Re: help
adnan deura wrote: i am getting help from the website : www.aerospacesoftware.com/radius.html Why? It's *years* out of date. i add the user in this way, johndoe Auth-Type := Local, User-Password == johndoepassword Reply-Message = Hello, %u Don't do that. It's wrong. Do this: johndoe Cleartext-Password := johndoepassword Reply-Message = Hello, %u See the documentation in 1.1.7 for why. AND AFTER THAT # radiusd -X And you haven't included the output. BUT THE RESPONSE FROM THE SERVER ... rad_recv: Access-Rejected packet You're trying to debug the server by looking at the output from the client. I fail to understand why anyone thinks this is useful. please tell me what to do READ the debug output from the server. It is telling you what is going wrong, and why. should i install an older version ? No. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Python and return attributes in `postproxy`
Mike O'Connor wrote: It would seem as if the rlm_python does not provide the returned attributes from the proxy, this happens in both a patched version of 1.1.7 and 2.0.0. Yes. It appears to convert only the request attributes to a python tuple. Fixing it shouldn't be hard. As always, patches are welcome. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with accounting
Hey Marinko, On Jan 14, 2008 9:15 AM, Marinko Tarlac [EMAIL PROTECTED] wrote: Hi We have FreeRadius 1.1.4 and Mikrotik (as a NAS) with MySql as a database. Accounting works fine for all users except for one user. Authentication works fine and NAS sends updates as I specify for all users and I can't find any reason why it doesn't work for specific username. In debugging mode (radiusd -X and radiusd -x) I can see updates but MySql is empty... Maybe you should post some debug output when those accounting updates occur, you might be overlooking something. It would also be wise to turn on mysql logging and monitor the queries running (if at all) as they might be badly processed. Regards, Liran Tal. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQLippool problems (duplicate IPs handed out).
Peter Nixon wrote: I downloaded and installed ver 2.0.0 and have been fighting with it for hours. I was going to move to the rlm_ippool module to fix this, but using this module or the sqlippool module regardless of what is set in radgroupreply or radreply I always get the error rlm_ippool: Could not find Pool-Name attribute. rlm_sqlippool: Could not find Pool-Name attrubute I have it set in radgroupreply or radreply as Pool-Name := pool2 for example I havent really changed much except make the config mods to make 2.0 work with mysql Dave This is quite possible, as I dont think the MySQL queries currently do the correct locking. If you can fix the problem, please send us a patch. -Peter On Mon 14 Jan 2008, Dave wrote: I use the sql IP pool setup with mysql, and been using it fine for a while, but I have a problem where if I have an influx of connections at one time (30++) That freeradius will hand out an IP to my NAS, but it doesnt get written to the database fast enuff and another thread of freeradius hands out the same IP to another user, and logs that entry to the radippool table. So I get users with duplicate IP addresses.. this never happens if the connections are coming in slow enough, (1 or 2 at a time). freeradius 1.1.6 with mysql 5.0.26. Here is my sqlippool.conf. -- -- sqlippool { ## SQL instance to use (from sql.conf) sql-instance-name = sql ## Table to keep ippool info ippool_table = radippool ## lease_duration. fix for lost acc-stop packets lease-duration = 3600 ## Attribute which should be considered unique per NAS ## Using NAS-Port gives behaviour similar to rlm_ippool. Calling-Station-Id is for NAS that send fixed NAS-Port pool-key = %{NAS-Port} # pool-key = %{Calling-Station-Id} ## Logging configuration. sqlippool_log_exists = Existing IP: %{reply:Framed-IP-Address} \ (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name}) sqlippool_log_success = Allocated IP: %{reply:Framed-IP-Address} from %{check:Pool-Name} \ (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name}) sqlippool_log_clear = Released IP %{Framed-IP-Address}\ (did %{Called-Station-Id} cli %{Calling-Station-Id} user %{User-Name}) sqlippool_log_failed = IP Allocation FAILED from %{check:Pool-Name} \ (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name}) sqlippool_log_nopool = No Pool-Name defined \ (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name}) # ## This series of queries allocates an IP address # allocate-clear = UPDATE ${ippool_table} \ # SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', \ # expiry_time = '-00-00 00:00:00' \ # WHERE pool_key = '${pool-key}' ## This will clear all expired leases for lost acc-stop packets allocate-clear = UPDATE radippool \ SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', \ expiry_time = '-00-00 00:00:00' \ WHERE expiry_time = NOW() - INTERVAL 1 SECOND # ## The ORDER BY clause of this query tries to allocate the same IP-address # ## which user had last session... allocate-find = SELECT framedipaddress FROM ${ippool_table} \ WHERE pool_name = '%{check:Pool-Name}' AND expiry_time NOW() \ ORDER BY (username '%{User-Name}'), (callingstationid '%{Calling-Station-Id}'), expiry_time \ LIMIT 1 \ FOR UPDATE ## If you prefer to allocate a random IP address every time, use this query instead #allocate-find = SELECT framedipaddress FROM ${ippool_table} \ # WHERE pool_name = '%{check:Pool-Name}' AND expiry_time = '-00-00 00:00:00' \ # ORDER BY RAND() \ # LIMIT 1 \ # FOR UPDATE ## If an IP could not be allocated, check to see if the pool exists or not ## This allows the module to differentiate between a full pool and no pool ## Note: If you are not running redundant pool modules this query may be commented ## out to save running this query every time an ip is not allocated. pool-check = SELECT id FROM ${ippool_table} WHERE pool_name='%{check:Pool-Name}' LIMIT 1 allocate-update = UPDATE ${ippool_table} \ SET nasipaddress = '%{NAS-IP-Address}', pool_key = '${pool-key}', \ callingstationid = '%{Calling-Station-Id}', username = '%{User-Name}', \ expiry_time = NOW() + INTERVAL ${lease-duration} SECOND \ WHERE framedipaddress = '%I' ## This series of queries frees an IP number when an accounting ## START record arrives start-update = UPDATE ${ippool_table} \ SET expiry_time = NOW() + INTERVAL ${lease-duration} SECOND \ WHERE nasipaddress = '%{NAS-IP-Address}' AND pool_key = '${pool-key}' ## This series of queries frees an IP number when an accounting ## STOP record arrives stop-clear = UPDATE ${ippool_table} \ SET nasipaddress = '',
Re: Verifying framed-ip-address using unlang
Pshem Kowalczyk wrote: Is it possible to use unlang to verify whether framed-ip-address is in the right range or not? Yes and no. The comparisons are not typed, so everything is a string. We would like to use it on our wholesale proxies. Wholesale customers of ours are allowed to allocate IPs to their customers, but only from certain ranges. Will a normal comparison ( ) work with IP addresses? They will work, but they won't do IP-address comparison. You can either do string comparisons, which will often do the right thing, OR regular expressions, which will do the right thing if you write them carefully. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with accounting
