Re: dot1x with samba workstation accounts
Jens Weibler wrote: > I'm trying to authenticate my windows boxes with dot1x against > freeradius. Everything is working fine if I'm using a normal user. > > But I want to use the samba workstation accounts from ldap. The problem: > mschap blocks accounts which have only the W-sambaAcctFlag set: > >> info: [mschap] SMB-Account-Ctrl says that the account is disabled, or >> is not a normal account. Yes... > Shouldn't it be possible to use workstation accounts? My temporary > solution is to exclude querying sambaAcctFlag. No real solution if you > want to lock out really expired or disabled accounts :( If the flag means "disabled OR non-normal", then you can't have it both ways. If you want to allow non-normal accounts, you have to ignore the flag. If you want to disable users, you have to look at the flag. The two situations aren't compatible. You could always put disabled users into a "disabled" group, and check that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Enabling / disabling active directory users
Iain Grant wrote: > We have on site a Windows 2008 RC2 domain controller ( 64-bit ) which I > have a linux based freeradius server hanging from. > > My question is, other than changing the users file on the freeradius > server, is there another way of disabling a user from authentication > through the radius server but still allow them access via the active > directory route. Sure. Put them into a "non-radius" group in LDAP. Then, check the group, and reject them if they're in the group. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Calling-Station-Id and Called-Station-Id values
Omer Faruk Sen wrote:
> How can I make Calling-Station-Id and Called-Station-Id to be see in
> accounting if one of them is empty in detail log file. What I mean if
> one of the field (Calling-Station-Id or Called-Station-Id ) doesn't
> supplied by NAS I want it to be seen like :
>
> Calling-Station-Id = ""
> Called-Station-Id = ""
Why? But anyways...
See "man unlang". You can update attributes:
if (!Called-Station-Id) {
update request {
Called-Station-Id = ""
}
}
But it's pretty pointless.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Check line and radgroupcheck evaluation question
As usual, thanks Alan. I appreciate the help. -M On Wed, Jun 16, 2010 at 7:55 AM, Alan DeKok wrote: > Matt Hite wrote: >> Are check lines in the "users" file short-circuit "AND" evaluated from >> left to right? > > Yes. > >> Extrapolating this presumption out to radgroupcheck >> when using a MySQL database, are the check items evaluated simply in >> order of column id value (ie. the order they are returned from the >> SELECT)? > > Yes. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: Wanted: Commercial FreeRADIUS Support
Hi, Jackal. JA> Even if you aren't able to provide support, I'd be interested in any JA> suggestions for where to get support from. JA> Jackal Admin wrote: >> >> We have a a hotspot authentication system built on FreeRADIUS, MySQL, and >> PHP. >> It is not too complicated but we don't have the time to work on it >> ourselves. >> Looking for an expert or company to provide support, modification, and >> troubleshooting for this installation. >> E-mail to ad...@jackalwireless.net >> What are you interested in? -- Eugen mailto:kes-...@yandex.ru - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Wanted: Commercial FreeRADIUS Support
http://www.google.co.uk/search?q=freeradius+commercial+support&btnI=1 ?? On 16/06/2010 23:03, Jackal Admin wrote: Even if you aren't able to provide support, I'd be interested in any suggestions for where to get support from. Jackal Admin wrote: We have a a hotspot authentication system built on FreeRADIUS, MySQL, and PHP. It is not too complicated but we don't have the time to work on it ourselves. Looking for an expert or company to provide support, modification, and troubleshooting for this installation. E-mail to ad...@jackalwireless.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Wanted: Commercial FreeRADIUS Support
Even if you aren't able to provide support, I'd be interested in any suggestions for where to get support from. Jackal Admin wrote: > > We have a a hotspot authentication system built on FreeRADIUS, MySQL, and > PHP. > It is not too complicated but we don't have the time to work on it > ourselves. > Looking for an expert or company to provide support, modification, and > troubleshooting for this installation. > E-mail to ad...@jackalwireless.net > > -- View this message in context: http://old.nabble.com/Wanted%3A-Commercial-FreeRADIUS-Support-tp28896212p28908243.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Enabling / disabling active directory users
