RE: rlm_perl problems]

[Garber, Neal]

> Two perl instances running different perl scripts! I would suggest
> following instructions in doc/bugs to find out what is causing the
> segfault.

rlm_perl is acting very strangely on my 2.1.6 test system (beyond what 
I've already mentioned).  I have two instances of a script called
write_log_data.pl that are called in post_auth.  One instance is called
write_log_accept (post_auth = post_auth_accept) and the other is
write_log_reject (post_auth = post_auth_reject).  I have another
script called dumplists.pl that is not called in post_auth at all.  
When I was testing (trying to recreate SegFault), post_auth_accept
was calling dumplists.pl (I added subroutines post_auth_accept and
post_auth_reject to dumplists.pl and had them write msgs via
&radiusd::radlog).  I changed the message in dumplists.pl 
post_auth_accept and restarted.  Now rlm_perl properly called
script write_log_data.pl sub post_auth_accept - but output an
error that it couldn't find it.  So, it returned reject which
caused an attempt to call write_log_data sub post_auth_reject;
which also output an error saying it couldn't find it (undefined
subroutine as Igor and I described in previous msgs).

So, I took your advice above and rebuilt FR with symbols and ran
Under gdb.  But, I also decided to look back at the build output for rlm_perl.  
I believe the errors below are causing my problems (redundant
declarations coming from /usr/include).  I'm thinking it should be
using the perl version of the definitions as opposed to the version 
in /usr/include.  I'll test this theory..

I can post the FR debug and gdb output if someone thinks the errors
below are normal.

Igor: Can you rebuild FR and look at the output of rlm_perl on
your system to see if you see similar errors?

Here is the output from building rlm_perl on my system:

Making all in rlm_perl...
gmake[6]: Entering directory 
`/usr/ports/net/freeradius2/work/freeradius-server-2.1.6/src/modules/rlm_perl'
/usr/local/bin/libtool --mode=compile cc  -pipe -I/usr/local/include 
-L/usr/local/lib -DLDAP_DEPRECATED -pthread -Wall -D_GNU_SOURCE-g -Wshadow 
-Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes 
-Wmissing-prototypes -Wmissing-declarations-Wnested-externs -W 
-Wredundant-decls -Wundef 
-I/usr/ports/net/freeradius2/work/freeradius-server-2.1.6/src 
-I/usr/ports/net/freeradi   us2/work/freeradius-server-2.1.6/libltdl `perl 
-MExtUtils::Embed -e ccopts` -c rlm_perl.c
mkdir .libs
 cc -pipe -I/usr/local/include -L/usr/local/lib -DLDAP_DEPRECATED -pthread 
-Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qua   l -Wcast-align 
-Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations 
-Wnested-externs -W -Wredundant-decls-Wundef 
-I/usr/ports/net/freeradius2/work/freeradius-server-2.1.6/src 
-I/usr/ports/net/freeradius2/work/freeradius-server-2.1.6/liblt   dl 
-DAPPLLIB_EXP=\"/usr/local/lib/perl5/5.8.9/BSDPAN\" -DHAS_FPSETMASK 
-DHAS_FLOATINGPOINT_H -fno-strict-aliasing -pipe -I/usr/local/   include 
-I/usr/local/lib/perl5/5.8.9/mach/CORE -c rlm_perl.c  -fPIC -DPIC -o 
.libs/rlm_perl.o
In file included from rlm_perl.c:39:
/usr/local/lib/perl5/5.8.9/mach/CORE/perl.h:1207: warning: redundant 
redeclaration of 'strerror'
/usr/include/string.h:83: warning: previous declaration of 'strerror' was here
In file included from rlm_perl.c:39:
/usr/local/lib/perl5/5.8.9/mach/CORE/perl.h:3380: warning: redundant 
redeclaration of 'getuid'
/usr/include/unistd.h:349: warning: previous declaration of 'getuid' was here
/usr/local/lib/perl5/5.8.9/mach/CORE/perl.h:3381: warning: redundant 
redeclaration of 'geteuid'
/usr/include/unistd.h:342: warning: previous declaration of 'geteuid' was here
/usr/local/lib/perl5/5.8.9/mach/CORE/perl.h:3382: warning: redundant 
redeclaration of 'getgid'
/usr/include/unistd.h:343: warning: previous declaration of 'getgid' was here
/usr/local/lib/perl5/5.8.9/mach/CORE/perl.h:3383: warning: redundant 
redeclaration of 'getegid'
/usr/include/unistd.h:341: warning: previous declaration of 'getegid' was here
/usr/local/lib/perl5/5.8.9/mach/CORE/perl.h:3678: warning: redundant 
redeclaration of 'mktemp'
/usr/include/unistd.h:506: warning: previous declaration of 'mktemp' was here
/usr/local/lib/perl5/5.8.9/mach/CORE/perl.h:3680: warning: redundant 
redeclaration of 'atof'
/usr/include/stdlib.h:86: warning: previous declaration of 'atof' was here
In file included from rlm_perl.c:39:
/usr/local/lib/perl5/5.8.9/mach/CORE/perl.h:3771: warning: redundant 
redeclaration of 'crypt'
/usr/include/unistd.h:427: warning: previous declaration of 'crypt' was here
/usr/local/lib/perl5/5.8.9/mach/CORE/perl.h:3777: warning: redundant 
redeclaration of 'getenv'
/usr/include/stdlib.h:95: warning: previous declaration of 'getenv' was here
/usr/local/lib/perl5/5.8.9/mach/CORE/perl.h:3788: warning: redundant 
redeclaration of 'getlogin'
/usr/include/unistd.h:345: warning: previous declaration of 'getlogin' was here
rlm_perl.c: In functio

RE: Alternate server certificate

[Garber, Neal]

> It's automatically added for modules listed in the "authenticate" section.

That's what I thought was going on when I looked in modules.c.  Thanks for the 
confirmation Alan.  

Also, I submitted a bug report to add debug output if pairmake fails while 
creating Auth-Type in rlm_eap.c.  Having that message in the debug output 
explaining why rlm_eap failed would be useful.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Alternate server certificate

[Alan DeKok]

Garber, Neal wrote:
> Next, I added an RDEBUG in rlm_eap.c to tell me why the pairmake is
> Failing and I now see:
> 
> Fri Jul 24 16:10:59 2009 : Info: [eap-comodo] Failed to create attribute 
> Auth-Type: Unknown value eap-comodo for attribute Auth-Type
> 
> Looking in lib/pairmake.c, it appears this occurs if it can't find the
> value in the dictionary for the specified attribute.  

  It's automatically added for modules listed in the "authenticate" section.

  The default configuration has "eap" listed in authorize *and*
authenticate.  If you change the name to "eapfoo", you will need to list
"eapfoo" in *both* authorize and authenticate.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_perl problems]

[Ivan Kalik]

> Garber, Neal wrote:
>> Igor,
>>
>> What version of perl and what O/S are you using?  I'm using FreeBSD 7.2
>> with perl 5.8.9.  The reason I hadn't submitted this sooner is I wanted
>> to rule out an issue with perl (our Productions servers are running an
>> older version of FreeBSD and perl).
> perl, v5.8.8 built for x86_64-linux-thread-multi, installed with yum
> OS: CentOS X64,  kernel 2.6.18-128.1.10.el5
>
> freeradius installed from rpm,
> rpm made with freeradius.spec file:
> %define _prefix /usr/local/freeradius
> %configure --prefix=%{_prefix} \
> --with-system-libtool \
> --disable-ltdl-install \
> --with-ltdl-lib=/usr/lib \
> --with-ltdl-include=/usr/include \
> --with-large-files --with-udpfromto --with-edir \
> --with-rlm-krb5-include-dir=/usr/kerberos/include \
> --with-rlm-krb5-lib-dir=/usr/kerberos/lib \
> --with-logdir=/var/log/radius

Slackware 12.1, perl 5.8.7.

I am afraid I can't emulate this. test1 and test2 run copies of
example.pl. I have edited them so they are not identical (just in case).
Result:

...
[files] users: Matched entry tnt at line 1
++[files] returns ok
rlm_perl: Added pair User-Name = tnt
rlm_perl: Added pair User-Password = x
rlm_perl: Added pair NAS-Port = 0
rlm_perl: Added pair NAS-IP-Address = 212.200.152.xx
rlm_perl: Added pair Cleartext-Password = x
++[test1] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "x"
[pap] Using clear text password "x"
[pap] User authenticated successfully
++[pap] returns ok
+- entering group post-auth {...}
rlm_perl: Added pair User-Name = tnt
rlm_perl: Added pair User-Password = x
rlm_perl: Added pair NAS-IP-Address = 212.200.152.xx
rlm_perl: Added pair NAS-Port = 0
rlm_perl: Added pair Cleartext-Password = x
rlm_perl: Added pair Auth-Type = PAP
++[test2] returns ok
++[exec] returns noop
Sending Access-Accept of id 104 to 127.0.0.1 port 37266
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 104 with timestamp +5
Ready to process requests.

Two perl instances running different perl scripts! I would suggest
following instructions in doc/bugs to find out what is causing the
segfault.