Hi We have FreeRadius 1.1.4 and Mikrotik (as a NAS) with MySql as a database. Accounting works fine for all users except for one user. Authentication works fine and NAS sends updates as I specify for all users and I can't find any reason why it doesn't work for specific username. In debugging mode (radiusd -X and radiusd -x) I can see updates but MySql is empty... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with accounting
On Jan 14, 2008 9:15 AM, Marinko Tarlac [EMAIL PROTECTED] wrote: Hi We have FreeRadius 1.1.4 and Mikrotik (as a NAS) with MySql as a database. Accounting works fine for all users except for one user. Authentication works fine and NAS sends updates as I specify for all users and I can't find any reason why it doesn't work for specific username. In debugging mode (radiusd -X and radiusd -x) I can see updates but MySql is empty... Hi, I suggest you try first with the latest freeradius version available. 1.1.4 is not recent and there have been many bugfixes since that. -- In a sea of glass shards, I hear you screaming --icchan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radsqlrelay v1.7 on freebsd 6.3
Hi Roy and everyone, In message [EMAIL PROTECTED], roy [EMAIL PROTECTED] writes Application versions that are being used: FreeBSD 6.3-PRERELEASE p5-DBD-Pg-1.49 p5-DBI-1.60.1 postgresql-client-8.1.11 freeradius-devel-2.0.0.p2 radsqlrelay v1.7 FreeRADIUS 2.0.0-pre2 is some way behind the released FreeRADIUS 2.0.0. By the time 2.0.0-pre2 got committed to the FreeBSD ports tree, we were very close to the 2.0.0 release. FreeBSD PR ports/119582 contains what should become the net/freeradius2 port for the 2.0.0 release version. http://www.freebsd.org/cgi/query-pr.cgi?pr=119582 However, radsqlrelay is version 1.7 in the released 2.0.0 as well. I'm no real coder myself, hence, the need to seek direction. Any necessary change on the script that I need to make? struct flock has different parameters in FreeBSD's C library - or, more accurately, the same parameters in a different order - see man 2 fcntl In /usr/local/bin/radsqlrelay read down a few lines further than you were looking into sub setlock. Back up the file, then change the my $packed line to: my $packed = pack($FLOCK_STRUCT, $start, $len, 0, F_WRLCK, SEEK_SET); That should be all on one line; it's the same parameters in a different order. Then go up to the my $FLOCK_STRUCT line and make the corresponding change: my $FLOCK_STRUCT = 'l2is2'; This is *completely* untested - but looks to be more in line with the FreeBSD man page. If it works, I'll add a rather tidier patch to the port in due course - one that updates the comments as well. If this doesn't work, it needs further investigation. Best wishes, David -- David Wood [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Verifying framed-ip-address using unlang
Alan DeKok wrote: Pshem Kowalczyk wrote: Is it possible to use unlang to verify whether framed-ip-address is in the right range or not? Yes and no. The comparisons are not typed, so everything is a string. We would like to use it on our wholesale proxies. Wholesale customers of ours are allowed to allocate IPs to their customers, but only from certain ranges. Will a normal comparison ( ) work with IP addresses? They will work, but they won't do IP-address comparison. You can either do string comparisons, which will often do the right thing, OR regular expressions, which will do the right thing if you write them carefully. Sub Captures of regular expressions map onto variables %{1}-%{8}, so you can extract the individual octets of the IP address. So if you wanted to check multiple ranges, best thing is to extract the octets of the IP address and then do the comparison with normal = operators. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + portuguese characters in Active Directory
Alan, I tried with 2.0 release, still i am not able to get the user authenticated. I am seeing the freeradius which logs the user name as some different character instead of cató. Any other idea? Or did u guys ever tried with this kind of characters in user name? Thanks, Sumithra On 1/12/08, nikitha george [EMAIL PROTECTED] wrote: Okay. Currently I am running with 1.1.6, will upgrade to 2.0 and try it. Thanks for your information. Regards, Nikitha On 1/11/08, Alan DeKok [EMAIL PROTECTED] wrote: nikitha george wrote: I am creating a user account in AD with portuguese character and have the freeradius configured properly. 1.1.x does not support UTF-8 that well. Version 2.0.0 should be much better. Please try that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radsqlrelay v1.7 on freebsd 6.3
Hi David, On Mon, 2008-01-14 at 09:28 +, David Wood wrote: FreeRADIUS 2.0.0-pre2 is some way behind the released FreeRADIUS 2.0.0. By the time 2.0.0-pre2 got committed to the FreeBSD ports tree, we were very close to the 2.0.0 release. FreeBSD PR ports/119582 contains what should become the net/freeradius2 port for the 2.0.0 release version. http://www.freebsd.org/cgi/query-pr.cgi?pr=119582 However, radsqlrelay is version 1.7 in the released 2.0.0 as well. I'm no real coder myself, hence, the need to seek direction. Any necessary change on the script that I need to make? struct flock has different parameters in FreeBSD's C library - or, more accurately, the same parameters in a different order - see man 2 fcntl In /usr/local/bin/radsqlrelay read down a few lines further than you were looking into sub setlock. Back up the file, then change the my $packed line to: my $packed = pack($FLOCK_STRUCT, $start, $len, 0, F_WRLCK, SEEK_SET); That should be all on one line; it's the same parameters in a different order. Then go up to the my $FLOCK_STRUCT line and make the corresponding change: my $FLOCK_STRUCT = 'l2is2'; This is *completely* untested - but looks to be more in line with the FreeBSD man page. If it works, I'll add a rather tidier patch to the port in due course - one that updates the comments as well. If this doesn't work, it needs further investigation. Thanks for the quick reply. Made these changes: line 53 my $FLOCK_STRUCT = 'l2is2'; line 62 my $packed = pack($FLOCK_STRUCT, $start, $len, 0, F_WRLCK, SEEK_SET); Still returns: error: Couldn't lock /home/radius/sql-relay.work: Invalid argument BR, roy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
help again
if the website is old where should i go buddy http://www.aerospacesoftware.com/radius.html ? _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help again
Read the instructions in users file. Ivan Kalik Kalik Informatika ISP Dana 14/1/2008, adnan deura [EMAIL PROTECTED] piše: if the website is old where should i go buddy http://www.aerospacesoftware.com/radius.html ? _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
help help help
