date:20090410

Re: Trouble with Robust Proxy Accounting

2009-04-10 Thread Alan DeKok

JDL wrote:
 In FreeRADIUS 2.x, the radrelay functions have been built into radiusd.

  That's the intention.

 However, I seem to be having problems with data loss. Everything works
 fine when the remote accounting server is up. However, when it goes
 down, here is what I am seeing.
...
 4) Here is where is gets confusing. It almost seems like radiusd goes
 into some sort of loop. After a short period (less than a minute), all
 of the files are deleted from the listen directory and radiusd goes
 into a hyper polling mode (see the bottom of the attached debug file).
 This is very different from the normal polling mode which occurs at
 appoximatly 1 second intervals.

  There have been other reports of the same thing.  Unfortunately, I've
been unable to reproduce this locally.  That makes it difficult to find
the issue, and to fix it.

 All this does not seem to crash the server, however, the accounting data
 does appear to be lost which is my greatest concern in this e-mail.
 
 If anyone sees any problems with my configuration or needs any further
 information, please let me know. I am currently using FreeRADIUS 2.1.4.

  I'll do some more tests before I release the next version of the server.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: LDAP with fallback on local authentication?

2009-04-10 Thread Alan DeKok

Justin Steward wrote:
 Thanks for the reply. Since SQL modules can't go in authenticate, this
 would have to be in authorize, yes? How then, would I get the reply
 attributes out of the SQL database? Or am I misunderstanding something?

  Maybe you could describe exactly what you want to do.

 I currently have sql in authorize, the users have Auth-Type = LDAP, and
 ldap is in the authenticate section. This is authenticating users
 against LDAP, and getting the reply attributes from the SQL database.

  LDAP is not an authentication protocol.  I suggest using LDAP servers
as a database, if possible.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Sending Access-Challenge

2009-04-10 Thread Laszlo Fekete

Hello!


I'm new to this list and don't found archive or something where maybe
somebody answered my question.

So I want a radius server to wifi auth with eap-ttls/peap, ldap and not
plain-text passwords. I downloaded 2.1.4 source and create debian
package without modification, do some basic configuration and testing,
radtest from local is fine, but radeapclient eap-md5 testing fail.


I saw this on server side:


rad_recv: Access-Request packet from host 127.0.0.1 port 52650, id=76,
length=69
User-Name = steve
NAS-IP-Address = 127.0.0.1
Message-Authenticator = 0xafa8ae1b1aaa6fb0a6cbd0719b507e94
NAS-Port = 0
EAP-Message = 0x02d2000a017374657665
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] No '@' in User-Name = steve, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] EAP packet type response id 210 length 10
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry steve at line 206
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 76 to 127.0.0.1 port 52650
Service-Type = Framed-User
Framed-Protocol = SLIP
Framed-IP-Address = 192.20.126.200
Framed-IP-Netmask = 255.255.255.0
Framed-Routing = Broadcast-Listen
Framed-Filter-Id = std.ppp
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
EAP-Message = 0x01d300160410b7703d97cfb88bff2835ec9a9aedde83
Message-Authenticator = 0x
State = 0xae48086bae9b0cd33d7dacc7cd15f18d
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 2 ID 76 with timestamp +94
Ready to process requests.



And this on client side (local):


# radeapclient -s -X localhost auth testing123 About to send encoded packet:
User-Name = steve
Cleartext-Password = testing
NAS-IP-Address = 127.0.0.1
EAP-Code = Response
EAP-Id = 210
EAP-Type-Identity = steve
Message-Authenticator = 0x30
NAS-Port = 0
Received response ID 76, code 11, length = 131
Service-Type = Framed-User
Framed-Protocol = SLIP
Framed-IP-Address = 192.20.126.200
Framed-IP-Netmask = 255.255.255.0
Framed-Routing = Broadcast-Listen
Filter-Id = std.ppp
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
EAP-Message = 0x01d300160410b7703d97cfb88bff2835ec9a9aedde83
Message-Authenticator = 0xe65c832fea00201e76a340cc0e38cf37
State = 0xae48086bae9b0cd33d7dacc7cd15f18d
+++ EAP decoded packet:
Service-Type = Framed-User
Framed-Protocol = SLIP
Framed-IP-Address = 192.20.126.200
Framed-IP-Netmask = 255.255.255.0
Framed-Routing = Broadcast-Listen
Filter-Id = std.ppp
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
EAP-Message = 0x01d300160410b7703d97cfb88bff2835ec9a9aedde83
Message-Authenticator = 0xe65c832fea00201e76a340cc0e38cf37
State = 0xae48086bae9b0cd33d7dacc7cd15f18d
EAP-Id = 211
EAP-Code = Request
EAP-Type-MD5 = 0x10b7703d97cfb88bff2835ec9a9aedde83

+++ About to send encoded packet:
User-Name = steve
Cleartext-Password = testing
NAS-IP-Address = 127.0.0.1
EAP-Code = Response
EAP-Id = 211
Message-Authenticator = 0x
NAS-Port = 0
EAP-Type-MD5 = 0x106e2008d8fc099a16335131c045fc6df6
State = 0xae48086bae9b0cd33d7dacc7cd15f18d
^C

# cat re.txt
User-Name = steve
Cleartext-Password = testing
NAS-IP-Address = 127.0.0.1
EAP-Code = Response
EAP-Id = 210
EAP-Type-Identity = steve
Message-Authenticator = 0
NAS-Port = 0


What's wrong with the configuration?


Thank you:

blackluck




signature.asc
Description: OpenPGP digital signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Freeradius server not starting!

2009-04-10 Thread ramesh p

[r...@localhost log]# /usr/local/fnmt/etc/init.d/radiusd start
Starting FreeRADIUS:Fri Apr 10 05:52:13 2009 : Info: Starting - reading
configuration files ...
radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
logging: Permission denied
  (rlm_exec: Wait=yes but no output defined. Did you mean output=none?)
radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
logging: Permission denied
  (rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and
linked)
radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
logging: Permission denied
  (rlm_sql (sql): Attempting to connect to rad...@localhost:/LWT)
radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
logging: Permission denied
  (rlm_sql_mysql: Starting connect to MySQL server for #0)
radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
logging: Permission denied
  (rlm_sql_mysql: Starting connect to MySQL server for #1)
radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
logging: Permission denied
  (rlm_sql_mysql: Starting connect to MySQL server for #2)
radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
logging: Permission denied
  (rlm_sql_mysql: Starting connect to MySQL server for #3)
radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
logging: Permission denied
  (rlm_sql_mysql: Starting connect to MySQL server for #4)
radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
logging: Permission denied
  (Failed creating PID file /usr/local/fnmt/var/run/radiusd/radiusd.pid:
Permission denied
)
radiusd
Please suggest me.

