Re: freeradius 2.1.8 dies Error: ASSERT FAILED event.c[1084]: home->ev != NULL
fab junkmail wrote: >> Why is it running out of sockets? This shouldn't happen. > > Not sure but there is a _lot_ of attempted proxying going on - maybe > it just went over the system limits like open file limits or > something? In any case it probably won't be a problem when I implement > the robust-proxy-accounting. Likely, yes. If the server is overloaded and unable to proxy packets... who knows what can happen. The *intent* is to have it still work, but it's a poorly tested code path. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-PEAP - MSCHAPV2 option not working
dev nath wrote: > I have tried following in my users file > > David User-Password=="freeradius" > > ---also > > David Auth-Type=Local, Password = "freeradius" > > Both does not seem to work. Please help me. Read the FAQ for how to set up a test user in the "users" file. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.1.8 dies Error: ASSERT FAILED event.c[1084]: home->ev != NULL
Hi Alan, Thanks for your response. Alan DeKok wrote: > You can configure the proxy to log accounting packets to disk when the > home server is down. See raddb/sites-available/robust-proxy-accounting Ok I will definitely do this then. >> Fri Mar 19 17:30:54 2010 : Proxy: Failed to create a new socket for >> proxying requests. > > Why is it running out of sockets? This shouldn't happen. Not sure but there is a _lot_ of attempted proxying going on - maybe it just went over the system limits like open file limits or something? In any case it probably won't be a problem when I implement the robust-proxy-accounting. > You have a NAS which is sending large amounts of traffic to a proxy > when the home server is down. The proxy isn't configured to do anything > useful with the packets. This is a bug in the *architecture*. Understood. Thanks for your help Alan. Regards, Anthony - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP-PEAP - MSCHAPV2 option not working
Hi, I am trying to authenticate my xsupplicant with freeradius using PEAP option, but seems to fail with the below error message. Complete debug message is attached to the email. [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Told to do MS-CHAPv2 for peerless with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject I have tried following in my users file David User-Password=="freeradius" ---also David Auth-Type=Local, Password = "freeradius" Both does not seem to work. Please help me. Regards, Dev FreeRADIUS Version 2.1.8, for host i686-pc-linux-gnu, built on Feb 2 2010 at 16:20:53 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/modules/ including configuration file /usr/local/etc/raddb/modules/sql_log including configuration file /usr/local/etc/raddb/modules/checkval including configuration file /usr/local/etc/raddb/modules/detail.example.com including configuration file /usr/local/etc/raddb/modules/radutmp including configuration file /usr/local/etc/raddb/modules/smbpasswd including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/sradutmp including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/echo including configuration file /usr/local/etc/raddb/modules/otp including configuration file /usr/local/etc/raddb/modules/files including configuration file /usr/local/etc/raddb/modules/preprocess including configuration file /usr/local/etc/raddb/modules/ippool including configuration file /usr/local/etc/raddb/modules/realm including configuration file /usr/local/etc/raddb/modules/pam including configuration file /usr/local/etc/raddb/modules/acct_unique including configuration file /usr/local/etc/raddb/modules/attr_filter including configuration file /usr/local/etc/raddb/modules/ntlm_auth including configuration file /usr/local/etc/raddb/modules/expr including configuration file /usr/local/etc/raddb/modules/sqlcounter_expire_on_login including configuration file /usr/local/etc/raddb/modules/linelog including configuration file /usr/local/etc/raddb/modules/inner-eap including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/detail.log including configuration file /usr/local/etc/raddb/modules/exec including configuration file /usr/local/etc/raddb/modules/passwd including configuration file /usr/local/etc/raddb/modules/logintime including configuration file /usr/local/etc/raddb/modules/wimax including configuration file /usr/local/etc/raddb/modules/perl including