Re: Assertion failed in listen.c, line 621
Guilherme Franco wrote: > Hello, > > Freeradius-snapshot-20061203 crashes, when running just "radiusd" with > proxy ("radiusd -X" doesn't crash): > > It logs the following "Error: Assertion failed in listen.c, line 621", > which is "rad_assert(request->proxy_listener == listener);" And what does the stack trace show? Are you HUPing the server? That can cause problems with that code, for a variety of reasons. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Sending Access-Challenge Fail
Daniel Romero wrote: > I'm stucked... i don't know what to do... ... > Sending Access-Challenge of id 3 to 192.168.100.185 ... > Waking up in 5 seconds... See the FAQ. http://wiki.freeradius.org/index.php/FAQ#PEAP_Doesn.27t_Work Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP
Hi, > rlm_eap: SSL error error:0906D06C:PEM routines:PEM_read_bio:no start line > rlm_eap_tls: Error reading private key file > rlm_eap: Failed to initialize type tls That sounds pretty clear, doesn't it? Apparently the server was not able to load the certificate's private key. Check the filename in the configuration and permissions of the private key file. Stefan Winter -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung & Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 pgpwY5DPzl7f3.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP
Hi. The problem was that the password of the certificate and the password of eap.conf doesn't match. Layer 8 problem, between the chair and the keyboard... - Original Message - From: "rolando" <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" Sent: Tuesday, December 05, 2006 10:01 PM Subject: Re: EAP > Check out you file permissions. > > chmod 600 /path/to/certs > > Can you post you raduisd.conf, users, eap.conf. I would like to use them > as a reference. I am trying to setup PEAP myself. I have several windows > machines setup but am having trouble with linux and wpa_supplicant. > > Daniel Romero wrote: > > Any ideas? > > > > ... > > Module: Loaded eap > > eap: default_eap_type = "peap" > > eap: timer_expire = 60 > > eap: ignore_unknown_eap_types = no > > eap: cisco_accounting_username_bug = no > > tls: rsa_key_exchange = no > > tls: dh_key_exchange = yes > > tls: rsa_key_length = 512 > > tls: dh_key_length = 512 > > tls: verify_depth = 0 > > tls: CA_path = "(null)" > > tls: pem_file_type = yes > > tls: private_key_file = "/usr/local/etc/raddb/certs/cert- srv.pem" > > tls: certificate_file = "/usr/local/etc/raddb/certs/cert-srv.pem" > > tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem" > > tls: private_key_password = "radiusUDP" > > tls: dh_file = "/usr/local/etc/raddb/certs/dh" > > tls: random_file = "/usr/local/etc/raddb/certs/random" > > tls: fragment_size = 1024 > > tls: include_length = yes > > tls: check_crl = no > > tls: check_cert_cn = "(null)" > > tls: cipher_list = "(null)" > > tls: check_cert_issuer = "(null)" > > rlm_eap_tls: Loading the certificate file as a chain > > rlm_eap: SSL error error:0906D06C:PEM routines:PEM_read_bio:no start line > > rlm_eap_tls: Error reading private key file > > rlm_eap: Failed to initialize type tls > > radiusd.conf[1]: eap: Module instantiation failed. > > radiusd.conf[399] Unknown module "eap". > > radiusd.conf[382] Failed to parse authenticate section. > > > > > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Assertion failed in listen.c, line 621
Hello, Freeradius-snapshot-20061203 crashes, when running just "radiusd" with proxy ("radiusd -X" doesn't crash): It logs the following "Error: Assertion failed in listen.c, line 621", which is "rad_assert(request->proxy_listener == listener);" Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Sending Access-Challenge Fail
I'm stucked... i don't know what to do... rlm_sql (sql): Released sql socket id: 1 modcall[authorize]: module "sql" returns ok for request 3 modcall: leaving group authorize (returns updated) for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 3 to 192.168.100.185 port 1167 Framed-IP-Address := 192.168.100.210 Framed-IP-Netmask := 255.255.255.255 Framed-Protocol := PPP Service-Type := Framed-User Framed-Compression := Van-Jacobson-TCP-IP EAP-Message = 0x010400061900 Message-Authenticator = 0x State = 0x0108be98f023e591df74f0eaf7670e9d Finished request 3 Going to the next request Waking up in 5 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 0 with timestamp 457619d2 Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 1 with timestamp 457619d3 Cleaning up request 2 ID 2 with timestamp 457619d3 Cleaning up request 3 ID 3 with timestamp 457619d3 Nothing to do. Sleeping until we see a request. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP
Check out you file permissions. chmod 600 /path/to/certs Can you post you raduisd.conf, users, eap.conf. I would like to use them as a reference. I am trying to setup PEAP myself. I have several windows machines setup but am having trouble with linux and wpa_supplicant. Daniel Romero wrote: Any ideas? ... Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/usr/local/etc/raddb/certs/cert- srv.pem" tls: certificate_file = "/usr/local/etc/raddb/certs/cert-srv.pem" tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem" tls: private_key_password = "radiusUDP" tls: dh_file = "/usr/local/etc/raddb/certs/dh" tls: random_file = "/usr/local/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" tls: cipher_list = "(null)" tls: check_cert_issuer = "(null)" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: SSL error error:0906D06C:PEM routines:PEM_read_bio:no start line rlm_eap_tls: Error reading private key file rlm_eap: Failed to initialize type tls radiusd.conf[1]: eap: Module instantiation failed. radiusd.conf[399] Unknown module "eap". radiusd.conf[382] Failed to parse authenticate section. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP
rlm_eap_tls: Loading the certificate file as a chain rlm_eap: SSL error error:0906D06C:PEM routines:PEM_read_bio:no start line rlm_eap_tls: Error reading private key file rlm_eap: Failed to initialize type tls radiusd.conf[1]: eap: Module instantiation failed. radiusd.conf[399] Unknown module "eap". radiusd.conf[382] Failed to parse authenticate section. Cause: certificate's password and password on eap.conf where different. Solution: make them equals!!! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP
Any ideas? ... Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/usr/local/etc/raddb/certs/cert-srv.pem" tls: certificate_file = "/usr/local/etc/raddb/certs/cert-srv.pem" tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem" tls: private_key_password = "radiusUDP" tls: dh_file = "/usr/local/etc/raddb/certs/dh" tls: random_file = "/usr/local/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" tls: cipher_list = "(null)" tls: check_cert_issuer = "(null)" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: SSL error error:0906D06C:PEM routines:PEM_read_bio:no start line rlm_eap_tls: Error reading private key file rlm_eap: Failed to initialize type tls radiusd.conf[1]: eap: Module instantiation failed. radiusd.conf[399] Unknown module "eap". radiusd.conf[382] Failed to parse authenticate section. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL reconnect
Guido wrote: > Hi list, I'm using freeradius with Ms-SQL. Freeradius can open > connections as many as are configured in mssql (num_sql_socks = 3). It > is ok, but when SQL go down, or when connection with SQL go down > freeradius can't connect to SQL until freeradius is restarted. So, I > need a way to rstart freeradius when any problem with SQL happens. Send a HUP signal to the server. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SQL reconnect
Hi list, I'm using freeradius with Ms-SQL. Freeradius can open connections as many as are configured in mssql (num_sql_socks = 3). It is ok, but when SQL go down, or when connection with SQL go down freeradius can't connect to SQL until freeradius is restarted. So, I need a way to rstart freeradius when any problem with SQL happens. Regards, Guido - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius core dump on FreeBSD