PS. My test server is running 2.1.7 pre-release
(http://git.freeradius.org/pre/). Try upgrading to that and see if the
problem goes away.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Alternate server certificate

[Garber, Neal]

>> So, what causes the eap module to return "fail".  There are no
>> other messages indicating why it is failing (that I see).  Here's
>> output at startup showing that both were instantiated:
>
>You should replace eap in authenticate with those two instances as well.

Thank you again for your help Ivan.  I'm not sure if you saw my last msg
which gives more info about the eap failure (it can't find the eap instance
in the dictionary).

I already tried adding the code to the authenticate section; but, I got
errors when it tried to process the unlang.  I figured since it was failing 
in authorize that I would worry about the authenticate section later.  

Anyway, here's the error I get:

Fri Jul 24 17:51:07 2009 : Debug:  Module: Checking authenticate {...} for more 
modules to load
Fri Jul 24 17:51:07 2009 : Error: 
/usr/local/etc/raddb/sites-enabled/default[40]: Unknown Auth-Type 
"(Cisco-AVPair =~ /ssid=(.*)/)" in authenticate sub-section.

And here's what's in my authenticate section:

authenticate {
if (Cisco-AVPair =~ /ssid=(.*)/) {
   update request {
SSID-Name = "%{1}"
   }
}
files
machine_UserName
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
if (SSID-Name) {
   if (SSID-Name == "XX-Barcode") {
  eap-internal
   }
   elsif (SSID-Name == "XX-Corp") {
  eap-internal
   }
   elsif (SSID-Name == "EE-Barcode") {
  eap-internal
   }
   else {
  eap-comodo
   }
}
else {
   eap-comodo
}
#   eap-internal


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Salu2...

[Igor Smitran]

Igor Smitran wrote:
> As far as i can see, you removed pap from authorize section, which means
> that you tried to change default setup...
>   
My bad, pap does exist in authorize, but freeradius doesn't know where
is the password...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Salu2...

[Igor Smitran]

Frank Ernesto Morales Quiroga wrote:
> install in freebsd freeradius friends and when my clients try to
> connect this poster draws me, it can be:
>
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> [suffix] Looking up realm "cdr.cu " for User-Name =
> "t...@cdr.cu "
> [suffix] No such realm "cdr.cu "
> ++[suffix] returns noop
> [eap] No EAP-Message, not doing EAP
> ++[eap] returns noop
> ++[unix] returns notfound
> [files] users: Matched entry DEFAULT at line 85
> ++[files] returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> [pap] WARNING! No "known good" password found for the user. 
> Authentication may fail because of this.
> ++[pap] returns noop
> Found Auth-Type = System
> +- entering group authenticate {...}
> ++[unix] returns notfound
> Failed to authenticate the user.
> Using Post-Auth-Type Reject
> +- entering group REJECT {...}
> [attr_filter.access_reject] expand: %{User-Name} -> t...@cdr.cu
> 
>  attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 2 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 2
> Sending Access-Reject of id 158 to 192.168.25.50 port 17963
> Waking up in 4.9 seconds.
> Cleaning up request 2 ID 158 with timestamp +158
> Ready to process requests.

What is your users real username? t...@cdr.cu or just test?
 Where did you put your users? in database? shadow file?
What kind of password authentication do you use? PAP, CHAP, MSCHAP?
Default freeradius setup is almost always able to work out of the box
for many scenarios, but it still lacks the ability to read minds as we
all do here :)

As far as i can see, you removed pap from authorize section, which means
that you tried to change default setup...

Igor
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Salu2...

[Ivan Kalik]

> install in freebsd freeradius friends and when my clients try to connect
> this poster draws me, it can be:

You are forcing server to look for password in system file (etc/passwd).

...
> [files] users: Matched entry DEFAULT at line 85
> ++[files] returns ok
...
> Found Auth-Type = System
...

But password is not there (or anywhere else).

...
> ++[unix] returns notfound
...
> [pap] WARNING! No "known good" password found for the user.
> Authentication
> may fail because of this.
> ++[pap] returns noop
> +- entering group authenticate {...}
> ++[unix] returns notfound
> Failed to authenticate the user.
> Using Post-Auth-Type Reject
...

Where is your password suposed to be?

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Salu2...

[Frank Ernesto Morales Quiroga]

install in freebsd freeradius friends and when my clients try to connect
this poster draws me, it can be:

+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "cdr.cu" for User-Name = "t...@cdr.cu"
[suffix] No such realm "cdr.cu"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 85
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = System
+- entering group authenticate {...}
++[unix] returns notfound
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> t...@cdr.cu
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 2 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 2
Sending Access-Reject of id 158 to 192.168.25.50 port 17963
Waking up in 4.9 seconds.
Cleaning up request 2 ID 158 with timestamp +158
Ready to process requests.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Alternate server certificate

[Garber, Neal]

> Fri Jul 24 12:25:27 2009 : Info: [eap-comodo] EAP packet type response id 2 
> length 18
> Fri Jul 24 12:25:27 2009 : Info: [eap-comodo] No EAP Start, assuming it's an 
> on-going EAP conversation
> Fri Jul 24 12:25:27 2009 : Info: +++[eap-comodo] returns fail

This issue occurs during Authorize.  I looked in the source of rlm_eap.c &
eap.c.  Since the "No EAP Start" message appears in the debug output,
I know eap_start is returning EAP_NOTFOUND (it's the next stmt after this
Message).  Given this, the only possible cause for a RLM_MODULE_FAIL after 
calling eap_start is a failure of pairmake for "Auth-Type" (rlm_eap.c line
492).  Next, I added an RDEBUG in rlm_eap.c to tell me why the pairmake is
Failing and I now see:

Fri Jul 24 16:10:59 2009 : Info: [eap-comodo] Failed to create attribute 
Auth-Type: Unknown value eap-comodo for attribute Auth-Type

Looking in lib/pairmake.c, it appears this occurs if it can't find the
value in the dictionary for the specified attribute.  

I'll keep digging, but does anyone have any idea why this instance 
wouldn't have been added to the dictionary, at initialization, when 
it was processing the eap file (I didn't see any errors in the debug
output when it was instantiating them)?  Is it because the submodules
already existed?  That is, do I need an alias for all of the eap
sub-modules too (e.g., tls, peap, etc.)?

Thanks in advance for any insight you can provide..

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problem with compilation

[Steven Carr]

On 24/7/09 18:57, Julio Villacis Guevara wrote:
> I see that when executed ./configure display the following warning 
> 
> checking openssl/ssl.h usability... yes
> checking openssl/ssl.h presence... no
> configure: WARNING: openssl/ssl.h: accepted by the compiler, rejected by the
> preprocessor!
> configure: WARNING: openssl/ssl.h: proceeding with the compiler's result

The OpenSSL you are using is not compatible with FreeRADIUS (the version
shipped with Solaris is broken). You will need to install the version
from Sunfreeware.com and then ensure when you ./configure that you add
in the correct commands to point to the right location of OpenSSL.

I did the following to get FreeRADIUS installed on our Solaris 10 box:

Install the OpenSSL and OpenLDAP packages and their dependencies from
sunfreeware.com

Then I had to do the following to get it to configure:

export PATH=$PATH:/usr/ccs/bin

./configure --with-openssl=yes --with-openssl-dir=/usr/local/ssl
--with-openssl-includes=/usr/local/ssl/include
--with-openssl-libraries=/usr/local/ssl/lib
--with-rlm-ldap-lib-dir=/usr/local/lib
--with-rlm-ldap-include-dir=/usr/local/include

After the configure had completed I could then run "make" to compile
FreeRADIUS.

After it had compiled I ran "make install" to install FreeRADIUS.

I then needed to modify the system library paths so that FreeRADIUS
could load the required libraries without any config file modifications,
this was achieved by running the following command on our system:

crle -u -l /lib:/usr/lib:/usr/local/lib:/usr/local/ssl/lib

Steve

-- 
Steven Carr
Systems Development Officer
SLS/ITS/Systems - (0191) 515 3953



signature.asc
Description: OpenPGP digital signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_perl problems]

[Igor Smitran]

Garber, Neal wrote:
> Igor,
>
> What version of perl and what O/S are you using?  I'm using FreeBSD 7.2 with 
> perl 5.8.9.  The reason I hadn't submitted this sooner is I wanted to rule 
> out an issue with perl (our Productions servers are running an older version 
> of FreeBSD and perl).
perl, v5.8.8 built for x86_64-linux-thread-multi, installed with yum
OS: CentOS X64,  kernel 2.6.18-128.1.10.el5

freeradius installed from rpm,
rpm made with freeradius.spec file:
%define _prefix /usr/local/freeradius
%configure --prefix=%{_prefix} \
--with-system-libtool \
--disable-ltdl-install \
--with-ltdl-lib=/usr/lib \
--with-ltdl-include=/usr/include \
--with-large-files --with-udpfromto --with-edir \
--with-rlm-krb5-include-dir=/usr/kerberos/include \
--with-rlm-krb5-lib-dir=/usr/kerberos/lib \
--with-logdir=/var/log/radius


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: trouble checking item value from ldap

[Tony P.]

