Re: sql_counter

2007-03-12 Thread Alan DeKok 
Pierluigi Di Lorenzo wrote:
> Hi all,
> somebody knows how to pass external variables to sql_counter modules?
> and especially CallingStationId?

  doc/variables.txt

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: IP Address based proxy forward

2007-03-12 Thread Alan DeKok 
freeradius wrote:
...
> --> when I send a request from a NAC with the IP address 192.168.1.129, it 
> does not work as described in the debug output :
> 
> modcall[authorize]: module "files" returns notfound for request 34
> 
> Does anymone has an idea why it does not work ?

  Read ALL of the debug output.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: requiring a sample of a mysql radius database

2007-03-12 Thread Alan DeKok 
Internet-Wifi Operador wrote:
> Very well, I´m doing the same, but i can't find information about the
> way freeradius process the attributes and operator,

  Does the documentation help?

  doc/processing_users_file

  Or "man rlm_users"?

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_perl/rlm_python adding extra value pairs

2007-03-12 Thread Alan DeKok 
Mike O'Connor wrote:
> I wish to add some extra valid pairs to accounting packets which are
> being proxied to other radius servers.
> 
> If in the 'preacct' or the 'accounting' stage I was to add using
> rlm_python or rlm_perl value pairs would they be sent thought to the
> other radius servers ?

  Yes.  It doesn't take too long to try it and see.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: authenticating multiple modules?

2007-03-12 Thread Alan DeKok 
Tim Tyler wrote:
> Freeradius experts,
> I want to use one freeradius server to authenticate against a 
> system file for students and against ldap for faculty/staff.  I can 
> get the system file to work alone.  I can get the ldap module to work 
> alone.  But I can't seem to find a way to get both of them to work 
> together.  If I set DEFAULT Auth-Type = System in the users file, it 
> authenticates the system files.  If I set it to ldap, it 
> authenticates to ldap.

  Which is why we recommend not using Auth-Type.  Almost everyone uses
it wrong.

>  If I put both in the users file, it 
> authenticates ldap users only.

  See "man rlm_users" for why.  It's doing what you tell it to do, not
what you expect it to do.

>  How do I allow both unix and ldap 
> modules to authenticate their respective users?   Note: users are 
> unique to each module.  A user in unix does not exist in ldap and vice versa.

  Don't authenticate people via LDAP.  LDAP isn't an authentication
server.  It's a database.

  Instead, pull the password from LDAP, and let the server decide how
the user should be authenticated.

  You could also set Auth-Type *conditionally*, if the user was in one
group or another.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius and vlan assignment

2007-03-12 Thread A . L . M . Buxey 
Hi,

> I tried to configure my users file like this :
> -
> testNasPort-Type == Ethernet
>Service-Type = Framed-User,
>Tunnel-Type +=13,
>Tunnel-Medium-Type =6,
>Tunnel-Private-Group-ID =2
> -


Tunnel-Medium-Type = "IEEE-802",
Tunnel-Type = "VLAN",
Tunnel-Private-Group-Id = "2"

this is a 'change this setting' type of return value rather
than a check and comparison version. it also avoids playing
with dictionary files etc - a plain method for your cisco kit.
you may also need to return a 'UPDATED' flag - these values
are much easier to return via eg rlm_perl than the users file
(or rlm_sql if you feel that way inclined too!)

alan
 
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

freeradius-1.1.5 : *** glibc detected *** double free or corruption

2007-03-12 Thread adreas polyxronopoulos 
Hi list ,

I have compiled freeradius-1.1.5 on ubuntu 6.06 LAMP. When i am running
freeradius in debuging mode i got the following output:

[EMAIL PROTECTED]@dyndns:~# radiusd -X
Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /usr/local/etc/raddb/proxy.conf
Config:   including file: /usr/local/etc/raddb/clients.conf
Config:   including file: /usr/local/etc/raddb/snmp.conf
Config:   including file: /usr/local/etc/raddb/eap.conf
Config:   including file: /usr/local/etc/raddb/sql.conf
 main: prefix = "/usr/local"
 main: localstatedir = "/usr/local/var"
 main: logdir = "/usr/local/var/log/radius"
 main: libdir = "/usr/local/lib"
 main: radacctdir = "/usr/local/var/log/radius/radacct"
 main: hostname_lookups = no
 main: snmp = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_file = "/usr/local/var/log/radius/radius.log"
 main: log_auth = no
 main: log_auth_badpass = no
 main: log_auth_goodpass = no
 main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
 main: user = "(null)"
 main: group = "(null)"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"
 main: checkrad = "/usr/local/sbin/checkrad"
 main: proxy_requests = yes
 proxy: retry_delay = 5
 proxy: retry_count = 3
 proxy: synchronous = no
 proxy: default_fallback = yes
 proxy: dead_time = 120
 proxy: post_proxy_authorize = no
 proxy: wake_all_if_all_dead = no
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
Using deprecated naslist file.  Support for this will go away soon.
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/local/lib
*** glibc detected *** double free or corruption (fasttop): 0x80104ee8
***
Aborted

I have seen this output in other emails in the list but they did'nt get
a reply.
Can anyone help me ? 



___ 
Yahoo! Messenger - with free PC-PC calling and photo sharing. 
http://uk.messenger.yahoo.com
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Help with freeradius 1.1.5

2007-03-12 Thread Alan DeKok 
adreas polyxronopoulos wrote:
> Hi list ,
> 
> I have ubuntu 6.06 LAM and i compile freeradius-1.1.5 . In compilation
> everthing was ok. But whe i ranning freeradius : radiusd -X i get the
> following output :
> 
> can anyone help me ? I don't understand what's happening.

  It looks like a bug.

  Can you run the server under valgrind?

$ valgrind --tool=memcheck --leak-check=full radiusd -X

  and post the output here.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius and vlan assignment

2007-03-12 Thread Bruno Mardirossian 

Hi, and thanks for your help.

What did you mean by " return a 'UPDATED' flag" ??

Bruno

2007/3/12, [EMAIL PROTECTED] <[EMAIL PROTECTED]>:


Hi,

> I tried to configure my users file like this :
> -
> testNasPort-Type == Ethernet
>Service-Type = Framed-User,
>Tunnel-Type +=13,
>Tunnel-Medium-Type =6,
>Tunnel-Private-Group-ID =2
> -


Tunnel-Medium-Type = "IEEE-802",
Tunnel-Type = "VLAN",
Tunnel-Private-Group-Id = "2"

this is a 'change this setting' type of return value rather
than a check and comparison version. it also avoids playing
with dictionary files etc - a plain method for your cisco kit.
you may also need to return a 'UPDATED' flag - these values
are much easier to return via eg rlm_perl than the users file
(or rlm_sql if you feel that way inclined too!)

alan

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: [Chillispot] Correction of Reply Messages

2007-03-12 Thread Alan DeKok 
[EMAIL PROTECTED] wrote:
> I think that this is a trivial bug:
...
> It sends reset parameter instead of (?)check name parameter in the reply.
> You should report it.

  The reset is often "monthly" or "daily", in which case the message
makes sense.

  Sending the check name wouldn't make sense, as it's internal to the
RADIUS server.

  Ideally, the message should be configurable.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Help with freeradius 1.1.5

2007-03-12 Thread adreas polyxronopoulos 

I tryied to run the server under the valgrid but it seems tha i don't
have valgrid here is the output:

[EMAIL PROTECTED]@dyndns:~# valgrind --tool=memcheck --leak-check=full
radiusd -X
bash: valgrind: command not found

Should i download it?

thanks for you help

On Mon, 2007-03-12 at 11:28 +0100, Alan DeKok wrote:
> adreas polyxronopoulos wrote:
> > Hi list ,
> > 
> > I have ubuntu 6.06 LAM and i compile freeradius-1.1.5 . In compilation
> > everthing was ok. But whe i ranning freeradius : radiusd -X i get the
> > following output :
> > 
> > can anyone help me ? I don't understand what's happening.
> 
>   It looks like a bug.
> 
>   Can you run the server under valgrind?
> 
> $ valgrind --tool=memcheck --leak-check=full radiusd -X
> 
>   and post the output here.
> 
>   Alan DeKok.
> --
>   http://deployingradius.com   - The web site of the book
>   http://deployingradius.com/blog/ - The blog
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



 
 
Yahoo! Photos is now offering a quality print service from just 7p a photo. 
http://uk.photos.yahoo.com
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Help with freeradius 1.1.5

2007-03-12 Thread Alan DeKok 
adreas polyxronopoulos wrote:
..
> bash: valgrind: command not found
> 
> Should i download it?

