thanks
Hi List, Just want to thank U all the development team for your support. Especially Alan. In fact, finally my infrastructure has been implemented( just following the daily thread): 1/- CP - AAA Serv - OpenLDAP serv --- MySQL Serv --- SendMail (it was dedicated for 802.11i using open source software) 2/ OpenVPN serv -AAA serv - OpenLDAP serv - MySQL Serv --- SendMail Email, and SMS notifications is sent to admin if someone is trying or already connected ...(Nagios) Thank U all. All The Best. -- - |JJohnny RANDRIAMAMPIONONA | | Phone: +212663682554| | National School of Applied Sciences | | 1818 TANGIER 9 | || - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with make
I have just installed in Ubuntu Karmic Koala Server. It works great. Maybe u should use apt instead of compiling it from the source. Best On Wed, Jun 9, 2010 at 3:56 PM, f0rud fzerorub...@gmail.com wrote: On Wed, 2010-06-09 at 17:43 +0200, Martín @ Ibersystems wrote: CFLAGS don't work Neither. We will try this make clean.. and if it doesn't work, we will use Ubuntu server 8.0.4. We always are using Debian, but we are unable to install the broadcom ethernet card in Debian. In Ubuntu server 10.0.4 we have the card but can't install FRadius. Let's see in 8.0.4.. xD Thanks, I use ubuntu 10.04 Lucid Lynx and it works fine (very simple and easy) But desktop edition. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- - |JJohnny RANDRIAMAMPIONONA | | Phone: +212663682554| | National School of Applied Sciences | | 1818 TANGIER 9 | || - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authenticating groups via LDAP
Alan,
John Maher at the first post asked if there is any resource that is
particularly good at explaining how radius and its config files really
works. I want just to ask it again, if possible, it there is any thread or
link illustrating how all files in /etc/radb interact to each other.
Thank U.
On Sat, May 22, 2010 at 4:32 PM, Alan DeKok al...@deployingradius.comwrote:
John Dennis wrote:
Alan I didn't see any open bugs on this, should we open one? Is this a
planned modification for 2.2?
Yes.
I recall some discussion of this a while
back on the mailing list. I suppose changing this is 2.1 would be a
version violation. But it has such serious negative consequences I
wonder if we shouldn't bite the bullet and change it in 2.1.9 before
more people get bitten by this. But to be honest I'm not sure which is
worse, an unexpected config file change on upgrade or mysterious
*silent* failures after upgrade.
I'd make the change in 2.1.10, if at all. It's a relatively rare
problem compared to other issues seen regularly on the list.
I think the RPM spec file (and the deb files) could include a script
which would detect the an old modules directory layout and convert it to
modules-{available,enabled} layout automatically during a package
upgrade.
Sure...
Also, I was just looking at our RPM spec file and I noticed that files
in /etc/raddb/sites-enabled (which should just be symlinks) are marked
as config(noreplace) which means RPM will leave backup files there
instead of treating sites-enabled as just a collection of symlinks to be
left alone. I think this represents a packaging bug on my end. However I
noticed the suse freeradius.spec file in the freeradius-server tarballs
also have the exact same config(noreplace) in raddb/sites-enabled so
that packaging bug seems universal.
Sure. Not everyone uses symlinks in sites-enabled. Some put files
there directly.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
-
|JJohnny RANDRIAMAMPIONONA |
| Phone: +212663682554|
| National School of Applied Sciences |
| 1818 TANGIER 9 |
||
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Dear All,
I am about deploying an AAA services: All authentication is centralized on
my freeradius-server (on debian lenny), in the green zone behind ipcop in
which I installed ipcop addons called copspot ( like chilispot) for the
captive portal.
The authentication worked well locally against openldap (in the same
server). When an user try to connect to internet in the Blue Zone (WLAN),
it generates the following error in the radius-server. I am really stuck
here, any help will be welcome.
Thu Apr 22 14:14:51 2010 : Debug: }
Thu Apr 22 14:14:51 2010 : Debug: Listening on authentication address * port
1812
Thu Apr 22 14:14:51 2010 : Debug: Listening on accounting address * port
1813
Thu Apr 22 14:14:51 2010 : Debug: Listening on proxy address * port 1814
Thu Apr 22 14:14:51 2010 : Info: Ready to process requests.