hello everybody i am given the task of installing freeradius 1.1.7 on fedora core 7 for my computer networking course's final project. my sir has a very little idea of freeRADIUS ., what should i do to get a good grade . i have installed ,configured( i think so ),and added a user in the 'user' file and it all works well . i do not know what to do next please tell me that what i can i do next or at least tell me what to do on google. how is a user going to access the radius server on my machine , and what are the things i can do with this tool to show to my lecturer, and what things are that i can do to avail the full features of freeRADIUS 1.1.7 waiting for your reply thanks in advance. _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help help help
Hi there, In message [EMAIL PROTECTED], adnan deura [EMAIL PROTECTED] writes i am given the task of installing freeradius 1.1.7 on fedora core 7 for my computer networking course's final project. The documentation is out there - but we're not here to do your project for you. There's plenty of documentation in the files shipped with the server, there's more in the wiki, and, of course, there's the archives of this mailing list - which are all available on the web. Read the RADIUS RFCs. See if you can find a wireless access point that will do WPA Enterprise (many fairly cheap units will), and set up FreeRADIUS in that setup using different EAP types. There's much, much more that you can do - but that should get you started! Best wishes, David -- David Wood [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help help help
Hey Adnan, On Jan 14, 2008 12:25 PM, adnan deura [EMAIL PROTECTED] wrote: hello everybody i am given the task of installing freeradius 1.1.7 on fedora core 7 for my computer networking course's final project. Well that's nice to hear. my sir has a very little idea of freeRADIUS ., what should i do to get a good grade . Being a good student is a start but there are other ways which we won't cover here. i have installed ,configured( i think so ),and added a user in the 'user' file and it all works well . i do not know what to do next please tell me that what i can i do next or at least tell me what to do on google. Don't you have a project outline? In anycase the wiki is a good place to start: http://wiki.freeradius.org how is a user going to access the radius server on my machine , and what are the things i can do with this tool to show to my lecturer, and what things are that i can do to avail the full features of freeRADIUS 1.1.7 It is probably better if you read up on some documentation explaining what a RADIUS server does, what is it's role in the network and how it operates. Basically, you should also consider adding a NAS to your network configuration so that you can actually do some authentication and possibly accounting. Otherwise you can just use the radclient as a proof-of-concept show-case. Regards, Liran Tal. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
R: help help help
I think you're asking us to do the homework for you ;-) Take a look on google for radius architecture and read radius rfcs . After reading it should be clear what radius can and cannot do. Regards, Francesco. Da: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Per conto di adnan deura Inviato: lunedì 14 gennaio 2008 12.26 A: freeradius-users@lists.freeradius.org Oggetto: help help help hello everybody i am given the task of installing freeradius 1.1.7 on fedora core 7 for my computer networking course's final project. my sir has a very little idea of freeRADIUS ., what should i do to get a good grade . i have installed ,configured( i think so ),and added a user in the 'user' file and it all works well . i do not know what to do next please tell me that what i can i do next or at least tell me what to do on google. how is a user going to access the radius server on my machine , and what are the things i can do with this tool to show to my lecturer, and what things are that i can do to avail the full features of freeRADIUS 1.1.7 waiting for your reply thanks in advance. Express yourself instantly with MSN Messenger! MSN Messenger http://clk.atdmt.com/AVE/go/onm00200471ave/direct/01/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help
Hi, i have to install freeRADIUS 1.1.7 on fedora core 7 ,but i am unable to add users to the 'users' file . why? 2.0.0 is out now i am getting help from the website : www.aerospacesoftware.com/radius.html way way way out of date and it doesnt follow current best practice either. johndoe Auth-Type := Local, User-Password == johndoepassword Reply-Message = Hello, %u AND AFTER THAT johndoe Cleartext-Password := passwordhere Reply-Message = hello, %u please tell me what to do basically ignore the output from the client - it cant tell you THAT much. instead, look at the output from the server - which is plenty if you use 'radiusd -X' should i install an older version ? no. the opposite. install a newer version alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with accounting
Can you post the debug for Accounting Start packets for that user and one that is being recorded. Ivan Kalik Kalik Informatika ISP Dana 14/1/2008, Marinko Tarlac [EMAIL PROTECTED] piše: Hi We have FreeRadius 1.1.4 and Mikrotik (as a NAS) with MySql as a database. Accounting works fine for all users except for one user. Authentication works fine and NAS sends updates as I specify for all users and I can't find any reason why it doesn't work for specific username. In debugging mode (radiusd -X and radiusd -x) I can see updates but MySql is empty... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help again
Hi, if the website is old where should i go buddy http://www.aerospacesoftware.com/radius.html theres a bunch of docs that come in the freeradius tar archive (they'll end up in /usr/local/share/doc/freeradius or wherever you're chosen path during configure ; make ; make install theres also http://deployingradius.com/ and wiki.freeradius.org both are top google hits alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + portuguese characters in Active Directory
nikitha george wrote: Alan, I tried with 2.0 release, still i am not able to get the user authenticated. I am seeing the freeradius which logs the user name as some different character instead of cató. Any other idea? Or did u guys ever tried with this kind of characters in user name? I don't try it that often, but I haven tried it in the past. Perhaps you could say *where* this is happening. i.e. include a debug log, as suggested in the FAQ, README, INSTALL, etc. There may be places in the server which haven't been updated to handle UTF-8. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: seg fault
Since we have no idea what the problem is, the answer is likely no. totally fair =) If malloc() is core dumping, then something else is going wrong. i.e. some other part of the server is over-writing memory. when you say the server i assume you mean freeradius not another app.?? I would try 2.0. Large amounts of code have been re-written or updated. It may not be perfect, but there are good odds that this problem won't re-appear. that's what i'll do then. thanks for the help, Joe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQLippool problems (duplicate IPs handed out).
