3 database containing the sim information (triplets) is
> located on
> another linux board.
> Does anybody have any idea how i can manage it?
Use a network connection between the two systems. That's what
networks are for.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Julius Plenz wrote:
> Hi, Alan!
>
> * Alan DeKok [2012-11-22 15:22]:
>>> Why is this an error case, rather than "no libs, no unloading
>>> necessary"?
>> It's a minor bug.
>
> Thank you for the bug fix I found at
&g
> What is going wrong here?
You're running a version of FreeRADIUS which is 5 years old.
Upgrade.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
shouldn't be an error. I'll go fix that.
> Why is this an error case, rather than "no libs, no unloading
> necessary"?
It's a minor bug.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ed object
> file: No such file or directory
It's installing the wrong binary. i.e. the one built with the new
build system, *and* it's linking to the libraries in the build tree, not
the ones in the installed directory.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
can't.
> But the 802.1x on microsoft windows works with MSCHAPv2
> Is there a solution for that ? Can FR translate the MD5 to MSCHAPv2 ?
The web page posted earlier says it's impossible.
This means "impossible".
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
uild system is worth
it. Faster, simpler to understand, incremental builds, full
dependencies, etc.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ts or give me some pointers because there is nothing as such
> online.
Sure.
You need to understand the statistics that come back before
disagreeing with them.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ebian/freeradius/etc/freeradius, all the files are present.
>
> During package creation, the files are correctly grabbed as per
> debian/freeradius.install
>
> dpkg -L list all the files.
>
> dpkg is high on cocaine or what ?
Possibly.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
you care enough about the numbers, you will go do your own work.
Then, everyone here can question your methods and tell you you're doing
it wrong.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
w is the part of inner-tunnel saying about SQL as i said i took off
> comment.
OK... you did that AFTER you posted the previous message.
Did you provision a user in SQL, as documented in the Wiki?
http://wiki.freeradius.org/modules/Rlm_sql
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
It honestly isn't hard. It doesn't require much knowledge about
anything. But it DOES require that you read the instructions, and then
follow them.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks for the patience. Switching to a new build system is complicated.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Olivier Beytrison wrote:
> Possible fix : move example.pl in ${docdir}/examples/example.pl
I've just fixed the old Makefile. The new one is fine.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mediate proxy fail,
the RADIUS re-transmit won't hit. But this will catch the retransmitted
packet, which has the same State as a previous reply.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
digest, if the shared secret
is correct.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Olivier Beytrison wrote:
> Other changes broke the make install process.
Whoops, typo. I've pushed another fix.
Alan Dekok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Please check it out.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ers" file:
DEFAULT Simultaneous-Use := 2
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hat information is hard to get.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ertificate issue. Notice that the error is NOT
complaining about certificates.
And why use your own commands to create certs? The scripts in
raddb/certs WORK.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
/usr/lib/freeradius/rlm_eap.so: undefined symbol: eap_wireformat
> /etc/freeradius/sites-enabled/default[321]: Failed to find "eap" in the
The rlm_eap library should be linked against the libfreeradius-eap
library. But not every system correctly supports inter-library
dependencies.
e freeradius server is ./configure --enable-developer, No such
> file or directory.
It presumes you're building from the "tar" file, and not using a
pre-installed package.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
eem to read *my* message.
Follow instructions, or you will be unsubscribed and banned from the list.
That seems harsh, but it's the *only* thing we've done in the past 12
years which makes people follow instructions.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ll help so i can see the missing
> packet causing freeradius to increment the packet id.
As always, debug mode is useful.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
tructions at the top of
raddb/sites-available/inner-tunnel, too. There is DETAILED
documentation on how to debug issues.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
find docs/bugs? Forgive the noob question but I have looked all
> over and cant seem to find anything
It's in the distribution "tar" file.
See also https://github.com/FreeRADIUS/freeradius-server
You can wander through the files there.
Alan DeKok.
-
List info/subscr
ull:
> Assertion `robust || (oldval & 0x4000) == 0' failed.
That's... bad. Mutexes dying are very bad. At least it's not in the
FreeRADIUS code.
I'd suggest running a memory checker on the machine. Odds are that
the memory is bad.
Alan DeKok.
