Re: FAQ and Wiki down?
Alexander Clouter wrote: > Sometimes hostmaster@ should receive some pain for misconfiguration: ... > a...@chipmunk:~$ host -t NS freeradius.org ns3.freeradius.org > ;; connection timed out; no servers could be reached That's been down for a while... > a...@chipmunk:~$ host -t NS freeradius.org ns6.freeradius.org > ;; connection timed out; no servers could be reached That should not have been down. It got rebooted, and powerdns didn't come back up. > a...@chipmunk:~$ host -t NS freeradius.org ns5.freeradius.org > Using domain server: > Name: ns5.freeradius.org > Address: 88.191.76.128#53 That's the one I monitor continuously. > For some reason freeradius has three NS servers being spat out by the > .org TLD authority boxen, you ask the *only* responding authority server > for freeradius.org and it comes back that there are only two authoritative > servers for the zone. :) Yes, well... > If this is a recent breakage, it's possible either ns3 or ns6 gave back > something interesting (NXDOMAIN for example) which have be cached by > your resolver just before it completely went down. > > Either way, freeradius.org probably could do with more than one > authoritive DNS server :) It should have two. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FAQ and Wiki down?
"Sallee, Stephen (Jake)" wrote: > > I feel your pain, we have the same thing happen form time to time. > Check with your ISP, when it happens to us it is usually their DNS > server caching and old entry or a bad statement in one of their routers. > Sometimes hostmaster@ should receive some pain for misconfiguration: a...@chipmunk:~$ dig +trace NS freeradius.org [snipped] freeradius.org. 86400 IN NS ns3.freeradius.org. freeradius.org. 86400 IN NS ns5.freeradius.org. freeradius.org. 86400 IN NS ns6.freeradius.org. ;; Received 134 bytes from 2001:500:48::1#53(b2.org.afilias-nst.org) in 103 ms [snipped] a...@chipmunk:~$ host -t NS freeradius.org ns3.freeradius.org ;; connection timed out; no servers could be reached a...@chipmunk:~$ host -t NS freeradius.org ns6.freeradius.org ;; connection timed out; no servers could be reached a...@chipmunk:~$ host -t NS freeradius.org ns5.freeradius.org Using domain server: Name: ns5.freeradius.org Address: 88.191.76.128#53 Aliases: freeradius.org name server ns6.freeradius.org. freeradius.org name server ns5.freeradius.org. For some reason freeradius has three NS servers being spat out by the .org TLD authority boxen, you ask the *only* responding authority server for freeradius.org and it comes back that there are only two authoritative servers for the zone. :) If this is a recent breakage, it's possible either ns3 or ns6 gave back something interesting (NXDOMAIN for example) which have be cached by your resolver just before it completely went down. Either way, freeradius.org probably could do with more than one authoritive DNS server :) Cheers -- Alexander Clouter .sigmonster says: People are unconditionally guaranteed to be full of defects. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FAQ and Wiki down?
Hi, >For past two days, I can't reach to these 2 tabs: FAQ and Wiki. All the >others are good. > >[1]http://wiki.freeradius.org/index.php/FAQ >[2]http://wiki.freeradius.org/ > >I thought it was my issue, but my internet is good, no proxy, tried with >IE and Firefox, it does seem to me that wiki site is down. Thought should >report. handy link: http://downforeveryoneorjustme.com/ alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FAQ and Wiki down?
On 2010/10/29 04:43 PM, Mark Holmes wrote: Works for me also IE sometimes doesn't work if the website does not start with www. You then need to explicitly specify http:// Try adding http:// in front of wiki.freeradius.org -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FAQ and Wiki down?
I feel your pain, we have the same thing happen form time to time. Check with your ISP, when it happens to us it is usually their DNS server caching and old entry or a bad statement in one of their routers. Good luck! Jake Sallee Godfather Of Bandwidth Network Engineer Fone: 254-295-4658 Phax: 254-295-4221 From: freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org [mailto:freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.o rg] On Behalf Of David Jea Sent: Friday, October 29, 2010 9:51 AM To: Mark Holmes Cc: FreeRadius users mailing list Subject: Re: FAQ and Wiki down? Thanks all. It is my end's problem. My home computer & network work fine, but my company's network somehow cannot find wiki.freeradius.org. Still puzzled to me, but out of scope of this mailing list. Thanks, David On Fri, Oct 29, 2010 at 7:43 AM, Mark Holmes wrote: Works for me also -Original Message- From: freeradius-users-bounces+mark.holmes=nuffield.ox.ac...@lists.freeradius. org [mailto:freeradius-users-bounces+mark.holmes <mailto:freeradius-users-bounces%2Bmark.holmes> =nuffield.ox.ac...@lists.freeradius.org] On Behalf Of Marinko Tarlac Sent: 29 October 2010 15:40 To: dcjea...@gmail.com; FreeRadius users mailing list Subject: Re: FAQ and Wiki down? Works fine for me... On 10/29/2010 4:33 PM, David Jea wrote: > Hi, > > For past two days, I can't reach to these 2 tabs: FAQ and Wiki. All > the others are good. > > http://wiki.freeradius.org/index.php/FAQ > http://wiki.freeradius.org/ > > I thought it was my issue, but my internet is good, no proxy, tried > with IE and Firefox, it does seem to me that wiki site is down. > Thought should report. > > Thanks, > David > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FAQ and Wiki down?
