Re: Assertion failed in listen.c, line 621
Guilherme Franco wrote:
> Hello,
>
> Freeradius-snapshot-20061203 crashes, when running just "radiusd" with
> proxy ("radiusd -X" doesn't crash):
>
> It logs the following "Error: Assertion failed in listen.c, line 621",
> which is "rad_assert(request->proxy_listener == listener);"
And what does the stack trace show?
Are you HUPing the server? That can cause problems with that code,
for a variety of reasons.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Sending Access-Challenge Fail
Daniel Romero wrote: > I'm stucked... i don't know what to do... ... > Sending Access-Challenge of id 3 to 192.168.100.185 ... > Waking up in 5 seconds... See the FAQ. http://wiki.freeradius.org/index.php/FAQ#PEAP_Doesn.27t_Work Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP
Hi, > rlm_eap: SSL error error:0906D06C:PEM routines:PEM_read_bio:no start line > rlm_eap_tls: Error reading private key file > rlm_eap: Failed to initialize type tls That sounds pretty clear, doesn't it? Apparently the server was not able to load the certificate's private key. Check the filename in the configuration and permissions of the private key file. Stefan Winter -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung & Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 pgpwY5DPzl7f3.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP
Hi. The problem was that the password of the certificate and the password of eap.conf doesn't match. Layer 8 problem, between the chair and the keyboard... - Original Message - From: "rolando" <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" Sent: Tuesday, December 05, 2006 10:01 PM Subject: Re: EAP > Check out you file permissions. > > chmod 600 /path/to/certs > > Can you post you raduisd.conf, users, eap.conf. I would like to use them > as a reference. I am trying to setup PEAP myself. I have several windows > machines setup but am having trouble with linux and wpa_supplicant. > > Daniel Romero wrote: > > Any ideas? > > > > ... > > Module: Loaded eap > > eap: default_eap_type = "peap" > > eap: timer_expire = 60 > > eap: ignore_unknown_eap_types = no > > eap: cisco_accounting_username_bug = no > > tls: rsa_key_exchange = no > > tls: dh_key_exchange = yes > > tls: rsa_key_length = 512 > > tls: dh_key_length = 512 > > tls: verify_depth = 0 > > tls: CA_path = "(null)" > > tls: pem_file_type = yes > > tls: private_key_file = "/usr/local/etc/raddb/certs/cert- srv.pem" > > tls: certificate_file = "/usr/local/etc/raddb/certs/cert-srv.pem" > > tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem" > > tls: private_key_password = "radiusUDP" > > tls: dh_file = "/usr/local/etc/raddb/certs/dh" > > tls: random_file = "/usr/local/etc/raddb/certs/random" > > tls: fragment_size = 1024 > > tls: include_length = yes > > tls: check_crl = no > > tls: check_cert_cn = "(null)" > > tls: cipher_list = "(null)" > > tls: check_cert_issuer = "(null)" > > rlm_eap_tls: Loading the certificate file as a chain > > rlm_eap: SSL error error:0906D06C:PEM routines:PEM_read_bio:no start line > > rlm_eap_tls: Error reading private key file > > rlm_eap: Failed to initialize type tls > > radiusd.conf[1]: eap: Module instantiation failed. > > radiusd.conf[399] Unknown module "eap". > > radiusd.conf[382] Failed to parse authenticate section. > > > > > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Assertion failed in listen.c, line 621
Hello,
Freeradius-snapshot-20061203 crashes, when running just "radiusd" with
proxy ("radiusd -X" doesn't crash):
It logs the following "Error: Assertion failed in listen.c, line 621",
which is "rad_assert(request->proxy_listener == listener);"
Thanks.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Sending Access-Challenge Fail
I'm stucked... i don't know what to do... rlm_sql (sql): Released sql socket id: 1 modcall[authorize]: module "sql" returns ok for request 3 modcall: leaving group authorize (returns updated) for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 3 to 192.168.100.185 port 1167 Framed-IP-Address := 192.168.100.210 Framed-IP-Netmask := 255.255.255.255 Framed-Protocol := PPP Service-Type := Framed-User Framed-Compression := Van-Jacobson-TCP-IP EAP-Message = 0x010400061900 Message-Authenticator = 0x State = 0x0108be98f023e591df74f0eaf7670e9d Finished request 3 Going to the next request Waking up in 5 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 0 with timestamp 457619d2 Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 1 with timestamp 457619d3 Cleaning up request 2 ID 2 with timestamp 457619d3 Cleaning up request 3 ID 3 with timestamp 457619d3 Nothing to do. Sleeping until we see a request. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP
Check out you file permissions. chmod 600 /path/to/certs Can you post you raduisd.conf, users, eap.conf. I would like to use them as a reference. I am trying to setup PEAP myself. I have several windows machines setup but am having trouble with linux and wpa_supplicant. Daniel Romero wrote: Any ideas? ... Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/usr/local/etc/raddb/certs/cert- srv.pem" tls: certificate_file = "/usr/local/etc/raddb/certs/cert-srv.pem" tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem" tls: private_key_password = "radiusUDP" tls: dh_file = "/usr/local/etc/raddb/certs/dh" tls: random_file = "/usr/local/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" tls: cipher_list = "(null)" tls: check_cert_issuer = "(null)" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: SSL error error:0906D06C:PEM routines:PEM_read_bio:no start line rlm_eap_tls: Error reading private key file rlm_eap: Failed to initialize type tls radiusd.conf[1]: eap: Module instantiation failed. radiusd.conf[399] Unknown module "eap". radiusd.conf[382] Failed to parse authenticate section. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP
rlm_eap_tls: Loading the certificate file as a chain rlm_eap: SSL error error:0906D06C:PEM routines:PEM_read_bio:no start line rlm_eap_tls: Error reading private key file rlm_eap: Failed to initialize type tls radiusd.conf[1]: eap: Module instantiation failed. radiusd.conf[399] Unknown module "eap". radiusd.conf[382] Failed to parse authenticate section. Cause: certificate's password and password on eap.conf where different. Solution: make them equals!!! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP
Any ideas? ... Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/usr/local/etc/raddb/certs/cert-srv.pem" tls: certificate_file = "/usr/local/etc/raddb/certs/cert-srv.pem" tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem" tls: private_key_password = "radiusUDP" tls: dh_file = "/usr/local/etc/raddb/certs/dh" tls: random_file = "/usr/local/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" tls: cipher_list = "(null)" tls: check_cert_issuer = "(null)" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: SSL error error:0906D06C:PEM routines:PEM_read_bio:no start line rlm_eap_tls: Error reading private key file rlm_eap: Failed to initialize type tls radiusd.conf[1]: eap: Module instantiation failed. radiusd.conf[399] Unknown module "eap". radiusd.conf[382] Failed to parse authenticate section. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL reconnect
Guido wrote: > Hi list, I'm using freeradius with Ms-SQL. Freeradius can open > connections as many as are configured in mssql (num_sql_socks = 3). It > is ok, but when SQL go down, or when connection with SQL go down > freeradius can't connect to SQL until freeradius is restarted. So, I > need a way to rstart freeradius when any problem with SQL happens. Send a HUP signal to the server. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SQL reconnect
Hi list, I'm using freeradius with Ms-SQL. Freeradius can open connections as many as are configured in mssql (num_sql_socks = 3). It is ok, but when SQL go down, or when connection with SQL go down freeradius can't connect to SQL until freeradius is restarted. So, I need a way to rstart freeradius when any problem with SQL happens. Regards, Guido - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius core dump on FreeBSD
I'm re-posting this and at the bottom I'll attach what the debugger
(gdb)is giving me.
Lisa Besko wrote:
I'm getting a core dump with freeradius when I try to use Kerberos
authentication on a FreeBSD box running 6.1-Stable with an AMD64 platform.
I can run FreeRadius with Kerberos authentication on FreeBSD 6.1 Stable
with the i386 platform with no problems.
If you can point me in a direction to help fix the problem please do.
Here's some more info.:
FreeRADIUS Version 1.1.3, for host amd64-portbld-freebsd6.1
Kerberos5 Version 1.5
Sunfire 2100 Dual Core AMD Opteron(tm) Processor 180
Please let me know if I can provide any more info.
