Re: FreeRADIUS + DHCP

2008-06-18 Thread Alan DeKok
Raja wrote: > Can someone point me in the right direction to configure FreeRADIUS > with DHCP ? > > Tried editing sites-available/dhcp but still dhcp module does not get to > load. Perhaps you could post the error message you see. Or is it a secret? > Is there something need to be added to r

Re: dhcp server (udp checksum error)

2008-06-18 Thread Alan DeKok
Haralds Ulmanis wrote: > for all dhcp server udp packets sent by server i got something like this > while > sniffing: > > Checksum: 0x9a54 [incorrect, should be 0x4777 (maybe caused by "UDP checksum > offload"?)] > > Is that ok ? Yes. The other end sees the correct checksum. Alan DeKok.

Re: sqlippool error duplicate IPs

2008-06-18 Thread Alan DeKok
Deep Purple wrote: > freeradius-1.1.7.tar.gz > pptpd-1.3.3-1.fc5 > mysql 5.0.27 sqlippool > user1 online ==> 172.16.1.30 > next user connect user2 ==> 172.16.1.30 ( duplicate IPs ) The SQL IPPool module functions better in 2.0. Alan DeKok. - List info/subscribe/unsubscribe? See http://ww

sqlippool error duplicate IPs

2008-06-18 Thread Deep Purple
freeradius-1.1.7.tar.gz  pptpd-1.3.3-1.fc5 mysql 5.0.27 sqlippool user1 online ==> 172.16.1.30 next user connect user2  ==> 172.16.1.30  ( duplicate IPs ) Please Help Me 180도 달라진 야후! 메일 - 여러 개의 메시지를 동시에 확인? 새로운 야후! 메일의 탭으로 가능해집니다.

dhcp server (udp checksum error)

2008-06-18 Thread Haralds Ulmanis
for all dhcp server udp packets sent by server i got something like this while sniffing: Checksum: 0x9a54 [incorrect, should be 0x4777 (maybe caused by "UDP checksum offload"?)] Is that ok ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

FreeRADIUS + DHCP

2008-06-18 Thread Raja
Can someone point me in the right direction to configure FreeRADIUS with DHCP ? Tried editing sites-available/dhcp but still dhcp module does not get to load. Is there something need to be added to radiusd.conf ? Thanks Raja- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/u

Re: LDAP PASSWORD HASH

2008-06-18 Thread Alan DeKok
Eduardo Cavalcanti wrote: > Sorry for the dummie question, but where do I find the tool to make nt > hashes??? Look for "smbencrypt". It's installed with the server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: LDAP PASSWORD HASH

2008-06-18 Thread Eduardo Cavalcanti
Ok Alan, I have this table. Sorry for the dummie question, but where do I find the tool to make nt hashes??? Alan DeKok escreveu: Eduardo Cavalcanti wrote: I use freeradius 2.0.2 with PEAP and MSCHAPv2 for authentication. I want to authenticate on LDAP database, but these protocols only

Re: LDAP PASSWORD HASH

2008-06-18 Thread Alan DeKok
Eduardo Cavalcanti wrote: > I use freeradius 2.0.2 with PEAP and MSCHAPv2 for authentication. > I want to authenticate on LDAP database, but these protocols only read > clear-text or hashes of the passwords on LDAP database. > My question is: how do I make hashes of the passwords stored on LDAP?? >

LDAP PASSWORD HASH

2008-06-18 Thread Eduardo Cavalcanti
I use freeradius 2.0.2 with PEAP and MSCHAPv2 for authentication. I want to authenticate on LDAP database, but these protocols only read clear-text or hashes of the passwords on LDAP database. My question is: how do I make hashes of the passwords stored on LDAP?? Can I use SHA-256 for hashing???