rad_recv: Access-Request packet from host 192.168.2.1 port 32790, id=0,
length=216
User-Name = kkigor14
CHAP-Challenge = 0xd12e07a5f57980aa86a4aa049fc7bb40
CHAP-Password = 0x0005cff525e5508c82bc3ebb315c0b09e5
NAS-IP-Address = 0.0.0.0
Service-Type = Login-User
Framed-IP-Address = 192.168.4.7
Calling-Station-Id = 00-21-63-6B-C8-40
Called-Station-Id = 00-08-74-D4-7A-F5
NAS-Identifier = nas01
Acct-Session-Id = 4bd058be0003
NAS-Port-Type = Wireless-802.11
NAS-Port = 3
Message-Authenticator = 0x5d8d6302e9684a55c2db247bdafc022e
WISPr-Logoff-URL = http://192.168.4.1:3990/logoff;
Thu Apr 22 14:17:59 2010 : Info: +- entering group authorize {...}
Thu Apr 22 14:17:59 2010 : Info: ++[preprocess] returns ok
Thu Apr 22 14:17:59 2010 : Info: [auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -
/var/log/freeradius/radacct/192.168.2.1/auth-detail-20100422
Thu Apr 22 14:17:59 2010 : Info: [auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/freeradius/radacct/192.168.2.1/auth-detail-20100422
Thu Apr 22 14:17:59 2010 : Info: [auth_log] expand: %t - Thu Apr 22
14:17:59 2010
Thu Apr 22 14:17:59 2010 : Info: ++[auth_log] returns ok
Thu Apr 22 14:17:59 2010 : Info: [suffix] No '@' in User-Name = kkigor14,
looking up realm NULL
Thu Apr 22 14:17:59 2010 : Info: [suffix] No such realm NULL
Thu Apr 22 14:17:59 2010 : Info: ++[suffix] returns noop
Thu Apr 22 14:17:59 2010 : Info: [eap] No EAP-Message, not doing EAP
Thu Apr 22 14:17:59 2010 : Info: ++[eap] returns noop
Thu Apr 22 14:17:59 2010 : Info: ++[unix] returns notfound
Thu Apr 22 14:17:59 2010 : Info: [ldap] performing user authorization for
kkigor14
Thu Apr 22 14:17:59 2010 : Info: [ldap] expand:
%{Stripped-User-Name} -
Thu Apr 22 14:17:59 2010 : Info: [ldap] ... expanding second
conditional
Thu Apr 22 14:17:59 2010 : Info: [ldap] expand: %{User-Name} -
kkigor14
Thu Apr 22 14:17:59 2010 : Info: [ldap] expand:
(uid=%{%{Stripped-User-Name}:-%{User-Name}}) - (uid=kkigor14)
Thu Apr 22 14:17:59 2010 : Info: [ldap] expand: dc=csimaroc, dc=lan
- dc=csimaroc, dc=lan
Thu Apr 22 14:17:59 2010 : Debug: [ldap] ldap_get_conn: Checking Id: 0
Thu Apr 22 14:17:59 2010 : Debug: [ldap] ldap_get_conn: Got Id: 0
Thu Apr 22 14:17:59 2010 : Debug: [ldap] attempting LDAP reconnection
Thu Apr 22 14:17:59 2010 : Debug: [ldap] (re)connect to 127.0.0.1:389,
authentication 0
Thu Apr 22 14:17:59 2010 : Debug: [ldap] bind as / to 127.0.0.1:389
Thu Apr 22 14:17:59 2010 : Debug: [ldap] waiting for bind result ...
Thu Apr 22 14:17:59 2010 : Debug: [ldap] Bind was successful
Thu Apr 22 14:17:59 2010 : Debug: [ldap] performing search in dc=csimaroc,
dc=lan, with filter (uid=kkigor14)
Thu Apr 22 14:17:59 2010 : Info: [ldap] No default NMAS login sequence
Thu Apr 22 14:17:59 2010 : Info: [ldap] looking for check items in
directory...
Thu Apr 22 14:17:59 2010 : Debug: [ldap] sambaNtPassword - NT-Password ==
0x4535334337353245323438413034353342353531353646383131303237453139
Thu Apr 22 14:17:59 2010 : Debug: [ldap] sambaLmPassword - LM-Password ==
0x4432433038394334374245444535364641414433423433354235313430344545
Thu Apr 22 14:17:59 2010 : Info: [ldap] looking for reply items in
directory...
Thu Apr 22 14:17:59 2010 : Debug: WARNING: No known good password was
found in LDAP. Are you sure that the user is configured correctly?
Thu Apr 22 14:17:59 2010 : Info: [ldap] user kkigor14 authorized to use
remote access
Thu Apr 22 14:17:59 2010 : Debug: [ldap] ldap_release_conn: Release Id: 0
Thu Apr 22 14:17:59 2010 : Info: ++[ldap] returns ok
Thu Apr 22 14:17:59 2010 : Info: ++[expiration] returns noop
Thu Apr 22 14:17:59 2010 : Info: ++[logintime] returns noop
Thu Apr 22 14:17:59 2010 : Info: [pap] Normalizing NT-Password from hex
encoding
Thu Apr 22 14:17:59 2010 : Info: [pap] Normalizing LM-Password from hex
encoding
Thu Apr 22 14:17:59 2010 : Info: [pap] No clear-text password in the
request. Not performing PAP.