  Uh... yes?  It's in apt.   Just "apt-get install valgrind"

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Help with freeradius 1.1.5

2007-03-12 Thread adreas polyxronopoulos 
Ok i did it. Here is the output of: 


# valgrind --tool=memcheck --leak-check=full radiusd -X



==16101== Memcheck, a memory error detector.
==16101== Copyright (C) 2002-2005, and GNU GPL'd, by Julian Seward et
al.
==16101== Using LibVEX rev 1471, a library for dynamic binary
translation.
==16101== Copyright (C) 2004-2005, and GNU GPL'd, by OpenWorks LLP.
==16101== Using valgrind-3.1.0-Debian, a dynamic binary instrumentation
framework.
==16101== Copyright (C) 2000-2005, and GNU GPL'd, by Julian Seward et
al.
==16101== For more details, rerun with: -v
==16101==
Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /usr/local/etc/raddb/proxy.conf
Config:   including file: /usr/local/etc/raddb/clients.conf
Config:   including file: /usr/local/etc/raddb/snmp.conf
Config:   including file: /usr/local/etc/raddb/eap.conf
Config:   including file: /usr/local/etc/raddb/sql.conf
 main: prefix = "/usr/local"
 main: localstatedir = "/usr/local/var"
 main: logdir = "/usr/local/var/log/radius"
 main: libdir = "/usr/local/lib"
 main: radacctdir = "/usr/local/var/log/radius/radacct"
 main: hostname_lookups = no
 main: snmp = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_file = "/usr/local/var/log/radius/radius.log"
 main: log_auth = no
 main: log_auth_badpass = no
 main: log_auth_goodpass = no
 main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
 main: user = "(null)"
 main: group = "(null)"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"
 main: checkrad = "/usr/local/sbin/checkrad"
 main: proxy_requests = yes
 proxy: retry_delay = 5
 proxy: retry_count = 3
 proxy: synchronous = no
 proxy: default_fallback = yes
 proxy: dead_time = 120
 proxy: post_proxy_authorize = no
 proxy: wake_all_if_all_dead = no
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
==16038== Conditional jump or move depends on uninitialised value(s)
==16038==at 0x482A462: lrad_rand_seed (radius.c:2416)
==16038==by 0x4823032: my_dict_init (dict.c:1000)
==16038==by 0x4823E84: dict_init (dict.c:1246)
==16038==by 0xBCFC: read_radius_conf_file
(in /usr/local/sbin/radiusd)
==16038==by 0xBDEF: read_mainconfig (in /usr/local/sbin/radiusd)
==16038==by 0x10E24: main (in /usr/local/sbin/radiusd)
==16038==
==16038== Conditional jump or move depends on uninitialised value(s)
==16038==at 0x482A462: lrad_rand_seed (radius.c:2416)
==16038==by 0x4823032: my_dict_init (dict.c:1000)
==16038==by 0x4823130: my_dict_init (dict.c:1040)
==16038==by 0x4823E84: dict_init (dict.c:1246)
==16038==by 0xBCFC: read_radius_conf_file
(in /usr/local/sbin/radiusd)
==16038==by 0xBDEF: read_mainconfig (in /usr/local/sbin/radiusd)
==16038==by 0x10E24: main (in /usr/local/sbin/radiusd)
==16038==
==16038== Conditional jump or move depends on uninitialised value(s)
==16038==at 0x482A462: lrad_rand_seed (radius.c:2416)
==16038==by 0x4823032: my_dict_init (dict.c:1000)
==16038==by 0x4823130: my_dict_init (dict.c:1040)
==16038==by 0x4823130: my_dict_init (dict.c:1040)
==16038==by 0x4823E84: dict_init (dict.c:1246)
==16038==by 0xBCFC: read_radius_conf_file
(in /usr/local/sbin/radiusd)
==16038==by 0xBDEF: read_mainconfig (in /usr/local/sbin/radiusd)
==16038==by 0x10E24: main (in /usr/local/sbin/radiusd)
==16038==
==16038== Invalid read of size 4
==16038==at 0x4822448: dict_attr_value_cmp (dict.c:146)
==16038==by 0x48254D0: list_find (hash.c:193)
==16038==by 0x4825880: lrad_hash_table_find (hash.c:463)
==16038==by 0x48258C2: lrad_hash_table_replace (hash.c:476)
==16038==by 0x4822A04: dict_addattr (dict.c:518)
==16038==by 0x482332F: my_dict_init (dict.c:740)
==16038==by 0x4823130: my_dict_init (dict.c:1040)
==16038==by 0x4823130: my_dict_init (dict.c:1040)
==16038==by 0x4823E84: dict_init (dict.c:1246)
==16038==by 0xBCFC: read_radius_conf_file
(in /usr/local/sbin/radiusd)
==16038==by 0xBDEF: read_mainconfig (in /usr/local/sbin/radiusd)
==16038==by 0x10E24: main (in /usr/local/sbin/radiusd)
==16038==  Address 0x4CC32A8 is 40 bytes inside a block of size 60
free'd
==16038==at 0x481BFCF: free (vg_replace_malloc.c:235)
==16038==by 0x48258D7: lrad_hash_table_replace (hash.c:479)
==16038==by 0x48229EA: dict_addattr (dict.c:502)
==16038==by 0x482332F: my_dict_init (dict.c:740)
==16038==by 0x4823130: my_dict_init (dict.c:1040)
==16038==by 0x4823130: my_dict_init (dict.c:1040)
==16038==by 0x4823E84: dict_init (dict.c:1246)
==16038==by 0xBCFC: read_radius_conf_file
(in /usr/local/sbin/radiusd)
==16038==by 0xBDEF: read_mainconfig (in /usr/local/sbin/ra

Re: How to enable Freeradius to support a smart card with AES encryption algorithm?

2007-03-12 Thread yao guoxian 

Thanks,Alan.
   But I have a few questions.
   First, if I create a new attribute "My-Aes-Password" and include it in
the  Access-Requet packet, I should not include the attributes such as
"User-Password" or "Chap-Password".Is it right?
   For I have read RFC 2865, and gotten the message from page 64th as "[Note
1] An Access-Request MUST contain either a User-Password or a
CHAP-Password or State. An Access-Request MUST NOT contain both a
User-Password and a CHAP-Password. If future extensions allow other
kinds of authentication information to be conveyed, the attribute for
that can be used in an Access-Request instead of User-Password or
CHAP-Password.", I have this question.
   The second question is about how to write modules.Sorry to ask the same
question,but I want to verify my plan to see if it is pratical. The plan is
as follow: I dont amend the module  "rlm_chap" , I just copy all files in
the ./src/modules/rlm_chap/  to a new dictory "rlm_aes" and rename files
rlm_chap.* to rlm_aes.*. Then I edit rlm-chap.c to alter it  to  use  AES
to  analyze  the  request packet. Is it pratical?

2007/2/3, Alan DeKok <[EMAIL PROTECTED]>:


yao guoxian wrote:
> Second,suppose we have enabled the NAS(client) and Freeradius to support
> our specified attribute "My-Aes-Password" , how to write the new module
> to handle the attribute?

  See the examples & the documentation.  What about them is unclear?

>Third , how to enable Freeradius and Nas(client) to support our new
> attribute?Does it need to append the dictionary file a new entry?

  All of this is documented.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius and vlan assignment

2007-03-12 Thread A . L . M . Buxey 
Hi,

> Hi, and thanks for your help.
> 
> What did you mean by " return a 'UPDATED' flag" ??

eg with rlm_perl you set the return code to be RLM_MODULE_UPDATED
which notifies the server that everything is OK and that attribute
pairs have been modified. 

alan
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Support for EAP-AKA

2007-03-12 Thread awaneesh kumar 
HI,
   
  Does Freeradius 1.1.5 supports EAP-AKA? 
   
  Thanks
   

 
-
Sucker-punch spam with award-winning protection.
 Try the free Yahoo! Mail Beta.- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Support for EAP-AKA

2007-03-12 Thread Alan DeKok 
awaneesh kumar wrote:
> HI,
>  
> Does Freeradius 1.1.5 supports EAP-AKA?

  No.

  There is a patch.  See bugs.freeradius.org

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FR supported attributes

2007-03-12 Thread tnt 
Wired chilli? The makers say: "ChilliSpot is an open source captive
portal or wireless LAN access point controller. It is used for
authenticating users of a wireless LAN." Do you know something they
don't?

Expiration is an internal FreeRadius attribute - it doesn't go out in
radius packets. It is used to generate "real" radius attributes like
Session-Timeout. So NAS (Cisco, Chilli, Mickrotik, whatever) will never
"see" this attribute. None of them would know what to do with it if
they would recieve it.

