Re: freeradius 2.1.8 dies Error: ASSERT FAILED event.c[1084]: home->ev != NULL
fab junkmail wrote: >> Why is it running out of sockets? This shouldn't happen. > > Not sure but there is a _lot_ of attempted proxying going on - maybe > it just went over the system limits like open file limits or > something? In any case it probably won't be a problem when I implement > the robust-proxy-accounting. Likely, yes. If the server is overloaded and unable to proxy packets... who knows what can happen. The *intent* is to have it still work, but it's a poorly tested code path. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-PEAP - MSCHAPV2 option not working
dev nath wrote: > I have tried following in my users file > > David User-Password=="freeradius" > > ---also > > David Auth-Type=Local, Password = "freeradius" > > Both does not seem to work. Please help me. Read the FAQ for how to set up a test user in the "users" file. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.1.8 dies Error: ASSERT FAILED event.c[1084]: home->ev != NULL
Hi Alan, Thanks for your response. Alan DeKok wrote: > You can configure the proxy to log accounting packets to disk when the > home server is down. See raddb/sites-available/robust-proxy-accounting Ok I will definitely do this then. >> Fri Mar 19 17:30:54 2010 : Proxy: Failed to create a new socket for >> proxying requests. > > Why is it running out of sockets? This shouldn't happen. Not sure but there is a _lot_ of attempted proxying going on - maybe it just went over the system limits like open file limits or something? In any case it probably won't be a problem when I implement the robust-proxy-accounting. > You have a NAS which is sending large amounts of traffic to a proxy > when the home server is down. The proxy isn't configured to do anything > useful with the packets. This is a bug in the *architecture*. Understood. Thanks for your help Alan. Regards, Anthony - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP-PEAP - MSCHAPV2 option not working
Hi,
I am trying to authenticate my xsupplicant with freeradius using PEAP option,
but seems to fail with the below error message. Complete debug message is
attached to the email.
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for peerless with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
I have tried following in my users file
David User-Password=="freeradius"
---also
David Auth-Type=Local, Password = "freeradius"
Both does not seem to work. Please help me.
Regards,
Dev
FreeRADIUS Version 2.1.8, for host i686-pc-linux-gnu, built on Feb 2 2010 at
16:20:53
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/proxy.conf
including configuration file /usr/local/etc/raddb/clients.conf
including files in directory /usr/local/etc/raddb/modules/
including configuration file /usr/local/etc/raddb/modules/sql_log
including configuration file /usr/local/etc/raddb/modules/checkval
including configuration file /usr/local/etc/raddb/modules/detail.example.com
including configuration file /usr/local/etc/raddb/modules/radutmp
including configuration file /usr/local/etc/raddb/modules/smbpasswd
including configuration file /usr/local/etc/raddb/modules/detail
including configuration file /usr/local/etc/raddb/modules/sradutmp
including configuration file /usr/local/etc/raddb/modules/expiration
including configuration file /usr/local/etc/raddb/modules/echo
including configuration file /usr/local/etc/raddb/modules/otp
including configuration file /usr/local/etc/raddb/modules/files
including configuration file /usr/local/etc/raddb/modules/preprocess
including configuration file /usr/local/etc/raddb/modules/ippool
including configuration file /usr/local/etc/raddb/modules/realm
including configuration file /usr/local/etc/raddb/modules/pam
including configuration file /usr/local/etc/raddb/modules/acct_unique
including configuration file /usr/local/etc/raddb/modules/attr_filter
including configuration file /usr/local/etc/raddb/modules/ntlm_auth
including configuration file /usr/local/etc/raddb/modules/expr
including configuration file
/usr/local/etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /usr/local/etc/raddb/modules/linelog
including configuration file /usr/local/etc/raddb/modules/inner-eap
including configuration file /usr/local/etc/raddb/modules/pap
including configuration file /usr/local/etc/raddb/modules/detail.log
including configuration file /usr/local/etc/raddb/modules/exec
including configuration file /usr/local/etc/raddb/modules/passwd
including configuration file /usr/local/etc/raddb/modules/logintime
