date:20080121

MySQL

2008-01-21 Thread Anthony McGarry

Hi,

I have installed MySQL and Freeradius2.0.0.

I have updated the schema for MySQL and set the location, username and
password in sql.conf.
When I start radiusd -X I get the following output. I cannot see any mention
of connecting to mysql.

[EMAIL PROTECTED] sbin]# radiusd -X
FreeRADIUS Version 2.0.0, for host i686-pc-linux-gnu, built on Jan 19 2008
at 13:59:15
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/proxy.conf
including configuration file /usr/local/etc/raddb/clients.conf
including configuration file /usr/local/etc/raddb/snmp.conf
including configuration file /usr/local/etc/raddb/eap.conf
including configuration file /usr/local/etc/raddb/sql.conf
including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf
including configuration file /usr/local/etc/raddb/sql/mysql/counter.conf
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/default
including dictionary file /usr/local/etc/raddb/dictionary
main {
prefix = "/usr/local"
localstatedir = "/usr/local/var"
logdir = "/usr/local/var/log/radius"
libdir = "/usr/local/lib"
radacctdir = "/usr/local/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
checkrad = "/usr/local/sbin/checkrad"
debug_level = 0
proxy_requests = yes
 log {
syslog_facility = "daemon"
stripped_names = yes
file = "/usr/local/var/log/radius/radius.log"
auth = yes
auth_badpass = yes
auth_goodpass = no
 }
 security {
max_attributes = 200
reject_delay = 1
status_server = yes
 }
}
 client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
 }
radiusd:  Loading Realms and Home Servers 
 proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
 }
 home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_check = "none"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
 }
 home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
 }
 realm example.com {
auth_pool = my_auth_failover
 }
 realm LOCAL {
 }
radiusd:  Instantiating modules 
 instantiate {
 Module: Linked to module rlm_exec
 Module: Instantiating exec
  exec {
wait = yes
input_pairs = "request"
shell_escape = yes
  }
 Module: Linked to module rlm_expr
 Module: Instantiating expr
 Module: Linked to module rlm_expiration
 Module: Instantiating expiration
  expiration {
reply-message = "Password Has Expired  "
  }
 Module: Linked to module rlm_logintime
 Module: Instantiating logintime
  logintime {
reply-message = "You are calling outside your allowed timespan  "
minimum-timeout = 60
  }
 }
radiusd:  Loading Virtual Servers 
server {
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Linked to module rlm_pap
 Module: Instantiating pap
  pap {
encryption_scheme = "auto"
auto_header = no
  }
 Module: Linked to module rlm_chap
 Module: Instantiating chap
 Module: Linked to module rlm_mschap
 Module: Instantiating mschap
  mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = no
  }
 Module: Linked to module rlm_unix
 Module: Instantiating unix
  unix {
radwtmp = "/usr/local/var/log/radius/radwtmp"
  }
 Module: Linked to module rlm_eap
 Module: Instantiating eap
  eap {
default_eap_type = "md5"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
  }
 Module: Linked to sub-module rlm_eap_md5
 Module: Instantiating eap-md5
 Module: Linked to sub-module rlm_eap_leap
 Module: Instantiating eap-leap
 Module: Linked to sub-module rlm_eap_gtc
 Module: Instantiating eap-gtc
   gtc {
challenge = "Password: "
auth_type =

Re: rlm_dbm segfault debug

2008-01-21 Thread Alan DeKok

Patrick Medina wrote:
> Newbie and non-programmer here, though I've been a
> user of this very useful program for a year now
> (currently on v.2.0.0, CentOS 4.6, x86_64). I'm trying
> to get a MAC and SSID -based system to work with
> rlm_dbm.  The system already works with the "users"
> file as follows:

  Is there a pressing need to use rlm_dbm?  In 2.0.0, the "users" file
should scale to 100's of 1000's of users.  (i.e. I've tested it at
that.)  It takes a few seconds to start the server, but it's just as
fast as rlm_dbm would be.

> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 182915782400 (LWP 23734)]
> 0x0041d3c7 in request_data_get (request=0x0,
> unique_ptr=0x0, unique_int=-1379995904) at util.c:145
> 145 for (last = &(request->data); *last !=
> NULL; last = &((*last)->next)) {

  OK, that's a bug.

> I've been scouring the documentation and list, trying
> various running and compiling configuration options,
> all to no avail.  Moreover, the same segfault happens
> with v.1.1.7, though I haven't run gdb on that.

  I've committed a fix to rlm_dbm in CVS.  Check the code out from CVS,
and install that.  It should be OK.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: MySQL accounting issue

2008-01-21 Thread tnt

Dana 21/1/2008, "A.smith" <[EMAIL PROTECTED]> piše:

>Also, regarding radius 1.x I  now have a patch which allows this type of
>record.
>However next issue is that with accounting set to sql in radiusd.conf the
>SQL statements are being written just to
>/usr/local/var/log/radius/sqltrace.sql
>and nothing is actually put in the database... What have I done wrong? :P
>
>cheers Andy.
>
>
>Message sent using UK Grid Webmail 2.7.9
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius V2.0.0 Simultaneous-Use Problems

2008-01-21 Thread tnt

> I took a look at the SQL Queries used by freeradius to check the logins
>and decided to run them manually on my sql database:
>
>mysql> SELECT COUNT(*) FROM radacct  WHERE username = 'Kat' AND
>acctstoptime = 0;
>+--+
>| COUNT(*) |
>+--+
>|   16 |
>+--+
>1 row in set (0.00 sec)
>

So, you have 16 open sessions for that user. Why? Do they have some
sentimental value to you? If not, just delete them. They most likely
occured when your radius server was down while users logged off.

>
>The problem is, if you try to log this person in the server saying that
>they are already logged in, because the simul_count_query is picking up
>*ALL* rows which have accountstoptime = 0. This is an problem because
>all the accounting records are kept in the same place as the start and
>stop records, which means that there will always be records with an
>acctstoptime=0 in that table. Am I doing anything wrong here? Any tips
>on how to fix this problem would be much appreciated.
>

It looks to me that you are switching off your radius server and not
clearing up the mess in accounting records that happens because of that.
If you are not doing that but Stop packets are being lost because of
poor and unreliable communication between radius server and your NAS,
you need to fix that.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

filling in missing attributes

2008-01-21 Thread Duane Cox

Hello List

I'm looking for a suggested solution to this problem.

I'm running freeradius 2.0.0 and have a NAS that doesn't supply the 
NAS-Identifier or Called-Station-Id.
I'm using rlm_sql to log acct information and would like to have this missing 
info filled in.

Would it be best to use:

rlm_attr_rewrite

or

use conditional syntax within the sql.conf ie. "%{%{Foo}:-%{Bar}}"

Thanks
Duane Cox 
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius V2.0.0 Simultaneous-Use Problems

2008-01-21 Thread Kevin Bonner

On Monday 21 January 2008 14:19:06 Dryw Paulic wrote:
> mysql> select * from radgroupcheck;
> ++---+--++---+
> | id | GroupName | Attribute| op | Value |
> ++---+--++---+
> |  1 | dynamic   | Auth-Type| == | Local |
> |  2 | static| Auth-Type| == | Local |

Don't do this.  The operator is incorrect as is nearly every use of Auth-Type.

> mysql> SELECT COUNT(*) FROM radacct  WHERE username = 'Kat' AND
> acctstoptime = 0;
...
> mysql> select * from radacct where username ='Kat' \G;

What is shown when you use the full where clause from the previous command?  
What version of MySQL are you using?  I just tried this with 5.0.48 
and 'datefield = 0' does not match on datetime fields.

If you're using the V2.0.0 schema, that SQL query should be changed 
to 'acctstoptime IS NULL'.  Try this from your SQL command line and see if it 
gives the desired results for both connected and disconnected users.

Kevin Bonner

signature.asc
Description: This is a digitally signed message part.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Blank spaces after username - problem with accounting - MySql database.

2008-01-21 Thread Marinko Tarlac

Hi there... It is me again... Few days ago, I wrote about my problem 
with accounting. Problem is that accounting doesn't work for some users. 
In this case it is "test.user"... After some investigation with log 
files (holly radiusd -X), I can see that problem is in username. As you 
can see (line marked with *-*-*-*-*-*-*), some blank spaces were added 
to username. I'm not sure how is this possible and who adds this blank 
spaces (Mikrotik as nas or radius server?).


Log file is truncated but I believe you can see where is the problem.