I'm re-posting this and at the bottom I'll attach what the debugger (gdb)is giving me. Lisa Besko wrote: I'm getting a core dump with freeradius when I try to use Kerberos authentication on a FreeBSD box running 6.1-Stable with an AMD64 platform. I can run FreeRadius with Kerberos authentication on FreeBSD 6.1 Stable with the i386 platform with no problems. If you can point me in a direction to help fix the problem please do. Here's some more info.: FreeRADIUS Version 1.1.3, for host amd64-portbld-freebsd6.1 Kerberos5 Version 1.5 Sunfire 2100 Dual Core AMD Opteron(tm) Processor 180 Please let me know if I can provide any more info. Here's the debugging messages from starting radiusd -X (slightly sanitized to protect the innocent : Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/clients.conf main: prefix = "/usr/local" main: localstatedir = "/var" main: logdir = "/var/log" main: libdir = "/usr/local/lib" main: radacctdir = "/var/log/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded Kerberos krb5: keytab = "(null)" krb5: service_principal = "(null)" rlm_krb5: krb5_init ok Module: Instantiated krb5 (krb5) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/var/log/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded preprocess preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" preprocess: hints = "/usr/local/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/usr/local/etc/raddb/users" files: acctusersfile = "/usr/local/etc/raddb/acct_users" files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host xx.x.x.xx:50724, id=200, length=65 User-Name = "[EMAIL PROTECTED]" User-Password = "thisisnothepasswordyouarelookingfor" NAS-IP-Address = 255.255.255.255 NAS-Port = 0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module
Re: client log
Hi, > I have installed freeradius 1.0.4 in my AAA servers. I work several years > with this service and funcion very well. > I am develeping a PHP platform for my people who install hotspots. Well, I > want to log if a nas can not authenticate with my RADIUS server because of > any reason. > I wish only to log failed NAS request such as: > -- > rad_recv: Access-Request packet from host 192.168.1.247:1027, id=4, > length=245Ignoring request from unknown client 192.168.1.247:1027--- Walking > the entire request list --- > -- > Any suggestion?? use some unix tools to create your own special logfile? eg tail -f /var/log/radius/radius.log | grep "Ignoring request from unknown client" > /var/log/radius/radius-client.log this would create a log file of only such occurances alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Challenge-response with mod_auth_radius
Arnaud Dostes wrote: > What we want to do is EAP-CTG, I'll investigate further in that direction. It's EAP-GTC, and no, you probably don't want that. See rlm_example for a sample challenge-response implementation in the server. See rlm_otp for a *working* implementation that integrates with some X9.9 token cards. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with Lucent ISDN Router.txt
Andreas Krummrich wrote: > With this config, dialing in is no problem and works fine. But dialing > out with callback doesn't work. The call goes out and is terminated > without any call back. ... > I dont't see any errors. The lucent retries several times and then gives > up. If you're sending the right attributes to the NAS and it's not behaving as expected, blame the NAS. if you're not sending the right attributes to the NAS, read the NAS documentation to see what attributes to send. > Are there any issues, between lucent and freeradius? Ore are there any > errors in the config? I haven't heard of any issues. And again, the config is valid RADIUS, but whether the NAS thinks it's a response it likes is up to the NAS. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: client log
Santiago Balaguer García wrote: > I wish only to log failed NAS request such as: > -- > rad_recv: Access-Request packet from host 192.168.1.247:1027, id=4, > length=245 > Ignoring request from unknown client 192.168.1.247:1027 > --- Walking the entire request list --- > -- > Any suggestion?? You have the source code. Edit it to print the message to the log file. It should take you about 5 minutes. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Redundant Modules
Wilmar Campos wrote: > What I have to do then? Look in rlm_sql to see why it isn't reconnecting, and fix it. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxy Problems
Daniel Romero wrote: > I think that this error was caused by a bad concept of radius functión. > > Now, all proxy go off, but it stops when send: Rather than trying to figure out what you're doing wrong, my suggestion is for you to follow the documentation on the Wiki & on my web site. It explains how to set up the server to do PEAP. Just follow the instructions... Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
