Add the string "debug_level = 2" as the last line of radiusd.conf
At 11:24 AM 12/12/2003, you wrote:
Hello to everyone.
As I have seen in a previous post a bug that occasionaly crashed the
server when it received a HUP signal has been fixed. After compiling
the latest release (0.9.3) on a SUN Ult
At 01:14 PM 12/4/2003, you wrote:
Hi ...
I'm new to this list as well as freeradius. I've installed 0.9.3
and have been trying to figure out how to restrict access to various
framed networks. I was led to believe that freeradius was capable of
doing this but I haven't found anything abou
point:
> Tunnel-Password:0 = "",
> Tunnel-Medium-Type:0 = IP,
> Tunnel-Type:0 = L2TP,
> Tunnel-Server-Endpoint:0 = "xxx.xxx.xxx.xxx"
--haizam
- Original Message -
From: "Chris Brotsos" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent:
(e.g.
Tunnel-Type = :1:L2TP) is correct for, but for FreeRADIUS the
attributes should be configured as follows:
Tunnel-Password:0 = "",
Tunnel-Medium-Type:0 = IP,
Tunnel-Type:0 = L2TP,
Tunnel-Server-Endpoint:0 = "xxx.xxx.xxx.xxx"
HTH,
Chris Brotsos
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Josh,
I don't really deal with the NULL realm, so I'm not 100% sure of a certain
configuration option's actions with said realm, but you might want to try
setting 'wake_all_if_all_dead = yes' in the proxy.conf file. Assuming that
wake_all_if_all_dead works with the NULL realm, this would at lea
At 09:58 PM 10/15/2003, you wrote:
I tried to set the Radius server (0.9.1 on Red Hat 9) so it can do
proxy. I use the sql module for authentication (mysql).
I have two users, [EMAIL PROTECTED]' and 'alex_chen'. in the DB.
I setup the proxy.conf like the followings so that if the proxy server
192.
At 07:30 AM 9/26/2003, you wrote:
Hi,
please help. I want to send more than one IP-Pool-Definition to my
ascend box. Freeradius sends only one of them.
users-file:
"pools-Moritz" Auth-Type := Local, User-Password =="secret"
Service-Type = Dialout-Framed-User,
Asce
dictionary.
Any more help on this is much appreciated.
They are in dictionary.ascend
Chris Brotsos
-Original Message-
From: Brian Foster [mailto:[EMAIL PROTECTED]
Sent: 18 August 2003 15:04
To: '[EMAIL PROTECTED]'
Subject: RE: config dns server in users file
Thanks J
I'll t
in the NAS conf to allow the
use of X-Ascend attributes.
Once that's done, you use the X-Ascend-Client-Primary-DNS,
X-Ascend-Client-Secondary-DNS, and X-Ascend-Client-Assign-DNS attributes to
do what you want.
HTH,
Chris Brotsos
-
List info/subscribe/unsubscribe? See http://www
with the
request->packet->vps. So I go through a loop,
for (send_item = request_pairs...) {
while (check) {
}
if (fail ==0 && pass > 0) {
mypairappend(send_item, &send_tmp);
}
}
pairfree(&request->packet->vps);
request->
At 03:58 AM 8/12/2003, you wrote:
On Mon, 2003-08-11 at 16:45, Chris Brotsos wrote:
> >Another strange thing, if I dialin without a realm, that realm is added
> >after the files section (Proxy-To-Realm =+ realmname). This works for
> >authentication, but not for accounting.
At 09:34 AM 8/11/2003, you wrote:
> I sent the post-proxy patch...you probably hadn't received it by the time
> you sent this.
Yes, I guess I was a little impatient, a bad attitude of me...
> I included a patch this time with the post-proxy() and accounting()
> functions. Pay attention to the accou
stuff about
memset(). I had this version of attr_filter for awhile, and Alan advised me
that the memset function was added to the instantiate function in a later
release. So if you have the "memset(inst, 0, sizeof(*inst));" line in your
instantiate function...that's a good thing
rize function and modifying what
reply_items points to for creating a valid pre-proxy function. The only
semi-tricky mod to attr_filter was making an accounting function ;o).
