Re: variable expansions in Reply-Message
Isidor Zeuner wrote: The problem with the unlang manpage is that it doesn't make it very clear _when_ the expansions are processed. The expansion gets processed when the attribute is processed. It can't be earlier, because the attribute doesn't exist. It can't be later, because then the *later* expansions wouldn't work. i.e. Foo = %{User-Name} Bar = %{Foo}. What's Bar? It's not %{User-Name}. Variables are definitely expanded before the SQL server receives queries, as the query templates use variables. I get the impression that the expansions are not processed anymore on the SQL results. I don't see why. That part of the code hasn't changed for a long time. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Getting the error rlm_jradius: problem packing the data[socket_send/first_read] at FreeRadius side
Tejas Mudgal tejas_gecg at yahoo.com writes: HI, I am trying to integrate FreeRadius and JRadius. I am using FreeRadius 2.1.8 and JRadius version 1.1.2 When I am running both the servers and sending any test packets to FreeRadius. I am getting Acces-Accept at FreeRadius side but it is not forwarding Packet to JRadius. I am getting the following log on FreeRadius side.. rlm_jradius: Reserving JRadius socket id: 7 rlm_jradius: packing attribute User-Name (type: 1; len: 8) rlm_jradius: packing attribute User-Password (type: 2; len: 6) rlm_jradius: packing attribute NAS-IP-Address (type: 4; len: 4) rlm_jradius: packing attribute Client-IP-Address (type: 1052; len: 4) rlm_jradius: packing attribute Module-Failure-Message (type: 1076; len: 24) rlm_jradius: packing packet with code: 1 (attr length: 106) rlm_jradius: packing packet with code: 0 (attr length: 0) rlm_jradius: packing attribute User-Password (type: 2; len: 6) rlm_jradius: packing attribute Auth-Type (type: 1000; len: 4) rlm_jradius: sending 172 bytes to socket 7 rlm_jradius: error sending request with socket 7 rlm_jradius: Closing JRadius connection 7 rlm_jradius: reconnecting socket id 7 rlm_jradius: sending 172 bytes to socket 7 rlm_jradius: error sending request with socket 7 rlm_jradius: problem packing the data[socket_send/first_read] rlm_jradius: Closing JRadius connection 7 rlm_jradius: Released JRadius socket id: 7 And at JRadius side I am getting the following logs: java.nio.BufferUnderflowException at java.nio.Buffer.nextGetIndex(Unknown Source) at java.nio.HeapByteBuffer.getInt(Unknown Source) at net.jradius.packet.Format.getUnsignedInt(Format.java:324) at net.jradius.freeradius.FreeRadiusListener.parseRequest (FreeRadiusListener.java:98) at net.jradius.server.ListenerRequest.getEventFromListener (ListenerRequest.java:78) at net.jradius.server.TCPListenerRequest.accept(TCPListenerRequest.java:70) at net.jradius.server.KeepAliveListener.run (KeepAliveListener.java:61) Please help me to understand the problem. whether the two versions are not compatible. Hi, I was wondering whether you've managed to resolve this issue. I'm having the same problem. Not sure if its because I haven't defined a handler. I've just tried using the default jradius-config.xml - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Passwords in cert
Hello everyone, was wondering if I can use different passwords when making the certs for ca.cnf, server.cnf client.cnf? What i mean is if it has to be the same password in output_password input_password for all of the files? Best regards/ Peter Carlstedt _ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. https://signup.live.com/signup.aspx?id=60969- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re: variable expansions in Reply-Message
Isidor Zeuner wrote: The problem with the unlang manpage is that it doesn't make it very clear _when_ the expansions are processed. The expansion gets processed when the attribute is processed. It can't be earlier, because the attribute doesn't exist. It can't be later, because then the *later* expansions wouldn't work. Ok. I was just unsure if it this also holds when the attribute comes from a source external to the configuration files, like an SQL query. i.e. Foo = %{User-Name} Bar = %{Foo}. What's Bar? It's not %{User-Name}. Interpreting this as a configuration file snippet, I fully agree. I just need to find out how the processing of the SQL results map into that. In the DATA TYPES section of the manpage, the distinction between single-quoted, double-quoted and back-quoted strings is pretty clear. Now the expansion behaviour on the SQL results which I am used to from FreeRADIUS 1.1 is probably the same as the double-quoted string expansion behaviour. Yet I do not get SQL results to be expanded on FreeRADIUS 2.1, no matter if I store them unquoted or double-quoted. Variables are definitely expanded before the SQL server receives queries, as the query templates use variables. I get the impression that the expansions are not processed anymore on the SQL results. I don't see why. That part of the code hasn't changed for a long time. Ok, thanks. I was just wondering because FreeRADIUS 1.1 _has_ already been existing for a long time. So I only need to look at the code which could interfere with the expansion behaviour somehow, and which might have changed meanwhile. Best regards, Isidor - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
