Re: Session-timeout problem
Mitul, >I have tried this configuration and it's working fine with radtest but Glad to hear you have this working with radtest. This means you have this functionality properly configured on the FreeRADIUS side now. >Ever i am getting session time out value on AP side also but during the change request time . actually i want the session time out in >accept-access time. >is it the normal scenario? >can you help me in this case? With the configuration I showed, FreeRADIUS will send the Session-Timeout attribute to the AP in an Access-Accept packet, in response to the AP sending an Access-Request packet to FreeRADIUS that is accepted. I'm not sure what you're referring to when you say change request time. Can you elaborate? It sounds like you may have a configuration issue on the AP side. Unfortunately, if this is an AP configuration issue, I doubt I'd be of much help. On the AP side, I've only worked with the ChilliSpot network access server (used for WiFi hotpots). Regards, Will D. Spann - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Session-timeout problem
>i have tried this thing but when i am doing so its taking this as a default entry and giving error for user name and password >i have entered username and cleartext-password in user file. Could you post your users file (with any non-testing passwords starred out of course)? My apologies; let me add a clarification. If your user entries in the users file don't have the "Fall-Through = Yes" attribute set, putting the DEFAULT section at the end of the file won't apply the Session-Timeout to the users. However, it shouldn't cause an error. Have you tried testing without the DEFAULT section, using a user with Cleartext-Password? I've tested the following configuration on FreeRADIUS 2.1.1 with success. testCleartext-Password := "testing" Fall-Through = Yes DEFAULT Session-Timeout = 60 Try testing this with radtest, such as the following, where "testing123" is your shared secret and the server is running on localhost. This should return an Access-Accept message with Session-Timeout specified. (I assume you're also running the server with debug output, as "radiusd -X".) radtest test testing localhost 0 testing123 If you don't want to add the Fall-Through attribute to each of your user entries, you could instead use the following modified DEFAULT section near the top of the users file, before all the authorized user entries. I've also tested this configuration. (Note the comma.) DEFAULT Session-Timeout = , Fall-Through = Yes >also i have configured the mysql database for authentication and accounting. so at that time i am getting error "no User-password or >CHAP-password" in request. Are you using both the users file and MySQL for authentication, or are you testing each setup separately? I'd recommend getting FreeRADIUS working with the users file alone before setting up database-based authentication. Will D. Spann - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Session-timeout problem
Mitul Modi, >i am new to free radius. can any one help how i can cinfigure Session-Timeout? >i am using EAP-TTLS with chap password. >i have added credentials for user name and password in users file. To apply a Session-Timeout to all the users in your 'users' file, add the following entry after the user entries. DEFAULT Session-Timeout = Enter a number in seconds for . This should do the trick. Will D. Spann - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Installation Problem
Alan DeKok, Marcelo Freitas, >> I'm getting the same Make error when I try to compile this version >> (v2.1.3) on openSUSE 11.1 (x64). I took your advice to Marcelo & >> restarted from a fresh source tree, but got the same result both times. >> The ./configure script ran without errors. Here's a bit more of the >> output I got. > Hm... I'm not sure what to say. This is really a libtool / libltdl >problem. It works on all other systems I have access to (*BSD, Linux, >MAC...) I'm not sure if this was a libtool or libltdl issue. I downloaded your latest stable snapshot from the GIT repository (alandekok-freeradius-server-1fba1996886e7cf8188bea59c0f109a763bbc757.tar.gz), and that version built without errors on this platform, using the default configure options. I just thought I should share this change in results. Marcelo, try building this newer version. You can download the latest snapshot (as a tar.gz or zip archive), without needing to use GIT, at "http://git.freeradius.org/";. Regards, Will Spann - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with udpfromto in version 2.1.1 - please help
Alan DeKok, >> Unfortunately, I'm getting the same negative results when running the >> recommended initial radtest test "radtest test test localhost 0 >> testing123". The following is the output I get. >> >> radclient: socket: cannot initialize udpfromto: Function not implemented >> >> I'm not sure where to go from here. I'm still running with the default >> configuration. > You need to re-build the server without support for udpfromto. I read up on udpfromto, and from what I can tell the openSUSE 11.1 (x64) package for v2.1.1 DOESN'T have udpfromto support compiled in. I believe this to be the case, because changing my radiusd.conf so that the server is only listening on a single IP, instead of the default of *, fixed my problem. radtest now gets a reply, and no longer issues an error. With this configuration, udpfromto isn't needed, so there is no more problem. Thanks for pointing me in the right direction. Will Spann - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with udpfromto in version 2.1.1 - please help