configuration file /usr/local/etc/raddb/modules/cui including configuration file /usr/local/etc/raddb/modules/smsotp including configuration file /usr/local/etc/raddb/modules/policy including configuration file /usr/local/etc/raddb/modules/ldap including configuration file /usr/local/etc/raddb/modules/mac2vlan including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/modules/krb5 including configuration file /usr/local/etc/raddb/modules/attr_rewrite including configuration file /usr/local/etc/raddb/modules/unix including configuration file /usr/local/etc/raddb/modules/always including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/chap including configuration file /usr/local/etc/raddb/modules/mschap including configuration file /usr/local/etc/raddb/modules/counter including configuration file /usr/local/etc/raddb/eap.conf including configuration file /usr/local/etc/raddb/policy.conf including files in directory /usr/local/etc/raddb/sites-enabled/ including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel including configuration file /usr/local/etc/raddb/sites-enabled/control-socket including configuration file /usr/local/etc/raddb/sites-enabled/default main { allow_core_dumps = no } including dictionary file /usr/local/etc/raddb/dictionary main { prefix = "/usr/local" localstatedir = "/usr/local/var" logdir = "/usr/local/var/log/radius" libdir = "/usr/local/lib"
Re: Memory Leak on version 2.1.3
Zhang, Ge (Gina) wrote: > I tried 2.1.8 and it leaks memory exactly like 2.1.3. Any other suggestions? Are you sure it's a memory leak? The server *is* supposed to use memory for various kinds of caching. See "valgrind" for tracking down memory leaks. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Memory Leak on version 2.1.3
Alan, I tried 2.1.8 and it leaks memory exactly like 2.1.3. Any other suggestions? Thanks, Gina -Original Message- From: freeradius-users-bounces+gina.zhang=alcatel-lucent@lists.freeradius.org [mailto:freeradius-users-bounces+gina.zhang=alcatel-lucent@lists.freeradius.org] On Behalf Of Alan Buxey Sent: Thursday, March 25, 2010 4:42 AM To: FreeRadius users mailing list Subject: Re: Memory Leak on version 2.1.3 Hi, > The server is in production and we won't upgrade for a while. but you're willing to patch and recompile the old/obsolete 2.1.3 version? whats the difference? its pretty much the same situation. go for 2.1.8. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to crypt password in database
Paweł Pogorzelski wrote: > *When i have: > 2 te...@realm Crypt-Password := test123 > > Then i get: > > [mschapv2] +- entering group MS-CHAP {...} > [mschap] No Cleartext-Password configured. Cannot create LM-Password. > [mschap] No Cleartext-Password configured. Cannot create NT-Password. > [mschap] Told to do MS-CHAPv2 for te...@realm with NT-Password > [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. http://deployingradius.com/documents/protocols/compatibility.html > Please help me with those crypted passwords. It's impossible. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to crypt password in database
Hi, > Hi > > I have problem with password encryption in mysql database: > - > *If i have in database: > > 1 t...@realm User-Password := test > > I get Access Accept. > - > > - > *When i have: > 2 te...@realm Crypt-Password := test123 Cleartext-Password := {crypt}test123 ?? let the PAP module do the work for you. (test123 isnt looking like valid crypt of course ;-) ) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP (PEAP)+ntlm_auth doesn't send password by it self
Hi, > As I had thought the issue with the EAP packet was the configuration of Cisco > access-point. I solved this but now I can not authenticate against Windows > 2003 AD using ntlm_auth. This is the complete log: you didnt send enough debug log - the 'party had only just got started'. you say you have ntlm_auth in mschap configured but what about thentlm_auth thats in the inner-tunnel - that looks pretty different server inner-tunnel { modules { Module: Checking authenticate {...} for more modules to load Module: Instantiating ntlm_auth exec ntlm_auth { wait = yes program = "/usr/bin/ntlm_auth --request-nt-key --domain=MyDOMAIN --username=%{mschap:User-Name} +--password=%{User-Password}" input_pairs = "request" shell_escape = yes } alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How can I set freeradius to connect to another freeradius server to find external database.