Ivan Kalik
Kalik Informatika ISP


Dana 12/3/2007, "Internet-Wifi Operador" <[EMAIL PROTECTED]>
piše:

>Chillispot is a gateway, not matter if you passthrough with Wifi connection
>or wire connection, Chillispot not identify they.
>The litle diference is, if you use Expiration attribute Chillispot ignores
>it, so when the time is reach chillispot not logoff the user.
>
>So, you need send the correct reply for each gateway, switch or device that
>manage the connection because Freeradius not disconnect the users, this is a
>NAS job.
>
>
>
>Fabián
>
>
>
>
>
>>From: <[EMAIL PROTECTED]>
>>Reply-To: FreeRadius users mailing list
>>
>>To: "FreeRadius users mailing list" 
>>Subject: Re: FR supported attributes
>>Date: Sat, 10 Mar 2007 18:49:35 +0100
>>
>>There should be no difference in using Expiration and
>>WISPr-Session-Terminate-Time in this case. Expiration sets
>>Session-Timeout and ChilliSpot knows that one. The only difference is
>>that Expiration will work with wired connections too.
>>
>>Ivan Kalik
>>Kalik Informatika ISP
>>
>>
>>Dana 10/3/2007, "Internet-Wifi Operador" <[EMAIL PROTECTED]>
>>piše:
>>
>> >If you use Chillispot, put in your user
>> >Max-All-Session and WISPr-Session-Terminate-Time they work very good
>> >together
>> >
>> >because if you use Expire attribute the freeradius know it but chillispot
>> >no, so if the user try to connect after the Expire time the radius reject
>> >this connection, but i the user is connected and the chillispot don't
>>know
>> >the expire attribute so the connection continue.
>> >
>> >here is the suported attributes for the chillispot
>> >http://www.chillispot.org/features.html#mozTocId149863
>> >
>> >
>> >
>> >>From: PD <[EMAIL PROTECTED]>
>> >>Reply-To: FreeRadius users mailing list
>> >>
>> >>To: "FreeRadius users mailing list"
>>
>> >>Subject: Re: FR supported attributes
>> >>Date: Sat, 10 Mar 2007 03:46:50 +
>> >>
>> >>Unfortunatelly, I found the answer of the similar question.
>> >>
>> >>see
>> >>http://www.arcknowledge.com/gmane.comp.freeradius.user/2003-02/msg00671.html
>> >>
>> >>Well.. just to make sure, can Expiration attribute work together with
>> >>Max-All-Session attribute ?
>> >>
>> >>The case is suppose to create an account for 10 hours but only valid one
>> >>week after the creation date.
>> >>
>> >>TIA
>> >>
>> >>PD
>> >>On 3/10/2007, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:
>> >>
>> >> >Radius attributes - http://www.freeradius.org/rfc/attributes.html .
>> >> >
>> >> >You actually invent sqlcounter attributes yourself by making the
>> >> >appropriate SQL query.
>> >> >
>> >> >Ivan Kalik
>> >> >Kalik Informatika ISP
>> >> >
>> >>
>> >>-
>> >>List info/subscribe/unsubscribe? See
>> >>http://www.freeradius.org/list/users.html
>> >
>> >_
>> >Get a FREE Web site, company branded e-mail and more from Microsoft
>>Office
>> >Live! http://clk.atdmt.com/MRT/go/mcrssaub0050001411mrt/direct/01/
>> >
>> >-
>> >List info/subscribe/unsubscribe? See
>>http://www.freeradius.org/list/users.html
>> >
>> >
>>
>>-
>>List info/subscribe/unsubscribe? See
>>http://www.freeradius.org/list/users.html
>
>_
>Find a local pizza place, movie theater, and more….then map the best route!
>http://maps.live.com/?icid=hmtag1&FORM=MGAC01
>
>
>

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Default attributes

2007-03-12 Thread Norbert Wegener 
On different equipment the following profiles give me connections, that 
behave identically.

[EMAIL PROTECTED] Auth-Type := Local, User-Password == "12345"
   Service-Type = Framed-User,
  Framed-Protocol = PPP



[EMAIL PROTECTED] Auth-Type := Local, User-Password == "12345"
   Service-Type = Framed-User


[EMAIL PROTECTED] Auth-Type := Local, User-Password == "12345"


Are Service-Type = Framed-User and Framed-Protocol = PPP
defaults these days or do those connections work only  accidentally?

Thanks
Norbert Wegener






- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Default attributes

2007-03-12 Thread Alan DeKok 
Norbert Wegener wrote:
...
> Are Service-Type = Framed-User and Framed-Protocol = PPP
> defaults these days or do those connections work only  accidentally?

  It's up to the NAS.

  My guess is that the NAS vendors saw that too many people were
forgetting to set Service-Type = PPP, and decided to allow the
connection if the RADIUS server returned Access-Accept.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: checkrad not work with cisco VPDN

2007-03-12 Thread tnt 
This is how it should work:

setting Simultaneous-Use will produce a check in the database if the user
is online;
if the user is online according to database (end of story if nastype is
set to "other") checkrad is called to see if the NAS agrees
if user is not online according to NAS connection will be allowed,
otherwise rejected

You are getting SNMP error "noSuchName" which suggests that OID
1.3.6.1.4.1.9.2.9.2.1.18 is not correct for your router. This one comes
from OLD-CISCO-TS-MIB which might not be supported by your router. You
can probably contact Cisco and ask what OID should you use for your
router.

Ivan Kalik
Kalik Informatika ISP


Dana 12/3/2007, "satish patel" <[EMAIL PROTECTED]> piše:

>Dear sir
>
>  i have useing freeradius + cisco vpdn router but i have this 
> problem when i run checkrad manually
>
>[EMAIL PROTECTED] ~]# checkrad cisco 192.168.1.1 800 mlpm034 C555
>
>SNMP Error:
>Received SNMP response with error code
>  error status: noSuchName
>  index 1 (OID: 1.3.6.1.4.1.9.2.9.2.1.18.800)
>SNMPv1_Session (remote host: "192.168.1.1" [192.168.1.1].161)
>  community: "public"
> request ID: -91963655
>PDU bufsize: 8000 bytes
>timeout: 2s
>retries: 5
>backoff: 1)
> at /usr/local/sbin/checkrad line 221
>checkrad: No SNMP answer from cisco.
>
>
>what is this and when i check checkrad.log file i shown..
>
>snpwalk: /usr/bin/snmpwalk -r 1 -t 5 -v2c -c 'public' 192.168.1.1 
>.iso.org.dod.internet.private.enterprises.9.10.19.1.3.1.1.3
>  Returning 0 (login ok)
>Mon Mar 12 12:35:12 2007 checkrad cisco 192.168.1.1 800 mlpm034 C555
>No SNMP answer from cisco.
>  user at port S800:
>snpwalk: /usr/bin/snmpwalk -r 1 -t 5 -v2c -c 'public' 192.168.1.1 
>.iso.org.dod.internet.private.enterprises.9.10.19.1.3.1.1.3
>  Returning 0 (login ok)
>Mon Mar 12 12:35:33 2007 checkrad cisco 192.168.1.1 800 mlpm034 C555
>No SNMP answer from cisco.
>  user at port S800:
>snpwalk: /usr/bin/snmpwalk -r 1 -t 5 -v2c -c 'public' 192.168.1.1 
>.iso.org.dod.internet.private.enterprises.9.10.19.1.3.1.1.3
>  Returning 0 (login ok)
>
>
>what is this ??? why this thing happending is there any problem in my 
>configuration
>
>
>One more thing i want to say
>
>i dont know last time when i add simultaneouse-use attributes in sql database 
>not in /etc/raddb/users  file  so is it any issue
>
>is checkrad only read /etc/raddb/users file only or sql database 
>
>i am bit confusing in two thing SQL and users file what read by checkrad script
>
>
>
>
>
>
>$ cat ~/satish/url.txt
>
>System administrator ( Data Center )
>
>please visit this site
>
>http://linux.tulipit.com
>
>-
> Here’s a new way to find what you're looking for - Yahoo! Answers
>

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: [Chillispot] Correction of Reply Messages

2007-03-12 Thread tnt 
Oh, I see. So the script works as it should but the people complain that
the message doesn't sound  right when "never" is there. You could put
an if there to send the message without the parameter for "never" and
as it is for others, but if configurable message is in the pipeline it
probably isn't worth the bother.

