date:20090928

Hi,

rlm_ldap doesnt work or cant compile? then you need to ensure that the required
LDAP packages are installed on your distro. this is a distro/linux question
and required such expertise and knowledge rather than a direct FreeRADIUS
issue -

to compiled FreeRADIUS with rlm_ldap you'll need 'openldap-devel' to be 
installed

to run with LDAP stuff, you'll need 'openldap' to be installed

yum install openldap-devel openldap

...if you built from source , you'll now need to blow away your made
files and start again. (cd wherever-you-put-sources ; make clean ; ./configure 
... )

> not in the freeradius-server package(I rebuilt it 5 times and I paid
> attention to the output?

really? if so..and you didnt have the right development packages installed
you'd have see a nice WARNING regarding LDAP

> NB: I am fed up of this bug! Neeed help!

its not a bug  :-)

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re:

2009-09-28 Thread wessam seleem

Dear Thor,
  I really appreciate your help.

Dear Alan,
 I will put your comments in my consideration. I want to ask if
there is a specific change in the ldap section configuration. I mean If I
put the same configuration of the old radius in the new one in the right
section will it work or there is some attributes that I should add?
Regards,

On Sun, Sep 27, 2009 at 6:06 PM, Alan Buxey  wrote:

> Hi,
>
> > freeradius-2.1.6-2. I want to ask is there is any difference between
> 1.1.7-1
> > and 2.1.6-2 configuration files that I should put it in my consideration?
>
> some very big differences.
>
> best thing to do is download 1.1.8 and 2.1.7 sources and compare the plain
> supplied config files that are in the raddb directory of the source - those
> will highlight the big changes - particularly the virtual server directives
> and the functions that have been put into module files seperately rather
> than all called in one massively monolithic radiusd.conf file
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re:

Hi,

>  I will put your comments in my consideration. I want to ask if
> there is a specific change in the ldap section configuration. I mean If I
> put the same configuration of the old radius in the new one in the right
> section will it work or there is some attributes that I should add?

cant say - I dont 'do' LDAP - instead of running into this with guesswork
why dont you look at the required conifguration files, see the differences
and read the comments in those?  if you want full support, Alan DeKok runs
a commercial support business  ;-)

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm

> My problem is about the ldap library for freeradius (libldap which is
> needed
> by rlm_ldap) ... What should I do to install  and configure it 'cause it's
> not in the freeradius-server package(I rebuilt it 5 times and I paid
> attention to the output?

No, ldap support is not included in basic package. Binary distributions
have separate packages for ldap, sql etc. support. Look up something like
freeradius-ldap.

> If  I ll receive the same answers I received before then maybe the problem
> is in my operating system(CentOsV5.3)

No, the problem is not the operating system but the fact that you don't
know how to use it. Read this for starters:

http://wiki.freeradius.org/Red_Hat_FAQ

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: need help for cisco vrf /ip address radius config

> I am trying to create a dynamic interface for the dail-up users assign
> it to a vrf and then configure the ip address. The config that I have
> done in the users file is as;
>
> tcl Cleartext-Password := "tcl"
> #...@cisco1.com Cleartext-Password := "tcl"
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
>   #  Cisco-AVpair = "lcp:interface-config=ip vrf forwarding
> RWCustomer-A\n ip add 10.110.11.2 255.255.255.252",
> Cisco-AVpair += "lcp:interface-config=ip vrf forwarding \
> RWCustomer-A",
> Framed-IP-Address = 10.110.11.1,
> Framed-IP-Netmask = 255.255.255.252,
> Framed-Filter-Id = "std.ppp",
> Framed-MTU = 1500,
> Framed-Compression = Van-Jacobsen-TCP-IP
>
>
> With this I am not able to see as expected from the radius server.

And where is the debug that shows that?

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re:

>  I will put your comments in my consideration. I want to ask if
> there is a specific change in the ldap section configuration. I mean If I
> put the same configuration of the old radius in the new one in the right
> section will it work or there is some attributes that I should add?

Take ldap section from radiusd.conf in the old version and compare it to
raddb/modules/ldap in the new one. Don't expect someone to compare them
for you.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Hi guys,

> I am trying to write user disconnections  or every login to the sql.

Are you getting accounting packets from NAS?

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Hi guys,

Yes I am getting accounting packets.

-Original Message-
From:
freeradius-users-bounces+kamil=extendbroadband@lists.freeradius.org
[mailto:freeradius-users-bounces+kamil=extendbroadband@lists.freeradius.
org] On Behalf Of Ivan Kalik
Sent: Monday, September 28, 2009 12:17 PM
To: FreeRadius users mailing list
Subject: Re: Hi guys,

> I am trying to write user disconnections  or every login to the sql.

Are you getting accounting packets from NAS?

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
No virus found in this incoming message.
Checked by AVG - www.avg.com 
Version: 8.5.409 / Virus Database: 270.13.113/2399 - Release Date: 09/27/09
17:52:00

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Error: WARNING: Unresponsive child

2009-09-28 Thread muffin sk

Hello all,

I am continuously getting this error message on my
/var/log/radius/radius.log file:

Mon Sep 28 18:26:55 2009 : Error: WARNING: Unresponsive child (id
1094719808) for request 24026 (in component accounting module
rlm_exec)

In effect, I got a timeout on account start and stop which resulted
that even the user is able to authenticate and authorize, accounting
side fails.

I have attached my /etc/raddb/radiusd.conf for more information.

My RADIUS machine has the following information:

# cat /etc/redhat-release
CentOS release 5.2 (Final)

# rpm -qa | grep freeradius
freeradius-1.1.7-2

# free -m
 total   used   free sharedbuffers cached
Mem:  1536   1388147  0166882
-/+ buffers/cache:338   1197
Swap: 2008 13   1994

# iostat -x
Linux 2.6.18-53.el5xen (radius-1)09/28/2009

/etc/sysconfig/sysstat.ioconf: Malformed 0 field record: ---

avg-cpu:  %user   %nice %system %iowait  %steal   %idle
   8.040.00   13.890.000.00   78.07

Device: rrqm/s   wrqm/s   r/s   w/s   rsec/s   wsec/s avgrq-sz
avgqu-sz   await  svctm  %util
xvda  0.00 6.24  0.00  3.15 0.1675.1523.86
0.000.24   0.07   0.02

