Re: CentOS 6.3 and FreeRadius - can't authenticate to Unix
On 10/30/2012 03:23 AM, Alan DeKok wrote: Fajar A. Nugraha wrote: What's the recommended method for authenticating against Linux system users? I thought pam was the better one? Maybe. getpwent() or getspwent() should work. Also, is the "big warning" still valid? Likely, yes. I've been avoiding PAM for nearly a decade now. It's not as bad as libtool, but it's pretty crazy. FWIW pam is used extensively on Red Hat systems. I'm not aware of any glaring problems deserving the recommendation not to use it. That said I'm no lover of pam, it's not designed well and if it ever got replaced I don't think there would be many tears shed. Be that as it may it's still central to most system authentication. John -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CentOS 6.3 and FreeRadius - can't authenticate to Unix
Fajar A. Nugraha wrote: > What's the recommended method for authenticating against Linux system > users? I thought pam was the better one? Maybe. getpwent() or getspwent() should work. > Also, is the "big warning" still valid? Likely, yes. I've been avoiding PAM for nearly a decade now. It's not as bad as libtool, but it's pretty crazy. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CentOS 6.3 and FreeRadius - can't authenticate to Unix
On Tue, Oct 30, 2012 at 2:04 PM, Alan DeKok wrote: >> ++[unix] returns notfound > > That's pretty definitive. The user isn't in /etc/passwd, or > /etc/shadow. Or, the server can't read it. What's the recommended method for authenticating against Linux system users? I thought pam was the better one? Also, is the "big warning" still valid? " # WARNING: On many systems, the system PAM libraries have # memory leaks! We STRONGLY SUGGEST that you do not # use PAM for authentication, due to those memory leaks. " -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CentOS 6.3 and FreeRadius - can't authenticate to Unix
Jacobs, Joseph wrote: > I’m trying to set up Freeradius to authenticate against the local Linux > user accounts. .. > joe2 Auth-Type := System (I’ve tried this with both := and =) Don't do that. > bob Cleartext-Password := "hello" OK. Then: > [files] users: Matched entry bob at line 8 That makes sense. > Sending Access-Accept of id 124 to 127.0.0.1 port 54241 So that works. > When I run “radtest joe2 secret localhost 0 testing1234” ... > ++[unix] returns notfound That's pretty definitive. The user isn't in /etc/passwd, or /etc/shadow. Or, the server can't read it. > [files] users: Matched entry joe2 at line 6 That entry is wrong, delete it. > One of the steps involved putting the group for freeradius to be > “shadow” but there is no “shadow” group in the group file in CentOS 6.3. That's fine. If you're running the server as root, that isn't necessary. > I also did confirm that I can log into my server using joe2 / secret > password. Well, FreeRADIUS asks the system for "joe2"s password. It says "not found". Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CentOS 6.3 and FreeRadius - can't authenticate to Unix
Read the getting started how-to's found here: http://deployingradius.com/ Read the documentation in /etc/raddb/sites-enabled/default paying attention to which module reads passwords out of /etc/shadow Read the debug output, especially lines that begin with "WARNING!" Do not force Auth-Type in the users file or anywhere else, it's wrong 99% of the time. There is no credible documentation which says to do this. When asking for help follow the instructions by including the full debug output, not snippets. HTH, John -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[SOLVED] RE: Centos 6 Compile error
Thanks for the expert advices guys! That worked like a charm. David -Original Message- From: freeradius-users-bounces+davidp=wirelessconnections@lists.freeradius.org [mailto:freeradius-users-bounces+davidp=wirelessconnections.net@lists.freera dius.org] On Behalf Of David Peterson Sent: Tuesday, March 13, 2012 8:01 AM To: FreeRadius users mailing list Subject: RE: Centos 6 Compile error I am checking out the master, should I be using something earlier? David -Original Message- From: Fajar A. Nugraha [mailto:l...@fajar.net] Sent: Tuesday, March 13, 2012 7:21 AM To: David Peterson-WirelessConnections; FreeRadius users mailing list Subject: Re: Centos 6 Compile error On Tue, Mar 13, 2012 at 6:12 PM, David Peterson wrote: > Has anyone seen this error? I am not sure what might be missing: > > In file included from rlm_eap_pwd.h:37, > from rlm_eap_pwd.c:39: > eap_pwd.h:42:24: error: openssl/ec.h: No such file or directory You didn't mention which version you're compiling. 2.1.12 compiles just fine. Anyway, I'd start on that last line. You're probably missing openssl-devel or something similar (try "yum provides */ec.h") -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Centos 6 Compile error
David Peterson Wrote: > Sent: Tuesday, March 13, 2012 7:12 AM > To: FreeRadius users mailing list > Subject: Centos 6 Compile error > > Has anyone seen this error? I am not sure what might be missing: RHEL variants don't include EC support in OpenSSL due to some licensing/patent/whatnot issues. Just delete the src/modules/rlm_eap/types/rlm_eap_pwd source code directory and it will compile fine. It is likely you are not going to be using that submodule anyway. -- Brian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Centos 6 Compile error
