No matching entry in the database
Dear friends, I have a problem activating users in the freeRadius server (with PCLinuxOS, MySQL Database): Username monkey Passwd quikec Getting the following radius.log : ** Mon Sep 18 16:35:56 2006 : Info: rlm_sql (sql): No matching entry in the database for request from user [monkey] Mon Sep 18 16:35:56 2006 : Auth: Login incorrect: [monkey/quikec] (from client PortMaster-1 port 47 cli 22252956) ** I would appreciate very much your hints. Thanks and regards Federico. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxy.conf
"Cliff Hayes" <[EMAIL PROTECTED]> wrote: > The instructions in radiusd.conf say the following: > > # To disable proxying, change the "yes" to "no", and comment the > # $INCLUDE line. > > Here's the issue -- how can I comment out the include line if that is what > causes my problem. I want to disable proxying. I thought, since that was > in the instructions, there must be some other place to put realm info. It looks like the documentation is incorrect. In any case, the server does NOT do proxying in the default config. You have to configure realms for proxying to occur. So to disable proxying... just don't create realms. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Write access to the wiki
On Monday 18 September 2006 01:12, Graham Beneke wrote: > Is access to the wiki exclusive?? > I wanted to start working on a sqlcounter page since the current > documentation is rather lacking and I plan to 'journal' my exploits in > figuring it out... > But I can't seem to find the register link that is referred to. There should be a "Log In" link in the top right corner of the page. At the login page, you can create a new account. Kevin Bonner pgpAJgnhX1YYJ.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Proxy.conf
Ok. Thanks. I'm trying to learn. The instructions in radiusd.conf say the following: # To disable proxying, change the "yes" to "no", and comment the # $INCLUDE line. Here's the issue -- how can I comment out the include line if that is what causes my problem. I want to disable proxying. I thought, since that was in the instructions, there must be some other place to put realm info. Cliff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Alan DeKok Sent: Monday, September 18, 2006 1:20 PM To: FreeRadius users mailing list Subject: Re: Proxy.conf "Cliff Hayes" <[EMAIL PROTECTED]> wrote: > When I comment out the include line for proxy.conf, my users can no longer > authenticate. The logs show their entire username + realm instead of just > the username. I figure it is because it can't strip the realm anymore > because it doesn't know what the realm is. Exactly. > There are REALM sections in the proxy.conf, with type, authhost, and > accthost statements. I have entries there for each of my realms. I have > not found an equivalent to the REALMS section of proxy.conf in MySQL. Do I > use the radgroupcheck table? If so, do I add the authost and accthost > lines? You can't put the REALMS into SQL. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ERROR! Proxy listen.c error
"Guilherme Franco" <[EMAIL PROTECTED]> wrote: > I was worried about this, but when I tested with the user > authenticating from an ADSL modem, there are no problems. > > So, might be just another of ERX's crazy behaviors. Still... it shouldn't kill the server. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sqlippool not working
Hi Peter, Like you told me before, you did some cleanups in the sqlippool.conf. Well, I've tried to install todays freeradius CVS, and it installed without the sqlippool module, don't know why. So, I've compiled it manually from freeradius-snapshot-20060918/src/modules/rlm_sqlippool/ OK, but when I run radiusd -X, I got this in the end, regardless of my configuration in sqlippool.conf and radiusd.conf: Module: Loaded SQL IP Pool sqlippool: sql-instance-name = "sql" sqlippool: lease-duration = 86400 sqlippool: pool-name = "" sqlippool: allocate-begin = "BEGIN" sqlippool: allocate-clear = "" sqlippool: allocate-find = "" sqlippool: allocate-update = "" sqlippool: allocate-commit = "COMMIT" sqlippool: allocate-rollback = "ROLLBACK" sqlippool: start-begin = "BEGIN" sqlippool: start-update = "" sqlippool: start-commit = "COMMIT" sqlippool: start-rollback = "ROLLBACK" sqlippool: alive-begin = "BEGIN" sqlippool: alive-update = "" sqlippool: alive-commit = "COMMIT" sqlippool: alive-rollback = "ROLLBACK" sqlippool: stop-begin = "BEGIN" sqlippool: stop-clear = "" sqlippool: stop-commit = "COMMIT" sqlippool: stop-rollback = "ROLLBACK" sqlippool: on-begin = "BEGIN" sqlippool: on-clear = "" sqlippool: on-commit = "COMMIT" sqlippool: on-rollback = "ROLLBACK" sqlippool: off-begin = "BEGIN" sqlippool: off-clear = "" sqlippool: off-commit = "COMMIT" sqlippool: off-rollback = "ROLLBACK" rlm_sqlippool: the 'allocate-clear' statement must be set. It's not even trying to access the Oracle server. What can it be? Thanks! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Authenticating users on cisco 3750 switch
Hi, We are trying to use freeradius as authentication system to allow users to connect to our cisco switch (3750) for management. The radius server is running ok, we can authenticate Cisco ASA, BigIP LB against it. But when trying with the 3750, we see that the radius server accept the user and return an answer to the switch, but it doesn’t work. Anyone has sample config using freeradius with cisco switch? Thanks JF Jean-Francois Fortin | Deployment Prime | OZ T: 514.390.1333 x4004 | F: 514.390.0033 | M: 514.260.6334 | [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius dies, on certificate verification
