Re: Getting PAP to work with ntlm_auth

[Alan DeKok]

Neil Prockter wrote:w
> I want to authenticate users against Active Directory for EAP-MSCHAPv2
> and PAP.  PAP is for a wireless web authentication redirection service
> that authenticates using PAP and its PAP I'm trying to debug not MSCHAP
> at present.

  For that, you can configure Active Directory as an LDAP server.  It
will be faster and more stable than using ntlm_auth.

> I've been following
> http://deployingradius.com/documents/configuration/active_directory.html
> 
> All goes well until I get towards the end.
> 
> Once I remove
> DEFAULT Auth-Type = ntlm_auth
> from users PAP stops working

  If you *want* PAP to use ntlm_auth, then you need to leave that line
in.  We recommend deleting it because most people want PAP to use
*another* way of authenticating.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problem running 'radiusd -X'

[Josip Rodin]

On Tue, Jun 15, 2010 at 08:52:25AM +1200, Zhouhuai Shen wrote:
> > > rlm_eap: SSL error error::lib(0):func(0):reason(0)
> > > rlm_eap_tls: Error loading randomness
> > 
> > what is the configuration of eap.cofn regarding random option and does
> > the file/link have read access (or even exist!?)
> 
> The eap.conf is the default directly from the original
> freeradius-server-2.1.9, and all *.conf files have read access.

So that should be:

random_file = ${certdir}/random

If so, what does ls -al say for that location?

-- 
 2. That which causes joy or happiness.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: accounting without auth

[Stefan A.]

> Is it possible to configure freeradius for accounting only without
> authorization/authentication?

As FR handles Auth and Accounting independently, just do it.

Stefan

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problems authenticating with a Cisco ASA 5510

[Josip Rodin]

On Mon, Jun 14, 2010 at 03:05:03PM -0500, Daniel Davidson wrote:
> We have had a radius server running for years that we use to
> authenticate our wireless users over wpa.  It works flawlessly and
> connections are authenticated as shown by the log below.
> 
> Mon Jun 14 14:57:40 2010 : Auth: Login OK: [miyagi72/ attribute>] (from client 1s port 109133 cli d830.629b.3ae9)
> 
> Above is an exact log entry.  Now we are attempting to authenticate our
> new ASA 5510 with radius for our vpn, authentication with it is failing.
> 
> Mon Jun 14 14:59:07 2010 : Auth: Login incorrect: [danield/password]
> (from client igbvpn port 26)
> 
> In the example log above, I removed my password and replaced with the
> word "password".
> 
> My guess is that the password is being thrown into the wrong field, but
> I have no idea how to resolve the issue.  Can anyone point me in the
> right direction.

As usual, run the server in debugging mode (-X) and read the output.

-- 
 2. That which causes joy or happiness.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problem running 'radiusd -X'

[Zhouhuai Shen]

Hi,
> what version of OpenSSL have your got. what is the configuration of
> eap.cofn regarding random option and does the file/link have read access
> (or even exist!?)#> openssl version
OpenSSL 0.9.8h 28 May 2008

The eap.conf is the default directly from the original freeradius-server-2.1.9, 
and all *.conf files have read access.

Thanks for your help.

Cheers, Henry
  
_
Find a way to cure that travel bug MSN NZ Travel
http://travel.msn.co.nz/-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: accounting without auth

[Tim Sylvester]

> Is it possible to configure freeradius for accounting only without
> authorization/authentication?

Yes.

Tim


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Problems authenticating with a Cisco ASA 5510

[Daniel Davidson]

We have had a radius server running for years that we use to
authenticate our wireless users over wpa.  It works flawlessly and
connections are authenticated as shown by the log below.

Mon Jun 14 14:57:40 2010 : Auth: Login OK: [miyagi72/] (from client 1s port 109133 cli d830.629b.3ae9)

Above is an exact log entry.  Now we are attempting to authenticate our
new ASA 5510 with radius for our vpn, authentication with it is failing.

Mon Jun 14 14:59:07 2010 : Auth: Login incorrect: [danield/password]
(from client igbvpn port 26)

In the example log above, I removed my password and replaced with the
word "password".