Thanks all. It is my end's problem. My home computer & network work fine, but my company's network somehow cannot find wiki.freeradius.org. Still puzzled to me, but out of scope of this mailing list. Thanks, David On Fri, Oct 29, 2010 at 7:43 AM, Mark Holmes wrote: > Works for me also > > -Original Message- > From: freeradius-users-bounces+mark.holmes=nuffield.ox.ac.uk@ > lists.freeradius.org > [mailto:freeradius-users-bounces+mark.holmes > =nuffield.ox.ac...@lists.freeradius.org] On Behalf Of Marinko Tarlac > Sent: 29 October 2010 15:40 > To: dcjea...@gmail.com; FreeRadius users mailing list > Subject: Re: FAQ and Wiki down? > > Works fine for me... > > On 10/29/2010 4:33 PM, David Jea wrote: > > Hi, > > > > For past two days, I can't reach to these 2 tabs: FAQ and Wiki. All > > the others are good. > > > > http://wiki.freeradius.org/index.php/FAQ > > http://wiki.freeradius.org/ > > > > I thought it was my issue, but my internet is good, no proxy, tried > > with IE and Firefox, it does seem to me that wiki site is down. > > Thought should report. > > > > Thanks, > > David > > > > > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FAQ and Wiki down?
Works for me also -Original Message- From: freeradius-users-bounces+mark.holmes=nuffield.ox.ac...@lists.freeradius.org [mailto:freeradius-users-bounces+mark.holmes=nuffield.ox.ac...@lists.freeradius.org] On Behalf Of Marinko Tarlac Sent: 29 October 2010 15:40 To: dcjea...@gmail.com; FreeRadius users mailing list Subject: Re: FAQ and Wiki down? Works fine for me... On 10/29/2010 4:33 PM, David Jea wrote: > Hi, > > For past two days, I can't reach to these 2 tabs: FAQ and Wiki. All > the others are good. > > http://wiki.freeradius.org/index.php/FAQ > http://wiki.freeradius.org/ > > I thought it was my issue, but my internet is good, no proxy, tried > with IE and Firefox, it does seem to me that wiki site is down. > Thought should report. > > Thanks, > David > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FAQ and Wiki down?
On 10/29/2010 10:33 AM, David Jea wrote: Hi, For past two days, I can't reach to these 2 tabs: FAQ and Wiki. All the others are good. http://wiki.freeradius.org/index.php/FAQ http://wiki.freeradius.org/ I thought it was my issue, but my internet is good, no proxy, tried with IE and Firefox, it does seem to me that wiki site is down. Thought should report. Must be at your end, both are fine for me. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FAQ and Wiki down?
Works fine for me... On 10/29/2010 4:33 PM, David Jea wrote: Hi, For past two days, I can't reach to these 2 tabs: FAQ and Wiki. All the others are good. http://wiki.freeradius.org/index.php/FAQ http://wiki.freeradius.org/ I thought it was my issue, but my internet is good, no proxy, tried with IE and Firefox, it does seem to me that wiki site is down. Thought should report. Thanks, David - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FAQ and Wiki down?
Hi, For past two days, I can't reach to these 2 tabs: FAQ and Wiki. All the others are good. http://wiki.freeradius.org/index.php/FAQ http://wiki.freeradius.org/ I thought it was my issue, but my internet is good, no proxy, tried with IE and Firefox, it does seem to me that wiki site is down. Thought should report. Thanks, David - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FAQ
Thanks to whoever fixed the FAQ! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Can FAQ 6.10 please be fixed?
On Thu 08 Nov 2007, Alan DeKok wrote: > > I tried. 'Create Account' just gives me a login screen with no way to > > to create an account. Am I missing something? > > No idea. Peter Nixon runs that server, so email him. I had to disable account creation due to spammers automatically creating large numbers of accounts with scripts. Mail me with a preferred username and I will set one up for you. (As can Alan and several other of the wiki admins on this list) Cheers -- Peter Nixon http://peternixon.net/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Can FAQ 6.10 please be fixed?