ok ok.. i solve my trouble :D

to setup the monthlycounter to check-in not mut be add new attribute
i see a radiusCheckItem in the scheme and i try with this so
i have to make this to works cool!!!

radiusCheckItem Max-Monthly-Session := 9 (as write into mysql)

Thanxs any way

Tony P. escribió:
> hi, have this problem now...
> 
> i set into profile of users some items to check
> 
> cn=dialup,ou=radius,ou=services,dc=domain,dc=org
> radiusCalledStationId 160110
> radiusCalledStationId 60110
> radiusCalledStationId 8314949
> radiusFramedIpNetmask 255.255.255.255.255
> radiusFramedProtocol PPP
> radiusHint userdefault
> radiusMaxMonthlySession 9
> radiusServiceType Framed-User
> radiusSimultaneousUse 1
> 
> and in my usertest exist this
> 
> cn=emperor,ou=users,dc=domain,dc=org
> radiusCallingStationId 838
> RadiusProfileDn cn=dialup,ou=radius,ou=services,dc=domain,dc=org
> userPassword xx
> and when freeradius start in debug mode i see when Access-Request to process
> authorize section in debug out this.
> 
> in the freeradius -X debug mode show this when i try to authorized
> 
> rlm_ldap: Adding radiusCalledStationId as Called-Station-Id, value 8314949 & 
> op=21
> rlm_ldap: Adding radiusCalledStationId as Called-Station-Id, value 60110 & 
> op=21
> rlm_ldap: Adding radiusCalledStationId as Called-Station-Id, value 160110 & 
> op=21
> rlm_ldap: Adding radiusSimultaneousUse as Simultaneous-Use, value 1 & op=21
> rlm_ldap: Adding radiusFramedIPNetmask as Framed-IP-Netmask, value
> 255.255.255.255.255 & op=11
> rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP & op=11
> rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User & op=11
> 
> so. when i make radclient authorize works fine and receive Access-Accept but 
> in
> the freeradius not load radiusMaxMonthlySession 9 as i wrote above either
> radiusHint userdefault
> 
> why radiusMonthlySession and radiusHint not is loaded in debug mode when 
> radiusd
> load all attributes from profile when Access-Request came.
> 
> note:
> 
> 1- radiusHint came in the scheme by default
> 
> 2- radiusMaxMonthlySession was wrote by me because not exist in the
> freeradius.scheme, i added new attribute and including in the class of
> freeradius so is posible to setup into user profile.
> 
> 
> 
> 
> 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



signature.asc
Description: OpenPGP digital signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: rlm_perl problems]

[Garber, Neal]

Igor,

What version of perl and what O/S are you using?  I'm using FreeBSD 7.2 with 
perl 5.8.9.  The reason I hadn't submitted this sooner is I wanted to rule out 
an issue with perl (our Productions servers are running an older version of 
FreeBSD and perl).

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

trouble checking item value from ldap

[Tony P.]

hi, have this problem now...

i set into profile of users some items to check

cn=dialup,ou=radius,ou=services,dc=domain,dc=org
radiusCalledStationId 160110
radiusCalledStationId 60110
radiusCalledStationId 8314949
radiusFramedIpNetmask 255.255.255.255.255
radiusFramedProtocol PPP
radiusHint userdefault
radiusMaxMonthlySession 9
radiusServiceType Framed-User
radiusSimultaneousUse 1

and in my usertest exist this

cn=emperor,ou=users,dc=domain,dc=org
radiusCallingStationId 838
RadiusProfileDn cn=dialup,ou=radius,ou=services,dc=domain,dc=org
userPassword xx
and when freeradius start in debug mode i see when Access-Request to process
authorize section in debug out this.

in the freeradius -X debug mode show this when i try to authorized

rlm_ldap: Adding radiusCalledStationId as Called-Station-Id, value 8314949 & 
op=21
rlm_ldap: Adding radiusCalledStationId as Called-Station-Id, value 60110 & op=21
rlm_ldap: Adding radiusCalledStationId as Called-Station-Id, value 160110 & 
op=21
rlm_ldap: Adding radiusSimultaneousUse as Simultaneous-Use, value 1 & op=21
rlm_ldap: Adding radiusFramedIPNetmask as Framed-IP-Netmask, value
255.255.255.255.255 & op=11
rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP & op=11
rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User & op=11

so. when i make radclient authorize works fine and receive Access-Accept but in
the freeradius not load radiusMaxMonthlySession 9 as i wrote above either
radiusHint userdefault

why radiusMonthlySession and radiusHint not is loaded in debug mode when radiusd
load all attributes from profile when Access-Request came.

note:

1- radiusHint came in the scheme by default

2- radiusMaxMonthlySession was wrote by me because not exist in the
freeradius.scheme, i added new attribute and including in the class of
freeradius so is posible to setup into user profile.




signature.asc
Description: OpenPGP digital signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Problem with compilation

[Julio Villacis Guevara]

Hi

Really it was absent/usr/ccs/bin.

I see that when executed ./configure display the following warning 

checking openssl/ssl.h usability... yes
checking openssl/ssl.h presence... no
configure: WARNING: openssl/ssl.h: accepted by the compiler, rejected by the
preprocessor!
configure: WARNING: openssl/ssl.h: proceeding with the compiler's result
checking for openssl/ssl.h... yes
checking openssl/crypto.h usability... yes
checking openssl/crypto.h presence... no
configure: WARNING: openssl/crypto.h: accepted by the compiler, rejected by
the preprocessor!
configure: WARNING: openssl/crypto.h: proceeding with the compiler's result
checking for openssl/crypto.h... yes
checking openssl/err.h usability... yes
checking openssl/err.h presence... no
configure: WARNING: openssl/err.h: accepted by the compiler, rejected by the
preprocessor!
configure: WARNING: openssl/err.h: proceeding with the compiler's result
checking for openssl/err.h... yes
checking openssl/evp.h usability... yes
checking openssl/evp.h presence... no
configure: WARNING: openssl/evp.h: accepted by the compiler, rejected by the
preprocessor!
configure: WARNING: openssl/evp.h: pro

Any idea

Ing. Julio Villacís G.
Ingeniero de Servicios
Comware S.A.
(593 4) 2690170 Ext. 4500
www.comware.com.ec
Guayaquil-Ecuador
 
-Mensaje original-
De: freeradius-users-bounces+jvillaci=comware.com...@lists.freeradius.org
[mailto:freeradius-users-bounces+jvillaci=comware.com...@lists.freeradius.or
g] En nombre de Steven Carr
Enviado el: Friday, July 24, 2009 12:32 PM
Para: FreeRadius users mailing list
Asunto: Re: Problem with compilation

>> false cru .libs/libfreeradius-radius.a  dict.o filters.o hash.o hmac.o
>> hmacsha1.o isaac.o log.o misc.o missing.o md4.o md5.o print.o radius.o
>> rbtree.o sha1.o snprintf.o strlcat.o strlcpy.o token.o udpfromto.o
>> valuepair.o fifo.o packet.o event.o getaddrinfo.o vqp.o
>> heap.o dhcp.o
> 
> Here you have false. so probably you are missing a tool, that configure
> could not find. (Sorry, I do not know how the tool makring static
> libraries is supposed to be named on Solaris.)Í

Amend your path to include /usr/ccs/bin then re ./configure - it is
missing the "ar" command which is locate at /usr/ccs/bin/ar (I ran fowl
of this one too).

Steve

-- 
Steven Carr
Systems Development Officer
SLS/ITS/Systems - (0191) 515 3953



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Alternate server certificate

[Garber, Neal]

>> - Have two instances of the EAP module (one for 
>> internal SSIDs and one for guest) and select 
>> which one to use with some unlang code (based upon 
>> the value of 1 request attribute)
>
>That should work.

I'm having trouble getting this to work.  I added 
the following to my authorize section:

   # Extract SSID into SSID-Name attribute
   if (Cisco-AVPair =~ /ssid=(.*)/) {
  update request {
   SSID-Name = "%{1}"
  }
   }
   # Select appropriate EAP instance
   if (SSID-Name) {
  if (SSID-Name == "XX-Barcode") {
  eap-internal
  }
  elsif (SSID-Name == "EE-Barcode") {
  eap-internal
   }
  else {
 eap-comodo
  }
   }
   else {
  eap-comodo
   }

I have two instances in modules/eap that are identical
except for the certificate_file and key_file.  When I
try to connect, I see the following in the debug output
(I can provide more if needed, but I think this will
Illustrate what's happening).  I then tried using the 
same certificate & key file and still received the same
error:

Fri Jul 24 12:25:27 2009 : Info: ++? if (SSID-Name)
Fri Jul 24 12:25:27 2009 : Info: ? Evaluating (SSID-Name) -> FALSE
Fri Jul 24 12:25:27 2009 : Info: ++? if (SSID-Name) -> FALSE
Fri Jul 24 12:25:27 2009 : Info: ++- entering else else {...}
Fri Jul 24 12:25:27 2009 : Info: [eap-comodo] EAP packet type response id 2 
length 18
Fri Jul 24 12:25:27 2009 : Info: [eap-comodo] No EAP Start, assuming it's an 
on-going EAP conversation
Fri Jul 24 12:25:27 2009 : Info: +++[eap-comodo] returns fail
Fri Jul 24 12:25:27 2009 : Info: ++- else else returns fail
Fri Jul 24 12:25:27 2009 : Auth: Invalid user: [BGAS\\] (from client 
abcd1-ab-wc01 port 1 cli 00-16-6F-16-F5-64)
Fri Jul 24 12:25:27 2009 : Info: Using Post-Auth-Type Reject
Fri Jul 24 12:25:27 2009 : Info: +- entering group REJECT {...}

So, what causes the eap module to return "fail".  There are no
other messages indicating why it is failing (that I see).  Here's
output at startup showing that both were instantiated:

Fri Jul 24 12:25:18 2009 : Debug:  Module: Instantiating eap-internal
Fri Jul 24 12:25:18 2009 : Debug:   eap eap-internal {
Fri Jul 24 12:25:18 2009 : Debug:   default_eap_type = "peap"
Fri Jul 24 12:25:18 2009 : Debug:   timer_expire = 60
Fri Jul 24 12:25:18 2009 : Debug:   ignore_unknown_eap_types = no
Fri Jul 24 12:25:18 2009 : Debug:   cisco_accounting_username_bug = no
Fri Jul 24 12:25:18 2009 : Debug:   max_sessions = 2048
Fri Jul 24 12:25:18 2009 : Debug:   }
Fri Jul 24 12:25:18 2009 : Debug:  Module: Linked to sub-module rlm_eap_leap
Fri Jul 24 12:25:18 2009 : Debug:  Module: Instantiating eap-leap
Fri Jul 24 12:25:18 2009 : Debug:  Module: Linked to sub-module rlm_eap_tls
Fri Jul 24 12:25:18 2009 : Debug:  Module: Instantiating eap-tls
Fri Jul 24 12:25:18 2009 : Debug:tls {
Fri Jul 24 12:25:18 2009 : Debug:   rsa_key_exchange = no
Fri Jul 24 12:25:18 2009 : Debug:   dh_key_exchange = yes
Fri Jul 24 12:25:18 2009 : Debug:   rsa_key_length = 512
Fri Jul 24 12:25:18 2009 : Debug:   dh_key_length = 512
Fri Jul 24 12:25:18 2009 : Debug:   verify_depth = 0
Fri Jul 24 12:25:18 2009 : Debug:   pem_file_type = yes
Fri Jul 24 12:25:18 2009 : Debug:   private_key_file = 
"/usr/local/etc/raddb/certs/ra01-roch1-tst-internal.pem"
Fri Jul 24 12:25:18 2009 : Debug:   certificate_file = 
"/usr/local/etc/raddb/certs/ra01-roch1-tst-internal.pem"
Fri Jul 24 12:25:18 2009 : Debug:   private_key_password = ""
Fri Jul 24 12:25:18 2009 : Debug:   dh_file = 
"/usr/local/etc/raddb/certs/dh"
Fri Jul 24 12:25:18 2009 : Debug:   random_file = 
"/usr/local/etc/raddb/certs/random"
Fri Jul 24 12:25:18 2009 : Debug:   fragment_size = 1024
Fri Jul 24 12:25:18 2009 : Debug:   include_length = yes
Fri Jul 24 12:25:18 2009 : Debug:   check_crl = no
Fri Jul 24 12:25:18 2009 : Debug:   cipher_list = "DEFAULT"
Fri Jul 24 12:25:18 2009 : Debug:}
Fri Jul 24 12:25:18 2009 : Debug:  Module: Linked to sub-module rlm_eap_peap
Fri Jul 24 12:25:18 2009 : Debug:  Module: Instantiating eap-peap
Fri Jul 24 12:25:18 2009 : Debug:peap {
Fri Jul 24 12:25:18 2009 : Debug:   default_eap_type = "mschapv2"
Fri Jul 24 12:25:18 2009 : Debug:   copy_request_to_tunnel = yes
Fri Jul 24 12:25:18 2009 : Debug:   use_tunneled_reply = no
Fri Jul 24 12:25:18 2009 : Debug:   proxy_tunneled_request_as_eap = yes
Fri Jul 24 12:25:18 2009 : Debug:   virtual_server = "inner-tunnel"
Fri Jul 24 12:25:18 2009 : Debug:}
Fri Jul 24 12:25:18 2009 : Debug:  Module: Linked to sub-module rlm_eap_mschapv2
Fri Jul 24 12:25:18 2009 : Debug:  Module: Instantiating eap-mschapv2
Fri Jul 24 12:25:18 2009 : Debug:mschapv2 {
Fri Jul 24 12:25:18 2009 : Debug:   with_ntdomain_hack = no
Fri Jul 24 12:25:18 2009 : Debug:}
Fri Jul 24 12:25:18 2009 : Debug:  

Re: Problem with compilation

[Steven Carr]

>> false cru .libs/libfreeradius-radius.a  dict.o filters.o hash.o hmac.o
>> hmacsha1.o isaac.o log.o misc.o missing.o md4.o md5.o print.o radius.o
>> rbtree.o sha1.o snprintf.o strlcat.o strlcpy.o token.o udpfromto.o
>> valuepair.o fifo.o packet.o event.o getaddrinfo.o vqp.o
>> heap.o dhcp.o
> 
> Here you have false. so probably you are missing a tool, that configure
> could not find. (Sorry, I do not know how the tool makring static
> libraries is supposed to be named on Solaris.)Í

Amend your path to include /usr/ccs/bin then re ./configure - it is
missing the "ar" command which is locate at /usr/ccs/bin/ar (I ran fowl
of this one too).

Steve

-- 
Steven Carr
Systems Development Officer
SLS/ITS/Systems - (0191) 515 3953



signature.asc
Description: OpenPGP digital signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_perl problems]

[Igor Smitran]

Ivan Kalik wrote:
>> It ends with freeradius crashing. If i disable all other perl calls and
>> leave only dummy.pl works with no problems. Same goes for other way
>> around. Basicaly, any combination that involves only one perl script
>> works without any problems. If i use two perl scripts in any combination
>> freeradius crashes.
>> 
>
> Let me see if I understand well: you can run multiple perl module
> instances as long as they execute same script; if different instances run
> different scripts - freeradius crashes!
>
> I will try to emulate this tonight. I haven't tried this scenario. But I
> can run perl + radcheck (also perl script, but not called through perl
> module) without problems.
Yes, i can define multiple perl instances as long as they call same perl
script. It looks like two different perl scripts cannot coexist in
memory at the same time. Workaround for now is to have one perl script
active and through func_* definitions have different functions called
and do tasks needed, like i stated in one of my examples earlier in this
thread.

P.S. chekrad works for me too, i use it for simultaneous-use. I was
trying to use unlang as much as possible, but there are two tasks left
that i need perl for.


Thank you,
Igor
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Freeradius and memory usage

[Roy Kartadinata]

Alan DeKok wrote:
> Roy Kartadinata wrote:
>> Our radius server is currently having some memory issue where its
>> memory usage would increase by 1% every 30-45 minutes. Eventually the
>> server will crash and restart because of out of memory. We've been
>> using freeradius for a couple of years and this just started on
>> Thursday so I upgraded our radius to the latest 2.1.6 from 2.1.5 but
>> the problem still there. Has anyone ever experiencing this issue
>> before? 
> 
>   The only thing like that I'm aware of is with the detail file,
> which was fixed in 2.1.6. 
> 
>   Look at the logs to see what the server is doing.  What errors is
> it producing? 
> 

I didn't see any error on error log, it looks clean. But this is what
the log looks like when it started to run out of memory the other night:

Wed Jul 22 22:03:42 2009 : Error: Rejecting request 16183416 due to lack
of any response from home server xxx.xxx.xxx.xxx port 1813
Wed Jul 22 22:03:42 2009 : Error: Rejecting request 16183418 due to lack
of any response from home server xxx.xxx.xxx.xxx port 1813
Wed Jul 22 22:03:42 2009 : Error: Rejecting request 16183420 due to lack
of any response from home server xxx.xxx.xxx.xxx port 1813
Wed Jul 22 22:03:42 2009 : Error: WARNING: Unresponsive child for
request 16183422, in module detail component pre-proxy
Wed Jul 22 22:03:42 2009 : Error: Rejecting request 16183423 due to lack
of any response from home server xxx.xxx.xxx.xxx port 1813
Wed Jul 22 22:03:42 2009 : Error: WARNING: Unresponsive child for
request 16183425, in module  component pre-proxy
Wed Jul 22 22:03:42 2009 : Error: WARNING: Unresponsive child for
request 16183427, in module  component pre-proxy
Wed Jul 22 22:03:42 2009 : Error: WARNING: Unresponsive child for
request 16183428, in module  component pre-proxy
Wed Jul 22 22:03:42 2009 : Error: WARNING: Unresponsive child for
request 16183430, in module  component pre-proxy
Wed Jul 22 22:03:42 2009 : Error: WARNING: Unresponsive child for
request 16183432, in module  component pre-proxy
Wed Jul 22 22:03:42 2009 : Error: WARNING: Unresponsive child for
request 16183434, in module  component pre-proxy
Wed Jul 22 22:03:43 2009 : Error: WARNING: Unresponsive child for
request 16183436, in module  component pre-proxy
Wed Jul 22 22:03:43 2009 : Error: WARNING: Unresponsive child for
request 16183438, in module  component pre-proxy
Wed Jul 22 22:03:43 2009 : Error: WARNING: Unresponsive child for
request 16183440, in module  component pre-proxy
Wed Jul 22 22:03:43 2009 : Error: WARNING: Unresponsive child for
request 16183441, in module  component pre-proxy
Wed Jul 22 22:03:43 2009 : Error: WARNING: Unresponsive child for
request 16183443, in module  component pre-proxy
Wed Jul 22 22:03:43 2009 : Error: WARNING: Unresponsive child for
request 16183445, in module  component pre-proxy
Wed Jul 22 22:03:43 2009 : Error: WARNING: Unresponsive child for
request 16183447, in module  component pre-proxy

And radius eventually died few seconds later. During all these, the
memory usage was at around 75% but authentication which we don't proxy
continued to work.

