How to re-forward a request rejected by one proxy server to another proxy server?

[Clark J. Wang]

I configuired two proxy servers `radius1' and `radius2' for realm `foo.com'
in file `proxy.conf'. And I want those requests rejected by `radius1' to be
re-forwarded to `radius2'. How can I do that?

Thanks.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Wiki

[Peter Nixon]

On Fri 25 May 2007, Doug Hardie wrote:
> > I have disabled the front page's protection (for the time being). I
> > previously turned it on because we were getting too much spam.
>
> I should be done with the front page.  Some of the lower pages may
> need some tweaking.  The information is all there, but perhaps it
> could use some more explanation.  I'll need to think about that more
> later.
>
> There are 2 existing pages that appear to me to be questions more
> appropriate for the maillist rather than the wiki:
>
>   Lt preloaded symbols
>   How to configure a user must access from a NAS-Identifier
>
> I have not referenced them.
>
> There are 4 existing pages that I have not figured out how to
> categorize yet.  I know they fit in, I just didn't see where on a
> quick review:
>
>   IP-Pool
>   Ippool
>   Ippool and radius clients
>   Ippool config

They may need consolidating/rewriting to fit in better...

Cheers

-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_sql: processing radcheck & radgroupcheck

[Peter Nixon]

On Fri 25 May 2007, Milan Holub wrote:
> Hi All,
>
> On Thu, Apr 12, 2007 at 12:00:26PM +0200, Milan Holub wrote:
> > Here is my patch which enables read_groups option and targets the issue
> > above(rejects user immediately if it's found that the radcheck failed):
>
> ==> it looks like nobody was interested... but anyway the patch
> contained a bug, it did not release the sql socket when the user typed
> in wrong password which has led to slower "DB handlers dying" (posted by
> me to another thread)
> Thus if someone interested here is a correct patch:
>
>
> Index: src/modules/rlm_sql/rlm_sql.c
> ===
> RCS file: /source/radiusd/src/modules/rlm_sql/rlm_sql.c,v
> retrieving revision 1.169
> diff -u -r1.169 rlm_sql.c
> --- src/modules/rlm_sql/rlm_sql.c   15 May 2007 10:10:35 - 
> 1.169 +++ src/modules/rlm_sql/rlm_sql.c   25 May 2007 12:33:59 -
> @@ -57,6 +57,8 @@
>  offsetof(SQL_CONFIG,tracefile), NULL, SQLTRACEFILE},
> {"readclients", PW_TYPE_BOOLEAN,
>  offsetof(SQL_CONFIG,do_clients), NULL, "no"},
> +   {"read_groups", PW_TYPE_BOOLEAN,
> +offsetof(SQL_CONFIG,read_groups), NULL, "yes"},
> {"deletestalesessions", PW_TYPE_BOOLEAN,
>  offsetof(SQL_CONFIG,deletestalesessions), NULL, "yes"},
> {"num_sql_socks", PW_TYPE_INTEGER,
> @@ -638,6 +640,11 @@
> /*
>  *  Only do this if *some* check pairs were
> returned */
> +   DEBUG2("rlm_sql (%s):  check items",
> inst->config->xlat_name); +   vp_listdebug(check_tmp);
> +   DEBUG2("rlm_sql (%s):  items found in packet",
> inst->config->xlat_name); +  
> vp_listdebug(request->packet->vps);
> +
> if (paircompare(request, request->packet->vps,
> check_tmp, &request->reply->vps) == 0) { found = 1;
> DEBUG2("rlm_sql (%s): User found in group
> %s", @@ -960,6 +967,12 @@
> dofallthrough = fallthrough(reply_tmp);
> pairxlatmove(request, &request->reply->vps,
> &reply_tmp); pairxlatmove(request, &request->config_items, &check_tmp); + 
>  } else {
> +   /*
> +*  check items did not match; do not process
> groups; return REJECT immediately +*/
> +   sql_release_socket(inst, sqlsocket);
> +   return RLM_MODULE_REJECT;
> }
> }


Please put it in the bug tracker

-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius crash

[Doug Hardie]

I think I may have found the cause of my crashes.  One of the proxy  
servers or NASs is occasionally sending me an incorrectly formatted  
authentication request.  I have not been able to capture the entire  
packet yet but I did manage to log part of the last one just as the  
crash occurred and the part that was successfully flushed out of the  
buffers before the seg fault is definitely corrupt.  Because my  
secondary server only handles requests when the primary is down, I  
can set it to capture all the packets.  However, I am going to have  
to wait till I can upgrade its OS.  Its also our news server and  
upgrading that is always a large pain.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Wiki

[Doug Hardie]

> I have disabled the front page's protection (for the time being). I
> previously turned it on because we were getting too much spam.

I should be done with the front page.  Some of the lower pages may  
need some tweaking.  The information is all there, but perhaps it  
could use some more explanation.  I'll need to think about that more  
later.

There are 2 existing pages that appear to me to be questions more  
appropriate for the maillist rather than the wiki:

Lt preloaded symbols
How to configure a user must access from a NAS-Identifier

I have not referenced them.

There are 4 existing pages that I have not figured out how to  
categorize yet.  I know they fit in, I just didn't see where on a  
quick review:

IP-Pool
Ippool
Ippool and radius clients
Ippool config

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Wiki

[Arran Cudbard-Bell]

Kevin Bonner wrote:
> On Friday 25 May 2007 04:11:24 Arran Cudbard-Bell wrote:
>> Now which bloody wiki are you using, so I can look up the formatting
>> rules :)
> 
> http://wiki.freeradius.org/Special:Version says MediaWiki: 1.8.2.
> 
> -Kevin
> 
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Ahh , thanks :)

-- 
Arran Cudbard-Bell ([EMAIL PROTECTED])
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Wiki

[Kevin Bonner]

On Friday 25 May 2007 04:11:24 Arran Cudbard-Bell wrote:
> Now which bloody wiki are you using, so I can look up the formatting
> rules :)

http://wiki.freeradius.org/Special:Version says MediaWiki: 1.8.2.

