Re: Error with rlm_perl
On Monday 04 December 2006 01:20, Robert Masse wrote: Hi, I have the following error when trying to use rlm_perl : Module: Loaded perl /usr/sbin/freeradius: symbol lookup error: /usr/local/lib/rlm_perl-1.1.2.so: undefined symbol: perl_alloc Check if you have libperl.so in your system. I use freeradius-1.1.2 please use freeradius 1.1.3 -- Best Regards, Boian Jordanov SNE Orbitel - Next Generation Telecom tel. +359 2 4004 723 tel. +359 2 4004 002 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Questions about proxy radius on multihomed host
On Sun, Dec 03, 2006 at 09:15:54PM -0800, Alan DeKok wrote: Kostas Zorbadelos wrote: on a multihomed Solaris host when radius packets are proxied what is their source IP? Is it IP1 or it could also be IP2? Uh... that's up to the OS. That's what I also thought. This would have to do with the TCP/IP implementation in the kernel... There are patches pending against CVS head that should fix this. In a portable way? I took a look at the sources where I see that in proxy.c a rad_send() is used to actually send the packet. rad_send() uses sendto() unless WITH_UDPFROMTO is defined in which case sendfromto() is used. In my case, WITH_UDPFROMTO is undefined. That only matters for packets being received by the server, not packets it's sending. I am reffering to proxy_send in proxy.c /* * Relay the request to a remote server. * Returns: * * RLM_MODULE_FAIL: we don't reply, caller returns without replying * RLM_MODULE_NOOP: caller falls through to normal processing * RLM_MODULE_HANDLED : we reply, caller returns without replying */ int proxy_send(REQUEST *request) From what I can see it has to do with the packets relayed by the server to the remote home server in proxy mode. Can I assume that outgoing packets use as source address the one listed in the listen directive? If that's the only IP used, yes. Otherwise, it's up to the OS to determine the best source IP for an outgoing packet. Thanks Alan. -- Kostas Zorbadelos [EMAIL PROTECTED] contact: kzorba (at) otenet.gr Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: TTLS : where to indicate User/Password ?
On Monday 04 December 2006 06:09, Alan DeKok wrote: Bruno Costacurta wrote: Hello, I'm trying to configure FreeRadius using TTLS but got confused about the User/Password definiton and/or location as it seems that (please see log hereafter) user is found but not the password. Currently I indicate it in table radcheck in MySQL. Are you sure? The debug output doesn't seem to say that. Or, you've edited rather a lot of it. Debug: rad_check_password: Found Auth-Type Local Debug: auth: type Local Debug: auth: No User-Password or CHAP-Password attribute in the request So... you forced Auth-Type to Local. Why? I did not force any Auth-Type to Local (as far as I know...if so where to check this ?) However, accepted the fact User-Password or CHAP-Password are valid with TTLS so Auth-Type=Local is acceptable (correct me If I'm wrong) where can I indicate these values so the request contain them ? in file 'users' acer9100 Auth-Type := EAP Why? The comments in eap.conf make it clear that this is wrong. I tried few options for file 'users' without any change. Same if there is no entry at all. So what are valid types here ? Remark: indeed this EAP option is confusing in file 'users': implemented but not to be used ? Thanks for your attention. -Bruno Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Error with rlm_perl
I have the following error when trying to use rlm_perl : Module: Loaded perl /usr/sbin/freeradius: symbol lookup error: /usr/local/lib/rlm_perl-1.1.2.so: undefined symbol: perl_alloc Check if you have libperl.so in your system. I hadn't libperl.so on my system (Debian Sarge). Now, it is installed : /usr/lib/libperl.so But no change ... : Module: Loaded perl perl: module = /usr/src/freeradius_perl/example.pm perl: func_authorize = authorize perl: func_authenticate = authenticate perl: func_accounting = accounting perl: func_preacct = preacct perl: func_checksimul = checksimul perl: func_detach = detach perl: func_xlat = xlat perl: func_pre_proxy = pre_proxy perl: func_post_proxy = post_proxy perl: func_post_auth = post_auth perl: perl_flags = (null) perl: func_start_accounting = (null) perl: func_stop_accounting = (null) radiusd: symbol lookup error: /usr/local/lib/rlm_perl-1.1.2.so: undefined symbol: perl_alloc I use freeradius-1.1.2 please use freeradius 1.1.3 I must use freeradius-1.1.2 at the present time because I also use jradius. And the patch for jradius does not already exist for 1.1.3 ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: TTLS : where to indicate User/Password ?