Hi, > but it doesn’t work yep. that wont work. reason? because you proxied to the remote RADIUS. it didnt know the user and therefore you got a reject. once you get a reject then all bets are off with this config - the 'fail-over' is if there is no answer from the RADIUS server - at which point it will try the second server. > Do I need to config proxy.conf or others files ? > or other method to setup for this scenario ? personally? why do you have a second RADIUS server with the MAC info? why not consolidate? if not...so you have SQL access to the other RADIUS server? if so , then you can do a fall-through authentication eg use local mysql and if that fails, then dont care and hit the second mysql server eg change the current SQL config from sql { stuff detailing your servers etc } to sql first_sql_server{ stuff detailing the first server } sql second_sql_server{ stuff detailing second server } then, instead of calling 'sql' in the auth section, you call first_sql_server second_sql_server (with the relevant wrapper around it to ensure that if the first fails, then the second gets called... - check out the docs http://wiki.freeradius.org/Fail-over ) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to crypt password in database
Hi I have problem with password encryption in mysql database: - *If i have in database: 1 t...@realm User-Password := test I get Access Accept. - - *When i have: 2 te...@realm Crypt-Password := test123 Then i get: [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Told to do MS-CHAPv2 for te...@realm with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject - - in my sql.conf i have: # Read driver-specific configuration $INCLUDE sql/${database}/dialup.conf password_header = "{CRYPT}" auto_header = yes password_attribute = userPassword - Please help me with those crypted passwords. Best regards - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: EAP (PEAP)+ntlm_auth doesn't send password by it self
Good day Alan, As I had thought the issue with the EAP packet was the configuration of Cisco access-point. I solved this but now I can not authenticate against Windows 2003 AD using ntlm_auth. This is the complete log: FreeRADIUS Version 2.1.8, for host i486-pc-linux-gnu, built on Mar 18 2010 at 04:07:54 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/modules/ including configuration file /etc/freeradius/modules/expr including configuration file /etc/freeradius/modules/detail.example.com including configuration file /etc/freeradius/modules/logintime including configuration file /etc/freeradius/modules/ldap including configuration file /etc/freeradius/modules/checkval including configuration file /etc/freeradius/modules/realm including configuration file /etc/freeradius/modules/mac2ip including configuration file /etc/freeradius/modules/cui including configuration file /etc/freeradius/modules/chap including configuration file /etc/freeradius/modules/echo including configuration file /etc/freeradius/modules/policy including configuration file /etc/freeradius/modules/sql_log including configuration file /etc/freeradius/modules/mschap including configuration file /etc/freeradius/modules/krb5 including configuration file /etc/freeradius/modules/pam including configuration file /etc/freeradius/modules/ippool including configuration file /etc/freeradius/modules/attr_rewrite including configuration file /etc/freeradius/modules/etc_group including configuration file /etc/freeradius/modules/ntlm_auth including configuration file /etc/freeradius/modules/perl including configuration file /etc/freeradius/modules/passwd including configuration file /etc/freeradius/modules/mschap.save including configuration file /etc/freeradius/modules/attr_filter including configuration file /etc/freeradius/modules/radutmp including configuration file /etc/freeradius/modules/preprocess including configuration file /etc/freeradius/modules/mac2vlan including configuration file /etc/freeradius/modules/pap including configuration file /etc/freeradius/modules/ntlm_auth.save including configuration file /etc/freeradius/modules/smsotp including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login including configuration file /etc/freeradius/modules/acct_unique including configuration file /etc/freeradius/modules/expiration including configuration file /etc/freeradius/modules/digest including configuration file /etc/freeradius/modules/unix including configuration file /etc/freeradius/modules/always including configuration file /etc/freeradius/modules/otp including configuration file /etc/freeradius/modules/files including configuration file /etc/freeradius/modules/smbpasswd including configuration file /etc/freeradius/modules/inner-eap including configuration file /etc/freeradius/modules/wimax including configuration file /etc/freeradius/modules/linelog including configuration file /etc/freeradius/modules/exec including configuration file /etc/freeradius/modules/detail.log including configuration file /etc/freeradius/modules/detail including configuration file /etc/freeradius/modules/sradutmp including configuration file /etc/freeradius/modules/counter including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/policy.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/default including configuration file /etc/freeradius/sites-enabled/inner-tunnel main { user = "freerad" group = "freerad" allow_core_dumps = no } including dictionary file /etc/freeradius/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: Loading Realms and Home Servers proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "testing123" response_
