Re: Freeradius-Users Digest, Vol 55, Issue 32
> I have a problem which I and a friend here have been trying to solve for > some days now. > ¿what is your problem? After we have run in terminal "./configure" ; "make" & "sudo make install" > and afterwards try to run radius with "radiusd -X" (same as freeradius -X if > youre using freeradius installed through "Synaptic Package Manager"). > and when you run in debug mode?? You can try this howto that works fine http://www.linuxinsight.com/building-debian-freeradius-package-with-eap-tls-ttls-peap-support.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cannot upgade to 2.1.7
kachin Agarwal wrote: > Here is the complete build : No... it's not. We've built the server often enough that we know what the "complete" configure output looks like, and this isn't it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius set up help
Horchem Gary wrote: > let me try to send this again the last one I sent the list server said > it was too large I found the file and uncommented any # ldap lines I > tried to login again and got this logging error "++[eap] returns reject > Failed to authenticate the user. The MAJOR problem here is that you are not reading the documentation. NOTHING in the documentation says to post the configuration files to the list. In addition, it's a BAD IDEA to post them to the list, because we already have copies of them: they COME WITH THE SERVER. Post the debugging output as suggested in: - the FAQ - the README - the "man" page - the INSTALL file - daily on this list - and in pretty much every "howto" in existence Stop trying to be "smart". Smart people read the docs and follow the instructions, because they don't want to waste brainpower figuring out how to do something that has detailed instructions available. People trying to be "smart" try to prove they're smart by re-inventing the wheel. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cannot upgade to 2.1.7
Hi, Here is the complete build : freeradius-server-2.1.7.tar.bz2 configure: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoc...@gnu.org. configure: WARNING: pcap library not found, silently disabling the RADIUS sniffer. config.status: WARNING: ./Make.inc.in seems to ignore the --datarootdir setting config.status: WARNING: ./src/include/build-radpaths-h.in seems to ignore the --datarootdir setting configure: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoc...@gnu.org. configure: error: set --without-rlm_counter to disable it explicitly. configure: error: ./configure failed for src/modules/rlm_counter make: *** [/*/*/*/*/*//freeradius-server-2.1.7/src/main/radiusd] Error 1 if i remove this rlm_counter , it shows an error in rlm_eap_peap. wat to do?? --- On Mon, 9/11/09, kachin Agarwal wrote: From: kachin Agarwal Subject: Cannot upgade to 2.1.7 To: freeradius-users@lists.freeradius.org Date: Monday, 9 November, 2009, 10:13 PM Hi, Ya i need the rlm_counter module. so how can i rectify it..? plz give me a solution.. Thanks & Regards, Kachin --- On Mon, 9/11/09, kachin Agarwal wrote: From: kachin Agarwal Subject: Cannot upgade to 2.1.7 To: freeradius-users@lists.freeradius.org Date: Monday, 9 November, 2009, 6:00 PM Hi, I m trying to upgrade the freeradius server to 2.1.7. But when i build i get the following error : configure: error: set --without-rlm_counter to disable it explicitly. configure: error: ./configure failed for src/modules/rlm_counter make: *** [*/*/*/*/*/*/*/radius/freeradius-server-2.1.7/src/main/radiusd] Error 1 How can i rectify this??? Thanx & Regards, Kachin The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. Connect more, do more and share more with Yahoo! India Mail. Learn more. Connect more, do more and share more with Yahoo! India Mail. Learn more. http://in.overview.mail.yahoo.com/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius set up help
11/10/2009 06:10 AM, Horchem Gary:: let me try to send this again the last one I sent the list server said it was too large 'freeradius -X' output shows us: - how you configured your freeradius - debug output You'd better give us 'freeradius -X' output, using something like http://pastebin.ca/ -- Architecte Informatique chez Blueline/Gulfsat: Administration Systeme, Recherche & Developpement +261 33 11 207 36 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius set up help