On 16/06/10 14:18, Iain Grant wrote: > We have on site a Windows 2008 RC2 domain controller ( 64-bit ) which I > have a linux based freeradius server hanging from. > > My question is, other than changing the users file on the freeradius > server, is there another way of disabling a user from authentication > through the radius server but still allow them access via the active > directory route. Have a group for users who may access via radius and use that in the ldap module's groupmembership_filter. (warning: treat my advice with caution I'm a novice here.) > So for example, a user can log in quite happily on site using their > windows machine. > > If they go offsite and try authentication via the radius server they > will not be allowed. > > Does active directory have a flag or something that can be set against > the user account to deny access via a radius link. > > Thanks > > Iain > > > __ > SCRI, Invergowrie, Dundee, DD2 5DA. > The Scottish Crop Research Institute is a charitable company limited by > guarantee. > Registered in Scotland No: SC 29367. > Recognised by the Inland Revenue as a Scottish Charity No: SC 006662. > > > DISCLAIMER: > > This email is from the Scottish Crop Research Institute, but the views > expressed by the sender are not necessarily the views of SCRI and its > subsidiaries. This email and any files transmitted with it are > confidential to the intended recipient at the e-mail address to which it > has been addressed. It may not be disclosed or used by any other than > that addressee. > If you are not the intended recipient you are requested to preserve this > confidentiality and you must not use, disclose, copy, print or rely on > this e-mail in any way. Please notify postmas...@scri.ac.uk quoting the > name of the sender and delete the email from your system. > > Although SCRI has taken reasonable precautions to ensure no viruses are > present in this email, neither the Institute nor the sender accepts any > responsibility for any viruses, and it is your responsibility to scan > the email and the attachments (if any). > __ > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Please access the attached hyperlink for an important electronic communications disclaimer: http://www.lse.ac.uk/collections/planningAndCorporatePolicy/legalandComplianceTeam/legal/disclaimer.htm - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.1.9 crashes working in proxy mode
Hi Thanks for your reply! which software versions are affected by this bug?, actually I'm using 2.1.4 release. Regards On Wed, Jun 16, 2010 at 5:03 PM, Alan Buxey wrote: > Hi, > >> Load Balance works fine but when I force shutdown of one of local >> radius servers the proxy crashes with a segmentation. > > there is a known bug in the proxy code of 2.1.9 - this is fixed > in the GIT release - which will eventually become the 2.1.10 release. > > alan > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dot1x with samba workstation accounts
Hello, I'm trying to authenticate my windows boxes with dot1x against freeradius. Everything is working fine if I'm using a normal user. But I want to use the samba workstation accounts from ldap. The problem: mschap blocks accounts which have only the W-sambaAcctFlag set: > info: [mschap] SMB-Account-Ctrl says that the account is disabled, or > is not a normal account. Shouldn't it be possible to use workstation accounts? My temporary solution is to exclude querying sambaAcctFlag. No real solution if you want to lock out really expired or disabled accounts :( -- Jens Weibler smime.p7s Description: S/MIME Cryptographic Signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Having trouble compiling freeradius 2.1.9 on ubuntu 10.04
On Wed, Jun 16, 2010 at 09:56:13AM -0400, David Peterson wrote: > I am having one issue now, when FR receives and EAP packet, the daemon > crashes and I get a segmentation fault. Any thoughts other than starting > from scratch? What does the debug mode say, the output of freeradius -X just before the crash? -- 2. That which causes joy or happiness. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Calling-Station-Id and Called-Station-Id values
Hi, How can I make Calling-Station-Id and Called-Station-Id to be see in accounting if one of them is empty in detail log file. What I mean if one of the field (Calling-Station-Id or Called-Station-Id ) doesn't supplied by NAS I want it to be seen like : Calling-Station-Id = "" Called-Station-Id = "" or Calling-Station-Id = "" Called-Station-Id = "" Right now if one of the attribute is empty it is now shown in detail log file like: User-Name = "10.241.1.14" Called-Station-Id = "x" Acct-Status-Type = Stop or User-Name = "10.241.1.14" Calling-Station-Id = "y" Acct-Status-Type = Stop Regards. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.1.9 crashes working in proxy mode
Hi, > Load Balance works fine but when I force shutdown of one of local > radius servers the proxy crashes with a segmentation. there is a known bug in the proxy code of 2.1.9 - this is fixed in the GIT release - which will eventually become the 2.1.10 release. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segment Fault
David Peterson wrote: > [61490.335957] freeradius[6212]: segfault at 6c ip 00a51951 sp bfd33070 > error 4 in libfreeradius-radius-2.1.8.so[a3d000+1e000] > > [61510.556054] freeradius[6214]: segfault at 6c ip 00a97951 sp bfab1530 > error 4 in libfreeradius-radius-2.1.8.so[a83000+1e000] > > Anyone know what causes this sort of crash? It happens when I access > EAP. If 2.1.9 fixes this, can someone point me to an Ubuntu repository > that has it available… 2.1.8 shouldn't crash when you try to use EAP. See doc/bugs for instructions on tracking down these issues. You may need to re-build the server with the right debugging / compiler flags. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Use rlm_ldap reply for the next authorization module
JUND wrote:
> I have no trouble to check the User-Name/Password using ldap and chap
> modules. But I can’t figure out how to use the ldap reply to request the
> local mysql where is store the match between crm Id and status.