Jens Dreger wrote: > Ok, maybe i should rephrase my question: I'm not so much interested in > the HUP part, but the check-config part. I'm perfectly happy with > stopping and starting the radius-server IF I can make sure it will > succeed with the new config. It is easy to do a bad job of that. It is very difficult to do a *good* job. > I'm only changing the users file and > have no database connections at all so this should be doable. A tool > like radiusd-chkconfig (like bind offers) would probably be the right > thing. Yes. > ...or hit a used port by accident. This script is just no elegant > solution. I guess I'll just have to keep two servers running on > different IPs and check if the test-server crashes with the new users > file before restarting the main server. I'll see what I can do. But it will be in CVS head (i.e. 2.0), and not in 1.1.x. >>> I tried to change the Wiki entry but apparently I don't have permission >>> to do so. >> Sign up for an account. It's not open because of the massive volume >> of spammers who were attacking it. > > I tried. 'Create Account' just gives me a login screen with no way to > to create an account. Am I missing something? No idea. Peter Nixon runs that server, so email him. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Can FAQ 6.10 please be fixed?
On Thu, Nov 08, 2007 at 11:24:36AM +0100, Alan DeKok wrote: > Jens Dreger wrote: > > is simply no longer true. Checked the source: that option is gone. I > > really really think that option should be there, though. > > It's not only hard to do, it can cause problems. > > i.e. opening *double* the connections to your SQL server. That may be > an issue. > > > I know there > > is a shell script that starts a second server on a different port and > > waits to see if it starts successfully. But that's also broken since > > the -p Option doesn't seem to work in all cases: > > In CVS head and in 1.1.x, you need to do '-i' and '-p' together. > > > Also, that approach is somewhat ridiculous considered the importance > > of the radius server in our case. > > Yes. But please understand that this is *not* apache. FreeRADIUS has > 1% (or less) of the resources that the apache team has. And, the > integration between RADIUS and databases is *much* stronger and more > important than Apache. > > i.e. Apache can handle HUP && reload it's configuration because it > doesn't *do* anything. It doesn't cache connections. It doesn't > maintain a large number of connections to databases, etc. It can afford > to start up a completely brand new instance of itself from scratch, > because there are almost no side-effects to doing so. > > In contrast, FreeRADIUS has to keep packet caches. It usually has > large numbers of connections to database, etc. Ok, maybe i should rephrase my question: I'm not so much interested in the HUP part, but the check-config part. I'm perfectly happy with stopping and starting the radius-server IF I can make sure it will succeed with the new config. I'm only changing the users file and have no database connections at all so this should be doable. A tool like radiusd-chkconfig (like bind offers) would probably be the right thing. I understand however that in a more complicated setup HUPs might be problematic. > You can update the script to add "-i 127.0.0.1" to it. After that it > *should* work, so long as you don't have limits on the number of > database connections, etc. ...or hit a used port by accident. This script is just no elegant solution. I guess I'll just have to keep two servers running on different IPs and check if the test-server crashes with the new users file before restarting the main server. > > I tried to change the Wiki entry but apparently I don't have permission > > to do so. > > Sign up for an account. It's not open because of the massive volume > of spammers who were attacking it. I tried. 'Create Account' just gives me a login screen with no way to to create an account. Am I missing something? Regards, Jens. -- Jens Dreger Freie Universitaet Berlin [EMAIL PROTECTED] Fachbereich Physik - ZEDV Tel: +49 30 83854774 Arnimallee 14 Fax: +49 30 83855902 14195 Berlin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Can FAQ 6.10 please be fixed?
Jens Dreger wrote: > is simply no longer true. Checked the source: that option is gone. I > really really think that option should be there, though. It's not only hard to do, it can cause problems. i.e. opening *double* the connections to your SQL server. That may be an issue. > I know there > is a shell script that starts a second server on a different port and > waits to see if it starts successfully. But that's also broken since > the -p Option doesn't seem to work in all cases: In CVS head and in 1.1.x, you need to do '-i' and '-p' together. > Also, that approach is somewhat ridiculous considered the importance > of the radius server in our case. Yes. But please understand that this is *not* apache. FreeRADIUS has 1% (or less) of the resources that the apache team has. And, the integration between RADIUS and databases is *much* stronger and more important than Apache. i.e. Apache can handle HUP && reload it's configuration because it doesn't *do* anything. It doesn't cache connections. It doesn't maintain a large number of connections to databases, etc. It can afford to start up a completely brand new instance of itself from scratch, because there are almost no side-effects to doing so. In contrast, FreeRADIUS has to keep packet caches. It usually has large numbers of connections to database, etc. You can update the script to add "-i 127.0.0.1" to it. After that it *should* work, so long as you don't have limits on the number of database connections, etc. > I tried to change the Wiki entry but apparently I don't have permission > to do so. Sign up for an account. It's not open because of the massive volume of spammers who were attacking it. > Can someone with write access to the Wiki please remove that > entry (or better, add the -C option back to freeradius ;) As always, patches are welcome. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Can FAQ 6.10 please be fixed?