-
List info/subscr
going into 3.0 which will detect RADIUS retransmits
over multiple proxy hops. That is a rare case, but more likely in the
case of eduroam. Fixing it is good.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
a summary of my changes. (the -ok version is the one containing
> my modifications) : http://pastebin.com/kDrWDdF0
I've cleaned it up a bit && committed it, thanks.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Edgar Fuß wrote:
> EF> Is it also on purpose that radiusd::radog is newXS'd only after
> perl_parse()?
> AdK> No idea.
> I'm not familiar with the FreeRADIUS project: Is there something like a
> maintainer of the rlm_perl module I could ask this question?
On t
If there is a way, see the PAM documentation.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
#if PERL_REVISION >= 5 && PERL_VERSION <8
> would trigger for 6.0 if that is ever going to happen.
Sure. Send a patch.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
" directory?
> accounting {
> detail
> unix
> #radutmp
Well, that won't help.
You're trying to use "radwho", but aren't logging accounting
information. That means "radwho" will NEVER show you anything.
> session {
>
rinted out. So you can USE THEM to DEBUG THE PROBLEM.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Khapare Joshi wrote:
> here is my option files if this helps :
No.
This is the FreeRADIUS mailing list. Questions about interactions
between FreeRADIUS and other programs are on topic. Questions about how
to configure something else aren't.
Alan DeKok.
-
List info/subscribe/uns
rs seem to be hell-bent on
making everyone's lives more difficult.
We tell it to make a library with versioning. What does it do?
Create a ".la" with versioning, but not a ".so" with versioning.
Libtool needs to die in fire.
Change the debian build so that it uses
m.
Yes.
There's a *lot* of functionality in the server. We could very well
have 1000 small individual tests.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
whole output of './configure' or the output of 'make' if
> you want to have it.
We know how to run configure && make.
What's the issue? What do you want us to do?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
vazoumana fofana wrote:
> When i use radcrypt (based on crypt), it doesn't work. It's normal due
> to limitation of crypt. I must cut password to 8 caracters for make running.
That's how crypt works.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
l works fine. I can't see any obvious culprits such as an
> environment variable further up.
>
> Does anyone have any idea what could cause the build to fail in this
> way, with those gmake errors?
grep doesn't need "-o". The mock shell probably implements a lim
QASIM RAO wrote:
> i am installing freeradius and configuring with
>
> ./configure --disable-libltdl-install --with-system-libtool
You don't have a system libtool.
Just use "configure"
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Periko Support wrote:
> On Sat, Nov 10, 2012 at 6:27 AM, Alan DeKok wrote:
>> What does the debug output say?
..
> This is the output:
You've given a lot of information, which is nice But please don't
send the output of "radtest". I didn't ask for i
Dmitry Korzhevin wrote:
> Can you please advice good howto/guide to configure l2tp with radius
> server?
Read the documentation for the l2tp server to see which attributes it
needs. Then, configure that.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.or
our
tests below using Filter-Id, and they will be different.
The server has grown over the years in a fairly ad-hoc way. I welcome
suggestions for sanitizing how it deals with string.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
packets.
What does the debug output say?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
reciate.
If you want to query two domains, you'll need to configure two LDAP
modules.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
; but stop after the first return of 'notfound' - without making a horrible
> 20-deep nested if statement. It's not important to do it this way, but I
> was surprised I couldn't.
I'd just nest it 20 times. Or, use a Perl script.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
peap")) {
reject
}
See "man rlm_passwd" for examples of creating a group.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Erich Titl wrote:
> Yes, I know if I also change the attribute to Cleartext-Password. Any
> plans to support NT-Password hashes?
In dialup_admin? Send a patch.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
be used for M$ W7
> (P)EAP authentication?
Change that from "crypt" to "clear". Then PEAP will work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> (0) expand: %{Framed-IP-Address} -> 10.0.1.199
> Segmentation fault
Well, that's a typo. I've pushed another fix.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mixmasterontour PureDJ wrote:
> I have been searching, but to be honest, I have no clue what I'm doing
> wrong here.
> Tried some different sections (authenticate, preact etc.) but all give
> the same warning.
I've pushed a fix. Please test it.
Alan DeKok.
-
List info
Mixmasterontour PureDJ wrote:
> I have been searching, but to be honest, I have no clue what I'm doing
> wrong here.
> Tried some different sections (authenticate, preact etc.) but all give
> the same warning.