-Kevin


pgpd5qhwcXFFw.pgp
Description: PGP signature
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

FYI : My workaround for freeradius not sending back an Access-Reject on a failed external script

[Patric]

Hey guys,

Thought it might interest some of you as to how I worked around the 
problem where freeradius does not return an Access-Reject if my php 
script does not exit successfully (in my case because a user should be 
rejected).

The original code that checks the exit status of the script is this :

src/modules/rlm_exec/rlm_exec.c :

/*
 *  Dispatch an exec method
 */
static int exec_dispatch(void *instance, REQUEST *request)
{
...
if (result != 0) {
radlog(L_ERR, "rlm_exec (%s): External script failed",
   inst->xlat_name);
return RLM_MODULE_FAIL;
}
...
return RLM_MODULE_OK;
}

So basically if my script does not return 0, it failed, regardless of 
its exit status.
According to the RLM_MODULE_* definitions :

enum {
RLM_MODULE_REJECT,  /* 0 - immediately reject the request */
RLM_MODULE_FAIL,/* 1 - module failed, don't reply */
RLM_MODULE_OK,  /* 2 - the module is OK, continue */
RLM_MODULE_HANDLED, /* 3 - the module handled the request, 
so stop. */
RLM_MODULE_INVALID, /* 4 - the module considers the request 
invalid. */
RLM_MODULE_USERLOCK,/* 5 - reject the request (user is 
locked out) */
RLM_MODULE_NOTFOUND,/* 6 - user not found */
RLM_MODULE_NOOP,/* 7 - module succeeded without doing 
anything */
RLM_MODULE_UPDATED, /* 8 - OK (pairs modified) */
RLM_MODULE_NUMCODES /* 9 - How many return codes there are */
};

So if I wanted to authenticate a user I should *actually* be returning 2.
If I wanted to *reject* the user I should be returning 0.

But according to the code above if I return 2 the external script 
failed, and if I return 0, the external script was successful and my 
user is authenticated successfully.

This is how I changed the logic :

I *removed* :
...
if (result != 0) {
radlog(L_ERR, "rlm_exec (%s): External script failed",
   inst->xlat_name);
return RLM_MODULE_FAIL;
}
...

And replaced it with :

...
switch (result) {
case 0: // Rejected
return RLM_MODULE_REJECT;
break;
case 1: // Failed
return RLM_MODULE_FAIL;
break;
case 2: // OK
break;
case 3: // Handled
return RLM_MODULE_HANDLED;
break;
case 4: // Invalid
return RLM_MODULE_INVALID;
break;
case 5: // UserLock
return RLM_MODULE_USERLOCK;
break;
case 6: // Not Found
return RLM_MODULE_NOTFOUND;
break;
case 7: // No Op
return RLM_MODULE_NOOP;
break;
case 8: // Updated
return RLM_MODULE_UPDATED;
break;
case 9: // Num Codes
return RLM_MODULE_NUMCODES;
break;
default: // Fail
return RLM_MODULE_FAIL;
break;
}
...

In this way, if the result is 2 (user is OK), the process will drop out 
of the switch statement, and process the original code for handling a 
successful authentication.

Now in my external script I can do :

exit(2); --> User was accepted.

OR

exit(0); --> User was rejected.


I realise that this is a bit of a contradiction for the external script, 
because for a reject it is exiting successfully, and for a successful 
authentication it is in fact failing with exit code 2. BUT in this way I 
can use the codes determined by freeradius in my external script.

I do not think that this is the actual bug that Alan refered to, but it 
was a problem in my case.
The original code is actually correct in that the external script *did* 
fail, but it was ignoring the exit code to determine what action to take.


I believe that the actual bug is that freeradius does not return a reply 
to the authentication request if the status is set to RLM_MODULE_FAIL.
 From what I could tell the only time that freeradius replies to a 
request is if the status is RLM_MODULE_OK, or RLM_MODULE_REJECT and 
possibly RLM_MODULE_USERLOCK.


I hope that this is understandable, I have the whole scenario in my head 
but its a bit difficult to verbalise...
Please advise if any of my presumptions or understandings are incorrect, 
as I am happy to learn!

Thanks for all your responses to my questions, Im back on track now!

Patrick

--
Get a free email address with REAL anti-spam protection.
http://www.bluebottle.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius-Proxied-To, radrelay and 2.0

[Milan Holub]

Hi Alan&others,

On Mon, May 21, 2007 at 04:57:51PM +0200, Alan Dekok wrote:
> > What I'm trying to achieve actually is freeradius 2.0 + radrelay(using
> > binary from 1.1.6) and above is the "show stopper":(
> > 
> > Any advise?
> 
>   The radrelay functionality in 2.0 doesn't yet work properly.  This was
> acknowledged in the announcement.

==> finally I came to the workaround where all accounting requests comming
from certain IP(server where radrelay is running on detail file) are
explicitly set to be proxied to realm LOCAL
==> this is ensured by following acct_users entry:
DEFAULT Packet-Src-IP-Address == "", Proxy-To-Realm :=
LOCAL

Firstly I wanted to put the entry into preproxy_users where it did not
work properly: I could see that the realm was set correctly to "LOCAL"
but at the same time there was an attempt to send the packet to remote
home_server:
Proxying request 0 to realm LOCAL, home server 
port 1813

Is this a bug with "preproxy_users" or it's just a feature?

Milan Holub
holub (at) thenet (dot) ch

--
 TheNet-Internet Services AG,
 im Bernertechnopark, Morgenstr. 129
 CH-3018, Bern, Switzerland
 031 998 4333, Fax 031 998 4330
 http://www.thenet.ch
 http://wlan.thenet.ch
--

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Bug 233 and 234 - only match one huntgroup per nas

[Walt Reynolds]

I have looked at both of these bugs and am not sure I understand the 
programming, but I do understand that there seemed to be simple 
solutions to allowing a NAS to be in more than one huntgroup.  One had a 
patch attached and the other mentions a section that needed to be 
re-added from a previous version.

