Re: Freeradius 3.0.0 "Installation mode requires -rpath" during "sudo make install"
On 21/09/12 15:27, YJ Zhang wrote: On Fri, Sep 21, 2012 at 03:10:51AM +0100, YJ Zhang wrote: It seems libtool/autoconf/automake related, but I don't know enough to make heads-or-tails out of how to get around this. Any advice? Thanks in advance. I've just ran './configure && make && make R=/tmp/fr install" on my debian squeeze box here on the current master git branch and it all worked as expected. What OS are you using? Ben Ah, wasn't aware of that trick. I'm compiling on Mac OS X 10.7.5 with GNU autoconf 2.69 and automake 1.12.3 installed. Is "make R=" equivalent to setting "./configure --prefix="? No, completely different. R= is used to fake the destination. It's used for making tarballs/RPMs/.debs e.g. mkdir /tmp/binary-fr make install R=/tmp/binary-fr ...with then contain: /tmp/binary-fr/$prefix/sbin/radiusd /tmp/binary-fr/$prefix/etc/raddb/radiusd.conf ...but all the paths e.g. inside the config files and shared library rpaths will read: $prefix/sbin/radiusd ...i.e. will ignore the R= prefix - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Time based bandwidth control
Il 21/09/2012 16.29, Antonio Modesto ha scritto: Hi, Is there any attribute on radius that I can use to provided time based bandwidth control? My boss asked me to implement a solution to double the client's rate limit during the night, we use mikrotik here. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Mikrotik-Rate-Limit: (works if the CPE isn't mikrotik, limited to hotspot, PPP, and something else) http://www.mikrotik.com/testdocs/ros/2.9/guide/aaa_radius.php http://www.mikrotik.com/testdocs/ros/2.9/guide/aaa_hotspot.php Ascend-Data-Rate: (if both client and NAS are mikrotik).. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Time based bandwidth control
Hi, Is there any attribute on radius that I can use to provided time based bandwidth control? My boss asked me to implement a solution to double the client's rate limit during the night, we use mikrotik here. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 3.0.0 "Installation mode requires -rpath" during "sudo make install"
On Fri, Sep 21, 2012 at 03:10:51AM +0100, YJ Zhang wrote: >> It seems libtool/autoconf/automake related, but I don't know enough to >> make heads-or-tails out of how to get around this. Any advice? Thanks >> in advance. > > I've just ran './configure && make && make R=/tmp/fr install" on my > debian squeeze box here on the current master git branch and it all > worked as expected. > > What OS are you using? > > Ben Ah, wasn't aware of that trick. I'm compiling on Mac OS X 10.7.5 with GNU autoconf 2.69 and automake 1.12.3 installed. Is "make R=" equivalent to setting "./configure --prefix="? What about my other configure flags such as "mandir, libdir, and includedir"? Here're my full configure flags: ./configure --prefix=/usr/local/freeradius --mandir=/usr/local/share/man --libdir=/usr/local/lib/freeradius --includedir=/usr/local/include --without-rlm_perl --without-rlm_sql_mysql --with-rlm_pam --with-rlm_ldap --with-openldap-include-dir=/usr/include --without-rlm_counter --without-rlm_dbm --without-rlm_ippool --without-rlm_krb5 --without-rlm_otp --without-rlm_python --without-rlm_sql --without-rlm_unixodbc --without-rlm_sql_iodbc --without-rlm_sql_postgresql --without-rlm_sql_oracle --without-rlm_sqlcounter --without-rlm_sqlippool --without-rlm_eap_tnc --without-rlm_eap_ikev2 --with-udpfromto --disable-static --enable-shared --enable-strict-dependencies --enable-developer --with-openssl-includes=/usr/local/include/openssl --with-openssl-libraries=/usr/local/lib --enable-ltdl-install=yes I had always been able to do just a straight "sudo make install" with Freeradius 2.x and 3.x (up until Mac OS X 10.7.4) without a fuzz. So this rpath issue seems to be introduced in the last month or two. Is it due to some change in FR 3.0.0 or Apple's change in OS X 10.7.5? Y.J. Zhang - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dynamic realm+home_server_pool from LDAP/SQL
On Fri, 2012-09-21 at 13:05 +0200, Alan DeKok wrote: > Wilco Baan Hofman wrote: > > I'm looking through the code and documentation of freeradius now to see > > if it is possible to use freeradius with a backend database for realms. > > I'm looking to implement this if it's not there, in what way can I do > > this where my patches would be accepted (assuming clean code obviously)? > > Use github. Fork the code, and do it there. > > Any major changes like this MUST be done in the "master" branch. The > v2.1.x branch is stable, and will have minimal changes. > Okay, I understand this.. I was actually looking more for specifics on how you would want to have this implemented. Perhaps similarly to the dynamic clients using unlang? Or perhaps by configuring a configuration backend for realms or something.. There are several approaches to do this.. and I'm guessing you have some ideas about this :) Regards, Wilco Baan Hofman - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius-Users Digest, Vol 89, Issue 58
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dynamic realm+home_server_pool from LDAP/SQL
Wilco Baan Hofman wrote: > I'm looking through the code and documentation of freeradius now to see > if it is possible to use freeradius with a backend database for realms. Realms, maybe. It's a lot more difficult with home servers. > For clients this can be fixed with dynamic clients and overwriting > attributes.. but for realms this does not seem possible. Did I miss > something? No. If it worked, it would be documented. > I'm looking to implement this if it's not there, in what way can I do > this where my patches would be accepted (assuming clean code obviously)? Use github. Fork the code, and do it there. Any major changes like this MUST be done in the "master" branch. The v2.1.x branch is stable, and will have minimal changes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: pam_radius requires setting Auth-Type ?