On Tue, Mar 13, 2012 at 7:01 PM, David Peterson wrote: > I am checking out the master, should I be using something earlier? Depends on what you need, actually. If you're interested in helping bug-hunting, or try out 3.0-only new features, then it's the right source. But as Alan mentioned, the required components needed to compile apparently isn't present in RHEL/Centos 6. If you want latest version from git which would be the next stable (when it's released), use v2.1.x. If you want latest stable release, use 2.1.12. If you only want something that just works with minimal effort, the bundled, slightly-older FR version should work just fine. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Centos 6 Compile error
I am checking out the master, should I be using something earlier? David -Original Message- From: Fajar A. Nugraha [mailto:l...@fajar.net] Sent: Tuesday, March 13, 2012 7:21 AM To: David Peterson-WirelessConnections; FreeRadius users mailing list Subject: Re: Centos 6 Compile error On Tue, Mar 13, 2012 at 6:12 PM, David Peterson wrote: > Has anyone seen this error? I am not sure what might be missing: > > In file included from rlm_eap_pwd.h:37, > from rlm_eap_pwd.c:39: > eap_pwd.h:42:24: error: openssl/ec.h: No such file or directory You didn't mention which version you're compiling. 2.1.12 compiles just fine. Anyway, I'd start on that last line. You're probably missing openssl-devel or something similar (try "yum provides */ec.h") -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Centos 6 Compile error
On Tue, Mar 13, 2012 at 6:12 PM, David Peterson wrote: > Has anyone seen this error? I am not sure what might be missing: > > In file included from rlm_eap_pwd.h:37, > from rlm_eap_pwd.c:39: > eap_pwd.h:42:24: error: openssl/ec.h: No such file or directory You didn't mention which version you're compiling. 2.1.12 compiles just fine. Anyway, I'd start on that last line. You're probably missing openssl-devel or something similar (try "yum provides */ec.h") -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Centos 6 Compile error
Hi, > Has anyone seen this error? I am not sure what might be missing: ECC support in OpenSSL - Redhat and their derivitives dont have it. you will need to not have EAP-PWD present and it will then compile not sure when/if Redhat will have ECC supportsome policy decision. rm -rf src/modules/rlm_eap/types/rlm_eap_pwd alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Centos Yum Packages
John Dennis wrote: > RHEL 6 which is under development and is currently in beta testing does > have FreeRADIUS 2.1.8. So a possible solution would be to upgrade from > RHEL 5 to RHEL 6. If FreeRADIUS 2.1.9 is released shortly I *may* be > able to get it into RHEL 6, 2.1.9 should be released in a week or two. > Another solution is to stabilize FreeRADIUS such that the need for > frequent version upgrades is not necessary. Rather than adding new > features focus on bug elimination. Some projects have a stable branch > and an "future" branch. The pace of version releases for FreeRADIUS is > "brisk". While that has many merits and the FreeRADIUS developers should > be applauded for their prolific contributions it also has some > downsides, mainly it conflicts with the goals of enterprise stability. A > stable branch would be a much better fit for an enterprise distribution > such as RHEL. 'git' has made this easier. There's a v2.1.x branch, a 'stable' branch, and a 'master' branch. v2.1.x: bug fixes only (2.1.9 so far has one minor feature over 2.1.8) stable: new development master: deprecated, will likely be replaced by 'stable'. We should be able to release 2.2.0 in a month or two. It will contain API changes that are incompatible with 2.1.x, and 2.0.x. All external modules will need to be updated. 2.1.9 is the "bug fix only" branch. We may even have a 2.1.10 and a 2.1.11. > Stability vs. features is just one of the classic trade-offs in computer > science, just like memory usage vs. processor cycles. They really are > polar ends in continuous spectrum, RHEL clearly targets one end of that > spectrum and as a consequence you lose out on the other end. While on > the other hand Fedora focuses on the other end. We do both independently > (Fedora and RHEL), but we can't do both in one distribution. Switching from CVS to git has made this a lot easier. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Centos Yum Packages
On 04/19/2010 06:41 PM, Andrew Paternoster wrote: So what's the best way to move forward with this? It is possible for someone to take over what jdennis was providing with his YUM resp? Or do we all have to go back to building for the source if we want the latest ver? You can follow the instructions posted here: http://wiki.freeradius.org/Red_Hat_FAQ In the section labeled "How to build an SRPM" that will give you the latest version on any RHEL/CentOS system. Sorry I cannot provide pre-built RPM's for RHEL when the package is already in a RHEL distribution channel. BTW, that prohibition extends to EPEL as well. The reason is simple. Our support organization cannot provide support for packages we didn't build and distribute, if we did we would effectively be supporting any binary which could be found on the internet, an obviously impossible support scenario. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Centos Yum Packages