>
> I don’t know how to use a reply of a authorization module (ldap) in an
> another one (sql).
You can't. It's usually not necessary.
> Since I didn’t find out how to do this, I tried to add the crmID in a
> unused radius attribute: Callback-Number:
>
> In the ldap attrmap configuration file I added:
>
> replyItem Callback-Number SFRrelationLoginService
That should add it to the *reply* items.
> And in the sql configuration:
>
> sql_user_name = "%{Callback-Number}"
That looks up the Callback-Number in the *request*. See "man unlang".
You want:
sql_user_name = "%{reply:Callback-Number}"
> Is it possible to configure the ldap module in order to store a
> ldapattribute in a variable usable by the mysql module ?
Yes. You're doing it. You're just not referencing the variable
correctly.
> Or to
> replace/add a radius attribute in the request, base on the ldap reply
> before the next module is compute?
The LDAP module can't update the request.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Check line and radgroupcheck evaluation question
Matt Hite wrote: > Are check lines in the "users" file short-circuit "AND" evaluated from > left to right? Yes. > Extrapolating this presumption out to radgroupcheck > when using a MySQL database, are the check items evaluated simply in > order of column id value (ie. the order they are returned from the > SELECT)? Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.1.9 crashes working in proxy mode
JOE wrote: > Load Balance works fine but when I force shutdown of one of local > radius servers the proxy crashes with a segmentation. > > you have any idea what is happening? See git.freeradius.org. Try the v2.1.x branch. It should contain a fix. We should probably release 2.1.10 to address this issue. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Segment Fault
[61490.335957] freeradius[6212]: segfault at 6c ip 00a51951 sp bfd33070 error 4 in libfreeradius-radius-2.1.8.so[a3d000+1e000] [61510.556054] freeradius[6214]: segfault at 6c ip 00a97951 sp bfab1530 error 4 in libfreeradius-radius-2.1.8.so[a83000+1e000] [62031.935361] hrtimer: interrupt took 36340206 ns Anyone know what causes this sort of crash? It happens when I access EAP. If 2.1.9 fixes this, can someone point me to an Ubuntu repository that has it available. David Peterson - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Getting PAP to work with ntlm_auth
On 15/06/10 07:51, Alan DeKok wrote: > Neil Prockter wrote:w >> I want to authenticate users against Active Directory for EAP-MSCHAPv2 >> and PAP. PAP is for a wireless web authentication redirection service >> that authenticates using PAP and its PAP I'm trying to debug not MSCHAP >> at present. > > For that, you can configure Active Directory as an LDAP server. It > will be faster and more stable than using ntlm_auth. I've done that and PAP/LDAP has tested well. EAP-MSCHAPv2/ntlm_auth is not happy but I'll have more of a look before mailing about that. Thanks Neil > >> I've been following >> http://deployingradius.com/documents/configuration/active_directory.html >> >> All goes well until I get towards the end. >> >> Once I remove >> DEFAULT Auth-Type = ntlm_auth >> from users PAP stops working > > If you *want* PAP to use ntlm_auth, then you need to leave that line > in. We recommend deleting it because most people want PAP to use > *another* way of authenticating. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Please access the attached hyperlink for an important electronic communications disclaimer: http://www.lse.ac.uk/collections/planningAndCorporatePolicy/legalandComplianceTeam/legal/disclaimer.htm - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Having trouble compiling freeradius 2.1.9 on ubuntu 10.04
I have installed the binary and it has everything I needed thanks! I am having one issue now, when FR receives and EAP packet, the daemon crashes and I get a segmentation fault. Any thoughts other than starting from scratch? -Original Message- From: freeradius-users-bounces+david.peterson=acc-corp@lists.freeradius.org [mailto:freeradius-users-bounces+david.peterson=acc-corp@lists.freeradiu s.org] On Behalf Of Josip Rodin Sent: Wednesday, June 16, 2010 7:39 AM To: Bassem Nagi Cc: FreeRadius users mailing list Subject: Re: Having trouble compiling freeradius 2.1.9 on ubuntu 10.04 On Wed, Jun 16, 2010 at 02:31:54PM +0300, Bassem Nagi wrote: > Hey Josip actually i need to compile in order to use rlm_sqlcounter > module as i understand it is not available with the binary package. Well, I see it at: http://packages.ubuntu.com/lucid/i386/freeradius/filelist /etc/freeradius/modules/sqlcounter_expire_on_login /usr/lib/freeradius/rlm_sqlcounter-2.1.8.so /usr/lib/freeradius/rlm_sqlcounter.so /usr/share/doc/freeradius/rlm_sqlcounter.gz -- 2. That which causes joy or happiness. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius 2.1.9 crashes working in proxy mode