On Monday 04 December 2006 10:17, Bruno Costacurta wrote: On Monday 04 December 2006 06:09, Alan DeKok wrote: Bruno Costacurta wrote: Hello, I'm trying to configure FreeRadius using TTLS but got confused about the User/Password definiton and/or location as it seems that (please see log hereafter) user is found but not the password. Currently I indicate it in table radcheck in MySQL. Are you sure? The debug output doesn't seem to say that. Or, you've edited rather a lot of it. Debug: rad_check_password: Found Auth-Type Local Debug: auth: type Local Debug: auth: No User-Password or CHAP-Password attribute in the request So... you forced Auth-Type to Local. Why? I did not force any Auth-Type to Local (as far as I know...if so where to check this ?) However, accepted the fact User-Password or CHAP-Password are valid with TTLS so Auth-Type=Local is acceptable (correct me If I'm wrong) where can I indicate these values so the request contain them ? in file 'users' acer9100 Auth-Type := EAP Why? The comments in eap.conf make it clear that this is wrong. I tried few options for file 'users' without any change. Same if there is no entry at all. So what are valid types here ? Remark: indeed this EAP option is confusing in file 'users': implemented but not to be used ? Thanks for your attention. -Bruno Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html I noticed my previous explanations/questions are maybe cumbersome. Some clarifications hereafter : I'm trying to configure FreeRadius using TTLS (certificate on server side only) and MySQL. Client is a Linux laptop using wpa_supplicant. I'm in a learning curve regarding 802.1x and FreeRadius and especially TTLS. Note : however the config was working before Auth-Type and/or MySQL tables (apparently) were touched (but at least this can valid certain part of the config like the certificate). Questions: - TTLS available authentications are: CHAP,PAP,MS-CHAP,EAP (correct ?) - 'Auth-Type=local' means CHAP,PAP and MS-CHAP (correct ?) - for the learning curve : --- which is the easiest authentications to start with ? --- MySQL will be removed at the first stage to ease debugging / setup of the config (good idea ?) Thanks for attention and remarks, Bruno - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius + Ldap + TLS/SSL
Hello I install freeradius on Debian Sarge machine. I have my user in ldap and I use that directory to auth. them. It's works. But when I want to use TLS in connections between radius and ldap, I have that error in radius log. rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to ldap:636, authentication 0 rlm_ldap: setting TLS mode to 1 rlm_ldap: setting TLS CACert File to /etc/freeradius/cert/ca.crt rlm_ldap: setting TLS CACert File to /etc/freeradius/cert/ rlm_ldap: setting TLS Require Cert to never rlm_ldap: setting TLS Cert File to /etc/freeradius/cert/radius.crt rlm_ldap: setting TLS Key File to /etc/freeradius/cert/radius.key rlm_ldap: starting TLS rlm_ldap: ldap_start_tls_s() rlm_ldap: could not start TLS Can't contact LDAP server rlm_ldap: (re)connection attempt failed rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 When i saw that error, i check ldap logs. My ldap is configure with SSL not a TLS. Now i have a problem with configure freeradius to work with SSL ldap not TLS ldap :( I have in radiusd.conf: server = ldap port = 636 #port = 389 ... filter = (uid=%u) base_filter = (objectclass=radiusprofile) start_tls = no # tls_cacertfile= /path/to/cacert.pem tls_cacertfile = /etc/freeradius/cert/ca.crt # tls_cacertdir = /path/to/ca/dir/ tls_cacertdir = /etc/freeradius/cert/ tls_cacertdir = /etc/freeradius/cert/ # tls_certfile = /path/to/radius.crt tls_certfile = /etc/freeradius/cert/radius.crt # tls_keyfile = /path/to/radius.key tls_keyfile = /etc/freeradius/cert/radius.key #tls_mode = yes I read about SSL in freeradius and i thought that that conf. use SSL to connections with ldap, but i wrong ? Can somebody tell me how i can use SSL auth between ldap and freeradius ? BR. Kamyk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
unsubscribe
-- CONET Solutions GmbH Holger Müller Theodor-Heuss-Allee 19, 53773 Hennef Tel.: +49 2242-939-482, Fax: +49 2242-939-393 Internet: http://www.conet.de - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: unable to compile with openssl libraries