Neither bug has had any activity since 2005.  Is this still something 
that has not been fixed, or are the fixes in the newer versions that I 
do not see (nothing in changelog either).

If the answer is that it is still not fixed, what is the possibility of 
getting this resolved?  Thanks.

-- 
Walt Reynolds
Principal Systems Security Development Engineer
Information Technology Central Services
University of Michigan
(734) 615-9438
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Authenticating many devices using one attribute

[A . L . M . Buxey]

Hi,

> We're hoping to begin using radius to authenticate logins to our Cisco
> routers and
> Cisco switches.  Currently, we're going to start with a group of core
> routers, but
> would like to make all of our switches authenticate to radius.  Being the
> networking
> group for the University, our switches are located on many different
> networks all over
> campus, and we have ~900.
> 
> We currently use our radius server to authenticate other services such as
> modems and
> the VPN.  I'm looking for a radius configuration that's as compact as
> possible;
> obviously, when dealing with 900+ devices, using individual ips isn't ideal.

a few ways.

i'd assume the switches have static addresses and are on similar subnets...
in which case you can use in your clients.conf file such identities...

client 192.168.10.0/23{
blah
blah
}

you could also put them into SQL (eg NAS table) either each or per subnet
id. you could then use this table to assign the reply attributes
or put the switch details into the SQL group-reply table. for compact
config you could then use either the SQL to check user and NAS-IP-Address
or PERL/PHP to do similar. either way, the config will grow slightly
and you may need to change the logicafter all, those people who are
valid to use modem and VPN are probably not all valid to just log into
switches!

alan 
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius-Proxied-To, radrelay and 2.0

[Milan Holub]

Hi Alan&others,

On Mon, May 21, 2007 at 04:57:51PM +0200, Alan Dekok wrote:
> Milan Holub wrote:
> > I wonder whether there is any use for Freeradius-Proxied-To attribute
> > with freeradius 2.0.
> 
>   It should be there for backwards compatibility, but there are likely
> better ways of achieving the same result.
> 
> > Now when I'm relaying some accounting packets to my freeradius server
> > using radrelay binary from 1.1.6 and there is a packet which has
> > already "Freeradius-Proxied-To" attribute set then freeradius 2.0(cvs head)
> > just ignores it and tries to proxy the packet to remote home server.
> 
>   See src/modules/rlm_realm/rlm_realm.c  That code needs to be fixed.
> 
> > Would it be possible that 2.0 also honors the Freeradius-Proxied-To
> > attribute as in 1.X?
> 
>   That *is* the idea.
> 

==> my humble attempt to add the backwards compatibility for
Freeradius-Proxied-To attribute:

Index: src/modules/rlm_realm/rlm_realm.c
===
RCS file: /source/radiusd/src/modules/rlm_realm/rlm_realm.c,v
retrieving revision 1.66
diff -u -r1.66 rlm_realm.c
--- src/modules/rlm_realm/rlm_realm.c   20 Apr 2007 14:31:30 -  1.66
+++ src/modules/rlm_realm/rlm_realm.c   25 May 2007 12:48:08 -
@@ -64,6 +64,7 @@
char *ptr;
VALUE_PAIR *vp;
REALM *realm;
+   lrad_ipaddr_t my_ipaddr;

 struct realm_config_t *inst = instance;

@@ -241,12 +242,18 @@
 */
vp = pairfind(request->packet->vps, PW_FREERADIUS_PROXIED_TO);
if (vp) {
-#if 0
/*
 *  FIXME: HOME SERVER
 *
 *  What the heck is this code doing, and why?
 */
+   my_ipaddr.af = AF_INET;
+   my_ipaddr.ipaddr.ip4addr = vp->data.ipaddr;
+   if (home_server_find(&my_ipaddr, request->packet->dst_port)) {
+   DEBUG2("rlm_realm: Request not proxied due to 
Freeradius-Proxied-To");
+   return 0;
+   }
+#if 0

if (request->packet->code == PW_AUTHENTICATION_REQUEST &&
vp->vp_ipaddr == 
realm->home_auth->ipaddr.ipaddr.ip4addr.s_addr) {


==> I works for me well(incomming accounting/authorization packet containing
Freeradius-Proxied-To is no more sent to IP present as a value of the
attribute); this might not work for home servers which listen on
non-standard ports(due to dst_port passed in to home_server_find
function)

==> the patch might be useful for setups where you have some home_servers
already FR 2.0 but but some of them still FR 1.X

==> could you comment, Alan?


Milan Holub
holub (at) thenet (dot) ch

--
 TheNet-Internet Services AG,
 im Bernertechnopark, Morgenstr. 129
 CH-3018, Bern, Switzerland
 031 998 4333, Fax 031 998 4330
 http://www.thenet.ch
 http://wlan.thenet.ch
--
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Authenticating many devices using one attribute

[Brian Johnson]

Hello --


We're hoping to begin using radius to authenticate logins to our Cisco
routers and
Cisco switches.  Currently, we're going to start with a group of core
routers, but
would like to make all of our switches authenticate to radius.  Being the
networking
group for the University, our switches are located on many different
networks all over
campus, and we have ~900.

We currently use our radius server to authenticate other services such as
modems and
the VPN.  I'm looking for a radius configuration that's as compact as
possible;
obviously, when dealing with 900+ devices, using individual ips isn't ideal.

Thank you for your help.

Brian

--
Brian Johnson
"And I will be even more undignified than this, and will be humble in my own
sight." (2 Samuel 6:22)
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius-Proxied-To, radrelay and 2.0

[Alan Dekok]

Milan Holub wrote:
> ==> my humble attempt to add the backwards compatibility for
> Freeradius-Proxied-To attribute:

  In 2.0.0, the "detail" file reader looks for Packet-Src-IP-Address &&
Packet-Dst-IP-Address.  The "detail" module needs to write these, too.