Hi, > > http://wiki.freeradius.org/index.php/FAQ#How_do_I_check_the_configuration_before_sending_a_HUP_to_the_server.3F well, any talking of HUP'ing right now is bad joojoo. I've just checked and you can do something like radiusd -X -p 1890 -i 127.0.0.1 which will work fine - perhaps we should cook up another method of checking the config is sane - using this sort of method for now. several people have requested a 'check the config' option - a new version of the -C option - i'm not sure what exact state the parser is in...or if it would be easier to use another utility - eg radiusd-chkconfig - which is solely primed for running through the config files and checking it all works but then not firing up - it just gives an exit code. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Can FAQ 6.10 please be fixed?
Hi!
It took me a while to figure out that FAQ 6.10:
http://wiki.freeradius.org/index.php/FAQ#How_do_I_check_the_configuration_before_sending_a_HUP_to_the_server.3F
is simply no longer true. Checked the source: that option is gone. I
really really think that option should be there, though. I know there
is a shell script that starts a second server on a different port and
waits to see if it starts successfully. But that's also broken since
the -p Option doesn't seem to work in all cases:
~> strace -e bind freeradius -X -p 32768 2>&1 | grep port
main: port = 1812
listen: port = 0
bind(3, {sa_family=AF_INET, sin_port=htons(1812), <
sin_addr=inet_addr("130.133.100.66")}, 16) = -1 EADDRINUSE (Address
already in use)
/etc/freeradius/radiusd.conf[228]: Error binding to port for
130.133.100.66:1812
Also, that approach is somewhat ridiculous considered the importance
of the radius server in our case.
I tried to change the Wiki entry but apparently I don't have permission
to do so. Can someone with write access to the Wiki please remove that
entry (or better, add the -C option back to freeradius ;)
Thanks,
Jens.
--
Jens Dreger Freie Universitaet Berlin
[EMAIL PROTECTED] Fachbereich Physik - ZEDV
Tel: +49 30 83854774 Arnimallee 14
Fax: +49 30 83855902 14195 Berlin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FAQ question
And as me and a co-worker read through the FAQ again he points something out to me that we both raised our eyebrows at the last line... might (i'm hoping) need an update. 2.1 Is there a WWW site set up for FreeRADIUS information? Yes, the FreeRADIUS Server WWW site is at http://www.freeradius.org/ It contains the new server, documentation, and additional RADIUS programs. Note that this server is NOT ready for public use. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error: "SSL_new in -lssl...no" - went thru the docs and faq and google already before posting....
"Mitchell, Michael J" <[EMAIL PROTECTED]> wrote: > Do we have an ETA for 1.1.0? Before June, I hope. I still have to commit fixes to upgrade libltdl & the configure scripts. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Error: "SSL_new in -lssl...no" - went thru the docs and faq and google already before posting....
Thanks Paul, Do we have an ETA for 1.1.0? I'd be happy to do a bit of testing of configure scripts, etc, on Solaris 9 if you need someone... Regards, Mike > >I'm happy to look at patches for 1.0.2 (everyone's talking >about 1.0.1 here, I'm not taking patches for _that_) to fix >this, unless we already did so between 1.0.1 and 1.0.2. But >unless they're obviously safe, I'll need a hand testing them >on various interesting implementations to be sure everything >still works no worse than 1.0.2. And if we're lucky, there >won't be a pressing need for 1.0.3 before 1.1.0 ships. > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error: "SSL_new in -lssl...no" - went thru the docs and faq and google already before posting....
Michael Mitchell <[EMAIL PROTECTED]> wrote: > Oh, and I'm sure Alan wouldn't say "no" to patches if you already have > some fixes... ;-) The configure scripts in CVS have all of the SSL checks centralized in one place, so any fixes become much easier. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error: "SSL_new in -lssl...no" - went thru the docs and faq and google already before posting....