So what's the best way to move forward with this? It is possible for someone to take over what jdennis was providing with his YUM resp? Or do we all have to go back to building for the source if we want the latest ver? Thanks -- Andrew Paternoster GPK Computers Pty Ltd T 1300 854 223 F 1300 854 228 --- The information contained in or accompanying this e-mail is intended only for the use of the stated recipient and may contain information that is confidential and/or privileged. If the reader is not the intended recipient or the agent thereof, you are hereby notified that any dissemination, distribution or copying of this e-mail is strictly prohibited and may constitute a breach of confidence and/or privilege. If you have received this e-mail in error, please notify us immediately. Any views or opinions presented are those solely of the author and do not necessarily represent those of GPK Computers Pty Ltd.. Warning: Although the company has taken reasonable precautions to ensure no viruses are present in this e-mail, the company cannot accept responsibility for any loss or damage arising from the use of this e-mail or attachments --- Did you know that you can now log faults just by sending an email to supp...@gpk.net.ausenior System Engineer-Original Message- From: freeradius-users-bounces+andrew=gpk.net...@lists.freeradius.org [mailto:freeradius-users-bounces+andrew=gpk.net...@lists.freeradius.org] On Behalf Of Alan Buxey Sent: Tuesday, 20 April 2010 2:16 AM To: John Dennis Cc: FreeRadius users mailing list Subject: Re: Centos Yum Packages Hi, > Another solution is to stabilize FreeRADIUS such that the need for > frequent version upgrades is not necessary. Rather than adding new > features focus on bug elimination. Some projects have a stable branch > and an "future" branch. The pace of version releases for FreeRADIUS is > "brisk". While that has many merits and the FreeRADIUS developers should > be applauded for their prolific contributions it also has some > downsides, mainly it conflicts with the goals of enterprise stability. A > stable branch would be a much better fit for an enterprise distribution > such as RHEL. ..and thats about to happen. historically this was FR 2.0.x v's 2.1.x but all the drive from people was functions...so 2.1.x got the work. however...and from recent emails..the plan is that 2.1.x will now curtail new features and will work on bug-fixesall new exciting features are to be in 2.2.x > spectrum and as a consequence you lose out on the other end. While on > the other hand Fedora focuses on the other end. We do both independently > (Fedora and RHEL), but we can't do both in one distribution. :-) i prefer a stable distribution to be one in which the base is solid and i can run whatever unstable/dodgy/bleeding edge stuff on it that i want , safe in the knowledge that it wont be the OS to blame when thigns go bang. for this reason, the marriage of a RHEL foundation with self-build packages for end-users services is the ultimate mix. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Information from ESET NOD32 Antivirus, version of virus signature database 5041 (20100419) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 5041 (20100419) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Centos Yum Packages
Hi, > Another solution is to stabilize FreeRADIUS such that the need for > frequent version upgrades is not necessary. Rather than adding new > features focus on bug elimination. Some projects have a stable branch > and an "future" branch. The pace of version releases for FreeRADIUS is > "brisk". While that has many merits and the FreeRADIUS developers should > be applauded for their prolific contributions it also has some > downsides, mainly it conflicts with the goals of enterprise stability. A > stable branch would be a much better fit for an enterprise distribution > such as RHEL. ..and thats about to happen. historically this was FR 2.0.x v's 2.1.x but all the drive from people was functions...so 2.1.x got the work. however...and from recent emails..the plan is that 2.1.x will now curtail new features and will work on bug-fixesall new exciting features are to be in 2.2.x > spectrum and as a consequence you lose out on the other end. While on > the other hand Fedora focuses on the other end. We do both independently > (Fedora and RHEL), but we can't do both in one distribution. :-) i prefer a stable distribution to be one in which the base is solid and i can run whatever unstable/dodgy/bleeding edge stuff on it that i want , safe in the knowledge that it wont be the OS to blame when thigns go bang. for this reason, the marriage of a RHEL foundation with self-build packages for end-users services is the ultimate mix. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Centos Yum Packages
On 04/19/2010 11:28 AM, John Dennis wrote: The simple answer is that you shouldn't expect FreeRADIUS to be rebased in RHEL, however if there are enough customer issues with FreeRADIUS 2.1.7 it can be brought up for consideration. I do want to clarify the above. The general procedure in RHEL is when a *customer* reports a bug in a package we check upstream and see if they have a fix, if so we "backport" the fix into the existing version in RHEL. If upstream does not have a fix we develop a fix and give it to upstream. In either case the net result is a "surgical" fix insertion into the existing package version in RHEL, not a version upgrade, the version stays the same (with a bumped release number). Thus during the life-cylce of a RHEL major release a number of packages will have had surgical fixes (patches) applied to them based on customer needs. The idea here is that a surgical fix is less likely to break things than importing an entirely never version of the package without control over the changes. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Centos Yum Packages