- 
LOG STARTS

Finished request 13
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.15.2:48263, id=86, 
length=145

  Service-Type = Framed-User
  Framed-Protocol = PPP
  NAS-Port = 23427
  NAS-Port-Type = Ethernet
  User-Name = "test.user  "  *-*-*-*-*-*-* (notice blank spaces 
before closing ")

  
  rlm_realm: No '@' in User-Name = "test.user  ", looking up realm 
NULL  *-*-*-*-*-*-* (NOTICE BLANK SPACE BEFORE CLOSING ")


...
radius_xlat:  'test.user  ' *-*-*-*-*-*-* (NOTICE BLANK SPACE BEFORE 
CLOSING ")
rlm_sql (sql): sql_set_user escaped user --> 'test.user  ' *-*-*-*-*-*-* 
(NOTICE BLANK SPACE BEFORE CLOSING ")
radius_xlat:  'SELECT id, UserName, Attribute, Value, op   FROM 
radcheck   WHERE Username = 'test.user  '   ORDER BY id' 
*-*-*-*-*-*-* (NOTICE BLANK SPACE BEFORE CLOSING ")

.
rad_check_password:  Found Auth-Type CHAP
auth: type "CHAP"
Processing the authenticate section of radiusd.conf
modcall: entering group CHAP for request 14
rlm_chap: login attempt by "test.user  " with CHAP password 
*-*-*-*-*-*-* (NOTICE BLANK SPACE BEFORE CLOSING ")
rlm_chap: Using clear text password "testpassword" for user test.user 
authentication.
rlm_chap: chap user test.user   authenticated succesfully *-*-*-*-*-*-* 
(user with blank spaces doesn't exist anywhere and especially not in 
radcheck table and authentication was successful )

modcall[authenticate]: module "chap" returns ok for request 14
modcall: leaving group CHAP (returns ok) for request 14
..
radius_xlat:  'INSERT into radacct (AcctSessionId, AcctUniqueId, 
UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, 
AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, 
ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, 
CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, 
FramedIPAddress, AcctStartDelay, AcctStopDelay) values('814054d0', 
'8ff2e3a7022d4a99', 'test.user  ', '', '192.168.15.2', '23427', 
'Ethernet', '2008-01-21 23:41:06', '0', '0', 'RADIUS', '', '', '0', '0', 
'ht1', '00:19:66:11:59:F7', '', 'Framed-User', 'PPP', '192.168.15.212', 
'0', '0')'


- 
LOG ENDS


p.s. As I can see in debug lines, raddacct table has been filled with 
wrong username so I searched for username "test.user  " and I can see 
his traffic. I can solve this problem with small scheduler script who 
will replace "test.user  " with "test.user" but who knows... Maybe 
tomorrow I will have more spaces and other signs in username ???


One is sure. MySql seems fine and only solution I can do now is to make 
querry "UPDATE radacct SET UserName='test.user' WHERE 
UserName='test.user  '";


FR is 1.1.4 and I will update it and see what's going on...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

FreeRadius V2.0.0 Simultaneous-Use Problems

2008-01-21 Thread Dryw Paulic

Hello Everyone,

On Freeradius Version 2.0.0, I have an issue with Simultaneous-Use.
Multiple logins are being caught, but the issue seems to be that the
checks seem to be catching much more than they should be. In particular,
I was looking at this user:

mysql> select * from radgroupcheck;
++---+--++---+
| id | GroupName | Attribute| op | Value |
++---+--++---+
|  1 | dynamic   | Auth-Type| == | Local |
|  2 | static| Auth-Type| == | Local |
|  8 | static| Simultaneous-Use | := | 1 |
|  7 | dynamic   | Simultaneous-Use | := | 1 |
++---+--++---+
4 rows in set (0.00 sec)

mysql> select * from radusergroup where username='Kat';
+--+---+--+
| UserName | GroupName | priority |
+--+---+--+
| Kat  | static|1 |
+--+---+--+
1 row in set (0.00 sec)

mysql> select * from radcheck where username='Kat';
+--+--+++--+
| id   | UserName | Attribute  | op | Value|
+--+--+++--+
| 4946 | Kat  | Password   | == |testing123  |
| 4947 | Kat  | expiration  | := | 15 Feb 2008 15:01:32 |
+--+--+++--+
2 rows in set (0.00 sec)

 I took a look at the SQL Queries used by freeradius to check the logins
and decided to run them manually on my sql database:

mysql> SELECT COUNT(*) FROM radacct  WHERE username = 'Kat' AND
acctstoptime = 0;
+--+
| COUNT(*) |
+--+
|   16 |
+--+
1 row in set (0.00 sec)

But if I run:

mysql> select * from radacct where username ='Kat' \G;

*** 26. row ***
radacctid: 1789
   acctsessionid: 00:0E:0C:2D:18:56:12008736891000
acctuniqueid: 9d581ecac1736df4
username: kat
   groupname:
   realm:
nasipaddress: ###.###.###.###
   nasportid:
 nasporttype: Wireless-802.11
   acctstarttime: 2008-01-20 23:22:02
acctstoptime: 2008-01-20 23:22:02
 acctsessiontime: 1322
   acctauthentic: RADIUS
   connectinfo_start:
connectinfo_stop:
 acctinputoctets: 425841
acctoutputoctets: 170623
 calledstationid: 00:0E:0C:2D:18:56
callingstationid: 00:13:e8:6a:e1:cf
  acctterminatecause: Admin-Reset
 servicetype:
  framedprotocol:
 framedipaddress: 10.51.2.56
  acctstartdelay: 0
   acctstopdelay: 0
xascendsessionsvrkey: NULL
26 rows in set (0.00 sec)

You can see from the last row returned that they are indeed logged out.
But attempts to login are futile as radpostauth shows:

+--+--++---+--+
| id   | user | pass   | reply | date |
+--+--++---+--+
| 97264 | Kat  | testing123 | Access-Reject | 2008-01-21 09:40:50 |
+--+--++---+--+

The problem is, if you try to log this person in the server saying that
they are already logged in, because the simul_count_query is picking up
*ALL* rows which have accountstoptime = 0. This is an problem because
all the accounting records are kept in the same place as the start and
stop records, which means that there will always be records with an
acctstoptime=0 in that table. Am I doing anything wrong here? Any tips
on how to fix this problem would be much appreciated. 

Thanks in Advance!

Regards,

Dryw Paulic


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: MySQL accounting issue

2008-01-21 Thread Andy Smith

Anyone any ideas? I repost this as the posts are in a messed up order on the 
forum page...


As per my previous mail, my current issue is that with accounting set to sql 
in radiusd.conf
the SQL statements are being written just to 
/usr/local/var/log/radius/sqltrace.sql

and nothing is actually put in the database... What have I done wrong?

thank u!

- Original Message - 
From: "Andy Smith" <[EMAIL PROTECTED]>

To: "FreeRadius users mailing list" 
Sent: Monday, January 21, 2008 4:40 PM
Subject: Re: MySQL accounting issue



Ok, Im seeing this from radiusd:

rad_recv: Accounting-Request packet from host 89.107.16.10:35563, id=252, 
length=145

   Acct-Status-Type = Failed
   Service-Type = IAPP-Register
   Attr-102 = 0x0194
   Error-Cause = 32
   Event-Timestamp = "Jan 21 2008 15:53:44 GMT"
   Attr-105 = 0x61733264636462613764
   Acct-Session-Id = "[EMAIL PROTECTED]"
   Attr-108 = 0x38392e3130372e31362e39
   Attr-109 = 0x35303630
   NAS-Port = 5060
   Acct-Delay-Time = 0
   NAS-IP-Address = 89.107.16.10
 Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 0
 modcall[preacct]: module "preprocess" returns noop for request 0
rlm_acct_unique: WARNING: Attribute User-Name was not found in request, 
unique ID MAY be inconsistent
rlm_acct_unique: Hashing 'NAS-Port = 5060,Client-IP-Address = 
89.107.16.10,NAS-IP-Address = 89.107.16.10,Acct-Session-Id = 
"[EMAIL PROTECTED]",'

rlm_acct_unique: Acct-Unique-Session-ID = "df36632bb92d5086".
 modcall[preacct]: module "acct_unique" returns ok for request 0
   rlm_realm: Proxy reply, or no User-Name.  Ignoring.
 modcall[preacct]: module "suffix" returns noop for request 0
 modcall[preacct]: module "files" returns noop for request 0
modcall: leaving group preacct (returns ok) for request 0
 Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 0
 modcall[accounting]: module "unix" returns noop for request 0
radius_xlat:  '/usr/local/var/log/radius/radutmp'
rlm_radutmp: NAS OpenSER port 5060 unknown packet type 15)
 modcall[accounting]: module "radutmp" returns noop for request 0
radius_xlat:  ''
radius_xlat:  ''
radius_xlat:  '/usr/local/var/log/radius/sqltrace.sql'
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): Released sql socket id: 3
 modcall[accounting]: module "sql" returns ok for request 0
modcall: leaving group accounting (returns ok) for request 0
Sending Accounting-Response of id 252 to 89.107.16.10 port 35563
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 252 with timestamp 4794be17
Nothing to do.  Sleeping until we see a request. 


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: SNMP error

2008-01-21 Thread A . L . M . Buxey

Hi,

> i followed the bugs file.
> i recompiled the freeradius  with   --enable-developer actually  i made RPM 
> file  with   (  rpmbuild -ta freeradius-1.1.7.tar.gz )

are you SURE That this worked fine - as if you used the standard
SPEC then you wouldnt enable the developer stuff.

> (no debugging symbols found)

you also need to ensure your kernel is built with debugging support

alan

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: MySQL

2008-01-21 Thread A . L . M . Buxey

Hi,

> I have installed MySQL and Freeradius2.0.0.
> 
> I have updated the schema for MySQL and set the location, username and
> password in sql.conf.
> When I start radiusd -X I get the following output. I cannot see any mention
> of connecting to mysql.

you arent using sql for authentication, authorization or accounting? 
if this is the case, then you need to add 'sql' to the instantiate
stanza of the configuration to enable the module

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Support for RFC4372 (Chargeable User Identity)

2008-01-21 Thread Maja Wolniewicz


Alan DeKok pisze:

Maja Wolniewicz wrote:

Thanks. Now it works.


  That's good to hear.


Yes, I want to add current realm to reply attribute
Chargeable-User-Identity which comes form LDAP.
When Chargeable-User-Identity attribute isn't present in request I want
to remove Chargeable-User-Identity from reply.


