IP-Address == 10.1.33.4

then in raddb/users...

DEFAULT HuntGroup-Name == ciscovpnc
Autz-Type = ldap

however sql is still checked.

Could some body shove me in the right direction..

Cheers

Rob






TYPO!

DEFAULT HuntGroup-Name == ciscovpnc
Autz-Type := ldap

...is how it looks in raddb/user.


Oh, and I tried various combos of

Autz-Type ldap{
ldap
}

in authorize{ too. No joy.

Thanks IA

Rob


--
Rob Shepherd | Computer and Network Engineer | Technium CAST | LL57 4HJ
[EMAIL PROTECTED] | 01248 675024 | 077988 72480
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Attribute Operators

[Alan DeKok]

"Cliff Hayes" <[EMAIL PROTECTED]> wrote:
> Does anyone know of a good reference site for the attribute operators (:=,
> ==, +=) that shows what each means?

  "man users", or "man 5 users", depending on your OS.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: denying access to user from device

[Alan DeKok]

Rob Shepherd <[EMAIL PROTECTED]> wrote:
> then in raddb/users...
> 
> DEFAULT HuntGroup-Name == ciscovpnc
>  Autz-Type = ldap

  Run the server in debugging mode.  It will tell you that Autz-Type
doesn't belong there.

  Read the "man" page for the "users" file./

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: How to return AV pairs from within an rlm module?

[Ali Majdzadeh]

Hi Josh
Thanks a lot.
I am going to give it a try.

Best Regards
Ali
On 9/14/06, Josh Howlett <[EMAIL PROTECTED]> wrote:
Add your attributes to the reply structure. FreeRADIUS will take care ofthe rest.josh.Ali Majdzadeh wrote:> Hi all> I want to return AV pairs (Cisco VoIP) from within an rlm module. I
> tried to printf them into stdout, but it didn't work.> Should I use the structures accessible within the rlm module? for> example, REQUEST.> Then, how should I pass them to Cisco?>> Regards
> Ali>>> >> -> List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Attribute Operators

[Cliff Hayes]

Hello everyone,

Does anyone know of a good reference site for the attribute operators (:=,
==, +=) that shows what each means?

I can't find them anywhere.  I even bought the book Radius by Jonathan
Hassell.  Not there either.

Thanks in advance,

Cliff

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

denying access to user from device

[Rob Shepherd]

Dear freeradiuseers,

I have my wireless network working great... PEAP supplicants are 
authenticated from either LDAP or MySQL and the appropriate 
Tunnel-Private-Group-ID is set to allocate the correct vlan.


I also have a cisco VPN concentrator. I must only allow ldap users to 
authenticate to this. mysql users mustn't get a look in...


I tried making a huntgroup in raddb/huntgroups...

ciscovpnc   NAS-IP-Address == 10.1.33.4

then in raddb/users...

DEFAULT HuntGroup-Name == ciscovpnc
Autz-Type = ldap

however sql is still checked.

Could some body shove me in the right direction..

Cheers

Rob




--
Rob Shepherd | Computer and Network Engineer | Technium CAST | LL57 4HJ
[EMAIL PROTECTED] | 01248 675024 | 077988 72480
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Dial-UP admin page problems

[Nico Gazzano]

Ok,

I removed apache2 and went backwards to apache1.3.  I
have php4 module working, and I have included the following lines in the
httpd.conf.  

AddType application/x-httpd-php .php3

AddType application/x-httpd-php php

 

Still whenever I try to access the dial-up admin page my
browser wants me to download the buttons.php3 script.  I’m at a
loss.  I’m a novice Linux admin so forgive me if I don’t sound
like I know what I’m talking about.

 

 

Nico Gazzano

Network & Systems Admin

MIS Choice Inc.