On Mon, Dec 04, 2006 at 02:21:53PM +1100, Peter Param said: The following hasn't worked for me either: ./configure --with-openssl-includes=/usr/local/ssl/include/ --with-openssl-libraries=/usr/local/ssl/lib/ On Mon, Dec 04, 2006 at 02:36:52PM +1100, Peter Param said: no good. when I configure with: ./configure --with-openssl-includes=/usr/local/ssl --with-openssl-libraries=/usr/local/ssl You said you now had the Debian packages installed. Why aren't you just using the path to them? They are /usr/include/openssl and /usr/lib, respectively. -- -- | Stephen Gran | Minicomputer: A computer that can be | | [EMAIL PROTECTED] | afforded on the budget of a middle- | | http://www.lobefin.net/~steve | level manager. | -- signature.asc Description: Digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE : FreeRadius + Ldap + TLS/SSL
-Message d'origine- De : [EMAIL PROTECTED] radius.org [mailto:[EMAIL PROTECTED] sts.freeradius.org] De la part de Rafa³ Kamiñski Envoyé : lundi 4 décembre 2006 13:28 À : freeradius-users@lists.freeradius.org Objet : FreeRadius + Ldap + TLS/SSL When i saw that error, i check ldap logs. My ldap is configure with SSL not a TLS. Now i have a problem with configure freeradius to work with SSL ldap not TLS ldap :( I have in radiusd.conf: server = ldap port = 636 #port = 389 ... filter = (uid=%u) base_filter = (objectclass=radiusprofile) start_tls = no This last line is ok: it will ask not to try Start-TLS connection. # tls_cacertfile= /path/to/cacert.pem tls_cacertfile = /etc/freeradius/cert/ca.crt # tls_cacertdir = /path/to/ca/dir/ tls_cacertdir = /etc/freeradius/cert/ tls_cacertdir = /etc/freeradius/cert/ Why do you have both tls_cacertfile and tls_cacertdir ? # tls_certfile = /path/to/radius.crt tls_certfile = /etc/freeradius/cert/radius.crt # tls_keyfile = /path/to/radius.key tls_keyfile = /etc/freeradius/cert/radius.key tls_certfile and tls_keyfile are used to make the radius server authenticate itself to the ldap server. This is not mandatory, if you're not willing to authenticate the radius server to the ldap server, then you can ommit these two lines. However, if you are trying to authenticate the radius server to the ldap server with certificates, then check that the CA that has signed the radius' certificate is known by the ldap server. #tls_mode = yes Argh... I think you have to uncomment this line. HTH, Thibault - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error with rlm_perl
On Monday 04 December 2006 12:01, Robert Masse wrote: I have the following error when trying to use rlm_perl : Module: Loaded perl /usr/sbin/freeradius: symbol lookup error: /usr/local/lib/rlm_perl-1.1.2.so: undefined symbol: perl_alloc Check if you have libperl.so in your system. I hadn't libperl.so on my system (Debian Sarge). Now, it is installed : /usr/lib/libperl.so But no change ... : please recompile freeradius or rlm_perl only -- Best Regards, Boian Jordanov SNE Orbitel - Next Generation Telecom tel. +359 2 4004 723 tel. +359 2 4004 002 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RE : FreeRadius + Ldap + TLS/SSL
Thx It's works. But I have another question: -In freeradius log (freeradius -XXX -A) i see my password from ldap server, how i can crypt that password ? BR Kamyk On Dec 4, 2006, at 1:57 PM, Thibault Le Meur wrote: -Message d'origine- De : [EMAIL PROTECTED] radius.org [mailto:[EMAIL PROTECTED] sts.freeradius.org] De la part de Rafa³ Kamiñski Envoyé : lundi 4 décembre 2006 13:28 À : freeradius-users@lists.freeradius.org Objet : FreeRadius + Ldap + TLS/SSL When i saw that error, i check ldap logs. My ldap is configure with SSL not a TLS. Now i have a problem with configure freeradius to work with SSL ldap not TLS ldap :( I have in radiusd.conf: server = ldap port = 636 #port = 389 ... filter = (uid=%u) base_filter = (objectclass=radiusprofile) start_tls = no This last line is ok: it will ask not to try Start-TLS connection. # tls_cacertfile= /path/to/cacert.pem tls_cacertfile = /etc/freeradius/cert/ca.crt # tls_cacertdir = /path/to/ca/dir/ tls_cacertdir = /etc/freeradius/cert/ tls_cacertdir = /etc/freeradius/cert/ Why do you have both tls_cacertfile and tls_cacertdir ? # tls_certfile = /path/to/radius.crt tls_certfile = /etc/freeradius/cert/radius.crt # tls_keyfile = /path/to/radius.key tls_keyfile = /etc/freeradius/cert/radius.key tls_certfile and tls_keyfile are used to make the radius server authenticate itself to the ldap server. This is not mandatory, if you're not willing to authenticate the radius server to the ldap server, then you can ommit these two lines. However, if you are trying to authenticate the radius server to the ldap server with certificates, then check that the CA that has signed the radius' certificate is known by the ldap server. #tls_mode = yes Argh... I think you have to uncomment this line. HTH, Thibault - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem cheking multivalued attributes in LDAP schemas.