let me try to send this again the last one I sent the list server said it was too large I found the file and uncommented any # ldap lines I tried to login again and got this logging error "++[eap] returns reject Failed to authenticate the user. Login incorrect: [ghorchem/] (from client Server-3 port 0 via TLS tunnel) } # server inner-tunnel here is my inner-tunnel config "}" inner-tunnel config: "## # #This is a virtual server that handles *only* inner tunnel #requests for EAP-TTLS and PEAP types. # #$Id$ # ## server inner-tunnel { # # Un-comment the next section to perform test on the inner tunnel # without needing an outer tunnel session. The tests will not be # exactly the same as when TTLS or PEAP are used, but they will # be close enough for many tests. # #listen { # ipaddr = 127.0.0.1 # port = 18120 # type = auth #} # Authorization. First preprocess (hints and huntgroups files), # then realms, and finally look in the "users" file. # # The order of the realm modules will determine the order that # we try to find a matching realm. # # Make *sure* that 'preprocess' comes before any realm if you # need to setup hints for the remote radius server authorize { # # The chap module will set 'Auth-Type := CHAP' if we are # handling a CHAP request and Auth-Type has not already been set chap # # If the users are logging in with an MS-CHAP-Challenge # attribute for authentication, the mschap module will find # the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP' # to the request, which will cause the server to then use # the mschap module for authentication. mschap # # Pull crypt'd passwords from /etc/passwd or /etc/shadow, # using the system API's to get the password. If you want # to read /etc/passwd or /etc/shadow directly, see the # passwd module, above. # unix # # Look for IPASS style 'realm/', and if not found, look for # '@realm', and decide whether or not to proxy, based on # that. #IPASS # # If you are using multiple kinds of realms, you probably # want to set "ignore_null = yes" for all of them. # Otherwise, when the first style of realm doesn't match, # the other styles won't be checked. # # Note that proxying the inner tunnel authentication means # that the user MAY use one identity in the outer session # (e.g. "anonymous", and a different one here # (e.g. "u...@example.com"). The inner session will then be # proxied elsewhere for authentication. If you are not # careful, this means that the user can cause you to forward # the authentication to another RADIUS server, and have the # accounting logs *not* sent to the other server. This makes # it difficult to bill people for their network activity. # #suffix #ntdomain # # The "suffix" module takes care of stripping the domain # (e.g. "@example.com") from the User-Name attribute, and the # next few lines ensure that the request is not proxied. # # If you want the inner tunnel request to be proxied, delete # the next few lines. # update control { Proxy-To-Realm := LOCAL } # # This module takes care of EAP-MSCHAPv2 authentication. # # It also sets the EAP-Type attribute in the request # attribute list to the EAP type from the packet. # # The example below uses module failover to avoid querying all # of the following modules if the EAP module returns "ok". # Therefore, your LDAP and/or SQL servers will not be queried # for the many packets that go back and forth to set up TTLS # or PEAP. The load on those servers will therefore be reduced. # eap { ok = return } # # Read the 'users' file files # # Look in an SQL database. The schema of the database # is meant to mirror the "users" file. # # See "Authorization Queries" in sql.conf #sql # # If you are using /etc/smbpasswd, and are also doing # mschap authentication, the un-comment this line, and # configure the 'etc_smbpasswd' module, above. #etc_smbpasswd # # The ldap module will set Auth-Type to LDAP if it has not # already been set ldap # # Enforce daily limits on time spent logged in. #daily # # Use the checkval module #checkval expiration logintime # # If no other module has claimed responsibility for # authentication, then try to use PAP. This allows the # other modules listed above to add a "known good" password # to the request, and to do nothing else. The PAP module # will then see that password, and use it to do PAP # authenti
Re: Freeradius set up help
> Where in the file do I enable LDAP Same place as in default one - authorize. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius set up help
Where in the file do I enable LDAP Sent from my iPhone On Nov 9, 2009, at 5:15 PM, t...@kalik.net wrote: I'm still having trouble here is my sites-available default file ... Where is your password? If it's in ldap, you haven't enabled ldap in inner-tunnel virtual server. Try reading the answers again. Does it say default virtual server or something else? Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cannot upgade to 2.1.7