Thu Apr 22 14:17:59 2010 :
Re: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Hi again List, Thank very much Alan, I am so sorry if I am a little bit bothering ... but all seems to be jumbled in my head. So I have some questions: - is the cipher login/password which comes from CopSpot(or any captive portal) deciphered before ipcop sends it to freeradius-server? (It's a kind of question which can not be asked here but ... never know) - the authentication type set in ipcop is just radius (and its ip), so I don't understand why the packet contains CHAP? according to http://deployingradius.com/documents/configuration/active_directory.html, centralizing the authentication in samba will work fine, but I want to do it against ldap. I think, what's wrong here is that I added users by smbldap-useradd, not simply ldapadd (which won't work actually, it says: invalid credentials) ... - So how can I force freeradius to use pap (to be able to authenticate it against ldap) even the passwd/login is tls ciphered (from chilispot)I m really convinced that that's not possible, even senseless but I have to know why ... Finally, once again, I really want to thank the list for your availability, the freeradius dev. team, because this is a success for the open source community. Thanks, On Thu, Apr 22, 2010 at 4:45 PM, Alan DeKok al...@deployingradius.comwrote: Johnny R wrote: The authentication worked well locally against openldap (in the same server). When an user try to connect to internet in the Blue Zone (WLAN), it generates the following error in the radius-server. I am really stuck here, any help will be welcome. Look at the debug log. The packet contains CHAP, and the database has only NT-Password and LM-Passwords. They are simply not compatible: http://deployingradius.com/documents/protocols/compatibility.html Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- - |JJohnny RANDRIAMAMPIONONA | | Phone: +212663682554| | National School of Applied Sciences | | 1818 TANGIER 9 | || - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: That's my AAA model
nice post ... thx On Wed, Dec 2, 2009 at 2:59 PM, Wagner Pereira wpere...@pop-sp.rnp.brwrote: Hi, folks. I hope that can help begginers to understand better how the AAA model works: http://twitpic.com/ru4za/full And how I implemented that in my case. Hugs. -- Wagner Pereira PoP-SP/RNP - Ponto de Presença da RNP em São Paulo CCE/USP - Centro de Computação Eletrônica da Universidade de São Paulo http://www.pop-sp.rnp.br f...@rnp 1015-8902 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- - |JJohnny RANDRIAMAMPIONONA | | Phone: +212663682554| | National School of Applied Sciences | | 1818 TANGIER 9 | || - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: WLAN - Freeradius - OpenLDAP - VLANs
Freeradius work well with openldap but only with cleartext password (PAP). Best regards! 2009/11/9 _Stefan_H stefanh...@networld.at First I know my english is not the best, but i hope you will understand it. In the course of a project i have to make an authentification against a freeradius server for the WLAN Users. On the Server(OpenSUSE11.1) is a LDAP Directory and i want that the WLAN Users have to authentificate with their accounts. After the successful authentification they will be put into an other VLAN, that they can use their homedirectories. I would like to know how I should do it, because i inform me about the Authentification Types(EAP-TLS,TTLS,PEAP) and know I am totally confused which i have to configure at the freeradius Server. I think that PEAP would be the easiest, but I really don't know which can be used whth a dynamic VLAN. http://old.nabble.com/file/p26230857/1.jpeg The AP is an Linksys WRT-54-GS and the Switch is an CISCO-2950 -- View this message in context: http://old.nabble.com/WLANFreeradiusOpenLDAPVLANs-tp26230857p26230857.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- JJohnny RANDRIAMAMPIONONA Phone: +212663682554, +212533158575 National School of Applied Sciences ZIP 1818 TANGIER 9 -Morocco --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: acct_postgresql+auth_ldap
understood 2009/10/13 Rakotomandimby Mihamina miham...@gulfsat.mg 10/09/2009 04:05 PM, José Johnny RANDRIAMAMPIONONA:: Thank u guys! Please keep us in touch. and if you kept some history of what you've done, I am interested in. -- Architecte Informatique chez Blueline/Gulfsat: Administration Systeme, Recherche Developpement +261 34 29 155 34 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- JJohnny RANDRIAMAMPIONONA Phone: +212663682554, +212533158575 National School of Applied Sciences ZIP 1818 TANGIER 9 -Morocco --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
acct_postgresql+auth_ldap
Hi all, I d like to know if someone has already tried to do the accounting (only accounting) thing with postgres and authentication with OpenLdap? There is nothing on wiki ... I am wondering if I have to write some scripts to save the user id, his connection duration ect ...in postgres database.I want to implement the following situation: I don't care what my ldap_server ll return when a user sends a access request packet, but I want to save the name, passwd, the connection duration(so at this time I initialize the connection time which will be incremented until the disconnection time ). Your opinions will be very useful for me. -- JJohnny R Phone: +212663682554, +212533158575 National School of Applied Sciences ZIP 1818 TANGIER 9 -Morocco --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: acct_postgresql+auth_ldap