Ivan Kalik
Kalik Informatika ISP


Dana 12/3/2007, "Alan DeKok" <[EMAIL PROTECTED]> piše:

>[EMAIL PROTECTED] wrote:
>> I think that this is a trivial bug:
>
>> It sends reset parameter instead of (?)check name parameter in the reply.
>> You should report it.
>
>  The reset is often "monthly" or "daily", in which case the message
>makes sense.
>
>  Sending the check name wouldn't make sense, as it's internal to the
>RADIUS server.
>
>  Ideally, the message should be configurable.
>
>  Alan DeKok.
>--
>  http://deployingradius.com   - The web site of the book
>  http://deployingradius.com/blog/ - The blog
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Oracle 10g

2007-03-12 Thread Andrea Gabellini 
Yasser,

are you using instantclient or the full installation? Which OS? With solaris 
and instant client I used:

CFLAGS="-I/usr/local/oracle/sdk/include" ./configure 
--with-oracle-home-dir=/usr/local/oracle 

/usr/local/oracle is my ORACLE_HOME, /usr/local/oracle is in my environment 
with crle (ld.config
under linux), and /usr/local/oracle/sdk/include is where header files resides.

Andrea


Yasser Awad wrote:
> Dear All,
> 
> I'm trying to use FreeRadius (Currently running 1.0.4) with Oracle 10g.
> When I built FreeRadius I got linking errors (I think they are because of
> the 64 bit libs I get with Oracle 10g).
> Now I want to build a 64 bit version of Radius, is this possible? did any
> one test this?
> 
> Waiting for you thoughts on this.
> 
> Yasser Awad
> 
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-- 

---
There are never enough hours in a day, but always too many days before Saturday.
---
Ing. Andrea Gabellini
Email: [EMAIL PROTECTED]
Tel: 0549 886111 (Italy)
Tel. +378 0549 886111 (International)

Telecom Italia San Marino S.p.A.
Strada degli Angariari, 3
47891 Rovereta
Republic of San Marino

http://www.omniway.sm  http://www.telecomitalia.sm
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

checkrad or sql base simultaneous-use

2007-03-12 Thread satish patel 
anyone help me please 

I have many problem for simultaneous login user problem i have freeradius-1.1.0 
with MSSQL with cisco VPDN configuration i dont know why simultaneous not 
working with checkrad script 

can u explain me i have confusen in radwho and checkrad command so checkrad 
command use radwho output   and what is sql base simultenoues detection if 
i enable sql in /etc/radb/radius.conf  in session part

like :-

Session {
 # radtump
 sql
}
 
what is the radutmp  and sql  if i use radutmp then checkrad call by radius or 
not i have confuseion in checkrad andsql   base simultenous use can u 
explain me 




$ cat ~/satish/url.txt

System administrator ( Data Center )

please visit this site

http://linux.tulipit.com   

-
 Here’s a new way to find what you're looking for - Yahoo! Answers - 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

checkrad snmp + cisco VPDN problem

2007-03-12 Thread satish patel 
Dear alll

I have problem last 2 month nobady give me solution of this error 
when i run checkrad manually i got this error

[EMAIL PROTECTED] satishp]# checkrad cisco 192.168.1.1 1034 mlpm542 999
SNMP Error:
Received SNMP response with error code
  error status: noSuchName
  index 1 (OID: 1.3.6.1.4.1.9.2.9.2.1.18.1034)
SNMPv1_Session (remote host: "192.168.1.1" [192.168.1.1].161)
  community: "public"
 request ID: 2076414691
PDU bufsize: 8000 bytes
timeout: 2s
retries: 5
backoff: 1)
 at /usr/local/sbin/checkrad line 221
checkrad: No SNMP answer from cisco.


what is this ??? Is this related to OID or somthing else and how do i check 
wheather checkrad call by radius everytime and is there nessesary to put passwd 
in naspass i have only define nastype = cisco  and empty naspassord file and 
some entry in naslist

nasspasswd

#203.172.90.118 !root TufFseCrET
#203.172.42.152 !root ToTaLCnTl
#192.168.1.1SNMPpublic


naslist
# NAS Name  Short Name  Type
#   --  
#portmaster1.isp.compm1.NY  livingston
#portmaster2.isp.compm1.LA  livingston
#localhost  local   portslave
192.168.1.1vpdncisco

this is my configuration i want to use checkrad then how do i check my checkrad 
working or now 



$ cat ~/satish/url.txt

System administrator ( Data Center )

please visit this site

http://linux.tulipit.com   

-
 Here’s a new way to find what you're looking for - Yahoo! Answers - 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

checkrad replace by other script

2007-03-12 Thread satish patel 
can i replace checkrad with another script 


$ cat ~/satish/url.txt

System administrator ( Data Center )

please visit this site

http://linux.tulipit.com   

-
 Here’s a new way to find what you're looking for - Yahoo! Answers - 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: checkrad or sql base simultaneous-use

2007-03-12 Thread tnt 
radwho lists online users according to radutmp
checkrad doesn't use radwho. It "asks" NAS if user so and so is on
port so and so with session ID so and so.
In session you choose if looking for online users will be done in
database or radutmp. checkrad will be called when online user is
detecded if you put "cisco" as nastype. If you put "other" it won't.

Ivan Kalik
Kalik Informatika ISP


Dana 12/3/2007, "satish patel" <[EMAIL PROTECTED]> piše:

>anyone help me please
>
>I have many problem for simultaneous login user problem i have 
>freeradius-1.1.0 with MSSQL with cisco VPDN configuration i dont know why 
>simultaneous not working with checkrad script
>
>can u explain me i have confusen in radwho and checkrad command so checkrad 
>command use radwho output   and what is sql base simultenoues detection if 
>i enable sql in /etc/radb/radius.conf  in session part
>
>like :-
>
>Session {
> # radtump
> sql
>}
>
>what is the radutmp  and sql  if i use radutmp then checkrad call by radius or 
>not i have confuseion in checkrad andsql   base simultenous use can u 
>explain me
>
>
>
>
>$ cat ~/satish/url.txt
>
>System administrator ( Data Center )
>
>please visit this site
>
>http://linux.tulipit.com
>
>-
> Here’s a new way to find what you're looking for - Yahoo! Answers
>

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Help with freeradius 1.1.5

2007-03-12 Thread Alan DeKok 
adreas polyxronopoulos wrote:
> Ok i did it. Here is the output of: 
...
> ==16038== Invalid read of size 4
> ==16038==at 0x4822448: dict_attr_value_cmp (dict.c:146)

  OK, that's a bug that I fixed recently in the CVS head, and I guess I
didn't back-port the patch to 1.1.5.  I've committed a fix to CVS under
"branch_1_1", so if you grab that, it should work.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: [Chillispot] Correction of Reply Messages

2007-03-12 Thread Internet-Wifi Operador 
I give to you a fast solution to show the message that you want, otherwise 
edit the module, rewrite and compile it.




Fabián






From: <[EMAIL PROTECTED]>
Reply-To: FreeRadius users mailing list 


To: "FreeRadius users mailing list" 
Subject: Re: [Chillispot] Correction of Reply Messages
Date: Mon, 12 Mar 2007 14:41:15 +0100

Oh, I see. So the script works as it should but the people complain that
the message doesn't sound  right when "never" is there. You could put
an if there to send the message without the parameter for "never" and
as it is for others, but if configurable message is in the pipeline it
probably isn't worth the bother.

Ivan Kalik
Kalik Informatika ISP


Dana 12/3/2007, "Alan DeKok" <[EMAIL PROTECTED]> pi¹e:

>[EMAIL PROTECTED] wrote:
>> I think that this is a trivial bug:
>
>> It sends reset parameter instead of (?)check name parameter in the 
reply.

>> You should report it.
>
>  The reset is often "monthly" or "daily", in which case the message
>makes sense.
>
>  Sending the check name wouldn't make sense, as it's internal to the
>RADIUS server.
>
>  Ideally, the message should be configurable.
>
>  Alan DeKok.
>--
>  http://deployingradius.com   - The web site of the book
>  http://deployingradius.com/blog/ - The blog
>-
>List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html

>
>

-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html


_
Get a FREE Web site, company branded e-mail and more from Microsoft Office 
Live! http://clk.atdmt.com/MRT/go/mcrssaub0050001411mrt/direct/01/


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Kreberos module config

2007-03-12 Thread John T. Guthrie 
Hello all,

I was just looking through the Kerberos code in rlm_krb5.c, and I found
this little code snippet:

static CONF_PARSER module_config[] = {
{ "keytab", PW_TYPE_STRING_PTR,
  offsetof(rlm_krb5_t,keytab), NULL, NULL },
{ "service_principal", PW_TYPE_STRING_PTR,
  offsetof(rlm_krb5_t,service_princ), NULL, NULL },
{ NULL, -1, 0, NULL, NULL }
};

Does this mean that the kerberos module can be configured with both a
keytab and a service principal?  (In which case, is the default service
principal the string "host"?)