  There's a simple answer: don't add something if it's not needed.
Adding it and then deleted it is complicated, and prone to errors.

  Instead, add it *only* if it's necessary.  This may involve update the
LDAP maps to use a temporary attribute.  e.g. map the LDAP data to
"My-Chargeable-User-Identity", and then map that to
Chargeable-User-Identity only when necessary.

  See raddb/dictionary for how to define local attributes like this.


That's right. Thanks for help,
Maja

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



--
Maja Gorecka-Wolniewicz  [EMAIL PROTECTED]
 http://www.umk.pl/~mgw
 PGP key: http://www.umk.pl/~mgw/pgp_pub_key.asc
Uczelniane Centrum   Information & Communication
InformatyczneTechnology Centre
Uniwersytet Mikolaja Kopernika   Nicolaus Copernicus University
Coll. Maximum, pl. Rapackiego 1, 87-100 Torun, Poland
tel.: +48 56-611-27-40 fax: +48 56-622-18-50 tel. kom.: +48-693032574


smime.p7s
Description: S/MIME Cryptographic Signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Support for RFC4372 (Chargeable User Identity)

2008-01-21 Thread Alan DeKok

Maja Wolniewicz wrote:
> Thanks. Now it works.

  That's good to hear.

> Yes, I want to add current realm to reply attribute
> Chargeable-User-Identity which comes form LDAP.
> When Chargeable-User-Identity attribute isn't present in request I want
> to remove Chargeable-User-Identity from reply.

  There's a simple answer: don't add something if it's not needed.
Adding it and then deleted it is complicated, and prone to errors.

  Instead, add it *only* if it's necessary.  This may involve update the
LDAP maps to use a temporary attribute.  e.g. map the LDAP data to
"My-Chargeable-User-Identity", and then map that to
Chargeable-User-Identity only when necessary.

  See raddb/dictionary for how to define local attributes like this.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Building FreeRadius 2.0 on Mac OS X fails

2008-01-21 Thread Info


Walter,

I've overcome these problems on Tiger and offer these points in hopes  
it works on Leopard as well:


1] in my experience, rlm_perl doesn't like apple's perl install -  
haven't had the time to really figure out why, but installing my own  
build (tested with threaded/shared and w/o threads/static versions)  
of 5.8.8 and pointing to it does the trick. Once you've got your own  
perl installed, add this in your ./configure flags :


PERL5LIB={your prefix}/lib/perl5/5.8.8/darwin-*

2] on linking to mysql, assuming you have a version 5.x.x install try :
--with-mysql-lib-dir={your prefix}/lib/mysql5/mysql
--with-mysql-include-dir={your prefix}/include/mysql5

Note, my installs of perl and mysql have been done via the macports  
system, so you'll want to double-check your paths against what i've  
shown here.


Hope this helps!

Jim

P.S.: Another important thing, freeradius' default configure is set  
up to try to install all stable modules, but without strict  
dependencies. So modules that aren't necessary for basic  
functionality will fail (to build) silently if you're missing  
libraries they need (including, unixodbc, postgresql, mysql, kerberos).


___
James H. Graham II, Creative Director • Spark Media Group
6511 Allegheny Avenue • Takoma Park, MD 20912-4737
Tel: 301.270.4810 • Fax: 301.270.4812 • www.sparkmediagroup.com

On Jan 21, 2008, at 7:32 AM, Walter Krivanek, VividVisions wrote:

Hi,

I'm trying to build the current version of freeradius on my Mac OS X  
10.5 Intel 64bit computer.


First, I have troubles with the configure script. Even if I show the  
script my exact location of the MySQL include files using --with- 
mysql-include-dir and similar, I'm getting warnings that mysql.h has  
not been found and that the MySQL module will be disabled. BTW: This  
also happens on my Debian server, where MySQL is installed in the  
standard directories.


Then, when running make, I'm getting the following error:
ranlib: archive member: .libs/rlm_perl.a(DynaLoader.a) fat file for  
cputype (18) cpusubtype (0) is not an object file (bad magic number)

ar: internal ranlib command failed

Any thoughts?

Thanks for your help!
Walter

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ 
users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Support for RFC4372 (Chargeable User Identity)

2008-01-21 Thread Maja Wolniewicz


Alan DeKok pisze:

Maja Wolniewicz wrote:

I'm now running freeradius from CVS
FreeRADIUS Version 2.0.1-pre

in post-auth I have:
if ("%{FreeRADIUS-Proxied-To}" == "127.0.0.1") {
if ("%{Chargeable-User-Identity}") {


  Please fix this.  Putting double quotes around *everything* was never
necessary, and is much less necessary in 2.0.1.  See the examples from
my original message, and in "man unlang".

Thanks. Now it works.


  What you want is:

  if (FreeRADIUS-Proxied-To == 127.0.01) {
...
  if (Chargeable-User-Identity) {
...


update reply {
Chargeable-User-Identity:="%{reply:[EMAIL PROTECTED]"
}


  Huh?  You're updating the reply attribute with the reply attribute?
What do you think this is doing?
Yes, I want to add current realm to reply attribute 
Chargeable-User-Identity which comes form LDAP.
When Chargeable-User-Identity attribute isn't present in request I want 
to remove Chargeable-User-Identity from reply.

if (Chargeable-User-Identity) {
update reply {

Chargeable-User-Identity:="%{reply:[EMAIL PROTECTED]"
}
}
else {
update reply {
 Chargeable-User-Identity-="%{reply:Chargeable-User-Identity}"
}
}

What is wrong in it?
Maja



and it still doesn't work for me:


  Perhaps you could explain why you think it should do *anything* useful.


when Chargeable-User-Identity in request has a nul value, I'm getting:

...

expand: %{Chargeable-User-Identity} ->
? Evaluating ("%{Chargeable-User-Identity}") -> FALSE


  Update this to use my example above.  See also "man unlang":

 If  the  word 'foo' is not a quoted string, then it can be taken
 as a reference to a named attribute.  See "Referencing attribute
 lists", below, for examples of attribute references.  The condi-
 tion evaluates to true if the named attribute exists.

  This *is* documented.  I *did* say I had updated the documentation.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



--
Maja Gorecka-Wolniewicz  [EMAIL PROTECTED]
 http://www.umk.pl/~mgw
 PGP key: http://www.umk.pl/~mgw/pgp_pub_key.asc
Uczelniane Centrum   Information & Communication
InformatyczneTechnology Centre
Uniwersytet Mikolaja Kopernika   Nicolaus Copernicus University
Coll. Maximum, pl. Rapackiego 1, 87-100 Torun, Poland
tel.: +48 56-611-27-40 fax: +48 56-622-18-50 tel. kom.: +48-693032574



smime.p7s
Description: S/MIME Cryptographic Signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Building FreeRadius 2.0 on Mac OS X fails

2008-01-21 Thread Alan DeKok

Walter Krivanek, VividVisions wrote:
> configure: running /bin/sh ./configure
> '--prefix=/usr/local/freeradius2'  '--with-mysql-dir=/usr/local/mysql'

  That should be "--with-mysql-include-dir=..."  What you have above is
completely unsupported.

> checking for mysql/mysql.h... no

  Hmm... the "configure" script tries to use mysql_config, which is the
preferred way to get the MySQL configuration parameters.  e.g. try:

$ PATH=$PATH:/usr/local/mysql/bin
$ ./configure

  If it can find "mysql_config", it SHOULD work.

> configure: WARNING: MySQL headers not found. Use
> --with-mysql-include-dir=.
> configure: WARNING: silently not building rlm_sql_mysql.
> configure: WARNING: FAILURE: rlm_sql_mysql requires: mysql.h.
> 
> And it doesn't matter if I use --with-mysql-dir or
> --with-mysql-include-dir.
> mysql.h exists in the mysql/include directory.

  Well, yes.  But it's sometimes , and other times
, depending on the MySQL version, OS, packager, time of day,
moon phase, etc.

  The current configure script expects  OR, it prefers to
use mysql_config.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Support for RFC4372 (Chargeable User Identity)

2008-01-21 Thread Alan DeKok

Maja Wolniewicz wrote:
> I'm now running freeradius from CVS
> FreeRADIUS Version 2.0.1-pre
> 
> in post-auth I have:
> if ("%{FreeRADIUS-Proxied-To}" == "127.0.0.1") {
> if ("%{Chargeable-User-Identity}") {

  Please fix this.  Putting double quotes around *everything* was never
necessary, and is much less necessary in 2.0.1.  See the examples from
my original message, and in "man unlang".

  What you want is:

  if (FreeRADIUS-Proxied-To == 127.0.01) {
...
  if (Chargeable-User-Identity) {
...

> update reply {
> Chargeable-User-Identity:="%{reply:[EMAIL PROTECTED]"
> }

  Huh?  You're updating the reply attribute with the reply attribute?
What do you think this is doing?

> and it still doesn't work for me:

  Perhaps you could explain why you think it should do *anything* useful.

> when Chargeable-User-Identity in request has a nul value, I'm getting:
...
> expand: %{Chargeable-User-Identity} ->
> ? Evaluating ("%{Chargeable-User-Identity}") -> FALSE

  Update this to use my example above.  See also "man unlang":

 If  the  word ’foo’ is not a quoted string, then it can be taken
 as a reference to a named attribute.  See "Referencing attribute
 lists", below, for examples of attribute references.  The condi‐
 tion evaluates to true if the named attribute exists.