Hi, > > Hi, > Ya i need the rlm_counter module. so how can i rectify it..? plz give me > a solution.. > send a little bit more of the error message - at least 15 or so lines before the output you gave before - the system cannot find particular libraries on your OS and therefore cannot build rlm_counter - once you can satisfy that dependency then you can use that module alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius set up help
> I'm still having trouble here is my sites-available default file ... > > Where is your password? If it's in ldap, you haven't enabled ldap in > inner-tunnel virtual server. Try reading the answers again. Does it say default virtual server or something else? Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Can't compile FreeRADIUS with pam module
On 11/09/2009 05:05 PM, Chico Sokol wrote: Funny, configure's output seems to be fine: checking for pam_start in -lpam... yes checking security/pam_appl.h usability... yes checking security/pam_appl.h presence... yes checking for security/pam_appl.h... yes checking pam/pam_appl.h usability... yes checking pam/pam_appl.h presence... yes checking for pam/pam_appl.h... yes Well, I solved by changing the module's code (rlm_pam.c), including always my pam header file (witch is placed at /usr/include/pam), without that configure directive. It's definitely not the best way to fix it, but it works. Ah ... I think I see the problem. You have *both* sets of pam header files installed on your system, that's weird, how did that happen? Anyway the rlm_pam configure script and code look wrong to me. The header file check in configure.in is coded this way: AC_CHECK_HEADERS( \ security/pam_appl.h \ pam/pam_appl.h \ ) And the C code in rlm_pam.c has this: #ifdef HAVE_SECURITY_PAM_APPL_H #include #endif #ifdef HAVE_PAM_PAM_APPL_H #include #endif Hopefully you can see what will happen when you have both sets of header files installed, the compiler will try include them twice and it will succeed because the "guard" at the top of header looks like this: #ifndef _SECURITY_PAM_APPL_H #define _SECURITY_PAM_APPL_H I presume the guard for pam/pam_appl.h looks the same. Thus you'll include the definitions twice which is clearly wrong and will cause compiler errors. So the easy fix is don't install duplicate sets of pam header files. But the more robust fix would be to fix configure.in and the C code include directives so that the action-if-found clause of AC_CHECK_HEADERS added a -I to pam_cflags with the directory the header was found in and then did an explicit "break" The C code should be: #include "pam_appl.h" This way the if more than one set of header files is installed it picks the first one in the list it finds and sets an explicit -I include directive for it. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Can't compile FreeRADIUS with pam module
Funny, configure's output seems to be fine: checking for pam_start in -lpam... yes checking security/pam_appl.h usability... yes checking security/pam_appl.h presence... yes checking for security/pam_appl.h... yes checking pam/pam_appl.h usability... yes checking pam/pam_appl.h presence... yes checking for pam/pam_appl.h... yes Well, I solved by changing the module's code (rlm_pam.c), including always my pam header file (witch is placed at /usr/include/pam), without that configure directive. It's definitely not the best way to fix it, but it works. Thanks, On Mon, Nov 9, 2009 at 10:50 PM, John Dennis wrote: > On 11/09/2009 03:54 PM, Chico Sokol wrote: >> >> Any ideas here? >> >> Somebody have ever built FreeRADIUS with pam module? >> >> On Fri, Nov 6, 2009 at 5:36 PM, Chico Sokol wrote: Did you install these *after* running configure? If so you'll have to run configure again so it can find them>and set the right compiler flags. >>> >>> No I've ran configure after installing pam package. >>> >>> >>> On Fri, Nov 6, 2009 at 11:47 AM, Alan DeKok >>> wrote: Chico Sokol wrote: > > Hum... I need development header files? I have pam installed, and the > header files does exist at /usr/include/pam: Then the PAM module and header files are no longer compatible. I don't use PAM, so I'm not really sure what the underlying issue is. Alan DeKok. > > Beats me, it works perfectly here for the Red Hat packages. On our systems > (e.g. Fedora, RHEL, CentOS) you need to have the pam-devel package > installed. In the output of your configure step you should see something > like this: > > === configuring in src/modules/rlm_pam > checking for i686-pc-linux-gnu-gcc... no > checking for gcc... gcc > checking for C compiler default output file name... a.out > checking whether the C compiler works... yes > checking whether we are cross compiling... no > checking for suffix of executables... > checking for suffix of object files... o > checking whether we are using the GNU C compiler... yes > checking whether gcc accepts -g... yes > checking for gcc option to accept ANSI C... none needed > checking how to run the C preprocessor... gcc -E > checking for dlopen in -ldl... yes > checking for pam_start in -lpam... yes > checking for egrep... grep -E > checking for ANSI C header files... yes > checking for sys/types.h... yes > checking for sys/stat.h... yes > checking for stdlib.h... yes > checking for string.h... yes > checking for memory.h... yes > checking for strings.h... yes > checking for inttypes.h... yes > checking for stdint.h... yes > checking for unistd.h... yes > checking security/pam_appl.h usability... yes > checking security/pam_appl.h presence... yes > checking for security/pam_appl.h... yes > checking pam/pam_appl.h usability... no > checking pam/pam_appl.h presence... no > checking for pam/pam_appl.h... no > configure: creating ./config.status > config.status: creating Makefile > config.status: creating config.h > > > Notice how the configure script in rlm_pam checks for the header file in > both /usr/include/security and /usr/include/pam > > You said your files were installed in /usr/include/pam if I recall > correctly. Is that what your configure output shows? > > If they are and you're getting type errors from the compiler then you've got > bad pam header files. > > > -- > John Dennis > > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/ > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- Chico Sokol - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Can't compile FreeRADIUS with pam module
On 11/09/2009 03:54 PM, Chico Sokol wrote: Any ideas here? Somebody have ever built FreeRADIUS with pam module? On Fri, Nov 6, 2009 at 5:36 PM, Chico Sokol wrote: Did you install these *after* running configure? If so you'll have to run configure again so it can find them>and set the right compiler flags. No I've ran configure after installing pam package. On Fri, Nov 6, 2009 at 11:47 AM, Alan DeKok wrote: Chico Sokol wrote: Hum... I need development header files? I have pam installed, and the header files does exist at /usr/include/pam: Then the PAM module and header files are no longer compatible. I don't use PAM, so I'm not really sure what the underlying issue is. Alan DeKok. Beats me, it works perfectly here for the Red Hat packages. On our systems (e.g. Fedora, RHEL, CentOS) you need to have the pam-devel package installed. In the output of your configure step you should see something like this: === configuring in src/modules/rlm_pam checking for i686-pc-linux-gnu-gcc... no checking for gcc... gcc checking for C compiler default output file name... a.out checking whether the C compiler works... yes checking whether we are cross compiling... no checking for suffix of executables... checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ANSI C... none needed checking how to run the C preprocessor... gcc -E checking for dlopen in -ldl... yes checking for pam_start in -lpam... yes checking for egrep... grep -E checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking security/pam_appl.h usability... yes checking security/pam_appl.h presence... yes checking for security/pam_appl.h... yes checking pam/pam_appl.h usability... no checking pam/pam_appl.h presence... no checking for pam/pam_appl.h... no configure: creating ./config.status config.status: creating Makefile config.status: creating config.h Notice how the configure script in rlm_pam checks for the header file in both /usr/include/security and /usr/include/pam You said your files were installed in /usr/include/pam if I recall correctly. Is that what your configure output shows? If they are and you're getting type errors from the compiler then you've got bad pam header files. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Can't compile FreeRADIUS with pam module
Any ideas here? Somebody have ever built FreeRADIUS with pam module? On Fri, Nov 6, 2009 at 5:36 PM, Chico Sokol wrote: >>Did you install these *after* running configure? If so you'll have to run >>configure again so it can find them >and set the right compiler flags. > > No I've ran configure after installing pam package. > > > On Fri, Nov 6, 2009 at 11:47 AM, Alan DeKok wrote: >> Chico Sokol wrote: >>> Hum... I need development header files? I have pam installed, and the >>> header files does exist at /usr/include/pam: >> >> Then the PAM module and header files are no longer >> compatible. I don't use PAM, so I'm not really sure what the underlying >> issue is. >> >> Alan DeKok. >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > > > -- > Chico Sokol > -- Chico Sokol - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP and IPPool