1699 Wall ST
  Suite 602

Mount Prospect, IL 60056

Phone 847-690-1900 ext206

Fax 847-690-1350

[EMAIL PROTECTED]

 






- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: segmentation fault bug with mysql5 backend

[liran tal]

this bug seems to appear only on the debian unstable package since from source its compiling just fine.package maintainer was notified of this.On 9/14/06, 
liran tal <[EMAIL PROTECTED]> wrote:
  Debian Unstable  kernel 2.6.17-2-686  Package: freeradius-mysql freeradius  Version: 1.1.3-1  I've configured freeradius with a mysql backend using the gz'iped mysql.sql schema found on   /usr/share/doc/freeradius/examples/
   When I run a simple test with radtest I'm getting segmentation fault.  Here's the log from /usr/sbin/freeradius -X when the radtest packet is sent: rad_recv: Access-Request packet from host 
127.0.0.1:1046, id=25, length=57    User-Name = "admin"    User-Password = "admin"
    NAS-IP-Address = 255.255.255.255
    NAS-Port = 1812  Processing the authorize section of radiusd.confmodcall: entering group authorize for request 0  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0    rlm_realm: No '@' in User-Name = "admin", looking up realm NULL    rlm_realm: No such realm "NULL"  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP  modcall[authorize]: module "eap" returns noop for request 0    users: Matched entry DEFAULT at line 152  modcall[authorize]: module "files" returns ok for request 0
radius_xlat:  'admin'rlm_sql (sql): sql_set_user escaped user --> 'admin'radius_xlat:  'SELECT id, UserName, Attribute, Value, op   FROM radcheck   WHERE Username = 'admin'   ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4Segmentation faultserver:/etc/freeradius# Never encountered in this bug before. Thanks,  Liran Tal.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Help with Certs

[Alan DeKok]

Mike May <[EMAIL PROTECTED]> wrote:
> attached is a copy of my EAP.conf file with cert info,  I need to renew 
> the certs and do not know what the process is

  You don't renew certs.  You just create new ones, using the same
process you used to create the old ones.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rautmp not working..

[Alan DeKok]

Collen Blijenberg <[EMAIL PROTECTED]> wrote:
> but how can i see who's logged in then ? (and where)

  If the NAS won't tell the server who's logged in, the server won't
know, and neither will you.

  Buy a real NAS.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeRADIUS doc

[Alan DeKok]

"affora deeb" <[EMAIL PROTECTED]> wrote:
> hi did u get the answer
> if u did plz tell me
> coz i got the same problem

  The online documentation is at http://www.freeradius.org/doc/, and
the wiki.

  The directory http://www.freeradius.org/radiusd/doc/ is just a copy
of the 'doc' directory that's included with the server.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

segmentation fault bug with mysql5 backend

[liran tal]

  Debian Unstable  kernel 2.6.17-2-686  Package: freeradius-mysql freeradius  Version: 1.1.3-1  I've configured freeradius with a mysql backend using the gz'iped mysql.sql schema found on   /usr/share/doc/freeradius/examples/
   When I run a simple test with radtest I'm getting segmentation fault.  Here's the log from /usr/sbin/freeradius -X when the radtest packet is sent: rad_recv: Access-Request packet from host 
127.0.0.1:1046, id=25, length=57    User-Name = "admin"    User-Password = "admin"    NAS-IP-Address = 255.255.255.255
    NAS-Port = 1812  Processing the authorize section of radiusd.confmodcall: entering group authorize for request 0  modcall[authorize]: module "preprocess" returns ok for request 0  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0    rlm_realm: No '@' in User-Name = "admin", looking up realm NULL    rlm_realm: No such realm "NULL"  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP  modcall[authorize]: module "eap" returns noop for request 0    users: Matched entry DEFAULT at line 152  modcall[authorize]: module "files" returns ok for request 0
radius_xlat:  'admin'rlm_sql (sql): sql_set_user escaped user --> 'admin'radius_xlat:  'SELECT id, UserName, Attribute, Value, op   FROM radcheck   WHERE Username = 'admin'   ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4Segmentation faultserver:/etc/freeradius# Never encountered in this bug before. Thanks,  Liran Tal.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Help with Certs

[Mike May]

Hello everyone, I am new to freeRadius and was wondering if someone 
could provide me some help on renewing my certs.


attached is a copy of my EAP.conf file with cert info,  I need to renew 
the certs and do not know what the process is


thanks a bunch for any help, hopefully i will group out of my newbie 
phase soon.