  This *is* documented.  I *did* say I had updated the documentation.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Freeradius +LDAP + Active Directory + Authenticate Only questions

2008-01-21 Thread William Segura

Thanks, I got it working. Is there a reason that the ldap search that
rlm_ldap performs functions differently  from ldapsearch? With
ldapsearch I can do a search without specifying an OU but with rlm_ldap,
it fails? I do not have control of the Active Directory server here so I
cannot apply the dsHeuristics setting as specified in the rlm_ldap docs.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Alan DeKok
Sent: Friday, January 18, 2008 1:05 AM
To: FreeRadius users mailing list
Subject: Re: Freeradius +LDAP + Active Directory + Authenticate Only
questions

William Segura wrote:
> I am trying to setup Freeradius to authenticate against an active
> directory server.

  Only "bind as user" will work, and even then not always.

> Here are the relevant files:

  Please do not post configuration files to the list.

> Radius Log:
...
> rad_recv: Access-Request packet from host 127.0.0.1:35655, id=159,
> length=58
>   User-Name = "user1"
>   User-Password = "\204\016V\332\226\325\007\347\254Hm\262}B\321M"

  Your shared secret is wrong.  Fix it.

>   modcall[authorize]: module "preprocess" returns ok for request 0
> rlm_pap: WARNING! No "known good" password found for the user.
> Authentication may fail because of this.
>   modcall[authorize]: module "pap" returns noop for request 0

  You have re-ordered the modules in the "authorize" section.  Why?  Do
you understand what the PAP module does?

> rlm_ldap: Bind failed with invalid credentials

  Because the password was wrong.  The password *should* be visible in
debugging mode.  It should NOT be binary garbage.

> auth: Failed to validate the user.
>   WARNING: Unprintable characters in the password. ?  Double-check the
> shared secret on the server and the NAS!

  Perhaps this message might be useful.  Did you read it?  Did you
follow it's instructions?

  Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: MySQL accounting issue

2008-01-21 Thread Andy Smith


Ok, Im seeing this from radiusd:

rad_recv: Accounting-Request packet from host 89.107.16.10:35563, id=252, 
length=145

   Acct-Status-Type = Failed
   Service-Type = IAPP-Register
   Attr-102 = 0x0194
   Error-Cause = 32
   Event-Timestamp = "Jan 21 2008 15:53:44 GMT"
   Attr-105 = 0x61733264636462613764
   Acct-Session-Id = "[EMAIL PROTECTED]"
   Attr-108 = 0x38392e3130372e31362e39
   Attr-109 = 0x35303630
   NAS-Port = 5060
   Acct-Delay-Time = 0
   NAS-IP-Address = 89.107.16.10
 Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 0
 modcall[preacct]: module "preprocess" returns noop for request 0
rlm_acct_unique: WARNING: Attribute User-Name was not found in request, 
unique ID MAY be inconsistent
rlm_acct_unique: Hashing 'NAS-Port = 5060,Client-IP-Address = 
89.107.16.10,NAS-IP-Address = 89.107.16.10,Acct-Session-Id = 
"[EMAIL PROTECTED]",'

rlm_acct_unique: Acct-Unique-Session-ID = "df36632bb92d5086".
 modcall[preacct]: module "acct_unique" returns ok for request 0
   rlm_realm: Proxy reply, or no User-Name.  Ignoring.
 modcall[preacct]: module "suffix" returns noop for request 0
 modcall[preacct]: module "files" returns noop for request 0
modcall: leaving group preacct (returns ok) for request 0
 Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 0
 modcall[accounting]: module "unix" returns noop for request 0
radius_xlat:  '/usr/local/var/log/radius/radutmp'
rlm_radutmp: NAS OpenSER port 5060 unknown packet type 15)
 modcall[accounting]: module "radutmp" returns noop for request 0
radius_xlat:  ''
radius_xlat:  ''
radius_xlat:  '/usr/local/var/log/radius/sqltrace.sql'
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): Released sql socket id: 3
 modcall[accounting]: module "sql" returns ok for request 0
modcall: leaving group accounting (returns ok) for request 0
Sending Accounting-Response of id 252 to 89.107.16.10 port 35563
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 252 with timestamp 4794be17
Nothing to do.  Sleeping until we see a request. 


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Building FreeRadius 2.0 on Mac OS X fails

2008-01-21 Thread Walter Krivanek, VividVisions



Alan DeKok wrote:

Walter Krivanek, VividVisions wrote:

First, I have troubles with the configure script. Even if I show the
script my exact location of the MySQL include files using
--with-mysql-include-dir and similar, I'm getting warnings that  
mysql.h
has not been found and that the MySQL module will be disabled. BTW:  
This

also happens on my Debian server, where MySQL is installed in the
standard directories.


 Can you post the errors?  That might help...


=== configuring in ./drivers/rlm_sql_mysql (/usr/local/install/ 
freeradius-server-2.0.0/src/modules/rlm_sql/./drivers/rlm_sql_mysql)
configure: running /bin/sh ./configure '--prefix=/usr/local/ 
freeradius2'  '--with-mysql-dir=/usr/local/mysql' '--enable-ltdl- 
install=no' --cache-file=/dev/null --srcdir=.

checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for mysql_config... no
checking for pthread_create in -lpthread... yes
checking for mysql_init in -lmysqlclient_r... yes
checking for mysql/mysql.h... no
configure: WARNING: MySQL headers not found. Use --with-mysql-include- 
dir=.

configure: WARNING: silently not building rlm_sql_mysql.
configure: WARNING: FAILURE: rlm_sql_mysql requires: mysql.h.

And it doesn't matter if I use --with-mysql-dir or --with-mysql- 
include-dir.

mysql.h exists in the mysql/include directory.


Then, when running make, I'm getting the following error:
ranlib: archive member: .libs/rlm_perl.a(DynaLoader.a) fat file for
cputype (18) cpusubtype (0) is not an object file (bad magic number)
ar: internal ranlib command failed


 If you don't need rlm_perl, then delete that entire directory.


Ok, I'll try that. FYI: I'm running Perl v5.8.8.

Bye,
Walter

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Support for RFC4372 (Chargeable User Identity)

2008-01-21 Thread Maja Wolniewicz


Alan DeKok pisze:

Maja Wolniewicz wrote:

According to RFC4372  CUI attribute in request can include a single NUL
character, then your test
if ("%{Chargeable-User-Identifier}")  {
update reply {
Chargeable-User-Identifier = 
}
}
evaluates to false.


  I've fixed this in CVS head (2.0.1-pre), added better type-checking,
and removed the requirement to always convert everything to strings:

  if (Chargeable-User-Identifier == "") {
...

  if (Framed-IP-Address > 127.0.0.1) {
...

  ~200 lines of code: big administrator happiness. :)

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

I'm now running freeradius from CVS
FreeRADIUS Version 2.0.1-pre

in post-auth I have:
if ("%{FreeRADIUS-Proxied-To}" == "127.0.0.1") {
if ("%{Chargeable-User-Identity}") {
update reply { 
Chargeable-User-Identity:="%{reply:[EMAIL PROTECTED]"

}
}
else {
update reply {
 Chargeable-User-Identity-="%{reply:Chargeable-User-Identity}"
}
}
}

and it still doesn't work for me:

when Chargeable-User-Identity in request has a nul value, I'm getting:

++? if ("%{FreeRADIUS-Proxied-To}" == "127.0.0.1")
expand: %{FreeRADIUS-Proxied-To} -> 127.0.0.1
? Evaluating ("%{FreeRADIUS-Proxied-To}" == "127.0.0.1") -> TRUE
++? if ("%{FreeRADIUS-Proxied-To}" == "127.0.0.1") -> TRUE
++- entering if ("%{FreeRADIUS-Proxied-To}" == "127.0.0.1")
+++? if ("%{Chargeable-User-Identity}")
expand: %{Chargeable-User-Identity} ->
? Evaluating ("%{Chargeable-User-Identity}") -> FALSE
+++? if ("%{Chargeable-User-Identity}") -> FALSE
+++- entering else else
expand: %{reply:Chargeable-User-Identity} ->

when Chargeable-User-Identity in request is AAA

++? if ("%{FreeRADIUS-Proxied-To}" == "127.0.0.1") -> TRUE
++- entering if ("%{FreeRADIUS-Proxied-To}" == "127.0.0.1")
+++? if ("%{Chargeable-User-Identity}")
expand: %{Chargeable-User-Identity} -> AAA
? Evaluating ("%{Chargeable-User-Identity}") -> TRUE
+++? if ("%{Chargeable-User-Identity}") -> TRUE
+++- entering if ("%{Chargeable-User-Identity}")
expand: %{reply:[EMAIL PROTECTED] -> [EMAIL PROTECTED]

Maja

--
Maja Gorecka-Wolniewicz  [EMAIL PROTECTED]
 http://www.umk.pl/~mgw
 PGP key: http://www.umk.pl/~mgw/pgp_pub_key.asc
Uczelniane Centrum   Information & Communication
InformatyczneTechnology Centre
Uniwersytet Mikolaja Kopernika   Nicolaus Copernicus University
Coll. Maximum, pl. Rapackiego 1, 87-100 Torun, Poland
tel.: +48 56-611-27-40 fax: +48 56-622-18-50 tel. kom.: +48-693032574


smime.p7s
Description: S/MIME Cryptographic Signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

MySQL

2008-01-21 Thread Anthony McGarry

Thanks David, that worked.