Here's the debugging messages from starting radiusd -X (slightly
sanitized to protect the innocent :
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/clients.conf
main: prefix = "/usr/local"
main: localstatedir = "/var"
main: logdir = "/var/log"
main: libdir = "/usr/local/lib"
main: radacctdir = "/var/log/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded Kerberos
krb5: keytab = "(null)"
krb5: service_principal = "(null)"
rlm_krb5: krb5_init ok
Module: Instantiated krb5 (krb5)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/var/log/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/usr/local/etc/raddb/users"
files: acctusersfile = "/usr/local/etc/raddb/acct_users"
files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile = "/var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host xx.x.x.xx:50724, id=200,
length=65
User-Name = "[EMAIL PROTECTED]"
User-Password = "thisisnothepasswordyouarelookingfor"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module
Re: client log
Hi, > I have installed freeradius 1.0.4 in my AAA servers. I work several years > with this service and funcion very well. > I am develeping a PHP platform for my people who install hotspots. Well, I > want to log if a nas can not authenticate with my RADIUS server because of > any reason. > I wish only to log failed NAS request such as: > -- > rad_recv: Access-Request packet from host 192.168.1.247:1027, id=4, > length=245Ignoring request from unknown client 192.168.1.247:1027--- Walking > the entire request list --- > -- > Any suggestion?? use some unix tools to create your own special logfile? eg tail -f /var/log/radius/radius.log | grep "Ignoring request from unknown client" > /var/log/radius/radius-client.log this would create a log file of only such occurances alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Challenge-response with mod_auth_radius
Arnaud Dostes wrote: > What we want to do is EAP-CTG, I'll investigate further in that direction. It's EAP-GTC, and no, you probably don't want that. See rlm_example for a sample challenge-response implementation in the server. See rlm_otp for a *working* implementation that integrates with some X9.9 token cards. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with Lucent ISDN Router.txt
Andreas Krummrich wrote: > With this config, dialing in is no problem and works fine. But dialing > out with callback doesn't work. The call goes out and is terminated > without any call back. ... > I dont't see any errors. The lucent retries several times and then gives > up. If you're sending the right attributes to the NAS and it's not behaving as expected, blame the NAS. if you're not sending the right attributes to the NAS, read the NAS documentation to see what attributes to send. > Are there any issues, between lucent and freeradius? Ore are there any > errors in the config? I haven't heard of any issues. And again, the config is valid RADIUS, but whether the NAS thinks it's a response it likes is up to the NAS. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: client log
Santiago Balaguer García wrote: > I wish only to log failed NAS request such as: > -- > rad_recv: Access-Request packet from host 192.168.1.247:1027, id=4, > length=245 > Ignoring request from unknown client 192.168.1.247:1027 > --- Walking the entire request list --- > -- > Any suggestion?? You have the source code. Edit it to print the message to the log file. It should take you about 5 minutes. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Redundant Modules
Wilmar Campos wrote: > What I have to do then? Look in rlm_sql to see why it isn't reconnecting, and fix it. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxy Problems
Daniel Romero wrote: > I think that this error was caused by a bad concept of radius functión. > > Now, all proxy go off, but it stops when send: Rather than trying to figure out what you're doing wrong, my suggestion is for you to follow the documentation on the Wiki & on my web site. It explains how to set up the server to do PEAP. Just follow the instructions... Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
client log
Hi people, I have installed freeradius 1.0.4 in my AAA servers. I work several years with this service and funcion very well. I am develeping a PHP platform for my people who install hotspots. Well, I want to log if a nas can not authenticate with my RADIUS server because of any reason. I wish only to log failed NAS request such as: -- rad_recv: Access-Request packet from host 192.168.1.247:1027, id=4, length=245Ignoring request from unknown client 192.168.1.247:1027--- Walking the entire request list --- -- Any suggestion?? Santiago _ Llama a tus amigos de PC a PC: ¡Es GRATIS! http://get.live.com/messenger/overview- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problems with Lucent ISDN Router.txt
Hi,
i have trouble, dialing out with a lucent max1800 isdn router, using
freeradius under sles9.