# cat /proc/cpuinfo
processor   : 0
vendor_id   : GenuineIntel
cpu family  : 6
model   : 23
model name  : Intel(R) Xeon(R) CPU   E5405  @ 2.00GHz
stepping: 6
cpu MHz : 1994.999
cache size  : 6144 KB
physical id : 0
siblings: 1
core id : 0
cpu cores   : 1
fpu : yes
fpu_exception   : yes
cpuid level : 10
wp  : yes
flags   : fpu tsc msr pae mce cx8 apic mca cmov pat pse36
clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm constant_tsc
pni monitor ds_cpl vmx tm2 cx16 xtpr lahf_lm
bogomips: 4994.09
clflush size: 64
cache_alignment : 64
address sizes   : 38 bits physical, 48 bits virtual
power management:

processor   : 1
vendor_id   : GenuineIntel
cpu family  : 6
model   : 23
model name  : Intel(R) Xeon(R) CPU   E5405  @ 2.00GHz
stepping: 6
cpu MHz : 1994.999
cache size  : 6144 KB
physical id : 1
siblings: 1
core id : 0
cpu cores   : 1
fpu : yes
fpu_exception   : yes
cpuid level : 10
wp  : yes
flags   : fpu tsc msr pae mce cx8 apic mca cmov pat pse36
clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm constant_tsc
pni monitor ds_cpl vmx tm2 cx16 xtpr lahf_lm
bogomips: 4994.09
clflush size: 64
cache_alignment : 64
address sizes   : 38 bits physical, 48 bits virtual
power management:

processor   : 2
vendor_id   : GenuineIntel
cpu family  : 6
model   : 23
model name  : Intel(R) Xeon(R) CPU   E5405  @ 2.00GHz
stepping: 6
cpu MHz : 1994.999
cache size  : 6144 KB
physical id : 2
siblings: 1
core id : 0
cpu cores   : 1
fpu : yes
fpu_exception   : yes
cpuid level : 10
wp  : yes
flags   : fpu tsc msr pae mce cx8 apic mca cmov pat pse36
clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm constant_tsc
pni monitor ds_cpl vmx tm2 cx16 xtpr lahf_lm
bogomips: 4994.09
clflush size: 64
cache_alignment : 64
address sizes   : 38 bits physical, 48 bits virtual
power management:

processor   : 3
vendor_id   : GenuineIntel
cpu family  : 6
model   : 23
model name  : Intel(R) Xeon(R) CPU   E5405  @ 2.00GHz
stepping: 6
cpu MHz : 1994.999
cache size  : 6144 KB
physical id : 3
siblings: 1
core id : 0
cpu cores   : 1
fpu : yes
fpu_exception   : yes
cpuid level : 10
wp  : yes
flags   : fpu tsc msr pae mce cx8 apic mca cmov pat pse36
clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm constant_tsc
pni monitor ds_cpl vmx tm2 cx16 xtpr lahf_lm
bogomips: 4994.09
clflush size: 64
cache_alignment : 64
address sizes   : 38 bits physical, 48 bits virtual
power management:

On my database machine, I have the following information:

# cat /etc/redhat-release
CentOS release 5 (Final)

# rpm -qa | grep MySQL
MySQL-shared-community-5.0.67-0.rhel5
MySQL-client-community-5.0.67-0.rhel5
MySQL-server-community-5.0.67-0.rhel5

# free -m
 total   used   free sharedbuffers cached
Mem:  3948   3619328  0451   2760
-/+ buffers/cache:406   3541
Swap: 8189  0   8189

# iostat -x
Linux 2.6.18-92.1.6.el5 (database-1)  09/28/2009

/etc/sysconfig/sysstat.ioconf: Malformed 0 field record: ---

avg-cpu:  %user   %nice %system %iowait  %steal   %idle
   0.820.000.060.010.00   99.10

Device: rrqm/s   wrqm/s   r/s   w/s   rsec/s   wsec/s avgrq-sz
avgqu-sz   awai

Re: Error: WARNING: Unresponsive child

Hi,
> Hello all,
> 
> I am continuously getting this error message on my
> /var/log/radius/radius.log file:
> 
> Mon Sep 28 18:26:55 2009 : Error: WARNING: Unresponsive child (id
> 1094719808) for request 24026 (in component accounting module
> rlm_exec)
> 
> In effect, I got a timeout on account start and stop which resulted
> that even the user is able to authenticate and authorize, accounting
> side fails.
> 
> I have attached my /etc/raddb/radiusd.conf for more information.




this sort of message means that the child process is taking
ages to do what is asked of it. in this case, its accounting and
the accounting config is trying to run some external executable which
is taking a while to do its thing.  i see you are using PERL - there
are known issues with PERL and CentOS/RHEL is regards to process start up 
time - with rlm_exec you are having to start this up and connect etc
everything - you'd be better off using the rlm_perl PERL module to
do your work - check out the example.pl - see how to call it for the 
accounting and then just call 'perl' in your accounting config rather
than that rlm_exec method.

better still - ditch 1.1.x , move to 2.1.x and use a virtual server for
accounting with asynchronous buffered access so that accounting doesnt
affect your live authentication etc


alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Error: WARNING: Unresponsive child

> I am continuously getting this error message on my
> /var/log/radius/radius.log file:
>
> Mon Sep 28 18:26:55 2009 : Error: WARNING: Unresponsive child (id
> 1094719808) for request 24026 (in component accounting module
> rlm_exec)

Your perl script isn't working.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: your mail

Hi,

as your free support channel I would suggest that you read the errors
that you are having 

> n Sep 28 05:01:23 2009 : Error: Dropping conflicting packet from client
> private-network-2:45456 - ID: 102 due to unfinished request 73062
 ^

a new packet repeating what a current packet is already asking/setting
has been received. the current packet is still being dealt with

> Mon Sep 28 05:01:24 2009 : Error: WARNING: Unresponsive child (id
> 2811198352) for request 73046 (in component accounting module rlm_sql)

rlm_sql taking ages to reply/sort things out

> Mon Sep 28 05:01:25 2009 : Info: rlm_sql (sql): There are no DB handles to
> use! skipped 0, tried to connect 0

ta da. thats why SQL is having issues - either the DB is dead or the settings
are wrong...or there are no free handles!

how many handles have you set the MySQL to have?

what are you using the MySQL for and what is the query time or insert time
for the entries you are having problems with?

> Why I am having  this error messages?  Here is my radiusd.conf

busy RADIUS daemon. slow or useless database backend 
infrastructure/configuration.

FreeRADIUS can handle several hundred AAA per second without issues..but you 
put something
in its way that is slow - LDAP lookup, DB query or insert then it doesnt have 
the 
resources to handle incoming AAA requests and you see this error message

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: your mail

2009-09-28 Thread Rakotomandimby Mihamina


09/28/2009 03:09 PM, Alan Buxey:

FreeRADIUS can handle several hundred AAA per second without issues..but you 
put something
in its way that is slow - LDAP lookup,



LDAP lookup is always fast ;-)
Slowness is only for relational stuff



--
  Architecte Informatique chez Blueline/Gulfsat:
   Administration Systeme, Recherche & Developpement
   +261 34 29 155 34
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re:

> Why I am having  this error messages?  Here is my radiusd.conf

Your database isn't working or radius server lost connection to database
server.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: your mail

Hello
At my sql.conf : # number of sql connections to make to server
num_sql_socks = 20

my db is windows based, queries are pretty fast. 