My current band aid was a simple script that checks its memory usage
regularly and restart after it passes certain percentage, not a good
solution but this will do for now. 





Cheers,

Roy Kartadinata

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: rlm_perl problems]

[Garber, Neal]

Here's a small excerpt from debug output I have showing this problem:

Tue Jul 21 09:32:36 2009 : Error: rlm_perl: perl_embed:: module = 
/usr/local/etc/raddb/write_log_data.pl , func = post_auth_reject exit status= 
Undefined subroutine &main::post_auth_reject called.
Segmentation fault: 11 (core dumped)

Subroutine post_auth_reject definitely exists in write_log_data.pl and this 
same script/config is working in my Production 2.0.3 and 2.0.5 systems.


-Original Message-
From: freeradius-users-bounces+neal.garber=energyeast@lists.freeradius.org 
[mailto:freeradius-users-bounces+neal.garber=energyeast@lists.freeradius.org]
 On Behalf Of Ivan Kalik
Sent: Friday, July 24, 2009 10:43 AM
To: FreeRadius users mailing list
Subject: Re: rlm_perl problems]

> It ends with freeradius crashing. If i disable all other perl calls and
> leave only dummy.pl works with no problems. Same goes for other way
> around. Basicaly, any combination that involves only one perl script
> works without any problems. If i use two perl scripts in any combination
> freeradius crashes.

Let me see if I understand well: you can run multiple perl module
instances as long as they execute same script; if different instances run
different scripts - freeradius crashes!

I will try to emulate this tonight. I haven't tried this scenario. But I
can run perl + radcheck (also perl script, but not called through perl
module) without problems.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius and memory usage

[Alan DeKok]

Roy Kartadinata wrote:
> Our radius server is currently having some memory issue where its memory
> usage would increase by 1% every 30-45 minutes. Eventually the server
> will crash and restart because of out of memory. We’ve been using
> freeradius for a couple of years and this just started on Thursday so I
> upgraded our radius to the latest 2.1.6 from 2.1.5 but the problem still
> there. Has anyone ever experiencing this issue before?

  The only thing like that I'm aware of is with the detail file, which
was fixed in 2.1.6.

  Look at the logs to see what the server is doing.  What errors is it
producing?

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: same login pass pair, different behaviour.

[Rakotomandimby Mihamina]

07/24/2009 05:00 PM, Ivan Kalik::

   username |   pwd
  --+-
  u_3   | pwd_3
  u_one | pwd_one
  u_two | pwd_two


That's not freeradius schema.


Yes, I know, that table was not to show my current schema.
Our current one is:

 id  | username | attribute  |  value  | op
-+--++-+
 111 | u_two| Cleartext-Password | pwd_two | :=

But I solved the problem, there were a NAS filtering in place,
So that if I connect from one NAS, there was the Reject.

--
Architecte Informatique:
   Administration Systeme, Recherche & Developpement
  + 261 32 11 401 65
Pensez a l'environnement avant d'imprimer ce message
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_perl problems]

[Ivan Kalik]

> It ends with freeradius crashing. If i disable all other perl calls and
> leave only dummy.pl works with no problems. Same goes for other way
> around. Basicaly, any combination that involves only one perl script
> works without any problems. If i use two perl scripts in any combination
> freeradius crashes.

Let me see if I understand well: you can run multiple perl module
instances as long as they execute same script; if different instances run
different scripts - freeradius crashes!

I will try to emulate this tonight. I haven't tried this scenario. But I
can run perl + radcheck (also perl script, but not called through perl
module) without problems.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: rlm_perl problems

[Garber, Neal]

I've been debating sending a similar message to the list as well.  I am also 
experiencing the same problem with 2.1.6 (undefined subroutines that *clearly* 
exist in the script) and Seg Faults.  I have reinstalled perl and then 
reinstalled FreeRadius to see if I can work around the issue with no success.  

Even the example.pl that comes with FR 2.1.6 fails.  Currently, I have some of 
my scripts disabled to workaround the problem.

-Original Message-
From: freeradius-users-bounces+neal.garber=energyeast@lists.freeradius.org 
[mailto:freeradius-users-bounces+neal.garber=energyeast@lists.freeradius.org]
 On Behalf Of Igor Smitran
Sent: Friday, July 24, 2009 8:30 AM
To: freeradius-users@lists.freeradius.org
Subject: rlm_perl problems]

I am using Freeradius 2.1.6.

I have a working setup of freeradius with perl scripts inside authorize
and accounting sections.
Everything works great when i am using only one script.
But. if i add another script to do some other stuff for example in
post-auth section i get errors in log and freeradius dies.

Error i get is:
Error: rlm_perl: perl_embed:: module =
/etc/raddb/config_dialup/perl_script_2.pl , func = post_auth exit
status= Undefined subroutine &main::post_auth called.

My perl setup is like this:

perl perl_script_1 {
module = ${confdir}/config_dialup/perl_script_1.pl
func_authorize = authorize_check_username
func_accounting = accounting_check_username
}

perl perl_script_2 {
module = ${confdir}/config_dialup/perl_script_2.pl
}



If i put everything into one script, like this:


perl perl_script_1 {
module = ${confdir}/config_dialup/perl_script_1.pl
func_authorize = authorize_check_username
func_accounting = accounting_check_username
}

perl perl_script_2 {
module = ${confdir}/config_dialup/perl_script_1.pl
}

then everything is ok. Did any of you had these problems?

Thank you


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_perl problems]

[Igor Smitran]

Ivan Kalik wrote:
>> perl perl_script_1 {
>> module = ${confdir}/config_dialup/perl_script_1.pl
>> func_authorize = authorize_check_username
>> func_accounting = accounting_check_username
>> }
>>
>> perl perl_script_2 {
>>
>> module = ${confdir}/config_dialup/perl_script_2.pl
>> }
>> 
>
> Is that a no? Neither of these instances you have posted has
> func_post_auth defined.
>
> Ivan Kalik
> Kalik Informatika ISP

Yes, that is a no. I only defined functions for which i changed names.
Didn't define functions that are left with default name. I did it that
way because in original perl all func_* are commented out.
Here is an example. i was using authorize section for this:
Just tested it. It doesn't work in both cases, with func_authorize
defined and without it.

In authorize section i have put dummy:

authorize {
*
dummy
*
}


in modules/perl:

perl dummy {
module = ${confdir}/scripts/dummy.pl
func_authorize = authorize
}

in dummy.pl:

use strict;
use vars qw(%RAD_REQUEST %RAD_REPLY %RAD_CHECK);
use Data::Dumper;
#my %RAD_REQUEST;
#my %RAD_REPLY;
#my %RAD_CHECK;
use constantRLM_MODULE_REJECT=>0;#  /* immediately
reject the request */
use constantRLM_MODULE_FAIL=>  1;#  /* module failed,
don't reply */
use constantRLM_MODULE_OK=>2;#  /* the module is OK,
continue */
use constantRLM_MODULE_HANDLED=>   3;#  /* the module
handled the request, so stop. */
use constantRLM_MODULE_INVALID=>   4;#  /* the module
considers the request invalid. */
use constantRLM_MODULE_USERLOCK=>  5;#  /* reject the
request (user is locked out) */
use constantRLM_MODULE_NOTFOUND=>  6;#  /* user not found */
use constantRLM_MODULE_NOOP=>  7;#  /* module succeeded
without doing anything */
use constantRLM_MODULE_UPDATED=>   8;#  /* OK (pairs
modified) */
use constantRLM_MODULE_NUMCODES=>  9;#  /* How many return
codes there are */

sub authorize {
&radiusd::radlog(0, "DUMMY");
return RLM_MODULE_OK;
}


It ends with freeradius crashing. If i disable all other perl calls and
leave only dummy.pl works with no problems. Same goes for other way
around. Basicaly, any combination that involves only one perl script
works without any problems. If i use two perl scripts in any combination
freeradius crashes.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: same login pass pair, different behaviour.