including configuration file /usr/local/etc/raddb/modules/wimax
including configuration file /usr/local/etc/raddb/modules/perl
including configuration file /usr/local/etc/raddb/modules/cui
including configuration file /usr/local/etc/raddb/modules/smsotp
including configuration file /usr/local/etc/raddb/modules/policy
including configuration file /usr/local/etc/raddb/modules/ldap
including configuration file /usr/local/etc/raddb/modules/mac2vlan
including configuration file /usr/local/etc/raddb/modules/mac2ip
including configuration file /usr/local/etc/raddb/modules/krb5
including configuration file /usr/local/etc/raddb/modules/attr_rewrite
including configuration file /usr/local/etc/raddb/modules/unix
including configuration file /usr/local/etc/raddb/modules/always
including configuration file /usr/local/etc/raddb/modules/etc_group
including configuration file /usr/local/etc/raddb/modules/digest
including configuration file /usr/local/etc/raddb/modules/chap
including configuration file /usr/local/etc/raddb/modules/mschap
including configuration file /usr/local/etc/raddb/modules/counter
including configuration file /usr/local/etc/raddb/eap.conf
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel
including configuration file /usr/local/etc/raddb/sites-enabled/control-socket
including configuration file /usr/local/etc/raddb/sites-enabled/default
main {
allow_core_dumps = no
}
including dictionary file /usr/local/etc/raddb/dictionary
main {
prefix = "/usr/local"
localstatedir = "/usr/local/var"
logdir = "/usr/local/var/log/radius"
libdir = "/usr/local/lib"
Re: Memory Leak on version 2.1.3
Zhang, Ge (Gina) wrote: > I tried 2.1.8 and it leaks memory exactly like 2.1.3. Any other suggestions? Are you sure it's a memory leak? The server *is* supposed to use memory for various kinds of caching. See "valgrind" for tracking down memory leaks. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Memory Leak on version 2.1.3
Alan, I tried 2.1.8 and it leaks memory exactly like 2.1.3. Any other suggestions? Thanks, Gina -Original Message- From: freeradius-users-bounces+gina.zhang=alcatel-lucent@lists.freeradius.org [mailto:freeradius-users-bounces+gina.zhang=alcatel-lucent@lists.freeradius.org] On Behalf Of Alan Buxey Sent: Thursday, March 25, 2010 4:42 AM To: FreeRadius users mailing list Subject: Re: Memory Leak on version 2.1.3 Hi, > The server is in production and we won't upgrade for a while. but you're willing to patch and recompile the old/obsolete 2.1.3 version? whats the difference? its pretty much the same situation. go for 2.1.8. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to crypt password in database
Paweł Pogorzelski wrote:
> *When i have:
> 2 te...@realm Crypt-Password := test123
>
> Then i get:
>
> [mschapv2] +- entering group MS-CHAP {...}
> [mschap] No Cleartext-Password configured. Cannot create LM-Password.
> [mschap] No Cleartext-Password configured. Cannot create NT-Password.
> [mschap] Told to do MS-CHAPv2 for te...@realm with NT-Password
> [mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
http://deployingradius.com/documents/protocols/compatibility.html
> Please help me with those crypted passwords.
It's impossible.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to crypt password in database
Hi,
> Hi
>
> I have problem with password encryption in mysql database:
> -
> *If i have in database:
>
> 1 t...@realm User-Password := test
>
> I get Access Accept.
> -
>
> -
> *When i have:
> 2 te...@realm Crypt-Password := test123
Cleartext-Password := {crypt}test123
??
let the PAP module do the work for you. (test123 isnt looking
like valid crypt of course ;-) )
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP (PEAP)+ntlm_auth doesn't send password by it self
Hi,
> As I had thought the issue with the EAP packet was the configuration of Cisco
> access-point. I solved this but now I can not authenticate against Windows
> 2003 AD using ntlm_auth. This is the complete log:
you didnt send enough debug log - the 'party had only just got
started'.
you say you have ntlm_auth in mschap configured but what about
thentlm_auth thats in the inner-tunnel - that looks pretty different
server inner-tunnel {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Instantiating ntlm_auth
exec ntlm_auth {
wait = yes
program = "/usr/bin/ntlm_auth --request-nt-key --domain=MyDOMAIN
--username=%{mschap:User-Name}
+--password=%{User-Password}"
input_pairs = "request"
shell_escape = yes
}
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How can I set freeradius to connect to another freeradius server to find external database.