I try to make a decision based on checking for a value in a certain attribute of a LDAP schema. The problem is that this is a multivalued attribute, and it seems somewhat undefined when I try to check against it! My exact problem is checking against a eduPerson schema for an affiliation on an attribute called eduPersonAffiliation (which is multivalued). I want to check if a certain user has the right affiliation= before assigning a dynamic Vlan. I fetch the attribute in Authorization as LDAP-Affiliation (mapped as a checkItem in ldap.attrmap). I've tried checking with the regular expression operator (i.e. for staff affiliation), but it seems to not give a match. Ex. check-statement from users file: LDAP-Affiliation :~ .*staff.* In the LDAP-backend the eduPersonAffiliation is shown as containing: eduPersonAffiliation: employee staff member Is this a common problem in checking against multivalued attributes, or is there a way around it? Any feedback would be appreciated! - Erling Paulsen - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem cheking multivalued attributes in LDAP schemas.
Erling Paulsen wrote: I try to make a decision based on checking for a value in a certain attribute of a LDAP schema. The problem is that this is a multivalued attribute, and it seems somewhat undefined when I try to check against it! My exact problem is checking against a eduPerson schema for an affiliation on an attribute called eduPersonAffiliation (which is multivalued). I want to check if a certain user has the right affiliation= before assigning a dynamic Vlan. I fetch the attribute in Authorization as LDAP-Affiliation (mapped as a checkItem in ldap.attrmap). I've tried checking with the regular expression operator (i.e. for staff affiliation), but it seems to not give a match. Ex. check-statement from users file: LDAP-Affiliation :~ .*staff.* In the LDAP-backend the eduPersonAffiliation is shown as containing: eduPersonAffiliation: employee staff member Is this a common problem in checking against multivalued attributes, or is there a way around it? Any feedback would be appreciated! - Erling Paulsen - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html You could try using the checkval module which supports multivalued attributes - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
NAS Port always 0
Hi, I'm using a linux box as the NAS. PPP connections come in and get fed to radiusclient which in turn contacts a FreeRADIUS 1.1.3 server. Some of the PPP connections are dynamic, most are static. I did set up ippool properly in FreeRADIUS, but it dishes out only 2 IP addresses. Doing some searching around, I discovered this is because the Nas-Port is always 0 (as evidenced by the radius log files). So it will only send those two addresses out because it thinks the same user is logging on each time? Is there a way to tell the pppd-radius plugin, or, radiusclient to use a different NAS Port when it sends the RADIUS authentication requests? The pppd-radius man page says I can use map-to-ifname or map-to-ttyname (I'm using PPP v2.4.4b1). However, looking at the source code for pppd-radius, in radius.c it appears the NAS Port is hardcoded as zero. Would it then, be up to radiusclient to send the NAS Port? It appears to only have facility for setting NAS Port from the tty, and that's not an option for me. Has anyone else had this similar problem? I need to get FreeRADIUS to actually dish out more than the same 2 IP addresses. Regards, Tom - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE : Problem cheking multivalued attributes in LDAP schemas.