Is there specific configuration that I can check?

Thanks

-Original Message-
From:
freeradius-users-bounces+kamil=extendbroadband@lists.freeradius.org
[mailto:freeradius-users-bounces+kamil=extendbroadband@lists.freeradius.
org] On Behalf Of Alan Buxey
Sent: Monday, September 28, 2009 3:10 PM
To: FreeRadius users mailing list
Subject: Re: your mail

Hi,

as your free support channel I would suggest that you read the errors
that you are having 

> n Sep 28 05:01:23 2009 : Error: Dropping conflicting packet from client
> private-network-2:45456 - ID: 102 due to unfinished request 73062
 ^

a new packet repeating what a current packet is already asking/setting
has been received. the current packet is still being dealt with

> Mon Sep 28 05:01:24 2009 : Error: WARNING: Unresponsive child (id
> 2811198352) for request 73046 (in component accounting module rlm_sql)

rlm_sql taking ages to reply/sort things out

> Mon Sep 28 05:01:25 2009 : Info: rlm_sql (sql): There are no DB handles to
> use! skipped 0, tried to connect 0

ta da. thats why SQL is having issues - either the DB is dead or the
settings
are wrong...or there are no free handles!

how many handles have you set the MySQL to have?

what are you using the MySQL for and what is the query time or insert time
for the entries you are having problems with?

> Why I am having  this error messages?  Here is my radiusd.conf

busy RADIUS daemon. slow or useless database backend
infrastructure/configuration.

FreeRADIUS can handle several hundred AAA per second without issues..but you
put something
in its way that is slow - LDAP lookup, DB query or insert then it doesnt
have the 
resources to handle incoming AAA requests and you see this error message

alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
No virus found in this incoming message.
Checked by AVG - www.avg.com 
Version: 8.5.409 / Virus Database: 270.13.113/2399 - Release Date: 09/27/09
17:52:00

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: your mail

Hi,

> Hello
> At my sql.conf : # number of sql connections to make to server
>   num_sql_socks = 20
> 
> my db is windows based, queries are pretty fast. 
> 
> Is there specific configuration that I can check?

I recall a long time back having a problem when mysql was given that many 
sockets
from FreeRADIUS - set that value to something lower eg 10

you can use several SQL tools to check what the concurrent socket count
usage etc is - but i would suggest this action

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: your mail

> At my sql.conf : # number of sql connections to make to server
>   num_sql_socks = 20
>
> my db is windows based, queries are pretty fast.
>
> Is there specific configuration that I can check?

Do a debug of server startup. Can you connect to the database at all? If
not, check connection settings in sql.conf. If they are OK:

- have you built MySQL so it can accept queries from non-local source
(Windows default is only accept localhost queries)?
- is there a firewall blocking packets?

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: your mail

Yes at startup all connections accepts and connects.

My radius is working .users can authenticate.


-Original Message-
From:
freeradius-users-bounces+kamil=extendbroadband@lists.freeradius.org
[mailto:freeradius-users-bounces+kamil=extendbroadband@lists.freeradius.
org] On Behalf Of Ivan Kalik
Sent: Monday, September 28, 2009 3:44 PM
To: FreeRadius users mailing list
Subject: RE: your mail

> At my sql.conf : # number of sql connections to make to server
>   num_sql_socks = 20
>
> my db is windows based, queries are pretty fast.
>
> Is there specific configuration that I can check?

Do a debug of server startup. Can you connect to the database at all? If
not, check connection settings in sql.conf. If they are OK:

- have you built MySQL so it can accept queries from non-local source
(Windows default is only accept localhost queries)?
- is there a firewall blocking packets?

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

No virus found in this incoming message.
Checked by AVG - www.avg.com 
Version: 8.5.409 / Virus Database: 270.13.113/2399 - Release Date: 09/27/09
17:52:00

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: your mail

I tried 10 sql socks... ill let you know results


-Original Message-
From:
freeradius-users-bounces+kamil=extendbroadband@lists.freeradius.org
[mailto:freeradius-users-bounces+kamil=extendbroadband@lists.freeradius.
org] On Behalf Of Ivan Kalik
Sent: Monday, September 28, 2009 3:44 PM
To: FreeRadius users mailing list
Subject: RE: your mail

> At my sql.conf : # number of sql connections to make to server
>   num_sql_socks = 20
>
> my db is windows based, queries are pretty fast.
>
> Is there specific configuration that I can check?

Do a debug of server startup. Can you connect to the database at all? If
not, check connection settings in sql.conf. If they are OK:

- have you built MySQL so it can accept queries from non-local source
(Windows default is only accept localhost queries)?
- is there a firewall blocking packets?

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

No virus found in this incoming message.
Checked by AVG - www.avg.com 
Version: 8.5.409 / Virus Database: 270.13.113/2399 - Release Date: 09/27/09
17:52:00

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Rlm_ldap not found

Hi all,
Hope this is an easy one:
Freeradius 2.1.6 on arch linux installed from a package. All is well until I 
uncomment ldap in the authorise section of sites-enabled/inner-tunnel then I 
get:
/etc/raddb/modules/ldap[29]: Failed to link to module 'rlm_ldap': file not found
followed by Failed to find module "ldap" ..
rlm_ldap.so is a symlink to rlm_ldap-2.1.6.so which has the same permissions 
and is in the same directory as the other modules which load OK (they are also 
symlinks in the same directory).
I've checked for typos until I'm beginning to see them even when they are not 
there!

Radiusd -X shows no errors or warnings and after the ***Loading Virtual 
Servers message continues linking and instantiating modules up to and 
including "files" then the error above.
Not easy to post the whole output as I haven't got ftp running yet.

Where should I look next?

Regards,

Leighton


---
This transmission is confidential and may be legally privileged. If you receive 
it in error, please notify us immediately by e-mail and remove it from your 
system. If the content of this e-mail does not relate to the business of the 
University of Huddersfield, then we do not endorse it and will accept no 
liability.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Rlm_ldap not found

Hi,
> Hi all,
> Hope this is an easy one:
> Freeradius 2.1.6 on arch linux installed from a package. All is well until I 
> uncomment ldap in the authorise section of sites-enabled/inner-tunnel then I 
> get:

install freeradius-ldap package too. 

thats if the freeradius has been packages up like that - in redhat and centOS 
land
it normally is.

if there isnt an option like that, then this package hasnt been built with 
LDAP ability and you'd be better off finding a package maintainer that can help 
you,
or compiling FreeRADIUS yourself

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Rlm_ldap not found


Many thanks for the quick response

> install freeradius-ldap package too.