Hi all Actually I have two servers (in cluster mode with heartbeat) working each one with two radius services, one proxy and one radius as follow: Server1: .- freeradius server 2.1.9 : listening on port 1645 , working in proxy mode with load balance configuration and point to local radius and Server2 radius - freeradius server 2.1.9: listening on port 1812, working in radius mode. Server2: .- freeradius server 2.1.9 : listening on port 1645 , working in proxy mode with load balance and point to local radius an Server1 radius - freeradius server 2.1.9: listening on port 1812, working in radius mode. Load Balance works fine but when I force shutdown of one of local radius servers the proxy crashes with a segmentation. you have any idea what is happening? Regards - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Enabling / disabling active directory users
We have on site a Windows 2008 RC2 domain controller ( 64-bit ) which I have a linux based freeradius server hanging from. My question is, other than changing the users file on the freeradius server, is there another way of disabling a user from authentication through the radius server but still allow them access via the active directory route. So for example, a user can log in quite happily on site using their windows machine. If they go offsite and try authentication via the radius server they will not be allowed. Does active directory have a flag or something that can be set against the user account to deny access via a radius link. Thanks Iain __ SCRI, Invergowrie, Dundee, DD2 5DA. The Scottish Crop Research Institute is a charitable company limited by guarantee. Registered in Scotland No: SC 29367. Recognised by the Inland Revenue as a Scottish Charity No: SC 006662. DISCLAIMER: This email is from the Scottish Crop Research Institute, but the views expressed by the sender are not necessarily the views of SCRI and its subsidiaries. This email and any files transmitted with it are confidential to the intended recipient at the e-mail address to which it has been addressed. It may not be disclosed or used by any other than that addressee. If you are not the intended recipient you are requested to preserve this confidentiality and you must not use, disclose, copy, print or rely on this e-mail in any way. Please notify postmas...@scri.ac.uk quoting the name of the sender and delete the email from your system. Although SCRI has taken reasonable precautions to ensure no viruses are present in this email, neither the Institute nor the sender accepts any responsibility for any viruses, and it is your responsibility to scan the email and the attachments (if any). __- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Having trouble compiling freeradius 2.1.9 on ubuntu 10.04
On 06/16/2010 07:10 AM, Karuna G. Kumar wrote: I also got the same problem when I am compiling FreeRADIUS 2.1.8. I solved this problem by executing the following commands. Change the version number in the file appropriately and execute these commands. ln -s /usr/local/lib/libfreeradius-radius-2.1.8.so /usr/lib/libfreeradius-radius-2.1.8.so You may probably get few more similar kind of errors for libltdl.so.3 and libfreeradius-eap-2.1.8.so For these, following commands will help you. ln -s /usr/local/lib/libltdl.so.3.1.4 /usr/lib/libltdl.so.3 ln -s /usr/local/lib/libfreeradius-eap-2.1.8.so /usr/lib/libfreeradius-eap-2.1.8.so None of this would be necessary if you specified --prefix=/usr when you ran configure. The default prefix of /usr/local is only for those without root permission. But as Josip says it's best to install the pre-built packages because the person doing the packaging already has all the little details which trip people up figured out. Using pre-built packages will save you a *lot* of headaches. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Use rlm_ldap reply for the next authorization module
Hello,
In order to allow a user to access the service (send a Access-Accept) I need to
validate several things:
First the password must be OK:
* The User-name and password are stored in cleartext in a ldap (I use Chap),
I must get another ldap attribute wich specify the crm Id matching the username.