Mike


 tls {
#private_key_password = 
#private_key_password = 
#private_key_file = ${raddbdir}/certs/newreq.pem
private_key_file = 
${raddbdir}/certs/selfsigned/radius-selfsigned.pem


#  If Private key & Certificate are located in
#  the same file, then private_key_file &
#  certificate_file must contain the same file
#  name.
#certificate_file = ${raddbdir}/certs/newreq.pem
certificate_file = 
${raddbdir}/certs/selfsigned/radius-selfsigned.pem


#  Trusted Root CA list
CA_file = ${raddbdir}/certs/demoCA/cacert.pem

dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: IAS and Openser

[Artur Hayne]

   modcall[authorize]: module "auth_log" returns ok for request 3   modcall[authorize]: module "chap" returns noop for request 3     rlm_realm: Looking up realm "voip.domain.br" for User-Name = "[EMAIL PROTECTED]"     rlm_realm: Found realm "DEFAULT"     rlm_realm: Proxying request from user teste to realm DEFAULT     rlm_realm: Adding Realm = "DEFAULT"     rlm_realm: Preparing to proxy authentication request to realm "DEFAULT"   modcall[authorize]: module "suffix" returns updated for request 3 rlm_digest: Adding Auth-Type = DIGEST   modcall[authorize]: module "digest" returns ok for request 3 rlm_ldap: - authorize rlm_ldap: performing user authorization for [EMAIL PROTECTED] radius_xlat:  '([EMAIL PROTECTED])' radius_xlat:  'ou=users,dc=voip,dc=domain,dc=br' rlm_ldap: ldap_get_conn: Checking Id:
 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=users,dc=voip,dc=domain,dc=br, with filter ([EMAIL PROTECTED]) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0   modcall[authorize]: module "ldap" returns notfound for request 3 modcall: leaving group authorize (returns notfound) for request 3 Sending Access-Request of id 3 to 10.2.1.XY port 1600     User-Name = "[EMAIL PROTECTED]"     Digest-Attributes = 0x0a077465737465     Digest-Attributes = 0x010e766f69702e756662612e6272     Digest-Attributes = 0x022a34353039343233343264313165616336306262366262633263373539643630666362383939656131     Digest-Attributes =
 0x04127369703a766f69702e756662612e6272     Digest-Attributes = 0x030a5245474953544552     Digest-Response = "4283445dcb36643dab5f437e10f692bf"     Service-Type = IAPP-Register     X-Ascend-PW-Lifetime = 0x7465737465     NAS-IP-Address = 10.2.1.XX     NAS-Port = 5060     Proxy-State = 0x323038 Re-sending Access-Request of id 0 to 10.2.1.XX port 1600     User-Name = "[EMAIL PROTECTED]"     Digest-Attributes = 0x0a077465737465     Digest-Attributes = 0x010e766f69702e756662612e6272     Digest-Attributes =
 0x022a34353039343233343264313165616336306262366262633263373539643630666362383939656131     Digest-Attributes = 0x04127369703a766f69702e756662612e6272     Digest-Attributes = 0x030a5245474953544552     Digest-Response = "4283445dcb36643dab5f437e10f692bf"     Service-Type = IAPP-Register     X-Ascend-PW-Lifetime = 0x7465737465     NAS-IP-Address = 10.2.1.XX     NAS-Port = 5060     Client-IP-Address = 10.2.1.XX     Realm = "DEFAULT"     Module-Failure-Message = "rlm_ldap: User not found"     Realm =
 "DEFAULT"     Proxy-State = 0x323035 Waking up in 1 seconds... rad_recv: Access-Request packet from host 10.2.1.XX:33634, id=206, length=200 Ignoring duplicate packet from client OpenSER:33634 - ID: 206, due to outstanding proxied request 1.  Its seems the proxy is working, but it dont communicate with the IAS.   -- Module-Failure-Message = "rlm_ldap: User not found" -- I dont know what meanig, but the sound is not good. The command ldasearch return a rigth answer, I dont know what happended.  The problem is in IAS? How can I test it?  Any ideia?  Merci.  [EMAIL PROTECTED] escreveu:Hi,>  How can I transform freeradius server in a proxy?>  I configured the proxy.conf, but seems dont work>>  And I uncommnet the line in radiusd.conf:>>  proxy_requests  = yes>  $INCLUDE  ${confdir}/proxy.conf>>  I wanna do this:>  |Openser| -> |Radiusclient| -> |Freeradius| -> |IAS| -> |AD|>>  Its work?>>  And in IAS should I configured anything?Configure the NULL realm with the same settings as DEFAULT. Other than that, the config sounds good to me. Did you change anything apart from that in the default config file? In particular, you need to have at least one instance of the "realm" module in authorize { }. The default config has "suffix" in there, that should be fine. You need to be sure then that your user names don't contain the @ character - otherwise they won't match the DEFAULT realm you set up
 in proxy.conf.If you are positive that an instance of realm is in authorize and NULL is configured, but it still doesn't work then please post the debug output (radiusd -X) of a packet that arrived and was supposed to be proxied, but wasn't.>  Sorry for the portuguese e-mail.When I read it, I wondered what strange dialect of Spanish this is. :-) Portuguese and Spanish aren't that far apart after all, it seems.Greetings,Stefan Winter 
		 
