TTLS : where to indicate User/Password ?
Hello,
I'm trying to configure FreeRadius using TTLS but got confused about the
User/Password definiton and/or location as it seems that (please see log
hereafter) user is found but not the password.
Currently I indicate it in table radcheck in MySQL.
radius.log returns me:
...
Debug: modcall[authorize]: module sql returns ok for request 0
Debug: modcall: leaving group authorize (returns updated) for request 0
Debug: rad_check_password: Found Auth-Type Local
Debug: auth: type Local
Debug: auth: No User-Password or CHAP-Password attribute in the request
Debug: auth: Failed to validate the user.
Auth: Login incorrect: [acer9100/no User-Password attribute] (from client
Olitec402SG port 1 cli 00-12-F0-21-1A-B6
...
file 'radiusd.conf' contains:
...
authorize {
auth_log
chap
suffix
eap
files
sql
}
authenticate {
Auth-Type CHAP {
chap
}
unix
eap
}
...
in file 'users'
acer9100 Auth-Type := EAP
Thanks for any help.
Bye,
Bruno
--
Register Linux User 353844
http://counter.li.org/
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Error with rlm_perl
Hi, I have the following error when trying to use rlm_perl : Module: Loaded perl /usr/sbin/freeradius: symbol lookup error: /usr/local/lib/rlm_perl-1.1.2.so: undefined symbol: perl_alloc I use freeradius-1.1.2 Thanks for any help. Robert Masse - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
unable to compile with openssl libraries
Hi all, I'm using Linux debian 2.6.8-2-386 and I am unable to compile with openssl libraries even tho openssl has been installed (separately). configure: WARNING: silently not building rlm_eap_peap. configure: WARNING: FAILURE: rlm_eap_peap requires: OpenSSL. I downloaded the source for freeradius (1.1.3) and used ./configure --with-openssl-includes=/usr/local/ssl/include/openssl/ --with-openssl-libraries=/lib/ I'm able to compile but get the following runtime error: rlm_eap: Failed to link EAP-Type/tls: rlm_eap_tls.so: cannot open shared object file: No such file or directory cheers Peter ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been virus scanned and although no viruses were detected by the system, St Vincents Mater Health Sydney accepts no liability for any consequential damage resulting from email containing any computer viruses. ** - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: unable to compile with openssl libraries
On Mon, Dec 04, 2006 at 10:50:42AM +1100, Peter Param said: Hi all, I'm using Linux debian 2.6.8-2-386 and I am unable to compile with openssl libraries even tho openssl has been installed (separately). configure: WARNING: silently not building rlm_eap_peap. configure: WARNING: FAILURE: rlm_eap_peap requires: OpenSSL. I downloaded the source for freeradius (1.1.3) and used ./configure --with-openssl-includes=/usr/local/ssl/include/openssl/ --with-openssl-libraries=/lib/ This looks wrong, at first glance. Did you actually install the headers under /usr/local/ssl/include/openssl/ and install the libraries under /lib ? And why not use the readily accessable Debian openssl packages, that have security support? I'm able to compile but get the following runtime error: rlm_eap: Failed to link EAP-Type/tls: rlm_eap_tls.so: cannot open shared object file: No such file or directory Well, it probably wasn't built, so that's not a huge surprise. -- -- | Stephen Gran | Today is the tomorrow you worried about | | [EMAIL PROTECTED] | yesterday. | | http://www.lobefin.net/~steve | | -- signature.asc Description: Digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(CVS) Error: Assertion failed in listen.c, line 621
Hello, I'm having problems again, when running radiusd (radiusd -X doesn't crash): Before, in freeradius-snapshot-20061002 it was Error: Assertion failed in listen.c, line 620, which was: rad_assert(request-proxy_listener == listener); Now, in freeradius-snapshot-20061203 it gives me Error: Assertion failed in listen.c, line 621, which also is: rad_assert(request-proxy_listener == listener); That error was reported by Mr. Peter Nixon in September and by me in October, but Mr. Alan DeKok said that it was already corrected. Please note that freeradius-snapshot-20061203 was installed as an update on top of freeradius-snapshot-20061002, not a clean install. Any concerns on this? Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: unable to compile with openssl libraries
