how to use RSA instead of DH?
Hi, I m using freeradius-server 2.1.7. I ve created an openssl engine for doing all the RSA calculations and it is quite fast. But when i use the try to authenticate something it uses DH algorithm also. so how can i make use of only RSA so that my authentication rate is high. What part of the code should i change? Thanks & Regards, Kachin The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd -X
Hey, I am new to this.. wat does this hardware SSL accelerator card do??? where do u get this??? Thanks & Regards, Kachin The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd -X
Hi, After a lot of investigation, i have found the reason for my low auth-rate. The auth-rate i m gettin now is 3/sec. so approx. 330 ms per authentication. this is a radiusd -X : eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 005f], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 0278], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange [peap] TLS_accept: SSLv3 write key exchange A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled But in this 300 millisec, 200 ms is taken up by the above SSL operation. why does this take more time? how can i reduce this time consumed by SSL? Thanks & Regards, Kachin The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd -X
Hi, radiusd -Xx does not work in my case. It shows the timestamp but before it authenticates it gets timed out. It takes a hell lot of time to authenticate when i use radiusd -X. So i itself included all the timestamp code.. Thanx & Regards, Kachin The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd -X
Ok. 1 last thing. I have done some experiments bcoz my auth-rate is low. i ve included timestamps in the freeradius code and in some modules. and i found out - Finished Request 0 : Tue, 15 Dec 2009 07:08:35 0.788477 Going to the next Request : Tue, 15 Dec 2009 07:08:35 0.788649 Waking up in 4.9 seconds : Tue, 15 Dec 2009 07:08:35 0.788866 rad_recv: Access-Request packet from host 127.0.0.1 port 10004, id=9, length=306 : Tue, 15 Dec 2009 07:08:35 0.857346 As u can see from the above timestamp.. when it reaches the finished request 0 the timestamp in milli sec is 788.4ms.so till "waking up in 4.9 sec" it hardly takes 0.4ms But after this "Waking up in 4.9 sec" till the next request "rad_recv" it takes about 70ms. 0.857346 - 0.788866 = ~70 ms What does it do for such a long time till the next request comes in?? Thanks & Regards, Kachin The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd -X
Hi, I have a doubt. If the entire authentication ends in milli seconds then how can it wait for about 4.9 seconds in each handshake.??? Thanks & Regards, Kachin The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radiusd -X
Hi, Whenever i use radiusd -X i get the following : This is a part of radiusd -X Sending Access-Challenge of id 8 to 127.0.0.1 port 10004 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "2" Symbol-User-Group = "moto" Symbol-Downlink-Limit-Kbps = 0 Symbol-Uplink-Limit-Kbps = 0 EAP-Message = 0x010200061920 Message-Authenticator = 0x State = 0x89c2dbc689c0c2620c47c6a69e0623a2 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 127.0.0.1 port 10004, id=9, length=306 User-Name = "kach" Called-Station-Id = "00-15-70-23-F5-34:xtest" Calling-Station-Id = "00-15-70-37-8D-05" NAS-Port = 1 NAS-Port-Type = Wireless-802.11 Framed-MTU = 1400 Service-Type = Framed-User NAS-IP-Address = 127.0.0.1 NAS-Identifier = "RFS4000" Symbol-Wlan-Index = "xtest" Symbol-Attr-4 = "1" NAS-Port-Id = "WLAN1" Connect-Info = "CONNECT 54Mbps 802.11a" State = 0x89c2dbc689c0c2620c47c6a69e0623a2 and etc etc... i did not understand the "waking up in 4.9 sec" ?? Why does it wait for.? can we remove this? Thanx & Regards, Kachin The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with rlm_realm
Hey i m new to freeradius-server. i m quiet confused with it. so i dont know wat configuration files u r talking about. wat should i edit in the configuration files? my authenticatoin rate is low. so i thought there might be some problem with the radius-server. The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with rlm_realm