Dave wrote: I use the sql IP pool setup with mysql, and been using it fine for a while, but I have a problem where if I have an influx of connections at one time (30++) That freeradius will hand out an IP to my NAS, but it doesnt get written to the database fast enuff and another thread of freeradius hands out the same IP to another user, and logs that entry to the radippool table. So I get users with duplicate IP addresses.. From my reading of the code, it's because the SQL IPPool module does multiple queries *outside* of a transaction. The SQL code in rlm_sql does one transaction per query, but that's not what you want. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
seg fault
I've been trying to pin down a rather elusive segfault for over 2 months now. and i finally got it to happen inside of gdb. this is freeradius 1.1.6, on rhel5 x86-64 if this problem is fixed in 2.0 or 1.1.7 please let me know. Starting program: /usr/sbin/radiusd -X [Thread debugging using libthread_db enabled] [New Thread 46912543318400 (LWP 8450)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 46912543318400 (LWP 8450)] 0x2c1666d5 in _int_malloc () from /lib64/libc.so.6 * 1 Thread 46912543318400 (LWP 8450) 0x2c1666d5 in _int_malloc () from /lib64/libc.so.6 Thread 1 (Thread 46912543318400 (LWP 8450)): #0 0x2c1666d5 in _int_malloc () from /lib64/libc.so.6 No symbol table info available. #1 0x2c167d4d in malloc () from /lib64/libc.so.6 No symbol table info available. #2 0x2be05102 in CRYPTO_malloc () from /lib64/libcrypto.so.6 No symbol table info available. #3 0x2be2a6b7 in BN_free () from /lib64/libcrypto.so.6 No symbol table info available. #4 0x2be2a808 in bn_expand2 () from /lib64/libcrypto.so.6 No symbol table info available. #5 0x2be2abd5 in BN_bin2bn () from /lib64/libcrypto.so.6 No symbol table info available. #6 0x2be36ea0 in RSA_PKCS1_SSLeay () from /lib64/libcrypto.so.6 No symbol table info available. #7 0x2bb7cc62 in ssl3_get_client_key_exchange () from /lib64/libssl.so.6 No symbol table info available. #8 0x2bb7ecaf in ssl3_accept () from /lib64/libssl.so.6 No symbol table info available. #9 0x2bb854c3 in ssl3_read_bytes () from /lib64/libssl.so.6 No symbol table info available. #10 0x2bb82431 in ssl3_renegotiate_check () from /lib64/libssl.so.6 No symbol table info available. #11 0x2e1d77da in tls_handshake_recv (ssn=0x58718240) at tls.c:173 err = value optimized out #12 0x2e1d6ad5 in eaptls_process (handler=0x59e07860) at eap_tls.c:638 tls_session = (tls_session_t *) 0x58718240 tlspacket = (EAPTLS_PACKET *) 0x5860bc80 status = EAPTLS_LENGTH_INCLUDED #13 0x2ebe642b in eappeap_authenticate (arg=0x584e9ac0, handler=0x59e07860) at rlm_eap_peap.c:169 rcode = value optimized out status = value optimized out tls_session = (tls_session_t *) 0x58718240 #14 0x2dfcf1c6 in eaptype_call (atype=0x584e7d50, handler=0x59e07860) at eap.c:167 rcode = value optimized out #15 0x2dfcf30a in eaptype_select (inst=0x584d23d0, handler=0x59e07860) at eap.c:361 default_eap_type = value optimized out eaptype = (eaptype_t *) 0x59d5feb8 vp = value optimized out namebuf = [EMAIL PROTECTED] eaptype_name = 0x2e1d7d26 peap #16 0x2dfcdffb in eap_authenticate (instance=0x584d23d0, request=0x58609f90) at rlm_eap.c:261 inst = (rlm_eap_t *) 0x2c442960 handler = (EAP_HANDLER *) 0x59e07860 eap_packet = (eap_packet_t *) 0x0 rcode = value optimized out #17 0x55563682 in modcall (component=0, c=0x584cfe30, request=0x58609f90) at modcall.c:236 myresult = 0 #18 0x55563c71 in call_one (component=-1404819104, p=0x80, request=0x5860b0e0, priority=0x2c442ad0, result=0x40) at modcall.c:269 r = value optimized out #19 0x5556384c in modcall (component=0, c=0x584cfe80, request=0x58609f90) at modcall.c:324 g = (modgroup *) 0x584cfe80 myresult = 0 #20 0xb763 in rad_check_password (request=0x58609f90) at auth.c:380 dval = (DICT_VALUE *) 0x0 auth_type_pair = value optimized out cur_config_item = value optimized out password_pair = (VALUE_PAIR *) 0x0 auth_item = value optimized out string = [EMAIL PROTECTED]:XUU\000\000LíVUUU\000\0008ö\a\000\000\000\000\000uest 521P\031OXUU\000\000ç6VUUU\000\000\220\237`XUU\000\000\000\020\000\000\002\000\000\000\200ázª*\000\000\000\000\000\000\000\000ÿÿö\003\000\000\030\000\000\000P(OXUU\000\000Ä\\oÑÿ\177\000\000À\\oÑÿ\177\000\000\001\000\000\000\000\000\000\000\220\237`XUU\000\000P\031OXUU\000\000qVUUU\000\000P(OXUU\000\000P\031OXUU\000\000Ä\\oÑÿ\177\000\000... auth_type = 6 result = value optimized out auth_type_count = 1 #21 0xbc8a in rad_authenticate (request=0x58609f90) at auth.c:675 check_item = value optimized out vp = (VALUE_PAIR *) 0x5860b0e0 namepair = (VALUE_PAIR *) 0x586c89d0 check_item = value optimized out reply_item = value optimized out auth_item = (VALUE_PAIR *) 0x0 module_msg = value optimized out tmp = (VALUE_PAIR *) 0x0 result = 3 r = value optimized out umsg =
Problem with rlm_perl module
Hello All I have spent few days trying to build freeradius with rlm_perl module on Solaris 10. Using both last versio 2.0.0 and 1.1.7 I'm getting vary similar problem. Does anybody get it running ? recvfrom0x4814 /usr/local/lib/perl5/5.8.8/sun4-solaris/CORE/libperl.a(pp_sys.o) socketpair 0x4a10 /usr/local/lib/perl5/5.8.8/sun4-solaris/CORE/libperl.a(util.o) socketpair 0x6be4 /usr/local/lib/perl5/5.8.8/sun4-solaris/CORE/libperl.a(pp_sys.o) getservent 0xdfbc /usr/local/lib/perl5/5.8.8/sun4-solaris/CORE/libperl.a(pp_sys.o) connect 0x7108 /usr/local/lib/perl5/5.8.8/sun4-solaris/CORE/libperl.a(pp_sys.o) setservent 0xe2e4 /usr/local/lib/perl5/5.8.8/sun4-solaris/CORE/libperl.a(pp_sys.o) getnetbyaddr0xd9b8 /usr/local/lib/perl5/5.8.8/sun4-solaris/CORE/libperl.a(pp_sys.o) getprotoent 0xdc90 /usr/local/lib/perl5/5.8.8/sun4-solaris/CORE/libperl.a(pp_sys.o) getnetbyname0xd93c /usr/local/lib/perl5/5.8.8/sun4-solaris/CORE/libperl.a(pp_sys.o) setnetent 0xe214 /usr/local/lib/perl5/5.8.8/sun4-solaris/CORE/libperl.a(pp_sys.o) getservbyport 0xdfac /usr/local/lib/perl5/5.8.8/sun4-solaris/CORE/libperl.a(pp_sys.o) getprotobynumber0xdc80 /usr/local/lib/perl5/5.8.8/sun4-solaris/CORE/libperl.a(pp_sys.o) endservent 0xe460 /usr/local/lib/perl5/5.8.8/sun4-solaris/CORE/libperl.a(pp_sys.o) getprotobyname 0xdc38 /usr/local/lib/perl5/5.8.8/sun4-solaris/CORE/libperl.a(pp_sys.o) setprotoent 0xe27c /usr/local/lib/perl5/5.8.8/sun4-solaris/CORE/libperl.a(pp_sys.o) endprotoent 0xe3f4 /usr/local/lib/perl5/5.8.8/sun4-solaris/CORE/libperl.a(pp_sys.o) __muldi30x5bbc /usr/local/lib/perl5/5.8.8/sun4-solaris/CORE/libperl.a(perlio.o) __divdi30x5bb0 /usr/local/lib/perl5/5.8.8/sun4-solaris/CORE/libperl.a(perlio.o) __floatdidf 0x597c /usr/local/lib/perl5/5.8.8/sun4-solaris/CORE/libperl.a(pp_sys.o) __floatdidf 0x5bbc /usr/local/lib/perl5/5.8.8/sun4-solaris/CORE/libperl.a(pp_sys.o) __floatdidf 