Here is an extract of the users file:
<<<
user-in Password == "xxx"
Service-Type == Framed-User,
Framed-Protocol = ASCEND-MPP,
Framed-Address = yyy.yyy.yyy.yyy,
Framed-Netmask = zzz.zzz.zzz.zzz,
Framed-Route = None
user-outPassword == "", Service-Type == Dialout-Framed-User
User-Name = "user",
Ascend-Send-Auth = Send-Auth-CHAP,
Ascend-Send-Secret = "",
Ascend-Dial-Number = 0123456789,
Ascend-Data-Svc = Nailed-64K,
Framed-Protocol = ASCEND-MPP,
Framed-Address = yyy.yyy.yyy.yyy.,
Framed-Netmask = zzz.zzz.zzz.zzz,
Ascend-Expect-Callback = Expect-Callback-Yes,
Ascend-Idle-Limit = 300
>>>
With this config, dialing in is no problem and works fine. But dialing
out with callback doesn't work. The call goes out and is terminated
without any call back.
I'm running freeradius in debug mode an getting the following output:
<<<
rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:1025, id=145,
length=67
User-Name = "user-out"
User-Password = "xxx"
NAS-IP-Address = yyy.yyy.yyy.yyy
NAS-Port = 0
NAS-Port-Type = Virtual
Service-Type = Outbound-User
State = 0x
Processing the authorize section of radiusd.conf
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat: '/var/log/radius/radacct/xxx.xxx.xxx.xxx/auth-detail-20061204'
rlm_detail:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/radius/radacct/xxx.xxx.xxx.xxx/auth-detail-20061204
modcall[authorize]: module "auth_log" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "cxdmg-out", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry cxdmg-out at line 1291
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns ok for request 0
auth: type Local
auth: user supplied User-Password matches local User-Password
Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 0
radius_xlat:
'/var/log/radius/radacct/xxx.xxx.xxx.xxx/reply-detail-20061204'
rlm_detail:
/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands
to /var/log/radius/radacct/xxx.xxx.xxx.xxx/reply-detail-20061204
modcall[post-auth]: module "reply_log" returns ok for request 0
modcall: group post-auth returns ok for request 0
Sending Access-Accept of id 145 to xxx.xxx.xxx.xxx:1025
User-Name = "user"
Ascend-Send-Auth = Send-Auth-CHAP
Ascend-Send-Secret = "9"
Ascend-Dial-Number = "0123456789"
Ascend-Data-Svc = Nailed-64K
Framed-Protocol = Ascend-MPP
Framed-Address = yyy.yyy.yyy.yyy
Framed-Netmask = zzz.zzz.zzz.zzz
Ascend-Expect-Callback = Expect-Callback-Yes
Ascend-Idle-Limit = 300
Finished request 0
Going to the next request
>>>
I dont't see any errors. The lucent retries several times and then gives up.
As you can see, I allready includes the dictionary.ascend. Without any
success.
I also switched between OLD and VSA on the lucent and the freeradius.
But without success.
Are there any issues, between lucent and freeradius? Ore are there any
errors in the config?
Thanks in advance.
Kind Regards,
Andreas
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Redundant Modules
What I have to do then? Thanks, On 12/4/06, Alan DeKok <[EMAIL PROTECTED]> wrote: Wilmar Campos wrote: > The problem is when the MySQL sever came up, the module does not try > the MySQL module, it stays until I restart the service. It's a bug. I have no idea why it's happening. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Wilmar Campos - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem cheking multivalued attributes in LDAP schemas.