"Christopher, Paul" <[EMAIL PROTECTED]> wrote: > Does anyone know of any documentation on how to setup EAP-MSChapv2 > authentication? I have tried deployradius.com and viki but have not > found anything. Any insight would be greatly appreciated. You configure a password, and it works. I just tried it with eapol_test (from wpa_supplicant), and it works. What tool are you using to test it? What's going wrong? Right now, your question is "stuff doesn't work... why?" It's difficult to respond to that, other than with "it works for me". Please expand on what you're doing, what you're seeing, what you expect, and why you expetct behavior other than what you're seeing. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Fwd: VSA does not work when using PROXY
Hello, I've just managed to make it work using ":=" instead of "==" in attrs file. :) -- Forwarded message -- From: Guilherme Franco <[EMAIL PROTECTED]> Date: Sep 15, 2006 3:51 PM Subject: VSA does not work when using PROXY To: FreeRadius users mailing list Hello, Please Help! Using latest CVS - Proxy-Radius does not pass the VSA, as below (in users): DEFAULT Pool-Name := test X-Ascend-Client-Primary-DNS = x.x.x.x, X-Ascend-Client-Assign-DNS = 1, ERX-Virtual-Router-Name = "default", Framed-Routing == None, Framed-Protocol = PPP, Service-Type = Framed-User note: those vsa works correctly when I try with local users (no proxy): In attrs file: realm Service-Type == Framed-User, Framed-Protocol == PPP, X-Ascend-Client-Primary-DNS == x.x.x.x, X-Ascend-Client-Assign-DNS == 1, ERX-Virtual-Router-Name == "default", Idle-Timeout <= 600, Session-Timeout <= 28800 Output: rad_recv: Access-Request packet from host x.x.x.x port 5, id=55, length=251 User-Password = "xxx" User-Name = "[EMAIL PROTECTED]" Acct-Session-Id = "erx atm 3/2.42:100.221:0009437817" Service-Type = Framed-User Framed-Protocol = PPP ERX-Pppoe-Description = "pppoe 12:34:56:78:9a:bc" Calling-Station-Id = "#BRAS-01#this is a description#100#221" Connect-Info = "speed:UBR:12000" NAS-Port-Type = xDSL NAS-Port = 845414621 NAS-Port-Id = "atm 3/2.42:100.221" NAS-IP-Address = x.x.x.x NAS-Identifier = "BRAS-01" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 rlm_realm: Looking up realm "realm" for User-Name = "xxx" rlm_realm: Found realm "realm" rlm_realm: Adding Stripped-User-Name = "xxx" rlm_realm: Proxying request from user xxx to realm realm rlm_realm: Adding Realm = "realm" rlm_realm: Preparing to proxy authentication request to realm "realm" rlm_eap: No EAP-Message, not doing EAP users: Matched entry DEFAULT at line 194 modcall: group authorize returns noop for request 0 Sending Access-Request of id 155 to x.x.x.x port 1645 User-Password = "xxx" User-Name = "xxx" Acct-Session-Id = "erx atm 3/2.42:100.221:0009437817" Service-Type = Framed-User Framed-Protocol = PPP ERX-Pppoe-Description = "pppoe 12:34:56:78:9a:bc" Calling-Station-Id = "#BRAS-01#this is a description#100#221" Connect-Info = "speed:UBR:12000" NAS-Port-Type = xDSL NAS-Port = 845414621 NAS-Port-Id = "atm 3/2.42:100.221" NAS-IP-Address = x.x.x.x NAS-Identifier = "BRAS-01" Proxy-State = 0x3535 --- Walking the entire request list --- Waking up in 1 seconds... rad_recv: Access-Accept packet from host x.x.x.x port 1645, id=155, length=60 Framed-IP-Address = 255.255.255.254 Framed-IP-Netmask = 255.255.255.255 Framed-MTU = 576 Service-Type = Framed-User Framed-Protocol = PPP Framed-Compression = Van-Jacobson-TCP-IP Proxy-State = 0x3535 Processing the post-proxy section of radiusd.conf modcall: entering group post-proxy for request 0 attr_filter: Matched entry realm at line 52 modcall: group post-proxy returns noop for request 0 authorize: Skipping authorize in post-proxy stage rad_check_password: Found Auth-Type rad_check_password: Auth-Type = Accept, accepting the user Processing the post-auth section of radiusd.conf modcall: entering group post-auth for request 0 radius_xlat: 'x.x.x.x 845414621' rlm_ippool: MD5 on 'key' directive maps to: 6e4d4f13b0396f83e15609738a3bc036 rlm_ippool: Searching for an entry for key: '6e4d4f13b0396f83e15609738a3bc036' rlm_ippool: Allocating ip to key: '6e4d4f13b0396f83e15609738a3bc036' rlm_ippool: num: 1 rlm_ippool: Allocated ip x.x.x.x to client key: 6e4d4f13b0396f83e15609738a3bc036 modcall: group post-auth returns ok for request 0 Sending Access-Accept of id 55 to x.x.x.x port 5 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = x.x.x.x Framed-IP-Netmask = 255.255.255.255 Finished request 0 Going to the next request Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 55 with timestamp 450b0ba9 Nothing to do. Sleeping until we see a request. As you can see, The VSA was not included in the Access-Accept response. Please HELP! THANKS! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ERROR! Proxy listen.c error
Hello, Mr. DeKok, I've figured out that this problem only appears if I do a "test aaa ppp user password" from Juniper's ERX (and only if proxying is used). I was worried about this, but when I tested with the user authenticating from an ADSL modem, there are no problems. So, might be just another of ERX's crazy behaviors. Thanks! On 9/18/06, Alan DeKok <[EMAIL PROTECTED]> wrote: "Guilherme Franco" <[EMAIL PROTECTED]> wrote: > Using Proxy, when user mistypes the password, radiusd -X crashes with > Assertion failed in listen.c, line 558 I don't see that here... Are you HUP'ing the server? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius dies, on certificate verification
Does anyone know of any documentation on how to setup EAP-MSChapv2 authentication? I have tried deployradius.com and viki but have not found anything. Any insight would be greatly appreciated. Thanks, Paul. This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient(s) please contact the sender by reply e-mail and destroy all copies of the original message. Thank you -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] dius.org] On Behalf Of Robert Myers Sent: Saturday, September 16, 2006 8:27 PM To: FreeRadius users mailing list Subject: Re: Radius dies, on certificate verification Alan, Thanks, I will do that. Do you think this is just a quirk in 1.1.1? -Bob Alan DeKok wrote: > Robert Myers <[EMAIL PROTECTED]> wrote: > >> I got the following when running radiusd -X with openssl .0.9.7c on >> gentoo, radius 1.1.1-r1 >> > > 1.1.3 was released a few weeks go. Try it. > > Alan DeKok. > -- > http://deployingradius.com - The web site of the book > http://deployingradius.com/blog/ - The blog > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ERROR! Proxy listen.c error