  Then, the "realm" module needs to be updated to suppress proxying when:

request->packet->src_ipaddr == request->home->ipaddr &&
request->packet->src_port == request->home->port

  This makes the FreeRADIUS-Proxied-To attribute (mostly) redundant.  It
 will work easily for 2 servers.  For more than 2, the configuration
should be set up as:

  1 -> 2
  1 -> 3
  2 -> 1
  3 -> 1

  Requests from '2' will reach '3' through '1', and there's no loop.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: 2.0.0-pre1 compile problem on ubuntu

[Kostas Zorbadelos]

On Fri, May 25, 2007 at 02:27:48PM +0200, Alan Dekok wrote:
> Norbert Wegener wrote:
> > on an ubuntu 6.06 configure does not show an error with  2.0.0-pre1.
> ...
> > /home/norbert/Desktop/freeradius-server-2.0.0-pre1/src/lib/.libs/libradius.so
> >  
> > -L/usr/local/lib /usr/lib/perl/5.8/auto/DynaLoader/DynaLoader.a 
> > -L/usr/lib/perl/5.8/CORE -lperl -ldl -lm -lc -lcrypt -lnsl -lresolv 
> > -lpthread  -Wl,-E -Wl,-soname -Wl,rlm_perl-2.0.0-pre1.so -o 
> > .libs/rlm_perl-2.0.0-pre1.so^M
> > /usr/bin/ld: cannot find -lperl^M
> 
>   I see it, too.  I think it's because Dynloader is a static library, so
> libtool is looking for libperl.a, not libperl.so.
> 

This is because libpersl.so exists in the libperl-dev package. This is
standard Debian practice. 

>   But I really don't know.  Did I mention I hate libtool?
> 
>   Alan DeKok.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_sql: processing radcheck & radgroupcheck

[Milan Holub]

Hi All,

On Thu, Apr 12, 2007 at 12:00:26PM +0200, Milan Holub wrote:
> Here is my patch which enables read_groups option and targets the issue
> above(rejects user immediately if it's found that the radcheck failed):
> 
==> it looks like nobody was interested... but anyway the patch
contained a bug, it did not release the sql socket when the user typed
in wrong password which has led to slower "DB handlers dying" (posted by
me to another thread)
Thus if someone interested here is a correct patch:


Index: src/modules/rlm_sql/rlm_sql.c
===
RCS file: /source/radiusd/src/modules/rlm_sql/rlm_sql.c,v
retrieving revision 1.169
diff -u -r1.169 rlm_sql.c
--- src/modules/rlm_sql/rlm_sql.c   15 May 2007 10:10:35 -  1.169
+++ src/modules/rlm_sql/rlm_sql.c   25 May 2007 12:33:59 -
@@ -57,6 +57,8 @@
 offsetof(SQL_CONFIG,tracefile), NULL, SQLTRACEFILE},
{"readclients", PW_TYPE_BOOLEAN,
 offsetof(SQL_CONFIG,do_clients), NULL, "no"},
+   {"read_groups", PW_TYPE_BOOLEAN,
+offsetof(SQL_CONFIG,read_groups), NULL, "yes"},
{"deletestalesessions", PW_TYPE_BOOLEAN,
 offsetof(SQL_CONFIG,deletestalesessions), NULL, "yes"},
{"num_sql_socks", PW_TYPE_INTEGER,
@@ -638,6 +640,11 @@
/*
 *  Only do this if *some* check pairs were returned
 */
+   DEBUG2("rlm_sql (%s):  check items", 
inst->config->xlat_name);
+   vp_listdebug(check_tmp);
+   DEBUG2("rlm_sql (%s):  items found in packet", 
inst->config->xlat_name);
+   vp_listdebug(request->packet->vps);
+
if (paircompare(request, request->packet->vps, 
check_tmp, &request->reply->vps) == 0) {
found = 1;
DEBUG2("rlm_sql (%s): User found in group %s",
@@ -960,6 +967,12 @@
dofallthrough = fallthrough(reply_tmp);
pairxlatmove(request, &request->reply->vps, &reply_tmp);
pairxlatmove(request, &request->config_items, 
&check_tmp);
+   } else {
+   /*
+*  check items did not match; do not process 
groups; return REJECT immediately
+*/
+   sql_release_socket(inst, sqlsocket);
+   return RLM_MODULE_REJECT;
}
}




Milan Holub
holub (at) thenet (dot) ch

--
 TheNet-Internet Services AG,
 im Bernertechnopark, Morgenstr. 129
 CH-3018, Bern, Switzerland
 031 998 4333, Fax 031 998 4330
 http://www.thenet.ch
 http://wlan.thenet.ch
--
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: DB handles dying slowly

[Milan Holub]

Hi Alan,

On Wed, May 16, 2007 at 03:38:27PM +0200, Milan Holub wrote:
> ==> only during (re)-start I'm getting following message:
> ERROR: Cannot find a configuration entry for module "sql_restart".

==> with latest CVS head the garbage ERROR message is no more present

thanks:)

Milan Holub
holub (at) thenet (dot) ch

--
 TheNet-Internet Services AG,
 im Bernertechnopark, Morgenstr. 129
 CH-3018, Bern, Switzerland
 031 998 4333, Fax 031 998 4330
 http://www.thenet.ch
 http://wlan.thenet.ch
--



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: 2.0.0-pre1 compile problem on ubuntu

[Alan Dekok]

Norbert Wegener wrote:
> on an ubuntu 6.06 configure does not show an error with  2.0.0-pre1.
...
> /home/norbert/Desktop/freeradius-server-2.0.0-pre1/src/lib/.libs/libradius.so 
> -L/usr/local/lib /usr/lib/perl/5.8/auto/DynaLoader/DynaLoader.a 
> -L/usr/lib/perl/5.8/CORE -lperl -ldl -lm -lc -lcrypt -lnsl -lresolv 
> -lpthread  -Wl,-E -Wl,-soname -Wl,rlm_perl-2.0.0-pre1.so -o 
> .libs/rlm_perl-2.0.0-pre1.so^M
> /usr/bin/ld: cannot find -lperl^M

  I see it, too.  I think it's because Dynloader is a static library, so
libtool is looking for libperl.a, not libperl.so.

