date:20110130

Re: deny access with huntgroups

2011-01-30 Thread tragus


hello, I read your talks and I have the same problem, what you said help me,
but I can't find the right request to make in
/etc/raddb/sites-enabled/default in the section authorize just under
preprocess, can you send to me the request you have made. I will be so
thanksfull. 
-- 
View this message in context: 
http://freeradius.1045715.n5.nabble.com/deny-access-with-huntgroups-tp2780330p3364120.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Exec Module FreeRADIUS Version 2.1.8

2011-01-30 Thread hollman.diaz


Hi everybody

I'm trying to change the Auth-Type attribute with an external application.
I'm using FreeRADIUS Version 2.1.8 and Ubuntu 10.04

What files do I should modify?
I have tried with:

/etc/freeradius/radiusd.conf:
...
instantiate {
#
#  Allows the execution of external scripts.
#  The entire command line (and output) must fit into 253 bytes.
#
#  e.g. Framed-Pool = `%{exec:/bin/echo foo}`
exec ven{
wait = yes
program = "/etc/disconnect/php return.php
%{Calling-Station-Id}"
input_pairs = request
output_pairs = reply
shell_escape = yes
}

/etc/freeradius/sites-enabled/default
post-auth {
...
exec ven{
wait = yes
program = "/etc/disconnect/php return.php
%{Calling-Station-Id}"
input_pairs = request
output_pairs = reply
shell_escape = yes
}

/etc/freeradius/modules/exec
...
#  See also "echo" for more sample configuration.
#
exec ven{
wait = yes
program = "/etc/disconnect/php return.php
%{Calling-Station-Id}"
input_pairs = request
output_pairs = reply
shell_escape = yes
}

And /etc/freeradius/users:
...
DEFAULTAuth-Type := '%{exec:/etc/disconnect/php return.php
%{Calling-Station-Id}}'
  Fall-Through = No

External application is /etc/disconnect/return.php and it returns Accept or
Reject values.

I have read several forums but I do not understand the procedure. I would
appreciate a step by step procedure :)


Running freeradius -X, I get (with no modifications in
/etc/freeradius/users):
...
 Module: Checking session {...} for more modules to load
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
/etc/freeradius/sites-enabled/default[464]: Failed to find module "exec".
/etc/freeradius/sites-enabled/default[435]: Errors parsing post-auth
section. 

Line 464 is 
exec ven{

and line 435 is
post-auth {

Thanks in advance,

Hollman Diaz
-- 
View this message in context: 
http://freeradius.1045715.n5.nabble.com/Exec-Module-FreeRADIUS-Version-2-1-8-tp3363953p3363953.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Faulty module pam_radius_auth.so

2011-01-30 Thread Peter Lambrechtsen

You may have the same problem as we did with how UNIT4 was defined.

http://lists.freeradius.org/pipermail/freeradius-users/2010-September/msg00637.html

In the radius.h

-typedef unsigned long UINT4;
+typedef uint32_t UINT4;

Cheers

Peter

On Mon, Jan 31, 2011 at 2:07 PM, vijay s sheelavantar <
s_vija...@rediffmail.com> wrote:

> Hello Friends,
>
> I have compiled pam_radius_auth.so for MIPS architecture. I am linking the
> libraries as follows.
> * $(LD) -Bshareable pam_radius_auth.o md5.o -lpam -o pam_radius_auth.so*
> I tried by linking (-lc) also. but authentication is failing. I have
> captured the log from /var/log/auth.log. and it says the error as below.
>
> Jan 31 10:11:10 (none) sshd[25680]: PAM unable to
> dlopen(/lib/security/pam_radius_auth.so)
> Jan 31 10:11:10 (none) sshd[25680]: PAM [dlerror:
> /lib/security/pam_radius_auth.so: undefined symbol: pra_MD5
> Init]
> Jan 31 10:11:10 (none) sshd[25680]: PAM adding faulty module:
> /lib/security/pam_radius_auth.so
>
> kindly help me to solve this problem.
>
> Thanks and Regards,
> VIJAY S.
>
>
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Faulty module pam_radius_auth.so