The user must be allowed to use the service:
* Daily I get a files matching a crm Id and a status (can access, cant
access) => I can't have a matching between user-name / Status. The crm don't
know the user-name, and the ldap don't know the client's status (only the Crm
ID)
I have no trouble to check the User-Name/Password using ldap and chap modules.
But I can't figure out how to use the ldap reply to request the local mysql
where is store the match between crm Id and status.
I don't know how to use a reply of a authorization module (ldap) in an another
one (sql).
Since I didn't find out how to do this, I tried to add the crmID in a unused
radius attribute: Callback-Number:
In the ldap attrmap configuration file I added:
replyItem Callback-Number SFRrelationLoginService
And in the sql configuration:
sql_user_name = "%{Callback-Number}"
Unfortunately as expected the replyItem is only add when the reply is generate.
I also tried with a checkItem without more success...
Is it possible to configure the ldap module in order to store a ldapattribute
in a variable usable by the mysql module ? Or to replace/add a radius attribute
in the request, base on the ldap reply before the next module is compute?
Examples :
Goal case:
echo "User-Name= toto,Chap-Password=11", | sudo radclient -x
172.16.0.135:1812 auth secret
Sending Access-Request of id 202 to 172.16.0.135 port 1812
User-Name = "toto"
CHAP-Password = 0xcab5c3da9c9ebb891608c1991c2e37bea3
rad_recv: Access-Reject packet from host 172.16.0.135 port 1812, id=202,
length=20
log:
Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]: Waking up in 0.9 seconds.
Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]: rlm_ldap: waiting for bind
result ...
Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]: rlm_ldap: Bind was successful
Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]: rlm_ldap: performing search
in ou=EndUser,dc=USER,dc=fr, with filter (USERlogin=toto*)
Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]: [ldapClear] No default NMAS
login sequence
Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]: [ldapClear] looking for
check items in directory...
Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]: rlm_ldap:
USERrelationLoginService -> Callback-Number == "siebelsIdFortoto"
Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]: rlm_ldap: USERuserPassword
-> Cleartext-Password == "11"
Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]: rlm_ldap: USERlogin ->
User-Name == "toto"
Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]: [ldapClear] looking for
reply items in directory...
Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]: [ldapClear] user toto
authorized to use remote access
Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]: rlm_ldap: ldap_release_conn:
Release Id: 0
Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]: ++[ldapClear] returns ok
Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]: [sql_crm_abv] #011expand:
%{Callback-Number} ->
Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]: [sql_crm_abv] sql_set_user
escaped user --> ''
Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]: rlm_sql (sql_crm_abv):
Reserving sql socket id: 1
Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]: [sql_crm_abv] #011expand:
SELECT Identifiant, Status FROM siebel WHERE Identifiant =
'%{Callback-Number}' AND Status='1' -> SELECT Identifiant, Status
FROM siebel WHERE Identifiant = '' AND Status='1'
Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]: rlm_sql_mysql: query:
SELECT Identifiant, Status FROM siebel WHERE Identifiant =
'' AND Status='1'
Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]: rlm_sql (sql_crm_abv):
Released sql socket id: 1
Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]: [sql_crm_abv] User not found
Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]: ++[sql_crm_abv] returns
notfound
Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]: [chap] Setting 'Auth-Type :=
CHAP'
Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]: ++[chap] returns ok
Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]: ++[expiration] returns noop
Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]: ++[logintime] returns noop
Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]: [pap] Found existing
Auth-Type, not changing it.
Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]: ++[pap] returns noop
Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]: rlm_sqlcounter: Entering
module authorize code
Jun 16 12:42:30 radius-wifi1-aub freeradius[7106]: rlm_sqlcounter: Could not
find Key value pair
Jun 16 12:42:30 radius-wifi1-aub freerad
[no subject]
Jasenko Sehanovic |t: + 387 33 768 000|f: + 387 33 768 001|m: + 387 61 103 444 Teleinformatica doo, Tvornička 3, 71000 Sarajevo, Bosnia and Herzegovina -- cid:part1.05030807.04020006@teleinformatica.ba <>- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Having trouble compiling freeradius 2.1.9 on ubuntu 10.04
On Wed, Jun 16, 2010 at 02:31:54PM +0300, Bassem Nagi wrote: > Hey Josip actually i need to compile in order to use rlm_sqlcounter > module as i understand it is not available with the binary package. Well, I see it at: http://packages.ubuntu.com/lucid/i386/freeradius/filelist /etc/freeradius/modules/sqlcounter_expire_on_login /usr/lib/freeradius/rlm_sqlcounter-2.1.8.so /usr/lib/freeradius/rlm_sqlcounter.so /usr/share/doc/freeradius/rlm_sqlcounter.gz -- 2. That which causes joy or happiness. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Having trouble compiling freeradius 2.1.9 on ubuntu 10.04
Hey Josip actually i need to compile in order to use rlm_sqlcounter module as i understand it is not available with the binary package. Regards, Bassem On Wed, 2010-06-16 at 13:24 +0200, Josip Rodin wrote: > On Wed, Jun 16, 2010 at 01:01:40PM +0300, Bassem Nagi wrote: > > Iam having trouble compiling freeradius version 2.1.9 on ubuntu 10.04 > > when i try to start the server i get an error stating > > > > radiusd: error while loading shared libraries: > > libfreeradius-radius-2.1.9.so: cannot open shared object file: No such > > file or directory > > > > Any help would be appreciated. > > If you you don't actually have a reason to compile anything, just install > the newer packages from whatever repository has 2.1.9, see > http://packages.ubuntu.com/freeradius > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Having trouble compiling freeradius 2.1.9 on ubuntu 10.04
On Wed, Jun 16, 2010 at 01:01:40PM +0300, Bassem Nagi wrote: > Iam having trouble compiling freeradius version 2.1.9 on ubuntu 10.04 > when i try to start the server i get an error stating > > radiusd: error while loading shared libraries: > libfreeradius-radius-2.1.9.so: cannot open shared object file: No such > file or directory > > Any help would be appreciated. If you you don't actually have a reason to compile anything, just install the newer packages from whatever repository has 2.1.9, see http://packages.ubuntu.com/freeradius -- 2. That which causes joy or happiness. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Having trouble compiling freeradius 2.1.9 on ubuntu 10.04
I also got the same problem when I am compiling FreeRADIUS 2.1.8. I solved this problem by executing the following commands. Change the version number in the file appropriately and execute these commands. ln -s /usr/local/lib/libfreeradius-radius-2.1.8.so /usr/lib/libfreeradius-radius-2.1.8.so You may probably get few more similar kind of errors for libltdl.so.3 and libfreeradius-eap-2.1.8.so For these, following commands will help you. ln -s /usr/local/lib/libltdl.so.3.1.4 /usr/lib/libltdl.so.3 ln -s /usr/local/lib/libfreeradius-eap-2.1.8.so /usr/lib/libfreeradius-eap-2.1.8.so - Karun. -Original Message- From: freeradius-users-bounces+karuna.kumar=indscape@lists.freeradius.org on behalf of Bassem Nagi Sent: Wed 6/16/2010 3:31 PM To: freeradius-users@lists.freeradius.org Cc: Subject:Having trouble compiling freeradius 2.1.9 on ubuntu 10.04 Hi, Iam having trouble compiling freeradius version 2.1.9 on ubuntu 10.04 when i try to start the server i get an error stating radiusd: error while loading shared libraries: libfreeradius-radius-2.1.9.so: cannot open shared object file: No such file or directory Any help would be appreciated. Thanx <>- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Having trouble compiling freeradius 2.1.9 on ubuntu 10.04