Re: dhcp relay agent

2008-06-18 Thread EvilEzh
Thanks, it works now. Haralds - Original Message - From: "Alan DeKok" <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" Sent: Wednesday, June 18, 2008 5:04 PM Subject: Re: dhcp relay agent EvilEzh wrote: with dhcpd request client -> (255.255.255.255:68)->relay:68->server:67

Re: post-auth and ippool

2008-06-18 Thread Ivan Kalik
Try removing Auth-Type System from user entry: mobile Pool-Name:="mobile" What version is this? Ivan Kalik Kalik Informatika ISP Dana 18/6/2008, "Frank James Wilson" <[EMAIL PROTECTED]> piše: >Ivan Kalik skrev: >>>users: Matched entry DEFAULT at line 153 >>>users: Matched entry mobi

Re: Problems with reject_delay in 2.0.5

2008-06-18 Thread Alan DeKok
Flamur Rogova wrote: > I am testing 2.0.5 and found that my reject-delays are always close to > zero ms (16ms, or 0ms). > > I use rlm_fastusers, and my reject_delay (in radiusd.conf) is 1. > This happens in both debug and non-debug mode. It's fixed in CVS head. See bug #566 on bugs.freeradius.

generating ACCESS-CHALLENGE from radius server

2008-06-18 Thread Sudarshan Soma
Hi , I am planning to simulate ACCESS-CHALLENGE to authenticate the client which i plan to add it in pam-radius module (pam_radius-1.3.17) with out using radius server. Iam still reading the docs, incase if someone helps me with the following queries, it would be really helpful. I learned that th

Problems with reject_delay in 2.0.5

2008-06-18 Thread Flamur Rogova
Hi, I am testing 2.0.5 and found that my reject-delays are always close to zero ms (16ms, or 0ms). I use rlm_fastusers, and my reject_delay (in radiusd.conf) is 1. This happens in both debug and non-debug mode. Has anybody else had similar problems ? Thanks, Flamur - List info/subscribe/unsub

Strange behaviour of a NAS

2008-06-18 Thread Michael Schwartzkopff
Hi list, We see a strange behaviour of a NAS. It sometimes sens out double accouting requests. See tcpdump below. Between the two packets there is a time difference of 40 microseconds(!) Has anybody a good explanation for this behaviour of the NAS? Any other theory? Misconfiguration? NAS type:

Re: FreeRADIUS 2 not listening on right port

2008-06-18 Thread John Dennis
Alan DeKok wrote: doc74 wrote: Just installed 2.0.4 with MySQL Support from Ubuntu Repositories and got the same problem: Seems that the Port are increasing. Wow. There's nothing in the server that remembers ports from one execution to the next. I'm running FreeRAD

Re: post-auth and ippool

2008-06-18 Thread Frank James Wilson
Ivan Kalik skrev: users: Matched entry DEFAULT at line 153 users: Matched entry mobile at line 217 Line 153 of users: L 153: DEFAULT Auth-Type = System L 154: Fall-Through = 1 Line 217 of users: L 217: mobile Auth-Type = System, Pool-Name := "mobile" L 218:

Re: redundant_sql

2008-06-18 Thread Ivan Kalik
Connection details for sql1 are incorrect. Ivan Kalik Kalik Informatika ISP Dana 18/6/2008, "King, Adam" <[EMAIL PROTECTED]> piše: >I have an if statement that checks if the Packet-Src-IP-Address matches >that of the ones in the database table and the same process for the >realm, before process

Re: dhcp relay agent

2008-06-18 Thread Alan DeKok
EvilEzh wrote: > with dhcpd > request > client -> (255.255.255.255:68)->relay:68->server:67 > replay > server:67->relay:67->client:68 Ok. I've fixed CVS. See if that works... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS 2 not listening on right port

2008-06-18 Thread Alan DeKok
doc74 wrote: > Just installed 2.0.4 with MySQL Support from Ubuntu Repositories and got the > same problem: > Seems that the Port are increasing. Wow. There's nothing in the server that remembers ports from one execution to the next. I'm running FreeRADIUS on ubuntu 7.10, and I don't se

Re: dhcp relay agent

2008-06-18 Thread EvilEzh
with dhcpd request client -> (255.255.255.255:68)->relay:68->server:67 replay server:67->relay:67->client:68 User Datagram Protocol, Src Port: bootps (67), Dst Port: bootps (67) (server to relay) with freeradius dhcp client -> (255.255.255.255:68)->relay:68->server:67 replay server:67->relay:6