Yahoo! Acesso Grátis - Internet rápida e grátis. Instale o discador agora! 
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

issue while setting up clients list from mysql

[Christian Hahn]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

I've running a freeradius 2.0.0.pre0 from CVS (20060912) and have
problems generating the clients list from the nas table of an mysql
server.
The mysql server is running on localhost I can connect using the same
user/password combination configured in the radiusd sql section.
On the mysql console I can ask the SELECT query for the nas tables
defined in sql/mysql-dialup.conf with success.
But if I fire up the radiusd it gives this error:

- --8<---
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and
linked
rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
rlm_sql (sql): Processing generate_sql_clients
rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname,
shortname, type, secret FROM nas
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql_mysql: query:  SELECT id, nasname, shortname, type, secret
FROM nas
rlm_sql (sql): Read entry
nasname=127.0.0.1,shortname=localhost,secret=testing123
rlm_sql (sql): Adding client 127.0.0.1 (localhost) to clients list
rlm_sql (sql): generate_sql_clients() returned error
rlm_sql (sql): Closing sqlsocket 4
rlm_sql (sql): Closing sqlsocket 3
rlm_sql (sql): Closing sqlsocket 2
rlm_sql (sql): Closing sqlsocket 1
rlm_sql (sql): Closing sqlsocket 0
radiusd.conf[11]: sql: Module instantiation failed.
radiusd.conf[1966] Failed to find module "sql".
radiusd.conf[1889] Failed to parse authorize section.
Errors setting up modules

I'm a little bit lost now, maybe I don't see the obvious. Any hints
what can cause this error are appreciated.

regards,
Christian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFCUPj6kMW7HW8620RAt9PAJ9pU1Ff4pmx5aIVuc7kfA7T7o2uWwCgnxDr
FGRD6tYbV9JPq64hah4N48s=
=6EQ9
-END PGP SIGNATURE-
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: NT-PASSWORD--Re: Freeradius-Users Digest, Vol 17, Issue 47

[Stefan Winter]

> rlm_sql: Failed to create the pair: Unknown attribute "NT_Password"
>
> |davide |  NT_Password  |   :=   |781b0395cf9f8c1e5873eee5d28c38eb

Shouldn't that be NT-Password (dash), not NT_Password (underscore)?