overwrite ldap dynamic vlan assigment
Hello, For all of my ssid, I use dynamic vlan assigment according to ldap attribute. - rlm_ldap: radiusTunnelPrivateGroupId - Tunnel-Private-Group-Id:0 = 4 Now , only with eduroam ssid , I want to staticly assign a new vlan. This is what I want : if Cisco-AVPair = ssid=eduroam then Tunnel-Private-Group-Id:0 = 40 What is the best method to do it ? Merci de penser à la planète! N'imprimez pas inutilement les documents transmis par courrier électronique. --- Marc Boisis-Delavaud tel: 05 46 45 82 14 Centre de Ressources Informatiques (http://cri.univ-lr.fr) Université de La Rochelle --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cannot get core dump of crashing freeradius
Alan DeKok, 2010-04-16 12:05: Often 'root' can't core dump, and programs that change uid can't core dump. It's hard to know what's going on with the OS. ok, I digged deeper into this and made some tests: - no core dump with kill -11 - /proc/sys/fs/suid_dumpable is 0, set it to 1 and restart FR - kill -11 - core dump, yeah! So it's probably a problem with the uid change disabling the process' dumpability (I found nothing in /proc/[pid]/* where I can see this. So we have now all machines running with /proc/sys/fs/suid_dumpable set to 1. Strange thing is, this should not be neccessary with the prctl(PR_SET_DUMPABLE, 1) in mainconfig.c:698. Anyway, I'm now looking forward for FR to crash :) Any hints? doc/bugs. You'll need symbols to find out what's going on. I know, and I have them (in the -dbg package), but they are useless without a core dump :) Maybe the info about /proc/sys/fs/suid_dumpable should be added to doc/bugs... Thanks for your input! Regards, J - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Centos Yum Packages
On 04/18/2010 07:17 PM, Andrew Paternoster wrote: Hi List Just wondering how to install Freeradius on Centos 5.4 using YUM now that the Tech preview is over for redhat. Your best bet is to contact centos.org and find out what their plans are for their 5.5 update. They usually follow the Red Hat release by a few weeks. (Or you might consider installing RHEL :-) Also you might want to be aware the RHEL 5.5 update contains FreeRADIUS 2.1.7, not 2.1.8 because 2.1.8 was not available when RHEL 5.5 was frozen. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Compiling rlm_perl on Solaris 10
I have been having problems compiling rlm_perl on Solaris 10 Intel and have spent days googling for an answer. Most answers say: use --without-rlm_perl, which is not much use when you actually *need* it! Here is what I did to solve it, hopefully this will save someone some pain: Firstly, my source that built without rlm_perl fine on 9th April 2010, stopped compiling on 16th April 2010 after some Solaris patches! I got an error telling me that ltdl.h was not found. This is fixed by defining CFLAGS in the environment before the ./configure stage: setenv CFLAGS -I/path to freeRADIUS source/libltdl(C shell type shells) CFLAGS=-I/path to freeRADIUS source/libltdl ; export CFLAGS (sh shells and derivatives) Over hurdle one! What caused this I still have no idea. Now you have to do: ./configure --with-static-modules=perl When that is complete, you have to edit path to freeRADIUS source/src/main/Makefile and locate the line: MODULE_LIBS = $(STATIC_MODULES) and edit it to include the path to your DynaLoader.a for your version of Perl, mine was as below: MODULE_LIBS = $(STATIC_MODULES) /usr/perl5/5.8.4/lib/i86pc-solaris-64int/auto/DynaLoader/DynaLoader.a Now build the source with make. It should compile! Over hurdle two... Before you can now run radiusd, you will need to do what it says at the end of the make, and add a library path to LD_LIBRARY_PATH so libperl.so can be found, mine was: setenv LD_LIBRARY_PATH ${LD_LIBRARY_PATH}:/usr/perl5/5.8.4/lib/i86pc-solaris-64int/CORE and it all comes together and you get a radiusd with rlm_perl that actually runs.. Over the last hurdle! All I have to do now is write some clever Perl, figure out where to call it and I will be on the home straight! Best of luck to other Solaris users... -- Barry Dean Principal Programmer/Analyst Networks Group Computing Services Department attachment: h1_a.png --- Nice boy, but about as sharp as a sack of wet mice. -- Foghorn Leghorn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Centos Yum Packages