Re: MacOSX Leopard authentication with Freeradius

2008-06-18 Thread Arran Cudbard-Bell
Alan DeKok wrote: Jelle Langbroek wrote: ... The error that pops up while authenticating OSX is the following (see below for extended logs): Tue Jun 17 20:02:53 2008 : Error: TLS Alert read:warning:close notify The client is telling the server that it's shutting down the TLS connect

Re: redundant_sql

2008-06-18 Thread Alan DeKok
King, Adam wrote: > I have an if statement that checks if the Packet-Src-IP-Address matches > that of the ones in the database table and the same process for the > realm, before processing a user. This works fine to a local database, > however I need redundancy setting up and it fails to authentica

Re: high performance FR installation and unfinished requests

2008-06-18 Thread Alan DeKok
Michael Schwartzkopff wrote: > OK. We are testing with sql_log. The system load ist significant lower now. > Uptime went from 0.3 to 0.05. That's nice. > But still we see the same amout of "error > duplicate packets" in the radius log. That's not. > I would not be worried at all about tha

Re: dhcp relay agent

2008-06-18 Thread Alan DeKok
EvilEzh wrote: > Thanks, relay ip is ok now. > Another problem. > I couldn't receive it packet anyway. > I launched standart dhcpd server on linux and everything worked fine. > After analyzing packets i discover that replay messages to relay is sent > back to port 67 not 68. > So, it need to be fix

Re: FreeRADIUS 2 not listening on right port

2008-06-18 Thread doc74
Just installed 2.0.4 with MySQL Support from Ubuntu Repositories and got the same problem: (http://packages.ubuntu.com/de/intrepid/i386/freeradius/download and http://packages.ubuntu.com/de/intrepid/i386/freeradius-mysql/download) Listening on authentication address * port 1087 Listening on accou

Re: high performance FR installation and unfinished requests

2008-06-18 Thread Michael Schwartzkopff
Am Dienstag, 17. Juni 2008 15:05 schrieb Alan DeKok: > Michael Schwartzkopff wrote: > > we have a FR server (version 1.1.7) on a Redhat machine. We use it for > > dumping accouting requests into a database. We have about 200 requests > > per second in average. > > > > Once in a while (1 per minute)

Re: dhcp relay agent

2008-06-18 Thread EvilEzh
Thanks, relay ip is ok now. Another problem. I couldn't receive it packet anyway. I launched standart dhcpd server on linux and everything worked fine. After analyzing packets i discover that replay messages to relay is sent back to port 67 not 68. So, it need to be fixed. :) Haralds - Ori

redundant_sql

2008-06-18 Thread King, Adam
I have an if statement that checks if the Packet-Src-IP-Address matches that of the ones in the database table and the same process for the realm, before processing a user. This works fine to a local database, however I need redundancy setting up and it fails to authenticate to the second database

Re: post-auth and ippool

2008-06-18 Thread Ivan Kalik
>users: Matched entry DEFAULT at line 153 >users: Matched entry mobile at line 217 What's in those two user file entries? Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: post-auth and ippool

2008-06-18 Thread Frank James Wilson
Ivan Kalik skrev: Then post the whole debug (radiusd -X). Sure.. here it comes; radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf C

Re: accouting log twice

2008-06-18 Thread Ivan Kalik
Upgrade. In 2.0.5 every virtual server has it's own AAA configuration. Ivan Kalik Kalik Informatika ISP Dana 18/6/2008, "Mathieu Lemaitre" <[EMAIL PROTECTED]> piše: >Hello, > > >We use freeradius for our clients. Clients have a username with a realm, >like [EMAIL PROTECTED] Proxy radius and ra

accouting log twice

2008-06-18 Thread Mathieu Lemaitre
Hello, We use freeradius for our clients. Clients have a username with a realm, like [EMAIL PROTECTED] Proxy radius and radius server are on the same machine, and my proxy.conf looks like this: realm domain { type= radius authhost= localhost:1812 acct

Re: cvs version and dhcp

2008-06-18 Thread Evgeniy Kozhuhovskiy
Alan DeKok wrote: Grab src/lib/dhcp.c from CVS. It may be fixed... Now works for me too, thanks :-) -- With best regards, Evgeniy Kozhuhovskiy, Leader of Services team, Minsk State Phony Network, RUE Beltelecom. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: cvs version and dhcp