Regards,
Ramesh.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius server not starting!

2009-04-10 Thread ramesh p

I'm using radius version 1.1.6

On Fri, Apr 10, 2009 at 4:44 PM, ramesh p rock786...@gmail.com wrote:

 [r...@localhost log]# /usr/local/fnmt/etc/init.d/radiusd start
 Starting FreeRADIUS:Fri Apr 10 05:52:13 2009 : Info: Starting - reading
 configuration files ...
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_exec: Wait=yes but no output defined. Did you mean output=none?)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and
 linked)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql (sql): Attempting to connect to rad...@localhost:/LWT)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql_mysql: Starting connect to MySQL server for #0)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql_mysql: Starting connect to MySQL server for #1)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql_mysql: Starting connect to MySQL server for #2)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql_mysql: Starting connect to MySQL server for #3)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql_mysql: Starting connect to MySQL server for #4)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (Failed creating PID file /usr/local/fnmt/var/run/radiusd/radiusd.pid:
 Permission denied
 )
 radiusd
 Please suggest me.

 Regards,
 Ramesh.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius server not starting!

2009-04-10 Thread Волошин Вячеслав

Disable SELinux.
  - Original Message - 
  From: ramesh p 
  To: FreeRadius users mailing list 
  Sent: Friday, April 10, 2009 3:14 PM
  Subject: Freeradius server not starting!

  [r...@localhost log]# /usr/local/fnmt/etc/init.d/radiusd start
  Starting FreeRADIUS:Fri Apr 10 05:52:13 2009 : Info: Starting - reading 
configuration files ...
  radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: 
Permission denied
(rlm_exec: Wait=yes but no output defined. Did you mean output=none?)
  radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: 
Permission denied
(rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and 
linked)
  radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: 
Permission denied
(rlm_sql (sql): Attempting to connect to rad...@localhost:/LWT)
  radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: 
Permission denied
(rlm_sql_mysql: Starting connect to MySQL server for #0)
  radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: 
Permission denied
(rlm_sql_mysql: Starting connect to MySQL server for #1)
  radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: 
Permission denied
(rlm_sql_mysql: Starting connect to MySQL server for #2)
  radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: 
Permission denied
(rlm_sql_mysql: Starting connect to MySQL server for #3)
  radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: 
Permission denied
(rlm_sql_mysql: Starting connect to MySQL server for #4)
  radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: 
Permission denied
(Failed creating PID file /usr/local/fnmt/var/run/radiusd/radiusd.pid: 
Permission denied
  )
  radiusd

  Please suggest me.

  Regards,
  Ramesh.

--

  -
  List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius server not starting!

2009-04-10 Thread ramesh p

Already it's in disable state.
[r...@localhost raddb]# more /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#   enforcing - SELinux security policy is enforced.
#   permissive - SELinux prints warnings instead of enforcing.
#   disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
#   targeted - Only targeted network daemons are protected.
#   strict - Full SELinux protection.
SELINUXTYPE=targeted


2009/4/10 Волошин Вячеслав volos...@maks.net

  Disable SELinux.

 - Original Message -
 *From:* ramesh p rock786...@gmail.com
 *To:* FreeRadius users mailing listfreeradius-users@lists.freeradius.org
 *Sent:* Friday, April 10, 2009 3:14 PM
 *Subject:* Freeradius server not starting!

 [r...@localhost log]# /usr/local/fnmt/etc/init.d/radiusd start
 Starting FreeRADIUS:Fri Apr 10 05:52:13 2009 : Info: Starting - reading
 configuration files ...
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_exec: Wait=yes but no output defined. Did you mean output=none?)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and
 linked)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql (sql): Attempting to connect to rad...@localhost:/LWT)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql_mysql: Starting connect to MySQL server for #0)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql_mysql: Starting connect to MySQL server for #1)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql_mysql: Starting connect to MySQL server for #2)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql_mysql: Starting connect to MySQL server for #3)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql_mysql: Starting connect to MySQL server for #4)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (Failed creating PID file /usr/local/fnmt/var/run/radiusd/radiusd.pid:
 Permission denied
 )
 radiusd
 Please suggest me.

 Regards,
 Ramesh.

 --

 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html


 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius server not starting!

2009-04-10 Thread Волошин Вячеслав

Hmm, what the linux u use? or u use Sun OS?
pach /usr/local/fnmt/var/log/radius/radius.log  is non-standard, this directory 
exist? Can u create file in?
  - Original Message - 
  From: ramesh p 
  To: FreeRadius users mailing list 
  Sent: Friday, April 10, 2009 3:25 PM
  Subject: Re: Freeradius server not starting!

  Already it's in disable state.
  [r...@localhost raddb]# more /etc/sysconfig/selinux
  # This file controls the state of SELinux on the system.
  # SELINUX= can take one of these three values:
  #   enforcing - SELinux security policy is enforced.
  #   permissive - SELinux prints warnings instead of enforcing.
  #   disabled - SELinux is fully disabled.
  SELINUX=disabled
  # SELINUXTYPE= type of policy in use. Possible values are:
  #   targeted - Only targeted network daemons are protected.
  #   strict - Full SELinux protection.
  SELINUXTYPE=targeted

  2009/4/10 Волошин Вячеслав volos...@maks.net

Disable SELinux.
  - Original Message - 
  From: ramesh p 
  To: FreeRadius users mailing list 
  Sent: Friday, April 10, 2009 3:14 PM
  Subject: Freeradius server not starting!

  [r...@localhost log]# /usr/local/fnmt/etc/init.d/radiusd start
  Starting FreeRADIUS:Fri Apr 10 05:52:13 2009 : Info: Starting - reading 
configuration files ...
  radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for 
logging: Permission denied
(rlm_exec: Wait=yes but no output defined. Did you mean output=none?)
  radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for 
logging: Permission denied
(rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and 
linked)
  radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for 
logging: Permission denied
(rlm_sql (sql): Attempting to connect to rad...@localhost:/LWT)
  radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for 
logging: Permission denied
(rlm_sql_mysql: Starting connect to MySQL server for #0)
  radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for 
logging: Permission denied
(rlm_sql_mysql: Starting connect to MySQL server for #1)
  radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for 
logging: Permission denied
(rlm_sql_mysql: Starting connect to MySQL server for #2)
  radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for 
logging: Permission denied
(rlm_sql_mysql: Starting connect to MySQL server for #3)
  radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for 
logging: Permission denied
(rlm_sql_mysql: Starting connect to MySQL server for #4)
  radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for 
logging: Permission denied
(Failed creating PID file /usr/local/fnmt/var/run/radiusd/radiusd.pid: 
Permission denied
  )
  radiusd

  Please suggest me.

  Regards,
  Ramesh.