HTH,
Chris Brotsos
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
At 04:21 PM 7/25/2003, you wrote:
"Guillermo Delmastro" <[EMAIL PROTECTED]> wrote:
> When I do gmake I get this error:
...
> radiusd.o: In function `main':
> /usr/freeradius-0.9.0/src/main/radiusd.c:845: undefined reference to
> `total_active_threads'
Build with support for threads.
Alan DeKok
At 03:30 PM 7/25/2003, you wrote:
Hi
When I do gmake I get this error:
gcc .libs/radiusdS.o -g -O2 -Wall -D_GNU_SOURCE -DNDEBUG -I../include -o
.libs/radiusd radiusd.o files.o util.o acct.o nas.o log.o valuepair.o
version.o proxy.o exec.o auth.o timestr.o conffile.o modules.o modcall.o
session.o
At 02:03 PM 7/18/2003, you wrote:
My first issue, is in the users file, how do I set an attribute to equal
something ONLY if it doesn't exist in the packet?
A DEFAULT profile.
Secondly, with rlm_attr_filter, how do I setup multiple values to allow per
attribute (like for Service-Type, the proxy i
max_request_time then the request will be dropped before the fail-over can
take place.
proxy_requests = yes
$INCLUDE ${confdir}/proxy.conf
authorize {
suffix
files
}
###
And that's about all that should matter. Take a look at your
max_request_time. Is th
At 03:44 PM 7/10/2003, you wrote:
At 03:34 PM 7/10/2003, you wrote:
I am simply not successful in getting fail_over to work running FR 0.8.1
in proxy mode.
I thought the code was there to handle fail_over.
Look for a statement in proxy.c that read, "marking authentication server
%s:%d for realm
At 03:34 PM 7/10/2003, you wrote:
I am simply not successful in getting fail_over to work running FR 0.8.1
in proxy mode.
I thought the code was there to handle fail_over.
Look for a statement in proxy.c that read, "marking authentication server
%s:%d for realm %s dead". Look for code in mainco
xy.conf to deal with that.
Chris Brotsos
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
At 12:49 PM 7/9/2003, you wrote:
Hello.
Is The servers_per_realm a maximum setting, or has it to be exact?
If i have to proxy a realm to say 2 servers, an another to 3 - is it
possible?
I'm pretty sure that the limit was removed when the round-robin code was
re-implemented. Either way, when the li
At 03:41 PM 7/2/2003, you wrote:
It deals with the radius server authenticating, or sending to another
radius server based on the originating DNIS.
Archive Search: "Proxy DNIS"
http://www.mail-archive.com/[EMAIL PROTECTED]/msg16250.html
http://www.mail-archive.com/[EMAIL PROTECTED]/msg12031.html
h
At 06:56 PM 6/30/2003, you wrote:
Hi,
Is it possible to make Proxy Authentication decisions (i.e whether to
forward Auth-Request to another RADIUS or Not) based on
Username\Part_of_username instead of Realms ?
Yes. Use the Proxy-To-Realm attribute. Here are some posts that explain:
http://www.mail
o it? Have someone here ever did that?
Suggestions are welcome.
I think you might want to look at rlm_sqlcounter. There is excellent
documentation too, which is found in /path/to/src/radiusd/doc/rlm_sqlcounter.
HTH,
Chris Brotsos
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sd.conf that is provided with the
distribution."). Looks to me like you have said requirements commented out
in your eap block.
HTH,
Chris Brotsos
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Fix this first.
Unknown attribute SQL-User-Name
modcall[authorize]: module "sql" returns fail
Anyone could tell me why I not seeing a SQL Query on
the screen? Instead I get Unknow attribute SQL-User-
Name
Does your dictionary file include an entry for SQL-User-Name?
Chris Brots
At 10:49 AM 4/3/2003, you wrote:
Thankis Chris,
But I have 10.119.33.184 as well, which doesn't help:
And clients itself should be enough (although obsolete).
O/k, I thought maybe you just missed that by mistake.