2008-06-18 Thread Alan DeKok
Evgeniy Kozhuhovskiy wrote: > I've just upgraded to cvs version, dhcp seems to be broken (?) Works for me. But it looks like there's an un-initialized variable. Grab src/lib/dhcp.c from CVS. It may be fixed... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list

RE: matching on IP Address

2008-06-18 Thread Ivan Kalik
>In the default file the if statement has the sql1: or sql2: prefix as if >it is left as the sql: prefix it doesn't seem to read the redundant >section to connect to the 2nd database. > That's how it should be. You don't have an sql instance named "sql", just "sql1" and "sql2". Ivan Kalik Kalik I

Re: post-auth and ippool

2008-06-18 Thread Ivan Kalik
Then post the whole debug (radiusd -X). Ivan Kalik Kalik Informatika ISP Dana 18/6/2008, "Frank James Wilson" <[EMAIL PROTECTED]> piše: >Ivan Kalik skrev: >> Pool-Name := >> >> Ivan Kalik >> Kalik Informatika ISP >> >> >> Dana 17/6/2008, "Frank James Wilson" <[EMAIL PROTECTED]> piše: >> >> >

Re: Problem in connecting to switch on telnet

2008-06-18 Thread Ivan Kalik
You will need to read the switch documentation to see what attributes do you need to return in order to connect. Mostly it's returning the correct Service-Type attribute. Ivan Kalik Kalik Informatika ISP Dana 18/6/2008, "Guk Viktor" <[EMAIL PROTECTED]> piše: >By thanks for help, I was dismantle

RE: matching on IP Address

2008-06-18 Thread King, Adam
> Wrong. The statement needs hose prefixes because those are the names of defined sql instances. In the default file the if statement has the sql1: or sql2: prefix as if it is left as the sql: prefix it doesn't seem to read the redundant section to connect to the 2nd database. > Let me guess: ins

Re: compile error on suse 10.3

2008-06-18 Thread Alan DeKok
Norbert Wegener wrote: > Building an rpm from the current cvs on suse 10.3 fails with: > > Checking for unpackaged file(s): /usr/lib/rpm/check-files > /var/tmp/freeradius-server-2.0.5-build > error: Installed (but unpackaged) file(s) found: > /etc/raddb/sql/oracle/msqlippool.txt I'll add that

Re: post-auth and ippool

2008-06-18 Thread Frank James Wilson
Ivan Kalik skrev: Pool-Name := Ivan Kalik Kalik Informatika ISP Dana 17/6/2008, "Frank James Wilson" <[EMAIL PROTECTED]> piše: No, I've tried that as well, if you mean by that; -- And also in th

cvs version and dhcp

2008-06-18 Thread Evgeniy Kozhuhovskiy
I've just upgraded to cvs version, dhcp seems to be broken (?) Failed reading DHCP socket: Invalid argumentWed Jun 18 11:03:35 2008 : Error: Wed Jun 18 11:03:35 2008 : Debug: Ready to process requests. Failed reading DHCP socket: Invalid argumentWed Jun 18 11:03:35 2008 : Error: Wed Jun 18 11

Re: FreeRADIUS 2.0.5 Debian dpkg-buildpackage error

2008-06-18 Thread Fabián Omar Franzotti
I have the same problem in debian lenny, I did follow your help but it not work thanks - Original Message - From: "orion" <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" Sent: Saturday, June 14, 2008 5:06 PM Subject: Re: FreeRADIUS 2.0.5 Debian dpkg-buildpackage error hi there.

Problem in connecting to switch on telnet

2008-06-18 Thread Guk Viktor
By thanks for help, I was dismantled. But another problem arose. Radius answers: modcall: entering group authenticate for request 0 HASH: user admin found in hashtable bucket 45083 modcall[authenticate]: module "unix" returns ok for request 0 modcall: leaving group authenticate (returns ok) for r

compile error on suse 10.3

2008-06-18 Thread Norbert Wegener
Building an rpm from the current cvs on suse 10.3 fails with: Checking for unpackaged file(s): /usr/lib/rpm/check-files /var/tmp/freeradius-server-2.0.5-build error: Installed (but unpackaged) file(s) found: /etc/raddb/sql/oracle/msqlippool.txt RPM build errors: Installed (but unpackaged