Thank u guys! 2009/10/9 Ivan Kalik t...@kalik.net I am wondering if I have to write some scripts to save the user id, his connection duration ect ...in postgres database. No. Just configure postgre in sql.conf and uncoment sql entries in radiusd.conf and accounting section of default virtual server. Schema for the database is provided. I want to implement the following situation: I don't care what my ldap_server ll return when a user sends a access request packet, but I want to save the name, passwd, That goes into radacct by default. the connection duration(so at this time I initialize the connection time which will be incremented until the disconnection time ). For that you will need to enable accounting updates on your NAS. If your NAS supports Acct-Interim-Interval you can send it in the Access-Accept. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- JJohnny RANDRIAMAMPIONONA Phone: +212663682554, +212533158575 National School of Applied Sciences ZIP 1818 TANGIER 9 -Morocco --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Start Freeradius at boot
I think that editing /etc/rc.local will start freeradius as a service. u v just to add sbin/rc.radiusd start . Best 2009/9/30 paul.blal...@gmail.com So I went back to a clean install of Fedora 11, followed the instructions on installing freeradius via yum. Then I issued the command: chkconfig --list radiusd (and got the following) radiusd 0:off 1:off 2:off 3:off 4:off 5:off 6:off so i entered sudo chkconfig radiusd on and then I got chkconfig --list radiusd radiusd 0:off 1:off 2:on 3:on 4:on 5:on 6:off I then restart the computer to verify that it works correctly, and it does not. I still have to log into an account before the service starts. Is there anything else I can try to get this working correctly? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- JJohnny RANDRIAMAMPIONONA Phone: +212663682554, +212533158575 National School of Applied Sciences ZIP 1818 TANGIER 9 -Morocco --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm
Hi Mihamina, It ll take a few days to me to finish the tuto(my training report with it) but if u want I can email it in your Inbox. Anyway, I had two big problems: - I worked on a given server and the running distribution is not really my favorite one. I thought that the server was up to date , I was wrong...And there are many others problems on it ...like unterminated process .. - I installed Freeradius using the .Tar.gz source - 'cause there was already a freeradius running and I was not authorized to remove it(clean) - The ldap server was been already ready before I came and I didn't have any authorization to write or read on it(so I had to use illegal things to understand what was going on in my network) I followed the following steps to solve the problems(generally): - I remove smartly all redundancy things in my system (like freeradius, postg, dialupadmin, etcc ) - I killed all running process or ended it which are in relation with freeradius or something - I reinstall freeradius using the faq - I reinstall all freeradius2-blabla things ...twice. - I checked all modules, and the missing lbildap file : All correct! - I configure /module/ldap, site-enabled/default and commented all useless things like ms-chap (for the test) after debugging the server and doing the test with the user-file all correct now! I am configuring the postgres server for accounting right now(it doesn't work !! ) Best regards 2009/9/30 Rakotomandimby Mihamina miham...@gulfsat.mg 09/30/2009 03:35 AM, José Johnny RANDRIAMAMPIONONA: I solved the problem. I think It ll better to put it in a tutorial or something(I ll do it)! Please, yes. I inted to switch AUTH to LDAP and keep PGSQL for ACCT, your feedback is important to me. -- Architecte Informatique chez Blueline/Gulfsat: Administration Systeme, Recherche Developpement +261 34 29 155 34 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- JJohnny RANDRIAMAMPIONONA Phone: +212663682554, +212533158575 National School of Applied Sciences ZIP 1818 TANGIER 9 -Morocco --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Rlm_ldap not found
Hi, I found the solution (anyway it worked with mine): -try to find what version of openldap is in your system(the default one) by using the basic command. -try to find what packages provides the unfounded shared file. On cenTos u can do it with yum whatprovides blablafile. -if the result is already installed u have to reinstall it, on CentOS u can do that with yum reinstall blablafile. It worked for me ... Thx to the team! Best regards 2009/9/28 Leighton Man l.j@hud.ac.uk Hi all, Hope this is an easy one: Freeradius 2.1.6 on arch linux installed from a package. All is well until I uncomment ldap in the authorise section of sites-enabled/inner-tunnel then I get: /etc/raddb/modules/ldap[29]: Failed to link to module 'rlm_ldap': file not found followed by Failed to find module ldap .. rlm_ldap.so is a symlink to rlm_ldap-2.1.6.so which has the same permissions and is in the same directory as the other modules which load OK (they are also symlinks in the same directory). I've checked for typos until I'm beginning to see them even when they are not there! Radiusd -X shows no errors or warnings and after the ***Loading Virtual Servers message continues linking and instantiating modules up to and including files then the error above. Not easy to post the whole output as I haven't got ftp running yet. Where should I look next? Regards, Leighton --- This transmission is confidential and may be legally privileged. If you receive it in error, please notify us immediately by e-mail and remove it from your system. If the content of this e-mail does not relate to the business of the University of Huddersfield, then we do not endorse it and will accept no liability. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- JJohnny RANDRIAMAMPIONONA Phone: +212663682554, +212533158575 National School of Applied Sciences ZIP 1818 TANGIER 9 -Morocco --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm
Hi all, my special gratitude to Leigh Martell, Alan DeKoK,Alan Buxey, RAKOTOMANDIMBY,Ivan Kalik ,John Dennis .and all the team! I solved the problem. I think It ll better to put it in a tutorial or something(I ll do it)! Best regards 2009/9/28 John Dennis jden...@redhat.com On 09/28/2009 12:32 AM, José Johnny RANDRIAMAMPIONONA wrote: Dear all, I posted this problem a week ago after searching in posted and solved emails like here ( http://www.mail-archive.com/search?q=rlm_ldapl=freeradius-us...@lists.cistron.nlstart=40 http://www.mail-archive.com/search?q=rlm_ldapl=freeradius-us...@lists.cistron.nlstart=40 ). I have already asked but the answers were not effective... Anyway, I d like to express my gratitude to those who have tried to read and respond to my problems ! So I m asking myself if : Using LDAP with freeradius is it something new or something? My problem is about the ldap library for freeradius (libldap which is needed by rlm_ldap) ... What should I do to install and configure it 'cause it's not in the freeradius-server package(I rebuilt it 5 times and I paid attention to the output? If I ll receive the same answers I received before then maybe the problem is in my operating system(CentOsV5.3) Thanks to all ... Best regards ... NB: I am fed up of this bug! Neeed help! This is *not a bug*. This is a lack of your understanding how open source tools work. In your original post you suggested the configure script should go out and install any missing libraries. This indicates you have a lack of understanding of how the tools work. This is the most likely reason people didn't respond to your first query. It's your responsibility to invest the time to learn this material. The FreeRADIUS list is not the place to learn how GNU autotools works, how packages are distributed, what build dependencies are, how they are resolved, etc. There are plenty of places on the web to learn this material. The FreeRADIUS list exits to help users configure and deploy FreeRADIUS, it presumes you come to the table with a set of prerequisite knowledge. Since you are using CentOS the information contained on this wiki would have been of great help to you, did you read it? http://wiki.freeradius.org/Red_Hat_FAQ It won't have answered all the information you need, but it would have helped you get started in the right direction. If you had read it you might also have learned you didn't need to go through the agony of trying to build FreeRADIUS yourself, you could have just installed the pre-built packages we've already provided. You would have also learned how using yum as the installer will guarantee prerequisite dependencies are resolved thus relieving you of yet another stumbling block. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- JJohnny RANDRIAMAMPIONONA Phone: +212663682554, +212533158575 National School of Applied Sciences ZIP 1818 TANGIER 9 -Morocco --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Rlm_ldap not found
this rlm_ldap is weird ... I have the same problem, and I m still on it ... Hope the team ll be nice to show us the solution ... Best 2009/9/28 Leighton Man l.j@hud.ac.uk do you have multiple copied of freeradius installed? did you install it from source at some pint - or from another package? No and No i'm not the package maintainer so cant say how your chosen package was compiled... i build from source Think I should too. I compiled it on solaris so linux should be a breeze! I was hoping for a shortcut :-( Thanks again, Leighton --- This transmission is confidential and may be legally privileged. If you receive it in error, please notify us immediately by e-mail and remove it from your system. If the content of this e-mail does not relate to the business of the University of Huddersfield, then we do not endorse it and will accept no liability. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- JJohnny RANDRIAMAMPIONONA Phone: +212663682554, +212533158575 National School of Applied Sciences ZIP 1818 TANGIER 9 -Morocco --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm
Dear all, I posted this problem a week ago after searching in posted and solved emails like here ( http://www.mail-archive.com/search?q=rlm_ldapl=freeradius-us...@lists.cistron.nlstart=40 ). I have already asked but the answers were not effective... Anyway, I d like to express my gratitude to those who have tried to read and respond to my problems ! So I m asking myself if : Using LDAP with freeradius is it something new or something? My problem is about the ldap library for freeradius (libldap which is needed by rlm_ldap) ... What should I do to install and configure it 'cause it's not in the freeradius-server package(I rebuilt it 5 times and I paid attention to the output? If I ll receive the same answers I received before then maybe the problem is in my operating system(CentOsV5.3) Thanks to all ... Best regards ... NB: I am fed up of this bug! Neeed help! -- JJohnny RANDRIAMAMPIONONA Phone: +212663682554, +212533158575 National School of Applied Sciences ZIP 1818 TANGIER 9 -Morocco --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Failed to link to module rlm_ldap
I tried to upgrade freeradius-server-2.1.6 to freeradius-server-2.1.7 and it worked well (in localhost) without ldap.Then I tried to use the old version (2.1.6) but it doesn't work anymore: *Thu Sep 24 13:32:16 2009 : Error: /usr/local/freeradius-server-2.1.6//etc/raddb/ modules/ldap[29]: Failed to link to module 'rlm_ldap': libldap_r-2.3.so.0: canno t open shared object file: No such file or directory Thu Sep 24 13:32:16 2009 : Error: /usr/local/freeradius-server-2.1.6//etc/raddb/ sites-enabled/default[286]: Failed to find module ldap. Thu Sep 24 13:32:16 2009 : Error: /usr/local/freeradius-server-2.1.6//etc/raddb/ sites-enabled/default[286]: Failed to parse ldap entry. Thu Sep 24 13:32:16 2009 : Error: Errors initializing modules* I rebuild it and ( ./configure --prefix=/usr/local/freeradius-server.2.1.6/) and it seems that there is library problem(I had this kind of problem in the past, but I forgot what I did to fix it). * configure: WARNING: pcap library not found, silently disabling the RADIUS sniffer. config.status: WARNING: ./Make.inc.in seems to ignore the --datarootdir setting config.status: WARNING: ./src/include/build-radpaths-h.in seems to ignore the --datarootdir setting configure: WARNING: silently not