Thanks.

-- 
John Guthrie
[EMAIL PROTECTED]
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FR supported attributes

2007-03-12 Thread Internet-Wifi Operador 

Chillispot is a "captive portal that's it"
You can use it with wired and wireless LAN. Check It!!!


Other point.
You right, Expiration is an Internal Freeradius Attribute, but by default 
only check if the expiration date < NOW(), so if user make a connection 1 
milisecond beford that expiration date, the connection is accepted and the 
user keep connected until it want.
Freeradius don´t generate Session-Timeout reply by default, so the nas don´t 
know when disconnect the user, if you use the correct reply message for the 
nas that manage the connection, the nas will disconnect the user when the 
timeout.



Do you know something I don't?<
I'm sure do you know something I don't, but I don't find more information 
about freeradius and I write on my experience.
I think the idea is put the system to work, because many people like me, 
need a fast solutions and don't have time to investigate or try find of 
perfection


Fabián Franzotti






From: <[EMAIL PROTECTED]>
Reply-To: FreeRadius users mailing list 


To: "FreeRadius users mailing list" 
Subject: Re: FR supported attributes
Date: Mon, 12 Mar 2007 14:04:25 +0100

Wired chilli? The makers say: "ChilliSpot is an open source captive
portal or wireless LAN access point controller. It is used for
authenticating users of a wireless LAN." Do you know something they
don't?

Expiration is an internal FreeRadius attribute - it doesn't go out in
radius packets. It is used to generate "real" radius attributes like
Session-Timeout. So NAS (Cisco, Chilli, Mickrotik, whatever) will never
"see" this attribute. None of them would know what to do with it if
they would recieve it.

Ivan Kalik
Kalik Informatika ISP


Dana 12/3/2007, "Internet-Wifi Operador" <[EMAIL PROTECTED]>
pi¹e:

>Chillispot is a gateway, not matter if you passthrough with Wifi 
connection

>or wire connection, Chillispot not identify they.
>The litle diference is, if you use Expiration attribute Chillispot 
ignores

>it, so when the time is reach chillispot not logoff the user.
>
>So, you need send the correct reply for each gateway, switch or device 
that
>manage the connection because Freeradius not disconnect the users, this 
is a

>NAS job.
>
>
>
>Fabián
>
>
>
>
>
>>From: <[EMAIL PROTECTED]>
>>Reply-To: FreeRadius users mailing list
>>
>>To: "FreeRadius users mailing list" 


>>Subject: Re: FR supported attributes
>>Date: Sat, 10 Mar 2007 18:49:35 +0100
>>
>>There should be no difference in using Expiration and
>>WISPr-Session-Terminate-Time in this case. Expiration sets
>>Session-Timeout and ChilliSpot knows that one. The only difference is
>>that Expiration will work with wired connections too.
>>
>>Ivan Kalik
>>Kalik Informatika ISP
>>
>>
>>Dana 10/3/2007, "Internet-Wifi Operador" <[EMAIL PROTECTED]>
>>pi¹e:
>>
>> >If you use Chillispot, put in your user
>> >Max-All-Session and WISPr-Session-Terminate-Time they work very good
>> >together
>> >
>> >because if you use Expire attribute the freeradius know it but 
chillispot
>> >no, so if the user try to connect after the Expire time the radius 
reject

>> >this connection, but i the user is connected and the chillispot don't
>>know
>> >the expire attribute so the connection continue.
>> >
>> >here is the suported attributes for the chillispot
>> >http://www.chillispot.org/features.html#mozTocId149863
>> >
>> >
>> >
>> >>From: PD <[EMAIL PROTECTED]>
>> >>Reply-To: FreeRadius users mailing list
>> >>
>> >>To: "FreeRadius users mailing list"
>>
>> >>Subject: Re: FR supported attributes
>> >>Date: Sat, 10 Mar 2007 03:46:50 +
>> >>
>> >>Unfortunatelly, I found the answer of the similar question.
>> >>
>> >>see
>> 
>>http://www.arcknowledge.com/gmane.comp.freeradius.user/2003-02/msg00671.html

>> >>
>> >>Well.. just to make sure, can Expiration attribute work together with
>> >>Max-All-Session attribute ?
>> >>
>> >>The case is suppose to create an account for 10 hours but only valid 
one

>> >>week after the creation date.
>> >>
>> >>TIA
>> >>
>> >>PD
>> >>On 3/10/2007, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:
>> >>
>> >> >Radius attributes - http://www.freeradius.org/rfc/attributes.html .
>> >> >
>> >> >You actually invent sqlcounter attributes yourself by making the
>> >> >appropriate SQL query.
>> >> >
>> >> >Ivan Kalik
>> >> >Kalik Informatika ISP
>> >> >
>> >>
>> >>-
>> >>List info/subscribe/unsubscribe? See
>> >>http://www.freeradius.org/list/users.html
>> >
>> >_
>> >Get a FREE Web site, company branded e-mail and more from Microsoft
>>Office
>> >Live! http://clk.atdmt.com/MRT/go/mcrssaub0050001411mrt/direct/01/
>> >
>> >-
>> >List info/subscribe/unsubscribe? See
>>http://www.freeradius.org/list/users.html
>> >
>> >
>>
>>-
>>List info/subscribe/unsubscribe? See
>>http://www.freeradius.org/list/users.html
>
>_
>Find a local pizza place, movie theater, and more….then map the best 
route!

>http://maps.live.co

Can compile FR 1.1.5 Mysql 5.0.33 on FC4

2007-03-12 Thread Jose Guevarra 

Hi,

I'm trying to install Freeradius 1.1.5 with MySQL 5.0.33 on fedora core 4.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Compile Freeradius 1.1.5 with MySQL 5.0.33 on fedora core 4

2007-03-12 Thread Jose Guevarra 

Hi,

I'm trying to install Freeradius 1.1.5 with MySQL 5.0.33 on fedora core 4.
I'm upgrading from FR1.1.1 with a standard mysql install.

My MySQL installation is in a non-standard place /srv/mysql5033

So I configure FR with these options

./configure --prefix=/srv/freeradius115 --with-mysql-dir=/srv/mysql5033/
--with-mysql-include-dir=/srv/mysql5033/include/mysql/
--with-mysql-lib-dir=/srv/mysql5033/lib/mysql/ --with-openssl

OUTPUT:

config.status: WARNING:  ./Make.inc.in seems to ignore the --datarootdir
setting
config.status: WARNING:  ./src/include/build-radpaths-h.in seems to ignore
the --datarootdir setting
configure: WARNING: iodbc headers not found.  Use
--with-iodbc-include-dir=.
configure: WARNING: sql submodule 'iodbc' disabled
checking for mysql_config... yes
checking for mysql_init in -lmysqlclient_r (using mysql_config)... no
configure: WARNING: mysql libraries not found. Use
--with-mysql-lib-dir=.
checking for mysql.h (using mysql_config)... yes
configure: WARNING: sql submodule 'mysql' disabled
configure: WARNING: silently not building rlm_sql_postgresql.
configure: WARNING: FAILURE: rlm_sql_postgresql requires:  libpq-fe.h libpq.
configure: WARNING: oracle headers not found.  Use
--with-oracle-home-dir=.
configure: WARNING: sql submodule 'oracle' disabled
configure: WARNING: unixODBC headers not found.  Use
--with-unixodbc-include-dir=.
configure: WARNING: sql submodule 'unixodbc' disabled

Am I missing iodbc-dev? My last installation didn't seem to need it.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: authenticating multiple modules?

2007-03-12 Thread Tim Tyler 
Ivan, or others,
   Ok, I can't seem to find documentation on 
this.  If I don't use the users file, I presume I 
should create the groups in the radiusd.conf 
file.  How does one create a group for Students 
and Staff (syntax)?  Can I assign Auth-Type = 
System for Staff and Auth-Type = LDAP for Staff 
and have a request against both groups?  Note, 
there is no way ahead of time to distinguish 
between a user that is staff or student.  So I 
need the solution to first check the system file and then check against ldap.
   Is there an example configuration somewhere I 
can follow that authenticates against a system file and ldap?