  But I really don't know.  Did I mention I hate libtool?

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: missing entry for evaluate.c in Makefile.in

[Alan Dekok]

Milan Holub wrote:
> Hi Alan,
> I just compiled cvs head and it fails because of not updated makefile.

  OK, I've committed a slightly different patch which will hopefully
prevent this from happening again.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: DB handles dying slowly

[Milan Holub]

Hi all,

> > However any comments/experience/suggestions to the cause of "DB handles
> > dying" are welcome!

==> mea culpa! just to make clear: I was using slightly hacked rlm_sql.c
and I did not release the socket when returning from the function...


Milan Holub
holub (at) thenet (dot) ch

--
 TheNet-Internet Services AG,
 im Bernertechnopark, Morgenstr. 129
 CH-3018, Bern, Switzerland
 031 998 4333, Fax 031 998 4330
 http://www.thenet.ch
 http://wlan.thenet.ch
--


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: 2.0.0-pre1 compile problem on ubuntu

[A . L . M . Buxey]

Hi,
> on an ubuntu 6.06 configure does not show an error with  2.0.0-pre1.
> Compiling fails:

apt-get libperl-dev


alan
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

missing entry for evaluate.c in Makefile.in

[Milan Holub]

Hi Alan,
I just compiled cvs head and it fails because of not updated makefile.

here is a patch:

Index: src/main/Makefile.in
===
RCS file: /source/radiusd/src/main/Makefile.in,v
retrieving revision 1.66
diff -u -r1.66 Makefile.in
--- src/main/Makefile.in16 Apr 2007 10:54:19 -  1.66
+++ src/main/Makefile.in25 May 2007 11:59:34 -
@@ -8,7 +8,7 @@
  listen.c log.c mainconfig.c modules.c modcall.c \
  radiusd.c radius_snmp.c \
  session.c smux.c threads.c util.c valuepair.c version.c  \
- xlat.c event.c realms.c
+ xlat.c event.c realms.c evaluate.c

 SERVER_OBJS+= $(SERVER_SRCS:.c=.lo)

@@ -137,6 +137,9 @@
 xlat.lo: xlat.c
$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) -c xlat.c

+evaluate.lo: evaluate.c
+   $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) -c evaluate.c
+
 #
 # Helper programs
 #

Milan Holub
holub (at) thenet (dot) ch

--
 TheNet-Internet Services AG,
 im Bernertechnopark, Morgenstr. 129
 CH-3018, Bern, Switzerland
 031 998 4333, Fax 031 998 4330
 http://www.thenet.ch
 http://wlan.thenet.ch
--

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Freeradius pauses before responding when not running in debug mode

[Patric]

Hi all,

As per the subject, I have found the following interesting behaviour 
with freeradius 1.1.6

When running the server in normal mode or in debug level 1 mode :

radiusd -y

or

radiusd -y -x (lowercase x)

When sending an access request, the server pauses for a few seconds 
somewhere in the exec part of the authorize section.

When running the server in more verbose debug mode :

Radiusd -y -X (uppercase X)

This pause does not occur.

I am using exec to run external authentication, and would have thought 
it was my script causing the pause, but it does not appear when running 
with -X

Anybody else experience something like this?

Thanks
Patrick

--
Find out how you can get spam free email.
http://www.bluebottle.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

2.0.0-pre1 compile problem on ubuntu

[Norbert Wegener]

on an ubuntu 6.06 configure does not show an error with  2.0.0-pre1.
Compiling fails:
.
make[6]: Betrete Verzeichnis 
'/home/norbert/Desktop/freeradius-server-2.0.0-pre1/src/modules/rlm_perl'^M
/home/norbert/Desktop/freeradius-server-2.0.0-pre1/libtool --mode=link 
gcc -release 2.0.0-pre1 \^M
-module -export-dynamic   -o rlm_perl.la \^M
-rpath /usr/local/lib rlm_perl.lo rlm_perl.c 
/home/norbert/Desktop/freeradius-server-2.0.0-pre1/src/lib/libradius.la \^M
`perl -MExtUtils::Embed -e ldopts` -lnsl -lresolv  -lpthread^M
^M
*** Warning: Linking the shared library rlm_perl.la against the^M
*** static library /usr/lib/perl/5.8/auto/DynaLoader/DynaLoader.a is not 
portable!^M
gcc -shared  .libs/rlm_perl.o  -Wl,--rpath 
-Wl,/home/norbert/Desktop/freeradius-server-2.0.0-pre1/src/lib/.libs 
-Wl,--rpath -Wl,/usr/local/lib 
/home/norbert/Desktop/freeradius-server-2.0.0-pre1/src/lib/.libs/libradius.so 
-L/usr/local/lib /usr/lib/perl/5.8/auto/DynaLoader/DynaLoader.a 
-L/usr/lib/perl/5.8/CORE -lperl -ldl -lm -lc -lcrypt -lnsl -lresolv 
-lpthread  -Wl,-E -Wl,-soname -Wl,rlm_perl-2.0.0-pre1.so -o 
.libs/rlm_perl-2.0.0-pre1.so^M
/usr/bin/ld: cannot find -lperl^M


On the other hand, dpkg shows:

 dpkg -l|grep libperl
ii  libperl5.8 5.8.8-7build1

Norbert Wegener

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: mysql database limit

[Edvin Seferovic]

Use the latest stable version of freeradius. I am using MySQL5 for accouting
of 200 users and LDAP for 200 users and ca. 400 machines. No performance
issues although my machine is slower. 

Be nice to your DB and add another 512MB of RAM to the machine ;)

 

Regards,

E:S

 

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
g] On Behalf Of satish patel
Sent: Freitag, 25. Mai 2007 12:33
To: freeradius-users
Subject: mysql database limit

 

Dear ALL

  I have single machine with model name  : Intel(R)
Pentium(R) D CPU 2.80GHz + RAM 512 - configuration i am plaing to use
freeradius-1.0.0 with mysql with 500 users  so what about the performance
issue so it will working fine in this configuration or not   

What is the limit of radacct table in mysql is there any limit of data how
much it will go up to data in mysql  or any performance issuse with more
data ???