"Guilherme Franco" <[EMAIL PROTECTED]> wrote: > Using Proxy, when user mistypes the password, radiusd -X crashes with > Assertion failed in listen.c, line 558 I don't see that here... Are you HUP'ing the server? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Pattern Matching in users file
"Garber, Neal" <[EMAIL PROTECTED]> wrote: > Did I miss something? No. The "hints" file is just does more than it's documented to do. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: users fil vs sql
Keith Woodworth <[EMAIL PROTECTED]> wrote: > While this is ok, how does radius get configured to use the sql table to > send the replies, not the users file? Look in radiusd.conf for "sql". You have to configure the SQL module. > Ive tried commenting out all the files entries in radiusd.conf but radius > sends back a access-accept but the client side gets rejected. Telling the server to NOT use "files" won't help it to use SQL. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxy.conf
"Cliff Hayes" <[EMAIL PROTECTED]> wrote: > When I comment out the include line for proxy.conf, my users can no longer > authenticate. The logs show their entire username + realm instead of just > the username. I figure it is because it can't strip the realm anymore > because it doesn't know what the realm is. Exactly. > There are REALM sections in the proxy.conf, with type, authhost, and > accthost statements. I have entries there for each of my realms. I have > not found an equivalent to the REALMS section of proxy.conf in MySQL. Do I > use the radgroupcheck table? If so, do I add the authost and accthost > lines? You can't put the REALMS into SQL. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Pattern Matching in users file
> Which says you *can* use them. It doesn't say you *can'*t > use anything else. Thanks Alan. As always, I appreciate you taking the time to offer your insight. Currently, the Wiki, README and sample file only mention the example of testing username using prefix/suffix. If a more generic statement of purpose for hints existed, then I would have taken the information about username testing in the Wiki, the README and the sample file as just an example. I haven't found anything, other than your enlightening response to my question that describes the overall purpose of hints (i.e., that it can add request attributes based upon the value of an existing request attribute). Did I miss something? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proxy.conf
Hello, --1-- I am running FreeRADIUS 1.1.2 with MySQL database support. When I comment out the include line for proxy.conf, my users can no longer authenticate. The logs show their entire username + realm instead of just the username. I figure it is because it can't strip the realm anymore because it doesn't know what the realm is. There are REALM sections in the proxy.conf, with type, authhost, and accthost statements. I have entries there for each of my realms. I have not found an equivalent to the REALMS section of proxy.conf in MySQL. Do I use the radgroupcheck table? If so, do I add the authost and accthost lines? --2-- Does auth-type=local have to be in both radgroupcheck and radgroupreply? Cliff - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Create-users.pl
I'm using the script because I am having an extremely difficult time getting dialupadmin to come up so that I could use it. That is a whole different issue in itself that I have to fix at a later time. Right now I'm working on a time constraint NetReg project that needs to be done last week. That, and I'm always looking for other ways to do things, the script seemed like an easy way to generate 100+ accounts in very little time. Nico Gazzano Network & Systems Admin MIS Choice Inc. 1699 Wall ST Suite 602 Mount Prospect, IL 60056 Phone 847-690-1900 ext206 Fax 847-690-1350 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Monday, September 18, 2006 11:43 AM To: FreeRadius users mailing list Subject: Re: Create-users.pl "Nico Gazzano" <[EMAIL PROTECTED]> wrote: > I've used this script to generate a list of users, the script creates about > 7 different files. What do I do with these now? I assume that the contents > of radius.user will have to be added to the users file, but what of the > other 6 files? First, why are you running the script? As the comments in it say, it's intended for testing the server. It's not intended to be used by average people who want to install the server and configure it for their environment. It's mostly a developers tool. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
users fil vs sql
Ive got things working using 1.1.3, username in radcheck with crypt-password, using auth-type = Local in radgroupcheck. I'm using the flat Users file with a simple 6 line Default entry to make it all work. On my test bed this has been working quite well for the last 3 days. While this is ok, how does radius get configured to use the sql table to send the replies, not the users file? Ive tried commenting out all the files entries in radiusd.conf but radius sends back a access-accept but the client side gets rejected. Thanks, Keith - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Create-users.pl
"Nico Gazzano" <[EMAIL PROTECTED]> wrote: > I've used this script to generate a list of users, the script creates about > 7 different files. What do I do with these now? I assume that the contents > of radius.user will have to be added to the users file, but what of the > other 6 files? First, why are you running the script? As the comments in it say, it's intended for testing the server. It's not intended to be used by average people who want to install the server and configure it for their environment. It's mostly a developers tool. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: What kind of error in client-cert using EAP?