Tim


At 06:32 PM 3/9/2007, you wrote:
>Don't put Auth-Type in users file. Make groups Students nad Staff,
>assign users to them and put the Auth-Type you want for that group as
>group check item.
>
>Ivan Kalik
>Kalik Informatika ISP
>
>
>Dana 9/3/2007, "Tim Tyler" <[EMAIL PROTECTED]> pi¹e:
>
> >Freeradius experts,
> >I want to use one freeradius server to authenticate against a
> >system file for students and against ldap for faculty/staff.  I can
> >get the system file to work alone.  I can get the ldap module to work
> >alone.  But I can't seem to find a way to get both of them to work
> >together.  If I set DEFAULT Auth-Type = System in the users file, it
> >authenticates the system files.  If I set it to ldap, it
> >authenticates to ldap.  If I put both in the users file, it
> >authenticates ldap users only.  How do I allow both unix and ldap
> >modules to authenticate their respective users?   Note: users are
> >unique to each module.  A user in unix does 
> not exist in ldap and vice versa.
> >
> >
> >
> >Tim Tyler
> >Network Engineer - Beloit College
> >[EMAIL PROTECTED]
> >
> >
> >-
> >List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> >
> >
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Tim Tyler
Network Engineer - Beloit College
[EMAIL PROTECTED] 



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Ssl help

2007-03-12 Thread Hillary Marek 
 I am trying to set up a Fedora Core 6 computer as a FreeRadius Server.
It is currently running, and authenticating via mac address. I also want
to set the same computer up as a CA using openssl. When I run the CA
script, I get the following output:


CA certificate filename (or enter to create)

Making CA certificate ...
Generating a 1024 bit RSA private key
..++
..++
writing new private key to './CAtop/private/./cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a
DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-
Country Name (2 letter code) [US]:
State or Province Name (full name) [**]:
* []:
Organization Name (eg, company) [**]:
Organizational Unit Name (eg, section) [MIS]:
Hillary Marek []:
[EMAIL PROTECTED] []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/pki/tls/openssl.cnf
Enter pass phrase for ./CAtop/private/./cakey.pem:
I am unable to access the ../../CA/newcerts directory
../../CA/newcerts: No such file or directory

It seems to run finde until that last error. Any ideas?
All answers are appreciated.
Hazen Paper Company maintains and takes affirmative steps to protect and secure 
confidential, privileged, and proprietary information. If you have received 
such information in error, or information related to trademarks, or other 
confidential or proprietary information, Hazen Paper Company does not waive any 
claim it may have for such unintended delivery or damage arising from any use, 
copying, communication, transmission or failure to notify Hazen Paper Company 
of the error. Hazen Paper Company will exercise its rights against persons 
mistakenly or fraudulently communicating or receiving the above described or 
any other information not intended by Hazen Paper Company for transmittal by 
the Company. Although this email and any attachments are believed to be free of 
any virus or other defect that might affect any computer system into which it 
is received and opened, it is the responsibility of the recipient to ensure 
that it is virus free and no responsibility is accepted by !
 the Hazen Paper Company or its affiliates either jointly or severally, for any 
loss or damage arising in any way from its use.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

EAP-TTLS outer identity & accounting

2007-03-12 Thread Sam Schultz 
I'm currently using EAP-TTLS & PAP (via SecureW2) to authorize &
authenticate wireless clients against specific realms. Users are
able to authorize & authenticate properly, but the username in 
incoming accounting replies come in as 'anonymous@'.
I had this spitting out proper accounting information before,
and haven't changed any configuration options since putting it
into production. The only conclusions I can come up with are:

1) The access points are buggy (3com OfficeConnects)
2) FreeRADIUS doesn't keep track of connections properly -- either
   because it doesn't bother to replace anonymous entries with the
   previously seen identity for the given ID, or I haven't
   configured it to do so. 

I would be inclined to think it was the latter, except that the
configuration was working properly previously, and the
Accounting-Request packet itself contains [EMAIL PROTECTED] instead 
of the actual authenticated user.

Anyone have any suggestions, or can anyone at least point me to
any documentation on this?


Click for free info on online masters degrees and make $150K/ year
http://tagline.hushmail.com/fc/CAaCXv1S74pwqkZuxyoxY1QhnF9TgBDK/

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Can compile FR 1.1.5 Mysql 5.0.33 on FC4

2007-03-12 Thread A . L . M . Buxey 
Hi,
> Hi,
> 
> I'm trying to install Freeradius 1.1.5 with MySQL 5.0.33 on fedora core 4.

a little more info wouldnt go amiss!  such as - wheres your output log
from the failed compile?

alan
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

ldap groups + freeradius

2007-03-12 Thread Karen R McArthur 
I know this question has been asked many times before.  I have searched
the archives and I have tried what I've found there, but I can't seem to
get this working.

RedHat EL 4 (managed through RHN, so latest available versions)
freeradius-1.0.1-3
openldap-2.2.13-6

I have 4 NAS-IP-Addresses.

My users are split into 6 groups (some are in multiple groups): public,
faculty, staff, student, vpn, and admin.

I would like the users to get access to the NAS by virtue of being in a
group.

192.168.1.1
admin
192.168.1.2
vpn
192.168.1.3 & 192.168.1.4
faculty, staff, student & public

What steps do I need to follow to implement this?  I have tried many
combinations in "huntgroups", "users", and "radiusd.conf".

Any directions or urls to documentation would be appreciated.

Thank you.
-- 
Karen R. McArthur <[EMAIL PROTECTED]>
Systems Administrator
Information and Library Services, Bates College
Lewiston, Maine 04240 USA
ph:(207)786-8236   fax:(207)786-6057

*some ldif output**
dn: uid=user1,ou=People,dc=example,dc=com
objectClass: radiusprofile
radiusGroupName: staff
radiusGroupName: vpn
radiusGroupName: admin

dn: uid=user2,ou=People,dc=example,dc=com
objectClass: radiusprofile
radiusGroupName: student

dn: uid=user3,ou=People,dc=example,dc=com
objectClass: radiusprofile
radiusGroupName: faculty
radiusGroupName: vpn

dn: cn=vpn,ou=ldap-auth,dc=example,dc=com
objectClass: groupOfNames
cn: vpn
member: uid=user1,ou=People,dc=example,dc=com
member: uid=user3,ou=People,dc=example,dc=com

dn: cn=vpn,ou=profiles,ou=radius,ou=services,dc=example,dc=com
objectClass: radiusprofile
cn: vpn
radiusServiceType: Framed-User
radiusFramedProtocol: PPP
radiusFramedIPNetmask: 255.255.255.0
radiusFramedRouting: None

*** radiusd.conf 
ldap {
server = "ldap.example.com"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
basedn = "ou=People,dc=example,dc=com"
identity = "cn=lnxproxy,ou=LDAPauth,dc=example,dc=com"
password = itsasecret
start_tls = no
tls_cacertfile = /usr/share/ssl/certs/ca-cert.pem
tls_cacertdir = /usr/share/ssl/certs/
tls_certfile = /usr/share/ssl/certs/cert.pem
tls_keyfile = /usr/share/ssl/certs/key.pem
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
groupname_attribute = cn
groupmembership_filter = "(&(objectClass=GroupOfNames)(member=%{
Ldap-UserDn}))"
groupmembership_attribute = radiusGroupName
timeout = 4
timelimit = 3
net_timeout = 1
}

* users *
DEFAULT Auth-Type = LDAP Fall-Through = 1
DEFAULT Ldap-Group == "cn=vpn,ou=ldap-auth,dc=example,dc=com",
Fall-Through = no

** huntgroups **
admin NAS-IP-Address == 192.168.1.1
Session-Timeout = 60,
Idle-Timeout = 30,
Ldap-Group = admin

public NAS-IP-Address == 192.168.1.3
NAS-IP-Address == 192.168.1.4,
Idle-Timeout = 3600,
Ldap-Group = public,
Ldap-Group = faculty,
Ldap-Group = staff,
Ldap-Group = student

vpn NAS-IP-Address == 192.168.1.2
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Compile Freeradius 1.1.5 with MySQL 5.0.33 on fedora core 4

2007-03-12 Thread Jose Guevarra 

I tried without the terminating slash and the same errors occur.  The user
i'm compiling with has access to all those directories.

"./configure --help"  doesnt have all the mysql switches listed.  where can
I find all the configure options for mysql support in FR?

Thanks.

On 3/12/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:


Hi,

> ./configure --prefix=/srv/freeradius115 --with-mysql-dir=/srv/mysql5033/
> --with-mysql-include-dir=/srv/mysql5033/include/mysql/
> --with-mysql-lib-dir=/srv/mysql5033/lib/mysql/ --with-openssl

could you try without the terminating slash on the paths. also, are the
paths
readable by the user you are running ./configure as?

alan

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Can compile FR 1.1.5 Mysql 5.0.33 on FC4

2007-03-12 Thread Jose Guevarra 

Here's the most relevant parts of the log...