building rlm_eap_ikev2. configure: WARNING: FAILURE: rlm_eap_ikev2 requires: libeap-ikev2 EAPIKEv2/connector.h. configure: WARNING: the TNCS library isn't found! configure: WARNING: silently not building rlm_eap_tnc. configure: WARNING: FAILURE: rlm_eap_tnc requires: -lTNCS. configure: WARNING: silently not building rlm_ldap. configure: WARNING: FAILURE: rlm_ldap requires: libldap_r ldap.h. configure: WARNING: silently not building rlm_sql_iodbc. configure: WARNING: FAILURE: rlm_sql_iodbc requires: libiodbc isql.h. configure: WARNING: MySQL libraries not found. Use --with-mysql-lib-dir=path. configure: WARNING: MySQL headers not found. Use --with-mysql-include-dir=path. configure: WARNING: silently not building rlm_sql_mysql. configure: WARNING: FAILURE: rlm_sql_mysql requires: libmysqlclient_r mysql.h. configure: WARNING: silently not building rlm_sql_postgresql. configure: WARNING: FAILURE: rlm_sql_postgresql requires: libpq-fe.h libpq. configure: WARNING: oracle headers not found. Use --with-oracle-home-dir=path. configure: WARNING: silently not building rlm_sql_oracle. configure: WARNING: FAILURE: rlm_sql_oracle requires: oci.h.* -- JJohnny RANDRIAMAMPIONONA Phone: +212663682554, +212533158575 National School of Applied Sciences ZIP 1818 TANGIER 9 -Morocco --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Failed to link to module rlm_ldap
ldconfig -v | grep radius doesn't give any output --- I think that installing libldap library may be the solution ...but I can' t find it in any packages ... --- Is there any way to configure it (./config) during the installation to install the missing library ... Plz ...need help. 2009/9/24 Nicolas Goutte nicolas.gou...@extragroup.de Have you tried to run ldconfig, possibly on the directory where libldap_r.so is? [...] Have a nice day! Nicolas Goutte extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- JJohnny RANDRIAMAMPIONONA Phone: +212663682554, +212533158575 National School of Applied Sciences ZIP 1818 TANGIER 9 -Morocco --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radwho doesn't work
Hi all, Systems: CentOs v5.3, FreeRadius-server-2.1.6 + Openldap I d like to know who are logged on(uid, duration ...) so I did radwho but it said that the radutmp file is not found ... radwho: Error reading /usr/local/freeradius-server-2.1.6/var/log/radius/radutmp: No such file or directory Can anyone help me?I checked in the indicated directory and it was right (anyway, it's temporary file) Best regards! -- JJohnny RANDRIAMAMPIONONA Phone: +212663682554, +212533158575 National School of Applied Sciences ZIP 1818 TANGIER 9 -Morocco --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RADIUS-LDAPv3.schema not found
Hi All, I downloaded and installed freeradius-server-2.1.6 but I can-t find the radius schema to copy it in ldap directory. Help! Best regards! -- JJohnny R. Beginner vasian...@gmail.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RADIUS-LDAPv3.schema not found
Thank you! I finally found it : *ll /usr/local/freeradius-server-2.1.6/share/doc/freeradius/examples/ -rw-r--r-- 1 root root 11087 jui 29 23:42 iplanet.ldif -rw-r--r-- 1 root root 12452 jui 29 23:42 iplanet.schema -rw-r--r-- 1 root root 13814 jui 29 23:42 openldap.schema -rw-r--r-- 1 root root 1005 jui 29 23:42 postgresql_update_radacct_group_trigger.sql* -- JJohnny R. vasian...@gmail.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[no subject]
Hi All, I have suffered enough, now I d like to expose my nightmare. Freeradius-server-2.1.6 + OpenLdap. Both of the servers work perfectly, there is no firewall between them or something that can block the traffic: All Correct! but the server still has no response with the weird radclient message ! At the radius debug , authentication is mentioned as successfully (bind was successfully) What's going on ? Best! -- JJohnny R. vasian...@gmail.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
urgent
Hi all,
I have already tested the ldap server and everything works well and the
radius authentication server works very well locally and with the user file.
My ldap adn radius server are not on the same machine. I tried to solve it
but it still doesn't work.
The log is as follows:
( freeradius-server 2.1.6 + OpenLdap + CentOs v.3.5*)
**
--
Sat Aug 8 16:44:40 2009 : Debug: Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 50760, id=186,
length=58
User-Name = user
User-Password = mypass
NAS-IP-Address = 10.1.1.12
NAS-Port = 0
Sat Aug 8 17:05:09 2009 : Info: +- entering group authorize {...}
Sat Aug 8 17:05:09 2009 : Info: ++[preprocess] returns ok
Sat Aug 8 17:05:09 2009 : Info: ++[chap] returns noop
Sat Aug 8 17:05:09 2009 : Info: ++[mschap] returns noop
Sat Aug 8 17:05:09 2009 : Info: [suffix] No '@' in User-Name = user,
looking up realm NULL
Sat Aug 8 17:05:09 2009 : Info: [suffix] No such realm NULL
Sat Aug 8 17:05:09 2009 : Info: ++[suffix] returns noop
Sat Aug 8 17:05:09 2009 : Info: [eap] No EAP-Message, not doing EAP
Sat Aug 8 17:05:09 2009 : Info: ++[eap] returns noop
Sat Aug 8 17:05:09 2009 : Info: ++[unix] returns notfound
Sat Aug 8 17:05:09 2009 : Info: ++[files] returns noop
Sat Aug 8 17:05:09 2009 : Info: [ldap] performing user authorization for
user
Sat Aug 8 17:05:09 2009 : Info: [ldap] WARNING: Deprecated conditional
expansion :-. See man unlang for details
Sat Aug 8 17:05:09 2009 : Info: [ldap] expand:
(uid=%{Stripped-User-Name:-%{User-Name}}) - (uid=user)
Sat Aug 8 17:05:09 2009 : Info: [ldap] expand:
ou=People,dc=uae,dc=ac,dc=ma - ou=People,dc=uae,dc=ac,dc=ma
Sat Aug 8 17:05:09 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Sat Aug 8 17:05:09 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Sat Aug 8 17:05:09 2009 : Debug: rlm_ldap: attempting LDAP reconnection
Sat Aug 8 17:05:09 2009 : Debug: rlm_ldap: (re)connect to
ldap.uae.ac.ma:389, authentication 0
Sat Aug 8 17:05:09 2009 : Debug: rlm_ldap: bind as / to ldap.uae.ac.ma:389
Sat Aug 8 17:05:25 2009 : Debug: rlm_ldap: waiting for bind result ...