> I am trying to authenticate users via Freeradius 2.1.7 against LDAP. I > would like to use a checkItem to determine ippool assignment to give users > an IP address from defined pools. The LDAP portion is working correctly > but I receive the message "Could not find Pool-Name attribute" in my > debug output (hence no IP address is assigned). What am I missing? Mapping to Pool-Name attribute. Neither group nor user entry are correct. > ** > > My user file is as follows: > > Default Group-Name == Telecommunictations, Pool-Name := That should be Ldap-Group == "Telecommunictations". That default entry might map the group to Pool-Name. > "Telecommunications" > Fall-Through = Yes > ** > My ldap.attrmap is as follows: > > checkItem radiusemployeedepartmentuabemployeedepartment There is no such radius attribute as radiusemployeedepartment. Something like: checkItem Pool-Name uabemployeedepartment ... might work. Pick one of those two approaches. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius set up help
> Hello i'm trying to setup Freeradius to do wireless authcation when I try > to connect I get my peap certficte then it says "incorrect username or > password" below is the debug output ... > server inner-tunnel { > +- entering group authorize {...} > ++[chap] returns noop > ++[mschap] returns noop > ++[unix] returns notfound > ++[control] returns notfound > [eap] EAP packet type response id 109 length 67 > [eap] No EAP Start, assuming it's an on-going EAP conversation > ++[eap] returns updated > ++[files] returns noop > ++[expiration] returns noop > ++[logintime] returns noop > ++[pap] returns noop > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] Request found, released from the list > [eap] EAP/mschapv2 > [eap] processing type mschapv2 > [mschapv2] +- entering group MS-CHAP {...} > [mschap] No Cleartext-Password configured. Cannot create LM-Password. > [mschap] No Cleartext-Password configured. Cannot create NT-Password. > [mschap] Told to do MS-CHAPv2 for ghorchem with NT-Password > [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. > [mschap] FAILED: MS-CHAP2-Response is incorrect > ++[mschap] returns reject Where is your password? If it's in ldap, you haven't enabled ldap in inner-tunnel virtual server. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cannot upgade to 2.1.7
kachin Agarwal wrote: > > Hi, > Ya i need the rlm_counter module. so how can i rectify it..? plz > give me a solution.. Read the REST of the messages. It tells you what the module needs, and what is missing. I never understand why some people look only at the LAST error message, and refuse to read anything more than that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cannot upgade to 2.1.7
Hi, Ya i need the rlm_counter module. so how can i rectify it..? plz give me a solution.. Thanks & Regards, Kachin --- On Mon, 9/11/09, kachin Agarwal wrote: From: kachin Agarwal Subject: Cannot upgade to 2.1.7 To: freeradius-users@lists.freeradius.org Date: Monday, 9 November, 2009, 6:00 PM Hi, I m trying to upgrade the freeradius server to 2.1.7. But when i build i get the following error : configure: error: set --without-rlm_counter to disable it explicitly. configure: error: ./configure failed for src/modules/rlm_counter make: *** [*/*/*/*/*/*/*/radius/freeradius-server-2.1.7/src/main/radiusd] Error 1 How can i rectify this??? Thanx & Regards, Kachin The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius-Users Digest, Vol 55, Issue 32
Hi, > I have a problem which I and a friend here have been trying to solve for some > days now. it wasnt clear what the actual problem is that you are having - you seemed to miss out the problem - eg the output of radiusd -X alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius-Users Digest, Vol 55, Issue 32