Hi, I ve not edited any configuration files. I m just using this radius-server on the switch for authentication. i m buliding it without these modules : --without-rlm_attr_filter --without-rlm_digest \ --without-rlm_expr --without-rlm_krb5 --without-rlm_pam --without-rlm_preprocess \ --without-rlm_sim_files --without-rlm_unix \ --without-rlm_cram --without-rlm_fastusers --without-rlm_python --without-rlm_smb \ --without-rlm_x99_token --without-rlm_acct_unique \ --without-rlm_example --without-rlm_passwd --without-rlm_radutmp \ --without-rlm_sql --without-rlm_always --without-rlm_checkval --without-rlm_detail \ --without-rlm_exec --without-rlm_ippool --without-rlm_dbm --without-rlm_ns_mta_md5 --without-rlm_perl --without-rlm_realm --without-rlm_sqlcounter --without-threads --without-rlm_eap_ikev2 --without-rlm_eap_tnc does authentication rate depend on the speed of the processor and all..?? bcoz normally when i run the radius server in my unix box it is pretty fast. but when i run it on a switch it is slow. i m not able to do the performance testing also on my unix system. it show " invalid shell [/dev/null]" how do i add "/dev/null" to /etc/shells?? when i give cat /etc/shells it shows nothing. Thanx & Reagrds, Kachin The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with rlm_realm
Hi, I ve not edited any configuration files. I m just using this radius-server on the switch for authentication. i m buliding it without these modules : --without-rlm_attr_filter --without-rlm_digest \ --without-rlm_expr --without-rlm_krb5 --without-rlm_pam --without-rlm_preprocess \ --without-rlm_sim_files --without-rlm_unix \ --without-rlm_cram --without-rlm_fastusers --without-rlm_python --without-rlm_smb \ --without-rlm_x99_token --without-rlm_acct_unique \ --without-rlm_example --without-rlm_passwd --without-rlm_radutmp \ --without-rlm_sql --without-rlm_always --without-rlm_checkval --without-rlm_detail \ --without-rlm_exec --without-rlm_ippool --without-rlm_dbm --without-rlm_ns_mta_md5 --without-rlm_perl --without-rlm_realm --without-rlm_sqlcounter --without-threads --without-rlm_eap_ikev2 --without-rlm_eap_tnc does authentication rate depend on the speed of the processor and all..?? bcoz normally when i run the radius server in my unix box it is pretty fast. but when i run it on a switch it is slow. i m not able to do the performance testing also on my unix system. it show " invalid shell [/dev/null]" how do i add "/dev/null" to /etc/shells?? when i give cat /etc/shells it shows nothing. Thanx & Reagrds, Kachin The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with rlm_realm
Hi, Ya i tried to build it using --without-rlm_realm, but then too it is building. wat might be the problem?? and ya it takes a very long time when i run the radius server in debugging mode.. what might be the problem for the low authentication rate? how much auth rate approx should i get with freeradius-server 2.1.7? Thanx & Regards, Kachin The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with rlm_realm
Hi, I M using freeradius-server 2.1.7. The authentication rate i m getting is just 4 or 5. when i put a timestamp in each of the modules, i found out that the module "rlm_realm" is called about 12 times in each authentication. That is in each handshake between the mobile unit and the radius server the rlm_realm is called many a times. how can i minimize this so that it is called only once. bcoz i m not using any realms. Thanks & Regards, Kachin The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authentication
Hi, What is the approx authentication rate u get on a good standard hardware using freeradius-server 2.1.7...? Thanx & Regards, Kachin --- On Fri, 20/11/09, kachin Agarwal wrote: From: kachin Agarwal Subject: Authentication To: freeradius-users@lists.freeradius.org Date: Friday, 20 November, 2009, 4:32 PM Hi, I m currently using freeradius-server 2.1.7. when i try to authenticate it takes abt 400 millisec to authenticate. i use peap-mschapv2 for authentication. So in 1 sec the number of devices i can authenticate is jus 4 to 5. so wat to do? should i modify anything in the freeradius code to increase the authentication rate. Thanx & Regards, kachin The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Authentication
Hi, I m currently using freeradius-server 2.1.7. when i try to authenticate it takes abt 400 millisec to authenticate. i use peap-mschapv2 for authentication. So in 1 sec the number of devices i can authenticate is jus 4 to 5. so wat to do? should i modify anything in the freeradius code to increase the authentication rate. Thanx & Regards, kachin The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Compiling freeradius server with static libraries
Hi, How to compile the freeradius server using static library function?? Thanx & Regards, kachin Add whatever you love to the Yahoo! India homepage. Try now! http://in.yahoo.com/trynew- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Learning Freeradius Server
Hi all, I m new to freeradius server. I jus want to understand the flow of freeradius server and how does it run. So somebody could help me start with it on how to read the code. which is the program code to start with. Thanx & Regards, Kachin The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cannot upgade to 2.1.7