0x5cd8 /usr/local/lib/perl5/5.8.8/sun4-solaris/CORE/libperl.a(pp_sys.o) __floatdidf 0x8320 /usr/local/lib/perl5/5.8.8/sun4-solaris/CORE/libperl.a(pp_sys.o) __floatdidf 0x8eec /usr/local/lib/perl5/5.8.8/sun4-solaris/CORE/libperl.a(pp_sys.o) ld: fatal: relocations remain against allocatable but non-writable sections collect2: ld returned 1 exit status gmake[6]: *** [rlm_perl.la] Error 1 gmake[6]: Leaving directory `/opt/OPEN-Ldap/freeradius-server-2.0.0 /src/modules/rlm_perl' gmake[5]: *** [common] Error 2 gmake[5]: Leaving directory `/opt/OPEN-Ldap/freeradius-server-2.0.0 /src/modules' gmake[4]: *** [all] Error 2 gmake[4]: Leaving directory `/opt/OPEN-Ldap/freeradius-server-2.0.0 /src/modules' gmake[3]: *** [common] Error 2 gmake[3]: Leaving directory `/opt/OPEN-Ldap/freeradius-server-2.0.0/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/opt/OPEN-Ldap/freeradius-server-2.0.0/src' gmake[1]: *** [common] Error 2 gmake[1]: Leaving directory `/opt/OPEN-Ldap/freeradius-server-2.0.0' make: *** [all] Error 2 Br Serelk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
help
please send me db_mysql.sql file _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help
1. it's included with the server 2. Google freeradius mysql ddl script Ivan Kalik Kalik Informatika ISP Dana 14/1/2008, adnan deura [EMAIL PROTECTED] piše: please send me db_mysql.sql file _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Sample configurations file for Windows XP -PEAP(FreeRadius 2.0)
Hi All, I'm new to FreeRadius and want to test WIndoes PEAP with FreeRadius 2.0. The network diagram is: Windows XPAP(with 802.1x proxy)192.168.1.10FreeRadius 2.0(192.168.1.100) I want to have Windows XP station username/password in a file in Linux server. Anybody has a sample configuration file? Thanks Nick Nie - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Sample configurations file for Windows XP -PEAP(FreeRadius 2.0)
nicknie wrote: I'm new to FreeRadius and want to test WIndoes PEAP with FreeRadius 2.0. The network diagram is: Windows XPAP(with 802.1x proxy)192.168.1.10FreeRadius 2.0(192.168.1.100) I want to have Windows XP station username/password in a file in Linux server. Anybody has a sample configuration file? The server comes with configuration files that *work*. In 2.0, add a user password to the users file (see the FAQ). Un-check the validate server certificate on the Windows workstation. Start the server in debugging mode, as root. If FreeRADIUS was installed correctly, PEAP should JUST WORK. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello, and a question.
Hi there. Have used freeRADIUS in the past to authenticate dial-up/ADSL users, but now have a different implementation problem that requires some input from this list. I am working on a Single Sign-On solution to try and give users in the organisation that I work for, a single username and password. I am planning on using LDAP for the backend store, as a lot of our equipment can be configured to use LDAP natively. However we also have a lot of routers and other network kit that either talks RADIUS or TACACS+ (or both) I would like to keep things as simple as possible, so my question is. Can freeRADIUS provide everything that TACACS+ can so that I need only install/configure freeRADIUS. Thanks in advance David W Bell - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
help
after all the installations and configurations what can i do with freeRadius as a student , i mean what to show to my teacher _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Hello, and a question.
David W Bell wrote: Hi there. Have used freeRADIUS in the past to authenticate dial-up/ADSL users, but now have a different implementation problem that requires some input from this list. I am working on a Single Sign-On solution to try and give users in the organisation that I work for, a single username and password. I am planning on using LDAP for the backend store, as a lot of our equipment can be configured to use LDAP natively. However we also have a lot of routers and other network kit that either talks RADIUS or TACACS+ (or both) I would like to keep things as simple as possible, so my question is. Can freeRADIUS provide everything that TACACS+ can so that I need only install/configure freeRADIUS. This really depends on the network kit and the Vendor that produced it. Cisco claim that many of the features of TACACS+ can be replicated using Cisco VSA strings. The wiki has bits and pieces for Cisco http://wiki.freeradius.org/Cisco#Cisco_VSAs. HP Have limited support for RADIUS; You can be an operator or manager But you can't really have fine grained control over what commands those users can issue. Bottom line is TACACS+ generally has better support in terms of fine grained access control, but TACACS+ server implementations do not have the flexibility and range of features FreeRADIUS does. Thanks in advance David W Bell - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Hello, and a question.
Can freeRADIUS provide everything that TACACS+ can so that I need only install/configure freeRADIUS. This really depends on the network kit and the Vendor that produced it. Cisco claim that many of the features of TACACS+ can be replicated using Cisco VSA strings. The wiki has bits and pieces for Cisco http://wiki.freeradius.org/Cisco#Cisco_VSAs. HP Have limited support for RADIUS; You can be an operator or manager But you can't really have fine grained control over what commands those users can issue. Bottom line is TACACS+ generally has better support in terms of fine grained access control, but TACACS+ server implementations do not have the flexibility and range of features FreeRADIUS does. Much of the kit we are using IS Cisco. So I am guessing I would be best to allow RADIUS TAC+ to interface with LDAP. Thanks for that :) David - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help
Output from radiusd -X. It will show server configuration and processing of the access and accounting requests. If you are using MySQL you can also show the content of radacct table that will contain accounting data. Ivan Kalik Kalik Informatika ISP Dana 14/1/2008, adnan deura [EMAIL PROTECTED] piše: after all the installations and configurations what can i do with freeRadius as a student , i mean what to show to my teacher _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
me for help
i get the following output after configuring mysql the file is attached please help _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ error file of radiusd -X after mysql configuration.odt Description: Zip compressed data - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Hello, and a question.