Hi, for their 5.5 update. They usually follow the Red Hat release by a few weeks. (Or you might consider installing RHEL :-) Also you might want to be aware the RHEL 5.5 update contains FreeRADIUS 2.1.7, not 2.1.8 because 2.1.8 was not available when RHEL 5.5 was frozen. given that 2.1.8 was bug fixes...and 2.1.9 will be likewise...with no new feature/method changesthen i'd hope that 2.1.8 (or 2.1.9) will just appear in 5.5 later as a security/bug update that yum etc get and install later...just like any other package update? ie should we worry that 2.1.7 was the point release at freeze time? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cannot get core dump of crashing freeradius
Hi, Maybe the info about /proc/sys/fs/suid_dumpable should be added to doc/bugs... to quote the man page: /proc/sys/fs/suid_dumpable (since Linux 2.6.13) The value in this file determines whether core dump files are produced for set-user-ID or otherwise protected/tainted bina- ries. Three different integer values can be specified: 0 (default) This provides the traditional (pre-Linux 2.6.13) behavior. A core dump will not be produced for a process which has changed credentials (by calling seteuid(2), setgid(2), or similar, or by executing a set-user-ID or set-group-ID program) or whose binary does not have read permission enabled. 1 (debug) All processes dump core when possible. The core dump is owned by the file system user ID of the dumping process and no security is applied. This is intended for system debug- ging situations only. Ptrace is unchecked. 2 (suidsafe) Any binary which normally would not be dumped (see 0 above) is dumped readable by root only. This allows the user to remove the core dump file but not to read it. For security reasons core dumps in this mode will not overwrite one another or other files. This mode is appropriate when adminis- trators are attempting to debug problems in a normal environ- ment. i dont think this got enough coverage in most information outlets..in fact 2.6.13 has been around for a while but today was the first time i learnt of that behaviour. maybe FreeRADIUS code updated to detect this value...and if its set to 0 then it could mention it in the debug output? ;-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Centos Yum Packages
On 04/19/2010 10:40 AM, Alan Buxey wrote: Hi, for their 5.5 update. They usually follow the Red Hat release by a few weeks. (Or you might consider installing RHEL :-) Also you might want to be aware the RHEL 5.5 update contains FreeRADIUS 2.1.7, not 2.1.8 because 2.1.8 was not available when RHEL 5.5 was frozen. given that 2.1.8 was bug fixes...and 2.1.9 will be likewise...with no new feature/method changesthen i'd hope that 2.1.8 (or 2.1.9) will just appear in 5.5 later as a security/bug update that yum etc get and install later...just like any other package update? ie should we worry that 2.1.7 was the point release at freeze time? The general RHEL policy is *not* to rebase packages (i.e. change to higher upstream releases). This is done for stability reasons. However some isolated packages are permitted to be rebased, maily desktop applications such as firefox. Rebasing servers is something which rightly gives RHEL engineering management heartburn and sleepless nights wondering how that might break thousands of critical customer installations. The simple answer is that you shouldn't expect FreeRADIUS to be rebased in RHEL, however if there are enough customer issues with FreeRADIUS 2.1.7 it can be brought up for consideration. RHEL 6 which is under development and is currently in beta testing does have FreeRADIUS 2.1.8. So a possible solution would be to upgrade from RHEL 5 to RHEL 6. If FreeRADIUS 2.1.9 is released shortly I *may* be able to get it into RHEL 6, but as I said RHEL is extremely conservative and modifying versions that have already been through alpha and beta is deeply frowned upon, I wouldn't count on it. If you really want to always have available the latest upstream releases of any package then electing to install an enterprise distribution whose primary goal is stability is not the right choice (in fact the two are mutually exclusive). The correct selection of a cutting edge distribution with the latest upstream release would be Fedora, not RHEL. Fedora is the proving ground for subsequent *major* RHEL releases. Another solution is to stabilize FreeRADIUS such that the need for frequent version upgrades is not necessary. Rather than adding new features focus on bug elimination. Some projects have a stable branch and an future branch. The pace of version releases