-Message d'origine- De : [EMAIL PROTECTED] radius.org [mailto:[EMAIL PROTECTED] sts.freeradius.org] De la part de Erling Paulsen Envoyé : lundi 4 décembre 2006 15:11 À : FreeRadius users mailing list Objet : Problem cheking multivalued attributes in LDAP schemas. I try to make a decision based on checking for a value in a certain attribute of a LDAP schema. The problem is that this is a multivalued attribute, and it seems somewhat undefined when I try to check against it! My exact problem is checking against a eduPerson schema for an affiliation on an attribute called eduPersonAffiliation (which is multivalued). I want to check if a certain user has the right affiliation= before assigning a dynamic Vlan. I fetch the attribute in Authorization as LDAP-Affiliation (mapped as a checkItem in ldap.attrmap). This LDAP-Affiliation is not a standard Radius attribute... Have you defined it in freeradius dictionary files ? I've tried checking with the regular expression operator (i.e. for staff affiliation), but it seems to not give a match. Ex. check-statement from users file: LDAP-Affiliation :~ .*staff.* I do not know this :~ operator, have you tried =~ instead ? Thibault - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: NAS Port always 0
Tom Murphy wrote: Doing some searching around, I discovered this is because the Nas-Port is always 0 (as evidenced by the radius log files). So it will only send those two addresses out because it thinks the same user is logging on each time? Yes. Is there a way to tell the pppd-radius plugin, or, radiusclient to use a different NAS Port when it sends the RADIUS authentication requests? See the client documentation source. If it isn't clear how to do it, it probably can't be done. Has anyone else had this similar problem? I need to get FreeRADIUS to actually dish out more than the same 2 IP addresses. Then make the client send out different NAS-Port values. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RE : FreeRadius + Ldap + TLS/SSL
Rafał Kamiński wrote: -In freeradius log (freeradius -XXX -A) i see my password from ldap server, how i can crypt that password ? You don't. Debugging mode is SUPPOSED to tell you what the passwords are, otherwise debugging mode is useless. if you don't want the passwords, don't run in debugging mode. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Questions about proxy radius on multihomed host
Kostas Zorbadelos wrote: There are patches pending against CVS head that should fix this. In a portable way? Yes. Much of FreeRADIUS is intended to be portable. It would be annoying to make it non-portable now. I am reffering to proxy_send in proxy.c Which doesn't matter for UDPFROMTO, because the source IP is chosen by the server from it's configuration (i.e. socket open). Or, the source IP is INADDR_ANY, in which case UDPFROMTO does nothing, and the kernel chooses the source IP. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: DEFAULT access-reject Reply-Message
In your code, $RAD_REQUEST{'Module-Failure-Message'} what that variable mean? It means look in the RAD_REQUEST hash for key named 'Module-Failure-Message'. RAD_REQUEST, RAD_CHECK and RAD_REPLY are hashes that rlm_perl creates that contain the request, check and reply attributes respectively. For single-value attributes, you can test the value by referring to the hash name and key name (as above). If the attribute has multiple values, then value for the requested key is an array. Is there any doc on how to write scripts for radius? FR comes with example.pl which is a sample perl script that can be called by the rlm_perl module. You can also find documentation for rlm_perl at the wiki: http://wiki.freeradius.org/Rlm_perl (the doc. says RAD_CONFIG is a hash that is created, but I believe the code to support that was only recently added..) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: TTLS : where to indicate User/Password ?
Bruno Costacurta wrote: I'm trying to configure FreeRadius using TTLS (certificate on server side only) and MySQL. Client is a Linux laptop using wpa_supplicant. I'm in a learning curve regarding 802.1x and FreeRadius and especially TTLS. That should work without too much effort. Questions: - TTLS available authentications are: CHAP,PAP,MS-CHAP,EAP (correct ?) Yes. - 'Auth-Type=local' means CHAP,PAP and MS-CHAP (correct ?) No, just CHAP and PAP. You shouldn't be using it at all. - for the learning curve : --- which is the easiest authentications to start with ? PAP. --- MySQL will be removed at the first stage to ease debugging / setup of the config (good idea ?) Yes. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_sql, mysql configuration
Setting up 1.1.2 with mysql and mschap. Our existing 0.9 setup uses clients.conf file and the rest via the mysql tables. Now, in 1.2, I see there is a nas table that was not around before (at least on our system), but as far as I can see we still need to use clients.conf as nas has no field for allowed ip addresses of clients. Am I missing something? I see no mention of the nas table in the rlm_sql docs. Thanks in advance for all help. Andrew Long - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: unable to compile with openssl libraries