David W Bell wrote: Can freeRADIUS provide everything that TACACS+ can so that I need only install/configure freeRADIUS. No, but patches are always welcome. :) It's probably not that much work to turn FreeRADIUS into a TACACS+ server, too. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: me for help
rlm_sql (sql): Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot open shared object file: No such file or directory rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld Instructions in the debug are quite clear. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: seg fault
no - i'd read that as some other part of your 64bit x86 box is trashing the memory. hmm, the box itself is totally stable, nothing else has been an issue... hyperthreading on? no they are true dualcore Xeon's w/ no hyperthreading. Joe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: seg fault
Hi, If malloc() is core dumping, then something else is going wrong. i.e. some other part of the server is over-writing memory. when you say the server i assume you mean freeradius not another app.?? no - i'd read that as some other part of your 64bit x86 box is trashing the memory. hyperthreading on? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Attribute Called-Station-Id not working
Hi there, Currently we running FR for our hotspot with multipe Chillispot NAS. We also create demo accounts for each nas, means demo1 should only work for nas1 and demo2 should only work for nas2. For the above purpose, we put attribute Called-Station-Id for each demo account within radcheck table. The problem found, the account demo1 still be able to use at nas2 vice versa. Here is our radcheck table: mysql select * from radcheck where username='demo'; ++---+---++---+ | id | UserName | Attribute | op | Value | ++---+---++---+ | 40 | demo | Auth-Type | := | Local | | 41 | demo | Password | == | password | | 42 | demo | Called-Station-Id | := | 00-1A-70-XX-XX-XX | ++---+---++---+ 3 rows in set (0.00 sec) We put NAS mac address for Called-Station-Id since radacct also record the above mac address at column Called-Station-Id. Perhaps, we miss something at somewhere... Any suggestion are welcome. Regards Paul - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Group Membership query??
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Good evening, I'm sending a group membership query from openser to freeradius... I would like to send a group membership query, but it's a group authorize query that is received... Any idea? Thanks!!! See output below: Going to the next request Sending Access-Reject of id 62 to 172.24.4.1 port 35340 Waking up in 1 seconds... rad_recv: Access-Request packet from host 172.24.4.1:35344, id=62, length=75 User-Name = [EMAIL PROTECTED] Sip-Group = suspended Service-Type = Voice NAS-Port = 0 NAS-IP-Address = 172.24.4.1 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module preprocess returns ok for request 5 radius_xlat: '/var/log/freeradius/radacct/172.24.4.1/auth-detail-20080114' rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.24.4.1/auth-detail-20080114 modcall[authorize]: module auth_log returns ok for request 5 modcall[authorize]: module chap returns noop for request 5 modcall[authorize]: module mschap returns noop for request 5 modcall[authorize]: module digest returns noop for request 5 rlm_realm: Looking up realm sip.bob.net for User-Name = [EMAIL PROTECTED] rlm_realm: No such realm sip.bob.net modcall[authorize]: module suffix returns noop for request 5 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 5 radius_xlat: '[EMAIL PROTECTED]' rlm_sql (sql): sql_set_user escaped user -- '[EMAIL PROTECTED]' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '[EMAIL PROTECTED]' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 0 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '[EMAIL PROTECTED]' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 0 modcall[authorize]: module sql returns ok for request 5 rlm_python [freeradius-cdrtool]: entering the authorization phase ... rlm_python [freeradius-cdrtool]: ignoring unsupported method. modcall[authorize]: module python returns ok for request 5 modcall: leaving group authorize (returns ok) for request 5 auth: type Local auth: No User-Password or CHAP-Password attribute in the request auth: Failed to validate the user. Login incorrect: [EMAIL PROTECTED]/no User-Password attribute] (from client private port 0) Delaying request 5 for 1 seconds Finished request 5 Going to the next request - --- Walking the entire request list --- Waking up in 1 seconds... - --- Walking the entire request list --- sql: group_membership_query = SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}' sql: authorize_check_query = SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id sql: authorize_reply_query = SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id sql: authorize_group_check_query = SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.V alue,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id sql: authorize_group_reply_query = SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.V alue,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHi6GcN4+o+2LtdFwRAo6dAKDcrKrHkCQbAZVG760/THgVbvjAiQCgmEmi xhAa8CvRnHNc5E9wKRj7wjA= =K+hh -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP Groups and EAP
I tried updating to version 2.0. I like the debug interface much better, it makes it alot easier to read. Nice job! Unfortunately, this upgrade introduced a new issue for me. When doing group ldap searches, it looks like the Ldap-UserDN variable doesn't get populated. The server successfully binds and finds the user, but in the expand section: rlm_ldap: ldap_release_conn: Release Id: 0 expand: (|(objectClass=GroupOfNames)(member=%{Ldap-UserDN}))(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDN})))-(|(objectClass=GroupOfNames)(member=))((objectClass=GrouOfUniqueNames)(uniquemember=))) It then fails to find the ldap group, because of the member= and uniquemember= are blank. A few lines below that, though, it comes up with the correct full DN search: rlm_ldap: performing search in cn=somegroup,ou=something,ou=something with filter (|(objectClass=GroupOfNames)(member=))((objectClass=GrouOfUniqueNames)(uniquemember=))) rlm_ldap: object not found or got ambigous search result rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing serach in cn=xxx,ou=something,ou=something with filter (objectclass=*) rlm_ldap::ldap_groupcmp: ldap_get_values failed I tried using my old config from 1.1, as well as re-writing it, as well as using the new and old ldap.attrmap. This is verified to work in version 1.1 for me. This is against eDirectory, configured with the --with-edir option - Original Message From: Alan DeKok [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Saturday, January 12, 2008 3:40:39 AM Subject: Re: LDAP Groups and EAP Brian Wilson wrote: I am running Freeradius 1.1.0 Please upgrade to at least 1.1.7. It solves a lot of security issues, *and* helps with the problem you're seeing, too. When I try to authenticate, the radius server receives about 7 Access-requests. That's the way EAP works. Notice that there is no additional call to ldap_group between the authorize and the resulting failure in the files module. The *inner* tunnel session doesn't match a huntgroup. Is there something i'm missing in the configuration file? I would suggest trying 2.0. The new virtual server feature should make this configuration much simpler. The new unlang feature should also simplify the writing of policies. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mysql error