On 04/19/2010 10:40 AM, Alan Buxey wrote: Hi, for their 5.5 update. They usually follow the Red Hat release by a few weeks. (Or you might consider installing RHEL :-) Also you might want to be aware the RHEL 5.5 update contains FreeRADIUS 2.1.7, not 2.1.8 because 2.1.8 was not available when RHEL 5.5 was frozen. given that 2.1.8 was bug fixes...and 2.1.9 will be likewise...with no new feature/method changesthen i'd hope that 2.1.8 (or 2.1.9) will just appear in 5.5 later as a security/bug update that yum etc get and install later...just like any other package update? ie should we worry that 2.1.7 was the point release at freeze time? The general RHEL policy is *not* to rebase packages (i.e. change to higher upstream releases). This is done for stability reasons. However some isolated packages are permitted to be rebased, maily desktop applications such as firefox. Rebasing servers is something which rightly gives RHEL engineering management heartburn and sleepless nights wondering how that might break thousands of critical customer installations. The simple answer is that you shouldn't expect FreeRADIUS to be rebased in RHEL, however if there are enough customer issues with FreeRADIUS 2.1.7 it can be brought up for consideration. RHEL 6 which is under development and is currently in beta testing does have FreeRADIUS 2.1.8. So a possible solution would be to upgrade from RHEL 5 to RHEL 6. If FreeRADIUS 2.1.9 is released shortly I *may* be able to get it into RHEL 6, but as I said RHEL is extremely conservative and modifying versions that have already been through alpha and beta is deeply frowned upon, I wouldn't count on it. If you really want to always have available the latest upstream releases of any package then electing to install an enterprise distribution whose primary goal is stability is not the right choice (in fact the two are mutually exclusive). The correct selection of a cutting edge distribution with the latest upstream release would be Fedora, not RHEL. Fedora is the proving ground for subsequent *major* RHEL releases. Another solution is to stabilize FreeRADIUS such that the need for frequent version upgrades is not necessary. Rather than adding new features focus on bug elimination. Some projects have a stable branch and an "future" branch. The pace of version releases for FreeRADIUS is "brisk". While that has many merits and the FreeRADIUS developers should be applauded for their prolific contributions it also has some downsides, mainly it conflicts with the goals of enterprise stability. A stable branch would be a much better fit for an enterprise distribution such as RHEL. Stability vs. features is just one of the classic trade-offs in computer science, just like memory usage vs. processor cycles. They really are polar ends in continuous spectrum, RHEL clearly targets one end of that spectrum and as a consequence you lose out on the other end. While on the other hand Fedora focuses on the other end. We do both independently (Fedora and RHEL), but we can't do both in one distribution. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Centos Yum Packages
Hi, > for their 5.5 update. They usually follow the Red Hat release by a few > weeks. (Or you might consider installing RHEL :-) > > Also you might want to be aware the RHEL 5.5 update contains FreeRADIUS > 2.1.7, not 2.1.8 because 2.1.8 was not available when RHEL 5.5 was frozen. given that 2.1.8 was bug fixes...and 2.1.9 will be likewise...with no new feature/method changesthen i'd hope that 2.1.8 (or 2.1.9) will just appear in 5.5 later as a security/bug update that yum etc get and install later...just like any other package update? ie should we worry that 2.1.7 was the point release at freeze time? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Centos Yum Packages
On 04/18/2010 07:17 PM, Andrew Paternoster wrote: Hi List Just wondering how to install Freeradius on Centos 5.4 using YUM now that the "Tech preview" is over for redhat. Your best bet is to contact centos.org and find out what their plans are for their 5.5 update. They usually follow the Red Hat release by a few weeks. (Or you might consider installing RHEL :-) Also you might want to be aware the RHEL 5.5 update contains FreeRADIUS 2.1.7, not 2.1.8 because 2.1.8 was not available when RHEL 5.5 was frozen. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Centos 5.3 problem
> I was running freeradius 2.0.5 on my Centos 5.2 server > using rlm_perl. When I upgraded to 5.3 I get : > > "rlm_perl: perl_parse failed: /billing/bin/billing.pl not found or has > syntax errors." > > I googled it and found that this may be caused by libperl.so not being > linked properly or Data::Dumper that needs to be recompiled. I have done > everything that the mailing list suggested but the problem persists. > Debug billing.pl in the IDE (get something like EPIC). Trace it and you should find exactly what's wrong. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Centos 5.3 problem [SOLVED]
It was a cifs problem. The script was being shared by a samba server and after the upgrade I got : Setuid/gid script is writable by world. And this made radius to fail. I moved the script locally and it works. Apostolos Pantsiopoulos wrote: I was running freeradius 2.0.5 on my Centos 5.2 server using rlm_perl. When I upgraded to 5.3 I get : "rlm_perl: perl_parse failed: /billing/bin/billing.pl not found or has syntax errors." I googled it and found that this may be caused by libperl.so not being linked properly or Data::Dumper that needs to be recompiled. I have done everything that the mailing list suggested but the problem persists. Any ideas -- --- Apostolos Pantsiopoulos Kinetix Tele.com R & D email: r...@kinetix.gr --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Centos 5.2 How To