On Mon, Feb 28, 2005 at 12:05:33AM +1100, Michael Mitchell wrote: > Thanks for the reply Stefan, > I haven't tried linking freeRADIUS with static libraries yet, and I must > admit I missed the "--disable-shared" in J.Ho's email. Well picked up... > I'm guessing the problem stems from this part of the configure.in > script, where it's checking for DH_new in -lcrypto prior to testing for > SSL_new in -lssl: > # Look for the OpenSSL libraries. >smart_try_dir=$OPENSSL_LIB_DIR >FR_SMART_CHECK_LIB(crypto, DH_new) >if test "x$ac_cv_lib_crypto_DH_new" = "xyes"; then It passes this OK. > FR_SMART_CHECK_LIB(ssl, SSL_new) > if test "x$ac_cv_lib_ssl_SSL_new" = "xyes"; then and barfs on this. > and, with this, you can just tell things are going to be messy: > OPENSSL_LIBS="$OPENSSL_LIBS -lcrypto -lssl -lcrypto" That's needed because the linker doesn't try to back-resolve dependancies, and OpenSSL's static libraries are interdependant or something. The config.logs will prove more enlightening. > ;-) > If I get some time (schedule is tight at the moment!) I'll have a play > around with it to see if things can be improved, even just for my own > curiosity and learning how these things work! I've got issues with the > rlm_ldap configure script also that I'd like to finally sort out. I also > build on Solaris 9, so maybe we can get some of these issues that seem > to affect Solaris more than other systems sorted out... > I'm all for trying to make life easier for future upgrades! Keep in mind that the configure scripts have been upgraded to 2.57 in CVS HEAD, which will be 1.1.0 sooner or later (hopefully sooner ^_^) and this may already be fixed in CVS head. > Oh, and I'm sure Alan wouldn't say "no" to patches if you already have > some fixes... ;-) I'm happy to look at patches for 1.0.2 (everyone's talking about 1.0.1 here, I'm not taking patches for _that_) to fix this, unless we already did so between 1.0.1 and 1.0.2. But unless they're obviously safe, I'll need a hand testing them on various interesting implementations to be sure everything still works no worse than 1.0.2. And if we're lucky, there won't be a pressing need for 1.0.3 before 1.1.0 ships. -- Paul "TBBle" Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error: "SSL_new in -lssl...no" - went thru the docs and faq and
Hi, > I haven't tried linking freeRADIUS with static libraries yet, and I must > admit I missed the "--disable-shared" in J.Ho's email. Well picked up... Actually, I meant to refer to the static OpenSSL libs used, not to the --disable-shared ... > I'm guessing the problem stems from this part of the configure.in > script, where it's checking for DH_new in -lcrypto prior to testing for > SSL_new in -lssl: But I don't really think inverting that order is going to help as trying to link -lssl without -lcrypto is still going to fail... > # Look for the OpenSSL libraries. >smart_try_dir=$OPENSSL_LIB_DIR >FR_SMART_CHECK_LIB(crypto, DH_new) >if test "x$ac_cv_lib_crypto_DH_new" = "xyes"; then > FR_SMART_CHECK_LIB(ssl, SSL_new) > if test "x$ac_cv_lib_ssl_SSL_new" = "xyes"; then .. so I fear some change to FR_SMART_CHECK_LIB macro migth be needed... > and, with this, you can just tell things are going to be messy: > > OPENSSL_LIBS="$OPENSSL_LIBS -lcrypto -lssl -lcrypto" Oops, I didn't see that yet. That looks like it ought to fix whatever problem, unless it's only happening _after_ the (failing) check for ssl library. > If I get some time (schedule is tight at the moment!) Same problem here. I'm going on holiday on wednesday and there's too much I want to finish before that ... :-( > Oh, and I'm sure Alan wouldn't say "no" to patches if you already have > some fixes... ;-) Actually, so far I mainly focussed on working around the problem(s), patching configure scripts is something where I don't really feel comfortable... Regards, Stefan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error: "SSL_new in -lssl...no" - went thru the docs and faq and google already before posting....
Thanks for the reply Stefan, I haven't tried linking freeRADIUS with static libraries yet, and I must admit I missed the "--disable-shared" in J.Ho's email. Well picked up... I'm guessing the problem stems from this part of the configure.in script, where it's checking for DH_new in -lcrypto prior to testing for SSL_new in -lssl: # Look for the OpenSSL libraries. smart_try_dir=$OPENSSL_LIB_DIR FR_SMART_CHECK_LIB(crypto, DH_new) if test "x$ac_cv_lib_crypto_DH_new" = "xyes"; then FR_SMART_CHECK_LIB(ssl, SSL_new) if test "x$ac_cv_lib_ssl_SSL_new" = "xyes"; then and, with this, you can just tell things are going to be messy: OPENSSL_LIBS="$OPENSSL_LIBS -lcrypto -lssl -lcrypto" ;-) If I get some time (schedule is tight at the moment!) I'll have a play around with it to see if things can be improved, even just for my own curiosity and learning how these things work! I've got issues with the rlm_ldap configure script also that I'd like to finally sort out. I also build on Solaris 9, so maybe we can get some of these issues that seem to affect Solaris more than other systems sorted out... I'm all for trying to make life easier for future upgrades! Oh, and I'm sure Alan wouldn't say "no" to patches if you already have some fixes... ;-) regards, Mike [EMAIL PROTECTED] wrote: Michael Mitchell schrieb: I've found a few issues with the configure scripts in the past where things weren't quite right, but they've mostly been related to Solaris. Actually, I think, this issue really is not about Solaris (although that's where it's notoriously encountered [e.g. by myself] for some reason), but about using static libraries (where link order is more relevant than with shared libraries). If that could be fixed (by passing the libs in the right order ["-lssl -lcrypto" instead of vice versa]) that would have the additional benefit to enable you to recommend to use static OpenSSL libs if a newer version is required for FreeRadius than is currently available on that system, thus eliminating the nasty surprises of getting linked to wrong shared objects at runtime. Regards, Stefan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error: "SSL_new in -lssl...no" - went thru the docs and faq and google already before posting....