[Ivan Kalik]

> Hi all,
> I have these users in my PGSQL table
>   username |   pwd
> --+-
>  u_3   | pwd_3
>  u_one | pwd_one
>  u_two | pwd_two

That's not freeradius schema.

> When trying through the coova web form, same login/pass: Failure.
> Attached is the output of "freeradius -X"
>
> My collegues tell me coova must use CHAP for this project.
> What last setup is missing?

Where did you find those queries? They will work just with pap (and fail
on chap, mschap, ...).

Use provided schema and default queries and everything will work. If you
want to invent your own, you better know what you are doing.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problem with compilation

[Nicolas Goutte]

Am 24.07.2009 um 15:35 schrieb Julio Villacis Guevara:

Hi i am have problema with the compilation in a box SUN SPARC T6300  
with Solaris 10 the following is the messages display
gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall - 
D_GNU_SOURCE -DNDEBUG -D_LIBRADIUS -I/export/home/install/freeradius- 
server-2.1.6/src -c fifo.c -o fifo.o >/dev/null 2>&1
/export/home/install/freeradius-server-2.1.6/libtool --mode=compile  
gcc  -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall - 
D_GNU_SOURCE -DNDEBUG -D_LIBRADIUS -I/export/home/install/freeradius- 
server-2.1.6/src -c packet.c
 gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall - 
D_GNU_SOURCE -DNDEBUG -D_LIBRADIUS -I/export/home/install/freeradius- 
server-2.1.6/src -c packet.c  -fPIC -DPIC -o .libs/packet.o
 gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall - 
D_GNU_SOURCE -DNDEBUG -D_LIBRADIUS -I/export/home/install/freeradius- 
server-2.1.6/src -c packet.c -o packet.o >/dev/null 2>&1
/export/home/install/freeradius-server-2.1.6/libtool --mode=compile  
gcc  -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall - 
D_GNU_SOURCE -DNDEBUG -D_LIBRADIUS -I/export/home/install/freeradius- 
server-2.1.6/src -c event.c
 gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall - 
D_GNU_SOURCE -DNDEBUG -D_LIBRADIUS -I/export/home/install/freeradius- 
server-2.1.6/src -c event.c  -fPIC -DPIC -o .libs/event.o
 gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall - 
D_GNU_SOURCE -DNDEBUG -D_LIBRADIUS -I/export/home/install/freeradius- 
server-2.1.6/src -c event.c -o event.o >/dev/null 2>&1
/export/home/install/freeradius-server-2.1.6/libtool --mode=compile  
gcc  -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall - 
D_GNU_SOURCE -DNDEBUG -D_LIBRADIUS -I/export/home/install/freeradius- 
server-2.1.6/src -c getaddrinfo.c
 gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall - 
D_GNU_SOURCE -DNDEBUG -D_LIBRADIUS -I/export/home/install/freeradius- 
server-2.1.6/src -c getaddrinfo.c  -fPIC -DPIC -o .libs/getaddrinfo.o
 gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall - 
D_GNU_SOURCE -DNDEBUG -D_LIBRADIUS -I/export/home/install/freeradius- 
server-2.1.6/src -c getaddrinfo.c -o getaddrinfo.o >/dev/null 2>&1
/export/home/install/freeradius-server-2.1.6/libtool --mode=compile  
gcc  -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall - 
D_GNU_SOURCE -DNDEBUG -D_LIBRADIUS -I/export/home/install/freeradius- 
server-2.1.6/src -c vqp.c
 gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall - 
D_GNU_SOURCE -DNDEBUG -D_LIBRADIUS -I/export/home/install/freeradius- 
server-2.1.6/src -c vqp.c  -fPIC -DPIC -o .libs/vqp.o
 gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall - 
D_GNU_SOURCE -DNDEBUG -D_LIBRADIUS -I/export/home/install/freeradius- 
server-2.1.6/src -c vqp.c -o vqp.o >/dev/null 2>&1
/export/home/install/freeradius-server-2.1.6/libtool --mode=compile  
gcc  -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall - 
D_GNU_SOURCE -DNDEBUG -D_LIBRADIUS -I/export/home/install/freeradius- 
server-2.1.6/src -c heap.c
 gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall - 
D_GNU_SOURCE -DNDEBUG -D_LIBRADIUS -I/export/home/install/freeradius- 
server-2.1.6/src -c heap.c  -fPIC -DPIC -o .libs/heap.o
 gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall - 
D_GNU_SOURCE -DNDEBUG -D_LIBRADIUS -I/export/home/install/freeradius- 
server-2.1.6/src -c heap.c -o heap.o >/dev/null 2>&1
/export/home/install/freeradius-server-2.1.6/libtool --mode=compile  
gcc  -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall - 
D_GNU_SOURCE -DNDEBUG -D_LIBRADIUS -I/export/home/install/freeradius- 
server-2.1.6/src -c dhcp.c
 gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall - 
D_GNU_SOURCE -DNDEBUG -D_LIBRADIUS -I/export/home/install/freeradius- 
server-2.1.6/src -c dhcp.c  -fPIC -DPIC -o .libs/dhcp.o
 gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall - 
D_GNU_SOURCE -DNDEBUG -D_LIBRADIUS -I/export/home/install/freeradius- 
server-2.1.6/src -c dhcp.c -o dhcp.o >/dev/null 2>&1
/export/home/install/freeradius-server-2.1.6/libtool --mode=link gcc  
-release 2.1.6 \
 -export-dynamic -o libfreeradius-radius.la -rpath /usr/ 
local/lib dict.lo filters.lo hash.lo hmac.lo hmacsha1.lo isaac.lo  
log.lo misc.lo missing.lo md4.lo md5.lo print.lo radius.lo rbtree.lo  
sha1.lo snprintf.lo strlcat.lo strlcpy.lo token.lo udpfromto.lo  
valuepair.lo fifo.lo packet.lo event.lo getaddrinfo.lo vqp.lo  
heap.lo dhcp.lo
gcc -shared -Wl,-h -Wl,libfreeradius-radius-2.1.6.so -o .libs/ 
libfreeradius-radius-2.1.6.so  .libs/dict.o .libs/filters.o .libs/ 
hash.o .libs/hmac.o .libs/hmacsha1.o .libs/isaac.o .libs/log.o .libs/ 
misc.o .libs/missing.o .libs/md4.o .libs/md5.o .libs/print.o .libs/ 
radius.o .libs/rbtree.o .libs/sha1.o .libs/snprintf.o .libs/ 
strlcat.o .libs/strlcpy.o .libs/token.o .libs/udpfromto.o .libs/ 
valuepair.o .libs/fifo.o .libs/packet.o .libs/event.o .libs/ 
getaddrinfo.o .libs/vqp.o .libs/heap.o .libs/dhcp.o  -lc
(cd .libs && rm -f

Re: rlm_perl problems]

[Ivan Kalik]

> Ivan Kalik wrote:
>> Have you defined func_post_auth?
>>
>> Ivan Kalik
>> Kalik Informatika ISP
>>
> Left everything by default. Made script by using example.pl as template.
> Both scripts are looking exactly the same, except that i don't use
> default function names for perl_script_1.
>
> perl perl_script_1 {
> module = ${confdir}/config_dialup/perl_script_1.pl
> func_authorize = authorize_check_username
> func_accounting = accounting_check_username
> }
>
> perl perl_script_2 {
>
> module = ${confdir}/config_dialup/perl_script_2.pl
> }

Is that a no? Neither of these instances you have posted has
func_post_auth defined.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Problem with compilation

[Julio Villacis Guevara]

Hi i am have problema with the compilation in a box SUN SPARC T6300 with
Solaris 10 the following is the messages display

gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE
-DNDEBUG -D_LIBRADIUS -I/export/home/install/freeradius-server-2.1.6/src -c
fifo.c -o fifo.o >/dev/null 2>&1

/export/home/install/freeradius-server-2.1.6/libtool --mode=compile gcc  -g
-O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG
-D_LIBRADIUS -I/export/home/install/freeradius-server-2.1.6/src -c packet.c

 gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE
-DNDEBUG -D_LIBRADIUS -I/export/home/install/freeradius-server-2.1.6/src -c
packet.c  -fPIC -DPIC -o .libs/packet.o

 gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE
-DNDEBUG -D_LIBRADIUS -I/export/home/install/freeradius-server-2.1.6/src -c
packet.c -o packet.o >/dev/null 2>&1

/export/home/install/freeradius-server-2.1.6/libtool --mode=compile gcc  -g
-O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG
-D_LIBRADIUS -I/export/home/install/freeradius-server-2.1.6/src -c event.c

 gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE
-DNDEBUG -D_LIBRADIUS -I/export/home/install/freeradius-server-2.1.6/src -c
event.c  -fPIC -DPIC -o .libs/event.o

 gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE
-DNDEBUG -D_LIBRADIUS -I/export/home/install/freeradius-server-2.1.6/src -c
event.c -o event.o >/dev/null 2>&1