Tried that first - package not found - so I went looking for rlm_ldap and it's 
there in usr/lib/freeradius along with the other modules

Am I missing something obvious??

Thanks again,

Leighton


---
This transmission is confidential and may be legally privileged. If you receive 
it in error, please notify us immediately by e-mail and remove it from your 
system. If the content of this e-mail does not relate to the business of the 
University of Huddersfield, then we do not endorse it and will accept no 
liability.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Freeradius certificate not chain problem

2009-09-28 Thread trevor obba

I am trying to in an install an SSL certificate issued by Janet on a freeradius 
(open source radius application). The installation and the configuration went 
fine however Microsoft windows vista and Apple Mac machines are prompting that 
the certificate is not chain.

Here my TLS configuration in /etc/raddb/eap.conf

private_key_password = uc123uc
private_key_file = ${certdir}/jaguar.key
certificate_file = ${certdir}/cert.pem
CA_file = ${cadir}/sureserverEDU.pem


The CA_file is pointing at the intermediate root certificate however windows 
vista and Apple Mac client are informing me that the certificate is not chained.

I even tried concatenating all certificate in one file like: but no joy

cat sureserverEDU.pem > mycert.pem
cat cert.pem >> mycert.pem

I also tried concatenating all certificate in one file like

cat ct_root.der > mycert.pem
cat sureserverEDU.pem >> mycert.pem
cat cert.pem >> mycert.pem

But this is not working either, 


 
 

Can you shad some light on this please? Thank again.


Note 

ct_root.der is the GTE CyberTrust Global Root
sureserverEDU.pem is the Cybertrust Educational CA 
cert.pem is my globalsign certificate


  

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Rlm_ldap not found

Hi,
> 
> Many thanks for the quick response
> 
> > install freeradius-ldap package too.
> 
> Tried that first - package not found - so I went looking for rlm_ldap and 
> it's there in usr/lib/freeradius along with the other modules
> 
> Am I missing something obvious??

do you have multiple copied of freeradius installed? did you install
it from source at some pint - or from another package?  

i'm not the package maintainer so cant say how your chosen package
was compiled... i build from source

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Rlm_ldap not found


> do you have multiple copied of freeradius installed? did you
> install it from source at some pint - or from another package?
>

No and No

> i'm not the package maintainer so cant say how your chosen
> package was compiled... i build from source
>

Think I should too. I compiled it on solaris so linux should be a breeze! I was 
hoping for a shortcut :-(

Thanks again,

Leighton



---
This transmission is confidential and may be legally privileged. If you receive 
it in error, please notify us immediately by e-mail and remove it from your 
system. If the content of this e-mail does not relate to the business of the 
University of Huddersfield, then we do not endorse it and will accept no 
liability.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius certificate not chain problem

> I am trying to in an install an SSL certificate issued by Janet on a
> freeradius (open source radius application). The installation and the
> configuration went fine however Microsoft windows vista and Apple Mac
> machines are prompting that the certificate is not chain.
>
> Here my TLS configuration in /etc/raddb/eap.conf
>
> private_key_password = uc123uc
> private_key_file = ${certdir}/jaguar.key
> certificate_file = ${certdir}/cert.pem
> CA_file = ${cadir}/sureserverEDU.pem
>
>
> The CA_file is pointing at the intermediate root certificate however
> windows vista and Apple Mac client are informing me that the certificate
> is not chained.
>

Make sureserverEDU.der version and export that onto the clients. Windows
can't recongnize pem certificates.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Error: WARNING: Unresponsive child

2009-09-28 Thread muffin sk

Hello Alan and all,

On Mon, Sep 28, 2009 at 6:43 PM, Alan Buxey  wrote:
>
>
> this sort of message means that the child process is taking
> ages to do what is asked of it. in this case, its accounting and
> the accounting config is trying to run some external executable which
> is taking a while to do its thing.

Previously, this has been working smoothly. Then we changed some
configurations on the following devices which currently we are now
facing the problem:

On the router's RADIUS Authentication and Accounting configurations:

- Retry Count from 3 to 10
- Timeout from 3 to 10

On the FreeRADIUS's /etc/raddb/radiusd.conf:

- max_request_time from 30 down to 10

On the MySQL's /etc/my.cnf:

[mysqld]
wait_timeout=3600
connect_timeout=10
interactive_timeout=120
max_allowed_packet=16M
skip-name-resolve
max_connections=500
thread_cache=256
thread_concurrency=16

Of all the changes that we made, what could be the culprit that made
this problem triggered?

> i see you are using PERL - there are known issues with PERL and
> CentOS/RHEL is regards to process start up time - with rlm_exec
> you are having to start this up and connect etc everything - you'd be
> better off using the rlm_perl PERL module to do your work...

Noted.

> better still - ditch 1.1.x , move to 2.1.x and use a virtual server for
> accounting with asynchronous buffered access so that accounting doesnt
> affect your live authentication etc

Noted.

Thank you once again.

Regards,

Muffin

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Error: WARNING: Unresponsive child

Hi,

> Previously, this has been working smoothly. Then we changed some
> configurations on the following devices which currently we are now

too many changes made at the same time.

> - Retry Count from 3 to 10
> - Timeout from 3 to 10

so the router now hits the RADIUS 10 times insteda of 3
but has more casuallnes in timeout

> - max_request_time from 30 down to 10

so RADIUS responses need to be done in 10 seconds

> Of all the changes that we made, what could be the culprit that made
> this problem triggered?

new devices added to the mix? total number of clients increased?
some new system put into place that logs into routers - eg monitoring?

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Rlm_ldap not found

2009-09-28 Thread José Johnny RANDRIAMAMPIONONA

this rlm_ldap is weird ...
I have the same problem, and I m still on it ...
Hope the team ll be nice to show us the solution ...
Best

2009/9/28 Leighton Man 

>
> > do you have multiple copied of freeradius installed? did you
> > install it from source at some pint - or from another package?
> >
>
> No and No
>
> > i'm not the package maintainer so cant say how your chosen
> > package was compiled... i build from source
> >
>
> Think I should too. I compiled it on solaris so linux should be a breeze! I
> was hoping for a shortcut :-(
>
> Thanks again,
>
> Leighton
>
>
>
> ---
> This transmission is confidential and may be legally privileged. If you
> receive it in error, please notify us immediately by e-mail and remove it
> from your system. If the content of this e-mail does not relate to the
> business of the University of Huddersfield, then we do not endorse it and
> will accept no liability.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>



-- 
JJohnny RANDRIAMAMPIONONA
Phone: +212663682554, +212533158575
National School of Applied Sciences
ZIP 1818 TANGIER 9
-Morocco ---
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Start Freeradius at boot

2009-09-28 Thread Paul . Blalock

I am trying to get freeradius to start at boot time so that I don't have to  
log in for it to start up. I saw a previous post that said to

“Manually add the links in /etc/rc[0-6].d.”
I am not sure what links this is referring to though, so I am at a  
standstill as to how to do this.