--

  -
  List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html

--

  -
  List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius server not starting!

2009-04-10 Thread ramesh p

Linux localhost.localdomain 2.6.9-42.ELsmp #1  i686 i686 i386 GNU/Linux

The file(/usr/local/fnmt/var/log/radius/radius.log) exists.

2009/4/10 Волошин Вячеслав volos...@maks.net

  Hmm, what the linux u use? or u use Sun OS?
 pach /usr/local/fnmt/var/log/radius/radius.log  is non-standard, this
 directory exist? Can u create file in?

 - Original Message -
 *From:* ramesh p rock786...@gmail.com
 *To:* FreeRadius users mailing listfreeradius-users@lists.freeradius.org
 *Sent:* Friday, April 10, 2009 3:25 PM
 *Subject:* Re: Freeradius server not starting!

 Already it's in disable state.
 [r...@localhost raddb]# more /etc/sysconfig/selinux
 # This file controls the state of SELinux on the system.
 # SELINUX= can take one of these three values:
 #   enforcing - SELinux security policy is enforced.
 #   permissive - SELinux prints warnings instead of enforcing.
 #   disabled - SELinux is fully disabled.
 SELINUX=disabled
 # SELINUXTYPE= type of policy in use. Possible values are:
 #   targeted - Only targeted network daemons are protected.
 #   strict - Full SELinux protection.
 SELINUXTYPE=targeted


 2009/4/10 Волошин Вячеслав volos...@maks.net

  Disable SELinux.

   - Original Message -
 *From:* ramesh p rock786...@gmail.com
 *To:* FreeRadius users mailing listfreeradius-users@lists.freeradius.org
 *Sent:* Friday, April 10, 2009 3:14 PM
 *Subject:* Freeradius server not starting!

 [r...@localhost log]# /usr/local/fnmt/etc/init.d/radiusd start
 Starting FreeRADIUS:Fri Apr 10 05:52:13 2009 : Info: Starting - reading
 configuration files ...
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_exec: Wait=yes but no output defined. Did you mean output=none?)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and
 linked)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql (sql): Attempting to connect to rad...@localhost:/LWT)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql_mysql: Starting connect to MySQL server for #0)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql_mysql: Starting connect to MySQL server for #1)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql_mysql: Starting connect to MySQL server for #2)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql_mysql: Starting connect to MySQL server for #3)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql_mysql: Starting connect to MySQL server for #4)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (Failed creating PID file /usr/local/fnmt/var/run/radiusd/radiusd.pid:
 Permission denied
 )
 radiusd
 Please suggest me.

 Regards,
 Ramesh.

 --

 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html


 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html


  --

 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html


 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius server not starting!

2009-04-10 Thread Волошин Вячеслав

set pach /usr/local/fnmt/var/log/radius/ group owner radiusd, and give write 
and read access for group. check this into user radiusd.

  - Original Message - 
  From: Волошин Вячеслав 
  To: FreeRadius users mailing list 
  Sent: Friday, April 10, 2009 3:31 PM
  Subject: Re: Freeradius server not starting!

  Hmm, what the linux u use? or u use Sun OS?
  pach /usr/local/fnmt/var/log/radius/radius.log  is non-standard, this 
directory exist? Can u create file in?
- Original Message - 
From: ramesh p 
To: FreeRadius users mailing list 
Sent: Friday, April 10, 2009 3:25 PM
Subject: Re: Freeradius server not starting!

Already it's in disable state.
[r...@localhost raddb]# more /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#   enforcing - SELinux security policy is enforced.
#   permissive - SELinux prints warnings instead of enforcing.
#   disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
#   targeted - Only targeted network daemons are protected.
#   strict - Full SELinux protection.
SELINUXTYPE=targeted

2009/4/10 Волошин Вячеслав volos...@maks.net

  Disable SELinux.
- Original Message - 
From: ramesh p 
To: FreeRadius users mailing list 
Sent: Friday, April 10, 2009 3:14 PM
Subject: Freeradius server not starting!

[r...@localhost log]# /usr/local/fnmt/etc/init.d/radiusd start
Starting FreeRADIUS:Fri Apr 10 05:52:13 2009 : Info: Starting - reading 
configuration files ...
radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for 
logging: Permission denied
  (rlm_exec: Wait=yes but no output defined. Did you mean output=none?)
radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for 
logging: Permission denied
  (rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded 
and linked)
radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for 
logging: Permission denied
  (rlm_sql (sql): Attempting to connect to rad...@localhost:/LWT)
radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for 
logging: Permission denied
  (rlm_sql_mysql: Starting connect to MySQL server for #0)
radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for 
logging: Permission denied
  (rlm_sql_mysql: Starting connect to MySQL server for #1)
radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for 
logging: Permission denied
  (rlm_sql_mysql: Starting connect to MySQL server for #2)
radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for 
logging: Permission denied
  (rlm_sql_mysql: Starting connect to MySQL server for #3)
radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for 
logging: Permission denied
  (rlm_sql_mysql: Starting connect to MySQL server for #4)
radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for 
logging: Permission denied
  (Failed creating PID file 
/usr/local/fnmt/var/run/radiusd/radiusd.pid: Permission denied
)
radiusd

Please suggest me.

Regards,
Ramesh.

-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html

  -
  List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html

--

  -
  List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: LDAP with fallback on local authentication?

2009-04-10 Thread Justin Steward

On Fri, Apr 10, 2009 at 7:32 PM, Alan DeKok al...@deployingradius.comwrote:

 Justin Steward wrote:
  Thanks for the reply. Since SQL modules can't go in authenticate, this
  would have to be in authorize, yes? How then, would I get the reply
  attributes out of the SQL database? Or am I misunderstanding something?

   Maybe you could describe exactly what you want to do.


I want to return some radius reply attributes from an SQL database, check
the user's password against an openLDAP server (maybe a Windows Server
running AD at some point in the future), and if possible fall back against a
password stored in a MySQL database. (Though this password may not always be
entirely up to date, so it's only for if the user either doesn't exist in
the directory or the LDAP server is temporarily unavailable)

~Justin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius server not starting!

2009-04-10 Thread ramesh p

[r...@localhost data]# ls -ltr /usr/local/fnmt/var/log/radius
total 16
drwx--  2 root root 4096 Apr 28  2007 radacct
-rwxr-xr-x  1 root root 8298 Apr 10 06:43 radius.log


2009/4/10 Волошин Вячеслав volos...@maks.net

  set pach /usr/local/fnmt/var/log/radius/ group owner radiusd, and give
 write and read access for group. check this into user radiusd.


 - Original Message -
 *From:* Волошин Вячеслав volos...@maks.net
 *To:* FreeRadius users mailing listfreeradius-users@lists.freeradius.org
 *Sent:* Friday, April 10, 2009 3:31 PM
 *Subject:* Re: Freeradius server not starting!