My guess is that the password is being thrown into the wrong field, but
I have no idea how to resolve the issue.  Can anyone point me in the
right direction.

Dan

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

accounting without auth

[Omer Faruk Sen]

Hi ,

Is it possible to configure freeradius for accounting only without
authorization/authentication? Maybe by granting access to every auth
request can be done but I want to hear your opinion before proceeding
any further.

Regards.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Proxy to two RADIUS Servers

[Stefan A.]

Thanks Arran,

I have to provision the DEST1 using live session information, and DEST1 only
needs the information during the current IP, but if I set up:
1. manual Proxy from sites-enabled/default file: all ACK Packages are
delayed to the NAS, if DEST1 is not there, and the NAS possibly retries...
not good!?
2. if I use'copy-acct-to-home-server', I have to keep track of the packet,
to not send too old information to the DEST1. In strange cases, where DEST1
is down for hours, I will keep sending packets of old sessions, until I went
through all left files...
3. I could possibly mix it: I might send START and STOP packets to DEST1. In
case DEST1 is not available, I put all STOP Packets into the
'copy-acct-to-home-server' files. After DEST1 is back up, all previous ended
sessions will be cleared and new sessions will overwrite the possibly old
status in the DEST1 databases ..., but this might not work, as 'redundant'
does not take updates on a attribute list.

also... 'copy-acct-to-home-server' seems to delay the forwarded packet at
about 0.2 to 0.5 seconds... 
I checked to use a ramdisk for this, but it did not speed up the process...
I sometimes see 0.05 but often 0.4

Again, nobody cares about start packets after the session has been
terminated, but fast delivery is critical...

Any ideas, on how to handle this situations?
System: test system, no load, SUN X4100, 8GB, Mirrored Disks, FR 2.1.7,
Solaris 10, normally no local disk access, FR is connected to MySQL Cluster


Thank you
Stefan

> -Original Message-
> From: freeradius-users-
> bounces+a.freeradius=premit...@lists.freeradius.org [mailto:freeradius-
> users-bounces+a.freeradius=premit...@lists.freeradius.org] On Behalf Of
> Arran Cudbard-Bell
> Sent: Monday, June 14, 2010 7:57 PM
> To: FreeRadius users mailing list
> Subject: Re: Proxy to two RADIUS Servers
> 
> Use copy-acct-to-home-server, it's what it's there for. Delay is
> usually sub second, but it depends on the throttling values you set in
> the detail reader server.
> 
> On 14/06/2010, Stefan A.  wrote:
> > I checked, whether I am able to manually proxy from sites-
> available/default,
> > using unlang.
> > It works fine, using the following commands.
> >
> >
> > if (request:Acct-Status-Type == "Start" || request:Acct-Status-
> Type
> > == "Stop") {
> > if (request:Called-Station-Id  == "apn.isp.de") {
> > update control {
> > Replicate-To-Realm += "DEST1"
> > }
> > }
> > }
> >
> >
> > But I do not get it to work, if I try to proxy the same packet to two
> > servers:
> >
> > if (request:Acct-Status-Type == "Start" || request:Acct-Status-
> Type
> > == "Stop") {
> > if (request:Called-Station-Id  == "apn.isp.de") {
> > update control {
> > Replicate-To-Realm += "DEST1"
> > Replicate-To-Realm += "DEST2"
> > }
> > }
> > }
> >
> > I only uses the first 'Replicate-To-Realm' entry DEST1 and does not
> seem to
> > cycle through a list or destination RADIUS Servers...
> >
> >
> > Is this the intended behavior? Should I go for 'copy-acct-to-home-
> server' ?
> > How much delay would this add between writing the file and sending
> the
> > packet to the home server?
> >
> >
> > Thank you
> > Stefan
> >
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Proxy to two RADIUS Servers

[Arran Cudbard-Bell]

Use copy-acct-to-home-server, it's what it's there for. Delay is
usually sub second, but it depends on the throttling values you set in
the detail reader server.