Message: 6
Date: Sun, 20 Jan 2008 17:46:16 +
From: "Anthony McGarry" <[EMAIL PROTECTED]>
Subject: MySQL
To: freeradius-users@lists.freeradius.org
Message-ID:
   <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="iso-8859-1"

Hi,

I downloaded the latest version 2.0.0. Installed and tested ok.
I want to integrate with MySQL.

However when I follow the procedure on the howto to create the radius db on
mysql I run into a problem.

The howto says to enter the following commands

mysql -uroot -p
 CREATE DATABASE radius;
 GRANT ALL ON radius.* TO [EMAIL PROTECTED] IDENTIFIED BY "radpass";
 exit

This works fine and I can see the newly created db and user.

However then it tells me to run mysql.sql
cd /usr/share/doc/packages/freeradius/doc/examples/

mysql -uroot -p radius < mysql.sql

I have looked everywhere on my system for this file but it is not present.

I checked the tar for 2.0.0 and still no joy
I downloaded and checked the tar for 1.1.7 and its in the doc/example
folder.

Is there a new way of updating the radius db in MySQL or where can I
get the mysql.sql
 script for ver 2.0.0

Thanks

Anthony
-- next part --
An HTML attachment was scrubbed...
URL: <
https://lists.freeradius.org/pipermail/freeradius-users/attachments/20080120/cf567852/attachment-0001.html
>

--

Message: 7
Date: Sun, 20 Jan 2008 18:03:26 +
From: David Wood <[EMAIL PROTECTED]>
Subject: Re: MySQL
To: FreeRadius users mailing list

Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain;charset=us-ascii;format=flowed

Hi Anthony,

In message
<[EMAIL PROTECTED]>, Anthony
McGarry <[EMAIL PROTECTED]> writes
>I downloaded the latest version 2.0.0. Installed and tested ok.
>I want to integrate with MySQL.
>
>However when I follow the procedure on the howto to create the radius db on
>mysql I run into a problem.

The HOWTO that you're using is out of date.

The SQL files are in raddb/sql/mysql - you need schema.sql. The other
two files are optional - use them if you need the features the tables
are for.

Best wishes,

David
--
David Wood
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: MySQL accounting issue

2008-01-21 Thread tnt

Again, send a debug with the Start and Stop packets.

Ivan Kalik
Kalik Informatika ISP


Dana 21/1/2008, "A.smith" <[EMAIL PROTECTED]> piše:

>Also, regarding radius 1.x I  now have a patch which allows this type of
>record.
>However next issue is that with accounting set to sql in radiusd.conf the
>SQL statements are being written just to
>/usr/local/var/log/radius/sqltrace.sql
>and nothing is actually put in the database... What have I done wrong? :P
>
>cheers Andy.
>
>
>Message sent using UK Grid Webmail 2.7.9
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Building FreeRadius 2.0 on Mac OS X fails

2008-01-21 Thread Walter Krivanek, VividVisions


Arran Cudbard-Bell:


I'm running 10.5.1 Leopard Server, Dual 64bit G4 PPC 1.33 Ghz


And I'm running 10.5.1 Leopard, 2.4 Ghz Intel Core 2 Duo 64bit.
There seem to be similar problems on my good old Mac OS 10.3.9 G4  
Server...


Bye,
Walter



smime.p7s
Description: S/MIME cryptographic signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: upgrade error in 2.0 version

2008-01-21 Thread Alan DeKok

Gopinath Reddy N wrote:
> I would like to know if anything related to configuration has been
> changed in 2.0 version when compared with 1.1.6

  Yes.  "radiusd -C" works.  It didn't in 1.1.6.

> Iam running radiusd -C command it throws the below error. Is it a valid
> error or I can ignore it.

  The LDAP module isn't checked when "radiusd -C" is used.  As a result,
it doesn't add the attributes it defines at run-time.  So, the attribute
type defaults to "octets".

  The solution is to add "ldap_primary-Ldap-Group" as a locally defined
"string" attribute.  See raddb/dictionary.  Use any available number, it
doesn't matter.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Building FreeRadius 2.0 on Mac OS X fails

2008-01-21 Thread Alan DeKok

Walter Krivanek, VividVisions wrote:
> First, I have troubles with the configure script. Even if I show the
> script my exact location of the MySQL include files using
> --with-mysql-include-dir and similar, I'm getting warnings that mysql.h
> has not been found and that the MySQL module will be disabled. BTW: This
> also happens on my Debian server, where MySQL is installed in the
> standard directories.

  Can you post the errors?  That might help...

> Then, when running make, I'm getting the following error:
> ranlib: archive member: .libs/rlm_perl.a(DynaLoader.a) fat file for
> cputype (18) cpusubtype (0) is not an object file (bad magic number)
> ar: internal ranlib command failed

  If you don't need rlm_perl, then delete that entire directory.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Building FreeRadius 2.0 on Mac OS X fails

2008-01-21 Thread Alan DeKok

Arran Cudbard-Bell wrote:
> CVS head fails at
...
> ld: file not found:
> /usr/local/freeradius-cvs100108/lib/libfreeradius-radius-2.0.0-beta.dylib

$ make distclean
$ ./configure
$ make

  You've done a "cvs update" in a tree that started off as 2.0.0-beta.

> Can confirm the other two issues on stable 2.0.0.
> 
> *** Warning: Linking the shared library rlm_perl.la against the
> *** static library
> /System/Library/Perl/5.8.8/darwin-thread-multi-2level/auto/DynaLoader/DynaLoader.a
> is not portable!

  Perl is killing me.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: MySQL accounting issue

2008-01-21 Thread Alan DeKok

A.smith wrote:
>   ok, now I see the other post regarding this. The problem is OpenSER and
> this status type:
> 
> rlm_sql (sql): Unsupported Acct-Status-Type = 15
> 
> Whats the latest on this? Has the incompatibility been addressed in
> freeradius 2.0?

  No.  OpenSER has chosen to ignore the RFC's, and to send garbage
accounting packets to FreeRADIUS.

  If you want this to work, you will need to patch the SQL module.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: adding accounting attribute

2008-01-21 Thread Alan DeKok

Alexander Serkin wrote:
> Hi, FreeRadius Users.
> Could somebody tell me if it's possible to add some accounting attribute
> depending on user's SQL group membership?

  In 2.0.0, yes.  See "man unlang".

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: regarding RFC 2253 UTF-8 String Representation of Distinguished Names support

2008-01-21 Thread Alan DeKok

Gopinath Reddy N wrote:
> Iam trying to send ldap search request to Active Directory using free
> radius 2.0

  Yes... you said that already.

> When I analyzed using ethereal I have observed the below information.

  Since you were asked to post the debugging output, I don't understand
why you would fail to do that.

> António is sent as
> 0x41, 0x6e,0x74, 0xf3, 0x6e, 0x69, 0x6F which is a simple ASCII to hex
> conversion.

  No, it's not.  0xf3 is *not* an ASCII character, and it is not a "hex"
character.  This is not a "simple ASCII to hex conversion".  The problem
is that the string you are giving FreeRADIUS in the User-Name is *not*
UTF-8.

  Since you told FreeRADIUS to use a string *other* than UTF-8, I'm
curious as to why you think FreeRADIUS should use UTF-8 to talk to
Active Directory.

  If you want FreeRADIUS to use UTF-8 to Active Directory, then send a
User-Name that is a UTF-8 string.

> So wanted to check whether free radius 2.0 version is doing the encoding
> in UTF-8 format.Or some configuration attribute Iam missing.

  FreeRADIUS does not translate one character encoding to another.  The
RFC's say that the User-Name SHOULD be a UTF-8 string.  I suggest giving
the server a UTF-8 string, and not a string in some other weird encoding.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: What is up with the SQL Groups

2008-01-21 Thread Etienne Pretorius


Phil Mayers wrote:

Etienne Pretorius wrote:

Hello List,

I am on FreeRadius 1.1.6-1 on debian etch.

I have a user that belongs to both  DSL and  DIAL groups.


The groups are "merged"

http://marc.info/?l=freeradius-users&m=119010719300080&w=2

This works "properly" in FreeRadius 2.0 I believe
-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html

Thank you Phil.

Kind Regards

Etienne Pretorius





-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: SNMP error

2008-01-21 Thread Amr el-Saeed


Hi Alan,

Sorry for the large delay .

i followed the bugs file.
i recompiled the freeradius  with   --enable-developer actually  i made 
RPM file  with   (  rpmbuild -ta freeradius-1.1.7.tar.gz )

i installed the RPM file
ulimit -c unlimited
gdb radiusd
(gdb) set logging file gdb-radiusd.log
(gdb) set logging on
Copying output to gdb-radiusd.log.
run

and that what i got

Starting program: /usr/sbin/radiusd
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread 46912546236704 (LWP 28074)]
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
Mon Jan 21 14:47:10 2008 : Info: Starting - reading configuration files ...
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)

Program exited normally.
(gdb)



did i do some-thing wrong ??