NdK wrote: > We just added pam_radius to our vpn host, to authenticate vpn users > throught our (working) RADIUS server. > > IIUC pam_radius is sending a PAP message: ... > But if I don't add (in users file) a line like: > DEFAULT NAS-Identifier == "openvpn", Auth-Type := PAP > FR complains: > ERROR: No authenticate method (Auth-Type) found for the request: > Rejecting the user You probably deleted "pap" from the "authorize" section of raddb/sites-available/default. > IIUC, Auth-Type should never be set manually, so I'm quite sure I'm > missing something... > Could you please point me in the right direction? Don't break the configurtion. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: external script problem
On 20/09/12 22:03, Fajar A. Nugraha wrote: Since the OP's script (the one he posted last anyway) checks something like "if ($password == 'bar')", I assume he has passwords in clear text, so it might be possibe to use something like He did say it was simplified but yes, if he has that, that's a good solution. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: pam_radius requires setting Auth-Type ?
On Fri, Sep 21, 2012 at 5:24 PM, NdK wrote: > Hello all. > > We just added pam_radius to our vpn host, to authenticate vpn users > throught our (working) RADIUS server. > > IIUC pam_radius is sending a PAP message: > Access-Request packet from host 192.168.130.61 port 9327, id=233, > length=99 > User-Name = "STUDENTI\\studente.fittizio" > User-Password = "my-cleartext-password" > NAS-IP-Address = 130.136.152.6 > NAS-Identifier = "openvpn" > NAS-Port = 8302 > NAS-Port-Type = Virtual > Service-Type = Authenticate-Only > > But if I don't add (in users file) a line like: > DEFAULT NAS-Identifier == "openvpn", Auth-Type := PAP > FR complains: > ERROR: No authenticate method (Auth-Type) found for the request: > Rejecting the user > > IIUC, Auth-Type should never be set manually, so I'm quite sure I'm > missing something... > Could you please point me in the right direction? What does your full debug looks like? Is it possible you DON'T have pap in authorize section? -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dynamic realm+home_server_pool from LDAP/SQL
> I'm looking through the code and documentation of freeradius now to see > if it is possible to use freeradius with a backend database for realms. Not to define new realms no. > For clients this can be fixed with dynamic clients and overwriting > attributes.. but for realms this does not seem possible. Did I miss > something? It's not possible. IIRC there was talk of possible sponsorship to add this functionality, but it's non trivial. > I'm looking to implement this if it's not there, in what way can I do > this where my patches would be accepted (assuming clean code obviously)? It's non trivial. I'll let Alan D comment as he was look at this recently. -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
pam_radius requires setting Auth-Type ?
Hello all. We just added pam_radius to our vpn host, to authenticate vpn users throught our (working) RADIUS server. IIUC pam_radius is sending a PAP message: Access-Request packet from host 192.168.130.61 port 9327, id=233, length=99 User-Name = "STUDENTI\\studente.fittizio" User-Password = "my-cleartext-password" NAS-IP-Address = 130.136.152.6 NAS-Identifier = "openvpn" NAS-Port = 8302 NAS-Port-Type = Virtual Service-Type = Authenticate-Only But if I don't add (in users file) a line like: DEFAULT NAS-Identifier == "openvpn", Auth-Type := PAP FR complains: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user IIUC, Auth-Type should never be set manually, so I'm quite sure I'm missing something... Could you please point me in the right direction? Tks. BYtE, Diego. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dynamic realm+home_server_pool from LDAP/SQL
Hi, I'm looking through the code and documentation of freeradius now to see if it is possible to use freeradius with a backend database for realms. For clients this can be fixed with dynamic clients and overwriting attributes.. but for realms this does not seem possible. Did I miss something? I'm looking to implement this if it's not there, in what way can I do this where my patches would be accepted (assuming clean code obviously)? Regards, Wilco Baan Hofman - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 3.0.0 "Installation mode requires -rpath" during "sudo make install"
On Fri, Sep 21, 2012 at 03:10:51AM +0100, YJ Zhang wrote: > It seems libtool/autoconf/automake related, but I don't know enough to > make heads-or-tails out of how to get around this. Any advice? Thanks > in advance. I've just ran './configure && make && make R=/tmp/fr install" on my debian squeeze box here on the current master git branch and it all worked as expected. What OS are you using? Ben -- | Ben Brown Broadband Solutions for | Systems Engineer Home & Business@ | Plusnet Plc www.plus.net | Registered Office: The Balance, 2 Pinfold Street, Sheffield, S1 2GU | Registered in England no: 3279013 + -- Plusnet - uSwitch Best Value Home Broadband 2012 - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html