Debian licensing prohibits the installation of openssl as part of its packaging and hence why i downloaded the individual tarballs to work around this issue. [EMAIL PROTECTED] 12/04/06 11:12 AM On Mon, Dec 04, 2006 at 10:50:42AM +1100, Peter Param said: Hi all, I'm using Linux debian 2.6.8-2-386 and I am unable to compile with openssl libraries even tho openssl has been installed (separately). configure: WARNING: silently not building rlm_eap_peap. configure: WARNING: FAILURE: rlm_eap_peap requires: OpenSSL. I downloaded the source for freeradius (1.1.3) and used ./configure --with-openssl-includes=/usr/local/ssl/include/openssl/ --with-openssl-libraries=/lib/ This looks wrong, at first glance. Did you actually install the headers under /usr/local/ssl/include/openssl/ and install the libraries under /lib ? And why not use the readily accessable Debian openssl packages, that have security support? I'm able to compile but get the following runtime error: rlm_eap: Failed to link EAP-Type/tls: rlm_eap_tls.so: cannot open shared object file: No such file or directory Well, it probably wasn't built, so that's not a huge surprise. -- -- | Stephen Gran | Today is the tomorrow you worried about | | [EMAIL PROTECTED] | yesterday. | | http://www.lobefin.net/~steve | | -- ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been virus scanned and although no viruses were detected by the system, St Vincents Mater Health Sydney accepts no liability for any consequential damage resulting from email containing any computer viruses. ** - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: unable to compile with openssl libraries
On Mon, Dec 04, 2006 at 11:19:24AM +1100, Peter Param said: Debian licensing prohibits the installation of openssl as part of its packaging and hence why i downloaded the individual tarballs to work around this issue. No, you've misunderstood the problem (not surprising, many people have). The GPL prohibits distributing GPL binaries linked against GPL incompatible libraries. 'Debian licensing' (were it to exist) has nothing to do with it. Debian is unable to redistribute the binary applications you want - you are free, however, to make them for personal use. You are free to make them from the distributed Debian binaries, even. -- -- | Stephen Gran | Anything cut to length will be too | | [EMAIL PROTECTED] | short. | | http://www.lobefin.net/~steve | | -- signature.asc Description: Digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: unable to compile with openssl libraries
Thanks for clarifying the GPL vs Openssl license issue. I did an apt-get install openssl but still no joy. Stephen Gran [EMAIL PROTECTED] 12/04/06 11:30 AM On Mon, Dec 04, 2006 at 11:19:24AM +1100, Peter Param said: Debian licensing prohibits the installation of openssl as part of its packaging and hence why i downloaded the individual tarballs to work around this issue. No, you've misunderstood the problem (not surprising, many people have). The GPL prohibits distributing GPL binaries linked against GPL incompatible libraries. 'Debian licensing' (were it to exist) has nothing to do with it. Debian is unable to redistribute the binary applications you want - you are free, however, to make them for personal use. You are free to make them from the distributed Debian binaries, even. -- -- | Stephen Gran | Anything cut to length will be too | | [EMAIL PROTECTED] | short. | | http://www.lobefin.net/~steve | | -- ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been virus scanned and although no viruses were detected by the system, St Vincents Mater Health Sydney accepts no liability for any consequential damage resulting from email containing any computer viruses. ** - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: unable to compile with openssl libraries
On Mon, Dec 04, 2006 at 11:44:56AM +1100, Peter Param said: Thanks for clarifying the GPL vs Openssl license issue. I did an apt-get install openssl but still no joy. Take a look at debian/rules in the source directory of freeradius. There are a couple of variables (buildssl and modulelist) that have one value by default, but are easily switched to another value if you switch the comments. That should do it for you, and if not, please file a bug report or provide output so that I can debug it. Take care, -- -- | Stephen Gran | I'm having an EMOTIONAL OUTBURST!! | | [EMAIL PROTECTED] | But, uh, WHY is there a WAFFLE in my| | http://www.lobefin.net/~steve | PAJAMA POCKET?? | -- signature.asc Description: Digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: unable to compile with openssl libraries
is this from the orginal 1.1.3 freeradius tarball or do you mean I
should apt-get freeradius as well?