Alexandros Gougousoudis <[EMAIL PROTECTED]> wrote: > TLS_accept:error in SSLv3 read client certificate A ... > Which indicates that there is a problem in the client-cert. No. It means that there is NO client cert. The authentication process continues, so it's obviously not a catastrophic problem. For PEAP and TTLS, there *is* no client cert. > It means also that in my authorize section (Auth-Type := EAP) Can you explain why you're doing this? All of the server documentation, and many posts on this list say it's wrong. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Create-users.pl
I’ve used this script to generate a list of users, the script creates about 7 different files. What do I do with these now? I assume that the contents of radius.user will have to be added to the users file, but what of the other 6 files? Nico Gazzano Network & Systems Admin MIS Choice Inc. 1699 Wall ST Suite 602 Mount Prospect, IL 60056 Phone 847-690-1900 ext206 Fax 847-690-1350 [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FEERADIUS and SUN Directory server groups
Kostas Kalevras napsal(a): Petr "Qaxi" Klíma wrote: "filteredgroup" === $ ldapsearch cn=gprs_filter dn: cn=gprs_filter,ou=Groups,dc=myorg cn: gprs_filter objectClass: groupofurls objectClass: groupofuniquenames objectClass: top objectClass: iplanet-am-managed-filtered-group objectClass: iplanet-am-managed-group memberURL: ldap:///dc=myorg??sub?(&(uid=k*)(o=mysuborg)) === How should I set groupmembership_filter or how should I use do_xlat (I probably misunderstand the feature) The FreeRADIUS ldap module supports *static* ldap groups. These groups are implemented either as a group entry containing member DN's or as a group membership attribute in the user entries. What you are looking for (evaluating the memberURL attribute during group evaluation) cannot be done in an efficient way. The memberURL is mostly an informational attribute used when browsing groups. Hmm .. SUN Java Enterprise server is using it as authoritative user<>group mapping ... You will have to use one of the two methods supported for ldap groups to work. Dynamic groups What methods? groupofuniquenames and ... ??? are costly and should be implemented on the ldap server side. How to do it? Are there any suggestions (there are other DS which uses souch group "filtering" (SUN,Netscape,RedHat (they are from the same nest), but Apache DS too ...) -- Petr Klíma e-mail: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Troubel with Cisco Aironet 1130 and MAC authentication
Hi!
I'm trying to get a Cisco Aironet 1130 to do MAC authentication with freeradius and a pgsql as backend.
I Have made my own table in the pgsql witch looks like this:
radius=> select * from maskiner;
mid | mnavn | mmac | mpwd | mattr | mop
-+--+---++---+--++
9 | 0016cf0157f8 | 0016cf0157f8 | radius | Password | == |
where mnavn is the name of the machine, mmac is the MAC of the machine, mpwd is a password field, mattr is the attribute field, mop is the operator.
I have tried with an Avaya AP, and it works fine.
Here is the authorize table:
authorize_check_query = "SELECT mid, mmac, mattr, mpwd, mop \
FROM maskiner WHERE LOWER(mmac) = LOWER('%{SQL-User-Name}') ORDER BY mid"
Here is the authenticate table:
authenticate_query = "select mpwd from maskiner where mmac = '%{User-Name}'";
Here is the output from freeradius:
rad_recv: Access-Request packet from host 192.168.250.28:6001, id=3, length=112
User-Name = "0016cf0157f8"
User-Password = "radius"
NAS-IP-Address = 192.168.250.28
Called-Station-Id = "00-20-a6-59-ce-93:GandrupII"
Calling-Station-Id = "00-16-cf-01-57-f8"
NAS-Port = 0
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql_postgresql: query: SELECT mid, mmac, mattr, mpwd, mop FROM maskiner
WHERE LOWER(mmac) = LOWER('0016cf0157f8') ORDER BY mid
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: affected rows =
rlm_sql (sql): Released sql socket id: 4
Login OK: [0016cf0157f8/radius] (from client Demo port 0 cli 00-16-cf-01-57-f8)
Sending Access-Accept of id 3 to 192.168.250.28:6001
Now since the Cisco AP is sending the User-Name and User-Password in another format we have change freeradius configuration.
Here is the authorize table:
authorize_check_query = "SELECT mid, mmac, mattr, mmac, mop FROM maskiner \
WHERE LOWER(mmac) = LOWER('%{SQL-User-Name}') ORDER BY mid"
Here is the authenticate table:
authenticate_query = "select mmac from maskiner where mmac = '%{User-Name}'";
Here is the output from freeradius:
rad_recv: Access-Request packet from host 192.168.250.35:1645, id=148, length=115
User-Name = "0016cf0157f8"
User-Password = "0016cf0157f8"
Called-Station-Id = "0017.0f84.8af0"
Calling-Station-Id = "0016.cf01.57f8"
Service-Type = Login-User
NAS-Port-Type = Wireless-802.11
NAS-Port = 531
NAS-IP-Address = 192.168.250.35
NAS-Identifier = "AP-07"
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql_postgresql: query: SELECT mid, mmac, mattr, mmac, mop FROM maskiner
WHERE LOWER(mmac) = LOWER('0016cf0157f8') ORDER BY mid
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: affected rows =
rlm_sql (sql): No matching entry in the database for request from user [0016cf0157f8]
rlm_sql (sql): Released sql socket id: 4
Login incorrect: [0016cf0157f8/0016cf0157f8] (from client Demo port 531 cli
0016.cf01.57f8)
Why won't it work with the Cisco, does it use another dictionary or
Any help is appreciated!!
Thanks in advance,
Christoffer
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl link error
Alexander Serkin wrote: > i'm getting the following error while building rlm_perl module: > > [...] > > gcc -shared -Wl,-h -Wl,rlm_perl-1.1.3.so -o .libs/rlm_perl-1.1.3.so > .libs/rlm_perl.o -R/opt/fr/src/freeradius-1.1.3/src/lib/.libs > -R/opt/fr/lib /opt/fr/src/freeradius-1.1.3/src/lib/.libs/libradius.so > -L/usr/local/lib > /usr/local/lib/perl5/5.8.6/sun4-solaris/auto/DynaLoader/DynaLoader.a > -L/usr/local/lib/perl5/5.8.6/sun4-solaris/CORE -lperl -ldl -lm -lc -lnsl > -lresolv -lsocket -lposix4 -lpthread -lc > Text relocation remains referenced > against symbol offset in file >0x2628 > /usr/local/lib/perl5/5.8.6/sun4-solaris/CORE/libperl.a(perl.o) > ... These are the same errors as this bug report: http://bugs.freeradius.org/show_bug.cgi?id=388 > does it mean that perl is compiled incorrectly on the machine? > It seem to be installed from SMCperl binary package for SunOS 5.8 I'm not sure exactly what's happening, but it seems the libperl.a library on the host contains non-PIC code, and the Solaris linker refuses to make a shared library for this reason. If you don't need the perl module, I'd suggest to build FreeRADIUS using ./configure --without-rlm_perl -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: {POSSIBLE FRAUD ATTEMPT!} {Disarmed} Re: denying access to user from device
Lin Richardson wrote: Where is your "files" declaration in the authorize section? Yes of course. My authorize section missed out 'files' so raddb/users was never read. Thanks to Alan D. and Lin R. for pointing this out. Working great now... Thanks again. Rob -- Rob Shepherd | Computer and Network Engineer | Technium CAST | LL57 4HJ [EMAIL PROTECTED] | 01248 675024 | 077988 72480 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SOLVED Freeradius IODBC bug?