On 14/06/2010, Stefan A.  wrote:
> I checked, whether I am able to manually proxy from sites-available/default,
> using unlang.
> It works fine, using the following commands.
>
>
>   if (request:Acct-Status-Type == "Start" || request:Acct-Status-Type
> == "Stop") {
>   if (request:Called-Station-Id  == "apn.isp.de") {
>   update control {
>   Replicate-To-Realm += "DEST1"
>   }
>   }
>   }
>
>
> But I do not get it to work, if I try to proxy the same packet to two
> servers:
>
>   if (request:Acct-Status-Type == "Start" || request:Acct-Status-Type
> == "Stop") {
>   if (request:Called-Station-Id  == "apn.isp.de") {
>   update control {
>   Replicate-To-Realm += "DEST1"
>   Replicate-To-Realm += "DEST2"
>   }
>   }
>   }
>
> I only uses the first 'Replicate-To-Realm' entry DEST1 and does not seem to
> cycle through a list or destination RADIUS Servers...
>
>
> Is this the intended behavior? Should I go for 'copy-acct-to-home-server' ?
> How much delay would this add between writing the file and sending the
> packet to the home server?
>
>
> Thank you
> Stefan
>
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Proxy to two RADIUS Servers

[Stefan A.]

I checked, whether I am able to manually proxy from sites-available/default,
using unlang.
It works fine, using the following commands.


if (request:Acct-Status-Type == "Start" || request:Acct-Status-Type
== "Stop") {
if (request:Called-Station-Id  == "apn.isp.de") {
update control { 
Replicate-To-Realm += "DEST1"
}
}
}


But I do not get it to work, if I try to proxy the same packet to two
servers:

if (request:Acct-Status-Type == "Start" || request:Acct-Status-Type
== "Stop") {
if (request:Called-Station-Id  == "apn.isp.de") {
update control { 
Replicate-To-Realm += "DEST1"
Replicate-To-Realm += "DEST2"
}
}
}

I only uses the first 'Replicate-To-Realm' entry DEST1 and does not seem to
cycle through a list or destination RADIUS Servers...


Is this the intended behavior? Should I go for 'copy-acct-to-home-server' ?
How much delay would this add between writing the file and sending the
packet to the home server?

 
Thank you
Stefan




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FR 2.1.9 - segfault using status server

[John Horne]

On Mon, 2010-06-14 at 16:23 +0200, Alan DeKok wrote:
> John Horne wrote:
> > We are running FR 2.1.9 on CentOS 5, and are proxying requests to MS IAS
> > 2003 servers. However, it seems the IAS servers do not support
> > 'status-server' requests until a slightly later version. As such, I have
> > configured FR to send a dummy userid/pwd instead. FR seems to receive a
> > reply, but then segfaults.
> 
>   It may be the same bug that was reported earlier.  See
> http://git.freeradius.org/, and look at the v2.1.x branch.  It should
> have a fix.
> 
Hello,

Okay, thanks for that. I have the 2.1.10 code (from git) currently
running, and it seems to be working okay :-) Using 'radiusd -X' shows
the server-status requests going out, the reply come back, and FR
recognising them and moving on to the next request.



Many thanks,

John.

-- 
John Horne   Tel: +44 (0)1752 587287
University of Plymouth, UK   Fax: +44 (0)1752 587001

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Send Accounting from any point in configuration

[Stefan A.]

Thank you Alan,

 
> > The intended Flow:
> >
> > Packet comes in ...
> > - for Access type, check if user might be authenticated
> > - if OK, try to decide to send an Accounting packet to a Server on
> some
> > attributes (in my case, VSA from downstream RADIUS Proxy Server)
> 
>   Do you mean *create* an accounting packet, or forward *later*
> accounting packets for that session?

I mean *create* an Accounting Packet, if an Access Request comes in.
This is will be used to provision a HTTP Proxy Platform about the upcoming
isage of an IP address.
Normally, it can be done using the AcctPacket, coming from the NAS, but in
our current case, the HTTP Proxy Platform has problems to provision the
information inside and we figured, that the payload might hit the HTTP Proxy
before the MSISDN has been provisioned to the Proxy Process.

Tweaking this Access Request to Acct Start Packet will give some more ms.


> > As far as I understood, the proxy module does
> > - (only) proxy based on realm
> > - in proxy module, normal local Logfiles won't be used
> 
>   That's not true.  You can proxy based on anything you want.  See
> raddb/proxy.conf for documentation.

Sorry, that I'm missing something.