Stefan

-- 
Stefan WINTER

Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de 
la Recherche
Ingenieur Forschung & Entwicklung

6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL PROTECTED]     Tel.:     +352 424409-1
http://www.restena.lu                Fax:      +352 422473


pgpoHdfH9k450.pgp
Description: PGP signature
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: (Desperate) help setting up freeradius for use with eap-tls and win clients

[A . L . M . Buxey]

Hi,

> hello!1st of all, THANKS for replying!:)
> unfortunately, when i try to type "radiusd -X -A" the ouput is what 
> follows..

read the output. it says the group 'nobody' doesnt exist. your radius.conf
is saying use user X and group X. these must be changed to user and group
you want to use. most people create a radiusd:radiusd setup. your
files then need to have the correct permission. right now that are all owned
by root:root   - not desirable. 

alan
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

NT-PASSWORD--WORKING

[ego seek]

FOUND ERROR
if I insert NT-PASSWORD, instead of NT_PASSWORD, it work fine.

thank you so much

egoseekDate: Wed, 13 Sep 2006 16:35:49 +0100From: Rob Shepherd <[EMAIL PROTECTED]>Subject: Re: NT-PASSWORD--Re: Freeradius-Users Digest, Vol 17, Issue
        47To: FreeRadius users mailing list        
Message-ID: <[EMAIL PROTECTED]>Content-Type: text/plain; charset=ISO-8859-1; format=flowed
ego seek wrote:> I'm working with mschapv2,> I use a PHP web site to register a user,  can i insert into the db a> NT-hased password?Yes, radcheck should containUserName  |  Attribute    |  op  |  Value                             |
--|---|--||colin     |  NT_Password  |  :=  |  abcdef1234567890abcdef1234567890  |I use Pear Crypt...   $cr = new Crypt_CHAP_MSv1();   $cr->password = $password;   $NThash = bin2hex($cr->ntPasswordHash());?>Rob
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

NT-PASSWORD--Re: Freeradius-Users Digest, Vol 17, Issue 47

[ego seek]

Date: Wed, 13 Sep 2006 16:35:49 +0100From: Rob Shepherd <[EMAIL PROTECTED]>Subject: Re: NT-PASSWORD--Re: Freeradius-Users Digest, Vol 17, Issue
        47To: FreeRadius users mailing list        
Message-ID: <[EMAIL PROTECTED]>Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Thank you, but, after done that radiusd display this to me:radius_xlat:  'davide'rlm_sql (sql): sql_set_user escaped user --> 'davide'radius_xlat:  'SELECT id, UserName, Attribute, Value, op   FROM radcheck   WHERE Username = 'davide'   ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3rlm_sql: Failed to create the pair: Unknown attribute "NT_Password"rlm_sql (sql): Error getting data from databaserlm_sql (sql): SQL query error; rejecting user
rlm_sql (sql): Released sql socket id: 3  modcall[authorize]: module "sql" returns fail for request 0modcall: leaving group authorize (returns fail) for request 0There was no response configured: rejecting request 0
Server rejecting request 0.Finished request 0What I have to do now? (username=davide, password=verde,  my radcheck table row is:  |--||--|
|davide |  NT_Password  |   :=   |    781b0395cf9f8c1e5873eee5d28c38eb
 ||--|-|--|where i have to configure radius?BEst regards.ego seek wrote:
> I'm working with mschapv2,> I use a PHP web site to register a user,  can i insert into the db a> NT-hased password?Yes, radcheck should containUserName  |  Attribute    |  op  |  Value                             |
--|---|--||colin     |  NT_Password  |  :=  |  abcdef1234567890abcdef1234567890  |I use Pear Crypt...   $cr = new Crypt_CHAP_MSv1();   $cr->password = $password;   $NThash = bin2hex($cr->ntPasswordHash());?>Rob
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: (Desperate) help setting up freeradius for use with eap-tls and win clients

[Stefan Winter]

Hi,

> Cannot switch group; nobody doesn't exist

that sounds pretty definitive. The group named "nobody" doesn't exist. 
radiusd.conf allows you to specify the group name for the server, and it is 
obviously set to "nobody", but "nobody" doesn't exist.

You can either add that group to your system (that's the clean way) or set 
group=root (and probably even user=root) in radiusd.conf. Given that you just 
need a quick-and-dirty setup for your exam, just set both to root, then you 
won't have permissions problems anywhere. 
But be warned: I don't recommend this for production use.