Dear Freeradius developers and Users, After some code deep analysis, I've found a bug in the rlm_sql_iodbc module. The module doesn't search the DSN name in the server attribute, but in radius_db one. All the documentation included with Freeradius, the wiki an other source doesn't report this. Thanks to all! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FEERADIUS and SUN Directory server groups
Petr "Qaxi" Klíma wrote: Hello I am using freeradius (1.0.1) with SUN directory server (5.2) Authentication (username:password) works well but I do not know how to use LDAP for group mapping (to Ldap-Group). The problem: in SUN DS there are groups defined in two ways (If you use SUN JES system) === "subscribe group" $ ldapsearch cn=gprs_subscr dn: cn=gprs_subscr,ou=Groups,dc=myorg cn: gprs_subscr objectClass: groupofurls objectClass: groupofuniquenames objectClass: top objectClass: iplanet-am-managed-assignable-group objectClass: iplanet-am-managed-group memberURL: ldap:///dc=myorg??sub?memberof=cn=gprs_subscr,ou=Groups,dc=myorg iplanet-am-group-subscribable: false === or "filteredgroup" === $ ldapsearch cn=gprs_filter dn: cn=gprs_filter,ou=Groups,dc=myorg cn: gprs_filter objectClass: groupofurls objectClass: groupofuniquenames objectClass: top objectClass: iplanet-am-managed-filtered-group objectClass: iplanet-am-managed-group memberURL: ldap:///dc=myorg??sub?(&(uid=k*)(o=mysuborg)) === How should I set groupmembership_filter or how should I use do_xlat (I probably misunderstand the feature) The FreeRADIUS ldap module supports *static* ldap groups. These groups are implemented either as a group entry containing member DN's or as a group membership attribute in the user entries. What you are looking for (evaluating the memberURL attribute during group evaluation) cannot be done in an efficient way. The memberURL is mostly an informational attribute used when browsing groups. You will have to use one of the two methods supported for ldap groups to work. Dynamic groups are costly and should be implemented on the ldap server side. Thanks for any help - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems in EAP-TLS in new Windows XP clients
Hi Jose, On the last month I'm having problems making new Windows XP clients connect to the network, even when old instalations of Windows XP SP2 are working good so far. The OEM Windows XP on the thats interessting, because I posted the error on the list a couple of minutes ago. After viewing your logs, it seems that you got a client certificate error, as I got. This is a part of your linked log: modcall[authorize]: module "files" returns ok for request 3 modcall: leaving group authorize (returns updated) for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0800], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 00fb], CertificateRequest TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A rlm_eap: SSL error error::lib(0):func(0):reason(0) I have this problem on a new XP Home (SP1 and SP2). I still don't know what the real problem is, but I'll try to find it out and post to the list. Please do so also, if you find the solution. cu Alex -- ServiceCenter IT - Alexandros Gougousoudis (Leiter) Gemeinsame Einrichtung der Kunsthochschule Berlin-Weissensee, Hochschule für Musik "Hanns Eisler" und der Hochschule für Schauspielkunst "Ernst Busch". Tel.: 030 / 477 05 - 444 * Fax.: 030 / 477 05 - 445 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FEERADIUS and SUN Directory server groups
Hello I am using freeradius (1.0.1) with SUN directory server (5.2) Authentication (username:password) works well but I do not know how to use LDAP for group mapping (to Ldap-Group). The problem: in SUN DS there are groups defined in two ways (If you use SUN JES system) === "subscribe group" $ ldapsearch cn=gprs_subscr dn: cn=gprs_subscr,ou=Groups,dc=myorg cn: gprs_subscr objectClass: groupofurls objectClass: groupofuniquenames objectClass: top objectClass: iplanet-am-managed-assignable-group objectClass: iplanet-am-managed-group memberURL: ldap:///dc=myorg??sub?memberof=cn=gprs_subscr,ou=Groups,dc=myorg iplanet-am-group-subscribable: false === or "filteredgroup" === $ ldapsearch cn=gprs_filter dn: cn=gprs_filter,ou=Groups,dc=myorg cn: gprs_filter objectClass: groupofurls objectClass: groupofuniquenames objectClass: top objectClass: iplanet-am-managed-filtered-group objectClass: iplanet-am-managed-group memberURL: ldap:///dc=myorg??sub?(&(uid=k*)(o=mysuborg)) === How should I set groupmembership_filter or how should I use do_xlat (I probably misunderstand the feature) Thanks for any help -- Petr Klíma e-mail: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
What kind of error in client-cert using EAP?