Hi, I think i vefound the problem. it is not able to find the gdbm.h file from /usr/include. configuring in src/modules/rlm_counter configure: running /bin/sh ./configure '--prefix=/usr' '--build' 'i686-pc-linux-gnu' '--host' 'mips-xlr-linux-gnu' '--target' 'mips-xlr-linux-gnu' '--enable-strict-dependencies' '--without-rlm_attr_filter' '--without-rlm_digest' '--without-rlm_expr' '--without-rlm_krb5' '--without-rlm_pam' '--without-rlm_preprocess' '--without-rlm_sim_files' '--without-rlm_unix' '--without-rlm_cram' '--without-rlm_fastusers' '--without-rlm_python' '--without-rlm_smb' '--without-rlm_x99_token' '--without-rlm_acct_unique' '--without-rlm_example' '--without-rlm_passwd' '--without-rlm_radutmp' '--without-rlm_sql' '--without-rlm_always' '--without-rlm_checkval' '--without-rlm_detail' '--without-rlm_exec' '--without-rlm_ippool' '--without-rlm_dbm' '--without-rlm_ns_mta_md5' '--without-rlm_perl' '--without-rlm_realm' '--without-rlm_sqlcounter' '--without-threads' '--without-rlm_eap_ikev2' '--without-rlm_eap_tnc' '--localstatedir=/var' '--sysconfdir=/etc' '--with-logdir=/var/radius' '--without-snmp' 'build_alias=i686-pc-linux-gnu' 'host_alias=mips-xlr-linux-gnu' 'target_alias=mips-xlr-linux-gnu' 'CC=/opt/wios/gcc-4.2.2-glibc-2.7-p2/mips-xlr-linux-gnu/bin/mips-xlr-linux-gnu-gcc' checking for mips-xlr-linux-gnu-gcc... /opt/wios/gcc-4.2.2-glibc-2.7-p2/mips-xlr-linux-gnu/bin/mips-xlr-linux-gnu-gcc checking for C compiler default output file name... a.out checking whether the C compiler works... yes checking whether we are cross compiling... yes checking for suffix of executables... checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether /opt/wios/gcc-4.2.2-glibc-2.7-p2/mips-xlr-linux-gnu/bin/mips-xlr-linux-gnu-gcc accepts -g... yes checking for /opt/wios/gcc-4.2.2-glibc-2.7-p2/mips-xlr-linux-gnu/bin/mips-xlr-linux-gnu-gcc option to accept ANSI C... none needed checking how to run the C preprocessor... /opt/wios/gcc-4.2.2-glibc-2.7-p2/mips-xlr-linux-gnu/bin/mips-xlr-linux-gnu-cpp checking for gdbm.h... no checking for gdbm_open in -lgdbm... no checking for gdbm_fdesc... no configure: error: set --without-rlm_counter to disable it explicitly. configure: error: ./configure failed for src/modules/rlm_counter But the gdbm.h is present in /usr/include then why is it not finding. wat to do? Thanks & Regards, Kachin Add whatever you love to the Yahoo! India homepage. Try now! http://in.yahoo.com/trynew- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cannot upgade to 2.1.7
Hi, Here is the complete build : freeradius-server-2.1.7.tar.bz2 configure: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoc...@gnu.org. configure: WARNING: pcap library not found, silently disabling the RADIUS sniffer. config.status: WARNING: ./Make.inc.in seems to ignore the --datarootdir setting config.status: WARNING: ./src/include/build-radpaths-h.in seems to ignore the --datarootdir setting configure: WARNING: In the future, Autoconf will not detect cross-tools whose name does not start with the host triplet. If you think this configuration is useful to you, please write to autoc...@gnu.org. configure: error: set --without-rlm_counter to disable it explicitly. configure: error: ./configure failed for src/modules/rlm_counter make: *** [/*/*/*/*/*//freeradius-server-2.1.7/src/main/radiusd] Error 1 if i remove this rlm_counter , it shows an error in rlm_eap_peap. wat to do?? --- On Mon, 9/11/09, kachin Agarwal wrote: From: kachin Agarwal Subject: Cannot upgade to 2.1.7 To: freeradius-users@lists.freeradius.org Date: Monday, 9 November, 2009, 10:13 PM Hi, Ya i need the rlm_counter module. so how can i rectify it..? plz give me a solution.. Thanks & Regards, Kachin --- On Mon, 9/11/09, kachin Agarwal wrote: From: kachin Agarwal Subject: Cannot upgade to 2.1.7 To: freeradius-users@lists.freeradius.org Date: Monday, 9 November, 2009, 6:00 PM Hi, I m trying to upgrade the freeradius server to 2.1.7. But when i build i get the following error : configure: error: set --without-rlm_counter to disable it explicitly. configure: error: ./configure failed for src/modules/rlm_counter make: *** [*/*/*/*/*/*/*/radius/freeradius-server-2.1.7/src/main/radiusd] Error 1 How can i rectify this??? Thanx & Regards, Kachin The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. Connect more, do more and share more with Yahoo! India Mail. Learn more. Connect more, do more and share more with Yahoo! India Mail. Learn more. http://in.overview.mail.yahoo.com/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cannot upgade to 2.1.7