/export/home/install/freeradius-server-2.1.6/libtool --mode=compile gcc  -g
-O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG
-D_LIBRADIUS -I/export/home/install/freeradius-server-2.1.6/src -c
getaddrinfo.c

 gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE
-DNDEBUG -D_LIBRADIUS -I/export/home/install/freeradius-server-2.1.6/src -c
getaddrinfo.c  -fPIC -DPIC -o .libs/getaddrinfo.o

 gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE
-DNDEBUG -D_LIBRADIUS -I/export/home/install/freeradius-server-2.1.6/src -c
getaddrinfo.c -o getaddrinfo.o >/dev/null 2>&1

/export/home/install/freeradius-server-2.1.6/libtool --mode=compile gcc  -g
-O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG
-D_LIBRADIUS -I/export/home/install/freeradius-server-2.1.6/src -c vqp.c

 gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE
-DNDEBUG -D_LIBRADIUS -I/export/home/install/freeradius-server-2.1.6/src -c
vqp.c  -fPIC -DPIC -o .libs/vqp.o

 gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE
-DNDEBUG -D_LIBRADIUS -I/export/home/install/freeradius-server-2.1.6/src -c
vqp.c -o vqp.o >/dev/null 2>&1

/export/home/install/freeradius-server-2.1.6/libtool --mode=compile gcc  -g
-O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG
-D_LIBRADIUS -I/export/home/install/freeradius-server-2.1.6/src -c heap.c

 gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE
-DNDEBUG -D_LIBRADIUS -I/export/home/install/freeradius-server-2.1.6/src -c
heap.c  -fPIC -DPIC -o .libs/heap.o

 gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE
-DNDEBUG -D_LIBRADIUS -I/export/home/install/freeradius-server-2.1.6/src -c
heap.c -o heap.o >/dev/null 2>&1

/export/home/install/freeradius-server-2.1.6/libtool --mode=compile gcc  -g
-O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG
-D_LIBRADIUS -I/export/home/install/freeradius-server-2.1.6/src -c dhcp.c

 gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE
-DNDEBUG -D_LIBRADIUS -I/export/home/install/freeradius-server-2.1.6/src -c
dhcp.c  -fPIC -DPIC -o .libs/dhcp.o

 gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE
-DNDEBUG -D_LIBRADIUS -I/export/home/install/freeradius-server-2.1.6/src -c
dhcp.c -o dhcp.o >/dev/null 2>&1

/export/home/install/freeradius-server-2.1.6/libtool --mode=link gcc
-release 2.1.6 \

 -export-dynamic -o libfreeradius-radius.la -rpath /usr/local/lib
dict.lo filters.lo hash.lo hmac.lo hmacsha1.lo isaac.lo log.lo misc.lo
missing.lo md4.lo md5.lo print.lo radius.lo rbtree.lo sha1.lo snprintf.lo
strlcat.lo strlcpy.lo token.lo udpfromto.lo valuepair.lo fifo.lo packet.lo
event.lo getaddrinfo.lo vqp.lo heap.lo dhcp.lo

gcc -shared -Wl,-h -Wl,libfreeradius-radius-2.1.6.so -o
.libs/libfreeradius-radius-2.1.6.so  .libs/dict.o .libs/filters.o
.libs/hash.o .libs/hmac.o .libs/hmacsha1.o .libs/isaac.o .libs/log.o
.libs/misc.o .libs/missing.o .libs/md4.o .libs/md5.o .libs/print.o
.libs/radius.o .libs/rbtree.o .libs/sha1.o .libs/snprintf.o .libs/strlcat.o
.libs/strlcpy.o .libs/token.o .libs/udpfromto.o .libs/valuepair.o
.libs/fifo.o .libs/packet.o .libs/event.o .libs/getaddrinfo.o .libs/vqp.o
.libs/heap.o .libs/dhcp.o  -lc

(cd .libs && rm -f libfreeradius-radius.so && ln -s
libfreeradius-radius-2.1.6.so libfreeradius-radius.so)

false cru .libs/libfreeradius-radius.a  dict.o filters.o hash

same login pass pair, different behaviour.

[Rakotomandimby Mihamina]

Hi all,
I have these users in my PGSQL table
 username |   pwd
--+-
u_3   | pwd_3
u_one | pwd_one
u_two | pwd_two

When testing with radtest:

miham...@rktmb:~$ radtest u_one pwd_one radius20 10 cot357
Sending Access-Request of id 240 to 41.204.103.216 port 1812
User-Name = "u_one"
User-Password = "pwd_one"
NAS-IP-Address = 127.0.1.1
NAS-Port = 10
rad_recv: Access-Accept packet from host 41.204.103.216 port 1812, id=240, 
length=26
Session-Timeout = 320


and freeradius -X trace:

[...]
auth: type Local
auth: user supplied User-Password matches local User-Password
Login OK: [u_one/pwd_one] (from client quarante_un_deux_cent_quatre port 10)
+- entering group post-auth
rlm_sql (sql): Processing sql_postauth
expand: %{User-Name} -> u_one
rlm_sql (sql): sql_set_user escaped user --> 'u_one'
expand: SELECT * FROM f_prepaid_activate('%{SQL-User-Name}') -> SELECT 
* FROM f_prepaid_activate('u_one')
rlm_sql (sql) in sql_postauth: query is SELECT * FROM 
f_prepaid_activate('u_one')
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 1
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 128 to 41.204.104.9 port 60642
Session-Timeout = 320
Finished request 18.
Going to the next request
Waking up in 4.9 seconds.
===



When trying through the coova web form, same login/pass: Failure.
Attached is the output of "freeradius -X"

My collegues tell me coova must use CHAP for this project.
What last setup is missing?
Thank you!

--
Architecte Informatique:
   Administration Systeme, Recherche & Developpement
  + 261 32 11 401 65
Pensez a l'environnement avant d'imprimer ce message
rad_recv: Access-Request packet from host 41.204.104.68 port 2072, id=37, 
length=304
Vendor-14559-Attr-8 = 0x312e302e3131
User-Name = "u_one"
CHAP-Challenge = 0x3e05e8c330102b96a377b004612fb0b8
CHAP-Password = 0x00a8a24ff230a41368ba7c0ceb0dccbd1f
NAS-IP-Address = 41.204.104.68
Service-Type = Login-User
Framed-IP-Address = 10.111.0.130
Calling-Station-Id = "00-14-2A-AB-4E-98"
Called-Station-Id = "00-1D-73-55-95-AD"
NAS-Identifier = "00-1D-73-55-95-AD"
Acct-Session-Id = "4a69b5820001"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
WISPr-Location-ID = "isocc=MG,cc=,ac=,network=Coova,Blueline"
WISPr-Location-Name = "COT_HOTSPOT"
WISPr-Logoff-URL = "http://10.111.0.1:3660/logoff";
Message-Authenticator = 0x0e1108c35fb77d938cff62ae367289b0
+- entering group authorize
++[preprocess] returns ok
  rlm_chap: Setting 'Auth-Type := CHAP'
++[chap] returns ok
rlm_realm: No '@' in User-Name = "u_one", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
expand: %{User-Name} -> u_one
rlm_sql (sql): sql_set_user escaped user --> 'u_one'
rlm_sql (sql): Reserving sql socket id: 2
expand: SELECT * FROM 
f_authorize_check_query2('%{SQL-User-Name}','%{User-Password}','%{NAS-IP-Address}')
 -> SELECT * FROM f_authorize_check_query2('u_one','','41.204.104.68')
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 5
rlm_sql (sql): User found in radcheck table
expand: SELECT * FROM f_authorize_reply_query('%{SQL-User-Name}') -> 
SELECT * FROM f_authorize_reply_query('u_one')
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 5
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
  rad_check_password:  Found Auth-Type Reject
  rad_check_password: Auth-Type = Reject, rejecting user
auth: Failed to validate the user.
Login incorrect: [u_one/] (from client 
quarante_un_deux_cent_quatre port 1 cli 00-14-2A-AB-4E-98)
  Found Post-Auth-Type Reject
+- entering group REJECT
++- group REJECT returns noop
Delaying reject of request 19 for 4 seconds
Going to the next request
Waking up in 0.9 seconds.
Waking up in 2.9 seconds.
Sending delayed reject for request 19
Sending Access-Reject of id 37 to 41.204.104.68 port 2072
Session-Timeout = 320
Waking up in 4.9 seconds.
Cleaning up request 19 ID 37 with timestamp +331
Ready to process requests.
^C
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_perl problems]

[Igor Smitran]

Ivan Kalik wrote:
> Have you defined func_post_auth?
>
> Ivan Kalik
> Kalik Informatika ISP
>   
Left everything by default. Made script by using example.pl as template.
Both scripts are looking exactly the same, except that i don't use
default function names for perl_script_1.

perl perl_script_1 {
module = ${confdir}/config_dialup/perl_script_1.pl
func_authorize = authorize_check_username
func_accounting = accounting_check_username
}

perl perl_script_2 {

module = ${confdir}/config_dialup/perl_script_2.pl
}

This means that perl will use default function names for perl_script_2 and 
different function names for perl_script_1, right? or am i missing something?


Igor
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: howto pstack running freeradius process

[John Dennis]

On 07/24/2009 04:27 AM, George Chelidze wrote:

On Fri, 2009-07-24 at 08:08 +0200, Alan DeKok wrote:

George Chelidze wrote:

I didn't say it's an issue with freeradius.