On Thu, Nov 27, 2008 at 08:48:17PM +, [EMAIL PROTECTED] wrote: > I've gone down the route of using the SPEC file to build the latest > release several times - but in most cases its just GIT repository all > the time > > (the main issue with RPMs is they give the idea of stability > and often are ancientif few users are using the latest > release then certain issues/bugs are never discovered until > some time later - if buggy and RPM then a quick package > update release is painless for the vast majority on packages > - theres no reason why 1.1.x is still the flavour du jour for > distros Your comments are valid. But if I "backport" (as I call it) a Fedora package to some RHEL release, I also look at the difference with the old RHEL spec file, I look at open bugs, etc. Sometimes this takes some time. Still, the package will not get the "care" original RHEL packages get (although some do not have the quality you would expect) and that's the reason that I try to stick with RHEL packages (and the older package versions) whenever possible. For FreeRADIUS, that I needed for an set of RHEL4 packages, I did use newer packages, as I needed a few things that were just more mature in recent versions. -- --Jos Vos <[EMAIL PROTECTED]> --X/OS Experts in Open Systems BV | Phone: +31 20 6938364 --Amsterdam, The Netherlands| Fax: +31 20 6948204 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Centos 5.2 How To
Hi, > Or what else? Is just running ./confugure; make; make install (and > not using RPMs at all) better than taking a Fedora src.rpm to start with? for some people, yes (though only so long as all the supporting libraries and dev packages have been installed via RPM first ;-) ) I've gone down the route of using the SPEC file to build the latest release several times - but in most cases its just GIT repository all the time (the main issue with RPMs is they give the idea of stability and often are ancientif few users are using the latest release then certain issues/bugs are never discovered until some time later - if buggy and RPM then a quick package update release is painless for the vast majority on packages - theres no reason why 1.1.x is still the flavour du jour for distros alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Centos 5.2 How To
On Thu, Nov 27, 2008 at 06:00:20PM +0100, Marinko Tarlac wrote: > >Just one comment from a system management point of view: if you run > >CentOS, meant as a stable production OS, you probably wants to care > >for not screwing up your system. Installing software without an > >RPM, especially software that already is provided by the distro > >itself, is the *worst* thing someone can do. > Your opinion is not always good. In this case, you're wrong. CentOS goes > with FR 1.1.3 and it is few years behind 2.1.1 This issue was addressed in my second paragraph... > Rebuilding Fedora packages is a NO-No for me because Fedora is a test > distro and it is good if you need new ideas, packages, test software, > etc. ... Using Fedora packages sometimes can produce more pain than any > other idea. I do not suggest to use Fedora binary packages, but I propose to use the Fedora src.rpm's as a base (often this is ok) for a proper new CentOS/RHEL package for your own use. Or what else? Is just running ./confugure; make; make install (and not using RPMs at all) better than taking a Fedora src.rpm to start with? -- --Jos Vos <[EMAIL PROTECTED]> --X/OS Experts in Open Systems BV | Phone: +31 20 6938364 --Amsterdam, The Netherlands| Fax: +31 20 6948204 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Centos 5.2 How To
Jos Vos wrote: On Thu, Nov 27, 2008 at 03:16:50PM +0100, Marinko Tarlac wrote: configure is your friend. Read output and install what is needed. Just one comment from a system management point of view: if you run CentOS, meant as a stable production OS, you probably wants to care for not screwing up your system. Installing software without an RPM, especially software that already is provided by the distro itself, is the *worst* thing someone can do. Your opinion is not always good. In this case, you're wrong. CentOS goes with FR 1.1.3 and it is few years behind 2.1.1 Rebuilding Fedora packages is a NO-No for me because Fedora is a test distro and it is good if you need new ideas, packages, test software, etc. ... Using Fedora packages sometimes can produce more pain than any other idea. MT For RHEL/CentOS, if you're not happy with the distro version (I had the same problem with CentOS 4), you should carefully backport (often a rebuild is enough) a recent Fedora RPM and install that. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Centos 5.2 How To
Where a particular distro typically supports a particular application, like FreeRadius, through its normal repository/package manager it is a very bad idea to simply configure/build from source. The original poster of this assertion is absolutely correct. The .spec for the rpmbuild often calls out specific alterations/augmentations required for that specific Linux distro, often dealing with things that are not covered in the more general .src package like SELinux and such. It may also tailor directories as required for that distro. And there is a myriad of other conditions. The real trouble can happen when an upgrade becomes available in the repo and your source build gets overlaid, sorta kinda, by the package which I've had trash more then one working system - before I learned my lesson. You can also end up with older versions getting installed because the package manager is not aware of the newer version. Without intimate knowledge of the true differences for a given package, always doing an rpmbuild from valid .spec, where