I would take Allen's suggestion, and make sure the server is reading the
configur
At 10:31 AM 4/3/2003, you wrote:
Hi,
I'm using freeradius 0.8.1.
I try activating it from actually two types of clients (which worked
successfully against other RADIUS servers).
And keep getting server errors of the form:
Ignoring request from unknown client 10.119.33.184:3458
The client (IP) i
At 02:13 AM 4/1/2003, you wrote:
i'm having problems compiling freeradius v0.8.1 on a solaris 9 machine
with mysql support and any help would be greatly appreciated. here's some
more details on the setup.
solaris 9 (12/02)
freeradius v0.8.1
mysql 3.23.53 (from sunfreeware.com)
mysql base dir is at
At 05:01 PM 3/26/2003, you wrote:
I have the ldflag in the proxy.conf file set to round_robin on all of the
realms we have but the system is not doing a round robin on the servers.
Has anyone got any idea why this might happen or am I using the wrong flag?
What version of FreeRADIUS are you ru
ersion...I
would do that.
Just a note, the disbursement of requests will not necessarily be
A-B-A-B-A-B, but you will get an even spread (i.e. A-B-B-A-A-B) as time
approaches infinity.
Regards,
Chris Brotsos
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
At 03:09 PM 2/7/2003, you wrote:
Hello all freeradius-users,
sorry again for my bad english... :)
i changed radtest script to do acct, so as a result i got:
Accounting: no Accounting-Status-Type record.
modcall[accounting]: module "unix" returns noop
Accounting: no Accounting-Status-Type recor
-realm attribute
that will suffice for your *.foo.com realms.
Just another possibility. Hope one of them helps.
Chris
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Chris
> Brotsos
> Sent: Tuesday, February 04, 2003 4:38 PM
> To
At 10:36 AM 2/4/2003, you wrote:
Chris Brotsos <[EMAIL PROTECTED]> wrote:
> I have recently tried implementing rlm_perl with FR 0.9-pre on Solaris2.8.
>
> After installing Perl5.6.1, I got the following errors when running 'make'
> in the rlm_perl directory:
Yeah
At 03:31 PM 2/4/2003, you wrote:
Is there a way to proxy subrealms to downstream radius servers?
We have [EMAIL PROTECTED], [EMAIL PROTECTED], subrealm3.foo.com
and want to proxy all three subrealms to the same downstream radius server
without having to specify each subrealm...just the *.foo.com
Hello All,
I have recently tried implementing rlm_perl with FR 0.9-pre on Solaris2.8.
After installing Perl5.6.1, I got the following errors when running 'make'
in the rlm_perl directory:
*** Warning: Linking the shared library rlm_perl.la against the
*** static library
/home/cbrotsos/lib/perl
At 05:37 AM 1/27/2003, you wrote:
I note that in the documentation it states that the DEFAULT realm
matches all realms.
Is it possible to match all realms that are *not* defined? (ie. similar
to DEFAULT but not does match on realms that *are defined).
That is what happens.
A realm that is no
At 01:40 PM 1/23/2003 -0700, you wrote:
Hey all,
I do a lot of proxy for realms to remote radius servers, and several of the
realms have the same proxy information with just a different realm name.
Currently I have proxy.conf setup as follows:
realm realm1.com {
type= radius
Norbert,
At 03:23 PM 1/21/2003 +0100, you wrote:
I start my freeradius 0.8.1 with /usr/local/sbin/radiusd -i 127.0.0.1 -p
1812 -sfX
and have problems to get proxyauthentication working. Without the realm
everything works as expected.
proxy_requests = yes in radiusd.conf
here is my minimal use
At 11:07 PM 12/22/2002 -0800, you wrote:
I've downloaded freeradius0.8.1 and installed it on a
FreeBSD 4.4 pc.
I added the following lines in the config file "hints"
DEFAULT Suffix = "@test1.vpdn", Strip-User-Name = No
Hint = "PPP",
Service-Type = Framed-User,
Framed-Prot
digits of the DNIS.
Keep the proxy.conf configuration the same. Add a Proxy-To-Realm attribute
through DEFAULT profiles that use the DNIS as a check-item. This could be
done, for example, through rlm_files or rlm_fastusers.