$ cat ~/satish/url.txt  

http://www.linuxbug.org

_

  

  _  

Download prohibited? No problem! CHAT
  from any browser, without download.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

mysql database limit

[satish patel]

Dear ALL

  I have single machine with model name  : Intel(R) 
Pentium(R) D CPU 2.80GHz + RAM 512 - configuration i am plaing to use 
freeradius-1.0.0 with mysql with 500 users  so what about the performance issue 
so it will working fine in this configuration or not   

What is the limit of radacct table in mysql is there any limit of data how much 
it will go up to data in mysql  or any performance issuse with more data ???




$ cat ~/satish/url.txt  

http://www.linuxbug.org
_

   
-
 Download prohibited? No problem! CHAT from any browser, without download.- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: windows 2003 AD authentication with freeradius (for 802.1X)

[A . L . M . Buxey]

Hi,

> The proxy.conf configuration(without it i got realm not found), your 
> document is also missing the tls section of eap.conf.
> as i said, i didn't found a document that i could follow and immediately 
> gave results.
> There where always some smaller(but crucial) parts that where missing for 
> me.

well in this case it should be reported!  its unsuitable to have
dozens of 'how to do it' documents spread all over the internet...each
with their own method  with random ones saying Auth-Type := EAP etc

alan
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius crash

[Alan Dekok]

Doug Hardie wrote:
> Nope.  All memory that is used is local.  Nothing is retained.  Only  
> the authorize module is used.  Nothing is dynamically allocated in  
> the module.

  Are you sure there are no buffer overruns in your module?  Are you
sure you're calling the FreeRADIUS API correctly?

  My question is because we've had a full source code scan in 1.1.6, and
a number of bugs have fixed.  The result is I am very skeptical of there
being memory-related bugs in the server.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Dynamic VLAN - limiting switchs VLANs?

[Alan Dekok]

Robert wrote:
> I can plug a computer into the switch, have the switch grab the MAC
> addy, pass it to FR, hit the DB and return what VLAN that MAC belongs
> to, and then have the switch configure to port to the correct VLAN.
> 
> Now the complication that I'm facing is that in our environment, a MAC
> might be assigned to multiple VLANs and our switches only have a
> fraction of the total number VLANs trunked to them.
> 
> What I need is a way FR can not only match the MAC to a VLAN, but also
> to cross reference that result to the VLANs that are available from the
> requesting switch. 
> 
> Anyone know how to do this? Or at least a good place that I can start?

  Create an SQL table containing the relationships, and SELECT the
appropriate one.  Test it with the MySQL command-line tool first, and
once you have the table && select set up right, transfer the SELECT to
FreeRADIUS.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

freeradius 1.1.4 stops answering (why?)

[Roberto S. G.]

hi,

I'm experiencing strange problems with a compiled freeradius 1.1.4 that
I have on a Reh Hat... I've used there other previous freeradius
versions without problem, but this one seems to maintain service for
just a couple of days, after which it stops authenticating. I had not
noticed this before, 'cause it was almost idle until now.
There's no strange error, even in "-X" mode.
Maybe it has something to be with connections to the ldap server...
freeradius makes connections to local stunnel ports, which then connects
to an Active Directory via ldaps (it has always run smoothly), but the
last configured freeradius ldap is a plain remote ldap connection just
in case stunnel stops running...
¿Maybe new FR versions has changes in the way it manages connections?.
The "Timed out while waiting for server to respond" error doesn't seem
to me correct, since a restart makes it dissapear, and I'd already risen
default values in radiusd.conf {ldap}:
timeout = 60
timelimit = 3
net_timeout = 5
I just see in radius.log that there aren't more OK's (or KO's)...
I do not understand also the "Logout entry for NAS wireless-leon port 1
has wrong IDs" message... (I make no accounting).
[I've tried also v1.1.6, but it's even worse: there're *much* more
"Logout entry for..." and "Error: rlm_ldap: ldap_search() failed: Timed
out..." and "Error: Discarding duplicate request..." logs, and others
related to NAS that didn't appear before; all with exactly the same conf
(which I compared line by line with 1.1.6 default one, without finding
new or deprecated attributes...), so I downgrade to 1.1.4 again...]
Any comment will be appreciated.
bye

extract from radius.log, for v1.1.4:

Wed May 23 13:16:05 2007 : Error: rlm_radutmp: Logout entry for NAS
wireless-leon port 1 has wrong ID
Wed May 23 13:16:31 2007 : Error: rlm_radutmp: Logout entry for NAS
wireless-leon port 1 has wrong ID
Wed May 23 13:20:34 2007 : Error: rlm_radutmp: Logout entry for NAS
wireless-leon port 1 has wrong ID
Wed May 23 14:07:36 2007 : Error: Discarding duplicate request from
client wireless-leon:1025 - ID: 170 due to unfinished request 141087
...
Wed May 23 14:08:08 2007 : Error: Discarding duplicate request from
client wireless-leon:1025 - ID: 172 due to unfinished request 141089
Wed May 23 14:08:34 2007 : Error: rlm_ldap: ldap_search() failed: Timed
out while waiting for server to respond. Please increase the timeout.
Wed May 23 14:08:46 2007 : Error: rlm_ldap: ldap_search() failed: Timed
out while waiting for server to respond. Please increase the timeout.
Wed May 23 14:08:58 2007 : Error: rlm_ldap: ldap_search() failed: Timed
out while waiting for server to respond. Please increase the timeout.
Wed May 23 17:20:39 2007 : Error: Discarding duplicate request from
client wireless-leon:1025 - ID: 114 due to unfinished request 141090
...
Wed May 23 17:21:04 2007 : Error: Discarding duplicate request from
client wireless-leon:1025 - ID: 115 due to unfinished request 141091
Wed May 23 17:21:13 2007 : Error: Discarding duplicate request from
client wireless-leon:1025 - ID: 116 due to unfinished request 141092
Wed May 23 17:21:15 2007 : Error: Discarding duplicate request from
client wireless-leon:1025 - ID: 116 due to unfinished request 141092
Wed May 23 17:21:17 2007 : Error: Discarding duplicate request from
client wireless-leon:1025 - ID: 116 due to unfinished request 141092
Wed May 23 17:21:19 2007 : Error: Discarding duplicate request from
client wireless-leon:1025 - ID: 116 due to unfinished request 141092
Wed May 23 17:21:21 2007 : Error: Discarding duplicate request from
client wireless-leon:1025 - ID: 116 due to unfinished request 141092
Wed May 23 17:21:36 2007 : Error: rlm_ldap: ldap_search() failed: Timed
out while waiting for server to respond. Please increase the timeout.
Wed May 23 17:21:54 2007 : Error: rlm_ldap: ldap_search() failed: Timed
out while waiting for server to respond. Please increase the timeout.
Wed May 23 17:22:11 2007 : Error: rlm_ldap: ldap_search() failed: Timed
out while waiting for server to respond. Please increase the timeout.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Including Vendor specific dictionary file