Hi,
> but it doesn’t work
yep. that wont work. reason? because you proxied to the
remote RADIUS. it didnt know the user and therefore you got
a reject. once you get a reject then all bets are off with this
config - the 'fail-over' is if there is no answer from the
RADIUS server - at which point it will try the second server.
> Do I need to config proxy.conf or others files ?
> or other method to setup for this scenario ?
personally? why do you have a second RADIUS server with the MAC
info? why not consolidate? if not...so you have SQL access to the
other RADIUS server? if so , then you can do a fall-through authentication
eg use local mysql and if that fails, then dont care and hit the second
mysql server eg
change the current SQL config from
sql {
stuff detailing your servers etc
}
to
sql first_sql_server{
stuff detailing the first server
}
sql second_sql_server{
stuff detailing second server
}
then, instead of calling 'sql' in the auth section, you call
first_sql_server
second_sql_server
(with the relevant wrapper around it to ensure that if the first
fails, then the second gets called... - check out the docs
http://wiki.freeradius.org/Fail-over )
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to crypt password in database
Hi
I have problem with password encryption in mysql database:
-
*If i have in database:
1 t...@realm User-Password := test
I get Access Accept.
-
-
*When i have:
2 te...@realm Crypt-Password := test123
Then i get:
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for te...@realm with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
-
-
in my sql.conf i have:
# Read driver-specific configuration
$INCLUDE sql/${database}/dialup.conf
password_header = "{CRYPT}"
auto_header = yes
password_attribute = userPassword
-
Please help me with those crypted passwords.
Best regards
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: EAP (PEAP)+ntlm_auth doesn't send password by it self
Good day Alan,
As I had thought the issue with the EAP packet was the configuration of Cisco
access-point. I solved this but now I can not authenticate against Windows 2003
AD using ntlm_auth. This is the complete log:
FreeRADIUS Version 2.1.8, for host i486-pc-linux-gnu, built on Mar 18 2010 at
04:07:54
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/modules/
including configuration file /etc/freeradius/modules/expr
including configuration file /etc/freeradius/modules/detail.example.com
including configuration file /etc/freeradius/modules/logintime
including configuration file /etc/freeradius/modules/ldap
including configuration file /etc/freeradius/modules/checkval
including configuration file /etc/freeradius/modules/realm
including configuration file /etc/freeradius/modules/mac2ip
including configuration file /etc/freeradius/modules/cui
including configuration file /etc/freeradius/modules/chap
including configuration file /etc/freeradius/modules/echo
including configuration file /etc/freeradius/modules/policy
including configuration file /etc/freeradius/modules/sql_log
including configuration file /etc/freeradius/modules/mschap
including configuration file /etc/freeradius/modules/krb5
including configuration file /etc/freeradius/modules/pam
including configuration file /etc/freeradius/modules/ippool
including configuration file /etc/freeradius/modules/attr_rewrite
including configuration file /etc/freeradius/modules/etc_group
including configuration file /etc/freeradius/modules/ntlm_auth
including configuration file /etc/freeradius/modules/perl
including configuration file /etc/freeradius/modules/passwd
including configuration file /etc/freeradius/modules/mschap.save
including configuration file /etc/freeradius/modules/attr_filter
including configuration file /etc/freeradius/modules/radutmp
including configuration file /etc/freeradius/modules/preprocess
including configuration file /etc/freeradius/modules/mac2vlan
including configuration file /etc/freeradius/modules/pap
including configuration file /etc/freeradius/modules/ntlm_auth.save
including configuration file /etc/freeradius/modules/smsotp
including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
including configuration file /etc/freeradius/modules/acct_unique
including configuration file /etc/freeradius/modules/expiration
including configuration file /etc/freeradius/modules/digest
including configuration file /etc/freeradius/modules/unix
including configuration file /etc/freeradius/modules/always
including configuration file /etc/freeradius/modules/otp
including configuration file /etc/freeradius/modules/files
including configuration file /etc/freeradius/modules/smbpasswd
including configuration file /etc/freeradius/modules/inner-eap
including configuration file /etc/freeradius/modules/wimax
including configuration file /etc/freeradius/modules/linelog
including configuration file /etc/freeradius/modules/exec
including configuration file /etc/freeradius/modules/detail.log
including configuration file /etc/freeradius/modules/detail
including configuration file /etc/freeradius/modules/sradutmp
including configuration file /etc/freeradius/modules/counter
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/default
including configuration file /etc/freeradius/sites-enabled/inner-tunnel
main {
user = "freerad"
group = "freerad"
allow_core_dumps = no
}
including dictionary file /etc/freeradius/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/freeradius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/freeradius/freeradius.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: Loading Realms and Home Servers
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_
RE: question on users file
Hi John,
I have to use file & LDAP lookup first to set the W-Class (which will identify
the user class based on their user-membership).