Hi, I have trouble with one XP-SP2 client, using a certificate to make 802.1x Auth over EAP-TLS. The cert is a machine cert. On the serverside I get this (using -X -A) in authenticate: modcall: entering group authenticate for request 33 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0ef8], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 00bd], CertificateRequest TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 33 modcall: leaving group authenticate (returns handled) for request 33 Sending Access-Challenge of id 0 to 10.48.244.21 port 49154 EAP-Message = 0x0125040a0dc0100e1[...] Which indicates that there is a problem in the client-cert. Can it be more detailed? I exported the cert and the key now 4 times in different manners (as p12, as der) and the errors is still there. Extended attribute is also included. The funny thing is, that I already have 5 XP machines running in my network, doing an EAP-TLS auth over the switch. It means also that in my authorize section (Auth-Type := EAP) I can get a Access-Accept Message. On the server I get the Access-Requests, create a Access-Challenge and thats all. Theres nothing coming back from the client. Please help Alex -- ServiceCenter IT - Alexandros Gougousoudis (Leiter) Gemeinsame Einrichtung der Kunsthochschule Berlin-Weissensee, Hochschule für Musik "Hanns Eisler" und der Hochschule für Schauspielkunst "Ernst Busch". Tel.: 030 / 477 05 - 444 * Fax.: 030 / 477 05 - 445 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problems in EAP-TLS in new Windows XP clients
Hi. I have been stuck in this problem for a quite a long time, I hope you can help me. I have a wireless network using WPA-Enterprise, with EAP-TLS using radius 1.0.2. The system has been working good so far, using Windows XP clients and Linux with wpasupplicant with no problems. On the last month I'm having problems making new Windows XP clients connect to the network, even when old instalations of Windows XP SP2 are working good so far. The OEM Windows XP on the new machines don't interoperate correctly with freeradius, or seems so. Then non-working machines get stuck on the autentication phase and seem to loop the requests all the time. I've tried upgrading freeradius from 1.0.2 to 1.1.3, but the problem still persists, "old" machines connect without any problem but new ones get stuck. Both client and server certificate have the OID's refered in the documentation: Client: # /home/soft-local/openssl-0.9.8c/bin/openssl x509 -in /tmp/personal.pem -noout -text Certificate: Data: Version: 3 (0x2) Serial Number: 206 (0xce) Signature Algorithm: md5WithRSAEncryption Issuer: C=ES, ST=Barcelona, L=Barcelona, O=Universitat Politecnica de Catalunya, OU=Departament de Llenguatges i Sistemes Informatics, CN=Laboratori de Calcul de LSI/[EMAIL PROTECTED] Validity Not Before: Sep 5 10:15:15 2006 GMT Not After : Dec 1 08:00:00 2006 Subject: C=ES, ST=Barcelona, L=Barcelona, O=UPC, OU=LSI, CN=marcos/[EMAIL PROTECTED] Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:d7:f7:ba:f3:d0:69:ca:bf:c9:33:28:71:a6:cd: 08:1a:74:3e:e4:f1:e1:ed:00:7e:8c:76:1c:d0:43: 7b:1e:32:c0:3f:ad:a5:da:ea:38:96:c9:69:a2:4d: cc:cb:a4:62:24:34:0f:a9:bc:ca:9f:38:d9:84:c3: d9:bd:4d:98:d9:ad:92:82:82:59:2c:0c:64:17:97: 00:d4:c4:f3:b1:03:f4:88:05:de:1e:1b:22:ea:47: 1c:16:b5:f7:65:0f:17:6f:a9:e1:e4:ce:99:96:e5: eb:40:7c:28:d8:e6:b3:be:71:3e:e0:e9:1a:56:d3: e2:44:f7:3d:28:6e:d3:29:3d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Extended Key Usage: TLS Web Client Authentication Signature Algorithm: md5WithRSAEncryption a1:26:ae:7b:43:33:3e:40:87:20:68:24:00:13:e2:37:2c:ae: f9:e4:17:1f:11:32:53:b2:14:3e:11:f4:d9:1a:c5:b7:2e:37: 3b:41:5d:75:13:c7:0d:be:bc:51:97:b8:06:48:07:de:5f:02: 8f:27:5b:c9:7d:33:bf:84:8c:db:9f:74:3c:2e:42:f6:96:1b: 6a:c4:47:b7:62:53:8d:22:6f:14:32:9a:67:5e:9d:8f:d8:b4: ca:fc:e9:ab:fd:16:4f:c7:f9:91:9b:65:43:e7:b2:35:6a:a2: 9c:0b:0f:3a:1d:d9:75:ea:3b:4a:68:98:22:de:ba:f2:3e:f7: a4:a8 Server: # /home/soft-local/openssl-0.9.8c/bin/openssl x509 -in /home/soft-local/freeradius-1.1.3/etc/raddb/certs/cert-srv.pem -noout -text Certificate: Data: Version: 3 (0x2) Serial Number: 153 (0x99) Signature Algorithm: md5WithRSAEncryption Issuer: C=ES, ST=Barcelona, L=Barcelona, O=Universitat Politecnica de Catalunya, OU=Departament de Llenguatges i Sistemes Informatics, CN=Laboratori de Calcul de LSI/[EMAIL PROTECTED] Validity Not Before: Mar 15 11:13:27 2006 GMT Not After : Mar 15 11:13:27 2007 GMT Subject: C=ES, ST=Barcelona, L=Barcelona, O=Departament de Llenguatges i Sistemes Informatics, OU=Laboratori de Caulcul de LSI, CN=Servei Wireless de LCLSI/[EMAIL PROTECTED] Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:aa:eb:d5:19:3d:63:4b:ee:b2:ae:c2:73:24:69: cd:61:0a:44:66:45:fe:e9:2e:c0:90:be:1a:c5:39: 2a:95:9e:53:ee:0f:29:01:28:43:6e:e6:11:44:09: 1c:e7:ae:b8:72:22:9d:03:60:26:6f:90:92:cf:bb: 22:66:61:3f:ba:5a:89:62:c0:aa:09:aa:9c:2f:05: b9:67:c1:b2:0e:ad:5e:9d:ab:c4:45:79:51:97:fd: 15:da:ba:29:06:5f:fb:4a:d0:7d:80:2e:7d:b9:91: 58:32:56:a8:69:36:7e:9c:54:66:ac:25:10:62:be: e1:60:f0:aa:9b:02:fc:b6:8b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Extended Key Usage: TLS Web Server Authentication Signature Algorithm: md5WithRSAEncryption bb:b0:de:06:6a:03:fd:34:f7:38:8d:07:e7:b7:ee:97:0a:94: f2:82:ab:10:6b:08:cf:4c:9f:97:e7:be:a3:1b:12:e5:9a:b1: 86:35:85:20:06:4a:a9:51:f3:83:de:69:6e:e5:c4:22:e5:88: 17:f4:23:e7:70:5b:f6:d2:ae:50:c5:e6:c4:fd:93:f4:b8:61: 92:df:1d:9d:01:1b:16:87:02:6c:a5:02:87:7b:ad:bc:a3:65: 26:7c:82:81:48:e9:62:60:ab:c5:63:fc:9f:17:d0:d9:7f:53:
Freeradius IODBC bug?