[Alan Dekok]

[EMAIL PROTECTED] wrote:
> I have created a vendor specific dictionary file for freeradius.
> This file includes two attributes for our mini switches.
> Is it possible to include this file within the next freeradius release?

  I've added it, thanks.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius crash

[Doug Hardie]

On May 25, 2007, at 01:24, Alan Dekok wrote:

> Doug Hardie wrote:
>> I am completely unable to replicate this situation on my test
>> system.  I can run thousands of requests via multiple radclients
>> without any problems.  I can drive the test system to overload and
>> other than responses slow down a bit, it just works properly.
>>
>> #0  0x2830a6e8 in ?? () from /usr/local/lib/rlm_lafn.so
>> #1  0x2830b9c0 in lafn_authorize (instance=0x0, request=0x0) at
>> rlm_lafn.c:543
>
>   Umm... if you're using modules you wrote yourself, my guess would be
> that the problem lies in those modules.  You probably have access a
> pointer after it's freed, which corrupts memory.
>
>   The standard server as shipped in 1.1.6 does *not* have this  
> problem.

Nope.  All memory that is used is local.  Nothing is retained.  Only  
the authorize module is used.  Nothing is dynamically allocated in  
the module.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Radius authentication problems

[Alan Dekok]

sizo nsibande wrote:
> We are having a problem testing the authentication process on our
> radius box, please do not flame me, I am just trying to find out if
> any of you guys have ever maybe come across any such issue.

  There is no RADIUS traffic in that debug.  I suggest asking the same
question on the "pppd" list.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: dictionary handling

[Alan Dekok]

Wolfgang Rosenauer wrote:
> since I just begun to use freeradius in production I found some strangeness.
> The default configuration is to include all dictionaries but I wonder
> how they are evaluated?

  As documented.

> I have a Cisco NAS which sends (at least I think) VSA records and so I
> configured the Cisco VSA hack.

  The Cisco doesn't always send VSA's.

> For accounting reasons I'm interested in Cisco-PreSession-Time which is 198.
> In the detail log I found X-Ascend-PreSession-Time instead of
> Cisco-PreSession-Time though.
> If I grep through the dictionaries I found:

  Multiple attributes.  You do realize that a VSA of '198' for Cisco
isn't the same attribute as a VSA of '192' for another vendor?

  Again, this is documented.

> So I find it strange that freeradius logs X-Ascend-PreSession-Time at
> all since it's not the first match and not the last one.

  It is the first match.

  And running "grep" over the dictionary files doesn't return the
attributes in the same order as the server reads them.

> In addition I wonder if it makes sense that dictionary.ascend has two
> definitions for 198.

  Yes.

> I was under the impression that the correct dictionary would be chosen
> by the vendor ID (9 in case of Cisco).

  No.  Cisco sometimes sends non-VSA attributes.

> So any idea why freeradius logs Ascend attributes then?

  Because Cisco uses the same non-VSA numbers.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius as a middleware between multiple ldap/ADS-servers and CMS

[Alan Dekok]

[EMAIL PROTECTED] wrote:
> Now other schools are also interested in single-sign-in to our moodle. 
> Unfortunately only one ldap-connecting is accepted by moodle at one time. 

  File a bug with moodle.

> So I'm looking for a middleware. On one side the middleware has to handle 
> multiple ldap/ADS-servers and on the other side the middleware has to talk to 
> moodle with one host-address, one port and one shared key. 
> 
> Will radius be my friend? The radius-connector does exist in moodle.

  That's likely for doing authentication to a RADIUS server, not for
running as a RADIUS server itself.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Very critical: Memory leak in freeradius-1.1.6

[Alan Dekok]

nikitha george wrote:
> On 5/23/07, nikitha george <[EMAIL PROTECTED]> wrote:
>>
>> Please find the valgrind output below. It shows so much memory is still
>> reachable.

  That's because the server doesn't clean up memory on exit.  Run it
with the "-m" flag on the command line, and it will try to clean up
memory on exit.

>> I guess we are not cleaning up the all the expired cached session at
>> regular interval.

  You are the only person running FreeRADIUS who is seeing this.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Accounting-Response with invalid signature

[Alan Dekok]

Rio Yang wrote:
> I got the following message from my radius.log.
> 
> Wed May 23 16:39:11 2007 : Error: Received Accounting-Response packet from
> 172.16.1.1:1813 with invalid signature (err=2)!  (Shared secret is
> incorrect.)
> Wed May 23 16:39:11 2007 : Error: Reply from home server 172.16.1.1:1813  -
> ID: 180 arrived too late for request 2515449. Try increasing 'retry_delay'
> or 'max_request_time'

  This happens sometimes in versions before 1.1.5.  Upgrade.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: AW: Freeradius and rlm_mysql with encrypted PWD's

[Alan Dekok]

Rascher, Markus wrote:
> Thx for your answer.
> My situation is: I want to authenticate users who are logging into linux 
> systems or cisco systems via ssh. The ssh-Client sends a radius request to 
> the freeradius-server.
> 
> The Radius-Server can read the user-Password from the request and decrypt it.
> I want to use a mysql-db to store the pwd's. How do I have to configure the 
> freeradius-server so I can save the pwd's as MD5, or sha1 hash?