for FreeRADIUS is brisk. While that has many merits and the FreeRADIUS developers should be applauded for their prolific contributions it also has some downsides, mainly it conflicts with the goals of enterprise stability. A stable branch would be a much better fit for an enterprise distribution such as RHEL. Stability vs. features is just one of the classic trade-offs in computer science, just like memory usage vs. processor cycles. They really are polar ends in continuous spectrum, RHEL clearly targets one end of that spectrum and as a consequence you lose out on the other end. While on the other hand Fedora focuses on the other end. We do both independently (Fedora and RHEL), but we can't do both in one distribution. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius 2.1.8 doesn't compile under Cygwin 1.7.5 `_lt_libltdl_LTX_preloaded_symbols'
Trying to build FreeRadius from Cygwin I always have the same compilation error: gcc .libs/radiusd.def .libs/radiusdS.o -o radiusd.exe .libs/acct.o .libs/auth.o .libs/client.o .libs/conffile.o .libs/crypt.o .libs/exec.o .libs/files.o .libs/listen.o .libs/log.o .libs/mainconfig.o .libs/modules.o .libs/modcall.o .libs/radiusd.o .libs/stats.o .libs/session.o .libs/threads.o .libs/util.o .libs/valuepair.o .libs/version.o .libs/xlat.o .libs/event.o .libs/realms.o .libs/evaluate.o .libs/vmps.o .libs/detail.o -Wl,--export-dynamic /freeradius-server-2.1.8/src/lib/.libs/libfreeradius-radius.a -lws2_32 -lresolv -lpthread -lcrypt /usr/lib/libltdl.dll.a -lssl -lcrypto /usr/lib/gcc/i686-pc-cygwin/4.3.4/../../../../i686-pc-cygwin/bin/ld: warning: --export-dynamic is not supported for PE targets, did you mean --export-all-symbols? .libs/modules.o: In function `setup_modules': /freeradius-server-2.1.8/src/main/modules.c:1358: undefined reference to `_lt_libltdl_LTX_preloaded_symbols' collect2: ld returned 1 exit status rm -f .libs/radiusdS.o make[4]: *** [radiusd] Error 1 make[4]: Leaving directory `/freeradius-server-2.1.8/src/main' make[3]: *** [common] Error 2 make[3]: Leaving directory `/freeradius-server-2.1.8/src' make[2]: *** [all] Error 2 make[2]: Leaving directory `/freeradius-server-2.1.8/src' make[1]: *** [common] Error 2 make[1]: Leaving directory `/freeradius-server-2.1.8' make: *** [all] Error 2 I think that there are some problems with libtool and libltl, then searching in the mail list I made the changes said by Alan Dekok, in the src file 'freeradius-server-2.1.8\src\main\modules.c', Adding: #define lt__PROGRAM__LTX_preloaded_symbols \ lt_libltdl_LTX_preloaded_symbols And in the Make.inc: Update CFLAGS to add -DIE_LIBTOOL_DIE But always obtain the same compilation error. I need to use a FreeRadius version which supports Sha256 as the certificate signature Any help would be fantastic. I need to use FreeRadius under Cygwin and there isn´t a lot of information in the mailing list. Thanks, Jose Manuel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Centos Yum Packages
On 04/19/2010 11:28 AM, John Dennis wrote: The simple answer is that you shouldn't expect FreeRADIUS to be rebased in RHEL, however if there are enough customer issues with FreeRADIUS 2.1.7 it can be brought up for consideration. I do want to clarify the above. The general procedure in RHEL is when a *customer* reports a bug in a package we check upstream and see if they have a fix, if so we backport the fix into the existing version in RHEL. If upstream does not have a fix we develop a fix and give it to upstream. In either case the net result is a surgical fix insertion into the existing package version in RHEL, not a version upgrade, the version stays the same (with a bumped release number). Thus during the life-cylce of a RHEL major release a number of packages will have had surgical fixes (patches) applied to them based on customer needs. The idea here is that a surgical fix is less likely to break things than importing an entirely never version of the package without control over the changes. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FR 2.1.8 + dialup admin: Online users
Dear all, I am having troubles with user_finger.php3 because Online users do not show up. Problem is that there are no entries in radacct with 'AcctStopTime'. Entries show up in my radacct table when the user session ends and a AcctStopTime gets logged. But then the user is not online anymore ;-) Any ideas? Cheers, Alexander - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 3GPP2-Prepaid-Acct-Quota
--- On Wed, 4/14/10, Alan DeKok al...@deployingradius.com wrote: I'm not sure what that means. According to a colleague of mine the 3GPP2-Prepaid-Acct-Quota attribute should be what I am looking for. He used it successfully before but with a different RADIUS server. See if the NAS supports RFC 3576 (CoA) Nevertheless I definitly will take a look at CoA. Cheers, Alexander - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Centos Yum Packages