For users who requires wireless access, I had this entry:
# Wireless/users
DEFAULT NAS-Port-Type == 19, W-Class == wireless-users, Auth-Type := PAP
Service-Type = Framed-User,
...
For non-wireless users, I will set one password:
# Non-wireless users
DEFAULT NAS-Port-Type == 19, user-password := "{md5}70e1e27d529f1e50097d642f9452
de18"
Service-Type = Framed-User,
...
This works when wireless user is not in password nor LDAP. However, once
cleartext-password set, user-password is ignored.
Jeff
-Original Message-
From: John Dennis [mailto:jden...@redhat.com]
Sent: Thursday, March 25, 2010 1:36 PM
To: FreeRadius users mailing list
Cc: Jeffrey Wang
Subject: Re: question on users file
On 03/25/2010 12:31 PM, Jeffrey Wang wrote:
> I am using freeradius server against my ldap server for regular user
> access and eap. I need the wireless user treated differently. So I
> created a entry in users file and would like to set user-password for
> these users in encrypted form. For the users that are not in ldap, they
> worked fine. However, the users are in the ldap, had been updated with
> cleartext-password and radius ignores my user-password and uses
> cleartext-password from ldap.
>
> Can I delete the configuration items (cleartext-password) I set in
> previous process, such as ldap or password file?
We have no clue what you did in a previous process nor what version of
FreeRADIUS you're using.
You could do one of several things:
Move the users file processing above the ldap in the authorize section
your config file so the user in found in the users file first.
Put those special users in an ldap group and do not return authorize
information if they are members of that group.
Remove the password attribute for those users from your ldap directory,
rlm_ldap can't return what it can't find.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: question on users file
On 03/25/2010 12:31 PM, Jeffrey Wang wrote: I am using freeradius server against my ldap server for regular user access and eap. I need the wireless user treated differently. So I created a entry in users file and would like to set user-password for these users in encrypted form. For the users that are not in ldap, they worked fine. However, the users are in the ldap, had been updated with cleartext-password and radius ignores my user-password and uses cleartext-password from ldap. Can I delete the configuration items (cleartext-password) I set in previous process, such as ldap or password file? We have no clue what you did in a previous process nor what version of FreeRADIUS you're using. You could do one of several things: Move the users file processing above the ldap in the authorize section your config file so the user in found in the users file first. Put those special users in an ldap group and do not return authorize information if they are members of that group. Remove the password attribute for those users from your ldap directory, rlm_ldap can't return what it can't find. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.1.8 dies Error: ASSERT FAILED event.c[1084]: home->ev != NULL
fab junkmail wrote: > I recently upgraded our freeradius servers to 2.1.8 and over the past > month it has died on one of the servers two times (spaced about two > weeks apart I think). So fairly infrequently. OK. > A bit of background, We use this server predominantly to proxy > requests. Every day for about 15 minutes, the two main home servers we > proxy to stop responding (they are doing backups or maintenance during > this time) so for those 15 minutes our clients (LNS/NAS) would be > sending a very large number of accounting interim packets and some > stop packets and would be resending these while the home servers are > down. You can configure the proxy to log accounting packets to disk when the home server is down. See raddb/sites-available/robust-proxy-accounting > Sun Mar 14 17:30:15 2010 : Proxy: Marking home server 10.0.1.48 > port 1646 as zombie (it looks like it is dead). > Sun Mar 14 17:30:16 2010 : Proxy: Marking home server 10.0.1.47 > port 1646 as zombie (it looks like it is dead). > Sun Mar 14 17:30:19 2010 : Proxy: Marking home server 10.0.1.47 > port 1645 as zombie (it looks like it is dead). > Sun Mar 14 17:30:19 2010 : Error: No response to status check 903535 > for home server 10.0.1.48 port 1646 > Sun Mar 14 17:30:20 2010 : Error: No response to status check 903536 > for home server 10.0.1.47 port 1646 > ... > Sun Mar 14 17:30:32 2010 : Error: Internal sanity check failed for > child state Hmm... that's not good. > Fri Mar 19 17:30:54 2010 : Proxy: Failed to create a new socket for > proxying requests. Why