Hi again, Eventually, I was able to create the package and install it on my debian server. Now when I run it, I get the following output: rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap rlm_eap: Failed to link EAP-Type/tls: /usr/lib/freeradius/rlm_eap_tls.so: undefined symbol: cbtls_password radiusd.conf[1]: eap: Module instantiation failed. radiusd.conf[365] Unknown module eap. radiusd.conf[350] Failed to parse authenticate section. The tls Section: tls { private_key_password = whatever private_key_file = ${raddbdir}/certs/cert-srv.pem certificate_file = ${raddbdir}/certs/cert-srv.pem CA_file = ${raddbdir}/certs/demoCA/cacert.pem dh_file = ${raddbdir}/certs/dh random_file = ${raddbdir}/certs/random #fragment_size = 1024 #include_length = yes #check_crl = yes #check_cert_cn = %{User-Name} } cheers Peter [EMAIL PROTECTED] 12/04/06 4:08 PM Peter Param wrote: dpkg-checkbuilddeps: Unmet build dependencies: debhelper (= 4.2.32) dpatch (= 2) autotools-dev libtool (= 1.5) libltdl3-dev libpam0g-dev libmysqlclient15-dev | libmysqlclient14-dev | libmysqlclient-dev libgdbm-dev libldap2-dev libsasl2-dev libiodbc2-dev libkrb5-dev snmp libsnmp9-dev | libsnmp5-dev | libsnmp4.2-dev libpq-dev | postgresql-dev libssl-dev Have you tried installing those packages? It gives you a list of required and optional packages. I would suggest debhelper, dpatch, autotools-dev, libtool, libltld3-dev, and libssl-dev. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been virus scanned and although no viruses were detected by the system, St Vincents Mater Health Sydney accepts no liability for any consequential damage resulting from email containing any computer viruses. ** - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: DEFAULT access-reject Reply-Message
Ok, I will try to play around with that although I'm feeling that I have no idea what I'm doing Thanks anyway! _ From: [EMAIL PROTECTED] .org [mailto:[EMAIL PROTECTED] eeradius.org] On Behalf Of Garber, Neal Sent: Monday, December 04, 2006 3:23 PM To: FreeRadius users mailing list Subject: RE: DEFAULT access-reject Reply-Message In your code, $RAD_REQUEST{'Module-Failure-Message'} what that variable mean? It means look in the RAD_REQUEST hash for key named 'Module-Failure-Message'. RAD_REQUEST, RAD_CHECK and RAD_REPLY are hashes that rlm_perl creates that contain the request, check and reply attributes respectively. For single-value attributes, you can test the value by referring to the hash name and key name (as above). If the attribute has multiple values, then value for the requested key is an array. Is there any doc on how to write scripts for radius? FR comes with example.pl which is a sample perl script that can be called by the rlm_perl module. You can also find documentation for rlm_perl at the wiki: http://wiki.freeradius.org/Rlm_perl (the doc. says RAD_CONFIG is a hash that is created, but I believe the code to support that was only recently added..) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxy Problems
Daniel Romero wrote: I'm trying to run freeradius with eap/peap, but i'm get stucked in a kind of Proxy-State loop... So... why did you configure the server to proxy requests to itself? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: unable to compile with openssl libraries
Peter Param wrote: Hi again, Eventually, I was able to create the package and install it on my debian server. Now when I run it, I get the following output: rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap rlm_eap: Failed to link EAP-Type/tls: /usr/lib/freeradius/rlm_eap_tls.so: undefined symbol: cbtls_password You need to re-build the server. You have installed OpenSSL, but have NOT re-built the entire server after this. Remove the server package, and re-install from source. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxy Problems
Sorry, I'm a newbie... I have a radius server connected to internet. I want that any student on campus can get access to internet using their notebooks with eap/peap autentication (also, all students int the same vlan). Then, my intention was that the radius server itself act like a web proxy... i'm wrong??? Please, i need help... 3 days to complete the work (i'm a student) damn!!! On 12/4/06, Alan DeKok [EMAIL PROTECTED] wrote: Daniel Romero wrote: I'm trying to run freeradius with eap/peap, but i'm get stucked in a kind of Proxy-State loop... So... why did you configure the server to proxy requests to itself? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxy Problems
I think that this error was caused by a bad concept of radius functión. Now, all proxy go off, but it stops when send: Sending Access-Challenge of id 3 to 192.168.100.185 port 1311... Log on attached file. Thanks! On 12/4/06, Alan DeKok [EMAIL PROTECTED] wrote: Daniel Romero wrote: I'm trying to run freeradius with eap/peap, but i'm get stucked in a kind of Proxy-State loop... So... why did you configure the server to proxy requests to itself? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 04-12-2006_20_22.log Description: Binary data - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sql, mysql configuration
Hi, see there is a nas table that was not around before (at least on our system), but as far as I can see we still need to use clients.conf as nas has no field for allowed ip addresses of clients. Am I missing something? I see no mention of the nas table in the rlm_sql docs. Thanks in advance for all help. the column nasname either holds a DNS name or an IP address, so you can move away from clients.conf. The table is only re-read on server restart (um, maybe also on HUP?). You need to have at least one dummy entry in clients.conf (like localhost), otherwise the server won't start. You need to enable reading clients from this table in sql.conf (readclients = yes), toward the end of the file. Greetings, Stefan Winter -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 pgpfdur2L7Wkw.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html