Michael Mitchell schrieb: > > I've found a few issues with the configure scripts in the > past where > things weren't quite right, but they've mostly been > related to Solaris. Actually, I think, this issue really is not about Solaris (although that's where it's notoriously encountered [e.g. by myself] for some reason), but about using static libraries (where link order is more relevant than with shared libraries). If that could be fixed (by passing the libs in the right order ["-lssl -lcrypto" instead of vice versa]) that would have the additional benefit to enable you to recommend to use static OpenSSL libs if a newer version is required for FreeRadius than is currently available on that system, thus eliminating the nasty surprises of getting linked to wrong shared objects at runtime. Regards, Stefan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error: "SSL_new in -lssl...no" - went thru the docs and faq and google already before posting....
ThinkSECURE - Security Starts Here. schrieb:
> checking for openssl/ssl/h...yes
> checking for DH_new in -lcrypto...yes
> checking for SSL_new in -lssl...no
Yes, configure is appending libraries in the wrong order for its
test compilations ("-lcrypto -lssl" instead of "-lssl -lcrypto").
While this is apparently no problem for shared libraries on most
platforms it breaks when using static libs
> ./configure --prefix=/usr/local/radius --with-openssl-
> includes=/usr/local/openssl/include/ --with-openssl-
> libraries=/usr/local/openssl/lib/ --disable-shared
Try (in a single line):
LIBS=-L/usr/local/openssl/lib -lssl -lcrypto"
./configure --prefix=/usr/local/radius --with-openssl-
includes=/usr/local/openssl/include/ --disable-shared
That should work around the configure bug explained
above.
> the FR archives and Googling for
> the answers to no avail.
If you search for build problems on Solaris, you'll
find a (couple of) reference(s) to this problems in
the mailing list archive ...
Admitted, that's not really obvious...
Regards,
Stefan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error: "SSL_new in -lssl...no" - went thru the docs and faq and google already before posting....
Hi J.Ho, Take a look in config.log. If you're familar with compilers, etc, it will tell you what the compiler was attempting to do when it failed that step (essentially it should be looping through a list of directories - including the one you specified - passing each one as a -L argument to the compiler until the command succeeds). From there you can better determine where the problem lies. I've found a few issues with the configure scripts in the past where things weren't quite right, but they've mostly been related to Solaris. regards, Mike ThinkSECURE - Security Starts Here. wrote: Hi Everyone, I am installing FreeRADIUS for the very first time (the plug on the website looked good heh) and have run into a problem that i couldn't find an answer for over the last 3 days. Hoping someone can help me out here... During the ./configure for FreeRADIUS 1.0.1, i got the following errors during module config: checking for openssl/ssl/h...yes checking for DH_new in -lcrypto...yes checking for SSL_new in -lssl...no checking for openssl/err.h...(cached) yes checking for openssl/engine.h...(cached) yes configure: warning: silently not building rlm_eap_tls. configure: warning: FAILURE: rlm_eap_sim requires: libssl. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Error: "SSL_new in -lssl...no" - went thru the docs and faq and google already before posting....
Hi Everyone, I am installing FreeRADIUS for the very first time (the plug on the website looked good heh) and have run into a problem that i couldn't find an answer for over the last 3 days. Hoping someone can help me out here... During the ./configure for FreeRADIUS 1.0.1, i got the following errors during module config: checking for openssl/ssl/h...yes checking for DH_new in -lcrypto...yes checking for SSL_new in -lssl...no checking for openssl/err.h...(cached) yes checking for openssl/engine.h...(cached) yes configure: warning: silently not building rlm_eap_tls. configure: warning: FAILURE: rlm_eap_sim requires: libssl. It fails for all the modules, i.e. rlm_eap_tls, rlm_eap_peap, rlm_eap_sim, etc. All the .h files, i.e. err.h, crypto.h, rand.h and engine.h are found in the earlier part of the configure, OpenSSL version listed as 0.9.7 and DH_new is detected. Also, locate libssl shows the following: /usr/lib/libssl.so.0.9.7 /usr/lib/libssl3.so /usr/lib/apache-extramodules/libssl.so /usr/local/openssl/lib/libssl.a /usr/local/openssl/openssl-0.9.7e/libssl.a I am running Mandrake10.1 with openssl0.9.7e tarball-extracted to /usr/local/openssl. The command used to compile openssl was (entered in a single line): ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl no-shared The command used to compile freeradius was (entered in a single line): ./configure --prefix=/usr/local/radius --with-openssl- includes=/usr/local/openssl/include/ --with-openssl- libraries=/usr/local/openssl/lib/ --disable-shared The error is coming from the "SSL_new in -lssl" not being detected. However, i have expressly pointed to the openssl/lib path as shown above under the freeradius configure so i do not know why it isn't being picked up. Could anyone tell me why and how to resolve this? I have spent the last 3 days looking at docs, FAQs, the FR archives and Googling for the answers to no avail. Closest i got was the post from Tom Rixon ( http://lists.freeradius.org/archives/freeradius- users/2004/03/frm00022.html ) but it only answered his problem on the .h side and not the "SSL_new in -lssl...no" part (or maybe i have overlooked the answer hidden inside the thread :P) Thanks in advance for any assistance rendered! I am at a dead end here and need some fresh perspective... :( Thanks for your help! J.Ho - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] Re: Dialup admin FAQ and question for Kostas
- Original Message -
From: "Stuart Harris" <[EMAIL PROTECTED]>
To:
Sent: Sunday, January 02, 2005 10:07 AM
Subject: RE: [radius] Re: Dialup admin FAQ and question for Kostas
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Nick Marino
Sent: 02 January 2005 15:03
To: freeradius-users@lists.freeradius.org
Subject: Re: [radius] Re: Dialup admin FAQ and question for Kostas
- Original Message -
From: "Kostas Kalevras" <[EMAIL PROTECTED]>
To:
Sent: Sunday, January 02, 2005 6:50 AM
Subject: [radius] Re: Dialup admin FAQ and question for Kostas
> On Sun, 2 Jan 2005, Nick Marino wrote:
>
>> Where is the lastest version of the dialup admin faq located?