./configure [no parameters] output as follows:
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ANSI C... none needed
checking how to run the C preprocessor... gcc -E
checking for egrep... grep -E
checking for AIX... no
checking whether gcc needs -traditional... no
checking whether we are using SUNPro C... no
checking for ranlib... ranlib
checking whether byte ordering is bigendian... no
checking for gmake... no
checking for make... /usr/bin/make
checking for lt_dlinit in -lltdl... yes
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking for a sed that does not truncate output... /bin/sed
checking for ld used by gcc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for /usr/bin/ld option to reload object files... -r
checking for BSD-compatible nm... /usr/bin/nm -B
checking whether ln -s works... yes
checking how to recognise dependent libraries... pass_all
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking dlfcn.h usability... yes
checking dlfcn.h presence... yes
checking for dlfcn.h... yes
checking for g++... no
checking for c++... no
checking for gpp... no
checking for aCC... no
checking for CC... no
checking for cxx... no
checking for cc++... no
checking for cl... no
checking for FCC... no
checking for KCC... no
checking for RCC... no
checking for xlC_r... no
checking for xlC... no
checking whether we are using the GNU C++ compiler... no
checking whether g++ accepts -g... no
checking for g77... no
checking for f77... no
checking for xlf... no
checking for frt... no
checking for pgf77... no
checking for fort77... no
checking for fl32... no
checking for af77... no
checking for f90... no
checking for xlf90... no
checking for pgf90... no
checking for epcf90... no
checking for f95... no
checking for fort... no
checking for xlf95... no
checking for ifc... no
checking for efc... no
checking for pgf95... no
checking for lf95... no
checking for gfortran... no
checking whether we are using the GNU Fortran 77 compiler... no
checking whether accepts -g... no
checking the maximum length of command line arguments... 32768
checking command to parse /usr/bin/nm -B output from gcc object... ok
checking for objdir... .libs
checking for ar... ar
checking for ranlib... (cached) ranlib
checking for strip... strip
checking if gcc supports -fno-rtti -fno-exceptions... no
checking for gcc option to produce PIC... -fPIC
checking if gcc PIC flag -fPIC works... yes
checking if gcc static flag -static works... yes
checking if gcc supports -c -o file.o... yes
checking whether the gcc linker (/usr/bin/ld) supports shared
libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking for shl_load... no
checking for shl_load in -ldld... no
checking for dlopen... no
checking for dlopen in -ldl... yes
checking whether a program can dlopen itself... yes
checking whether a statically linked program can dlopen itself... no
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
configure: creating libtool
appending configuration tag CXX to libtool
appending configuration tag F77 to libtool
checking docdir... ${datadir}/doc/freeradius
checking logdir... ${localstatedir}/log/radius
checking radacctdir... ${logdir}/radacct
checking raddbdir... ${sysconfdir}/raddb
checking for perl... /usr/bin/perl
checking for snmpget... no
configure: WARNING: s
**
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been virus
scanned and although no viruses were detected by the system, St Vincents
Mater Health Sydney accepts no liability for any consequential damage
resulting from email containing any computer viruses.