RE: question on users file
Hi John, I have to use file & LDAP lookup first to set the W-Class (which will identify the user class based on their user-membership). For users who requires wireless access, I had this entry: # Wireless/users DEFAULT NAS-Port-Type == 19, W-Class == wireless-users, Auth-Type := PAP Service-Type = Framed-User, ... For non-wireless users, I will set one password: # Non-wireless users DEFAULT NAS-Port-Type == 19, user-password := "{md5}70e1e27d529f1e50097d642f9452 de18" Service-Type = Framed-User, ... This works when wireless user is not in password nor LDAP. However, once cleartext-password set, user-password is ignored. Jeff -Original Message- From: John Dennis [mailto:jden...@redhat.com] Sent: Thursday, March 25, 2010 1:36 PM To: FreeRadius users mailing list Cc: Jeffrey Wang Subject: Re: question on users file On 03/25/2010 12:31 PM, Jeffrey Wang wrote: > I am using freeradius server against my ldap server for regular user > access and eap. I need the wireless user treated differently. So I > created a entry in users file and would like to set user-password for > these users in encrypted form. For the users that are not in ldap, they > worked fine. However, the users are in the ldap, had been updated with > cleartext-password and radius ignores my user-password and uses > cleartext-password from ldap. > > Can I delete the configuration items (cleartext-password) I set in > previous process, such as ldap or password file? We have no clue what you did in a previous process nor what version of FreeRADIUS you're using. You could do one of several things: Move the users file processing above the ldap in the authorize section your config file so the user in found in the users file first. Put those special users in an ldap group and do not return authorize information if they are members of that group. Remove the password attribute for those users from your ldap directory, rlm_ldap can't return what it can't find. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: question on users file
On 03/25/2010 12:31 PM, Jeffrey Wang wrote: I am using freeradius server against my ldap server for regular user access and eap. I need the wireless user treated differently. So I created a entry in users file and would like to set user-password for these users in encrypted form. For the users that are not in ldap, they worked fine. However, the users are in the ldap, had been updated with cleartext-password and radius ignores my user-password and uses cleartext-password from ldap. Can I delete the configuration items (cleartext-password) I set in previous process, such as ldap or password file? We have no clue what you did in a previous process nor what version of FreeRADIUS you're using. You could do one of several things: Move the users file processing above the ldap in the authorize section your config file so the user in found in the users file first. Put those special users in an ldap group and do not return authorize information if they are members of that group. Remove the password attribute for those users from your ldap directory, rlm_ldap can't return what it can't find. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.1.8 dies Error: ASSERT FAILED event.c[1084]: home->ev != NULL
fab junkmail wrote: > I recently upgraded our freeradius servers to 2.1.8 and over the past > month it has died on one of the servers two times (spaced about two > weeks apart I think). So fairly infrequently. OK. > A bit of background, We use this server predominantly to proxy > requests. Every day for about 15 minutes, the two main home servers we > proxy to stop responding (they are doing backups or maintenance during > this time) so for those 15 minutes our clients (LNS/NAS) would be > sending a very large number of accounting interim packets and some > stop packets and would be resending these while the home servers are > down. You can configure the proxy to log accounting packets to disk when the home server is down. See raddb/sites-available/robust-proxy-accounting > Sun Mar 14 17:30:15 2010 : Proxy: Marking home server 10.0.1.48 > port 1646 as zombie (it looks like it is dead). > Sun Mar 14 17:30:16 2010 : Proxy: Marking home server 10.0.1.47 > port 1646 as zombie (it looks like it is dead). > Sun Mar 14 17:30:19 2010 : Proxy: Marking home server 10.0.1.47 > port 1645 as zombie (it looks like it is dead). > Sun Mar 14 17:30:19 2010 : Error: No