$ man rlm_pap

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius crash

[Doug Hardie]

On May 25, 2007, at 01:24, Alan Dekok wrote:

> Doug Hardie wrote:
>> I am completely unable to replicate this situation on my test
>> system.  I can run thousands of requests via multiple radclients
>> without any problems.  I can drive the test system to overload and
>> other than responses slow down a bit, it just works properly.
>>
>> #0  0x2830a6e8 in ?? () from /usr/local/lib/rlm_lafn.so
>> #1  0x2830b9c0 in lafn_authorize (instance=0x0, request=0x0) at
>> rlm_lafn.c:543
>
>   Umm... if you're using modules you wrote yourself, my guess would be
> that the problem lies in those modules.  You probably have access a
> pointer after it's freed, which corrupts memory.
>
>   The standard server as shipped in 1.1.6 does *not* have this  
> problem.

Should have pointed out that this module ran for over a year with  
1.1.2 and FreeBSD 5.3 without any problems.  Never once had a core dump.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius crash

[Alan Dekok]

Doug Hardie wrote:
> I am completely unable to replicate this situation on my test  
> system.  I can run thousands of requests via multiple radclients  
> without any problems.  I can drive the test system to overload and  
> other than responses slow down a bit, it just works properly.
> 
> #0  0x2830a6e8 in ?? () from /usr/local/lib/rlm_lafn.so
> #1  0x2830b9c0 in lafn_authorize (instance=0x0, request=0x0) at  
> rlm_lafn.c:543

  Umm... if you're using modules you wrote yourself, my guess would be
that the problem lies in those modules.  You probably have access a
pointer after it's freed, which corrupts memory.

  The standard server as shipped in 1.1.6 does *not* have this problem.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Wiki

[Arran Cudbard-Bell]

Peter Nixon wrote:
> On Thu 24 May 2007, Doug Hardie wrote:
>   
>> On Sun 20 May 2007, Doug Hardie wrote:
>>  > I am having problems finding the way to get from the main Wiki page
>>  > to the configuration information.  The pages are there.  When I
>>  > search for something they are found.  I just can't figure out how you
>>  > are supposed to link to them from the main page.  For example the
>>  > modules page does eventually link back to the main page, but I can't
>>  > figure out how to go from the main page to it.
>>
>> It's all a bit ad hoc at present. As it's a wiki, you are welcome to
>> assist
>> with indexing of the information :-)
>>
>>
>> Who do I need to contact on this.  The main page (at least) is locked
>> to prevent updates.
>> 
>
> I have disabled the front page's protection (for the time being). I 
> previously turned it on because we were getting too much spam.
>
> Cheers
>
>   
Now which bloody wiki are you using, so I can look up the formatting 
rules :)


---
Arran
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Wiki

[Peter Nixon]

On Thu 24 May 2007, Doug Hardie wrote:
> On Sun 20 May 2007, Doug Hardie wrote:
>  > I am having problems finding the way to get from the main Wiki page
>  > to the configuration information.  The pages are there.  When I
>  > search for something they are found.  I just can't figure out how you
>  > are supposed to link to them from the main page.  For example the
>  > modules page does eventually link back to the main page, but I can't
>  > figure out how to go from the main page to it.
>
> It's all a bit ad hoc at present. As it's a wiki, you are welcome to
> assist
> with indexing of the information :-)
>
>
> Who do I need to contact on this.  The main page (at least) is locked
> to prevent updates.

I have disabled the front page's protection (for the time being). I 
previously turned it on because we were getting too much spam.

Cheers

-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Including Vendor specific dictionary file

[Patric]

[EMAIL PROTECTED] wrote:
> 
> Hi,
> 
> I have created a vendor specific dictionary file for freeradius.
> This file includes two attributes for our mini switches.
> Is it possible to include this file within the next freeradius release?

AFAIK you can just include it via the {sysconfig path}/raddb/dictionary 
file like this :

$INCLUDE/path/to/custom.dictionary.file

HTH

Patrick

--
Finally - A spam blocker that actually works.
http://www.bluebottle.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Including Vendor specific dictionary file

[H . Theissen]

Hi,

I have created a vendor specific dictionary file for freeradius.
This file includes two attributes for our mini switches.
Is it possible to include this file within the next freeradius release?

You will find the text below.

Kind regards 

Hubert Theißen
 
Research & Development
Tel. +49 2166 272721 Fax  +49 2166 272313 


- - -
Nexans Deutschland Industries GmbH & Co. KG
Bonnenbroicher Straße 2-1441238 Mönchengladbach
Sitz: Hannover Amtsgericht Hannover HRA 25339
Persönlich haftende Gesellschafterin: Nexans Deutschland GmbH
Sitz: Hannover Amtsgericht Hannover HRB 60648
Geschäftsführer: Dr. Wolfgang Bedorf (Vors.), Christof Barklage
Vorsitzender des Aufsichtsrats: Yvon Raak


# -*- text -*-
##
# Nexans Active Networking Systems dictionary  http://www.nexans.de/ans 
#
# Version:  $Id: dictionary.nexans,v 1.0 2007/05/05 08:10:11 aland Exp 
$
#
#   Hubert Theissen <[EMAIL PROTECTED]>
#
##

VENDOR  Nexans  266 ietf

BEGIN-VENDORNexans
 
ATTRIBUTE   Nexans-Port-Default-VLAN-ID 1   integer Nexans
ATTRIBUTE   Nexans-Port-Voice-VLAN-ID   2   integer Nexans

END-VENDOR  Nexans
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html