Thanks

Paul Blalock
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Configuration of FreeRADIUS on Ubuntu/Debian with OPEN-LDAP Authentication

2009-09-28 Thread Ryaz Khan

Hello everyone,

I am the new member of this list, I just joined today and this is my first
question so please ignore any unknown mistake(s) !

I have *Ubuntu Server edition 8.04.3* configured with samba with *
open-ldap(slapd)* authentication which works pretty well

I also installed *FreeRADIUS 2.1.7*, I was able to configure it but very
basic like I am using users file for user names and passwords etc.

Now I am trying to setup freeradius for ldap authentication so I dont have
to add separate users in users file but can use ldap users instead, for
Free-radius authentication

I am a student so just want to do it for learning purposes.

I would appreciate if someone can help me with that or can direct me to the
right directions, howtos etc..

I googled it lot but did not come to any comprehensive solution.

Thanks guys


-- 
Ryaz Khan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm

2009-09-28 Thread John Dennis

On 09/28/2009 12:32 AM, José Johnny RANDRIAMAMPIONONA wrote:

Dear all,
I posted this problem a week ago after searching in posted and solved
emails like here
(http://www.mail-archive.com/search?q=rlm_ldap&l=freeradius-us...@lists.cistron.nl&start=40
).
I have already asked but the answers were not effective... Anyway, I d
like to express my gratitude to those who have tried to read and respond
to my problems ! So I m asking myself if : Using LDAP with freeradius is
it something new or something?
My problem is about the ldap library for freeradius (libldap which is
needed by rlm_ldap) ... What should I do to install and configure it
'cause it's not in the freeradius-server package(I rebuilt it 5 times
and I paid attention to the output?
If I ll receive the same answers I received before then maybe the
problem is in my operating system(CentOsV5.3)

Thanks to all ...
Best regards ...

NB: I am fed up of this bug! Neeed help!

This is *not a bug*. This is a lack of your understanding how open
source tools work. In your original post you suggested the configure
script should go out and install any missing libraries. This indicates
you have a lack of understanding of how the tools work. This is the most
likely reason people didn't respond to your first query. It's your
responsibility to invest the time to learn this material. The FreeRADIUS
list is not the place to learn how GNU autotools works, how packages are
distributed, what build dependencies are, how they are resolved, etc.
There are plenty of places on the web to learn this material. The
FreeRADIUS list exits to help users configure and deploy FreeRADIUS, it
presumes you come to the table with a set of prerequisite knowledge.

Since you are using CentOS the information contained on this wiki would
have been of great help to you, did you read it?

http://wiki.freeradius.org/Red_Hat_FAQ

It won't have answered all the information you need, but it would have
helped you get started in the right direction. If you had read it you
might also have learned you didn't need to go through the agony of
trying to build FreeRADIUS yourself, you could have just installed the
pre-built packages we've already provided. You would have also learned
how using yum as the installer will guarantee prerequisite dependencies
are resolved thus relieving you of yet another stumbling block.

--
John Dennis

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Error: WARNING: Unresponsive child

2009-09-28 Thread muffin sk

Hello Alan and all,

On Mon, Sep 28, 2009 at 10:30 PM, Alan Buxey  wrote:
>
> so the router now hits the RADIUS 10 times insteda of 3
> but has more casuallnes in timeout

Basically:

Retry Count is the maximum number of times that the router retransmits
a RADIUS packet to the RADIUS server. In this case, this has been
increased from 3 times to 10 times.

Timeout is the interval (in seconds) before the router retransmits a
RADIUS packet to the RADIUS server. In this case, this has been
increased from 3 seconds to 10 seconds.

> so RADIUS responses need to be done in 10 seconds

Yes.

> new devices added to the mix? total number of clients increased?
> some new system put into place that logs into routers - eg monitoring?

Basically, the number of subscribers increased. If we do a maintenance
window where we swing back and forth the traffic to the router, all
the subscribers will hit the router which eventually push all the
RADIUS Requests to the RADIUS server in one shot and on which the
MySQL backend is choked during that time.

Regards,

Muffin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Start Freeradius at boot

Hi,
> I am trying to get freeradius to start at boot time so that I don't have 
> to log in for it to start up. I saw a previous post that said to
> “Manually add the links in /etc/rc[0-6].d.”


> I am not sure what links this is referring to though, so I am at a  
> standstill as to how to do this.

dpends on what OS you have - and, under Linux, which distro you have.

if you have installed from a package, then that package should have
supplied the required start/stop scripts for the system and then you can
use the OS's chosen service solution to configure whether/when the service
is started. 

if you have built from source, then there are a few scripts supplied
in the source tarball that can be used - eg there is a script for
RedHat - just copy that script into /etc/init.d and do a 'chkconfig radiusd on'

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Configuration of FreeRADIUS on Ubuntu/Debian with OPEN-LDAP Authentication

Hi,

> I googled it lot but did not come to any comprehensive solution.

http://wiki.freeradius.org/Rlm_ldap


you need to ensure that the FreeRADIUS LDAP module can talk to your
LDAP server - check the LDAP configuration in FreeRADIUS to ensure that
the configuration, password etc etc is fine  (modules/ldap in FR 2.x)

then, enabled the ldap section in the required part of your configuration -
ie you want to authenticate users or authorise them via ldap? uncomment
the required line in eg inner-server (if using EAP) or default otherwise.
the config file supplied by default should be fairly verbose - i cant say 
what the version you get after the pakcage maintainer has done their work on
it - but , if in doubt, download the source tarball from freeradius.org
and check the default contents of the raddb directory!

finally, run in full debug mode

radiusd -X

and sniff/lof the LDAP server to ensure things are doing what you expect

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Error: WARNING: Unresponsive child

Hi,

> Retry Count is the maximum number of times that the router retransmits
> a RADIUS packet to the RADIUS server. In this case, this has been
> increased from 3 times to 10 times.
> 
> Timeout is the interval (in seconds) before the router retransmits a
> RADIUS packet to the RADIUS server. In this case, this has been
> increased from 3 seconds to 10 seconds.