is it running out of sockets? This shouldn't happen. > Fri Mar 19 17:30:54 2010 : Proxy: Failed to create a new socket for > proxying requests. > Fri Mar 19 17:30:54 2010 : Proxy: Failed to create a new socket for > proxying requests. > ... > Fri Mar 19 17:30:56 2010 : Error: ASSERT FAILED event.c[1084]: > home->ev != NULL Well... after all of the previous errors, it's not surprising that something *worse* eventually goes wrong. It's like driving your car for 45 minutes after the tires are flat: not a good idea. > That last one is where it dies I think. Yes. > That one was found to be a bug and was fixed - I don't know if my case > is a bug though. It's a bug, but the other problems you're seeing should be fixed, too. > I don't currently use the robust proxy accounting that that thread > suggests. I expect that would probably work around the issue of > freeradius crashing in this case and I will give that a go. Yes. > Just > posting this to let you know that it _might_ be a bug and to ask for > advice about whether you think this is a bug or not, and if I should > follow up on that, or if you think it is just my configuration that > needs some changes and what areas I should concentrate on if that is > the case? You have a NAS which is sending large amounts of traffic to a proxy when the home server is down. The proxy isn't configured to do anything useful with the packets. This is a bug in the *architecture*. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How can I set freeradius to connect to another freeradius server to find external database.
Hello all
I need to setup 2 freeradius servers for mac address authentication.
My scenario is
Access point send access-request to 1st freeradius server to do mac address
authentication .If 1st server doesn’t have MAC Address in database ,it must
send this request to 2nd server(which is freeradius server too) to find in
another database.
I try to config proxy.conf file in 1st server as follow
home_server pri_home_server { type = auth+acct ipaddr = localhost port
= 1812 secret = xxx response_window = 20 zombie_period = 40
revive_interval = 120 status_check = status-server check_interval = 30
num_answers_to_alive = 3}home_server sec_home_server { type = auth+acct
ipaddr = xxx port = 1812 secret = xxx response_window = 20
zombie_period = 40 revive_interval = 120 status_check = status-server
check_interval = 30 num_answers_to_alive = 3}
home_server_pool auth_failover_pool { type = fail-over home_server =
pri_home_server home_server = sec_home_server}
realm users{ type=radius auth_pool=auth_failover_pool
acct_pool=auth_failover_pool nostrip}
but it doesn’t work
So the question is
Do I need to config proxy.conf or others files ?or other method to setup for
this scenario ?
Any help is appreciated.
Thanks in advance.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
question on users file
I am using freeradius server against my ldap server for regular user access and eap. I need the wireless user treated differently. So I created a entry in users file and would like to set user-password for these users in encrypted form. For the users that are not in ldap, they worked fine. However, the users are in the ldap, had been updated with cleartext-password and radius ignores my user-password and uses cleartext-password from ldap. Can I delete the configuration items (cleartext-password) I set in previous process, such as ldap or password file? TIA - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: "Invalid packet code 11 sent to authentication port from client" error
Rob Brickhouse wrote: > Is it possible the issue is with the network card in the server and not > the AP's? No. The AP generates RADIUS packets. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Memory Leak on version 2.1.3
Hi, > Alan, > > Does 2.1.8 have the fix for the problem? its got many fixes - check the source code. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Memory Leak on version 2.1.3
Alan, Does 2.1.8 have the fix for the problem? Regards, Gina -Original Message- From: freeradius-users-bounces+gina.zhang=alcatel-lucent@lists.freeradius.org [mailto:freeradius-users-bounces+gina.zhang=alcatel-lucent@lists.freeradius.org] On Behalf Of Alan Buxey Sent: Thursday, March 25, 2010 4:42 AM To: FreeRadius users mailing list Subject: Re: Memory Leak on version 2.1.3 Hi, > The server is in production and we won't upgrade for a while. but you're willing to patch and recompile the old/obsolete 2.1.3 version? whats the difference? its pretty much the same situation. go for 2.1.8. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2 authorization tables?