I will have to check any Accounting Packet for some Attributes/Values.
If a packet matches, it has to be proxied to a destination RADIUS Server.

For instance:
if
NAS-IP-Address = 10.10.19.173
Called-Station-Id = "apn1.isp.de"
Acct-Status-Type =* ""
Then proxy to 10.200.1.1

if
NAS-IP-Address = 10.10.18.120
Called-Station-Id = "apn1.isp.de"
Acct-Status-Type =* ""
Then proxy to 10.200.100.100

else 
do not proxy

In that case, I have to check the attributes to decide, to which RADISU
Server I have to send the packets.

I found the section in the proxy.conf:

#  rlm_realm").  To manually proxy the request put this entry in the
#  "users" file:
#
#
#DEFAULTProxy-To-Realm := "realm_name"
#


Does it mean, that the lines un users file will do the work?
DEFAULT NAS-IP-Address = 10.10.19.173, Called-Station-Id =
"apn1.isp.de", Acct-Status-Type =* "", Proxy-To-Realm := "destination1"
DEFAULT NAS-IP-Address = 10.10.18.120, Called-Station-Id =
"apn1.isp.de", Acct-Status-Type =* "", Proxy-To-Realm := "destination2"


Is manual proxying in unlang possible, using sites-available/default ?



> 
>   You can proxy *and* log to detail files.
> 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Some questions about freeradius for WiMAX

[Ben Wiechman]

Since I see this from time to time I've attached a fairly functional virtual
server and policy for use with a WiMAX ASN-GW. 

Some notes:
- You may want to merge some of the configuration files
(dictionary/policy.conf/etc) to avoid overwriting any site local updates
that already exist.
- We use EAP-TTLS so this is more tested, however EAP-TLS should be more or
less functional.
- Configure your requests from your ASN-GW to use this virtual server.

HA-RK and associated lifetimes need to be calculated using some method of
your choice. We don't use Mobile IP or a Home Agent so I have not developed
policy to calculate and retrieve the required key context. Note that at this
time FR is not able to properly generate the RRQ-MN-HA-Key and will not be
able to do so without code updates.

It has been my experience while testing several different ASN-GWs that using
the standard default/inner-tunnel virtual servers will result in a
successful network entry. Some ASN-GWs may require additional work, and if
you plan to use MIP you will have additional requirements to generate and
retrieve the appropriate key context. 

Ben

-Original Message-
From: freeradius-users-bounces+wiechman.lists=gmail@lists.freeradius.org
[mailto:freeradius-users-bounces+wiechman.lists=gmail@lists.freeradius.o
rg] On Behalf Of WWF
Sent: Tuesday, June 08, 2010 2:29 AM
To: freeradius-users
Subject: Some questions about freeradius for WiMAX

Hi,all! 

I have several questions about fr 2.19 for WiMAX systems. 

1. My network is a private network and does not need accounting.Then if I
reply access accept with "Accounting-capabilities = 0", whether the ms can
know about it and won't send accounting packets to my freeradius? 

2. How to set values for these attributes: 
WiMAX-AAA-Session-ID = ?  
WiMAX-HA-RK-SPI = ?  
WiMAX-HA-RK-Lifetime = ?  

3. How to add support for the "Error-Cause" attribute defined in rfc 3576.
It seems no code for it in current implementation of 2.1.9 fr.

4. What the "disconnect request message" for? (for accounting?) I found in
wiki that current implementation does not support this message.

Thanks for your relpy.

2010-06-08 

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


freeradius-wimax-policy.tar.gz
Description: Binary data
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FR 2.1.9 - segfault using status server

[Alan DeKok]

John Horne wrote:
> We are running FR 2.1.9 on CentOS 5, and are proxying requests to MS IAS
> 2003 servers. However, it seems the IAS servers do not support
> 'status-server' requests until a slightly later version. As such, I have
> configured FR to send a dummy userid/pwd instead. FR seems to receive a
> reply, but then segfaults.

  It may be the same bug that was reported earlier.  See
http://git.freeradius.org/, and look at the v2.1.x branch.  It should
have a fix.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Getting PAP to work with ntlm_auth

[Neil Prockter]

Hello

I want to authenticate users against Active Directory for EAP-MSCHAPv2
and PAP.  PAP is for a wireless web authentication redirection service
that authenticates using PAP and its PAP I'm trying to debug not MSCHAP
at present.