 Hmm, what the linux u use? or u use Sun OS?
 pach /usr/local/fnmt/var/log/radius/radius.log  is non-standard, this
 directory exist? Can u create file in?

 - Original Message -
 *From:* ramesh p rock786...@gmail.com
 *To:* FreeRadius users mailing listfreeradius-users@lists.freeradius.org
 *Sent:* Friday, April 10, 2009 3:25 PM
 *Subject:* Re: Freeradius server not starting!

 Already it's in disable state.
 [r...@localhost raddb]# more /etc/sysconfig/selinux
 # This file controls the state of SELinux on the system.
 # SELINUX= can take one of these three values:
 #   enforcing - SELinux security policy is enforced.
 #   permissive - SELinux prints warnings instead of enforcing.
 #   disabled - SELinux is fully disabled.
 SELINUX=disabled
 # SELINUXTYPE= type of policy in use. Possible values are:
 #   targeted - Only targeted network daemons are protected.
 #   strict - Full SELinux protection.
 SELINUXTYPE=targeted


 2009/4/10 Волошин Вячеслав volos...@maks.net

  Disable SELinux.

   - Original Message -
 *From:* ramesh p rock786...@gmail.com
 *To:* FreeRadius users mailing listfreeradius-users@lists.freeradius.org
 *Sent:* Friday, April 10, 2009 3:14 PM
 *Subject:* Freeradius server not starting!

 [r...@localhost log]# /usr/local/fnmt/etc/init.d/radiusd start
 Starting FreeRADIUS:Fri Apr 10 05:52:13 2009 : Info: Starting - reading
 configuration files ...
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_exec: Wait=yes but no output defined. Did you mean output=none?)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and
 linked)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql (sql): Attempting to connect to rad...@localhost:/LWT)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql_mysql: Starting connect to MySQL server for #0)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql_mysql: Starting connect to MySQL server for #1)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql_mysql: Starting connect to MySQL server for #2)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql_mysql: Starting connect to MySQL server for #3)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql_mysql: Starting connect to MySQL server for #4)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (Failed creating PID file /usr/local/fnmt/var/run/radiusd/radiusd.pid:
 Permission denied
 )
 radiusd
 Please suggest me.

 Regards,
 Ramesh.

 --

 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html


 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html


  --

 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html

  --

 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html


 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius server not starting!

2009-04-10 Thread ramesh p

ls -ltr /usr/local/fnmt/var/log/
drwxr-xr-x  3 nobody root 4096 Jun 15  2007 radius
Thanks,
Ramesh.

2009/4/10 ramesh p rock786...@gmail.com

 [r...@localhost data]# ls -ltr /usr/local/fnmt/var/log/radius
 total 16
 drwx--  2 root root 4096 Apr 28  2007 radacct
 -rwxr-xr-x  1 root root 8298 Apr 10 06:43 radius.log



 2009/4/10 Волошин Вячеслав volos...@maks.net

  set pach /usr/local/fnmt/var/log/radius/ group owner radiusd, and give
 write and read access for group. check this into user radiusd.


 - Original Message -
  *From:* Волошин Вячеслав volos...@maks.net
 *To:* FreeRadius users mailing listfreeradius-users@lists.freeradius.org
  *Sent:* Friday, April 10, 2009 3:31 PM
 *Subject:* Re: Freeradius server not starting!

 Hmm, what the linux u use? or u use Sun OS?
 pach /usr/local/fnmt/var/log/radius/radius.log  is non-standard, this
 directory exist? Can u create file in?

 - Original Message -
  *From:* ramesh p rock786...@gmail.com
 *To:* FreeRadius users mailing listfreeradius-users@lists.freeradius.org
 *Sent:* Friday, April 10, 2009 3:25 PM
 *Subject:* Re: Freeradius server not starting!

 Already it's in disable state.
 [r...@localhost raddb]# more /etc/sysconfig/selinux
 # This file controls the state of SELinux on the system.
 # SELINUX= can take one of these three values:
 #   enforcing - SELinux security policy is enforced.
 #   permissive - SELinux prints warnings instead of enforcing.
 #   disabled - SELinux is fully disabled.
 SELINUX=disabled
 # SELINUXTYPE= type of policy in use. Possible values are:
 #   targeted - Only targeted network daemons are protected.
 #   strict - Full SELinux protection.
 SELINUXTYPE=targeted


 2009/4/10 Волошин Вячеслав volos...@maks.net

  Disable SELinux.

   - Original Message -
  *From:* ramesh p rock786...@gmail.com
 *To:* FreeRadius users mailing listfreeradius-users@lists.freeradius.org
 *Sent:* Friday, April 10, 2009 3:14 PM
 *Subject:* Freeradius server not starting!

 [r...@localhost log]# /usr/local/fnmt/etc/init.d/radiusd start
 Starting FreeRADIUS:Fri Apr 10 05:52:13 2009 : Info: Starting - reading
 configuration files ...
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_exec: Wait=yes but no output defined. Did you mean output=none?)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and
 linked)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql (sql): Attempting to connect to rad...@localhost:/LWT)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql_mysql: Starting connect to MySQL server for #0)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql_mysql: Starting connect to MySQL server for #1)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql_mysql: Starting connect to MySQL server for #2)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql_mysql: Starting connect to MySQL server for #3)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql_mysql: Starting connect to MySQL server for #4)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (Failed creating PID file /usr/local/fnmt/var/run/radiusd/radiusd.pid:
 Permission denied
 )
 radiusd
 Please suggest me.

 Regards,
 Ramesh.

 --

 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html


 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html


  --

 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html

  --

 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html


 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius server not starting!

2009-04-10 Thread Волошин Вячеслав

[r...@bill etc]# [r...@bill radius]# ls -ltr
total 12
drwxr-xr-x 3 radiusd radiusd 4096 Mar 19 16:41 radacct
-rw-r- 1 radiusd radiusd  111 Apr 10 15:37 radius.log

set this.

  - Original Message - 
  From: ramesh p 
  To: FreeRadius users mailing list 
  Sent: Friday, April 10, 2009 4:08 PM
  Subject: Re: Freeradius server not starting!

  [r...@localhost data]# ls -ltr /usr/local/fnmt/var/log/radius
  total 16
  drwx--  2 root root 4096 Apr 28  2007 radacct
  -rwxr-xr-x  1 root root 8298 Apr 10 06:43 radius.log

  2009/4/10 Волошин Вячеслав volos...@maks.net

set pach /usr/local/fnmt/var/log/radius/ group owner radiusd, and give 
write and read access for group. check this into user radiusd.

  - Original Message - 
  From: Волошин Вячеслав 
  To: FreeRadius users mailing list 
  Sent: Friday, April 10, 2009 3:31 PM
  Subject: Re: Freeradius server not starting!