HTH,
Chris Brotsos
-
List info/subscribe/unsubscribe? See http
At 06:03 PM 12/2/2002 +0100, you wrote:
Hi,
i am plannung a radius setup for a cisco dialin router, where a dialin
user can choose between different setups by using different
passwords.
Is a configuration like this valid for a freeradius server?
-
nutest Passwort = "pass1", NAS-IP-A
At 02:52 PM 11/28/2002 +0200, you wrote:
Angelos Karageorgiou wrote:
Well here is my wish , when the proxy module decides to mark a server as
dead , it should mark
the pair (server:port) not the server as an entity . This way if a GRIC
server is not reponding in time
another radius server ,
ical Center
"So for the IT Manager Role, you want someone who's absolute crap, looks
reasonable on paper, and won't cause too much trouble. ... Well I don't
have any MCSEs on my books at the moment, but I could call around."--
Simon Travaglia
Chris Brotsos <[E
on my books at the moment, but I could call around."--
Simon Travaglia
Chris Brotsos <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
11/27/2002 07:39 AM
Please respond to freeradius-users
To: [EMAIL PROTECTED]
cc:
Subject:Re: User Configuartion Help a
Alan,
At 11:38 PM 11/27/2002 +1100, you wrote:
Dear all,
I have just installed radius 0.8 on my redhat 7.2 box. Being a total
newbie I just wanted to know two things...
1) Firstly how do I add new users and then without restarting make radius
reread the users file? Is there a configuration sw
At 02:36 PM 11/26/2002 +0100, you wrote:
Hi!
First of all, I'm new to RADIUS in general, so this might very well be
a beginners question.
I'd like to have encrypted passwords in the etc/users file, is that
possible? And if so, what syntax should I use?
The documentation seems to refer to the ma
At 03:51 PM 11/21/2002 -0500, you wrote:
no problem, I figured it out... but it didn't help. I noticed it was
looking for mysql/mysql.h so I add a soft link like this
ln -s /usr/local/mysql/include /usr/local/include/mysql
then I did the same for the lib directories.
This subterfuge w
l/configure
Sorry 'bout that.
Regards,
Chris Brotsos
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ot;-lz" to
the end of line 982 helps.
Such that:
New line 982 reads, " LIBS="$old_LIBS -L$try -lmysqlclient -lz" ".
Regards,
Chris Brotsos
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
At 11:12 PM 11/19/2002 -0200, you wrote:
Chris Brotsos wrote:
At 06:04 PM 11/19/2002 -0200, you wrote:
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql: The 'op' field for attribute 'User-Password =
$1$C.zZID82$kp/ZF6uwfT3dIHwtLd1B70' is NULL, or non-existent.
rlm_sql:
scriptive "op" field message above,
and then take a look at sql.conf and previous mailing-list threads about
the OP field.
auth: Failed to validate the user.
WARNING: Unprintable characters in the password. ? Double-check the
shared secret on the server and the NAS!
Check shared secret in your clients file on FreeRADIUS and the NAS config too.
Regards,
Chris Brotsos
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
At 12:49 PM 11/19/2002 -0500, you wrote:
Replying. Sorry., I forgot to try it in debug mode.
The error its getting is rlm_chap: could not find proper chap-password
attribute in request
-Drew
I'm not sure how to send a Chap-Password via radtest. You are failing on
the test because you are sen
At 12:36 PM 11/19/2002 -0500, you wrote:
Ok, as I said I'm new to this, [I'm running FR 0.8 btw] Im just trying to
use radtest to get something authenticating at this point, this is what I
put in my /etc/raddb/users file:
drewAuth-type := Local,
User-Password == "yummy"
The above m
At 01:32 PM 11/15/2002 -0500, you wrote:
my rlm_* libraries are in /usr/local/freeradius/lib directory
the variable LD_LIBRARY_PATH no defined
but I define it, LD_LIBRARY_PATH=/usr/local/freeradius/lib,
and problem continue.