Hi, Ya i need the rlm_counter module. so how can i rectify it..? plz give me a solution.. Thanks & Regards, Kachin --- On Mon, 9/11/09, kachin Agarwal wrote: From: kachin Agarwal Subject: Cannot upgade to 2.1.7 To: freeradius-users@lists.freeradius.org Date: Monday, 9 November, 2009, 6:00 PM Hi, I m trying to upgrade the freeradius server to 2.1.7. But when i build i get the following error : configure: error: set --without-rlm_counter to disable it explicitly. configure: error: ./configure failed for src/modules/rlm_counter make: *** [*/*/*/*/*/*/*/radius/freeradius-server-2.1.7/src/main/radiusd] Error 1 How can i rectify this??? Thanx & Regards, Kachin The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cannot upgade to 2.1.7
Hi, I m trying to upgrade the freeradius server to 2.1.7. But when i build i get the following error : configure: error: set --without-rlm_counter to disable it explicitly. configure: error: ./configure failed for src/modules/rlm_counter make: *** [*/*/*/*/*/*/*/radius/freeradius-server-2.1.7/src/main/radiusd] Error 1 How can i rectify this??? Thanx & Regards, Kachin Add whatever you love to the Yahoo! India homepage. Try now! http://in.yahoo.com/trynew- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
cannot upgrade 2.1.6 to 2.1.7
Hi, If i dont ve pthread.h in my system.. then how did the 2.1.6 build work.? but i remove the line callback=wait_for_child_to_die; there is no error. can i remove this line and build or is there any other solution to fix it Thanx & Regards, kachin Keep up with people you care about with Yahoo! India Mail. Learn how. http://in.overview.mail.yahoo.com/connectmore- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
cannot upgrade 2.1.6 to 2.1.7
Hi, i m trying to upgrade my radius server from 2.1.6 to 2.1.7 but when ever i try to make the build i m getting the following error xlat.c:548: warning: passing argument 3 of 'xlat_register' discards qualifiers from pointer target type xlat.c:557: warning: passing argument 3 of 'xlat_register' discards qualifiers from pointer target type xlat.c:569: warning: passing argument 3 of 'xlat_register' discards qualifiers from pointer target type xlat.c:577: warning: passing argument 3 of 'xlat_register' discards qualifiers from pointer target type xlat.c:582: warning: passing argument 3 of 'xlat_register' discards qualifiers from pointer target type event.c: In function 'wait_a_bit': event.c:1166: warning: implicit declaration of function 'pthread_equal' event.c:1177: error: 'wait_for_child_to_die' undeclared (first use in this function) event.c:1177: error: (Each undeclared identifier is reported only once event.c:1177: error: for each function it appears in.) event.c: In function 'radius_event_init': event.c:3441: warning: unused variable 'attr' make[5]: *** [event.lo] Error 1 make[4]: *** [common] Error 2 make[3]: *** [all] Error 2 make[2]: *** [common] Error 2 make[1]: *** [all] Error 2 make: *** [*/*/*/*/*/*/freeradius-server-2.1.7/src/main/radiusd] Error 2 plz help me. where should i declare it?? Thanx & Regards, Kachin Try the new Yahoo! India Homepage. Click here. http://in.yahoo.com/trynew- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Improving Auth-Rate
Hi, I m trying to improve the auth rate. the auth-rate i m getting now is 3 i.e number of mobile units that can authenticate per minute is 3. So how can i increase it to 5 or something? Which part of the code should i focus on? Thanx From cricket scores to your friends. Try the Yahoo! India Homepage! Try the new Yahoo! India Homepage. Click here. http://in.yahoo.com/trynew- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Improving Auth-Rate..
hi, If i want to improve the auth-rate which part of the code should i focus on? Keep up with people you care about with Yahoo! India Mail. Learn how. http://in.overview.mail.yahoo.com/connectmore- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cannot upgrade 2.1.4 to 2.1.6
m trying to upgrade freeradius-server from 2.1.4 to 2.1.6. i ve created some patches and applied it. but while compiling, it patches all the files and then gives me an error as below : /opt/wios/gcc-4.2.2-glibc-2.7- p2/mips-xlr-linux-gnu/lib/gcc/ mips-xlr-linux-gnu/4.2.2/../.. /../../mips-xlr-linux-gnu/bin/ ld: warning: libfreeradius-radius-2.1.6.so, needed by libeap/.libs/libfreeradius- eap.so, not found (try using -rpath or -rpath-link) collect2: ld returned 1 exit status make[7]: *** [radeapclient] Error 1 make[6]: *** [common] Error 2 make[5]: *** [all] Error 2 make[4]: *** [common] Error 2 make[3]: *** [all] Error 2 make[2]: *** [common] Error 2 make[1]: *** [all] Error 2 make: *** [*/*/*/*/*/freeradius-server- 2.1.6/src/main/radiusd] Error 2 i think it fails to link plz give me a solution to this problem. From cricket scores to your friends. Try the Yahoo! India Homepage! http://in.yahoo.com/trynew- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html