>
> what do I do wrong?
Nothing. I'll see if I c
oa {
> ASSERT FAILED evaluate.c[1154]: output_vps
> Aborted
I've pushed a fix. It should not have been an assert.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No idea. You posted the logs when it works. That doesn't help.
> Follow, all the radiusd -X when start:
That doesn't help, either.
You need to post the FULL LOGS from WHEN IT FAILS.
I have no idea why this is a difficult concept.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Phil Mayers wrote:
> Was that after 2.2.0 was released?
No, before.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
): There are no DB
> handles to use! skipped 0, tried to connect 0
> Mon Nov 5 15:03:20 2012 : Error: rlm_sql (sql2): There are no DB
> handles to use! skipped 0, tried to connect 0
See?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
s.
The reason to post the debug output is to show what happens when the
server receives a packet. You didn't show that. So the debug output is
useless, and we can't help you.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.8 and yes I should upgrade, but could you please still help.
Run the server under valgrind. Maybe that will help.
The version 1.1.x series hasn't been actively developed in 5 years.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ic. But
this requires:
a) configuring OpenVPN to do RADIUS authentication
b) configuring FreeRADIUS to authenticate the OpenVPN users
c) configuring FreeRADIUS to send back the attributes needed by OpenVPN
For the last step, you'll need to consult the OpenVPN documentation
for which attributes ar
QASIM RAO wrote:
> i want to connect db using ip because no i am testing after this i will
> connect i to remote db.
>
> How can i tel Db to listen on a public ip ??
Go read the MySQL documentation.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freerad
p me in
> this why radius is doing this
It's probably because you didn't tell the DB to listen on a public IP.
Or, the firewall is preventing connections to the public IP and port of
the DB.
But if it works to localhost, why worry?
Alan DeKok.
-
List info/subscribe/unsubs
Phil Mayers wrote:
> +1
>
> Personally I'd rather the latter format everywhere, even unlang:
>
> update {
> request:foo = 1
> }
Yeah. That shouldn't be hard. Maybe I can look at it in 2 weeks,
after IETF.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
fknet wrote:
> What virtual machine does you recommend Alan?
It doesn't matter. I've used all of them.
A VM with ~1G of RAM, one CPU, and ~10G of disk space is tiny by
todays standards. It should be enough to handle 20K users.
Alan DeKok.
-
List info/subscribe/unsubscr
Bjørn Mork wrote:
> You're right. Time to save some power replacing all those idling x86
> CPUs with last years phones :-)
Most people with small RADIUS systems should really be running them in
a VM. There are few reasons to run dedicated hardware for ~10K users.
Alan DeKol.
-
List info/sub
g PAM for nearly a decade now. It's
not as bad as libtool, but it's pretty crazy.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
;s fine. If you're running the server as root, that isn't necessary.
> I also did confirm that I can log into my server using joe2 / secret
> password.
Well, FreeRADIUS asks the system for "joe2"s password. It says "not
found".
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
fknet wrote:
> Hello people!
>
> What's the ideal Hardware (processor+memory) to run FreeRadius+MySQL for
> authentication of 3000 PPPoE users?
Any iPhone 4 could handle that traffic.
Buy anything that its your budget.
Alan DeKok.
-
List info/subscribe/unsu
HERE callingstationid =
> '%{Calling-Station-ID}' AND \
> UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%b'}
>
>
> and so on for bandwidth caping.
> }
>
> Is there more elegant solution, or this is it?
That's pretty much it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
; associated with the session by sending back a User-name value in the
> Access-Accept. You'd just do something like:
>
> update reply {
> User-Name := "%{User-Name}"
> }
>
> after you'd done the rewriting, the NAS may or may not honour this, you
rprise it doesn't work.
> AND also in accounting section User-Name is still MAC address, not
> rewritten username.
This is a good thing.
How do you expect to track 30min usage per user, when all usernames
are "freeinternetfor30minutes" ?
> I am stuck now, without
es of configuring the server to send
attributes in a response. Doing that is not WiMAX specific.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Phil Mayers wrote:
> Until I can get this fixed, can anyone think of an easy way to throw
> away interim accounting requests for a given "key" and time window? I'm
> wondering if rlm_cache can be made to do it?
rlm_cache might help. Maybe Arran knows more.