Hi, Another solution is to stabilize FreeRADIUS such that the need for frequent version upgrades is not necessary. Rather than adding new features focus on bug elimination. Some projects have a stable branch and an future branch. The pace of version releases for FreeRADIUS is brisk. While that has many merits and the FreeRADIUS developers should be applauded for their prolific contributions it also has some downsides, mainly it conflicts with the goals of enterprise stability. A stable branch would be a much better fit for an enterprise distribution such as RHEL. ..and thats about to happen. historically this was FR 2.0.x v's 2.1.x but all the drive from people was functions...so 2.1.x got the work. however...and from recent emails..the plan is that 2.1.x will now curtail new features and will work on bug-fixesall new exciting features are to be in 2.2.x spectrum and as a consequence you lose out on the other end. While on the other hand Fedora focuses on the other end. We do both independently (Fedora and RHEL), but we can't do both in one distribution. :-) i prefer a stable distribution to be one in which the base is solid and i can run whatever unstable/dodgy/bleeding edge stuff on it that i want , safe in the knowledge that it wont be the OS to blame when thigns go bang. for this reason, the marriage of a RHEL foundation with self-build packages for end-users services is the ultimate mix. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cannot get core dump of crashing freeradius
Alan Buxey, 2010-04-19 16:43: Maybe the info about /proc/sys/fs/suid_dumpable should be added to doc/bugs... to quote the man page: /proc/sys/fs/suid_dumpable (since Linux 2.6.13) ... i dont think this got enough coverage in most information outlets..in fact 2.6.13 has been around for a while but today was the first time i learnt of that behaviour. I agree, even though it's mentioned in the CORE(5) man page. maybe FreeRADIUS code updated to detect this value...and if its set to 0 then it could mention it in the debug output? ;-) Maybe, but with calling prctl(PR_SET_DUMPABLE, 1) this should not be necessary any more. I tried this with a small test program and it worked as specified, but still I won't get a core dump of the FR process unless I set suid_dumpable to 1. So after some debugging I got to the root cause of this: The process's dumpable flag is reset every time the UID is changed. FR does this several times with fr_suid_up() and fr_suid_down() after switch_users() is run, e.g. in listen_bind(). So I guess we have to change the fr_suid_* functions to always set the dumpable flag after setting the uid. btw, I wonder why is prctl() is not called when debug_flag is set. I would have thought that one would want to get a core dump especially when running in debug mode. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No Auth in Debian Lenny
On Sunday 18 April 2010 05:38:23 am Josip Rodin wrote: You haven't enabled anything in /etc/freeradius/sites-enabled/ which means the server isn't told what to actually *do* with the modules and clients :) You need to find one of the default virtual host configs in /etc/freeradius/sites-available/ that suits you, and then symlink it into the ...-enabled directory. You can also copy it into a new file and symlink/enable that. Also make sure the right autorization sections within the virtual host reference the mppe module if you need it. Wow, much more complex than the existing external documentation suggests. Is there any documentation of all the steps necessary to do a PPTP authorization for Windows clients? (I realize that if one understood all of the things freeradius was capable of and all of the steps that it went through to perform such an authorization, the documentation in the files would be sufficient, but I lack such expertise.) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No Auth in Debian Lenny
I enabled the default site example from sites-available, now I'm back to seeing errors trying to parse the realm or NT domain from DOMAIN\\user. Log attached. Really appreciate the help with this. frdebug.tgz Description: application/tgz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Logs
Should I be posting my debug logs to a pastebin rather than sending them to the whole list? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Logs
Should I be posting my debug logs to a pastebin rather than sending them to the whole list? E-mail's cheap. Paste the text from the logs into the main body of your e-mail. Tim - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Win PPP auth in Debian