an Linksys WRT-54-GS > > and the Switch is an CISCO-2950 > > > > > > > > -- > > View this message in context: > > http://old.nabble.com/WLANFreeradiusOpenLDAPVLANs-tp26230857p26230857.html > > Sent from the FreeRadius - User mailing list archive at Nabble.com. > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > -- > JJohnny RANDRIAMAMPIONONA > Phone: +212663682554, +212533158575 > National School of Applied Sciences > ZIP 1818 TANGIER 9 > -Morocco --- > -- next part -- > An HTML attachment was scrubbed... > URL: > <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20091109/8589c60f/attachment.html> > > -- > > Message: 2 > Date: Mon, 9 Nov 2009 18:00:41 +0530 (IST) > From: kachin Agarwal > Subject: Cannot upgade to 2.1.7 > To: freeradius-users@lists.freeradius.org > Message-ID: <318375.47862...@web94201.mail.in2.yahoo.com> > Content-Type: text/plain; charset="utf-8" > > Hi, > I m trying to upgrade the freeradius server to 2.1.7. > But when i build i get the following error : > > configure: error: set --without-rlm_counter to disable it explicitly. > configure: error: ./configure failed for src/modules/rlm_counter > make: *** [*/*/*/*/*/*/*/radius/freeradius-server-2.1.7/src/main/radiusd] > Error 1 > > How can i rectify this??? > > Thanx & Regards, > Kachin > > > > > Add whatever you love to the Yahoo! India homepage. Try now! > http://in.yahoo.com/trynew > -- next part -- > An HTML attachment was scrubbed... > URL: > <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20091109/6e36a5c7/attachment.html> > > -- > > Message: 3 > Date: Mon, 9 Nov 2009 12:50:45 + > From: Alan Buxey > Subject: Re: Cannot upgade to 2.1.7 > To: FreeRadius users mailing list > > Message-ID: <20091109125045.gb29...@lboro.ac.uk> > Content-Type: text/plain; charset=us-ascii > > Hi, > > Hi, > > I m trying to upgrade the freeradius server to 2.1.7. > > But when i build i get the following error : > > > > configure: error: set --without-rlm_counter to disable it explicitly. > > configure: error: ./configure failed for src/modules/rlm_counter > > make: *** [*/*/*/*/*/*/*/radius/freeradius-server-2.1.7/src/main/radiusd] > > Error 1 > > > > How can i rectify this??? > > do you want the counter module? if not, simply do as it says...add > > --without-rlm_counter after the ./configure eg plain version > > ./configure --without-rlm_counter > > > alan > > > -- > > Message: 4 > Date: Mon, 9 Nov 2009 13:36:55 + > From: "nf-vale" > Subject: Re: WLAN - Freeradius - OpenLDAP - VLANs > To: freeradius-users@lists.freeradius.org > Message-ID: <200911091336.56041.nf-v...@critical-links.com> > Content-Type: Text/Plain; charset="iso-8859-15" > > On Monday 09 November 2009 12:25:13 Jos? Johnny RANDRIAMAMPIONONA wrote: > > Freeradius work well with openldap but only with cleartext password (PAP). > > Best regards! > > Don't give wrong answers if you're not sure of what you're talking. > > > > > 2009/11/9 _Stefan_H > > > > > First I know my english is not the best, but i hope you will understand > > > it. > > > > > > In the course of a project i have to make an authentification against a > > > freeradius server for the WLAN Users. > > > On the Server(OpenSUSE11.1) is a LDAP Directory and i want that the WLAN > > > Users have to authentificate with their accounts. After the successful > > > authentification they will be put into an other VLAN, that they can use > > > their homedirectories. > > > > > > I would like to know how I should do it, because i inform me about the > > > Authentification Types(EAP-TLS,TTLS,PEAP) and know I am totally confused > > > which i have to configure at the freeradius Server. > > See http://deployingradius.com/documents/protocols/compatibility.html for > compatibilty issues. > > > You can authenticate users using PEAP against LDAP just as long as the user's > entries in the LDAP DB have NT / LM password hashes. For instance, if using > OpenLDAP, you need to include the samba.schema in the supported schemas list > and then add sambaNTPassword and sambaLMPassword to each one
Re: FreeRadius with 3COM
Configuration guide 3com switch 4210 family: http://support.3com.com/documents/switches/4210/3Com_Switch4210_Configuration_Guide.pdf Pages 223, 802.1x Configuration. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: WLAN - Freeradius - OpenLDAP - VLANs
Thanks for answering and I hope that I will have no problems in configuring the server but I think that won't happen. nf-vale wrote: > > On Monday 09 November 2009 12:25:13 José Johnny RANDRIAMAMPIONONA wrote: >> Freeradius work well with openldap but only with cleartext password >> (PAP). >> Best regards! > > Don't give wrong answers if you're not sure of what you're talking. > >> >> 2009/11/9 _Stefan_H >> >> > First I know my english is not the best, but i hope you will understand >> > it. >> > >> > In the course of a project i have to make an authentification against a >> > freeradius server for the WLAN Users. >> > On the Server(OpenSUSE11.1) is a LDAP Directory and i want that the >> WLAN >> > Users have to authentificate with their accounts. After