client log
Hi people, I have installed freeradius 1.0.4 in my AAA servers. I work several years with this service and funcion very well. I am develeping a PHP platform for my people who install hotspots. Well, I want to log if a nas can not authenticate with my RADIUS server because of any reason. I wish only to log failed NAS request such as: -- rad_recv: Access-Request packet from host 192.168.1.247:1027, id=4, length=245Ignoring request from unknown client 192.168.1.247:1027--- Walking the entire request list --- -- Any suggestion?? Santiago _ Llama a tus amigos de PC a PC: ¡Es GRATIS! http://get.live.com/messenger/overview- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problems with Lucent ISDN Router.txt
Hi, i have trouble, dialing out with a lucent max1800 isdn router, using freeradius under sles9. Here is an extract of the users file: <<< user-in Password == "xxx" Service-Type == Framed-User, Framed-Protocol = ASCEND-MPP, Framed-Address = yyy.yyy.yyy.yyy, Framed-Netmask = zzz.zzz.zzz.zzz, Framed-Route = None user-outPassword == "", Service-Type == Dialout-Framed-User User-Name = "user", Ascend-Send-Auth = Send-Auth-CHAP, Ascend-Send-Secret = "", Ascend-Dial-Number = 0123456789, Ascend-Data-Svc = Nailed-64K, Framed-Protocol = ASCEND-MPP, Framed-Address = yyy.yyy.yyy.yyy., Framed-Netmask = zzz.zzz.zzz.zzz, Ascend-Expect-Callback = Expect-Callback-Yes, Ascend-Idle-Limit = 300 >>> With this config, dialing in is no problem and works fine. But dialing out with callback doesn't work. The call goes out and is terminated without any call back. I'm running freeradius in debug mode an getting the following output: <<< rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:1025, id=145, length=67 User-Name = "user-out" User-Password = "xxx" NAS-IP-Address = yyy.yyy.yyy.yyy NAS-Port = 0 NAS-Port-Type = Virtual Service-Type = Outbound-User State = 0x Processing the authorize section of radiusd.conf Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 radius_xlat: '/var/log/radius/radacct/xxx.xxx.xxx.xxx/auth-detail-20061204' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/xxx.xxx.xxx.xxx/auth-detail-20061204 modcall[authorize]: module "auth_log" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "cxdmg-out", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry cxdmg-out at line 1291 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns ok for request 0 auth: type Local auth: user supplied User-Password matches local User-Password Processing the post-auth section of radiusd.conf modcall: entering group post-auth for request 0 radius_xlat: '/var/log/radius/radacct/xxx.xxx.xxx.xxx/reply-detail-20061204' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /var/log/radius/radacct/xxx.xxx.xxx.xxx/reply-detail-20061204 modcall[post-auth]: module "reply_log" returns ok for request 0 modcall: group post-auth returns ok for request 0 Sending Access-Accept of id 145 to xxx.xxx.xxx.xxx:1025 User-Name = "user" Ascend-Send-Auth = Send-Auth-CHAP Ascend-Send-Secret = "9" Ascend-Dial-Number = "0123456789" Ascend-Data-Svc = Nailed-64K Framed-Protocol = Ascend-MPP Framed-Address = yyy.yyy.yyy.yyy Framed-Netmask = zzz.zzz.zzz.zzz Ascend-Expect-Callback = Expect-Callback-Yes Ascend-Idle-Limit = 300 Finished request 0 Going to the next request >>> I dont't see any errors. The lucent retries several times and then gives up. As you can see, I allready includes the dictionary.ascend. Without any success. I also switched between OLD and VSA on the lucent and the freeradius. But without success. Are there any issues, between lucent and freeradius? Ore are there any errors in the config? Thanks in advance. Kind Regards, Andreas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Redundant Modules
What I have to do then? Thanks, On 12/4/06, Alan DeKok <[EMAIL PROTECTED]> wrote: Wilmar Campos wrote: > The problem is when the MySQL sever came up, the module does not try > the MySQL module, it stays until I restart the service. It's a bug. I have no idea why it's happening. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Wilmar Campos - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem cheking multivalued attributes in LDAP schemas.