  Hmm, what the linux u use? or u use Sun OS?
  pach /usr/local/fnmt/var/log/radius/radius.log  is non-standard, this 
directory exist? Can u create file in?
- Original Message - 
From: ramesh p 
To: FreeRadius users mailing list 
Sent: Friday, April 10, 2009 3:25 PM
Subject: Re: Freeradius server not starting!

Already it's in disable state.
[r...@localhost raddb]# more /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#   enforcing - SELinux security policy is enforced.
#   permissive - SELinux prints warnings instead of enforcing.
#   disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
#   targeted - Only targeted network daemons are protected.
#   strict - Full SELinux protection.
SELINUXTYPE=targeted

2009/4/10 Волошин Вячеслав volos...@maks.net

  Disable SELinux.
- Original Message - 
From: ramesh p 
To: FreeRadius users mailing list 
Sent: Friday, April 10, 2009 3:14 PM
Subject: Freeradius server not starting!

[r...@localhost log]# /usr/local/fnmt/etc/init.d/radiusd start
Starting FreeRADIUS:Fri Apr 10 05:52:13 2009 : Info: Starting - 
reading configuration files ...
radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log 
for logging: Permission denied
  (rlm_exec: Wait=yes but no output defined. Did you mean 
output=none?)
radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log 
for logging: Permission denied
  (rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) 
loaded and linked)
radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log 
for logging: Permission denied
  (rlm_sql (sql): Attempting to connect to rad...@localhost:/LWT)
radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log 
for logging: Permission denied
  (rlm_sql_mysql: Starting connect to MySQL server for #0)
radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log 
for logging: Permission denied
  (rlm_sql_mysql: Starting connect to MySQL server for #1)
radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log 
for logging: Permission denied
  (rlm_sql_mysql: Starting connect to MySQL server for #2)
radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log 
for logging: Permission denied
  (rlm_sql_mysql: Starting connect to MySQL server for #3)
radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log 
for logging: Permission denied
  (rlm_sql_mysql: Starting connect to MySQL server for #4)
radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log 
for logging: Permission denied
  (Failed creating PID file 
/usr/local/fnmt/var/run/radiusd/radiusd.pid: Permission denied
)
radiusd

Please suggest me.

Regards,
Ramesh.

-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html

  -
  List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html

--

  -
  List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html

Re: Sending Access-Challenge

2009-04-10 Thread Alan DeKok

Laszlo Fekete wrote:
 So I want a radius server to wifi auth with eap-ttls/peap, ldap and not
 plain-text passwords. I downloaded 2.1.4 source and create debian
 package without modification, do some basic configuration and testing,
 radtest from local is fine, but radeapclient eap-md5 testing fail.

  Don't use radeapclient.  See my web page for instructions on setting
up EAP:

http://deployingradius.com

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius server not starting!

2009-04-10 Thread ramesh p

now its giving like this...

[r...@localhost init.d]# /usr/local/fnmt/etc/init.d/radiusd start
Starting FreeRADIUS:Fri Apr 10 07:15:32 2009 : Info: Starting - reading
configuration files ...
radiusd

# ps -eaf|grep radiusd
root  4412 31100  0 07:15 pts/000:00:00 grep radius

No pid created.

Why? want is going wrong?

2009/4/10 Волошин Вячеслав volos...@maks.net

  [r...@bill etc]# [r...@bill radius]# ls -ltr
 total 12
 drwxr-xr-x 3 radiusd radiusd 4096 Mar 19 16:41 radacct
 -rw-r- 1 radiusd radiusd  111 Apr 10 15:37 radius.log
 set this.


 - Original Message -
 *From:* ramesh p rock786...@gmail.com
 *To:* FreeRadius users mailing listfreeradius-users@lists.freeradius.org
 *Sent:* Friday, April 10, 2009 4:08 PM
 *Subject:* Re: Freeradius server not starting!

 [r...@localhost data]# ls -ltr /usr/local/fnmt/var/log/radius
 total 16
 drwx--  2 root root 4096 Apr 28  2007 radacct
 -rwxr-xr-x  1 root root 8298 Apr 10 06:43 radius.log


 2009/4/10 Волошин Вячеслав volos...@maks.net

  set pach /usr/local/fnmt/var/log/radius/ group owner radiusd, and give
 write and read access for group. check this into user radiusd.


  - Original Message -
 *From:* Волошин Вячеслав volos...@maks.net
 *To:* FreeRadius users mailing listfreeradius-users@lists.freeradius.org
   *Sent:* Friday, April 10, 2009 3:31 PM
 *Subject:* Re: Freeradius server not starting!

 Hmm, what the linux u use? or u use Sun OS?
 pach /usr/local/fnmt/var/log/radius/radius.log  is non-standard, this
 directory exist? Can u create file in?

 - Original Message -
 *From:* ramesh p rock786...@gmail.com
 *To:* FreeRadius users mailing listfreeradius-users@lists.freeradius.org
 *Sent:* Friday, April 10, 2009 3:25 PM
 *Subject:* Re: Freeradius server not starting!

 Already it's in disable state.
 [r...@localhost raddb]# more /etc/sysconfig/selinux
 # This file controls the state of SELinux on the system.
 # SELINUX= can take one of these three values:
 #   enforcing - SELinux security policy is enforced.
 #   permissive - SELinux prints warnings instead of enforcing.
 #   disabled - SELinux is fully disabled.
 SELINUX=disabled
 # SELINUXTYPE= type of policy in use. Possible values are:
 #   targeted - Only targeted network daemons are protected.
 #   strict - Full SELinux protection.
 SELINUXTYPE=targeted


 2009/4/10 Волошин Вячеслав volos...@maks.net

  Disable SELinux.

   - Original Message -
 *From:* ramesh p rock786...@gmail.com
 *To:* FreeRadius users mailing listfreeradius-users@lists.freeradius.org
 *Sent:* Friday, April 10, 2009 3:14 PM
 *Subject:* Freeradius server not starting!

 [r...@localhost log]# /usr/local/fnmt/etc/init.d/radiusd start
 Starting FreeRADIUS:Fri Apr 10 05:52:13 2009 : Info: Starting - reading
 configuration files ...
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_exec: Wait=yes but no output defined. Did you mean output=none?)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and
 linked)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql (sql): Attempting to connect to rad...@localhost:/LWT)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql_mysql: Starting connect to MySQL server for #0)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql_mysql: Starting connect to MySQL server for #1)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql_mysql: Starting connect to MySQL server for #2)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql_mysql: Starting connect to MySQL server for #3)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (rlm_sql_mysql: Starting connect to MySQL server for #4)
 radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for
 logging: Permission denied
   (Failed creating PID file /usr/local/fnmt/var/run/radiusd/radiusd.pid:
 Permission denied
 )
 radiusd
 Please suggest me.