**
-
List
Re: unable to compile with openssl libraries
oops my mail client truncated the text! Attached is the output of configure. cheers Pete Stephen Gran [EMAIL PROTECTED] 12/04/06 12:04 PM On Mon, Dec 04, 2006 at 11:44:56AM +1100, Peter Param said: Thanks for clarifying the GPL vs Openssl license issue. I did an apt-get install openssl but still no joy. Take a look at debian/rules in the source directory of freeradius. There are a couple of variables (buildssl and modulelist) that have one value by default, but are easily switched to another value if you switch the comments. That should do it for you, and if not, please file a bug report or provide output so that I can debug it. Take care, -- -- | Stephen Gran | I'm having an EMOTIONAL OUTBURST!! | | [EMAIL PROTECTED] | But, uh, WHY is there a WAFFLE in my | | http://www.lobefin.net/~steve | PAJAMA POCKET?? | -- ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been virus scanned and although no viruses were detected by the system, St Vincents Mater Health Sydney accepts no liability for any consequential damage resulting from email containing any computer viruses. ** checking for gcc... gcc checking for C compiler default output file name... a.out checking whether the C compiler works... yes checking whether we are cross compiling... no checking for suffix of executables... checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ANSI C... none needed checking how to run the C preprocessor... gcc -E checking for egrep... grep -E checking for AIX... no checking whether gcc needs -traditional... no checking whether we are using SUNPro C... no checking for ranlib... ranlib checking whether byte ordering is bigendian... no checking for gmake... no checking for make... /usr/bin/make checking for lt_dlinit in -lltdl... yes checking build system type... i686-pc-linux-gnu checking host system type... i686-pc-linux-gnu checking for a sed that does not truncate output... /bin/sed checking for ld used by gcc... /usr/bin/ld checking if the linker (/usr/bin/ld) is GNU ld... yes checking for /usr/bin/ld option to reload object files... -r checking for BSD-compatible nm... /usr/bin/nm -B checking whether ln -s works... yes checking how to recognise dependent libraries... pass_all checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking dlfcn.h usability... yes checking dlfcn.h presence... yes checking for dlfcn.h... yes checking for g++... no checking for c++... no checking for gpp... no checking for aCC... no checking for CC... no checking for cxx... no checking for cc++... no checking for cl... no checking for FCC... no checking for KCC... no checking for RCC... no checking for xlC_r... no checking for xlC... no checking whether we are using the GNU C++ compiler... no checking whether g++ accepts -g... no checking for g77... no checking for f77... no checking for xlf... no checking for frt... no checking for pgf77... no checking for fort77... no checking for fl32... no checking for af77... no checking for f90... no checking for xlf90... no checking for pgf90... no checking for epcf90... no checking for f95... no checking for fort... no checking for xlf95... no checking for ifc... no checking for efc... no checking for pgf95... no checking for lf95... no checking for gfortran... no checking whether we are using the GNU Fortran 77 compiler... no checking whether accepts -g... no checking the maximum length of command line arguments... 32768 checking command to parse /usr/bin/nm -B output from gcc object... ok checking for objdir... .libs checking for ar... ar checking for ranlib... (cached) ranlib checking for strip... strip checking if gcc supports -fno-rtti -fno-exceptions... no checking for gcc option to produce PIC... -fPIC checking if gcc PIC flag -fPIC works... yes checking if gcc static flag -static works... yes checking if gcc supports -c -o file.o... yes checking whether the gcc linker (/usr/bin/ld) supports shared libraries... yes checking whether -lc should be explicitly linked in... no checking dynamic linker characteristics... GNU/Linux ld.so
Re: unable to compile with openssl libraries
On Mon, Dec 04, 2006 at 12:13:59PM +1100, Peter Param said: is this from the orginal 1.1.3 freeradius tarball or do you mean I should apt-get freeradius as well? That's what I was working from. They are slightly skewed. On Mon, Dec 04, 2006 at 12:16:59PM +1100, Peter Param said: oops my mail client truncated the text! Attached is the output of configure. configure: WARNING: skipping test for openssl/ssl.h It sounds like you didn't pass the right configure flags. -- -- | Stephen Gran | Rascal, am I? Take THAT! -- Errol| | [EMAIL PROTECTED] | Flynn | | http://www.lobefin.net/~steve | | -- signature.asc Description: Digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: unable to compile with openssl libraries
what configure flags should I pass to allow for rlm_eap ...i thought the defaults should work? Stephen Gran [EMAIL PROTECTED] 12/04/06 1:17 PM On Mon, Dec 04, 2006 at 12:13:59PM +1100, Peter Param said: is this from the orginal 1.1.3 freeradius tarball or do you mean I should apt-get freeradius as well? That's what I was working from. They are slightly skewed. On Mon, Dec 04, 2006 at 12:16:59PM +1100, Peter Param said: oops my mail client truncated the text! Attached is the output of configure. configure: WARNING: skipping test for openssl/ssl.h It sounds like you didn't pass the right configure flags. -- -- | Stephen Gran | Rascal, am I? Take THAT! -- Errol | | [EMAIL PROTECTED] | Flynn | | http://www.lobefin.net/~steve | | -- ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been virus scanned and although no viruses were detected by the system, St Vincents Mater Health Sydney accepts no liability for any consequential damage resulting from email containing any computer viruses. ** - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: unable to compile with openssl libraries