Kostas Kalevras wrote: Erling Paulsen wrote: I try to make a decision based on checking for a value in a certain attribute of a LDAP schema. The problem is that this is a multivalued attribute, and it seems somewhat undefined when I try to check against it! My exact problem is checking against a "eduPerson" schema for an affiliation on an attribute called "eduPersonAffiliation" (which is multivalued). I want to check if a certain user has the right affiliation= before assigning a dynamic Vlan. I fetch the attribute in Authorization as "LDAP-Affiliation" (mapped as a checkItem in ldap.attrmap). I've tried checking with the regular expression operator (i.e. for "staff" affiliation), but it seems to not give a match. Ex. check-statement from users file: LDAP-Affiliation :~ .*staff.* In the LDAP-backend the "eduPersonAffiliation" is shown as containing: eduPersonAffiliation: employee staff member Is this a common problem in checking against multivalued attributes, or is there a way around it? Any feedback would be appreciated! - Erling Paulsen - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html You could try using the checkval module which supports multivalued attributes - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Yes, it works. I just had to add the request attribute to the hints-file, fetch the check attribute from LDAP and then match via checkval. Thanks! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Challenge-response with mod_auth_radius
What we want to do is EAP-CTG, I'll investigate further in that direction. Please just let me know if for some reason freeradius doesn't support that. Regards Arnaud Dostes <[EMAIL PROTECTED]> Envoyé par : [EMAIL PROTECTED] 05.12.2006 12:17 Veuillez répondre à FreeRadius users mailing list A freeradius-users@lists.freeradius.org cc Objet Challenge-response with mod_auth_radius Hello, We would like to use freeradius with a 'home made' challenge response authentication scheme (we will build our own module) using mod_auth_radius. Ultimately we would like to prompt the user (after successfull authentication) with a challenge that he would have to enter in a securID like device and enter his response in the mod_auth_radius prompt. I've been toying with freeradius and mod_auth_radius for a few days now, and I still haven't succeeded in prompting the user with a challenge from the RADIUS server. Could anyone point me in the right direction ? Is it possible ? We're using mod_auth_radius as a basic client, but we could use any type of NAS. Best regards, Arnaud - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem authenticating with Checkpoint Integrity.
>>Ian Walker wrote: > >> I'm attempting 802.1x authentication with Checkpoint Integrity. I > have > >> it working with peap no problems and usings mschapv2. However, when > I > >> attempt with Integrity, I have to choose "Zone Labs Cooperative > >> Enforcement" within the Windows 802.1x authentication options. I've > >> then chosen peap/mschapv2 here, but an additional setting is eap-type > >> "44" of which I'm unable to change on the client. > > > Which is proprietary to ZoneLabs, and which is otherwise unknown. > > >> The main bit of this being the EAP NAK and "NAK asked for bad type > 44". > >> I'm unsure of how I'm supposed to configure freeradius to use this > type, > >> as in the IANA numbers, type 44 is shown as: > >> > >> 44 ZoneLabs EAP (ZLXEAP) > >> > >> Any ideas on what I can do to get this working? > > > Ask Zone Labs for documentation on how it works, and on an > >implementation that you can submit to FreeRADIUS. Tell them that if > >their EAP type is implemented in FreeRADIUS, then it will be available > >in the most widely used RADIUS server on the planet. :) > > > Alan DeKok. We got it working in the end with FreeRadius. Because of the hardware we were using (HP), we had to use HP's IDM software, and it all authenticated perfectly. The way we configured previously was wrong, which was why we were getting the problems. Ian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem starting freeradius 1.1.3
>>Ian Walker wrote: >> I used the "rpmbuild -ta" command to build an rpm of freeradius-1.1.3 >> and all went well with the build. I then installed the rpm, and I'm >> getting the following error message after running radiusd -X. >>... >> radiusd: symbol lookup error: radiusd: undefined symbol: udpfromto_init > You probably have two versions of the server installed. This error is >coming from the one that's not part of the RPM build, I think. >> I'm not sure what to do to get around the problem of the undefined >> symbol udpfromto_init error. Has anyone any ideas on what I can do to >> get freeradius working? > Double-check how many versions you have installed. > Use the correct libraries. "udpfromto_init" is part of the RADIUS >library that comes with the server. If the daemon references that >function, then the library includes that function. > Alan DeKok. You are correct. I had an original compiled version installed which I had renamed which I had thought solved this issue, unfortunately it didn't. I made a new Red Hat system and installed the rpm I made and it worked perfectly fine :-) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Challenge-response with mod_auth_radius
Hello, We would like to use freeradius with a 'home made' challenge response authentication scheme (we will build our own module) using mod_auth_radius. Ultimately we would like to prompt the user (after successfull authentication) with a challenge that he would have to enter in a securID like device and enter his response in the mod_auth_radius prompt. I've been toying with freeradius and mod_auth_radius for a few days now, and I still haven't succeeded in prompting the user with a challenge from the RADIUS server. Could anyone point me in the right direction ? Is it possible ? We're using mod_auth_radius as a basic client, but we could use any type of NAS. Best regards, Arnaud - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html