=
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking sys/mman.h usability... yes
checking sys/mman.h presence... yes
checking for sys/mman.h... yes
configure: creating ./config.status
config.status: creating Makefile
config.status: creating config.h
config.status: config.h is unchanged
=== configuring in src/modules/rlm_sql (/source/freeradius-1.1.5
/src/modules/rlm_sql)
configure: running /bin/sh ./configure --prefix=/srv/freeradius115
'--with-mysql-dir=/srv/mysql5033'
'--with-mysql-lib-dir=/srv/mysql5033/lib/mysql'
'--with-mysql-include-dir=/srv/mysql5033/include/mysql' '--with-openssl'
'--enable-ltdl-install=no' --cache-file=/dev/null --srcdir=.
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ANSI C... none needed
configure: creating ./config.status
config.status: creating ./Makefile
config.status: creating ./drivers/Makefile
configure: configuring in ./drivers/rlm_sql_iodbc
configure: running /bin/sh './configure' --prefix=/srv/freeradius115
'--prefix=/srv/freeradius115' '--with-mysql-dir=/srv/mysql5033'
'--with-mysql-lib-dir=/srv/mysql5033/lib/mysql'
'--with-mysql-include-dir=/srv/mysql5033/include/mysql' '--with-openssl'
'--enable-ltdl-install=no' '--cache-file=/dev/null' '--srcdir=.' 'CFLAGS=-g
-O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG'
--cache-file=/dev/null --srcdir=.
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ANSI C... none needed
checking how to run the C preprocessor... gcc -E
checking for isql.h... no
configure: WARNING: iodbc headers not found.  Use
--with-iodbc-include-dir=.
configure: WARNING: sql submodule 'iodbc' disabled
configure: creating ./config.status
config.status: creating Makefile
configure: configuring in ./drivers/rlm_sql_mysql
configure: running /bin/sh './configure' --prefix=/srv/freeradius115
'--prefix=/srv/freeradius115' '--with-mysql-dir=/srv/mysql5033'
'--with-mysql-lib-dir=/srv/mysql5033/lib/mysql'
'--with-mysql-include-dir=/srv/mysql5033/include/mysql' '--with-openssl'
'--enable-ltdl-install=no' '--cache-file=/dev/null' '--srcdir=.' 'CFLAGS=-g
-O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG'
--cache-file=/dev/null --srcdir=.
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ANSI C... none needed
checking for mysql_config... yes
checking for pthread_create in -lpthread... yes
checking for mysql_init in -lmysqlclient_r (using mysql_config)... no
checking for mysql_init in -lmysqlclient_r... no
configure: WARNING: mysql libraries not found. Use
--with-mysql-lib-dir=.
checking for mysql.h (using mysql_config)... yes
configure: WARNING: sql submodule 'mysql' disabled
configure: creating ./config.status
config.status: creating Makefile
config.status: creating config.h
config.status: config.h is unchanged
configure: configuring in ./drivers/rlm_sql_postgresql
configure: running /bin/sh './configure' --prefix=/srv/freeradius115
'--prefix=/srv/freeradius115' '--with-mysql-dir=/srv/mysql5033'
'--with-mysql-lib-dir=/srv/mysql5033/lib/mysql'
'--with-mysql-include-dir=/srv/mysql5033/include/mysql' '--with-openssl'
'--enable-ltdl-install=no' '--cache-file=/dev/null' '--srcdir=.' 'CFLAGS=-g
-O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG'
--cache-file=/dev/null --srcdir=.
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ANSI C... none needed
checking for libpq-fe.h... no
checking for PQconnectdb in -lpq... no
configure: WARNING: silently not building rlm_sql_postgresql.
configure: WARNING: FAILURE:

Re: Ssl help

2007-03-12 Thread John T. Guthrie 
On Mon, 2007-03-12 at 13:52 -0400, Hillary Marek wrote:
>  I am trying to set up a Fedora Core 6 computer as a FreeRadius Server.
> It is currently running, and authenticating via mac address. I also want
> to set the same computer up as a CA using openssl. When I run the CA
> script, I get the following output:
> 
> 
> CA certificate filename (or enter to create)
> 
> Making CA certificate ...
> Generating a 1024 bit RSA private key
> ..++
> ..++
> writing new private key to './CAtop/private/./cakey.pem'
> Enter PEM pass phrase:
> Verifying - Enter PEM pass phrase:
> -
> You are about to be asked to enter information that will be incorporated
> into your certificate request.
> What you are about to enter is what is called a Distinguished Name or a
> DN.
> There are quite a few fields but you can leave some blank
> For some fields there will be a default value,
> If you enter '.', the field will be left blank.
> -
> Country Name (2 letter code) [US]:
> State or Province Name (full name) [**]:
> * []:
> Organization Name (eg, company) [**]:
> Organizational Unit Name (eg, section) [MIS]:
> Hillary Marek []:
> [EMAIL PROTECTED] []:
> 
> Please enter the following 'extra' attributes
> to be sent with your certificate request
> A challenge password []:
> An optional company name []:
> Using configuration from /etc/pki/tls/openssl.cnf
> Enter pass phrase for ./CAtop/private/./cakey.pem:
> I am unable to access the ../../CA/newcerts directory
> ../../CA/newcerts: No such file or directory
> 
> It seems to run finde until that last error. Any ideas?
> All answers are appreciated.

By the CA script, I assume you are talking about the
script /etc/pki/tls/misc/CA, correct?  Whether you are using that or the
CA.pl script, both scripts make the assumption the the CA directory is
called ../../CA.  (Of course, that assumption only has a chance of being
true if you run the scripts from within the /etc/pki/tls/misc
directory.)  If you changed the dir variable in the openssl.cnf file,
then these things would be out of sync, which can cause problems.  It
looks like you might have change the dir variable to ./CAtop, is that
correct?  If so, then I think you need to change the CATOP variable in
the CA script to be the same thing.

-- 
John Guthrie
[EMAIL PROTECTED]
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Help with freeradius 1.1.5

2007-03-12 Thread adreas polyxronopoulos 
Thanks for your help Alan,

However i don't undestand what i have to do to fix this bug. Where can i
found the branch_1_1 and what should i do it? I have not done this
before

Thanks again

On Mon, 2007-03-12 at 16:23 +0100, Alan DeKok wrote:
> adreas polyxronopoulos wrote:
> > Ok i did it. Here is the output of: 
> ...
> > ==16038== Invalid read of size 4
> > ==16038==at 0x4822448: dict_attr_value_cmp (dict.c:146)
> 
>   OK, that's a bug that I fixed recently in the CVS head, and I guess I
> didn't back-port the patch to 1.1.5.  I've committed a fix to CVS under
> "branch_1_1", so if you grab that, it should work.
> 
>   Alan DeKok.
> --
>   http://deployingradius.com   - The web site of the book
>   http://deployingradius.com/blog/ - The blog
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



___ 
Inbox full of spam? Get leading spam protection and 1GB storage with All New 
Yahoo! Mail. http://uk.docs.yahoo.com/nowyoucan.html
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: authenticating multiple modules?

2007-03-12 Thread tnt 
Hi Tim,

No "others" so I'll try.

I assume that it should work like this:

DEFAULT   Auth-Type := System
 Fall-Through = Yes

DEFAULT   Auth-Type := LDAP

I think that users will be checked against the system first and if not
found against LDAP. Take this with a pinch of salt - I never used users
file, System or LDAP, only MySQL.

Ivan Kalik
Kalik Informatika ISP


Dana 12/3/2007, "Tim Tyler" <[EMAIL PROTECTED]> piše:

>Ivan, or others,
>   Ok, I can't seem to find documentation on 
>this.  If I don't use the users file, I presume I 
>should create the groups in the radiusd.conf 
>file.  How does one create a group for Students 
>and Staff (syntax)?  Can I assign Auth-Type = 
>System for Staff and Auth-Type = LDAP for Staff 
>and have a request against both groups?  Note, 
>there is no way ahead of time to distinguish 
>between a user that is staff or student.  So I 
>need the solution to first check the system file and then check against ldap.
>   Is there an example configuration somewhere I 
>can follow that authenticates against a system file and ldap?
>
>Tim
>
>
>At 06:32 PM 3/9/2007, you wrote:
>>Don't put Auth-Type in users file. Make groups Students nad Staff,
>>assign users to them and put the Auth-Type you want for that group as
>>group check item.
>>
>>Ivan Kalik
>>Kalik Informatika ISP
>>
>>
>>Dana 9/3/2007, "Tim Tyler" <[EMAIL PROTECTED]> piše:
>>
>> >Freeradius experts,
>> >I want to use one freeradius server to authenticate against a
>> >system file for students and against ldap for faculty/staff.  I can
>> >get the system file to work alone.  I can get the ldap module to work
>> >alone.  But I can't seem to find a way to get both of them to work
>> >together.  If I set DEFAULT Auth-Type = System in the users file, it
>> >authenticates the system files.  If I set it to ldap, it
>> >authenticates to ldap.  If I put both in the users file, it
>> >authenticates ldap users only.  How do I allow both unix and ldap
>> >modules to authenticate their respective users?   Note: users are
>> >unique to each module.  A user in unix does 
>> not exist in ldap and vice versa.
>> >
>> >
>> >
>> >Tim Tyler
>> >Network Engineer - Beloit College
>> >[EMAIL PROTECTED]
>> >
>> >
>> >-
>> >List info/subscribe/unsubscribe? See 
>> http://www.freeradius.org/list/users.html
>> >
>> >
>>
>>-
>>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>Tim Tyler
>Network Engineer - Beloit College
>[EMAIL PROTECTED] 
>
>
>
>- 
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Debian

2007-03-12 Thread Tas Dionisakos 
Hello All,

I just compiled radius and tried to create the deb packages using the 
method mentioned on the freeradius wiki.