..as I said

> Basically, the number of subscribers increased. If we do a maintenance
> window where we swing back and forth the traffic to the router, all
> the subscribers will hit the router which eventually push all the
> RADIUS Requests to the RADIUS server in one shot and on which the
> MySQL backend is choked during that time.

are you doing authentication and accounting via MySQL?  did you perform
a benchmark of the RADIUS server + MySQL (eg with dumb temp accounts)
to check what the loading could be?  in my experience, authentication can
be done quickly - its usually the accounting that gives the big hit - 
I would advise FR 2.1.x with buffered accounting to get such packets out of
the way of the live authentication service.

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Start Freeradius at boot

2009-09-28 Thread Paul . Blalock


Hi,

I am trying to get freeradius to start at boot time so that I don't have
to log in for it to start up. I saw a previous post that said to
“Manually add the links in /etc/rc[0-6].d.”




I am not sure what links this is referring to though, so I am at a
standstill as to how to do this.


dpends on what OS you have - and, under Linux, which distro you have.

if you have installed from a package, then that package should have
supplied the required start/stop scripts for the system and then you can
use the OS's chosen service solution to configure whether/when the service
is started.

if you have built from source, then there are a few scripts supplied
in the source tarball that can be used - eg there is a script for
RedHat - just copy that script into /etc/init.d and do a 'chkconfig radiusd  
on'


alan

Guess I did forget to include that. I am using Fedora 11, installed from  
CD, and when I

do a 'chkconfig radiusd on', it says no such file or directory.

Paul
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Build failure on arch Linux

Hi,

Foolishly, I said earlier today, that building on Linux should be a breeze. I 
should have kept quiet!!

I downloaded 2.1.7 and it failed to build rlm_krb5 with messages about 
structure members. I reran configure with --without-rlm-krb5 and got:
In function 'setup_modules':
 undefined ref to lt__PROGRAM__LTX_preloaded_symbols in src/main/modules.c.

I notice in the bug fixes for 2.1.7 there's a workaround added. Seems it 
doesn't work for me.

Any suggestions please.

Leighton


---
This transmission is confidential and may be legally privileged. If you receive 
it in error, please notify us immediately by e-mail and remove it from your 
system. If the content of this e-mail does not relate to the business of the 
University of Huddersfield, then we do not endorse it and will accept no 
liability.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Build failure on arch Linux

Leighton Man wrote:
> Foolishly, I said earlier today, that building on Linux should be a breeze. I 
> should have kept quiet!!
> 
> I downloaded 2.1.7 and it failed to build rlm_krb5 with messages about 
> structure members. I reran configure with --without-rlm-krb5 and got:
> In function 'setup_modules':
>  undefined ref to lt__PROGRAM__LTX_preloaded_symbols in src/main/modules.c.
> 
> I notice in the bug fixes for 2.1.7 there's a workaround added. Seems it 
> doesn't work for me.

$ export CFLAGS=-DIE_LIBTOOL_DIE
$ ./configure
$ make

  Or, edit the top-level "Make.inc" after a previous "configure", and
find the CFLAGS line.  Add "-DIE_LIBTOOL_DIE" to it, and it should work.

  The macro name has, of course, no meaning, and doesn't demonstrate any
opinion about libtool.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Build failure on arch Linux


>   The macro name has, of course, no meaning, and doesn't
> demonstrate any opinion about libtool.
>
Nevertheless it worked like a dream :-)

Many thanks Alan,

Leighton


---
This transmission is confidential and may be legally privileged. If you receive 
it in error, please notify us immediately by e-mail and remove it from your 
system. If the content of this e-mail does not relate to the business of the 
University of Huddersfield, then we do not endorse it and will accept no 
liability.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Start Freeradius at boot

Hi,

> Guess I did forget to include that. I am using Fedora 11, installed from  
> CD, and when I
> do a 'chkconfig radiusd on', it says no such file or directory.

did you install FreeRADIUS via yum and a repository
or from source?  if from the repsository you should have
a selectable service with eg the standard Fedora system startup tools
- maybe they've decided to call it 'freeradius' or 'freeradius2'
rather than radiusd?

if from source, then the install part (make install) wont handle your
OS directory - you'll need to copy the script (and maybe edit it
according to install path choices made) from the contrib directory
eg redhat/rc.radiusd-redhat to the correct place - /etc/init.d/

i'd note now that its not just the startup item - theres also a logrotate
script which ties into the system logrotate cron stuff to ensure that freeradius
logs (eg /var/log/radius/ get rotated when needed - eg each day for 90 days
retention)

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Build failure on arch Linux

Hi,
> Hi,
> 
> Foolishly, I said earlier today, that building on Linux should be a breeze. I 
> should have kept quiet!!

;-) 

what system are you building on - I've noted several 'creaky' distros of late 
which have
older versions of the tools/libraries

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Build failure on arch Linux

> what system are you building on - I've noted several 'creaky'
> distros of late which have older versions of the tools/libraries
>
Arch Linux - 2.6.30 kernel and libtool 2.2.6a-3 which seems to be part of the 
problem. All compiled now so hopefully will find time to test tomorrow. After 
that back to the original rlm_ldap problem.

Cheers,

Leighton


---
This transmission is confidential and may be legally privileged. If you receive 
it in error, please notify us immediately by e-mail and remove it from your 
system. If the content of this e-mail does not relate to the business of the 
University of Huddersfield, then we do not endorse it and will accept no 
liability.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Start Freeradius at boot

2009-09-28 Thread Paul . Blalock


did you install FreeRADIUS via yum and a repository
or from source?


Downloaded freeradius-server-2.1.7.tar.gz, extracted to home directory,
and then ./configure, make, make install.


if from the repsository you should have
a selectable service with eg the standard Fedora system startup tools
- maybe they've decided to call it 'freeradius' or 'freeradius2'
rather than radiusd?

There is a "Startup Applications" where I can add programs, but it  
doesn't start
them until you log on to the machine and this doesn't work unless you log  
into

the gui as root.


if from source, then the install part (make install) wont handle your
OS directory - you'll need to copy the script (and maybe edit it
according to install path choices made) from the contrib directory
eg redhat/rc.radiusd-redhat to the correct place - /etc/init.d/

i'd note now that its not just the startup item - theres also a logrotate
script which ties into the system logrotate cron stuff to ensure that  
freeradius

logs (eg /var/log/radius/ get rotated when needed - eg each day for 90 days
retention)

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Start Freeradius at boot

hi,

note sure why you are reversing the email conversation tags,
however

you installed from source

so, in the source directory (where you ran ./configure) there is a
redhat directory. in that directory is an rc. file - that needs to be copied
into the /etc/init.d

eg cp rc.whatever /etc/init.d/radiusd

then use the appropriate tool to ensure this starts by default 
(I use chkconfig - from the old school) but Fedora does have 
system admin tools to ensure that daemons start up when the system starts
up - i know..i've had to use their tool just once or twice. since I cant
use such tools att he end of a 14.4 baud dual up to a comms centre across
the pond, i use SSH with eg chkconfig extensively)

you'll want to then check everything is A OKAY by eg

service radiusd start

service radiusd status

service rediusd restart


the first thing will test it can be started with the script. as i said before
the script was written some time back and some directories might not exist
and some permissions might be wrong! if the script fails or 'status' test fails 
then 
check the /var/log/radius/radiusd.log to see maybe reasons why.

once its all running fine, then the service will restart fine upon reboot. even
if the system is a VMWare instance on a Max OSX server - doesnt matter what its 
on,
the basics will always be the same with that distro.