Peter Param wrote: Debian licensing prohibits the installation of openssl as part of its packaging and hence why i downloaded the individual tarballs to work around this issue. See the Wiki. There are instructions for building the server on Debian. You do NOT have to play with configure, command-line options, or anything else like that. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: unable to compile with openssl libraries
On Mon, Dec 04, 2006 at 01:22:56PM +1100, Peter Param said: what configure flags should I pass to allow for rlm_eap ...i thought the defaults should work? You need to pass at least --with-openssl-libraries, I see now. That is probably a bug in the Debian packaging as well. I'll take a look at that shortly. -- -- | Stephen Gran | aav coffee on an empty stomach is | | [EMAIL PROTECTED] | pretty nasy knghtbrd aav: time to run | | http://www.lobefin.net/~steve | to the vending machine for cheetos | || aav cheetos? :) | -- signature.asc Description: Digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: unable to compile with openssl libraries
I've tried that but I get the following errors: debian:~/freeradius-1.1.3# dpkg-buildpackage -b -uc dpkg-buildpackage: source package is freeradius dpkg-buildpackage: source version is 1.1.3-0 dpkg-buildpackage: source changed by Nicolas Baradakis [EMAIL PROTECTED] dpkg-buildpackage: host architecture i386 dpkg-buildpackage: source version without epoch 1.1.3-0 dpkg-checkbuilddeps: Unmet build dependencies: debhelper (= 4.2.32) dpatch (= 2) autotools-dev libtool (= 1.5) libltdl3-dev libpam0g-dev libmysqlclient15-dev | libmysqlclient14-dev | libmysqlclient-dev libgdbm-dev libldap2-dev libsasl2-dev libiodbc2-dev libkrb5-dev snmp libsnmp9-dev | libsnmp5-dev | libsnmp4.2-dev libpq-dev | postgresql-dev libssl-dev dpkg-buildpackage: Build dependencies/conflicts unsatisfied; aborting. dpkg-buildpackage: (Use -d flag to override.) cheers Peter [EMAIL PROTECTED] 12/04/06 1:27 PM Peter Param wrote: Debian licensing prohibits the installation of openssl as part of its packaging and hence why i downloaded the individual tarballs to work around this issue. See the Wiki. There are instructions for building the server on Debian. You do NOT have to play with configure, command-line options, or anything else like that. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been virus scanned and although no viruses were detected by the system, St Vincents Mater Health Sydney accepts no liability for any consequential damage resulting from email containing any computer viruses. ** - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: unable to compile with openssl libraries
The following hasn't worked for me either: ./configure --with-openssl-includes=/usr/local/ssl/include/ --with-openssl-libraries=/usr/local/ssl/lib/ cheers Peter Stephen Gran [EMAIL PROTECTED] 12/04/06 1:42 PM On Mon, Dec 04, 2006 at 01:22:56PM +1100, Peter Param said: what configure flags should I pass to allow for rlm_eap ...i thought the defaults should work? You need to pass at least --with-openssl-libraries, I see now. That is probably a bug in the Debian packaging as well. I'll take a look at that shortly. -- -- | Stephen Gran | aav coffee on an empty stomach is | | [EMAIL PROTECTED] | pretty nasy knghtbrd aav: time to run | | http://www.lobefin.net/~steve | to the vending machine for cheetos | || aav cheetos? :) | -- ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been virus scanned and although no viruses were detected by the system, St Vincents Mater Health Sydney accepts no liability for any consequential damage resulting from email containing any computer viruses. ** - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: unable to compile with openssl libraries
no good. when I configure with: ./configure --with-openssl-includes=/usr/local/ssl --with-openssl-libraries=/usr/local/ssl cheers Peter Stephen Gran [EMAIL PROTECTED] 12/04/06 1:42 PM On Mon, Dec 04, 2006 at 01:22:56PM +1100, Peter Param said: what configure flags should I pass to allow for rlm_eap ...i thought the defaults should work? You need to pass at least --with-openssl-libraries, I see now. That is probably a bug in the Debian packaging as well. I'll take a look at that shortly. -- -- | Stephen Gran | aav coffee on an empty stomach is | | [EMAIL PROTECTED] | pretty nasy knghtbrd aav: time to run | | http://www.lobefin.net/~steve | to the vending machine for cheetos | || aav cheetos? :) | -- ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been virus scanned and although no viruses were detected by the system, St Vincents Mater Health Sydney accepts no liability for any consequential damage resulting from email containing any computer viruses. ** - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: unable to compile with openssl libraries
Peter Param wrote: dpkg-checkbuilddeps: Unmet build dependencies: debhelper (= 4.2.32) dpatch (= 2) autotools-dev libtool (= 1.5) libltdl3-dev libpam0g-dev libmysqlclient15-dev | libmysqlclient14-dev | libmysqlclient-dev libgdbm-dev libldap2-dev libsasl2-dev libiodbc2-dev libkrb5-dev snmp libsnmp9-dev | libsnmp5-dev | libsnmp4.2-dev libpq-dev | postgresql-dev libssl-dev Have you tried installing those packages? It gives you a list of required and optional packages. I would suggest debhelper, dpatch, autotools-dev, libtool, libltld3-dev, and libssl-dev. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: TTLS : where to indicate User/Password ?