 Regards,
 Ramesh.

 --

 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html


 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html


  --

 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html

  --

 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html


 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html


  --

 -
 List info/subscribe/unsubscribe? See

Re: Freeradius server not starting!

2009-04-10 Thread A . L . M . Buxey

Hi,
 now its giving like this...
 
 [r...@localhost init.d]# /usr/local/fnmt/etc/init.d/radiusd start
 Starting FreeRADIUS:Fri Apr 10 07:15:32 2009 : Info: Starting - reading
 configuration files ...
 radiusd
 
 # ps -eaf|grep radiusd
 root  4412 31100  0 07:15 pts/000:00:00 grep radius
 
 No pid created.
 
 Why? want is going wrong?

because of the _other_ error that was in your previous messages:

(Failed creating PID file /usr/local/fnmt/var/run/radiusd/radiusd.pid: 
Permission denied)

make sure that you have a  /usr/local/fnmt/var/run/radiusd directory
and that it is writable etc by the 'radiusd' user

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius server not starting!

2009-04-10 Thread ramesh p

Now i have given the permissions to radiusd directory
(usr/local/fnmt/var/run/

 radiusd/)

It's working fine. Thank you all.
Regards,
Ramesh.


On Fri, Apr 10, 2009 at 6:40 PM, a.l.m.bu...@lboro.ac.uk wrote:

 Hi,
  now its giving like this...
 
  [r...@localhost init.d]# /usr/local/fnmt/etc/init.d/radiusd start
  Starting FreeRADIUS:Fri Apr 10 07:15:32 2009 : Info: Starting - reading
  configuration files ...
  radiusd
 
  # ps -eaf|grep radiusd
  root  4412 31100  0 07:15 pts/000:00:00 grep radius
 
  No pid created.
 
  Why? want is going wrong?

 because of the _other_ error that was in your previous messages:

 (Failed creating PID file /usr/local/fnmt/var/run/radiusd/radiusd.pid:
 Permission denied)

 make sure that you have a  /usr/local/fnmt/var/run/radiusd directory
 and that it is writable etc by the 'radiusd' user

 alan
 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius server not starting!

2009-04-10 Thread Волошин Вячеслав

Failed creating PID file /usr/local/fnmt/var/run/radiusd/radiusd.pid: 
Permission denied

set this:
[r...@bill ~]# ls -ltr /var/run/radiusd
total 4
srw-rw 1 rootradiusd 0 Apr 10 17:26 radiusd.sock
-rw-r--r-- 1 radiusd radiusd 6 Apr 10 17:26 radiusd.pid

in your file /usr/local/fnmt/var/run/radiusd/radiusd.pid

Log file created?


  - Original Message - 
  From: ramesh p 
  To: FreeRadius users mailing list 
  Sent: Friday, April 10, 2009 4:37 PM
  Subject: Re: Freeradius server not starting!


  now its giving like this...

  [r...@localhost init.d]# /usr/local/fnmt/etc/init.d/radiusd start
  Starting FreeRADIUS:Fri Apr 10 07:15:32 2009 : Info: Starting - reading 
configuration files ...
  radiusd

  # ps -eaf|grep radiusd 
  root  4412 31100  0 07:15 pts/000:00:00 grep radius

  No pid created.

  Why? want is going wrong?


  2009/4/10 Волошин Вячеслав volos...@maks.net

[r...@bill etc]# [r...@bill radius]# ls -ltr
total 12
drwxr-xr-x 3 radiusd radiusd 4096 Mar 19 16:41 radacct
-rw-r- 1 radiusd radiusd  111 Apr 10 15:37 radius.log

set this.

  - Original Message - 
  From: ramesh p 
  To: FreeRadius users mailing list 
  Sent: Friday, April 10, 2009 4:08 PM
  Subject: Re: Freeradius server not starting!


  [r...@localhost data]# ls -ltr /usr/local/fnmt/var/log/radius
  total 16
  drwx--  2 root root 4096 Apr 28  2007 radacct
  -rwxr-xr-x  1 root root 8298 Apr 10 06:43 radius.log



  2009/4/10 Волошин Вячеслав volos...@maks.net

set pach /usr/local/fnmt/var/log/radius/ group owner radiusd, and 
give write and read access for group. check this into user radiusd.

  - Original Message - 
  From: Волошин Вячеслав 
  To: FreeRadius users mailing list 
  Sent: Friday, April 10, 2009 3:31 PM
  Subject: Re: Freeradius server not starting!


  Hmm, what the linux u use? or u use Sun OS?
  pach /usr/local/fnmt/var/log/radius/radius.log  is non-standard, this 
directory exist? Can u create file in?
- Original Message - 
From: ramesh p 
To: FreeRadius users mailing list 
Sent: Friday, April 10, 2009 3:25 PM
Subject: Re: Freeradius server not starting!


Already it's in disable state.
[r...@localhost raddb]# more /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#   enforcing - SELinux security policy is enforced.
#   permissive - SELinux prints warnings instead of enforcing.
#   disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
#   targeted - Only targeted network daemons are protected.
#   strict - Full SELinux protection.
SELINUXTYPE=targeted



2009/4/10 Волошин Вячеслав volos...@maks.net

  Disable SELinux.
- Original Message - 
From: ramesh p 
To: FreeRadius users mailing list 
Sent: Friday, April 10, 2009 3:14 PM
Subject: Freeradius server not starting!


[r...@localhost log]# /usr/local/fnmt/etc/init.d/radiusd start
Starting FreeRADIUS:Fri Apr 10 05:52:13 2009 : Info: Starting - 
reading configuration files ...
radiusd: Couldn't open 
/usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied
  (rlm_exec: Wait=yes but no output defined. Did you mean 
output=none?)
radiusd: Couldn't open 
/usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied
  (rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) 
loaded and linked)
radiusd: Couldn't open 
/usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied
  (rlm_sql (sql): Attempting to connect to 
rad...@localhost:/LWT)
radiusd: Couldn't open 
/usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied
  (rlm_sql_mysql: Starting connect to MySQL server for #0)
radiusd: Couldn't open 
/usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied
  (rlm_sql_mysql: Starting connect to MySQL server for #1)
radiusd: Couldn't open 
/usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied
  (rlm_sql_mysql: Starting connect to MySQL server for #2)
radiusd: Couldn't open 
/usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied
  (rlm_sql_mysql: Starting connect to MySQL server for #3)
radiusd: Couldn't open 
/usr/local/fnmt/var/log/radius/radius.log for

Re: LDAP with fallback on local authentication?