Alan, > The comments in radiusd.conf just before that say that the "authorize" >etc. sections are in virtual hosts, and that the "include" line includes >those virtual hosts. I see; thanks for the clarification. This is a departure from how FreeRADIUS 1.0 was configured, where the authenticate and authorize sections resided in the radiusd.conf file. >> Running radiusd -X as root with default settings gives errors related to >> EAP and Diffie-Hellman. I'm running the x64 package from openSUSE 11.1 >> (FreeRADIUS 2.1.1). I have OpenSSL 0.9.8h installed. > Run the "bootstrap" command as root. Thanks for the suggestion. I ran the /etc/raddb/certs/bootstrap script, and it successfully created the self-signed SSL certificates for EAP. Now the Diffie-Hellman errors have gone away, when I run radiusd -X. At this point I was still getting the remaining EAP-related errors. However, I noticed a new "permission denied" error, related to SSL in the rlm_eap module. Based on this, I checked the ownership/permissions of the configuration files and keys in the /etc/raddb folder & below. It turns out they were all set to root.root & r/w for root user only! But the default configuration has radiusd running as the radiusd user, so it couldn't read the files it needed access to. Changing the ownership to root.radiusd and the permissions to r/w for root and read for the radiusd group solved my startup problem. Thanks again. I would never have seen this cause without getting past the SSL key creation issue. Unfortunately, I'm getting the same negative results when running the recommended initial radtest test "radtest test test localhost 0 testing123". The following is the output I get. radclient: socket: cannot initialize udpfromto: Function not implemented I'm not sure where to go from here. I'm still running with the default configuration. Thanks for any additional help. Will Spann The abbreviated radiusd -X output I received PRIOR to fixing the ownership/permissions problem is below, for reference. Now radiusd runs without errors. gcwifi-auth-vm:/etc/raddb # radiusd -X FreeRADIUS Version 2.1.1, for host x86_64-suse-linux-gnu, built on Dec 3 2008 at 13:57:16 [...] rlm_eap: SSL error error:0200100D:system library:fopen:Permission denied rlm_eap_tls: Error reading certificate file /etc/raddb/certs/server.pem rlm_eap: Failed to initialize type tls /etc/raddb/eap.conf[17]: Instantiation failed for module "eap" /etc/raddb/sites-enabled/inner-tunnel[223]: Failed to find module "eap". /etc/raddb/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section. } } Errors initializing modules - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Installation Problem
Alan DeKok, I'm getting the same Make error when I try to compile this version (v2.1.3) on openSUSE 11.1 (x64). I took your advice to Marcelo & restarted from a fresh source tree, but got the same result both times. The ./configure script ran without errors. Here's a bit more of the output I got. .libs/modules.o: In function `setup_modules': /root/tmp/install/freeradius-server-2.1.3/src/main/modules.c:1037: undefined reference to `lt__PROGRAM__LTX_preloaded_symbols' collect2: ld returned 1 exit status Wish I could be of more help. Will Spann From: Alan DeKok To: marcelo...@comcast.net; FreeRadius users mailing list Sent: Monday, February 2, 2009 2:41:08 AM Subject: Re: Installation Problem Marcelo Freitas wrote: > Hello everybody, > > I searched the archive but I couldn't find any other topic similar. Can > someone help me with the installation of FreeRadius 2.1.3 on my Slackware > box ? ... > /home/other/freeradius-server-2.1.3/src/main/modules.c:1037: undefined > reference to `lt__PROGRAM__LTX_preloaded_symbols' Hmm... it looks like some weird libtool issue. I suggest deleting the entire source tree, and re-building from scratch. What OS are you using? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Problem with udpfromto in version 2.1.1 - please help
Ivan Kalik,
>>I should note that in my radiusd.conf file, I'm not including "eap.conf" nor
>>"sites-enabled/", but other than that I have all default settings.
>Well done! By removing /sites-enabled you have stopped the server from
>processing all As from AAA (authentication, authorization and
>accounting) in one masterfull stroke. Now put everything back as it was.
Thanks for the reply. I didn't realize disabling sites-enabled would disable
all AAA services.
Running radiusd -X as root with default settings gives errors related to EAP
and Diffie-Hellman. I'm running the x64 package from openSUSE 11.1 (FreeRADIUS
2.1.1). I have OpenSSL 0.9.8h installed.
The radiusd -X output is listed below. Thanks for any comments on this.
Will
gcwifi-auth-vm:~ # radiusd -X
FreeRADIUS Version 2.1.1, for host x86_64-suse-linux-gnu, built on Dec 3 2008
at 13:57:16
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/ldap
including configuration file /etc/raddb/modules/krb5
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/inner-eap
including configuration file /etc/raddb/modules/radutmp
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/linelog
including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/attr_filter
including configuration file /etc/raddb/modules/detail.log
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/sql.conf
including configuration file /etc/raddb/sql/mysql/dialup.conf
including configuration file /etc/raddb/sql/mysql/counter.conf
including configuration file /etc/raddb/policy.conf
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/default
including configuration file /etc/raddb/sites-enabled/inner-tunnel
group = radiusd
user = radiusd
including dictionary file /etc/raddb/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/radius"
libdir = "/usr/lib64/freeradius"
radacctdir = "/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = "/var/run/radiusd/radiusd.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