Sat Aug 8 17:05:25 2009 : Debug: rlm_ldap: Bind was successful
Sat Aug 8 17:05:25 2009 : Debug: rlm_ldap: performing search in
ou=People,dc=uae,dc=ac,dc=ma, with filter (uid=user)
Sat Aug 8 17:05:25 2009 : Info: [ldap] looking for check items in
directory...
Sat Aug 8 17:05:25 2009 : Info: [ldap] looking for reply items in
directory...
Sat Aug 8 17:05:25 2009 : Debug: WARNING: No known good password was
found in LDAP. Are you sure that the user is configured correctly?
Sat Aug 8 17:05:25 2009 : Info: [ldap] Setting Auth-Type = LDAP
Sat Aug 8 17:05:25 2009 : Info: [ldap] user user authorized to use remote
access
Sat Aug 8 17:05:25 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Sat Aug 8 17:05:25 2009 : Info: ++[ldap] returns ok
Sat Aug 8 17:05:25 2009 : Info: ++[expiration] returns noop
Sat Aug 8 17:05:25 2009 : Info: ++[logintime] returns noop
Sat Aug 8 17:05:25 2009 : Info: [pap] WARNING! No known good password
found for the user. Authentication may fail because of this.
Sat Aug 8 17:05:25 2009 : Info: ++[pap] returns noop
Sat Aug 8 17:05:25 2009 : Info: Found Auth-Type = LDAP
Sat Aug 8 17:05:25 2009 : Info: +- entering group LDAP {...}
Sat Aug 8 17:05:25 2009 : Info: [ldap] login attempt by user with
password mypass
Sat Aug 8 17:05:25 2009 : Info: [ldap] user DN:
uid=user,ou=People,dc=uae,dc=ac,dc=ma
Sat Aug 8 17:05:25 2009 : Debug: rlm_ldap: (re)connect to
ldap.uae.ac.ma:389, authentication 1
Sat Aug 8 17:05:25 2009 : Debug: rlm_ldap: bind as
uid=user,ou=People,dc=uae,dc=ac,dc=ma/mypass to ldap.uae.ac.ma:389
Sat Aug 8 17:05:40 2009 : Debug: rlm_ldap: waiting for bind result ...
Sat Aug 8 17:05:40 2009 : Debug: rlm_ldap: Bind was successful
Sat Aug 8 17:05:40 2009 : Info: [ldap] user user authenticated succesfully
Sat Aug 8 17:05:40 2009 : Info: ++[ldap] returns ok
Sat Aug 8 17:05:40 2009 : Info: +- entering group post-auth {...}
Sat Aug 8 17:05:40 2009 : Info: ++[exec] returns noop
Sending Access-Accept of id 186 to 127.0.0.1 port 50760
Sat Aug 8 17:05:40 2009 : Info: Finished request 0.
Sat Aug 8 17:05:40 2009 : Debug: Going to the next request
Sat Aug 8 17:05:40 2009 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 50760, id=186,
length=58
Sat Aug 8 17:05:40 2009 : Info: Sending duplicate reply to client localhost
port 50760 - ID: 186
Sending Access-Accept of id 186 to 127.0.0.1 port 50760
Sat Aug 8 17:05:40 2009 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 50760, id=186,
length=58
Sat Aug 8 17:05:40 2009 : Info: Sending duplicate reply to client localhost
port 50760 - ID: 186
Sending Access-Accept of id 186 to 127.0.0.1 port 50760
Sat
Re: urgent
U are right! It works with the userfile! I don't know exactly what's wrong because the LDAP server works with another application: it means that maybe the problem is in the configuration! (I followed the faq!) Help! 2009/8/4 Alan DeKok al...@deployingradius.com RANDRIAMAMPIONONA José Johnny wrote: Hi everyone, I ve just setup freeradius-server 2.1.6 + OpenLdap. Everything seems to be cool without the output which looks like contradictory. The */output of radtest blabla ect ../* proves that there is no response from the server. Then the server gives these lines: ... Sun Aug 2 14:37:09 2009 : Info: [ldap] login attempt by ytabaa with password coucou Sun Aug 2 14:37:09 2009 : Info: [ldap] user DN: uid=ytabaa,ou=People,dc=uae,dc=ac,dc=ma Sun Aug 2 14:37:09 2009 : Debug: rlm_ldap: (re)connect to ldap.uae.ac.ma:389, authentication 1 Sun Aug 2 14:37:09 2009 : Debug: rlm_ldap: bind as uid=ytabaa,ou=People,dc=uae,dc=ac,dc=ma/passwd to ldap.uae.ac.ma:389 Does anyone know what's wrong in my configuration? The output seems relatively obvious. FreeRADIUS tries to contact the LDAP server, and then everything stops. Install an LDAP server that works. Is it the expiration in the configuration file that I have to expand (what file?) to give a server a possibility to response? Follow the example in the FAQ, add an entry in the users file, and DON'T use ldap. It should work. This will prove that FreeRADIUS works, and that the LDAP server doesn't work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- JJohnny R. vasian...@gmail.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: urgent
thx I lltry again! 2009/8/4 Rakotomandimby Mihamina miham...@gulfsat.mg 08/04/2009 07:16 PM, RANDRIAMAMPIONONA José Johnny:: U are right! It works with the userfile! I don't know exactly what's wrong because the LDAP server works with another application: it means that maybe the problem is in the configuration! (I followed the faq!) Help! Now then its more about: http://www.umich.edu/~dirsvcs/ldap/mailinglist.htmlhttp://www.umich.edu/%7Edirsvcs/ldap/mailinglist.html http://www.openldap.org/lists/ -- Architecte Informatique: Administration Systeme, Recherche Developpement + 261 32 11 401 65 Pensez a l'environnement avant d'imprimer ce message - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- JJohnny R. vasian...@gmail.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
phpRadmin,dialupAdmin?