   If it's not a FreeRADIUS issue, then the question doesn't belong on
the list.


I have just realized that this question should have been posted to
freeradius-devel list. Sorry for mistake.


   You're asking us to support (for free) a module you wrote, and/or an
OS that someone else wrote.

   Why?


What kind of answer you would like to get? I am afraid I missed
something while building freeradius the way I did so I asked what I
asked. If I knew that I have built freeradius with enough parameters to
get the stack trace and I can't get it because I have some other OS
related problem I would never asked this question on this list. I still
do not know it, so if someone can give me a hint, I'll be thankful.


I have to agree with Alan, this is not a FreeRADIUS issue. It is clearly 
an OS and software development environment issue. You haven't even 
stated what OS and architecture it is and your description of the error 
is vague at best. The man page for ptrace states it has architecture 
specific limitations. You built a local copy using your own toolchain 
and installed it in in a non-standard location, the ball is in your court.


Here is a hint which is appropriate for Linux. I assume the process is 
aborting, if so the easiest thing to do is port-mortium analysis on a 
core dump using gdb with the assumption you built everything with 
debugging symbols. Normally Linux does not generate core dumps when a 
process aborts, you have to ask it to generate the core dump. This is 
done with "ulimit -c NNN" where NNN is the maximum size of the core 
dump, by default its zero. Run the server, allow it to crash, then run 
gdb on the generated core file and the server executable.


The other thing you can do attach gdb to the running process and wait 
for things to go boom, you'll have a complete stack trace and can 
examine state the moment it happens, in fact this is really just an 
interactive version of the core dump approach, but without the core 
dump. It has an advantage of being able to pause the process before 
things go wrong and examine state. Just one gottcha, because FreeRADIUS 
uses loadable modules you won't be able to set break points in modules 
before they're loaded unless you tell gdb you need to do this, "set 
breakpoint pending on" is your friend in this regard.


HTH,

John


--
John Dennis 

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_perl problems]

[Ivan Kalik]

> I am using Freeradius 2.1.6.
>
> I have a working setup of freeradius with perl scripts inside authorize
> and accounting sections.
> Everything works great when i am using only one script.
> But. if i add another script to do some other stuff for example in
> post-auth section i get errors in log and freeradius dies.
>
> Error i get is:
> Error: rlm_perl: perl_embed:: module =
> /etc/raddb/config_dialup/perl_script_2.pl , func = post_auth exit
> status= Undefined subroutine &main::post_auth called.

Have you defined func_post_auth?

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

rlm_perl problems]

[Igor Smitran]

I am using Freeradius 2.1.6.

I have a working setup of freeradius with perl scripts inside authorize
and accounting sections.
Everything works great when i am using only one script.
But. if i add another script to do some other stuff for example in
post-auth section i get errors in log and freeradius dies.

Error i get is:
Error: rlm_perl: perl_embed:: module =
/etc/raddb/config_dialup/perl_script_2.pl , func = post_auth exit
status= Undefined subroutine &main::post_auth called.

My perl setup is like this:

perl perl_script_1 {
module = ${confdir}/config_dialup/perl_script_1.pl
func_authorize = authorize_check_username
func_accounting = accounting_check_username
}

perl perl_script_2 {
module = ${confdir}/config_dialup/perl_script_2.pl
}



If i put everything into one script, like this:


perl perl_script_1 {
module = ${confdir}/config_dialup/perl_script_1.pl
func_authorize = authorize_check_username
func_accounting = accounting_check_username
}

perl perl_script_2 {
module = ${confdir}/config_dialup/perl_script_1.pl
}

then everything is ok. Did any of you had these problems?

Thank you


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: :=, == and =

[Ivan Kalik]

> 07/24/2009 11:14 AM, Rakotomandimby Mihamina::
>> # DEFAULT Group == "disabled", Auth-Type := Reject
>> # Reply-Message = "Your account has been disabled."
>
>> - in the DEFAULT, I would like append 'Simultaneous-Use := 1' [1], but
>> what is the syntax if i want multiple DEFAULTSs
>
> Not clear. I meant:
> I would like to add many defaults Attributes/Values, what is the syntax?

In sql you use groups.Again, chack items go into radgroupcheck, reply into
radgroupreply. And you add user to as many groups as you like in
radusergroup. If group check items match, reply items will be added to
user profile (if they don't, reply items will be ignored).

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: :=, == and =

[Ivan Kalik]

> - what is the difference between ':=', '==' and '='

You also have a nice wiki page about it:

http://wiki.freeradius.org/Operators

> After that, I will switch to PG-SQL, and looking at:
> http://wiki.freeradius.org/SQL_HOWTO, must I have somthing like:
>
>   ++++--+--+
>   | id | UserName   | Attribute  | Value| Op
> |
>   ++++--+--+
>   |  1 | fredf  | Cleartext-Password | wilma| :=
> |
>   |  2 | barney | Cleartext-Password | betty| :=
> |
>   |  2 | dialrouter | Cleartext-Password | dialup   | :=
> |
>   || fredf  | Simultaneous-Use   | 1| :=
> |
>   || barney | Simultaneous-Use   | 1| :=
> |
>   || dialrouter | Simultaneous-Use   | 1| :=
> |
>   ++++--+--+
>
> In the database?
>
> [1] In order to _help_ the Access controller to forbid simultneous login

Yes, things from the check line go into radcheck table, reply items to
radreply table.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: :=, == and =

[Alan DeKok]

Rakotomandimby Mihamina wrote:
> - what is the difference between ':=', '==' and '='

  "man users"

> - when do/dont I put a comma

  "man users"

> - in the DEFAULT, I would like append 'Simultaneous-Use := 1' [1], but
> what is the syntax if i want multiple DEFAULTSs

  I'm not sure that will work.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: howto pstack running freeradius process

[George Chelidze]

On Fri, 2009-07-24 at 08:08 +0200, Alan DeKok wrote:
> George Chelidze wrote:
> > I didn't say it's an issue with freeradius.
> 
>   If it's not a FreeRADIUS issue, then the question doesn't belong on
> the list.

I have just realized that this question should have been posted to
freeradius-devel list. Sorry for mistake.

>   You're asking us to support (for free) a module you wrote, and/or an
> OS that someone else wrote.
> 
>   Why?

What kind of answer you would like to get? I am afraid I missed
something while building freeradius the way I did so I asked what I
asked. If I knew that I have built freeradius with enough parameters to
get the stack trace and I can't get it because I have some other OS
related problem I would never asked this question on this list. I still
do not know it, so if someone can give me a hint, I'll be thankful.

Best Regards,

George


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: :=, == and =

[Rakotomandimby Mihamina]

07/24/2009 11:14 AM, Rakotomandimby Mihamina::

# DEFAULT Group == "disabled", Auth-Type := Reject
# Reply-Message = "Your account has been disabled."



- in the DEFAULT, I would like append 'Simultaneous-Use := 1' [1], but
what is the syntax if i want multiple DEFAULTSs


Not clear. I meant:
I would like to add many defaults Attributes/Values, what is the syntax?

--
Architecte Informatique:
   Administration Systeme, Recherche & Developpement
  + 261 32 11 401 65
Pensez a l'environnement avant d'imprimer ce message
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

:=, == and =

[Rakotomandimby Mihamina]

Hi all,
In a users file, I have for example:

# DEFAULTGroup == "disabled", Auth-Type := Reject
#Reply-Message = "Your account has been disabled."
# [...]
# steve  Cleartext-Password := "testing"
#Service-Type = Framed-User,
#Framed-Protocol = PPP,
#Framed-IP-Address = 172.16.3.33,
#Framed-IP-Netmask = 255.255.255.0,
#Framed-Routing = Broadcast-Listen,
#Framed-Filter-Id = "std.ppp",
#Framed-MTU = 1500,
#Framed-Compression = Van-Jacobsen-TCP-IP

I have a few questions, and I am looking for the place they are documented.
I dont have all the technical terms yet to make an efficient search.

- what is the difference between ':=', '==' and '='
- when do/dont I put a comma
- in the DEFAULT, I would like append 'Simultaneous-Use := 1' [1], but what is 
the syntax if i want multiple DEFAULTSs

After that, I will switch to PG-SQL, and looking at: 
http://wiki.freeradius.org/SQL_HOWTO, must I have somthing like:

 ++++--+--+
 | id | UserName   | Attribute  | Value| Op   |
 ++++--+--+
 |  1 | fredf  | Cleartext-Password | wilma| :=   |
 |  2 | barney | Cleartext-Password | betty| :=   |
 |  2 | dialrouter | Cleartext-Password | dialup   | :=   |
 || fredf  | Simultaneous-Use   | 1| :=   |
 || barney | Simultaneous-Use   | 1| :=   |
 || dialrouter | Simultaneous-Use   | 1| :=   |
 ++++--+--+

In the database?

[1] In order to _help_ the Access controller to forbid simultneous login
--
Architecte Informatique:
   Administration Systeme, Recherche & Developpement
  + 261 32 11 401 65
Pensez a l'environnement avant d'imprimer ce message
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html