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Error: WARNING: Unresponsive child

muffin sk wrote:
> Basically, the number of subscribers increased. If we do a maintenance
> window where we swing back and forth the traffic to the router,

  What does that mean?  You kick all of the users off, and then allow
them back on?

> all
> the subscribers will hit the router which eventually push all the
> RADIUS Requests to the RADIUS server in one shot and on which the
> MySQL backend is choked during that time.

  Well... if the MySQL server can't handle the traffic, no amount of
playing with FreeRADIUS will fix it.

  Fix MySQL.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reminder: Webinar with FreeRADIUS and MySQL: Sept. 30

  I will be giving a Webinar with MySQL on September 30.  Registration
is available at:

http://www.mysql.com/news-and-events/web-seminars/display-419.html

  The webinar will be given via Webex.  You will need an account on
mysql.com in order to register and see webex details.

  The full announcement is below.

  Alan DeKok.

+++
FreeRADIUS & MySQL Cluster: Scalable and Highly Available AAA Services

Wednesday, September 30, 2009

As network use grows and services become more dynamic, so existing
Authentication, Authorization and Accounting (AAA) environments can
struggle to keep pace with demand

Tune into this webinar where you can hear from the Alan DeKok, one of
the founders of the FreeRADIUS project and CEO of Network RADIUS,
discuss the concepts and implementation of RADIUS services using the
FreeRADIUS server and the MySQL Cluster database to deliver highly
available and scalable AAA services

In this session, you will learn about:
- potential AAA limitations as network environments grow
- advantages of deploying FreeRADIUS with MySQL Cluster
- Performance, sizing and deployment of an AAA environment using
FreeRADIUS with MySQL Cluster
- customer case studies
- how to get started


WHO:
   * Alan DeKok, Founder of FreeRADIUS and CEO of Network RADIUS
   * Matthew Keep, MySQL Cluster Product Management

WHAT:
FreeRADIUS & MySQL Cluster: Scalable and Highly Available AAA Services

WHEN:
Wednesday, September 30, 2009: 09:30 Pacific time (America)
06:30 Hawaii time
10:30 Mountain time (America)
11:30 Central time (America)
12:30 Eastern time (America)
16:30 UTC
17:30 Western European time
18:30 Central European time
19:30 Eastern European time

The presentation will be approximately 45 minutes long followed by Q&A.

WHERE:
Simply access the web seminar from the comfort of your own office.

WHY:
To learn more about how you can use FreeRADIUS and MySQL Cluster 7.0 to
deliver highly available and scalable AAA Services

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Build failure on arch Linux

2009-09-28 Thread Alexander Clouter

Alan DeKok  wrote:
>
> [snipped]
> 
> $ export CFLAGS=-DIE_LIBTOOL_DIE
> $ ./configure
> $ make
> 
>  Or, edit the top-level "Make.inc" after a previous "configure", and
> find the CFLAGS line.  Add "-DIE_LIBTOOL_DIE" to it, and it should work.
> 
>  The macro name has, of course, no meaning, and doesn't demonstrate any
> opinion about libtool.
>
"The Bart The" eh?

Cheers

-- 
Alexander Clouter
.sigmonster says: Keep on keepin' on.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Start Freeradius at boot

2009-09-28 Thread John Dennis

The quoting in this thread is so confused I'm not going to try and 
unravel it.


The Sytem -> Preferences -> Startup Applications menu item is only for 
desktop applications running in a session. That is quite a bit different 
than system services, sometimes called daemons. Typically the radius 
service is installed under the name radiusd following the convention 
that daemons have a "d" appended to them. That means you're trying to 
control a system service not a session based desktop application. This 
is done at the command prompt level with chkconfig or via a gui with 
system-config-services.


You might have looked at:

http://wiki.freeradius.org/Red_Hat_FAQ#How_do_I_start_and_stop_the_FreeRADIUS_service.3F

If you build from source and you don't know what a System V Initscript 
is then the algorithm is:


1) Stop

2) Install the pre-built package with all this stuff already figured 
out, tested, and done for you so you don't have to learn how to build 
from source *and* integrate with the OS, all the while making a lot of 
learning curve mistakes.


Installing pre-built packages typically takes 1 minute of your time. 
Wasn't that easier?


Fedora, RHEL, and CentOS all have current packages available. See 
http://wiki.freeradius.org/Red_Hat_FAQ



--
John Dennis 

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Error: WARNING: Unresponsive child

> Basically, the number of subscribers increased. If we do a maintenance
> window where we swing back and forth the traffic to the router, all
> the subscribers will hit the router which eventually push all the
> RADIUS Requests to the RADIUS server in one shot and on which the
> MySQL backend is choked during that time.

Try using buffered-sql virtual server to separate accounting from
authentication. At busy time accounting will lag behind but it will catch
up when rush passes.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

New install does not respond to requests

2009-09-28 Thread Alex M

hey all
we just upgraded from 1.x.x to latest version of FreeRadius
unfortunately its aint working :( well i see config files have changed
dramatically so maybe i did something wrong.

What we did we installed everything, unquoted SQL module in dadiusd.config
add proper MySQL info

When i start in -X mode i don't see any errors but the half of the log is
cut off (i guess output is too long)
When I send request i'm getting response that client is unknown. (I did add
nas info in the nas table)

I fugue that SQL statements are not executed but how can i debug that?

In sql config i enabled detailed output but it still does not show anything.
I  guess i'm doing something wrong and I hope i can get some help here?
Thanks a lot!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: New install does not respond to requests

> When i start in -X mode i don't see any errors but the half of the log is
> cut off (i guess output is too long)

So send the output to a file.

> When I send request i'm getting response that client is unknown. (I did
> add
> nas info in the nas table)

Did you enable readclients in sql.conf?