Hey Nicolas i tried ldconfig but for some reason now i am getting a different error Segmentation fault Regards, Bassem On Wed, 2010-06-16 at 12:25 +0200, Nicolas Goutte wrote: > Am 16.06.2010 um 12:01 schrieb Bassem Nagi: > > > Hi, > > Iam having trouble compiling freeradius version 2.1.9 on ubuntu 10.04 > > when i try to start the server i get an error stating > > > > radiusd: error while loading shared libraries: > > libfreeradius-radius-2.1.9.so: cannot open shared object file: No > > such file or directory > > Try running ldconfig in the directory where the .so-file is. > > > > > Any help would be appreciated. > > > > Thanx > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > Nicolas Goutte > > > extragroup GmbH - Karlsruhe > Waldstr. 49 > 76133 Karlsruhe > Germany > > Geschäftsführer: Lars Busch > Registergericht: Amtsgericht Münster / HRB: 5624 > Steuer Nr.: 337/5903/0421 / UstID: DE 204607841 > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Having trouble compiling freeradius 2.1.9 on ubuntu 10.04
I downloaded it from ubuntu Repository Thanx, Bassem On Wed, 2010-06-16 at 12:32 +0200, Andras Dosztal wrote: > Did you compile libfreeradius first? > > Regards, > Andras > > > On Wed, 16 Jun 2010 12:01:40 +0200, Bassem Nagi wrote: > > > > > Hi, > > > > Iam having trouble compiling freeradius version 2.1.9 on ubuntu 10.04 > > > > when i try to start the server i get an error stating > > > > > radiusd: error while loading shared libraries: > > > > libfreeradius-radius-2.1.9.so: cannot open shared object file: No such > > file or directory - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Having trouble compiling freeradius 2.1.9 on ubuntu 10.04
Did you compile libfreeradius first? Regards, Andras On Wed, 16 Jun 2010 12:01:40 +0200, Bassem Nagi wrote: Hi, Iam having trouble compiling freeradius version 2.1.9 on ubuntu 10.04 when i try to start the server i get an error stating radiusd: error while loading shared libraries: libfreeradius-radius-2.1.9.so: cannot open shared object file: No such file or directory - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Having trouble compiling freeradius 2.1.9 on ubuntu 10.04
Am 16.06.2010 um 12:01 schrieb Bassem Nagi: Hi, Iam having trouble compiling freeradius version 2.1.9 on ubuntu 10.04 when i try to start the server i get an error stating radiusd: error while loading shared libraries: libfreeradius-radius-2.1.9.so: cannot open shared object file: No such file or directory Try running ldconfig in the directory where the .so-file is. Any help would be appreciated. Thanx - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Nicolas Goutte extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany Geschäftsführer: Lars Busch Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Having trouble compiling freeradius 2.1.9 on ubuntu 10.04
Hi, Iam having trouble compiling freeradius version 2.1.9 on ubuntu 10.04 when i try to start the server i get an error stating radiusd: error while loading shared libraries: libfreeradius-radius-2.1.9.so: cannot open shared object file: No such file or directory Any help would be appreciated. Thanx - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Check line and radgroupcheck evaluation question
Hello,
Are check lines in the "users" file short-circuit "AND" evaluated from
left to right? Extrapolating this presumption out to radgroupcheck
when using a MySQL database, are the check items evaluated simply in
order of column id value (ie. the order they are returned from the
SELECT)?
authorize_group_check_query = "SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE groupname =
'%{Sql-Group}' ORDER BY id"
Just trying to wrap my head around how one might do something useful
with radgroupcheck. I guess you are supposed to be able to match some
condition on the row whose group matches with the lowest column ID and
then subsequent rows that also have the same matching group (with
higher column ID's) can be used to set attributes or look for further
requisite conditions?
I am actually wanting to reject connections when groups of users come
in on the wrong huntgroup. I've seen significant discussion and
confusion in the mailing list archives in regards to this. Most of the
time I see people say "use radcheck to reject." I did spot a gem from
Ivan Kalik, though, which led me down this path.
>>However, the issue remains:
>>I do not want the user to be rejected per se. I only want the user to be
>>rejected if her own huntgroup as stored in radgroupcheck is different from
>>he huntgroup of the Called-Station-Id in the radhuntgroup table. The goal
>>is to prevent a user to login to a hotspot router, that does not belong to
>>the huntgroup the user belongs to.
>
>Hm, and what do you think:
>
>>> Huntgroup-Name != "Test", Auth-Type := Reject
>
>that does? As a joke, put them in radgroupcheck and see if it does
>*exactly* what you have described.
Thanks for your help,
-M
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