When the process finishes the deb packages are version 1.1.3, is there a 
way of correcting this as apt gets confused?

Tas.

-- 
*
Tas Dionisakos
IT Manager
St Mary’s College and Newman College
The University of Melbourne
T: 03 9342 1708
M: 0439 655 565
E: [EMAIL PROTECTED]
C: (0o ()() o0)
*

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Kerberos module config

2007-03-12 Thread John T. Guthrie 
On Mon, 2007-03-12 at 12:45 -0400, John T. Guthrie wrote:
> Hello all,
> 
> I was just looking through the Kerberos code in rlm_krb5.c, and I found
> this little code snippet:
> 
> static CONF_PARSER module_config[] = {
> { "keytab", PW_TYPE_STRING_PTR,
>   offsetof(rlm_krb5_t,keytab), NULL, NULL },
> { "service_principal", PW_TYPE_STRING_PTR,
>   offsetof(rlm_krb5_t,service_princ), NULL, NULL },
> { NULL, -1, 0, NULL, NULL }
> };
> 
> Does this mean that the kerberos module can be configured with both a
> keytab and a service principal?  (In which case, is the default service
> principal the string "host"?)
> 
> Thanks.

Well, when all else fails, read the documentation.  I just checked the
wiki on the website, and it says that the answer to my question is yes.
However, I went ahead and wrote a patch to the radiusd.conf.in file in
the source code to add in ome documentation for configuring Kerberos.
Where would be the best place to post that patch.

Thanks.

-- 
John Guthrie
[EMAIL PROTECTED]
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: checkrad or sql base simultaneous-use

2007-03-12 Thread satish patel 
Tanks dear 


  But dear my problem is i am useing simultaneous-use with sql and it 
is working fine but my problem is users connect with NAS ( cisco vpdn ) but 
some user stuck in mssql database radacct tables means user connection error or 
any other error users got disconnect and then they try for login i got some log 

user already login   because in radacct table use AcctStopTime = 1/1/1900 thats 
why those user not able to login how can i automaticaly close this session is 
there any attribute which is automaticaly clear idle session one more thing i 
have set idle-timeout attributes but it's also not work ???  what is the 
problem of users stuck in database thats why i want to change my 
simultaneouse-use with checkrad script  is it solve by checkrad 
script.???



[EMAIL PROTECTED] wrote: radwho lists online users according to radutmp
checkrad doesn't use radwho. It "asks" NAS if user so and so is on
port so and so with session ID so and so.
In session you choose if looking for online users will be done in
database or radutmp. checkrad will be called when online user is
detecded if you put "cisco" as nastype. If you put "other" it won't.

Ivan Kalik
Kalik Informatika ISP


Dana 12/3/2007, "satish patel" 
 pi¹e:

>anyone help me please
>
>I have many problem for simultaneous login user problem i have 
>freeradius-1.1.0 with MSSQL with cisco VPDN configuration i dont know why 
>simultaneous not working with checkrad script
>
>can u explain me i have confusen in radwho and checkrad command so checkrad 
>command use radwho output   and what is sql base simultenoues detection if 
>i enable sql in /etc/radb/radius.conf  in session part
>
>like :-
>
>Session {
> # radtump
> sql
>}
>
>what is the radutmp  and sql  if i use radutmp then checkrad call by radius or 
>not i have confuseion in checkrad andsql   base simultenous use can u 
>explain me
>
>
>
>
>$ cat ~/satish/url.txt
>
>System administrator ( Data Center )
>
>please visit this site
>
>http://linux.tulipit.com
>
>-
> Here’s a new way to find what you're looking for - Yahoo! Answers
>

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



$ cat ~/satish/url.txt

System administrator ( Data Center )

please visit this site

http://linux.tulipit.com   

-
 Here’s a new way to find what you're looking for - Yahoo! Answers - 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Syntax error converting datetime from character string

2007-03-12 Thread satish patel 
Dear all 

 I have setup freeradius-1.1.0 with Cisco VPDN with MSSQL2000 but i 
got this error and my radius goes down 

Tue Mar 13 10:57:44 2007 : Error: rlm_sql_unixodbc: '22007 
[unixODBC][FreeTDS][SQL Server]Syntax error converting datetime from character 
string.'
Tue Mar 13 10:57:44 2007 : Error: rlm_sql (sql): Couldn't insert SQL accounting 
STOP record - 0

what is this ???  is this any bug or radiusd or mssql200 

can anybody explain me for this problem


$ cat ~/satish/url.txt

System administrator ( Data Center )

please visit this site

http://linux.tulipit.com   

-
 Here’s a new way to find what you're looking for - Yahoo! Answers - 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Syntax error converting datetime from character string

2007-03-12 Thread Cory Robson 
You will need to configure your sql server to store dates in unix format,
not having worked with mssql2000 for a while I couldn't tell you how to do
it but I'm betting that's where your problem is.

 

  _  

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of satish patel
Sent: Tuesday, 13 March 2007 3:11 PM
To: freeradius-users
Subject: Syntax error converting datetime from character string

 

Dear all 

 I have setup freeradius-1.1.0 with Cisco VPDN with MSSQL2000
but i got this error and my radius goes down 

Tue Mar 13 10:57:44 2007 : Error: rlm_sql_unixodbc: '22007
[unixODBC][FreeTDS][SQL Server]Syntax error converting datetime from
character string.'
Tue Mar 13 10:57:44 2007 : Error: rlm_sql (sql): Couldn't insert SQL
accounting STOP record - 0

what is this ???  is this any bug or radiusd or mssql200 

can anybody explain me for this problem


$ cat ~/satish/url.txt

System administrator ( Data Center )

please visit this site

http://linux.tulipit.com   

  

  _  


Here's a new way to find what you're looking for - Yahoo!

Answers 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Debian

2007-03-12 Thread Markus Krause 
Zitat von Tas Dionisakos <[EMAIL PROTECTED]>:
> Hello All,
>
> I just compiled radius and tried to create the deb packages using the
> method mentioned on the freeradius wiki.
>
> When the process finishes the deb packages are version 1.1.3, is there a
> way of correcting this as apt gets confused?

just edit debian/changelog, put a new version description at the  
beginning of the file, such as (from "freeradius ..." to the line  
containing the email address and date):

 start of debian/changelog
freeradius (1.1.5-0) unstable; urgency=low

* Added more dictionaries
* Dictionary files now MUST NOT be globally writable.
* Configuration files now MUST NOT be globally readable,
  or globally writable.
* Be more aggressive about freeing memory on clean exit.
  This helps track down run-time leaks.
* Updated rlm_python to something usable
* Added experimental sql "HPW" IPPools.


  -- Nicolas Baradakis <[EMAIL PROTECTED]>  Mon, 09 Mar  
2007 20:06:04 +0100
= end of example

this is only an example, the actual text is not so important, just the  
version number in brackets, and of course add _your_ email address!

regards
markus

+-+
| Markus Krause, Mogli-Soft   |
| Support for Mac OS X, Webmail/Horde, LDAP, RADIUS, MySQL|
| by order of the |
|Computing Center of the Max-Planck-Institute of Biochemistry |
+++
| E-Mail: [EMAIL PROTECTED]  |  Tel.: 089 - 89 40 85 99   |
| [EMAIL PROTECTED]  |  Fax.: 089 - 89 40 85 98   |
|  Skype: markus.krause  | iChat: [EMAIL PROTECTED]   |
+++



--
  This message was sent using https://webmail2.biochem.mpg.de
If you encounter any problems please report to [EMAIL PROTECTED]



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html