the successful >> > authentification they will be put into an other VLAN, that they can use >> > their homedirectories. >> > >> > I would like to know how I should do it, because i inform me about the >> > Authentification Types(EAP-TLS,TTLS,PEAP) and know I am totally >> confused >> > which i have to configure at the freeradius Server. > > See http://deployingradius.com/documents/protocols/compatibility.html for > compatibilty issues. > > > You can authenticate users using PEAP against LDAP just as long as the > user's > entries in the LDAP DB have NT / LM password hashes. For instance, if > using > OpenLDAP, you need to include the samba.schema in the supported schemas > list > and then add sambaNTPassword and sambaLMPassword to each one of the user's > entries in the DB. > > Ex: > > " > dn: uid=xxx,ou=people,dc=local,dc=loc > objectClass: inetOrgPerson > objectClass: sambaSamAccount > uidNumber: 1 > uid: xxx > userPassword:: e01ENX1mMmhLRytkajNnSSs2aEtmL3ltSnV3PT0= > sambaLMPassword: AB849716E6B337C43B639FCD27BDA434 > sambaNTPassword: 9574805413661ADC5E8FA7B943026723 > ... > " > > You can hash the user's password using the smbencrypt utility. > >> > >> > I think that PEAP would be the easiest, but I really don't know which >> can >> > be >> > used whth a dynamic VLAN. >> > >> > http://old.nabble.com/file/p26230857/1.jpeg >> > >> > The AP is an Linksys WRT-54-GS >> > and the Switch is an CISCO-2950 >> > >> > >> > >> > -- >> > View this message in context: >> > >> http://old.nabble.com/WLANFreeradiusOpenLDAPVLANs-tp26230857p >> >26230857.html Sent from the FreeRadius - User mailing list archive at >> > Nabble.com. >> > >> > - >> > List info/subscribe/unsubscribe? See >> > http://www.freeradius.org/list/users.html >> > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- View this message in context: http://old.nabble.com/WLANFreeradiusOpenLDAPVLANs-tp26230857p26267282.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with server atribute in NAS table with mysql
Hi, > My clients are in a MySQL database (nas table). > > ++--+---+---+-++-+---+---+ > | id | nasname | shortname | type | ports| secret | server > | community | description| > ++--+---+---+-++-+---+---+ > | 1 | XXX | NODO1 | other | NULL | secretN1 | nodes | > nodo | Nodo Wifi | > | 2 | YYY | NODO2 | other | NULL | secretN2 | nodes | > nodo | Nodo Wifi | > > > I want to process some clients through one virtual server (server nodes{}), > so I have the name of the virtual server in the "server" column, but this > doesn't work. > > When I receive a request from those clients, the default server proccess > them. which means you havent updated the SQL qeuery to use that column. check your sql/mysql/dialup.conf file and edit the call to pull in the NAS from nas_query = "SELECT id, nasname, shortname, type, secret FROM ${nas_table}" to nas_query = "SELECT id, nasname, shortname, type, secret, server FROM ${nas_table}" then the server attribute will be pulled in and the 'nodes' virtual host will get used. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with server atribute in NAS table with mysql
Hello, I'm using Freeradius 2.0.4-3 an Debian. My clients are in a MySQL database (nas table). ++--+---+---+-++-+---+---+ | id | nasname | shortname | type | ports| secret | server | community | description| ++--+---+---+-++-+---+---+ | 1 | XXX | NODO1 | other | NULL | secretN1 | nodes | nodo | Nodo Wifi | | 2 | YYY | NODO2 | other | NULL | secretN2 | nodes | nodo | Nodo Wifi | I want to process some clients through one virtual server (server nodes{}), so I have the name of the virtual server in the "server" column, but this doesn't work. When I receive a request from those clients, the default server proccess them. I test to change the column name to virtual_server with same result. I have to put the clients with value in "virtual_server" in clients.conf file and the clients without value in nas table from MySQL. I test to put them in server section: ##/etc/freeradius/sites-enabled/nodes server nodes{ client nodo1{ } ... } but this doesn't work. I have to put them out of server section, like this: ##/etc/freeradius/sites-enabled/nodes client nodo1{ } server nodes{ ... } and I think that this is the same that put them in clients files ¿? Thank you very much and sorry for my english. -- Ana Gallardo Gómez - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: WLAN - Freeradius - OpenLDAP - VLANs