I've been following
http://deployingradius.com/documents/configuration/active_directory.html

All goes well until I get towards the end.

Once I remove
DEFAULT Auth-Type = ntlm_auth
from users PAP stops working

where do I add the configuration to allow PAP to continue with ntlm_auth
rather than just failing?

with the setting I get success

Info: +- entering group authorize {...}
Info: ++[preprocess] returns ok
Info: ++[chap] returns noop
Info: ++[mschap] returns noop
Info: [suffix] No '@' in User-Name = "np", looking up realm NULL
Info: [suffix] No such realm "NULL"
Info: ++[suffix] returns noop
Info: [eap] No EAP-Message, not doing EAP
Info: ++[eap] returns noop
Info: ++[unix] returns notfound
Info: [files] users: Matched entry DEFAULT at line 1
Info: ++[files] returns ok
Info: ++[expiration] returns noop
Info: ++[logintime] returns noop
Info: [pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
Info: ++[pap] returns noop
Info: Found Auth-Type = ntlm_auth
Info: +- entering group authenticate {...}
Info: [ntlm_auth]  expand: --username=%{mschap:User-Name} -> --username=ID
Info: [ntlm_auth]  expand: --password=%{User-Password} -> --password=SECRET
Debug: Exec-Program output: NT_STATUS_OK: Success (0x0)
Debug: Exec-Program-Wait: plaintext: NT_STATUS_OK: Success (0x0)
Debug: Exec-Program: returned: 0
Info: ++[ntlm_auth] returns ok
Info: +- entering group post-auth {...}
Info: ++[exec] returns noop
Sending Access-Accept of id 243 to 158.143.207.212 port 42687

without it no ntlm is attempted

Info: +- entering group authorize {...}
Info: ++[preprocess] returns ok
Info: ++[chap] returns noop
Info: ++[mschap] returns noop
Info: [suffix] No '@' in User-Name = "np", looking up realm NULL
Info: [suffix] No such realm "NULL"
Info: ++[suffix] returns noop
Info: [eap] No EAP-Message, not doing EAP
Info: ++[eap] returns noop
Info: ++[unix] returns notfound
Info: ++[files] returns noop
Info: ++[expiration] returns noop
Info: ++[logintime] returns noop
Info: [pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
Info: ++[pap] returns noop
Info: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
Info: Failed to authenticate the user.
Info: Using Post-Auth-Type Reject
Info: +- entering group REJECT {...}
Info: [attr_filter.access_reject]  expand: %{User-Name} -> ID
Debug:  attr_filter: Matched entry DEFAULT at line 11
Info: ++[attr_filter.access_reject] returns updated
Info: Delaying reject of request 0 for 1 seconds
Debug: Going to the next request
Debug: Waking up in 0.9 seconds.
Info: Sending delayed reject for request 0
Sending Access-Reject of id 7 to 158.143.207.212 port 53676


TIA,

Neil

Please access the attached hyperlink for an important electronic communications 
disclaimer: 
http://www.lse.ac.uk/collections/planningAndCorporatePolicy/legalandComplianceTeam/legal/disclaimer.htm
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

FR 2.1.9 - segfault using status server

[John Horne]

Hello,

We are running FR 2.1.9 on CentOS 5, and are proxying requests to MS IAS
2003 servers. However, it seems the IAS servers do not support
'status-server' requests until a slightly later version. As such, I have
configured FR to send a dummy userid/pwd instead. FR seems to receive a
reply, but then segfaults.

Running 'radiusd -X' shows:

=
Marking home server 141.163.66.101 port 1812 as zombie (it looks like it
is dead).
Sending Access-Request of id 168 to 141.163.66.101 port 1812
User-Name := "xx"
User-Password := "xx"
Service-Type := Authenticate-Only
Message-Authenticator := 0x
NAS-Identifier := "Status Check. Are you alive?"
Waking up in 1.2 seconds.
rad_recv: Access-Reject packet from host 141.163.66.101 port 1812,
id=168, length=20
=

So a reply was received, but radiusd has now died.