Greetings,

Stefan Winter

-- 
Stefan WINTER

Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de 
la Recherche
Ingenieur Forschung & Entwicklung

6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL PROTECTED]     Tel.:     +352 424409-1
http://www.restena.lu                Fax:      +352 422473


pgpk9gnfSlEi9.pgp
Description: PGP signature
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: (Desperate) help setting up freeradius for use with eap-tls and win clients

[Federico Carbonetti]

hello!1st of all, THANKS for replying!:)
unfortunately, when i try to type "radiusd -X -A" the ouput is what follows..

Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /usr/local/etc/raddb/proxy.conf
Config:   including file: /usr/local/etc/raddb/clients.conf
Config:   including file: /usr/local/etc/raddb/snmp.conf
Config:   including file: /usr/local/etc/raddb/eap.conf
Config:   including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/usr/local/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/usr/local/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
main: user = "nobody"
main: group = "nobody"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
Using deprecated naslist file.  Support for this will go away soon.
read_config_files:  reading clients
read_config_files:  reading realms
Cannot switch group; nobody doesn't exist

as i mentioned, maybe the problem is in the permissions/owners.. here
is the list of important files and configuration

-rw-r--r-- 1 root root   422 2006-09-13 13:25 acct_users
-rw-r--r-- 1 root root  4074 2006-09-13 13:25 attrs
drwxr-xr-x 3 root root  4096 2006-09-13 16:47 certs
-rw-r- 1 root root   189 2006-09-13 13:25 clients
-rw-r- 1 root root  2935 2006-09-13 17:18 clients.conf
-rw-r- 1 root root  2933 2006-09-13 14:01 clients.conf~
-rw-r--r-- 1 root root   935 2006-09-13 13:25 dictionary
-rw--- 1 root root  9974 2006-09-13 18:44 eap.conf
-rw--- 1 root root  9966 2006-09-13 17:38 eap.conf~
-rwxr-xr-x 1 root root  4620 2006-09-13 13:25 example.pl
-rw-r--r-- 1 root root  4405 2006-09-13 13:25 experimental.conf
-rw-r--r-- 1 root root  2396 2006-09-13 13:25 hints
-rw-r--r-- 1 root root  1604 2006-09-13 13:25 huntgroups
-rw-r--r-- 1 root root  2424 2006-09-13 13:25 ldap.attrmap
-rw-r--r-- 1 root root  8786 2006-09-13 13:25 mssql.conf
-rw-r--r-- 1 root root  1020 2006-09-13 13:25 naslist
-rw-r- 1 root root   856 2006-09-13 13:25 naspasswd
-rw-r--r-- 1 root root 12267 2006-09-13 13:25 oraclesql.conf
-rw-r--r-- 1 root root  7316 2006-09-13 13:25 otp.conf
-rw-r--r-- 1 root root  1734 2006-09-13 13:25 otppasswd.sample
-rw-r--r-- 1 root root 14514 2006-09-13 13:25 postgresql.conf
-rw-r--r-- 1 root root  1039 2006-09-13 13:25 preproxy_users
-rw-r--r-- 1 root root  8834 2006-09-13 13:25 proxy.conf
-rw-r--r-- 1 root root 65378 2006-09-13 19:02 radiusd.conf
-rw-r--r-- 1 root root 65378 2006-09-13 19:00 radiusd.conf~
-rw-r--r-- 1 root root   187 2006-09-13 13:25 realms
-rw-r--r-- 1 root root  1405 2006-09-13 13:25 snmp.conf
-rw-r--r-- 1 root root 14128 2006-09-13 13:25 sql.conf
-rw-r--r-- 1 root root  3339 2006-09-13 13:25 sqlippool.conf
-rw-r--r-- 1 root root  6940 2006-09-13 13:25 users

and in the derectory cert the permeissions are:

-r--r--r-- 1 root   root 3194 2006-09-13 16:46 cacert.pem
-rw-r--r-- 1 root   root  721 2006-09-13 13:25 cert-clt.der
-rw-r--r-- 1 root   root 1741 2006-09-13 13:25 cert-clt.p12
-rw-r--r-- 1 root   root 2452 2006-09-13 13:25 cert-clt.pem
-rw-r--r-- 1 root   root  717 2006-09-13 13:25 cert-srv.der
-rw-r--r-- 1 root   root 1733 2006-09-13 13:25 cert-srv.p12
-rw-r--r-- 1 root   root 2439 2006-09-13 13:25 cert-srv.pem
drwxr-xr-x 2 root   root 4096 2006-09-13 13:25 demoCA
-r 1 nobody root  466 2006-09-13 16:58 dh
-rw-r--r-- 1 root   root 2913 2006-09-13 13:25 newcert.pem
-rw-r--r-- 1 root   root 1753 2006-09-13 13:25 newreq.pem
-r 1 nobody root 1024 2006-09-13 16:59 random
-rw-r--r-- 1 root   root  431 2006-09-13 13:25 README
-rw-r--r-- 1 root   root  954 2006-09-13 13:25 root.der
-rw-r--r-- 1 root   root 1973 2006-09-13 13:25 root.p12
-rw-r--r-- 1 root   root 2764 2006-09-13 13:25 root.pem
-r 1 nobody root 1815 2006-09-13 16:47 server_keycert.pem

Any idea?
Thanks a lot again!


2006/9/14, [EMAIL PROTECTED] <[EMAIL PROTECTED]>:

Hi,

> changing described in part III of the guide.. But when I finally
> started the server by typing rc.radiusd start It just wrote radiusd as
> response and then 

Re: Maximum timed out Session

[Ali Jawad]

Yes there is you can set the maximum time out for every session...Iam
actually using the dialup admin web interface to do that. So I cant
really tell you in wich configuration file the option is.
But I hope this helps you anyway.

On 9/14/06, Elie Hani <[EMAIL PROTECTED]> wrote:




Hi;



Is there a way to disconnect a user after a certain time automatically using
freeradius?

I've tried the entry:"Max-All-Session" in the database, but it didn't work.



Thanks

Elie Hani
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html





--
With Regards Ali Jawad
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Maximum timed out Session

[James Wakefield]

Elie Hani wrote:

Hi;

 

Is there a way to disconnect a user after a certain time automatically 
using freeradius?


I’ve tried the entry:”Max-All-Session” in the database, but it didn’t work.



Hi Elie,

The standard way is to send the Session-Timeout attribute to the NAS, 
with a numerical value of seconds, eg: Session-Timeout=600 for a 10 
minute timeout.


--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.

Phone: 03 5227 8690 International: +61 3 5227 8690
Fax:   03 5227 8866 International: +61 3 5227 8866
E-mail:   [EMAIL PROTECTED]
Website:  http://www.deakin.edu.au
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: How to return AV pairs from within an rlm module?

[Shankar Ganesh C]

Hi 
Ali,
 
it works from the exec program .
Just 
by writing to the stdout in format "User-Name=steve".I have tried with vendor 
specfic attributes also it has worked.
 
Rgds,
Shankar ganesh

  -Original Message-From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]On 
  Behalf Of Ali MajdzadehSent: Thursday, September 14, 2006 1:27 
  PMTo: FreeRadius users mailing listSubject: How to 
  return AV pairs from within an rlm module?Hi allI 
  want to return AV pairs (Cisco VoIP) from within an rlm module. I tried to 
  printf them into stdout, but it didn't work.Should I use the structures 
  accessible within the rlm module? for example, REQUEST. Then, how should I 
  pass them to Cisco?RegardsAli
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: (Desperate) help setting up freeradius for use with eap-tls and win clients

[A . L . M . Buxey]

Hi,

> changing described in part III of the guide.. But when I finally
> started the server by typing rc.radiusd start It just wrote radiusd as
> response and then the shell prompts for new commands, while I think it
> should say something like "waiting to process..."

that command should just start the service as per normal...which would
drop you back to the shell.  if you want to see radiusd working, then you
need to either supply the forreground or debug flags to it...as in
the documents..

radiusd -X

should do nicely

alan
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: How to return AV pairs from within an rlm module?