this is an option, is to error on the side of caution. Not heading this advice is likely to case a lot of pain, frustration and frantic posts to mail lists like this that could have been avoided. -Ted- [EMAIL PROTECTED] wrote: Hi, Just one comment from a system management point of view: if you run CentOS, meant as a stable production OS, you probably wants to care for not screwing up your system. Installing software without an RPM, especially software that already is provided by the distro itself, is the *worst* thing someone can do. only for the sake that this mailing list is archived and some PHB will end up reading this and thinking its the truth. rubbish there is nothing wrong with using software from source and then using the system libraries and compiler to make it. if it was bad then the first thing distros in general would do is NOT supply gcc, make, g77 et al. For RHEL/CentOS, if you're not happy with the distro version (I had the same problem with CentOS 4), you should carefully backport (often a rebuild is enough) a recent Fedora RPM and install that. and the difference between rpmbuild and ./configure itself is the fact that the package is then treated like other packages. fine. but if all your homebuilt stuff lives out of the system tree - eg in /opt or /usr/local/ then you can delete all the non RPM stuff whenever you like alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Centos 5.2 How To
Hi, > Just one comment from a system management point of view: if you run > CentOS, meant as a stable production OS, you probably wants to care > for not screwing up your system. Installing software without an > RPM, especially software that already is provided by the distro > itself, is the *worst* thing someone can do. only for the sake that this mailing list is archived and some PHB will end up reading this and thinking its the truth. rubbish there is nothing wrong with using software from source and then using the system libraries and compiler to make it. if it was bad then the first thing distros in general would do is NOT supply gcc, make, g77 et al. > For RHEL/CentOS, if you're not happy with the distro version (I had > the same problem with CentOS 4), you should carefully backport > (often a rebuild is enough) a recent Fedora RPM and install that. and the difference between rpmbuild and ./configure itself is the fact that the package is then treated like other packages. fine. but if all your homebuilt stuff lives out of the system tree - eg in /opt or /usr/local/ then you can delete all the non RPM stuff whenever you like alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Centos 5.2 How To
>I managed to get it started, When i do a radcheck i now get the >following error... > .. >users: Matched entry DEFAULT at line 152 .. >rlm_sql (sql): sql_set_user escaped user --> 'radius' >radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM >radcheck WHERE Username = 'radius' ORDER BY id' >rlm_sql (sql): Reserving sql socket id: 3 >rlm_sql (sql): User radius not found in radcheck .. > rad_check_password: Found Auth-Type System >auth: type "System" 1. This is something ancient. Why didn't you install the new version? 2. In order to prevent future problems comment out the DEFAULT entry in users file setting Auth-Type System. 3. There is no entry for user radius in radcheck table. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Centos 5.2 How To
Thanks guys, I managed to get it started, When i do a radcheck i now get the following error... rad_recv: Access-Request packet from host 127.0.0.1:38949, id=33, length=58 User-Name = "radius" User-Password = "radpass" NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "radius", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry DEFAULT at line 152 modcall[authorize]: module "files" returns ok for request 0 radius_xlat: 'radius' rlm_sql (sql): sql_set_user escaped user --> 'radius' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'radius' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 3 rlm_sql (sql): User radius not found in radcheck radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'radius' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' rlm_sql_mysql: MYSQL check_error: 1146 received rlm_sql_getvpdata: database query error radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'radius' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql_mysql: MYSQL check_error: 1146 received rlm_sql_getvpdata: database query error rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module "sql" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type System auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 modcall[authenticate]: module "unix" returns notfound for request 0 modcall: leaving group authenticate (returns notfound) for request 0 auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 33 to 127.0.0.1 port 38949 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 33 with timestamp 492ea321 Nothing to do. Sleeping until we see a request. I have a feeling it is looking for a record in the radgroupcheck table, but this table is empty, should there be anything in it? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] org] On Behalf Of Jos Vos Sent: 27 November 2008 16:25 To: FreeRadius users mailing list Subject: Re: Centos 5.2 How To On Thu, Nov 27, 2008 at 03:16:50PM +0100, Marinko Tarlac wrote: > configure is your friend. Read output and install what is needed. Just one comment from a system management point of view: if you run CentOS, meant as a stable production OS, you probably wants to care for not screwing up your system. Installing software without an RPM, especially software that already is provided by the distro itself, is the *worst* thing someone can do. For RHEL/CentOS, if you're not happy with the distro version (I had the same problem with CentOS 4), you should carefully backport (often a rebuild is enough) a recent Fedora RPM and install that. -- --Jos Vos <[EMAIL PROTECTED]> --X/OS Experts in Open Systems BV | Phone: +31 20 6938364 --Amsterdam, The Netherlands| Fax: +31 20 6948204 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Centos 5.2 How To