On LINUX and Solaris, if I have the correct library path specifie
At 12:58 PM 11/15/2002 -0500, you wrote:
I delete it but:
radiusd: entering modules setup
Module: Library search path is /usr/local/freeradius/lib
radiusd.conf[485] Failed to link to module 'rlm_pap': file not found
the problem now is with pap, I need authenticate and authorizate whit ldap
on
At 05:37 PM 10/24/2002 +0200, you wrote:
| By Chris Brotsos <[EMAIL PROTECTED]>
| [ 2002-10-24 17:17 +0200 ]
>
> I would suggest running in GDB to find out what's going wrong here.
Yea, I tried but honestly can't find the core file.
server
normally (i.e. 'radiusd' with no arguments). The problem with your method
now is that radiusd re-reads radiusd.conf when you HUP it. As you can see
from your debug ouput, radiusd thinks it should restart in debug_level
0...so tell it to run at level 2 right from the beginning.
I have downloaded the recent CVS snapsot, and i am getting the same problem
again and again.
But the important thing here to notice is that, this is happenning in only
one of my m/c., i.e., a Compaq Proliant 400 server, and free radius was
running there for some quite a long time untill it crash
anyway,
when software is still in the development stage.*
If the problem still occurs, write back again with some debug output and/or
a GDB backtrace. That may make it easier for list members to determine the
source of your problem.
Regards,
Chris Brotsos
-
List info/subscr
At 01:34 PM 9/12/2002 -0400, you wrote:
>I am using a bastardized approach to rlm_sql
>
>I am using a customized query to use the data in a vpopmail table for radius
>auth. I have about everything commented out in sql.conf, except for the
>bare necessities to lookup names...
>
>I am unable to mak
At 09:49 AM 9/11/2002 -0300, you wrote:
>Hi,
>
>Is there a webpage or documentation on what the operators (:=, =,...etc) are
>and what they mean? I've been looking through the documentation that I
>could find in the freeradius installation but I haven't seen anything.
.../src/radiusd/doc/rlm_att
At 10:41 AM 8/22/2002 -0400, you wrote:
>Chris Brotsos <[EMAIL PROTECTED]> wrote:
> > If you mean, for example, to have an entry in proxy.conf as "realm
> > somerealm" match to "somerealm" and "SOMEREALM" then do the following...
> >
>
If you mean, for example, to have an entry in proxy.conf as "realm
somerealm" match to "somerealm" and "SOMEREALM" then do the following...
In r1.67 of files.c, change the line:
"if (strcmp(cl->realm, realm) == 0) {"
to:
"if (strcasecmp(cl->realm, realm) == 0) {'
That should force FR to acco
At 01:38 PM 8/21/2002 -0700, you wrote:
>I should have included all the unix {} config :
>
># Unix /etc/passwd style authentication
> #
> #
> unix {
> #
> # Cache /etc/passwd, /etc/shadow, and /etc/group
> #
>
At 04:41 PM 8/21/2002 +0200, you wrote:
>>Do you use PAP authentication on your network with the test-user
>>attempting CHAP authentication? Or is there some reason why CHAP would
>>work for you and not your test user? Look for differences in DUN/PPP
>>configurations between the two PC's (the
At 03:52 PM 8/21/2002 +0200, you wrote:
>Hello,
>
>after my konfiguration and implementation of the radiusd in the company
>network, i am now in the test phase.
>A test user got the problem that his Win2k SP 3 Client cannt connect to
>the radius server, though his user profile/passwd
>works wel
Spike,
After processing the SQL table, attributes will be picked up from the
DEFAULT profile in the users file. If you need a specific DEFAULT profile
to be used then assign an attribute via SQL and use it as a check-item in
the users file DEFAULT profile.
Chris
At 06:11 PM 7/30/2002 -0600,
At 09:52 AM 7/30/2002 -0500, you wrote:
>Still getting segmentation fault after removing old version 0.5 rlm_*
>libraries and re-installing. By the way, there are no core dump file
>generated even after setting "allow_core_dumps = yes".
>
>More ideas ???
Yes, make distclean, and then after the
inst your passwd/shadow files...then do not enable
the unix module.
Chris Brotsos
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
71 matches
Mail list logo