Hello, Does anyone know if these projects still active! In fact , I d like to install it on my server but it looks like non-existent! Thanks! Sincerly! -- JJohnny R. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
urgent
Greetings, It makes two days that I tried to find something about dialupadmin installation (with LDAP) but it was in vain. I thought that I can replace it with something like phpRadmin but phpRadmin web site doesn't work(maybe in my country or...): I was not able to download the source. It will be helpfull if someone gives me some steps to follow or some web site where I can find a guide ... Best regards ... Free 4ever! -- JJohnny R. vasian...@gmail.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Captive portal: can I use chap or pap in conjunction with ntlm_auth?
Hi everyone, I have a problem concerning my configuration and I am wondering if somebody can help me. --- *freeradius-server-2.1.6* is installed without warning on* CentOS v5.3*...configured on localhost and tested. Everything's OK. For the authentication I d like to use openldap which is already ready. I tested it and it work(on *ldap.uae.ac.ma*: you can check it). I installed my freeradius in /usr/local/freeradius-server-2.1.6...So I edit the following files: *ldap* in */usr/local/freeradius-server.2.16/etc/raddb/modules/ldap* *raidusd.conf* in */usr/local/freeradius-server-2.1.6/etc/radiusd.conf* *default* in * /usr/local/freeradius-server-2.1.6/etc/raddb/sites-enabled/default* to have the appropriate configuration ... When I execute /usr/local/freeradius-server-2.1.6/sbin/radiusd -XXX to start(in debug mode) the server it gives the following error: *failed to link to module 'rlm_ldap':rlm_ldap.so:cannot open shared object file :No such file or directory* there are another errors after it but, if this one is solved so ...everything ll be ok. I am bored and I don't know what to do: I found in another topic that I'll have to rebuild and re-install my server ...Is that true?Is there another solution? thx. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_ldap not found
Hi everyone, I have a problem concerning my configuration and I am wondering if somebody can help me. -- - *freeradius-server-2.1.6* is installed without warning on* CentOS v5.3*...configured on localhost and tested. Everything's OK. For the authentication I d like to use openldap which is already ready. I tested it and it work(on *ldap.uae.ac.ma*: you can check it). I installed my freeradius in /usr/local/freeradius-server-2.1.6...So I edit the following files: *ldap* in */usr/local/freeradius-server.2.16/etc/raddb/modules/ldap* *raidusd.conf* in */usr/local/freeradius-server-2.1.6/etc/radiusd.conf* *default* in * /usr/local/freeradius-server-2.1.6/etc/raddb/sites-enabled/default* to have the appropriate configuration ... When I execute /usr/local/freeradius-server-2.1.6/sbin/radiusd -XXX to start(in debug mode) the server it gives the following error: *failed to link to module 'rlm_ldap':rlm_ldap.so:cannot open shared object file :No such file or directory* there are another errors after it but, if this one is solved so ...everything ll be ok. I am bored and I don't know what to do: I found in another topic that I'll have to rebuild and re-install my server ...Is that true?Is there another solution? thx. -- JJohnny R. vasian...@gmail.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Termination when there is no traffic
Hi there, I've got a little proiblem with my radius server. I use it for dial-in accounts via ISDN. I've the problem that connections are terminated automatically when no traffic is on the line. The authentification works without problems, but I do not know which parameter I have to change so that connections wont be terminated automatically anymore. Could anyone help me with this? Thank you! Regards, John - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help appreciated (accounting only data)
Hello I am new to this list and I wondering if a topic has been touched on yet or if anyone can help with a question. Has anyone setup radiator to only receive accounting data from multiple locations? We are currently running Radiator 3.3.1, I know its old but for the time being we need this version. We need to accept accounting data from about 8 different locations. I am looking for an example config if anyone has one. We are currently logging our accounting data to an SQL server remote from the actual radius servers. Has anyone setup radiator to send accounting data to two different locations? This will also help as I know a few of these other locations are currently using radiator. Thank you for your help on this topic. If I am missing important information that is needed to help please let me know and I will update my post. Thank you. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