Alan DeKo
Nandkumar Palkar wrote:
> What is the attribute used in eap-peap gtc "login attempt with password
> attribute" (i.e. Challenge = "Password: ")?
Reply-Message
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Marius Booysen wrote:
> 3.) I was thinking of going mysql, but in my mind accessing
> a DB *had* to be slower that accessing a dbm file ;)
Not necessarily.
> Anyway, thanks for the advice, I will test MySQL for sure.
Honestly, I'd use postgres. It's much better.
Alan
dius?
Most are pretty simple, or very expensive.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
table internally. So it has the same performance for 1 user, or 2M
users.
> 4.) Any other advice would be appreciated!
Do lots of tests.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the functionality of radclient with vqp, like how will
> radclient decode the vqp attributes.
> So how can I test radclient with VQP? Do I need to configure
> something at radius server side?
You don't. You'll need a VQP enabled switch.
Or, submit patches so that
you REALLY WANT something. Reality doesn't
work that way.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
What you want to do is not part of standard RADIUS.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
;s not an index problem.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
was not in the table.
Well, that's the issue. Somehow it's assigning IPs, but not recording
them. That's not really supposed to happen.
Is your database OK?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
change the SQL database.
> The strange is that most, if not all of the duplicated address, are
> between a specific NAS and a random one.
>
> Obs. The expiry-time is set on 1h, and the interim update is set on 10m.
>
> Any suggestions?
Find out what is removing the IPs from the
Tiago wrote:
> Thanks Alan,
> So basically the correct way would be create a vendor dict, and there
> can I use any number or I need to follow some guideline?
Once you have your own vendor dictionary, you can do anything you want.
Alan DeKok.
-
List info/subscribe/unsubscribe?
will not help you learn the Russian
words for "left" and "right".
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
lm_eap: SSL error
> error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
"Unknown CA". Perhaps that means something.
> To resolve this issue, your timely help will be appreciated.
This is a free mailing list. Asking for "timely help" is not approp
has a Up/Down rate attribute, use that.
> By the way, I'm setting the same attr on freeradius and NAS server.
You should create a vendor-specific dictionary, and define the
attribute there.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
e, what and where I can fix that.
You don't. The NAS only understands attributes in its internal
dictionary. Adding a realm to the FreeRADIUS dictionary doesn't change
the NAS.
Please explain why you need to send the realm to the NAS, and why you
think the NAS will understand it.
as possible. The sqlippool code does
IP allocation. Anything else needs to be added manually.
As more people use the DHCP code, we'll probably add more modules to
make it easier to configure.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thomas Raabo - Zitcom A/S wrote:
> Is it possible to do authentication and then authorization on the SQL db?
post-auth {
...
sql.authorize
...
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
t auth works. By the way I thought that I had to store
> only password hash... why do I need yet to store cleartext password?
Because digest authentication requires the cleartext password.
> It is possible avoid this (for http authentication)?
No.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Nandkumar Palkar wrote:
> Hi Alan,
I am not the only person on this list. Just send messages. There is
no need to use my name.
> My configuration details:
I don't care. I told you to read the debug log. You didn't read it.
Alan DeKok.
-
List info/subscribe/unsub
ng* piece. Look at the debug messages
before that.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Germano Paciocco wrote:
> I'm trying to understand how can I use digest authentication: is it possible?
Yes.
> What should I change in freeradius configuration?
Nothing. Just have the client send digest authentication.
> How should I modify user entry in radcheck table?
> I thought it's more elegant to unify both logins. I thought doing it in
> the profile-xml-file of the LAN connection in Win, but unfortunately
> it's not the right place for it. At least all official ressources I can
> find from MS, are not pointing out how to do that.
I
Thomas Raabo - Zitcom A/S wrote:
> The only thing missing to getting this workin is getting the state number to
> the script.
...
> [ZOTP] expand: %{reply:State} ->
Are you sure it's in the reply?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-side configuration, but I suspect
> that client certificates may be the only answer. I've been searching for
> a number of weeks, and I haven't found any other real solution.
Whitelist the good devices, and disallow anything else.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
" or something else) to unify the login for WLAN
> an LAN.
>
> So how or where can I change that? A hint will be really welcome.
Find a better solution. Change your rules so that you're keying off
of the correct data, and doing that only when you want.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
supports everything.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
701 - 800 of 15417 matches
Mail list logo