[EMAIL PROTECTED] wrote:

Hi,
  

hi alan,

i searched the freeradius.org for the debug instructions, but i found 
nothing.

what do you mean exactly by debug instructions
i already have this in the radius debug mode



read doc/bugs in the distribution tar file. i can send you a copy if
your archive doesnt contain it. beware that you will need an OS
kernel that has all the debugging flags enabled (most default
distro kernels are compiled in such a way)

I have reported this bug to bugs.freeradius.org with the debug
output that my system was able to generate

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
  

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: MySQL accounting issue

2008-01-21 Thread A.smith

Also, regarding radius 1.x I  now have a patch which allows this type of
record.
However next issue is that with accounting set to sql in radiusd.conf the 
SQL statements are being written just to
/usr/local/var/log/radius/sqltrace.sql
and nothing is actually put in the database... What have I done wrong? :P

cheers Andy.


Message sent using UK Grid Webmail 2.7.9


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Building FreeRadius 2.0 on Mac OS X fails

2008-01-21 Thread Arran Cudbard-Bell


Walter Krivanek, VividVisions wrote:

Hi,

I'm trying to build the current version of freeradius on my Mac OS X 
10.5 Intel 64bit computer.


First, I have troubles with the configure script. Even if I show the 
script my exact location of the MySQL include files using 
--with-mysql-include-dir and similar, I'm getting warnings that 
mysql.h has not been found and that the MySQL module will be disabled. 
BTW: This also happens on my Debian server, where MySQL is installed 
in the standard directories.


Then, when running make, I'm getting the following error:
ranlib: archive member: .libs/rlm_perl.a(DynaLoader.a) fat file for 
cputype (18) cpusubtype (0) is not an object file (bad magic number)

ar: internal ranlib command failed

Any thoughts?

Thanks for your help!
Walter



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

I'm running 10.5.1 Leopard Server, Dual 64bit G4 PPC 1.33 Ghz

--
Arran Cudbard-Bell ([EMAIL PROTECTED])
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08 
University Of Sussex, Brighton

EXT:01273 873900 | INT: 3900

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Building FreeRadius 2.0 on Mac OS X fails

2008-01-21 Thread Arran Cudbard-Bell


Walter Krivanek, VividVisions wrote:

Hi,

I'm trying to build the current version of freeradius on my Mac OS X 
10.5 Intel 64bit computer.


First, I have troubles with the configure script. Even if I show the 
script my exact location of the MySQL include files using 
--with-mysql-include-dir and similar, I'm getting warnings that 
mysql.h has not been found and that the MySQL module will be disabled. 
BTW: This also happens on my Debian server, where MySQL is installed 
in the standard directories.


Then, when running make, I'm getting the following error:
ranlib: archive member: .libs/rlm_perl.a(DynaLoader.a) fat file for 
cputype (18) cpusubtype (0) is not an object file (bad magic number)

ar: internal ranlib command failed

Any thoughts?

Thanks for your help!
Walter



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

CVS head fails at

_tls.c
gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DDARWIN -Wall 
-D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align 
-Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes 
-Wmissing-declarations -Wnested-externs -W -Wredundant-decls -Wundef 
-I/usr/local/src/freeradius-cvscurrent/src 
-I/usr/local/src/freeradius-cvscurrent/libltdl -I../.. -I../../libeap 
-DOPENSSL_NO_KRB5 -c rlm_eap_tls.c  -fno-common -DPIC -o .libs/rlm_eap_tls.o
gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DDARWIN -Wall 
-D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align 
-Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes 
-Wmissing-declarations -Wnested-externs -W -Wredundant-decls -Wundef 
-I/usr/local/src/freeradius-cvscurrent/src 
-I/usr/local/src/freeradius-cvscurrent/libltdl -I../.. -I../../libeap 
-DOPENSSL_NO_KRB5 -c rlm_eap_tls.c -o rlm_eap_tls.o >/dev/null 2>&1
/usr/local/src/freeradius-cvscurrent/libtool --mode=link gcc -release 
2.0.1-pre \

   -module -export-dynamic   -o rlm_eap_tls.la \
   -rpath /usr/local/freeradius-cvs210108/lib rlm_eap_tls.lo 
rlm_eap_tls.c 
/usr/local/src/freeradius-cvscurrent/src/lib/libfreeradius-radius.la 
../../libeap/libfreeradius-eap.la -lcrypto -lssl -lcrypto -framework 
DirectoryService -lresolv  -lpthread
rm -fr  .libs/rlm_eap_tls.a .libs/rlm_eap_tls.la .libs/rlm_eap_tls.lai 
.libs/rlm_eap_tls.so
gcc ${wl}-flat_namespace ${wl}-undefined ${wl}suppress -o 
.libs/rlm_eap_tls-2.0.1-pre.so -bundle  .libs/rlm_eap_tls.o  
/usr/local/src/freeradius-cvscurrent/src/lib/.libs/libfreeradius-radius.dylib 
../../libeap/.libs/libfreeradius-eap.dylib -lssl -lcrypto -lresolv 
-lpthread -framework DirectoryService
ld: file not found: 
/usr/local/freeradius-cvs100108/lib/libfreeradius-radius-2.0.0-beta.dylib

collect2: ld returned 1 exit status
make[9]: *** [rlm_eap_tls.la] Error 1

Can confirm the other two issues on stable 2.0.0.

*** Warning: Linking the shared library rlm_perl.la against the
*** static library 
/System/Library/Perl/5.8.8/darwin-thread-multi-2level/auto/DynaLoader/DynaLoader.a 
is not portable!
gcc ${wl}-flat_namespace ${wl}-undefined ${wl}suppress -o 
.libs/rlm_perl-2.0.0.so -bundle  .libs/rlm_perl.o  
/usr/local/src/freeradius-server-2.0.0/src/lib/.libs/libfreeradius-radius.dylib 
-L/usr/local/lib 
/System/Library/Perl/5.8.8/darwin-thread-multi-2level/auto/DynaLoader/DynaLoader.a 
-L/System/Library/Perl/5.8.8/darwin-thread-multi-2level/CORE -lperl -ldl 
-lm -lutil -lc -lresolv -lpthread -arch i386 -arch ppc -framework 
DirectoryService
ld: warning in 
/usr/local/src/freeradius-server-2.0.0/src/lib/.libs/libfreeradius-radius.dylib, 
file is not of required architecture

(cd .libs && rm -f rlm_perl.so && ln -s rlm_perl-2.0.0.so rlm_perl.so)
ar cru .libs/rlm_perl.a 
/System/Library/Perl/5.8.8/darwin-thread-multi-2level/auto/DynaLoader/DynaLoader.a  
rlm_perl.o 
/System/Library/Perl/5.8.8/darwin-thread-multi-2level/auto/DynaLoader/DynaLoader.a
ranlib: archive member: .libs/rlm_perl.a(DynaLoader.a) fat file for 
cputype (18) cpusubtype (0) is not an object file (bad magic number)

ar: internal ranlib command failed
make[6]: *** [rlm_perl.la] Error 1
make[5]: *** [common] Error 2
make[4]: *** [all] Error 2
make[3]: *** [common] Error 2
make[2]: *** [all] Error 2
make[1]: *** [common] Error 2
make: *** [all] Error 2




--
Arran Cudbard-Bell ([EMAIL PROTECTED])
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08 
University Of Sussex, Brighton

EXT:01273 873900 | INT: 3900

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: MySQL accounting issue

2008-01-21 Thread tnt

And what accounting is it suposed to do with the failed packet???

That value (15) most likely isn't defined in the freeradius dictionary.
And even if it was no sql query is defined in sql.conf for the failed
packet. And most likely no logic in rlm_sql.

Ivan Kalik
Kalik Informatika ISP


Dana 21/1/2008, "A.smith" <[EMAIL PROTECTED]> piše:

>Hi,
>
>  ok this is an example of when its meant to do some accounting, in this
>example I have both detail and sql set for accounting in radiusd.conf.
>
>Nothing to do.  Sleeping until we see a request.
>rad_recv: Accounting-Request packet from host 89.107.16.10:35377, id=82,
>length=145
>Acct-Status-Type = Failed
>Service-Type = IAPP-Register
>Attr-102 = 0x0194
>Error-Cause = 32
>Event-Timestamp = "Jan 21 2008 13:05:11 GMT"
>Attr-105 = 0x61733738333035366464
>Acct-Session-Id = "[EMAIL PROTECTED]"
>Attr-108 = 0x38392e3130372e31362e39
>Attr-109 = 0x35303630
>NAS-Port = 5060
>Acct-Delay-Time = 0
>NAS-IP-Address = 89.107.16.10
>  Processing the preacct section of radiusd.conf
>modcall: entering group preacct for request 85
>  modcall[preacct]: module "preprocess" returns noop for request 85
>rlm_realm: Proxy reply, or no User-Name.  Ignoring.
>  modcall[preacct]: module "suffix" returns noop for request 85
>  modcall[preacct]: module "files" returns noop for request 85
>modcall: leaving group preacct (returns noop) for request 85
>  Processing the accounting section of radiusd.conf
>modcall: entering group accounting for request 85
>radius_xlat:
>'/usr/local/var/log/radius/radacct/89.107.16.10/detail-20080121'
>rlm_detail:
>/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
>to /usr/local/var/log/radius/radacct/89.107.16.10/detail-20080121
>  modcall[accounting]: module "detail" returns ok for request 85
>rlm_sql (sql): Unsupported Acct-Status-Type = 15
>  modcall[accounting]: module "sql" returns noop for request 85
>modcall: leaving group accounting (returns ok) for request 85
>Sending Accounting-Response of id 82 to 89.107.16.10 port 35377
>Finished request 85
>Going to the next request
>
>
>At startup I see this from radiusd
>
>Starting - reading configuration files ...
>reread_config:  reading radiusd.conf
>Config:   including file: /usr/local/etc/raddb/proxy.conf
>Config:   including file: /usr/local/etc/raddb/clients.conf
>Config:   including file: /usr/local/etc/raddb/snmp.conf
>Config:   including file: /usr/local/etc/raddb/sql.conf
> main: prefix = "/usr/local"
> main: localstatedir = "/usr/local/var"
> main: logdir = "/usr/local/var/log/radius"
> main: libdir = "/usr/local/lib"
> main: radacctdir = "/usr/local/var/log/radius/radacct"
> main: hostname_lookups = no
> main: max_request_time = 30
> main: cleanup_delay = 5
> main: max_requests = 1024
> main: delete_blocked_requests = 0
> main: port = 0
> main: allow_core_dumps = no
> main: log_stripped_names = no
> main: log_file = "/usr/local/var/log/radius/radius.log"
> main: log_auth = no
> main: log_auth_badpass = no
> main: log_auth_goodpass = no
> main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
> main: user = "(null)"
> main: group = "(null)"
> main: usercollide = no
> main: lower_user = "no"
> main: lower_pass = "no"
> main: nospace_user = "no"
> main: nospace_pass = "no"
> main: checkrad = "/usr/local/sbin/checkrad"
> main: proxy_requests = yes
> proxy: retry_delay = 5
> proxy: retry_count = 3
> proxy: synchronous = no
> proxy: default_fallback = yes
> proxy: dead_time = 120
> proxy: post_proxy_authorize = no
> proxy: wake_all_if_all_dead = no
> security: max_attributes = 200
> security: reject_delay = 1
> security: status_server = no
> main: debug_level = 0
>read_config_files:  reading dictionary
>read_config_files:  reading naslist
>Using deprecated naslist file.  Support for this will go away soon.
>read_config_files:  reading clients
>read_config_files:  reading realms
>radiusd:  entering modules setup
>Module: Library search path is /usr/local/lib
>Module: Loaded expr
>Module: Instantiated expr (expr)
>Module: Loaded PAP
> pap: encryption_scheme = "crypt"
> pap: auto_header = no
>Module: Instantiated pap (pap)
>Module: Loaded CHAP
>Module: Instantiated chap (chap)
>Module: Loaded MS-CHAP
> mschap: use_mppe = yes
> mschap: require_encryption = no
> mschap: require_strong = no
> mschap:

Re: MySQL accounting issue

2008-01-21 Thread A.smith

Ah,

  ok, now I see the other post regarding this. The problem is OpenSER and
this status type:

rlm_sql (sql): Unsupported Acct-Status-Type = 15

Whats the latest on this? Has the incompatibility been addressed in
freeradius 2.0?

thanks Andy.


Message sent using UK Grid Webmail 2.7.9


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

adding accounting attribute

2008-01-21 Thread Alexander Serkin


Hi, FreeRadius Users.
Could somebody tell me if it's possible to add some accounting attribute
depending on user's SQL group membership?
For example - for all members of SQL group 'somegroupname' add:
User-Category = '1'
to every accounting packet.
Which module should i read about more carefully?

thank you in advance,
--
Alexander
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: MySQL accounting issue

2008-01-21 Thread A.smith

Hi,

  ok this is an example of when its meant to do some accounting, in this
example I have both detail and sql set for accounting in radiusd.conf.

Nothing to do.  Sleeping until we see a request.
rad_recv: Accounting-Request packet from host 89.107.16.10:35377, id=82,
length=145
Acct-Status-Type = Failed
Service-Type = IAPP-Register
Attr-102 = 0x0194
Error-Cause = 32
Event-Timestamp = "Jan 21 2008 13:05:11 GMT"
Attr-105 = 0x61733738333035366464
Acct-Session-Id = "[EMAIL PROTECTED]"
Attr-108 = 0x38392e3130372e31362e39
Attr-109 = 0x35303630
NAS-Port = 5060
Acct-Delay-Time = 0
NAS-IP-Address = 89.107.16.10
  Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 85
  modcall[preacct]: module "preprocess" returns noop for request 85
rlm_realm: Proxy reply, or no User-Name.  Ignoring.
  modcall[preacct]: module "suffix" returns noop for request 85
  modcall[preacct]: module "files" returns noop for request 85
modcall: leaving group preacct (returns noop) for request 85
  Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 85
radius_xlat: 
'/usr/local/var/log/radius/radacct/89.107.16.10/detail-20080121'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to /usr/local/var/log/radius/radacct/89.107.16.10/detail-20080121
  modcall[accounting]: module "detail" returns ok for request 85
rlm_sql (sql): Unsupported Acct-Status-Type = 15
  modcall[accounting]: module "sql" returns noop for request 85
modcall: leaving group accounting (returns ok) for request 85
Sending Accounting-Response of id 82 to 89.107.16.10 port 35377
Finished request 85
Going to the next request


At startup I see this from radiusd

Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /usr/local/etc/raddb/proxy.conf
Config:   including file: /usr/local/etc/raddb/clients.conf
Config:   including file: /usr/local/etc/raddb/snmp.conf
Config:   including file: /usr/local/etc/raddb/sql.conf
 main: prefix = "/usr/local"
 main: localstatedir = "/usr/local/var"
 main: logdir = "/usr/local/var/log/radius"
 main: libdir = "/usr/local/lib"
 main: radacctdir = "/usr/local/var/log/radius/radacct"
 main: hostname_lookups = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_file = "/usr/local/var/log/radius/radius.log"
 main: log_auth = no
 main: log_auth_badpass = no
 main: log_auth_goodpass = no
 main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
 main: user = "(null)"
 main: group = "(null)"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"
 main: checkrad = "/usr/local/sbin/checkrad"
 main: proxy_requests = yes
 proxy: retry_delay = 5
 proxy: retry_count = 3
 proxy: synchronous = no
 proxy: default_fallback = yes
 proxy: dead_time = 120
 proxy: post_proxy_authorize = no
 proxy: wake_all_if_all_dead = no
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
Using deprecated naslist file.  Support for this will go away soon.
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
 pap: encryption_scheme = "crypt"
 pap: auto_header = no
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
 mschap: use_mppe = yes
 mschap: require_encryption = no
 mschap: require_strong = no
 mschap: with_ntdomain_hack = no
 mschap: passwd = "(null)"
 mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
 unix: cache = no
 unix: passwd = "/etc/passwd"
 unix: shadow = "/etc/shadow"
 unix: group = "/etc/group"
 unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
 unix: usegroup = no
 unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded preprocess
 preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
 preprocess: hints = "/usr/local/etc/raddb/hints"
 preprocess: with_ascend_hack = no
 preprocess: ascend_channels_per_line = 23
 preprocess: with_ntdomain_hack = no
 preprocess: with_specialix_jetstream_hack = no
 preprocess: with_cisco_vsa_hack = no
 preprocess: wit

Re: regarding RFC 2253 UTF-8 String Representation of Distinguished Names support

2008-01-21 Thread Gopinath Reddy N

Hi Alan,

Thanks for the information.

Iam trying to send ldap search request to Active Directory using free radius
2.0

Iam using user login filter: (sAMAccountName=%{User-Name})

When I analyzed using ethereal I have observed the below information.

António is sent as
0x41, 0x6e,0x74, 0xf3, 0x6e, 0x69, 0x6F which is a simple ASCII to hex
conversion.

Got confirmed this information using http://centricle.com/tools/ascii-hex/

However looks like Active Directory is expecting this information in UTF -8
format.

If I give user name as AntÃ³nio(corresponds to 0x41, 0x6e, 0x74, 0xc3, 0xb3,
0x6e, 0x69, 0x6f) (used
http://www.parallelgraphics.com/products/utfconverter/ to convert ascii
string to utf-8 string)

which is the equivalent of António in UTF-8 format Active directory is
recognizing the user.

So wanted to check whether free radius 2.0 version is doing the encoding in
UTF-8 format.Or some configuration attribute Iam missing.


Once again Thanks for the help.



Regards
gnr

On Jan 21, 2008 5:53 PM, Alan DeKok <[EMAIL PROTECTED]> wrote:

> Gopinath Reddy N wrote:
> > Could anyone let me know whether RFC2253 is implemented in free radius.
>
>  it should be.
>
> > Iam trying to use special characters in Users name and active directory
> > is expecting UTF-8 string form of the user.
> >
> > However free radius is not encoding it in UTF-8 format.
>
>  This works better in 2.0.0 than in 1.1.7.
>
>  Perhaps you could try posting the debug output, as suggested in the
> FAQ, README, INSTALL, etc.
>
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Building FreeRadius 2.0 on Mac OS X fails

2008-01-21 Thread Walter Krivanek, VividVisions


Hi,

I'm trying to build the current version of freeradius on my Mac OS X  
10.5 Intel 64bit computer.


First, I have troubles with the configure script. Even if I show the  
script my exact location of the MySQL include files using --with-mysql- 
include-dir and similar, I'm getting warnings that mysql.h has not  
been found and that the MySQL module will be disabled. BTW: This also  
happens on my Debian server, where MySQL is installed in the standard  
directories.


Then, when running make, I'm getting the following error:
ranlib: archive member: .libs/rlm_perl.a(DynaLoader.a) fat file for  
cputype (18) cpusubtype (0) is not an object file (bad magic number)

ar: internal ranlib command failed

Any thoughts?