On Monday 09 November 2009 12:25:13 José Johnny RANDRIAMAMPIONONA wrote: > Freeradius work well with openldap but only with cleartext password (PAP). > Best regards! Don't give wrong answers if you're not sure of what you're talking. > > 2009/11/9 _Stefan_H > > > First I know my english is not the best, but i hope you will understand > > it. > > > > In the course of a project i have to make an authentification against a > > freeradius server for the WLAN Users. > > On the Server(OpenSUSE11.1) is a LDAP Directory and i want that the WLAN > > Users have to authentificate with their accounts. After the successful > > authentification they will be put into an other VLAN, that they can use > > their homedirectories. > > > > I would like to know how I should do it, because i inform me about the > > Authentification Types(EAP-TLS,TTLS,PEAP) and know I am totally confused > > which i have to configure at the freeradius Server. See http://deployingradius.com/documents/protocols/compatibility.html for compatibilty issues. You can authenticate users using PEAP against LDAP just as long as the user's entries in the LDAP DB have NT / LM password hashes. For instance, if using OpenLDAP, you need to include the samba.schema in the supported schemas list and then add sambaNTPassword and sambaLMPassword to each one of the user's entries in the DB. Ex: " dn: uid=xxx,ou=people,dc=local,dc=loc objectClass: inetOrgPerson objectClass: sambaSamAccount uidNumber: 1 uid: xxx userPassword:: e01ENX1mMmhLRytkajNnSSs2aEtmL3ltSnV3PT0= sambaLMPassword: AB849716E6B337C43B639FCD27BDA434 sambaNTPassword: 9574805413661ADC5E8FA7B943026723 ... " You can hash the user's password using the smbencrypt utility. > > > > I think that PEAP would be the easiest, but I really don't know which can > > be > > used whth a dynamic VLAN. > > > > http://old.nabble.com/file/p26230857/1.jpeg > > > > The AP is an Linksys WRT-54-GS > > and the Switch is an CISCO-2950 > > > > > > > > -- > > View this message in context: > > http://old.nabble.com/WLANFreeradiusOpenLDAPVLANs-tp26230857p > >26230857.html Sent from the FreeRadius - User mailing list archive at > > Nabble.com. > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cannot upgade to 2.1.7
Hi, > Hi, > I m trying to upgrade the freeradius server to 2.1.7. > But when i build i get the following error : > > configure: error: set --without-rlm_counter to disable it explicitly. > configure: error: ./configure failed for src/modules/rlm_counter > make: *** [*/*/*/*/*/*/*/radius/freeradius-server-2.1.7/src/main/radiusd] > Error 1 > > How can i rectify this??? do you want the counter module? if not, simply do as it says...add --without-rlm_counter after the ./configure eg plain version ./configure --without-rlm_counter alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cannot upgade to 2.1.7
Hi, I m trying to upgrade the freeradius server to 2.1.7. But when i build i get the following error : configure: error: set --without-rlm_counter to disable it explicitly. configure: error: ./configure failed for src/modules/rlm_counter make: *** [*/*/*/*/*/*/*/radius/freeradius-server-2.1.7/src/main/radiusd] Error 1 How can i rectify this??? Thanx & Regards, Kachin Add whatever you love to the Yahoo! India homepage. Try now! http://in.yahoo.com/trynew- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: WLAN - Freeradius - OpenLDAP - VLANs
Freeradius work well with openldap but only with cleartext password (PAP). Best regards! 2009/11/9 _Stefan_H > > First I know my english is not the best, but i hope you will understand it. > > In the course of a project i have to make an authentification against a > freeradius server for the WLAN Users. > On the Server(OpenSUSE11.1) is a LDAP Directory and i want that the WLAN > Users have to authentificate with their accounts. After the successful > authentification they will be put into an other VLAN, that they can use > their homedirectories. > > I would like to know how I should do it, because i inform me about the > Authentification Types(EAP-TLS,TTLS,PEAP) and know I am totally confused > which i have to configure at the freeradius Server. > > I think that PEAP would be the easiest, but I really don't know which can > be > used whth a dynamic VLAN. > > http://old.nabble.com/file/p26230857/1.jpeg > > The AP is an Linksys WRT-54-GS > and the Switch is an CISCO-2950 > > > > -- > View this message in context: > http://old.nabble.com/WLANFreeradiusOpenLDAPVLANs-tp26230857p26230857.html > Sent from the FreeRadius - User mailing list archive at Nabble.com. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- JJohnny RANDRIAMAMPIONONA Phone: +212663682554, +212533158575 National School of Applied Sciences ZIP 1818 TANGIER 9 -Morocco --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html