response to status check 903535 > for home server 10.0.1.48 port 1646 > Sun Mar 14 17:30:20 2010 : Error: No response to status check 903536 > for home server 10.0.1.47 port 1646 > ... > Sun Mar 14 17:30:32 2010 : Error: Internal sanity check failed for > child state Hmm... that's not good. > Fri Mar 19 17:30:54 2010 : Proxy: Failed to create a new socket for > proxying requests. Why is it running out of sockets? This shouldn't happen. > Fri Mar 19 17:30:54 2010 : Proxy: Failed to create a new socket for > proxying requests. > Fri Mar 19 17:30:54 2010 : Proxy: Failed to create a new socket for > proxying requests. > ... > Fri Mar 19 17:30:56 2010 : Error: ASSERT FAILED event.c[1084]: > home->ev != NULL Well... after all of the previous errors, it's not surprising that something *worse* eventually goes wrong. It's like driving your car for 45 minutes after the tires are flat: not a good idea. > That last one is where it dies I think. Yes. > That one was found to be a bug and was fixed - I don't know if my case > is a bug though. It's a bug, but the other problems you're seeing should be fixed, too. > I don't currently use the robust proxy accounting that that thread > suggests. I expect that would probably work around the issue of > freeradius crashing in this case and I will give that a go. Yes. > Just > posting this to let you know that it _might_ be a bug and to ask for > advice about whether you think this is a bug or not, and if I should > follow up on that, or if you think it is just my configuration that > needs some changes and what areas I should concentrate on if that is > the case? You have a NAS which is sending large amounts of traffic to a proxy when the home server is down. The proxy isn't configured to do anything useful with the packets. This is a bug in the *architecture*. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How can I set freeradius to connect to another freeradius server to find external database.
Hello all I need to setup 2 freeradius servers for mac address authentication. My scenario is Access point send access-request to 1st freeradius server to do mac address authentication .If 1st server doesn’t have MAC Address in database ,it must send this request to 2nd server(which is freeradius server too) to find in another database. I try to config proxy.conf file in 1st server as follow home_server pri_home_server { type = auth+acct ipaddr = localhost port = 1812 secret = xxx response_window = 20 zombie_period = 40 revive_interval = 120 status_check = status-server check_interval = 30 num_answers_to_alive = 3}home_server sec_home_server { type = auth+acct ipaddr = xxx port = 1812 secret = xxx response_window = 20 zombie_period = 40 revive_interval = 120 status_check = status-server check_interval = 30 num_answers_to_alive = 3} home_server_pool auth_failover_pool { type = fail-over home_server = pri_home_server home_server = sec_home_server} realm users{ type=radius auth_pool=auth_failover_pool acct_pool=auth_failover_pool nostrip} but it doesn’t work So the question is Do I need to config proxy.conf or others files ?or other method to setup for this scenario ? Any help is appreciated. Thanks in advance. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
question on users file
I am using freeradius server against my ldap server for regular user access and eap. I need the wireless user treated differently. So I created a entry in users file and would like to set user-password for these users in encrypted form. For the users that are not in ldap, they worked fine. However, the users are in the ldap, had been updated with cleartext-password and radius ignores my user-password and uses cleartext-password from ldap. Can I delete the configuration items (cleartext-password) I set in previous process, such as ldap or password file? TIA - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: "Invalid packet code 11 sent to authentication port from client" error
Rob Brickhouse wrote: > Is it possible the issue is with the network card in the server and not > the AP's? No. The AP generates RADIUS packets. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Memory Leak on version 2.1.3
Hi, > Alan, > > Does 2.1.8 have the fix for the problem? its got many fixes - check the source code. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Memory Leak on version 2.1.3
Alan, Does 2.1.8 have the fix for the problem? Regards, Gina -Original Message- From: freeradius-users-bounces+gina.zhang=alcatel-lucent@lists.freeradius.org [mailto:freeradius-users-bounces+gina.zhang=alcatel-lucent@lists.freeradius.org] On Behalf Of Alan Buxey Sent: Thursday, March 25, 2010 4:42 AM To: FreeRadius users mailing list Subject: Re: Memory Leak on version 2.1.3 Hi, > The server is in production and we won't upgrade for a while. but you're willing to patch and recompile the old/obsolete 2.1.3 version? whats the difference? its pretty much the same situation. go for 2.1.8. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2 authorization tables?