This feels like trying to set up NORAD just to catch a baseball. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Win PPP auth in Debian
I don't suppose there's a utility that will parse a freeradius 1.x configuration and spit out appropriate files for 2.x? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No Auth in Debian Lenny
On Mon, Apr 19, 2010 at 02:55:21PM -0500, Jonathan Hutchins wrote: I enabled the default site example from sites-available, now I'm back to seeing errors trying to parse the realm or NT domain from DOMAIN\\user. Log attached. Really appreciate the help with this. You don't need to tar and gzip a single 12 KB file. Just attach the text :) The suffix module didn't recognize \ as a delimiter. You probably need to tell it explicitly to do that. To add your own module instance, just add a new file in /etc/freeradius/modules/. (There is no available/enabled mechanism for modules, yet.) As for mschap, I don't know much about so I'm useless for that. -- 2. That which causes joy or happiness. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No Auth in Debian Lenny
On Monday 19 April 2010 04:33:25 pm Josip Rodin wrote: The suffix module didn't recognize \ as a delimiter. You probably need to tell it explicitly to do that. To add your own module instance, just add a new file in /etc/freeradius/modules/. (There is no available/enabled mechanism for modules, yet.) (One would think the mschap module would do this.) Which file currently specifies how the username is parsed (as an example for building my own file)? When I used the format from the 1.x configuration I got similar results. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FAQ
Thanks to whoever fixed the FAQ! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PopTop
Is it possible to set up a new account on the wiki, or does that require an administrator? I wanted to mark the page http://wiki.freeradius.org/PopTop as obsolete and applying only to the 1.x versions of freeradius. These are the instructions I was originally folowing, and they distinctly do not work with 2.1.8. If anybody has a working 2.1.8 setup for PopTop I would greatly appreciate your advice. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Authenticate computers with their hostnames
Phil, thank you very much for reply! I think you are right. I just tried to change the authentication type to MD5 and then the laptop doesn't even try to authenticate with hostname anymore. It seems it has to use PEAP for this type of authentication. I will try setup NTLM and see if that works. Thanks again! Difan Zhao Network Engineer difan.z...@guest-tek.com www.guest-tek.com Office: 403-509-1010 ext 3048 Cell: 403-689-7514 -Original Message- From: freeradius-users-bounces+difan.zhao=guest-tek@lists.freeradius.org [mailto:freeradius-users-bounces+difan.zhao=guest-tek@lists.freeradi us.org] On Behalf Of Phil Mayers Sent: Sunday, April 18, 2010 3:54 AM To: freeradius-users@lists.freeradius.org Subject: Re: Authenticate computers with their hostnames On 04/16/2010 10:37 PM, Difan Zhao wrote: Users file: host/neteng-sp1.gtcorp.com Auth-Type := Accept That won't work I think. The hosts are expecting to do EAP/PEAP+MS-CHAP (or EAP-TLS) and you'll need appropriate server-side auth mechanisms to issue the correct challenge/response values. That is, you need to setup auth against their machine account credentials or certificates. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Centos Yum Packages
So what's the best way to move forward with this? It is possible for someone to take over what jdennis was providing with his YUM resp? Or do we all have to go back to building for the source if we want the latest ver? Thanks -- Andrew Paternoster GPK Computers Pty Ltd T 1300 854 223 F 1300 854 228 --- The information contained in or accompanying this e-mail is intended only for the use of the stated recipient and may contain information that is confidential and/or privileged. If the reader is not the intended recipient or the agent thereof, you are hereby notified that any dissemination, distribution or copying of this e-mail is strictly prohibited and may constitute a breach of confidence and/or privilege. If you have received this e-mail in error, please notify us immediately. Any views or opinions presented are those solely of the author and do not necessarily represent those of GPK Computers Pty Ltd.. Warning: Although the company has taken reasonable precautions to ensure no viruses are present in this e-mail, the company cannot accept responsibility for any loss or damage arising from the use of this e-mail or attachments --- Did you know that you can now log faults just by sending an email to supp...