>
> cvs:dialup_admin/doc
>
>>
>> And what would cause the Find User function to only return
10 in the list
>> no matter what you
>> set MAX RESULTS for in the form?
>
> You 're probably using spaces in the max results number. If
the number is
> not numeric, it will be set automatically to 10. It works
just fine here.
>
Nope no spaces in the max result,
Appearntly it is failing this test in find.php3 in the lib folder:
$link = @da_sql_pconnect($config);
if ($link){
$search = da_sql_escape_string($search);
if (!is_int($max_results))
$max_results = 10;
What makes $link true?
This is a guess, but when da_sql_pconnect is being called because of the @
it's not throwing out it's error, thus causing da_sql_pconnect to return
false, making $link false :)
it's probably no the best idea to use is_int on a numeric response to a
hidden call either..
Yeah Kostas posted that I was using an old version and the newest version
used is_numeric, if thats the case then an old version is being distributed
with FR 1.0.1 because that is all I have downloaded and thats what I got.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: [radius] Re: Dialup admin FAQ and question for Kostas
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of Nick Marino
> Sent: 02 January 2005 15:03
> To: freeradius-users@lists.freeradius.org
> Subject: Re: [radius] Re: Dialup admin FAQ and question for Kostas
>
> - Original Message -
> From: "Kostas Kalevras" <[EMAIL PROTECTED]>
> To:
> Sent: Sunday, January 02, 2005 6:50 AM
> Subject: [radius] Re: Dialup admin FAQ and question for Kostas
>
>
> > On Sun, 2 Jan 2005, Nick Marino wrote:
> >
> >> Where is the lastest version of the dialup admin faq located?
> >
> > cvs:dialup_admin/doc
> >
> >>
> >> And what would cause the Find User function to only return
> 10 in the list
> >> no matter what you
> >> set MAX RESULTS for in the form?
> >
> > You 're probably using spaces in the max results number. If
> the number is
> > not numeric, it will be set automatically to 10. It works
> just fine here.
> >
>
> Nope no spaces in the max result,
>
> Appearntly it is failing this test in find.php3 in the lib folder:
>
> $link = @da_sql_pconnect($config);
> if ($link){
> $search = da_sql_escape_string($search);
> if (!is_int($max_results))
> $max_results = 10;
>
> What makes $link true?
This is a guess, but when da_sql_pconnect is being called because of the @
it's not throwing out it's error, thus causing da_sql_pconnect to return
false, making $link false :)
it's probably no the best idea to use is_int on a numeric response to a
hidden call either..
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] Re: Dialup admin FAQ and question for Kostas
- Original Message -
From: "Kostas Kalevras" <[EMAIL PROTECTED]>
To:
Sent: Sunday, January 02, 2005 9:05 AM
Subject: Re: [radius] Re: Dialup admin FAQ and question for Kostas
On Sun, 2 Jan 2005, Nick Marino wrote:
- Original Message - From: "Kostas Kalevras" <[EMAIL PROTECTED]>
To:
Sent: Sunday, January 02, 2005 6:50 AM
Subject: [radius] Re: Dialup admin FAQ and question for Kostas
On Sun, 2 Jan 2005, Nick Marino wrote:
Where is the lastest version of the dialup admin faq located?
cvs:dialup_admin/doc
And what would cause the Find User function to only return 10 in the
list no matter what you
set MAX RESULTS for in the form?
You 're probably using spaces in the max results number. If the number
is not numeric, it will be set automatically to 10. It works just fine
here.