Bruno Costacurta wrote: Hello, I'm trying to configure FreeRadius using TTLS but got confused about the User/Password definiton and/or location as it seems that (please see log hereafter) user is found but not the password. Currently I indicate it in table radcheck in MySQL. Are you sure? The debug output doesn't seem to say that. Or, you've edited rather a lot of it. Debug: rad_check_password: Found Auth-Type Local Debug: auth: type Local Debug: auth: No User-Password or CHAP-Password attribute in the request So... you forced Auth-Type to Local. Why? in file 'users' acer9100 Auth-Type := EAP Why? The comments in eap.conf make it clear that this is wrong. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Parse error for entry DEFAULT entry in users file when Auth-Type := SQL
Gunther wrote: I was trying to upgrade from version 1.1.0 to 1.1.3 but when starting FreeRadius I received the following error: Error: /usr/local/etc/raddb/users[216]: Parse error (check) for entry DEFAULT: Unknown value SQL for attribute Auth-Type That's because the SQL module doesn't do authentication. I use FR with MySQL and the ./raddb/users file contains the default attributes. E.g. DEFAULT Simultaneous-Use := 1, Auth-Type := sql Why are you forcing Auth-Type to SQL? Idle-Timeout = 3600, Acct-Interim-Interval = 180 This worked fine until FR 1.1.1 and stopped working with 1.1.2. No, it did NOT work in 1.1.1. It was IGNORED in 1.1.1, due to a bug in the server. I found that one change in the ./src/lib/valuepair.c file caused this problem: ... It seems that the pairmake function does not return a valid pair when the pair is 'Auth-Type := SQL'. Yes, because the SQL module doesn't do authentication. if my users file entry is simply not correct? It's not correct. In a posting from Oct 2001 I saw the following: If you want to do SQL authentication, you should use 'Auth-Type := SQL' in the 'users' file. If that was a post from me, it's a typo. It's wrong. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Redundant Modules
Wilmar Campos wrote: The problem is when the MySQL sever came up, the module does not try the MySQL module, it stays until I restart the service. It's a bug. I have no idea why it's happening. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Questions about proxy radius on multihomed host
Kostas Zorbadelos wrote: on a multihomed Solaris host when radius packets are proxied what is their source IP? Is it IP1 or it could also be IP2? Uh... that's up to the OS. There are patches pending against CVS head that should fix this. I took a look at the sources where I see that in proxy.c a rad_send() is used to actually send the packet. rad_send() uses sendto() unless WITH_UDPFROMTO is defined in which case sendfromto() is used. In my case, WITH_UDPFROMTO is undefined. That only matters for packets being received by the server, not packets it's sending. Can I assume that outgoing packets use as source address the one listed in the listen directive? If that's the only IP used, yes. Otherwise, it's up to the OS to determine the best source IP for an outgoing packet. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and LDAP
Sundaram Divya-QDIVYA1 wrote: What I need to understand is how to integrate FreeRADIUS with an LDAP Server without exposing the (crypted) password hashes. Any pointers on what I need to do for that? Bind as the LDAP user. PAP will work, nothing else will. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