On Thu, Nov 27, 2008 at 03:16:50PM +0100, Marinko Tarlac wrote: > configure is your friend. Read output and install what is needed. Just one comment from a system management point of view: if you run CentOS, meant as a stable production OS, you probably wants to care for not screwing up your system. Installing software without an RPM, especially software that already is provided by the distro itself, is the *worst* thing someone can do. For RHEL/CentOS, if you're not happy with the distro version (I had the same problem with CentOS 4), you should carefully backport (often a rebuild is enough) a recent Fedora RPM and install that. -- --Jos Vos <[EMAIL PROTECTED]> --X/OS Experts in Open Systems BV | Phone: +31 20 6938364 --Amsterdam, The Netherlands| Fax: +31 20 6948204 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Centos 5.2 How To
#yum install mysql-devel mysql (see what is missing and install it with yum) FreeRadius install from tar.gz archive (www.freeradius.org -> Downloads). 2.1.1 works perfectly. # wget . # tar -xvzf freeradiustar.gz # ./configure # make # make install Location is /usr/local/etc/raddb configure is your friend. Read output and install what is needed. On Thu, Nov 27, 2008 at 2:38 PM, Alan DeKok <[EMAIL PROTECTED]>wrote: > Bashir Jahed wrote: > > Ok, > > > > I have re-installed, updated, installed freeradius. Freeradius-mysql, > > mysql, mysql-devel. Created db, imported tables from examples in > > /usr.share/doc/freradius/.../...sql as per docs. Created db user, edited > > sql.conf file to match, uncommented sql in authorize and accounting > > section of radius.conf, still get the following error: > > > > ERROR: Cannot find a configuration entry for module "sql". > > The "sql.conf" file is included from the default radiusd.conf. The > only time you get this error is if you edited the radiusd.conf file, and > deleted the line that references sql.conf. > > Please START with the default configuration files, and THEN make minor > edits to customize it for your system. See "man radiusd" for help. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Centos 5.2 How To
Bashir Jahed wrote: > Ok, > > I have re-installed, updated, installed freeradius. Freeradius-mysql, > mysql, mysql-devel. Created db, imported tables from examples in > /usr.share/doc/freradius/.../...sql as per docs. Created db user, edited > sql.conf file to match, uncommented sql in authorize and accounting > section of radius.conf, still get the following error: > > ERROR: Cannot find a configuration entry for module "sql". The "sql.conf" file is included from the default radiusd.conf. The only time you get this error is if you edited the radiusd.conf file, and deleted the line that references sql.conf. Please START with the default configuration files, and THEN make minor edits to customize it for your system. See "man radiusd" for help. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Centos 5.2 How To
Ok, I have re-installed, updated, installed freeradius. Freeradius-mysql, mysql, mysql-devel. Created db, imported tables from examples in /usr.share/doc/freradius/.../...sql as per docs. Created db user, edited sql.conf file to match, uncommented sql in authorize and accounting section of radius.conf, still get the following error: ERROR: Cannot find a configuration entry for module "sql". radiusd.conf[1844] Unknown module "sql". radiusd.conf[1773] Failed to parse authorize section. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] org] On Behalf Of Jos Vos Sent: 27 November 2008 11:30 To: FreeRadius users mailing list Subject: Re: Centos 5.2 How To On Thu, Nov 27, 2008 at 11:19:52AM +0200, Bashir Jahed wrote: > I installed from rpm, rpmbuild against kernel from the src file. > Installed all modules put out by build as well as all modules for > freeradius via yum. What is the best way to install freeradius, via > source/yum or rpm? Not sure what you did. There are roughly two ways: - Just use the RPMs from CentOS, install via yum, do not build anything yourself. Note that this is an old (1.1.3) version of FreeRADIUS, whicht might or work not ok for you. - Build a newer version. I personally recommend strongly to use a recent Fedora src.rpm for that, as these RPMs are "compatible" (or integrated, or whatever you want to call it) with RHEL/Fedora distros (F9 has 2.0.2, F10 had 2.1.1). After you've build the RPMs, you can still install these with yum (yum --nogpgcheck your.rpm ...) to solve dependencies. -- --Jos Vos <[EMAIL PROTECTED]> --X/OS Experts in Open Systems BV | Phone: +31 20 6938364 --Amsterdam, The Netherlands| Fax: +31 20 6948204 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Centos 5.2 How To