Nope no spaces in the max result,
Appearntly it is failing this test in find.php3 in the lib folder:
$link = @da_sql_pconnect($config);
if ($link){
$search = da_sql_escape_string($search);
if (!is_int($max_results))
$max_results = 10;
You 're using an older version of dialupadmin. In the new version
is_numeric is used instead of is_int.
Ok well its the version that came with FreeRadius 1.0.1 that I downloaded.
How can I update just Dialup admin, cvs? what would the command be?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] Re: Dialup admin FAQ and question for Kostas
On Sun, 2 Jan 2005, Nick Marino wrote:
- Original Message - From: "Kostas Kalevras" <[EMAIL PROTECTED]>
To:
Sent: Sunday, January 02, 2005 6:50 AM
Subject: [radius] Re: Dialup admin FAQ and question for Kostas
On Sun, 2 Jan 2005, Nick Marino wrote:
Where is the lastest version of the dialup admin faq located?
cvs:dialup_admin/doc
And what would cause the Find User function to only return 10 in the list
no matter what you
set MAX RESULTS for in the form?
You 're probably using spaces in the max results number. If the number is
not numeric, it will be set automatically to 10. It works just fine here.
Nope no spaces in the max result,
Appearntly it is failing this test in find.php3 in the lib folder:
$link = @da_sql_pconnect($config);
if ($link){
$search = da_sql_escape_string($search);
if (!is_int($max_results))
$max_results = 10;
You 're using an older version of dialupadmin. In the new version is_numeric is
used instead of is_int.
What makes $link true?
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] Re: Dialup admin FAQ and question for Kostas
- Original Message -
From: "Kostas Kalevras" <[EMAIL PROTECTED]>
To:
Sent: Sunday, January 02, 2005 6:50 AM
Subject: [radius] Re: Dialup admin FAQ and question for Kostas
On Sun, 2 Jan 2005, Nick Marino wrote:
Where is the lastest version of the dialup admin faq located?
cvs:dialup_admin/doc
And what would cause the Find User function to only return 10 in the list
no matter what you
set MAX RESULTS for in the form?
You 're probably using spaces in the max results number. If the number is
not numeric, it will be set automatically to 10. It works just fine here.
Nope no spaces in the max result,
Appearntly it is failing this test in find.php3 in the lib folder:
$link = @da_sql_pconnect($config);
if ($link){
$search = da_sql_escape_string($search);
if (!is_int($max_results))
$max_results = 10;
What makes $link true?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dialup admin FAQ and question for Kostas
On Sun, 2 Jan 2005, Nick Marino wrote: Where is the lastest version of the dialup admin faq located? cvs:dialup_admin/doc And what would cause the Find User function to only return 10 in the list no matter what you set MAX RESULTS for in the form? You 're probably using spaces in the max results number. If the number is not numeric, it will be set automatically to 10. It works just fine here. Nick Marino - IT Solutions - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dialup admin FAQ and question for Kostas
Where is the lastest version of the dialup admin faq located? And what would cause the Find User function to only return 10 in the list no matter what you set MAX RESULTS for in the form? Nick Marino - IT Solutions - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Please update FAQ, was Re: Ldap-Group, Login-Time not working?
Gavin White <[EMAIL PROTECTED]> wrote: > The faq at http://www.freeradius.org/faq/#5.3 has the '=' syntax. I've > cc'd the maintainer. Fixed, thanks. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Please update FAQ, was Re: Ldap-Group, Login-Time not working?
DEFAULT Ldap-Group == "sundayonly", Login-Time = "2000-0500", Auth-Type := LDAP Fall-Through = Yes Okay, looking at this more closely I think you need to use the := operator because this is a check item. Try Login-Time := "Al2000-0500" Keith Yoder Reply-Message = "You are calling outside your allowed timespan\r\n" Superb! Thank you Keith. The faq at http://www.freeradius.org/faq/#5.3 has the '=' syntax. I've cc'd the maintainer. Thanks again, Gavin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
pam_radius_auth FAQ
Hi I have downloaded and installed pam_radius_auth on a Gentoo Linux box. It sort-of works, however not always as I expect. Before I bore the list with trivial questions which might have been answered previously, perhaps someone can point me in the direction of an FAQ or some more background information than just http://www.freeradius.org/pam_radius_auth/. Any advise appreciated. Thanks in advance. Best regards, Simon Wesche - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FaQ question?
I think you'll find there are plenty of examples of it being used in a production environment - I think that is just more of a "Don't blame us if something goes wrong" clause :D -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, 4 March 2004 3:55 PM To: [EMAIL PROTECTED] Subject: FaQ question? -- Hi all I checked that the FAQ 1.4 and section 2.1 The freeradius is in beta and not for public use ls it old information? I would like to have this radius server for DSL authentication as production server Thank you - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FaQ question?
-- Hi all I checked that the FAQ 1.4 and section 2.1 The freeradius is in beta and not for public use ls it old information? I would like to have this radius server for DSL authentication as production server Thank you - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