2011-01-30 Thread vijay s sheelavantar

Hello Friends,
I have compiled pam_radius_auth.so for MIPS architecture. I am linking the 
libraries as follows. $(LD) -Bshareable pam_radius_auth.o md5.o -lpam -o 
pam_radius_auth.soI tried by linking (-lc) also. but authentication is failing. 
I have captured the log from /var/log/auth.log. and it says the error as below.
Jan 31 10:11:10 (none) sshd[25680]: PAM unable to 
dlopen(/lib/security/pam_radius_auth.so)Jan 31 10:11:10 (none) sshd[25680]: PAM 
[dlerror: /lib/security/pam_radius_auth.so: undefined symbol: pra_MD5Init]Jan 
31 10:11:10 (none) sshd[25680]: PAM adding faulty module: 
/lib/security/pam_radius_auth.so
kindly help me to solve this problem.
Thanks and Regards,
VIJAY S.-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Treating octets as string

2011-01-30 Thread Alan DeKok

Brian Candler wrote:
> OK, I've had a go at a patch. You can find it at
> https://github.com/candlerb/freeradius-server/tree/candlerb/string_expansion
> 
> Aside: I guess you can't use this if you have an 'octets' value with an
> embedded null. If I set

  That's easy enough to fix, and the server already includes code to
handle non-printable characters in a string.

> Also, while doing this I also discovered a bug in the %{integer:...}
> expansion: it will cause freeradius to segfault if the vp is known in the
> dictionary but is not present in the request (radius_get_vp will return true
> but set vp to NULL).  The fix is also in that branch, but I'll post it here
> too:

  Whoops.  That needs fixing, yes.

  I've pushed fixes to the git repository.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Error in Freeradius Log

2011-01-30 Thread Fajar A. Nugraha

On Sun, Jan 30, 2011 at 6:43 PM, Moayad Mohammad
 wrote:
> Dear,
>
>     I found this error in radius log file:
>
> “rlm_sql (sql_wimax): There are no DB handles to use! skipped 0, tried to
> connect 0”
>
>
>
> Then too many CPE’s disconnected then reauthenticated again after 1 minute.
>
>
>
> Kindly note that we are in testing phase and the maximum No. of connected
> CPE not more than 200 sessions. What’s happened?

Your DB is most likely too busy at that time.
If it's MySQL, "show full processlist" will show what queries it's
currently doing.

-- 
Fajar

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Separate rlm_perl in each virtual server

2011-01-30 Thread Alexander Shikoff

On Sun, Jan 30, 2011 at 08:47:17AM +0100, Alan DeKok wrote:
> Alexander Shikoff wrote:
> > Now radiusd receives a DHCP packet and:
> > 
> > Received DHCP-Discover of id fcb1c6c0 from 193.200.84.232:67 to 
> > 193.200.85.245:67
> > [...]
> > server dhcp {
> > Trying sub-section dhcp DHCP-Discover {...}
> > +- entering group DHCP-Discover {...}
> > rlm_perl: -authorization.pl- : post_auth
> > ^^^
> 
>   Post *all* of the debug output.  You've deleted the pieces which can
> help solve the problem.