Hi, I'm working with Freeradius in production enviroment (start up), at this time is working with only two users, they can connect whitout problems and all seems to work fine but looking into radius.log i found this messages: radius:/usr/local/var/log/radius# tail radius.log -f Mon Jan 14 16:01:37 2008 : Error: rlm_sql (sql): Couldn't insert SQL accounting ALIVE record - Unknown column 'XAscendSessionSvrKey' in 'field list' Mon Jan 14 16:01:37 2008 : Error: rlm_sql_mysql: Cannot store result Mon Jan 14 16:01:37 2008 : Error: rlm_sql_mysql: MySQL error 'Unknown column 'XAscendSessionSvrKey' in 'field list'' Mon Jan 14 16:01:37 2008 : Error: rlm_sql_mysql: Cannot store result Mon Jan 14 16:01:37 2008 : Error: rlm_sql_mysql: MySQL error 'Unknown column 'XAscendSessionSvrKey' in 'field list'' Mon Jan 14 16:01:38 2008 : Error: rlm_sql (sql): Couldn't insert SQL accounting ALIVE record - Unknown column 'XAscendSessionSvrKey' in 'field list' Mon Jan 14 16:01:38 2008 : Error: rlm_sql_mysql: Cannot store result Mon Jan 14 16:01:38 2008 : Error: rlm_sql_mysql: MySQL error 'Unknown column 'XAscendSessionSvrKey' in 'field list'' Mon Jan 14 16:01:38 2008 : Error: rlm_sql_mysql: Cannot store result Mon Jan 14 16:01:38 2008 : Error: rlm_sql_mysql: MySQL error 'Unknown column 'XAscendSessionSvrKey' in 'field list'' Any help please? Thanks in advance, Pablo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mysql error
Hi, Hi, I'm working with Freeradius in production enviroment (start up), at this time is working with only two users, they can connect whitout problems and all seems to work fine but looking into radius.log i found this messages: you dont state what platform you are using or what version of freeradius however, your mysql SHOULD have such a column in that table (its in the supplied schema) - the error you are getting is the accounting packets which cannot be stored as you are asking for that column...check the sql/mysql/dialup.conf sql/mysql/schema.sql: xascendsessionsvrkey varchar(10) default NULL, the stuff is in the supplied schema! sql/mysql/dialup.conf: acctstartdelay, xascendsessionsvrkey) \ ^ here is the call as part of an UPDATE check case sensitivity alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mysql error
I'm using freeradius 2.0.0 on Debian Etch, I think the problem is case sensitivity as you mentioned because in schema.sql is un lower case and in dialup.conf also. [EMAIL PROTECTED] wrote: Hi, Hi, I'm working with Freeradius in production enviroment (start up), at this time is working with only two users, they can connect whitout problems and all seems to work fine but looking into radius.log i found this messages: you dont state what platform you are using or what version of freeradius however, your mysql SHOULD have such a column in that table (its in the supplied schema) - the error you are getting is the accounting packets which cannot be stored as you are asking for that column...check the sql/mysql/dialup.conf sql/mysql/schema.sql: xascendsessionsvrkey varchar(10) default NULL, the stuff is in the supplied schema! sql/mysql/dialup.conf: acctstartdelay, xascendsessionsvrkey) \ ^ here is the call as part of an UPDATE check case sensitivity alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Información de NOD32, revisión 2790 (20080114) __ Este mensaje ha sido analizado con NOD32 antivirus system http://www.nod32.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Verifying framed-ip-address using unlang
Thx for your input. I guess I'll have to experiment a bit :-) kind regards Pshem On 14/01/2008, Arran Cudbard-Bell [EMAIL PROTECTED] wrote: Alan DeKok wrote: Pshem Kowalczyk wrote: Is it possible to use unlang to verify whether framed-ip-address is in the right range or not? Yes and no. The comparisons are not typed, so everything is a string. We would like to use it on our wholesale proxies. Wholesale customers of ours are allowed to allocate IPs to their customers, but only from certain ranges. Will a normal comparison ( ) work with IP addresses? They will work, but they won't do IP-address comparison. You can either do string comparisons, which will often do the right thing, OR regular expressions, which will do the right thing if you write them carefully. Sub Captures of regular expressions map onto variables %{1}-%{8}, so you can extract the individual octets of the IP address. So if you wanted to check multiple ranges, best thing is to extract the octets of the IP address and then do the comparison with normal = operators. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mysql error
Add that column in your radacct table. I had the same problem and it is solved (upgrade to 1.1.7 from 1.1.4 )... Check mysql sample file in sql dir. [EMAIL PROTECTED] wrote: Hi, Hi, I'm working with Freeradius in production enviroment (start up), at this time is working with only two users, they can connect whitout problems and all seems to work fine but looking into radius.log i found this messages: you dont state what platform you are using or what version of freeradius however, your mysql SHOULD have such a column in that table (its in the supplied schema) - the error you are getting is the accounting packets which cannot be stored as you are asking for that column...check the sql/mysql/dialup.conf sql/mysql/schema.sql: xascendsessionsvrkey varchar(10) default NULL, the stuff is in the supplied schema! sql/mysql/dialup.conf: acctstartdelay, xascendsessionsvrkey) \ ^ here is the call as part of an UPDATE check case sensitivity alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mysql error
in lower case really? Marinko Tarlac wrote: Add that column in your radacct table. I had the same problem and it is solved (upgrade to 1.1.7 from 1.1.4 )... Check mysql sample file in sql dir. [EMAIL PROTECTED] wrote: Hi, Hi, I'm working with Freeradius in production enviroment (start up), at this time is working with only two users, they can connect whitout problems and all seems to work fine but looking into radius.log i found this messages: you dont state what platform you are using or what version of freeradius however, your mysql SHOULD have such a column in that table (its in the supplied schema) - the error you are getting is the accounting packets which cannot be stored as you are asking for that column...check the sql/mysql/dialup.conf sql/mysql/schema.sql: xascendsessionsvrkey varchar(10) default NULL, the stuff is in the supplied schema! sql/mysql/dialup.conf: acctstartdelay, xascendsessionsvrkey) \ ^ here is the call as part of an UPDATE check case sensitivity alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Información de NOD32, revisión 2790 (20080114) __ Este mensaje ha sido analizado con NOD32 antivirus system http://www.nod32.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mysql error