Kostas Kalevras wrote: Erling Paulsen wrote: I try to make a decision based on checking for a value in a certain attribute of a LDAP schema. The problem is that this is a multivalued attribute, and it seems somewhat undefined when I try to check against it! My exact problem is checking against a "eduPerson" schema for an affiliation on an attribute called "eduPersonAffiliation" (which is multivalued). I want to check if a certain user has the right affiliation= before assigning a dynamic Vlan. I fetch the attribute in Authorization as "LDAP-Affiliation" (mapped as a checkItem in ldap.attrmap). I've tried checking with the regular expression operator (i.e. for "staff" affiliation), but it seems to not give a match. Ex. check-statement from users file: LDAP-Affiliation :~ .*staff.* In the LDAP-backend the "eduPersonAffiliation" is shown as containing: eduPersonAffiliation: employee staff member Is this a common problem in checking against multivalued attributes, or is there a way around it? Any feedback would be appreciated! - Erling Paulsen - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html You could try using the checkval module which supports multivalued attributes - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Yes, it works. I just had to add the request attribute to the hints-file, fetch the check attribute from LDAP and then match via checkval. Thanks! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Challenge-response with mod_auth_radius
What we want to do is EAP-CTG, I'll investigate further in that direction. Please just let me know if for some reason freeradius doesn't support that. Regards Arnaud Dostes <[EMAIL PROTECTED]> Envoyé par : [EMAIL PROTECTED] 05.12.2006 12:17 Veuillez répondre à FreeRadius users mailing list A freeradius-users@lists.freeradius.org cc Objet Challenge-response with mod_auth_radius Hello, We would like to use freeradius with a 'home made' challenge response authentication scheme (we will build our own module) using mod_auth_radius. Ultimately we would like to prompt the user (after successfull authentication) with a challenge that he would have to enter in a securID like device and enter his response in the mod_auth_radius prompt. I've been toying with freeradius and mod_auth_radius for a few days now, and I still haven't succeeded in prompting the user with a challenge from the RADIUS server. Could anyone point me in the right direction ? Is it possible ? We're using mod_auth_radius as a basic client, but we could use any type of NAS. Best regards, Arnaud - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem authenticating with Checkpoint Integrity.
>>Ian Walker wrote: > >> I'm attempting 802.1x authentication with Checkpoint Integrity. I > have > >> it working with peap no problems and usings mschapv2. However, when > I > >> attempt with Integrity, I have to choose "Zone Labs Cooperative > >> Enforcement" within the Windows 802.1x authentication options. I've > >> then chosen peap/mschapv2 here, but an additional setting is eap-type > >> "44" of which I'm unable to change on the client. > > > Which is proprietary to ZoneLabs, and which is otherwise unknown. > > >> The main bit of this being the EAP NAK and "NAK asked for bad type > 44". > >> I'm unsure of how I'm supposed to configure freeradius to use this > type, > >> as in the IANA numbers, type 44 is shown as: > >> > >> 44 ZoneLabs EAP (ZLXEAP) > >> > >> Any ideas on what I can do to get this working? > > > Ask Zone Labs for documentation on how it works, and on an > >implementation that you can submit to FreeRADIUS. Tell them that if > >their EAP type is implemented in FreeRADIUS, then it will be available > >in the most widely used RADIUS server on the planet. :) > > > Alan DeKok. We got it working in the end with FreeRadius. Because of the hardware we were using (HP), we had to use HP's IDM software, and it all authenticated perfectly. The way we configured previously was wrong, which was why we were getting the problems. Ian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem starting freeradius 1.1.3
>>Ian Walker wrote: >> I used the "rpmbuild -ta" command to build an rpm of freeradius-1.1.3 >> and all went well with the build. I then installed the rpm, and I'm >> getting the following error message after running radiusd -X. >>... >> radiusd: symbol lookup error: radiusd: undefined symbol: udpfromto_init > You probably have two versions of the server installed. This error is >coming from the one that's not part of the RPM build, I think. >> I'm not sure what to do to get around the problem of the undefined >> symbol udpfromto_init error. Has anyone any ideas on what I can do to >> get freeradius working? > Double-check how many versions you have installed. > Use the correct libraries. "udpfromto_init" is part of the RADIUS >library that comes with the server. If the daemon references that >function, then the library includes that function. > Alan DeKok. You are correct. I had an original compiled version installed which I had renamed which I had thought solved this issue, unfortunately it didn't. I made a new Red Hat system and installed the rpm I made and it worked perfectly fine :-) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Challenge-response with mod_auth_radius
Hello, We would like to use freeradius with a 'home made' challenge response authentication scheme (we will build our own module) using mod_auth_radius. Ultimately we would like to prompt the user (after successfull authentication) with a challenge that he would have to enter in a securID like device and enter his response in the mod_auth_radius prompt. I've been toying with freeradius and mod_auth_radius for a few days now, and I still haven't succeeded in prompting the user with a challenge from the RADIUS server. Could anyone point me in the right direction ? Is it possible ? We're using mod_auth_radius as a basic client, but we could use any type of NAS. Best regards, Arnaud - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