-- 
MINO-RIPE
FreeRADIUS Version 2.1.10, for host amd64-portbld-freebsd8.0, built on Nov  2 
2010 at 21:47:55
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. 
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A 
PARTICULAR PURPOSE. 
You may redistribute copies of FreeRADIUS under the terms of the 
GNU General Public License v2. 
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including files in directory /usr/local/etc/raddb/modules/
including configuration file /usr/local/etc/raddb/modules/wimax
including configuration file /usr/local/etc/raddb/modules/always
including configuration file /usr/local/etc/raddb/modules/attr_filter
including configuration file /usr/local/etc/raddb/modules/attr_rewrite
including configuration file /usr/local/etc/raddb/modules/chap
including configuration file /usr/local/etc/raddb/modules/checkval
including configuration file /usr/local/etc/raddb/modules/counter
including configuration file /usr/local/etc/raddb/modules/cui
including configuration file /usr/local/etc/raddb/modules/detail
including configuration file /usr/local/etc/raddb/modules/detail.example.com
including configuration file /usr/local/etc/raddb/modules/detail.log
including configuration file /usr/local/etc/raddb/modules/digest
including configuration file /usr/local/etc/raddb/modules/echo
including configuration file /usr/local/etc/raddb/modules/etc_group
including configuration file /usr/local/etc/raddb/modules/exec
including configuration file /usr/local/etc/raddb/modules/expiration
including configuration file /usr/local/etc/raddb/modules/expr
including configuration file /usr/local/etc/raddb/modules/files
including configuration file /usr/local/etc/raddb/modules/inner-eap
including configuration file /usr/local/etc/raddb/modules/ippool
including configuration file /usr/local/etc/raddb/modules/krb5
including configuration file /usr/local/etc/raddb/modules/ldap
including configuration file /usr/local/etc/raddb/modules/linelog
including configuration file /usr/local/etc/raddb/modules/logintime
including configuration file /usr/local/etc/raddb/modules/mac2ip
including configuration file /usr/local/etc/raddb/modules/mschap
including configuration file /usr/local/etc/raddb/modules/mac2vlan
including configuration file /usr/local/etc/raddb/modules/ntlm_auth
including configuration file /usr/local/etc/raddb/modules/otp
including configuration file /usr/local/etc/raddb/modules/pam
including configuration file /usr/local/etc/raddb/modules/pap
including configuration file /usr/local/etc/raddb/modules/passwd
including configuration file /usr/local/etc/raddb/modules/policy
including configuration file /usr/local/etc/raddb/modules/preprocess
including configuration file /usr/local/etc/raddb/modules/radutmp
including configuration file /usr/local/etc/raddb/modules/realm
including configuration file /usr/local/etc/raddb/modules/smbpasswd
including configuration file /usr/local/etc/raddb/modules/smsotp
including configuration file /usr/local/etc/raddb/modules/sql_log
including configuration file 
/usr/local/etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /usr/local/etc/raddb/modules/sradutmp
including configuration file /usr/local/etc/raddb/modules/unix
including configuration file /usr/local/etc/raddb/modules/acct_unique
including configuration file /usr/local/etc/raddb/modules/ISG_DHCP
including configuration file /usr/local/etc/raddb/modules/ISG_Auth
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/dhcp
including configuration file 
/usr/local/etc/raddb/sites-enabled/dhcp-authorization.conf
main {
user = "freeradius"
group = "freeradius"
allow_core_dumps = no
}
including dictionary file /usr/local/etc/raddb/dictionary
main {
prefix = "/usr/local"
localstatedir = "/var"
logdir = "/var/log/radius"
libdir = "/usr/local/lib/freeradius-2.1.10"
radacctdir = "/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/radiusd/radiusd.pid"
checkrad = "/usr/local/sbin/checkrad"
debug_level = 0
proxy_requests = no
 log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpa

Error in Freeradius Log

2011-01-30 Thread Moayad Mohammad

Dear, 

I found this error in radius log file:

"rlm_sql (sql_wimax): There are no DB handles to use! skipped 0, tried to
connect 0"

 

Then too many CPE's disconnected then reauthenticated again after 1 minute.

 

Kindly note that we are in testing phase and the maximum No. of connected
CPE not more than 200 sessions. What's happened?

 

Regards,

 

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: deny access with huntgroups

Exec Module FreeRADIUS Version 2.1.8

Re: Faulty module pam_radius_auth.so

Faulty module pam_radius_auth.so

Re: Treating octets as string

Re: Error in Freeradius Log

Re: Separate rlm_perl in each virtual server

Error in Freeradius Log

8 matches

Site Navigation

Mail list logo

Footer information