Hi to all! I'm desperate ;( ... I have to work with a MS SQL server from freeradius. Debian team removed feeradius-unixodbc (i've used only unixodbc until now) from repos and i installed freeradius-unixodbc. When i launch freeradius -X i see this errors (with trace enabled): rlm_sql (sql): Driver rlm_sql_iodbc (module rlm_sql_iodbc) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:1433/Radius_DB rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_iodbc #0 ** iODBC Trace file ** Trace started on Mon Sep 18 12:21:31 2006 ** Driver Manager: 03.52.0406.0126 [00.53] freeradius 2B88599C0250 ENTER SQLAllocEnv SQLHENV * 0x5b0ea0 [00.73] freeradius 2B88599C0250 EXIT SQLAllocEnv with return code 0 (SQL_SUCCESS) SQLHENV * 0x5b0ea0 (0x5b0ee0) [00.91] freeradius 2B88599C0250 ENTER SQLAllocConnect SQLHENV 0x5b0ee0 SQLHDBC * 0x5b0ea8 [00.000105] freeradius 2B88599C0250 EXIT SQLAllocConnect with return code 0 (SQL_SUCCESS) SQLHENV 0x5b0ee0 SQLHDBC * 0x5b0ea8 (0x5b1030) [00.000124] freeradius 2B88599C0250 ENTER SQLConnect SQLHDBC 0x5b1030 SQLCHAR * 0x63ac40 | Radius_DB| SQLSMALLINT -3 (SQL_NTS) SQLCHAR * 0x5aee00 | wireless_admin | SQLSMALLINT -3 (SQL_NTS) SQLCHAR * 0x2b885a32a700 | | SQLSMALLINT -3 (SQL_NTS) [00.000552] freeradius 2B88599C0250 EXIT SQLConnect with return code -1 (SQL_ERROR) SQLHDBC 0x5b1030 SQLCHAR * 0x63ac40 SQLSMALLINT -3 (SQL_NTS) SQLCHAR * 0x5aee00 SQLSMALLINT -3 (SQL_NTS) SQLCHAR * 0x2b885a32a700 SQLSMALLINT -3 (SQL_NTS) [00.000595] freeradius 2B88599C0250 ENTER SQLError SQLHENV 0x5b0ee0 SQLHDBC 0x5b1030 SQLHSTMT 0x0 (SQL_NULL_HANDLE) SQLCHAR * 0x7fa4e040 SQLINTEGER * 0x7fa4e148 SQLCHAR * 0x2b885a2e6b80 SQLINTEGER256 SQLSMALLINT * 0x7fa4e14e [00.000637] freeradius 2B88599C0250 EXIT SQLError with return code 0 (SQL_SUCCESS) SQLHENV 0x5b0ee0 SQLHDBC 0x5b1030 SQLHSTMT 0x0 (SQL_NULL_HANDLE) SQLCHAR * 0x7fa4e040 | IM002| SQLINTEGER * 0x7fa4e148 (0) SQLCHAR * 0x2b885a2e6b80 | [iODBC][Driver Manager]Data source name | | not found and no default driver specifie | | d. Driver could not be loaded| SQLINTEGER256 SQLSMALLINT * 0x7fa4e14e (109) sql_create_socket: SQLConnectfailed: [iODBC][Driver Manager]Data source name not found and no default driver specified. Driver could not be loaded rlm_sql (sql): Failed to connect DB handle #0 rlm_sql (sql): starting 1 rlm_sql (sql): starting 2 rlm_sql (sql): starting 3 rlm_sql (sql): starting 4 rlm_sql (sql): Failed to connect to any SQL server. My configuration worked well with unixodbc. If i try with iodbctest "DSN=MSSQL;UID=wireles_admin;PWD=***" everything works well. Why??? Please help me !!! Thanks!!! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: different NAS types with different parameters
On Mon 18 Sep 2006 11:59, Michael Messner wrote: > hey list, > > we have switches from enterasys and access points from cisco, now we have > configured the parameters like this example in the users file: > > DEFAULT LDAP-Group == "CN=xadmins,CN=users,DC=isalab,DC=local" > Filter-ID == "Enterasys:version=1:policy=xadmins", > Tunnel-Type:1 = 13, > Tunnel-Medium-Type:1 = 6, > Tunnel-Private-Group-ID:1 = 1, > Reply-Message = "Welcome %u", > Fall-Through = No > > so with this entry the enterasys switch also gets the parameters from the > aironet and on the other way the same! > is this the right way or is there an other possibility to give the > differernt types of NAS different parameters? Yep. Look at the "huntgroups" file. -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgphrLt51uVDA.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: different NAS types with different parameters
Am Montag, 18. September 2006 10:59 schrieb Michael Messner: > hey list, > > we have switches from enterasys and access points from cisco, now we have > configured the parameters like this example in the users file: > > DEFAULT LDAP-Group == "CN=xadmins,CN=users,DC=isalab,DC=local" > Filter-ID == "Enterasys:version=1:policy=xadmins", > Tunnel-Type:1 = 13, > Tunnel-Medium-Type:1 = 6, > Tunnel-Private-Group-ID:1 = 1, > Reply-Message = "Welcome %u", > Fall-Through = No > > so with this entry the enterasys switch also gets the parameters from the > aironet and on the other way the same! > is this the right way or is there an other possibility to give the > differernt types of NAS different parameters? > > thanks mIke Use huntgroups. -- Dr. Michael Schwartzkopff MultiNET Services GmbH Bretonischer Ring 7 85630 Grasbrunn Tel: (+49 89) 456 911 - 0 Fax: (+49 89) 456 911 - 21 mob: (+49 174) 343 28 75 PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B Skype: misch42 pgpBxaXff2KdA.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius 1.13 support Dual Stack IPv4/IPv6 ?????