2009-04-10 Thread Alan DeKok

Justin Steward wrote:
 I want to return some radius reply attributes from an SQL database,
 check the user's password against an openLDAP server 

 As I said... LDAP isn't an authentication protocol.

 (maybe a Windows
 Server running AD at some point in the future), and if possible fall
 back against a password stored in a MySQL database. (Though this
 password may not always be entirely up to date, so it's only for if the
 user either doesn't exist in the directory or the LDAP server is
 temporarily unavailable)

  Why not let FreeRADIUS do authentication, as I suggested?  Have the
LDAP module pull the password from LDAP.  Then, do MySQL.

authorize {
...
ldap
if (notfound | fail) {
sql
}
...
}

 That does *exactly* what you suggested above.  But the last time I
suggested that solution, you said you *also* wanted to get reply
attributes from MySQL... apparently, even for the users that were found
in LDAP.

  So which is it?

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Sending Access-Challenge

2009-04-10 Thread Laszlo Fekete

Alan DeKok wrote:

   Don't use radeapclient.  See my web page for instructions on setting
 up EAP:

   http://deployingradius.com
   

I tried the eapol_test from the web page (
http://deployingradius.com/scripts/eapol_test/ ).

With Eap-ttls pap/chap/ms-chap said success:

RADIUS packet matching with station
MS-MPPE-Send-Key (sign) - hexdump(len=32): f6 97 5f 08 83 c3 6f 4d db 4b
85 d9 9a 1b 89 b6 6a 93 3e 49 39 bc 5e 2b fc 43 4f b8 d7 35 c5 2a
MS-MPPE-Recv-Key (crypt) - hexdump(len=32): 5d 56 b2 09 50 c8 ae 7d c0
b4 f3 3f e1 92 a0 6c 9b fe c6 51 b5 a9 3a d3 39 38 70 d2 76 c2 8b 73
decapsulated EAP packet (code=3 id=6 len=4) from RADIUS server: EAP Success
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Success
EAP: EAP entering state SUCCESS
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
EAPOL: IEEE 802.1X for plaintext connection; no EAPOL-Key frames required
WPA: EAPOL processing complete
EAPOL: SUPP_PAE entering state AUTHENTICATED
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state SUCCESS
EAPOL: SUPP_BE entering state IDLE
eapol_sm_cb: success=1
EAPOL: Successfully fetched key (len=32)
PMK from EAPOL - hexdump(len=32): 5d 56 b2 09 50 c8 ae 7d c0 b4 f3 3f e1
92 a0 6c 9b fe c6 51 b5 a9 3a d3 39 38 70 d2 76 c2 8b 73
EAP: deinitialize previously used EAP method (21, TTLS) at EAP deinit
ENGINE: engine deinit
MPPE keys OK: 1  mismatch: 0
SUCCESS

But when I try with eap-ttls eap-md5/eap-mschapv2, eap-peap eap-mschapv2
it fails:

RADIUS packet matching with station
decapsulated EAP packet (code=4 id=8 len=4) from RADIUS server: EAP Failure
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Failure
EAP: EAP entering state FAILURE
CTRL-EVENT-EAP-FAILURE EAP authentication failed
EAPOL: SUPP_PAE entering state HELD
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_BE entering state IDLE
eapol_sm_cb: success=0
EAPOL: EAP key not available
EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit
ENGINE: engine deinit
MPPE keys OK: 0  mismatch: 1
FAILURE


If need I put the whole output, or if its easier pls tell where should I
search the problem?

Thank you:
blackluck



signature.asc
Description: OpenPGP digital signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Sending Access-Challenge

2009-04-10 Thread A . L . M . Buxey

Hi,

 But when I try with eap-ttls eap-md5/eap-mschapv2, eap-peap eap-mschapv2
 it fails:

PEAP works but TTLS fails - so, does your eap.conf have ttls configured?

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Sending Access-Challenge

2009-04-10 Thread Alan DeKok

  Do *not* CC me on messages sent to the list.  In case you hadn't
noticed, I already read the list.

  And do *not* set return receipt requested.  It's rude, and it causes
me to be biased against people who use it.

Laszlo Fekete wrote:
...
 But when I try with eap-ttls eap-md5/eap-mschapv2, eap-peap eap-mschapv2
 it fails:

  Is there any reason you're not looking at the debugging output of the
server, as suggested in the FAQ, README, INSTALL, man page, and daily
on this list?

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

freeradius crashes if can not connect to mysql

2009-04-10 Thread Oguzhan Kayhan

Hello,

I noticed that..if a network error or another connection problem occurs
between freeradius and mysql server, freeradius service just exits... And
sure service stops automatically.

Is there any way to give a timeout value or retry number for mysql in
freeradius configuration that prevents freeradius to exit abnormally in
that case..


Thanks..




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

freeradius-server-2.1.4 make fails

2009-04-10 Thread Thor Spruyt

Hi,

I'm trying to compile freeradius-server-2.1.4 on CentOS 4.6 32-bit

Configure command:
./configure --prefix=/opt/freeradius-2.1.4 --with-mysql --with-postgresql 
--with-openldap --without-snmp --without-openssl --without-krb5 --without-vmps

But make fails:
/home/thor/freeradius-server-2.1.4/libtool --mode=compile gcc  -g -O2 
-D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG 
-I/home/thor/freeradius-server-2.1.4/src -DHOSTINFO=\i686-pc-linux-gnu\ 
-DRADIUSD_VERSION=\2.1.5\  -DNO_OPENSSL  -c listen.c
 gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE 
-DNDEBUG -I/home/thor/freeradius-server-2.1.4/src 
-DHOSTINFO=\i686-pc-linux-gnu\ -DRADIUSD_VERSION=\2.1.5\ -DNO_OPENSSL -c 
listen.c  -fPIC -DPIC -o .libs/listen.o
listen.c: In function `client_listener_find':
listen.c:126: warning: passing arg 1 of pointer to function discards qualifiers 
from pointer target type
listen.c:206: warning: assignment discards qualifiers from pointer target type
In file included from listen.c:1053:
command.c: In function `command_show_client_config':
command.c:845: warning: passing arg 2 of `cf_section2file' discards qualifiers 
from pointer target type
listen.c: In function `listen_init':
listen.c:1795: error: `RAD_LISTEN_VQP' undeclared (first use in this function)
listen.c:1795: error: (Each undeclared identifier is reported only once
listen.c:1795: error: for each function it appears in.)
gmake[4]: *** [listen.lo] Error 1
gmake[4]: Leaving directory `/home/thor/freeradius-server-2.1.4/src/main'
gmake[3]: *** [common] Error 2
gmake[3]: Leaving directory `/home/thor/freeradius-server-2.1.4/src'
gmake[2]: *** [all] Error 2
gmake[2]: Leaving directory `/home/thor/freeradius-server-2.1.4/src'
gmake[1]: *** [common] Error 2
gmake[1]: Leaving directory `/home/thor/freeradius-server-2.1.4'
make: *** [all] Error 2

Any idea what's going wrong?