On Thu, Nov 27, 2008 at 11:19:52AM +0200, Bashir Jahed wrote: > I installed from rpm, rpmbuild against kernel from the src file. > Installed all modules put out by build as well as all modules for > freeradius via yum. What is the best way to install freeradius, via > source/yum or rpm? Not sure what you did. There are roughly two ways: - Just use the RPMs from CentOS, install via yum, do not build anything yourself. Note that this is an old (1.1.3) version of FreeRADIUS, whicht might or work not ok for you. - Build a newer version. I personally recommend strongly to use a recent Fedora src.rpm for that, as these RPMs are "compatible" (or integrated, or whatever you want to call it) with RHEL/Fedora distros (F9 has 2.0.2, F10 had 2.1.1). After you've build the RPMs, you can still install these with yum (yum --nogpgcheck your.rpm ...) to solve dependencies. -- --Jos Vos <[EMAIL PROTECTED]> --X/OS Experts in Open Systems BV | Phone: +31 20 6938364 --Amsterdam, The Netherlands| Fax: +31 20 6948204 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Centos 5.2 How To
I installed from rpm, rpmbuild against kernel from the src file. Installed all modules put out by build as well as all modules for freeradius via yum. What is the best way to install freeradius, via source/yum or rpm? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] org] On Behalf Of [EMAIL PROTECTED] Sent: 27 November 2008 11:16 To: FreeRadius users mailing list Subject: Re: Centos 5.2 How To Hi, > I have been struggling for days trying to get freeradius installed on > Centos 5.2 i386, I get basic pap authentication working but when i try > and use authentication with mysql as the db i get errors saying "can't > find module sql" when running "radiusd -X" As soon as i uncomment "sql" > in "/etc/radddb/sites-enabled/default" file it starts up with no > problems. did you install via rpm or via source code? if you installed via RPM then you need some additional RPMs - freeradius-mysql being one of them - do a 'yum search freeradius' for more info. if you installed via source, then you need to ensure you have the devel RPM packages installed for all bits of freeradius you need eg openssl-devel for SSL stuff (PEAP, TLS), mysql-devel for Mysql support to be built etc. reading of the ./configure output helps in this instance (./configure | grep "WARN") alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Centos 5.2 How To
Hi, > I have been struggling for days trying to get freeradius installed on > Centos 5.2 i386, I get basic pap authentication working but when i try > and use authentication with mysql as the db i get errors saying "can't > find module sql" when running "radiusd -X" As soon as i uncomment "sql" > in "/etc/radddb/sites-enabled/default" file it starts up with no > problems. did you install via rpm or via source code? if you installed via RPM then you need some additional RPMs - freeradius-mysql being one of them - do a 'yum search freeradius' for more info. if you installed via source, then you need to ensure you have the devel RPM packages installed for all bits of freeradius you need eg openssl-devel for SSL stuff (PEAP, TLS), mysql-devel for Mysql support to be built etc. reading of the ./configure output helps in this instance (./configure | grep "WARN") alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Centos 5.2 How To
Yes I did install it, first thing i did... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] org] On Behalf Of Jos Vos Sent: 27 November 2008 11:10 To: FreeRadius users mailing list Subject: Re: Centos 5.2 How To On Thu, Nov 27, 2008 at 10:50:45AM +0200, Bashir Jahed wrote: > I have been struggling for days trying to get freeradius installed on > Centos 5.2 i386, I get basic pap authentication working but when i try > and use authentication with mysql as the db i get errors saying "can't > find module sql" when running "radiusd -X" As soon as i uncomment "sql" > in "/etc/radddb/sites-enabled/default" file it starts up with no > problems. Did you install "freeradius-mysql"? The MySQL module is in an additional package (at least on RHEL/CentOS/Fedora). -- --Jos Vos <[EMAIL PROTECTED]> --X/OS Experts in Open Systems BV | Phone: +31 20 6938364 --Amsterdam, The Netherlands| Fax: +31 20 6948204 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Centos 5.2 How To
On Thu, Nov 27, 2008 at 10:50:45AM +0200, Bashir Jahed wrote: > I have been struggling for days trying to get freeradius installed on > Centos 5.2 i386, I get basic pap authentication working but when i try > and use authentication with mysql as the db i get errors saying "can't > find module sql" when running "radiusd -X" As soon as i uncomment "sql" > in "/etc/radddb/sites-enabled/default" file it starts up with no > problems. Did you install "freeradius-mysql"? The MySQL module is in an additional package (at least on RHEL/CentOS/Fedora). -- --Jos Vos <[EMAIL PROTECTED]> --X/OS Experts in Open Systems BV | Phone: +31 20 6938364 --Amsterdam, The Netherlands| Fax: +31 20 6948204 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: CentOS
I am using CentOS 4 with FreeRadius 1.0.5 and I just upgraded to 1.1.0 and it works fine so far. I did not use RPM's, but instead did a fresh compile. Pretty straight forward and no errors. Gunther -Original Message- From: Italo Morellato Sent: Friday, February 24, 2006 6:22 AM To: freeradius-users@lists.freeradius.org Subject: CentOS Freeradius 1.1.0 RPM for CentOS 4.2 (smeserver) is possible? Thanks in advance. Italo Morellato - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CentOS
Italo Morellato wrote: Freeradius 1.1.0 RPM for CentOS 4.2 (smeserver) is possible? Thanks in advance. Haven't upgraded to 1.1 yet but 1.05 works great. As for RPM's, I don't know if a spec file is available or not. There are no rpms or other packages unless someone (maybe you) is producing/maintaining them. -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 Off. 325-691-3301 Cell 325-439-0533 fax 325-695-6841 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html