@gpk.net.ausenior System Engineer-Original Message- From: freeradius-users-bounces+andrew=gpk.net...@lists.freeradius.org [mailto:freeradius-users-bounces+andrew=gpk.net...@lists.freeradius.org] On Behalf Of Alan Buxey Sent: Tuesday, 20 April 2010 2:16 AM To: John Dennis Cc: FreeRadius users mailing list Subject: Re: Centos Yum Packages Hi, Another solution is to stabilize FreeRADIUS such that the need for frequent version upgrades is not necessary. Rather than adding new features focus on bug elimination. Some projects have a stable branch and an future branch. The pace of version releases for FreeRADIUS is brisk. While that has many merits and the FreeRADIUS developers should be applauded for their prolific contributions it also has some downsides, mainly it conflicts with the goals of enterprise stability. A stable branch would be a much better fit for an enterprise distribution such as RHEL. ..and thats about to happen. historically this was FR 2.0.x v's 2.1.x but all the drive from people was functions...so 2.1.x got the work. however...and from recent emails..the plan is that 2.1.x will now curtail new features and will work on bug-fixesall new exciting features are to be in 2.2.x spectrum and as a consequence you lose out on the other end. While on the other hand Fedora focuses on the other end. We do both independently (Fedora and RHEL), but we can't do both in one distribution. :-) i prefer a stable distribution to be one in which the base is solid and i can run whatever unstable/dodgy/bleeding edge stuff on it that i want , safe in the knowledge that it wont be the OS to blame when thigns go bang. for this reason, the marriage of a RHEL foundation with self-build packages for end-users services is the ultimate mix. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Information from ESET NOD32 Antivirus, version of virus signature database 5041 (20100419) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 5041 (20100419) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Centos Yum Packages
On 04/19/2010 06:41 PM, Andrew Paternoster wrote: So what's the best way to move forward with this? It is possible for someone to take over what jdennis was providing with his YUM resp? Or do we all have to go back to building for the source if we want the latest ver? You can follow the instructions posted here: http://wiki.freeradius.org/Red_Hat_FAQ In the section labeled How to build an SRPM that will give you the latest version on any RHEL/CentOS system. Sorry I cannot provide pre-built RPM's for RHEL when the package is already in a RHEL distribution channel. BTW, that prohibition extends to EPEL as well. The reason is simple. Our support organization cannot provide support for packages we didn't build and distribute, if we did we would effectively be supporting any binary which could be found on the internet, an obviously impossible support scenario. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PopTop
Is it possible to set up a new account on the wiki, or does that require an administrator? I wanted to mark the page http://wiki.freeradius.org/PopTop as obsolete and applying only to the 1.x versions of freeradius. These are the instructions I was originally folowing, and they distinctly do not work with 2.1.8. If anybody has a working 2.1.8 setup for PopTop I would greatly appreciate your advice. Humm, I'm the one who wrote this page. I must admit I've never updated it, but to be honest I don't see what is so wrong about it and FR 2.1.8. Please can you explain why you think it is obsolete ? By the way, since I wrote this page, I have switched to 2.1.8 without pb. Thibault - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PopTop
On Monday 19 April 2010 07:16:52 pm Thibault Le Meur wrote: Please can you explain why you think it is obsolete ? It addresses the configuration in single-file format rather than the distributed file format that the current packaging (for Debian at least) uses. By the way, since I wrote this page, I have switched to 2.1.8 without pb. Arg! Were you able to continue using the same configuration, or did it require a full rebuild? I moved from a rather ancient Gentoo server that I believe was using an 1.x version to Debian Lenny 2.0.4, then upgraded to the 2.1.8 backport, and I can't get it to parse DOMAIN//user properly - it ignores the separator and comes up with a null realm. Curiously, it later displays the username as DOMAIN/name. The current Debian packaging also requres that the mschap module file be edited, and that a sites-available file be linked to sites-enabled. Thanks for the reply. I think it's always harder to maintain/upgrade an existing configuration moved to a new platform than to build one from scratch. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html