On Thu, 2010-03-25 at 15:25 +0100, Paweł Pogorzelski wrote: > 1. Can i add another table for user authorizations in the same > database for example racheck and radcheck2? > the easiest way to do it would be to create view joining these 2 tables > 2. For what is radreply table ? > information that radius return back to client > Best regards, and many thanks for help > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
2 authorization tables?
1. Can i add another table for user authorizations in the same database for example racheck and radcheck2? 2. For what is radreply table ? Best regards, and many thanks for help - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: "Invalid packet code 11 sent to authentication port from client" error
Is it possible the issue is with the network card in the server and not the AP's? I've tried setting it up on another machine and everything works on it exactly as configured. Using a Cisco AP didn't work and the version of freeradius I install on the box reporting errors doesn't make a difference either since I downloaded and installed 2.1.6 identical to my test machine and got the same errors. In any event I think I'm going to move DNS/DHCP to my test box and and then switch it to my production unit. Thanks for the help guys. Rob On Fri, Mar 19, 2010 at 1:56 PM, Alan DeKok wrote: > Rob Brickhouse wrote: > > I hope someone can help me with this. I tested setting up freeradius > > 2.1.6 on an opensuse 10.2 box and was able to get everything > > authenticating against novell edirectory. Now that I'm finally ready to > > put it on my production box, only 2.1.8 is available but I figure no big > > deal since it appeared to have alot of fixes. After going through and > > setting everything up like I did before, I can use my test utility to > > verify that I can successfully read the username and password from > > edirectory but I get the message "Invalid packet code 11 sent to > > authentication port from client TESAP8 port 1041 : IGNORED" when my > > Netgear access point connects. > > The AP is broken. Throw it in the garbage and buy one that implements > RADIUS. > > > I can change the ip to my 2.1.6 > > freeradius box and it works so I don't think the issue is with my AP > > even though that is what the message seems to indicate. > > I don't see why that would make any difference. What does the debug > log from 2.1.6 look like? > > ... > > Sending Access-Challenge of id 20 to 10.6.4.108 port 1041 > > EAP-Message = 0x010100160410eae98bafd4b076dcf8b6341b415000fe > > Message-Authenticator = 0x > > State = 0x731ac834731bcca6975b39a87528fad1 > > Finished request 1. > > Going to the next request > > Waking up in 4.9 seconds. > > Invalid packet code 11 sent to authentication port from client TESAP8 > > port 1041 : IGNORED > > IIRC, this is similar to a bug seen before. If it sees an > Access-Challenge with State *after* Message-Authenticator, it "bounces" > the packet back to the RADIUS server. This is two errors: > > 1) order of attributes does not matter > 2) clients do not send Access-Challenge to a server. > > There is NO WAY that an AP should send an Access-Challenge to a > server. If it does, then the AP is horribly broken. > > My guess is that this is a very old AP using a broken firmware image. > Or, it's a new one, and the vendor didn't bother to implement RADIUS > correctly. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
eric bonnay
http://overgeldersegrenzen.nl/go.my.friend.htm _ Hotmail: posta elettronica attendibile grazie alla protezione avanzata dalla posta indesiderata. https://signup.live.com/signup.aspx?id=60969- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Memory Leak on version 2.1.3
Hi, > The server is in production and we won't upgrade for a while. but you're willing to patch and recompile the old/obsolete 2.1.3 version? whats the difference? its pretty much the same situation. go for 2.1.8. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