Thanks for your help!
Walter



smime.p7s
Description: S/MIME cryptographic signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

upgrade error in 2.0 version

2008-01-21 Thread Gopinath Reddy N

Hi,

I would like to know if anything related to configuration has been changed
in 2.0 version when compared with 1.1.6

Iam running radiusd -C command it throws the below error. Is it a valid
error or I can ignore it.


/etc/raddb/users[21]: Parser error (check) for entry DEFAULT: Invalid Octet
String "sales" for attribute name "ldap_primary-Ldap-Group"

My users file look like this.
#primary ldap group policy configuration

DEFAULT ldap_primary-Ldap-Group == "sales", XYZ-Attr-4=~"1",
Auth-Type:=DUAL-LDAP

Thanks in advance.

Regards
Gopi
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Traffic volume accounting

2008-01-21 Thread Spam Eater

Thanks!

It turns out that my problem was in fact, another one.
I was using radreply with custom parameters that I check against in bash
scripts.
The problem was freeRadius not sending to the NAS the correct parameters in
radreply.
Somehow, freeRadius ignores all parameters in radreply as sson as it sees
one custom parameter.
This issue was solved creating a clone of radreply, to be used exclusively
by bash scripts.

Thank you!

On Jan 18, 2008 2:22 PM, Edvin Seferovic <[EMAIL PROTECTED]> wrote:

>  >Is it possible to have a counter setup to achieve this?
>
>
>
> Yes. It is.
>
>
>
> >I'd like to know if someone has implemented realtime upload/download
> limitations and what methods were used.
>
>
>
> Realtime traffic accounting would have to be supported by your NAS.  Any
> kind of traffic/bandwidth limitations has to be supported by you NAS, you
> have to tell freeRADIUS what data to store and how to calculate the values..
> and of course, what attributes should it answer to NAS !
>
>
>
> Regards,
>
> E:S
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: regarding RFC 2253 UTF-8 String Representation of Distinguished Names support

2008-01-21 Thread Alan DeKok

Gopinath Reddy N wrote:
> Could anyone let me know whether RFC2253 is implemented in free radius.

  it should be.

> Iam trying to use special characters in Users name and active directory
> is expecting UTF-8 string form of the user.
>  
> However free radius is not encoding it in UTF-8 format.

  This works better in 2.0.0 than in 1.1.7.

  Perhaps you could try posting the debug output, as suggested in the
FAQ, README, INSTALL, etc.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: What is up with the SQL Groups

2008-01-21 Thread Phil Mayers


Etienne Pretorius wrote:

Hello List,

I am on FreeRadius 1.1.6-1 on debian etch.

I have a user that belongs to both  DSL and  DIAL groups.


The groups are "merged"

http://marc.info/?l=freeradius-users&m=119010719300080&w=2

This works "properly" in FreeRadius 2.0 I believe
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

freeradius + ldap + cisco sslvpn

2008-01-21 Thread satish patel

Dear all

  I have requirement of sslvpn authentication with freeradius + 
ldap server is there anyone have worked on freeradius + ldap or authenticate 
with goruping and other features...


$ cat ~/satish/url.txt  

http://www.linuxbug.org
_

   
-
 Why delete messages? Unlimited storage is just a click away.-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

What is up with the SQL Groups

2008-01-21 Thread Etienne Pretorius


Hello List,

I am on FreeRadius 1.1.6-1 on debian etch.

I have a user that belongs to both  DSL and  DIAL groups.

mysql> select * from usergroup;
+--+---+--+
| UserName | GroupName | priority |
+--+---+--+
| [EMAIL PROTECTED]@dsl | DSL   |1 |
| [EMAIL PROTECTED]@dsl | DIAL  |2 |
+--+---+--+
2 rows in set (0.16 sec)

mysql> select * from radreply;
++--+--++---+
| id | UserName | Attribute| op | Value |
++--+--++---+
|  1 | [EMAIL PROTECTED]@dsl | Fall-Through | =  | Yes   |
++--+--++---+
1 row in set (2.26 sec)

mysql> select * from radcheck;
++--++++
| id | UserName | Attribute  | op | 
Value  |

++--++++
|  1 | [EMAIL PROTECTED]@dsl | Crypt-Password | := | 
$1$54Bzhv&gsrta^ysgahTaWiUN7dNbxUp/UZ. |
|  2 | [EMAIL PROTECTED]@dsl | Allow-Access-Blended   | := | 
1  |
|  3 | [EMAIL PROTECTED]@dsl | Max-Monthly-Octets-Blended | := | 
1073741824 |

++--++++
3 rows in set (1.07 sec)

mysql> select * from radgroupcheck;
++---++++
| id | GroupName | Attribute  | op | Value  |
++---++++
|  1 | DISABLED  | Auth-Type  | := | Reject |
|  2 | DSL   | Service-Access-Type | == | DSL|
|  3 | DSL   | Allow-Access-Blended   | := | 0  |
|  4 | DSL   | Allow-Access-Local | := | 0  |
|  5 | DSL   | Max-Monthly-Octets-Blended | := | 0  |
|  6 | DSL   | Max-Monthly-Octets-Local   | := | 0  |
|  7 | DIAL  | Service-Access-Type | == | DIAL   |
++---++++
7 rows in set (0.08 sec)

Here is the debug log:
rad_recv: Access-Request packet from host XXX.XXX.XXX.XXX:37839, id=33, 
length=80

   User-Name = "[EMAIL PROTECTED]@dsl"
   User-Password = ""
   Service-Access-Type = "DIAL"

radius_xlat:  '[EMAIL PROTECTED]@dsl'
rlm_sql (sql): sql_set_user escaped user --> '[EMAIL PROTECTED]@dsl'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op   FROM 
radcheck   WHERE Username = '[EMAIL PROTECTED]@dsl'   
ORDER BY id'

rlm_sql (sql): Reserving sql socket id: 37
radius_xlat:  'SELECT 
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  
FROM radgroupcheck,usergroup WHERE usergroup.Username = 
'[EMAIL PROTECTED]@dsl' AND usergroup.GroupName = 
radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT id, UserName, Attribute, Value, op   FROM 
radreply   WHERE Username = '[EMAIL PROTECTED]@dsl'   
ORDER BY id'
radius_xlat:  'SELECT 
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  
FROM radgroupreply,usergroup WHERE usergroup.Username = 
'[EMAIL PROTECTED]@dsl' AND usergroup.GroupName = 
radgroupreply.GroupName ORDER BY radgroupreply.id'

rlm_sql (sql): Released sql socket id: 37
rlm_sql (sql): No matching entry in the database for request from user 
[EMAIL PROTECTED]@dsl]

 modcall[authorize]: module "sql" returns notfound for request 1

Can someone please explain why the entry is not found. When I perform 
each quey all the groups are shown but rlm_sql only ever finds the user 
when asking for DSL group and then it returns all the attributes from 
all the groups...

--

Kind Regards

Etienne Pretorius


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

regarding RFC 2253 UTF-8 String Representation of Distinguished Names support

2008-01-21 Thread Gopinath Reddy N

Hi,

Could anyone let me know whether RFC2253 is implemented in free radius.

Iam trying to use special characters in Users name and active directory is
expecting UTF-8 string form of the user.

However free radius is not encoding it in UTF-8 format.

Thanks for the help.
-gnr
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: MySQL accounting issue

2008-01-21 Thread Alan DeKok

Andy Smith wrote:
> I have attempted to configure freeradius to write accounting data to
> MySQL, however currently its not working. No data is being written
> to MySQL and the Radius client is complaining its not recieving a reply
> for accounting requests. I subsituted the "detail" setting in
> the "accounting" config section of radiusd.conf for "sql" and modifyied
> the sql.conf as seemed necessary. As soon as I switch this
> back to "detail" my Radius client starts recieving replies from
> freeradius once again :S

  So the sql module isn't logging anything.

> But after that there is no activity in the MySQL log :S And I have no
> errors logged from MySQL or radiusd, nor can I see any errors
> when running "radiusd -Xf"
>  
> anyone any ideas what more I can do to identify the issue??

  Post the output of radiusd -X here, as suggested in the FAQ, README,
INSTALL, and (almost) daily.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Unknown syslog chosen but no facility spedified

2008-01-21 Thread Alan DeKok

Stuart Kendrick wrote:
> Starting RADIUS server: radiusd: Error: Unknown syslog chosen but no
> facility spedified

  Grab a CVS checkout, it should be fixed.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: MySQL

2008-01-21 Thread Alan DeKok

Arlinelson Fernandes dos Santos wrote:
> I saw this version and check the tables.sql, it has a few tables to
> create. You can get more tables by tables.sql from version 1.x.x, I
> don´t know why this new version comes with less table. Maybe only to
> update. I don´t know.

  2.0.0 includes all of the schemas in raddb/sql/*.  This is documented
in the comments at the top of the sql.conf file.

  Is there another place it should be documented?

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_dbm segfault debug

2008-01-21 Thread Patrick Medina

--- Alan DeKok <[EMAIL PROTECTED]> wrote:

>   Is there a pressing need to use rlm_dbm?  In

Just (blindly) following "good" practice.

> 2.0.0, the "users" file should scale to 100's of
> 1000's of users.  (i.e. I've tested it at that.)  It
> takes a few seconds to start the server, but it's
> just as fast as rlm_dbm would be.

Tested and verified working your CVS update.  But
since you put it that way above, I'll stick to a plain
users file then as our user population is not even
5,000.

Thank you for the very fast response, fix, and useful info.

Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ 

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

52 matches

Mail list logo