Regards,
Thor Spruyt




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius-server-2.1.4 make fails

2009-04-10 Thread A . L . M . Buxey

hi,

fixed in CVS IIRC - for now, enable vmps support and it'll compile

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Sending Access-Challenge

2009-04-10 Thread Laszlo Fekete

Alan DeKok wrote:

   Do *not* CC me on messages sent to the list.  In case you hadn't
 noticed, I already read the list.

   And do *not* set return receipt requested.  It's rude, and it causes
 me to be biased against people who use it.
   
Sorry, I will watching for this in the future.
 Laszlo Fekete wrote:
 ...
   
 But when I try with eap-ttls eap-md5/eap-mschapv2, eap-peap eap-mschapv2
 it fails:
 

   Is there any reason you're not looking at the debugging output of the
 server, as suggested in the FAQ, README, INSTALL, man page, and daily
 on this list?

   Alan DeKok.
   
True, sorry again!

And I found the problem, I turned off proxy earlier, because read:

#  The server has proxying turned on by default.  If your system is NOT
#  set up to proxy requests to another server, then you can turn proxying
#  off here.  This will save a small amount of resources on the server.


When turned on again proxy, succeded the eap-md5 and eap--mschapv2 auth.

Thank you,
blackluck


signature.asc
Description: OpenPGP digital signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius-server-2.1.4 make fails

2009-04-10 Thread Волошин Вячеслав


use this :
http://www.howtoforge.com/how-to-create-a-freeradius-2.1.1-6-rpm-package-on-centos-5.2

for your version freeradius, I m use this.

- Original Message - 
From: Thor Spruyt thor.spr...@telenet.be

To: freeradius-users@lists.freeradius.org
Sent: Friday, April 10, 2009 8:43 PM
Subject: freeradius-server-2.1.4 make fails



Hi,

I'm trying to compile freeradius-server-2.1.4 on CentOS 4.6 32-bit

Configure command:
./configure --prefix=/opt/freeradius-2.1.4 --with-mysql --with-postgresql  
--with-openldap --without-snmp --without-openssl --without-krb5 --without-vmps


But make fails:
/home/thor/freeradius-server-2.1.4/libtool --mode=compile 
gcc  -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG 
 -I/home/thor/freeradius-server-2.1.4/src -DHOSTINFO=\i686-pc-linux-gnu\ 
 -DRADIUSD_VERSION=\2.1.5\  -DNO_OPENSSL  -c listen.c
gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG 
 -I/home/thor/freeradius-server-2.1.4/src -DHOSTINFO=\i686-pc-linux-gnu\ 
 -DRADIUSD_VERSION=\2.1.5\ -DNO_OPENSSL -c listen.c  -fPIC -DPIC -o 
.libs/listen.o

listen.c: In function `client_listener_find':
listen.c:126: warning: passing arg 1 of pointer to function discards 
qualifiers from pointer target type
listen.c:206: warning: assignment discards qualifiers from pointer target 
type

In file included from listen.c:1053:
command.c: In function `command_show_client_config':
command.c:845: warning: passing arg 2 of `cf_section2file' discards 
qualifiers from pointer target type

listen.c: In function `listen_init':
listen.c:1795: error: `RAD_LISTEN_VQP' undeclared (first use in this 
function)

listen.c:1795: error: (Each undeclared identifier is reported only once
listen.c:1795: error: for each function it appears in.)
gmake[4]: *** [listen.lo] Error 1
gmake[4]: Leaving directory `/home/thor/freeradius-server-2.1.4/src/main'
gmake[3]: *** [common] Error 2
gmake[3]: Leaving directory `/home/thor/freeradius-server-2.1.4/src'
gmake[2]: *** [all] Error 2
gmake[2]: Leaving directory `/home/thor/freeradius-server-2.1.4/src'
gmake[1]: *** [common] Error 2
gmake[1]: Leaving directory `/home/thor/freeradius-server-2.1.4'
make: *** [all] Error 2

Any idea what's going wrong?

Regards,
Thor Spruyt




-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html 


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: LDAP with fallback on local authentication?

2009-04-10 Thread Justin Steward

On Fri, Apr 10, 2009 at 11:51 PM, Alan DeKok al...@deployingradius.comwrote:

 Justin Steward wrote:
  I want to return some radius reply attributes from an SQL database,
  check the user's password against an openLDAP server

  As I said... LDAP isn't an authentication protocol.

  (maybe a Windows
  Server running AD at some point in the future), and if possible fall
  back against a password stored in a MySQL database. (Though this
  password may not always be entirely up to date, so it's only for if the
  user either doesn't exist in the directory or the LDAP server is
  temporarily unavailable)

   Why not let FreeRADIUS do authentication, as I suggested?  Have the
 LDAP module pull the password from LDAP.  Then, do MySQL.

 authorize {
...
ldap
if (notfound | fail) {
sql
}
...
 }

  That does *exactly* what you suggested above.  But the last time I
 suggested that solution, you said you *also* wanted to get reply
 attributes from MySQL... apparently, even for the users that were found
 in LDAP.

  So which is it?


My apologies, I tend to let things slip when I send emails late at night.
Yes, I need to also send reply attributes from a MySQL database. The reason
for this is that the LDAP server is somewhat out of my control. I can't
store values for attributes there. Again, apologies for being unclear.


You've mentioned a few times that LDAP is not meant for authentication,
however the default config that ships with FreeRADIUS has LDAP in the
authentication section. Could you clear that up a little for me please? (or
point me to somewhere it's been cleared up before?)

~Justin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Trouble with Robust Proxy Accounting

Re: LDAP with fallback on local authentication?

Sending Access-Challenge

Freeradius server not starting!

Re: Freeradius server not starting!

Re: Freeradius server not starting!

Re: Freeradius server not starting!

Re: Freeradius server not starting!

Re: Freeradius server not starting!

Re: Freeradius server not starting!

Re: LDAP with fallback on local authentication?

Re: Freeradius server not starting!

Re: Freeradius server not starting!

Re: Freeradius server not starting!

Re: Sending Access-Challenge

Re: Freeradius server not starting!

Re: Freeradius server not starting!

Re: Freeradius server not starting!

Re: Freeradius server not starting!

Re: LDAP with fallback on local authentication?

Re: Sending Access-Challenge

Re: Sending Access-Challenge

Re: Sending Access-Challenge

freeradius crashes if can not connect to mysql

freeradius-server-2.1.4 make fails

Re: freeradius-server-2.1.4 make fails

Re: Sending Access-Challenge

Re: freeradius-server-2.1.4 make fails

Re: LDAP with fallback on local authentication?

29 matches

Site Navigation

Mail list logo

Footer information