Hi, > Given that this appears to be a FAQ (Especially from SE Asia where they > have IPv6 deployments) I have added it to the FAQ: Great! > Please feel free to edit the entry for clarity :-) No need for that. I couldn't have said it any better. Oh, wait... :-) Stefan -- Stefan WINTER RESTENA Foundation - Réseau Téléinformatique de l'Education Nationale et de la Recherche R&D Engineer 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg email: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 pgpQUlPyEC4Qf.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
different NAS types with different parameters
hey list, we have switches from enterasys and access points from cisco, now we have configured the parameters like this example in the users file: DEFAULT LDAP-Group == "CN=xadmins,CN=users,DC=isalab,DC=local" Filter-ID == "Enterasys:version=1:policy=xadmins", Tunnel-Type:1 = 13, Tunnel-Medium-Type:1 = 6, Tunnel-Private-Group-ID:1 = 1, Reply-Message = "Welcome %u", Fall-Through = No so with this entry the enterasys switch also gets the parameters from the aironet and on the other way the same! is this the right way or is there an other possibility to give the differernt types of NAS different parameters? thanks mIke - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius 1.13 support Dual Stack IPv4/IPv6 ?????
On Mon 18 Sep 2006 11:46, Stefan Winter wrote: > FreeRADIUS 1.1.3 does not particularly care if the host it runs on is > dual-stack. It will work just fine, but only use the IPv4 stack of the > machine. > > > IPv4 / IPv6 support? > > It will also transport IPv6 RADIUS attributes. It will NOT send packets > over IPv6. If you want that, you will have to try the current CVS version > of FreeRADIUS (which is not really recommended for production use; but some > people on this list do use it and it works). Given that this appears to be a FAQ (Especially from SE Asia where they have IPv6 deployments) I have added it to the FAQ: http://wiki.freeradius.org/index.php/FAQ#Does_FreeRADIUS_Support_IPv6.3F Please feel free to edit the entry for clarity :-) Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpIj9hGe2LL8.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius 1.13 support Dual Stack IPv4/IPv6 ?????
Hi, thank you for not using HTML E-Mails in the future. > FreeRadius 1.13 support Dual Stack ?? FreeRADIUS 1.1.3 does not particularly care if the host it runs on is dual-stack. It will work just fine, but only use the IPv4 stack of the machine. > IPv4 / IPv6 support? It will also transport IPv6 RADIUS attributes. It will NOT send packets over IPv6. If you want that, you will have to try the current CVS version of FreeRADIUS (which is not really recommended for production use; but some people on this list do use it and it works). BTW, this question was raised last week already. It's a good habit to first read list archives, and only ask questions if the question wasn't answered before already. Greetings, Stefan Winter -- Stefan WINTER RESTENA Foundation - Réseau Téléinformatique de l'Education Nationale et de la Recherche R&D Engineer 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg email: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 pgp3hqUVCQ8Xi.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius 1.13 support Dual Stack IPv4/IPv6 ?????
FreeRadius 1.13 support Dual Stack ?? No compile ... IPv4 / IPv6 support? ☞ 카트라이더가 지겹다면? 이제는 인라인 레이싱게임 Xplay! ☜ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_perl link error
Hi, i'm getting the following error while building rlm_perl module: make[6]: Entering directory `/opt/fr/src/freeradius-1.1.3/src/modules/rlm_perl' /opt/fr/src/freeradius-1.1.3/libtool --mode=link gcc -release 1.1.3 \ -module -export-dynamic -o rlm_perl.la \ -rpath /opt/fr/lib rlm_perl.lo rlm_perl.c /opt/fr/src/freeradius-1.1.3/src/lib/libradius.la \ `perl -MExtUtils::Embed -e ldopts` -lnsl -lresolv -lsocket -lposix4 -lpthread *** Warning: Linking the shared library rlm_perl.la against the *** static library /usr/local/lib/perl5/5.8.6/sun4-solaris/auto/DynaLoader/DynaLoader.a is not portable! gcc -shared -Wl,-h -Wl,rlm_perl-1.1.3.so -o .libs/rlm_perl-1.1.3.so .libs/rlm_perl.o -R/opt/fr/src/freeradius-1.1.3/src/lib/.libs -R/opt/fr/lib /opt/fr/src/freeradius-1.1.3/src/lib/.libs/libradius.so -L/usr/local/lib /usr/local/lib/perl5/5.8.6/sun4-solaris/auto/DynaLoader/DynaLoader.a -L/usr/local/lib/perl5/5.8.6/sun4-solaris/CORE -lperl -ldl -lm -lc -lnsl -lresolv -lsocket -lposix4 -lpthread -lc Text relocation remains referenced against symbol offset in file 0x2628 /usr/local/lib/perl5/5.8.6/sun4-solaris/CORE/libperl.a(perl.o) ... does it mean that perl is compiled incorrectly on the machine? It seem to be installed from SMCperl binary package for SunOS 5.8 -- Sincerely Yours, Alexander - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