> I fugue that SQL statements are not executed but how can i debug that?

radiusd -X. It will show which clients are read from the nas table.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: New install does not respond to requests

Hi,

> unfortunately its aint working :( well i see config files have changed
> dramatically so maybe i did something wrong.

so long as you didnt just paste the old configs over you'll be okay

> What we did we installed everything, unquoted SQL module in dadiusd.config
> add proper MySQL info
> 
> When i start in -X mode i don't see any errors but the half of the log is
> cut off (i guess output is too long)
> When I send request i'm getting response that client is unknown. (I did add
> nas info in the nas table)

where are your clients defined (NAS) - in clients.conf or in MySQL table?

you need to check the debug log thoroughly - it will tell you where 
things arent right. for example, did you see a list of clients when
it started up? if not, its not using NAS table - check the dialup.conf
file for the MySQL to see if read_clients is yes etc.

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: New install does not respond to requests

2009-09-28 Thread Alex M

Ok readclients was not enabled :(
Still enabling that did not help. (I did restart the server after enabling
it ;-)

How do I output screen to file? I tried radiusd -X >radius_log.txt but that
just didnt execure anything :(



tnx for helping

On Mon, Sep 28, 2009 at 6:03 PM, Ivan Kalik  wrote:

> > When i start in -X mode i don't see any errors but the half of the log is
> > cut off (i guess output is too long)
>
> So send the output to a file.
>
> > When I send request i'm getting response that client is unknown. (I did
> > add
> > nas info in the nas table)
>
> Did you enable readclients in sql.conf?
>
> > I fugue that SQL statements are not executed but how can i debug that?
>
> radiusd -X. It will show which clients are read from the nas table.
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Configuration of FreeRADIUS on Ubuntu/Debian with OPEN-LDAP Authentication

2009-09-28 Thread Justin Steward

On Tue, Sep 29, 2009 at 12:45 AM, Ryaz Khan  wrote:
> I googled it lot but did not come to any comprehensive solution.

You'll probably learn this the hard way anyway, but don't try to
google for freeradius. Most of those hits will be outdated, even if it
is on the topic you're searching for.

1) Search the docs installed with freerad.
2) Search the freerad website/wiki.
3) This mailing list.

~Justin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: New install does not respond to requests

2009-09-28 Thread Alex M

So i dont even see any access to my database at all, i see that SQL config
is loaded but no request
Do i have to add any parameters when compiling the code so that we have
support of network functionality?

TNX a lot!

On Mon, Sep 28, 2009 at 7:26 PM, Alex M wrote:

> tee worked =) tnx
> still no lack, not even errors, i mean i got output dump, but there is no
> trace of requesting MySQL or having an error loading my sql
> belo is the output.
>
> PS: im not good in linux or freeradius but the only way to become bbeter is
> try it and ask question otherwise i keep sucking =)
> 
>
>
>
> FreeRADIUS Version 2.1.7, for host i686-pc-linux-gnu, built on Sep 26 2009
> at 17:24:15
> Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
> There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
> PARTICULAR PURPOSE.
> You may redistribute copies of FreeRADIUS under the terms of the
> GNU General Public License v2.
> Starting - reading configuration files ...
> including configuration file /usr/local/etc/raddb/radiusd.conf
> including configuration file /usr/local/etc/raddb/proxy.conf
> including configuration file /usr/local/etc/raddb/clients.conf
> including files in directory /usr/local/etc/raddb/modules/
> including configuration file /usr/local/etc/raddb/modules/acct_unique
> including configuration file /usr/local/etc/raddb/modules/expiration
> including configuration file /usr/local/etc/raddb/modules/krb5
> including configuration file /usr/local/etc/raddb/modules/echo
> including configuration file /usr/local/etc/raddb/modules/otp
> including configuration file /usr/local/etc/raddb/modules/realm
> including configuration file /usr/local/etc/raddb/modules/sradutmp
> including configuration file /usr/local/etc/raddb/modules/digest
> including configuration file /usr/local/etc/raddb/modules/ldap
> including configuration file /usr/local/etc/raddb/modules/chap
> including configuration file /usr/local/etc/raddb/modules/always
> including configuration file /usr/local/etc/raddb/modules/mac2vlan
> including configuration file /usr/local/etc/raddb/modules/expr
> including configuration file /usr/local/etc/raddb/modules/preprocess
> including configuration file /usr/local/etc/raddb/modules/mschap
> including configuration file /usr/local/etc/raddb/modules/policy
> including configuration file /usr/local/etc/raddb/modules/
> detail.example.com
> including configuration file /usr/local/etc/raddb/modules/detail
> including configuration file /usr/local/etc/raddb/modules/inner-eap
> including configuration file /usr/local/etc/raddb/modules/exec
> including configuration file
> /usr/local/etc/raddb/modules/sqlcounter_expire_on_login
> including configuration file /usr/local/etc/raddb/modules/mac2ip
> including configuration file /usr/local/etc/raddb/modules/radutmp
> including configuration file /usr/local/etc/raddb/modules/logintime
> including configuration file /usr/local/etc/raddb/modules/smbpasswd
> including configuration file /usr/local/etc/raddb/modules/files
> including configuration file /usr/local/etc/raddb/modules/passwd
> including configuration file /usr/local/etc/raddb/modules/wimax
> including configuration file /usr/local/etc/raddb/modules/sql_log
> including configuration file /usr/local/etc/raddb/modules/pam
> including configuration file /usr/local/etc/raddb/modules/smsotp
> including configuration file /usr/local/etc/raddb/modules/perl
> including configuration file /usr/local/etc/raddb/modules/ippool
> including configuration file /usr/local/etc/raddb/modules/counter
> including configuration file /usr/local/etc/raddb/modules/pap
> including configuration file /usr/local/etc/raddb/modules/unix
> including configuration file /usr/local/etc/raddb/modules/cui
> including configuration file /usr/local/etc/raddb/modules/linelog
> including configuration file /usr/local/etc/raddb/modules/attr_rewrite
> including configuration file /usr/local/etc/raddb/modules/detail.log
> including configuration file /usr/local/etc/raddb/modules/etc_group
> including configuration file /usr/local/etc/raddb/modules/attr_filter
> including configuration file /usr/local/etc/raddb/modules/checkval
> including configuration file /usr/local/etc/raddb/eap.conf
> including configuration file /usr/local/etc/raddb/sql.conf
> including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf
> including configuration file /usr/local/etc/raddb/policy.conf
> including files in directory /usr/local/etc/raddb/sites-enabled/
> including configuration file
> /usr/local/etc/raddb/sites-enabled/inner-tunnel
> including configuration file /usr/local/etc/raddb/sites-enabled/default
> including configuration file
> /usr/local/etc/raddb/sites-enabled/control-socket
> including dictionary file /usr/local/etc/raddb/dictionary
> main {
> prefix = "/usr/local"
> localstatedir = "/usr/local/var"
> logdir = "/usr/local/var/log/radius"
> libdir = "/usr/loc

Re: New install does not respond to requests