Getting radiusd to dump a core file shows:

=
# gdb /usr/sbin/radiusd core.8509
GNU gdb (GDB) Red Hat Enterprise Linux (7.0.1-23.el5_5.1)
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later

This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show
copying"
and "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu".
For bug reporting instructions, please see:
...
Reading symbols from /usr/sbin/radiusd...(no debugging symbols
found)...done.
Reading symbols
from /usr/lib/freeradius/libfreeradius-radius-2.1.9.so...(no debugging
symbols found)...done.
Loaded symbols for /usr/lib/freeradius/libfreeradius-radius-2.1.9.so
Reading symbols from /lib/libnsl.so.1...(no debugging symbols
found)...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/libresolv.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/libpthread.so.0...(no debugging symbols
found)...done.
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /lib/libcrypt.so.1...(no debugging symbols
found)...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /usr/lib/libltdl.so.3...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib/libltdl.so.3
Reading symbols from /lib/libdl.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libssl.so.6...(no debugging symbols
found)...done.
Loaded symbols for /lib/libssl.so.6
Reading symbols from /lib/libcrypto.so.6...(no debugging symbols
found)...done.
Loaded symbols for /lib/libcrypto.so.6
Reading symbols from /lib/libc.so.6...(no debugging symbols
found)...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /usr/lib/libgssapi_krb5.so.2...(no debugging
symbols found)...done.
Loaded symbols for /usr/lib/libgssapi_krb5.so.2
Reading symbols from /usr/lib/libkrb5.so.3...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib/libkrb5.so.3
Reading symbols from /lib/libcom_err.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib/libcom_err.so.2
Reading symbols from /usr/lib/libk5crypto.so.3...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib/libk5crypto.so.3
Reading symbols from /usr/lib/libz.so.1...(no debugging symbols
found)...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /usr/lib/libkrb5support.so.0...(no debugging
symbols found)...done.
Loaded symbols for /usr/lib/libkrb5support.so.0
Reading symbols from /lib/libkeyutils.so.1...(no debugging symbols
found)...done.
Loaded symbols for /lib/libkeyutils.so.1
Reading symbols from /lib/libselinux.so.1...(no debugging symbols
found)...done.
Loaded symbols for /lib/libselinux.so.1
Reading symbols from /lib/libsepol.so.1...(no debugging symbols
found)...done.
Loaded symbols for /lib/libsepol.so.1
Reading symbols from /lib/libnss_files.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /lib/libnss_dns.so.2...(no debugging symbols
found)...done.
Loaded symbols for /lib/libnss_dns.so.2
Reading symbols from /usr/lib/freeradius/rlm_exec.so...(no debugging
symbols found)...done.
Loaded symbols for /usr/lib/freeradius/rlm_exec.so
Reading symbols from /usr/lib/freeradius/rlm_expr.so...(no debugging
symbols found)...done.
Loaded symbols for /usr/lib/freeradius/rlm_expr.so
Reading symbols from /usr/lib/freeradius/rlm_expiration.so...(no
debugging symbols found)...done.
Loaded symbols for /usr/lib/freeradius/rlm_expiration.so
Reading symbols from /usr/lib/freeradius/rlm_logintime.so...(no
debugging symbols found)...done.
Loaded symbols for /usr/lib/freeradius/rlm_logintime.so
Reading symb

Re: The question about #define WIMAX2ATTR(x) ((24757 << 16) | (x)) in rlm_wimax.c

[Nicolas Goutte]

Am 13.06.2010 um 03:47 schrieb 李立明:



Hi,all
I find #define WIMAX2ATTR(x) ((24757 << 16) | (x)) in rlm_wimax.c,  
but I don`t understand its meaning.


Put 24757 (decimal) in the high 16 bits and put x in the low 16 bits  
(assuming x is only 16 bits).


As for what 24757 means, I do not know.



I appreciate your help


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Have a nice day!

Nicolas Goutte


extragroup GmbH - Karlsruhe
Waldstr. 49
76133 Karlsruhe
Germany

Geschäftsführer: Lars Busch
Registergericht: Amtsgericht Münster / HRB: 5624
Steuer Nr.: 337/5903/0421 / UstID: DE 204607841




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html