I didn't try lowercase but XAscendSessionSvrKey - varchar(10) works fine :) Pablo Lucchetti wrote: in lower case really? Marinko Tarlac wrote: Add that column in your radacct table. I had the same problem and it is solved (upgrade to 1.1.7 from 1.1.4 )... Check mysql sample file in sql dir. [EMAIL PROTECTED] wrote: Hi, Hi, I'm working with Freeradius in production enviroment (start up), at this time is working with only two users, they can connect whitout problems and all seems to work fine but looking into radius.log i found this messages: you dont state what platform you are using or what version of freeradius however, your mysql SHOULD have such a column in that table (its in the supplied schema) - the error you are getting is the accounting packets which cannot be stored as you are asking for that column...check the sql/mysql/dialup.conf sql/mysql/schema.sql: xascendsessionsvrkey varchar(10) default NULL, the stuff is in the supplied schema! sql/mysql/dialup.conf: acctstartdelay, xascendsessionsvrkey) \ ^ here is the call as part of an UPDATE check case sensitivity alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Información de NOD32, revisión 2790 (20080114) __ Este mensaje ha sido analizado con NOD32 antivirus system http://www.nod32.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
authentication winxp over LAN throw switch cisco3560 not working
hello everybody, i try many time to resolve this pb but i dont found the solution. my configuration is: freeradius-1.1.1 on fedora6+ nas switch cisco3560+ and wind xp client. On wireless, my configuration work, when i use NAS AP of cisco1200. But when i use my configuration to authenticate xp on lan network only: its not work. i saw on debug -X -A, that freeradius receive ACCES_REQUEST but when he send ACCES_CHALLENGE he cannot. on trame analysis on freerdaius, i saw that he cannot send on the port that the switch tel him to send. i m blocked on this step, and i cannot found the solution. on my configuration, i use users: users password only i havent active directory. on my switch, i dont make vlan. can some one help me. thanks for all _ Découvrez de nouvelles façons de rester en contact grâce à Windows Live! Visitez la Cité @ Live dès aujourd’hui! http://www.tonadresselive.ca/?icid=LIVEIDFRCA006- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Attribute Called-Station-Id not working
Dear Alan, Thx for yr quick reply... We are still using an old attributes with reasons... we need to deactive and activate user account without touch his/her password. We did it within just play around at Auth-Type value = Local/Reject Thx for your advice for my case regarding the above subject, I will try it at my office this morning; of course with still using an old attributes. Regards Paul On 1/14/2008, Alan DeKok [EMAIL PROTECTED] wrote: PD wrote: For the above purpose, we put attribute Called-Station-Id for each demo account within radcheck table. The problem found, the account demo1 still be able to use at nas2 vice versa. Please read doc/rlm_sql. Here is our radcheck table: mysql select * from radcheck where username='demo'; ++---+---++---+ | id | UserName | Attribute | op | Value | ++---+---++---+ | 40 | demo | Auth-Type | := | Local | Don't use Auth-Type. i.e. DELETE that row. | 41 | demo | Password | == | password | Change these fields to Cleartext-Password := password | 42 | demo | Called-Station-Id | := | 00-1A-70-XX-XX-XX | Read doc/rlm_sql. This operator *sets* the value. It doesn't *compare* the value. You want == Perhaps, we miss something at somewhere... The operators are documented in doc/rlm_sql. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Attribute Called-Station-Id not working (SOLVED)
Dear All, Just as an acknowledge that Alan sugestion working fine. we just change an OP from := to == For the old attributes.. we still used them but we also changes the OP. An Auth-Type using == and Password using := The other attributes we uses... Expiration with OP == Login Time with OP == Max-All-Session with OP := Please let me know if we use an incorrect OP. Also... since Alan advice us not to use the old attributes, is there any other replacement attribute for our needs ? Paul On 1/15/2008, PD [EMAIL PROTECTED] wrote: Dear Alan, Thx for yr quick reply... We are still using an old attributes with reasons... we need to deactive and activate user account without touch his/her password. We did it within just play around at Auth-Type value = Local/Reject Thx for your advice for my case regarding the above subject, I will try it at my office this morning; of course with still using an old attributes. Regards Paul On 1/14/2008, Alan DeKok [EMAIL PROTECTED] wrote: PD wrote: For the above purpose, we put attribute Called-Station-Id for each demo account within radcheck table. The problem found, the account demo1 still be able to use at nas2 vice versa. Please read doc/rlm_sql. Here is our radcheck table: mysql select * from radcheck where username='demo'; ++---+---++---+ | id | UserName | Attribute | op | Value | ++---+---++---+ | 40 | demo | Auth-Type | := | Local | Don't use Auth-Type. i.e. DELETE that row. | 41 | demo | Password | == | password | Change these fields to Cleartext-Password := password | 42 | demo | Called-Station-Id | := | 00-1A-70-XX-XX-XX | Read doc/rlm_sql. This operator *sets* the value. It doesn't *compare* the value. You want == Perhaps, we miss something at somewhere... The operators are documented in doc/rlm_sql. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radgroupreply do not read (read_grous directive)
Did you put something in usergroup table to link users and groups? Ivan Kalik Kalik Informatika ISP Dana 14/1/2008, Arlinelson Fernandes dos Santos [EMAIL PROTECTED] piše: Hi,I am usind freeradius 2.0 an need to load radcheck, radreply, radgroupcheck and radgroupreply tables. But radcheck and radreply work. To load radgroupcheck e need to set Fall-Through = Yes, but radgroupreply don't work. The read_groups directive is 'Yes' but not appers in the radius debug mode.How can I do freeradius load radgroupreply? I have the Simultaneous-Use attribut in this table, I need to use this attribute to all users. Someone please? -- Acelerador POP Acelere a sua conex#227;o discada em até 19 x. Use o Acelerador POP. É grátis, pegue já o seu. http://www.pop.com.br/acelerador - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Python and return attributes in `postproxy`
Alan DeKok wrote: Mike O'Connor wrote: It would seem as if the rlm_python does not provide the returned attributes from the proxy, this happens in both a patched version of 1.1.7 and 2.0.0. Yes. It appears to convert only the request attributes to a python tuple. Fixing it shouldn't be hard. As always, patches are welcome. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Hi Alan Is there an example of how this is done in another rlm_ module which works in a similar way as the rlm_python code ? Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radgroupreply do not read (read_grous directive)
Yes! I did. And I put attributes into all tables ckeck and reply. Did you put something in usergroup table to link users and groups? Ivan Kalik Kalik Informatika ISP Dana 14/1/2008, Arlinelson Fernandes dos Santos pie: Hi,I am usind freeradius 2.0 an need to load radcheck, radreply, radgroupcheck and radgroupreply tables. But radcheck and radreply work. To load radgroupcheck e need to set Fall-Through = Yes, but radgroupreply don't work. The read_groups directive is 'Yes' but not appers in the radius debug mode.How can I do freeradius load radgroupreply? I have the Simultaneous-Use attribut in this table, I need to use this attribute to all users. Someone please? -- Acelerador POP Acelere a sua conexo discada em at 19 x. Use o Acelerador POP. grtis, pegue j o seu. http://www.pop.com.br/acelerador- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Acelerador POP Acelere a sua conexo discada em at 19 x. Use o Acelerador POP. grtis, pegue j o seu. http://www.pop.com.br/acelerador - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html