On Thu, 2010-03-25 at 15:25 +0100, Paweł Pogorzelski wrote: > 1. Can i add another table for user authorizations in the same > database for example racheck and radcheck2? > the easiest way to do it would be to create view joining these 2 tables > 2. For what is radreply table ? > information that radius return back to client > Best regards, and many thanks for help > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
2 authorization tables?
1. Can i add another table for user authorizations in the same database for example racheck and radcheck2? 2. For what is radreply table ? Best regards, and many thanks for help - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: "Invalid packet code 11 sent to authentication port from client" error
Is it possible the issue is with the network card in the server and not the AP's? I've tried setting it up on another machine and everything works on it exactly as configured. Using a Cisco AP didn't work and the version of freeradius I install on the box reporting errors doesn't make a difference either since I downloaded and installed 2.1.6 identical to my test machine and got the same errors. In any event I think I'm going to move DNS/DHCP to my test box and and then switch it to my production unit. Thanks for the help guys. Rob On Fri, Mar 19, 2010 at 1:56 PM, Alan DeKok wrote: > Rob Brickhouse wrote: > > I hope someone can help me with this. I tested setting up freeradius > > 2.1.6 on an opensuse 10.2 box and was able to get everything > > authenticating against novell edirectory. Now that I'm finally ready to > > put it on my production box, only 2.1.8 is available but I figure no big > > deal since it appeared to have alot of fixes. After going through and > > setting everything up like I did before, I can use my test utility to > > verify that I can successfully read the username and password from > > edirectory but I get the message "Invalid packet code 11 sent to > > authentication port from client TESAP8 port 1041 : IGNORED" when my > > Netgear access point connects. > > The AP is broken. Throw it in the garbage and buy one that implements > RADIUS. > > > I can change the ip to my 2.1.6 > > freeradius box and it works so I don't think the issue is with my AP > > even though that is what the message seems to indicate. > > I don't see why that would make any difference. What does the debug > log from 2.1.6 look like? > > ... > > Sending Access-Challenge of id 20 to 10.6.4.108 port 1041 > > EAP-Message = 0x010100160410eae98bafd4b076dcf8b6341b415000fe > > Message-Authenticator = 0x > > State = 0x731ac834731bcca6975b39a87528fad1 > > Finished request 1. > > Going to the next request > > Waking up in 4.9 seconds. > > Invalid packet code 11 sent to authentication port from client TESAP8 > > port 1041 : IGNORED > > IIRC, this is similar to a bug seen before. If it sees an > Access-Challenge with State *after* Message-Authenticator, it "bounces" > the packet back to the RADIUS server. This is two errors: > > 1) order of attributes does not matter > 2) clients do not send Access-Challenge to a server. > > There is NO WAY that an AP should send an Access-Challenge to a > server. If it does, then the AP is horribly broken. > > My guess is that this is a very old AP using a broken firmware image. > Or, it's a new one, and the vendor didn't bother to implement RADIUS > correctly. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
eric bonnay
http://overgeldersegrenzen.nl/go.my.friend.htm _ Hotmail: posta elettronica attendibile grazie alla protezione avanzata dalla posta indesiderata. https://signup.live.com/signup.aspx?id=60969- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Memory Leak on version 2.1.3
Hi, > The server is in production and we won't upgrade for a while. but you're willing to patch and recompile the old/obsolete 2.1.3 version? whats the difference? its pretty much the same situation. go for 2.1.8. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html