[Josh Howlett]

Add your attributes to the reply structure. FreeRADIUS will take care of 
the rest.


josh.

Ali Majdzadeh wrote:

Hi all
I want to return AV pairs (Cisco VoIP) from within an rlm module. I 
tried to printf them into stdout, but it didn't work.
Should I use the structures accessible within the rlm module? for 
example, REQUEST.

Then, how should I pass them to Cisco?

Regards
Ali




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

How to return AV pairs from within an rlm module?

[Ali Majdzadeh]

Hi allI want to return AV pairs (Cisco VoIP) from within an rlm module. I tried to printf them into stdout, but it didn't work.Should I use the structures accessible within the rlm module? for example, REQUEST. 
Then, how should I pass them to Cisco?RegardsAli
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Maximum timed out Session

[Elie Hani]

Hi;

 

Is there a way to disconnect a user after a certain time
automatically using freeradius?

I’ve tried the entry:”Max-All-Session” in
the database, but it didn’t work.

 

Thanks

Elie Hani






- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: RADIUS proxy-----trace user site surfed------

[Santiago Balaguer García]

You can use the radacct table to log your users. Obviously, you have to 
enable the use of a DB for working with freeradius.




From: "ego seek" <[EMAIL PROTECTED]>
Reply-To: FreeRadius users mailing list 


To: "Freeradius MailingList" 
Subject: RADIUS proxy-trace user site surfed--
Date: Wed, 13 Sep 2006 16:51:23 +0200

Does anybody know how can I setup RADIUS and a proxy server to generate a
log for the users?

I need to trace where in the Internet the user went.


Do yoy have any other suggestion for this pourpose?


thank you.
Best regards

egoseek




-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html


_
Horóscopo, tarot, numerología... Escucha lo que te dicen los astros. 
http://astrocentro.msn.es/


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rautmp not working..

[Collen Blijenberg]

Hmm, that could be true... ?!

but how can i see who's logged in then ? (and where)

Thx,

Collen

Alan DeKok wrote:

Collen Blijenberg <[EMAIL PROTECTED]> wrote:
  
but i also have no idea how to make the nas (linksys wap54g v3 eu) or 
the freeradius (1.1.3) do accounting.



  The linksys simply might not do accounting.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
  


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeRADIUS doc

[Peter Nixon]

The same docs are in the docs/ directory in the source tarball and most of 
them are also available on wiki.freeradius.org

Cheers

Peter

On Thu 14 Sep 2006 09:38, affora deeb wrote:
> hi did u get the answer
> if u did plz tell me
> coz i got the same problem
>
> On 8/28/06, Carlo Prestopino <[EMAIL PROTECTED]> wrote:
> > Hi all,
> > I'm trying to access freeRaDIUS doc section
> > (http://www.freeradius.org/radiusd/doc/), but I got a "Forbidden" access
> > message. Is this section accessible to normal users?


-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc


pgpNYZn0W1owf.pgp
Description: PGP signature
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

(Desperate) help setting up freeradius for use with eap-tls and win clients

[Federico Carbonetti]

Hello everybody!

I am completely new to freeradius and its world, as well as to linux
environment.. I post this e-mail because I have few days left to
configure freeradius for an exam about WLAN security and I am
desperate... :(
Yesterday I installed freeradius 1.1.3 on my linux kubuntu box (where
I have kernel 2.6.15 installed) by following this step by step guide
in 3 parts: http://www.linuxjournal.com/article/8151

Everything worked fine, maybe I just wasn't sure about the permissions
changing described in part III of the guide.. But when I finally
started the server by typing rc.radiusd start It just wrote radiusd as
response and then the shell prompts for new commands, while I think it
should say something like "waiting to process..."

Can anybody please help me to fix this?
Otherwise, if you could please suggest me another HOWTO more updated
and more reliable of the one I mentioned above, I could also start
again on another laptop where i have kubuntu installed as well..

Thanks a lot everybody for your attention/the help you will wish to give me!:)
federico
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html