On Jul 14, 2011, at 6:29 PM, Phil Mayers wrote:
On 14/07/11 16:34, Arran Cudbard-Bell wrote:
http://wiki.freeradius.org/NTLM+Auth+with+PAP+HOWTO
How about what I've just put there?
Neat :) Looks good. Tweaked a few bits and pieces and converted it back to RST.
I wanted this to be
On 07/14/2011 06:11 PM, Arran Cudbard-Bell wrote:
How about what I've just put there?
Neat :) Looks good. Tweaked a few bits and pieces and converted it
back to RST. I wanted this to be bundled with general AD
Back to? There was just an empty page there when I visited, or am I
missing your
rlm_sql_postgresql: Error integer out of range
rlm_sql_postgresql: Postgresql Fatal Error: [22003: NUMERIC VALUE OUT OF
RANGE] Occurred!!
[sql] Couldn't insert SQL accounting ALIVE record - ERROR: integer out of
range
rlm_sql (sql): Released sql socket id: 2
/
I cannot figure out how to modify the query
On Thu, Jul 7, 2011 at 10:09 AM, ahthrift andyonf...@gmail.com wrote:
I too am experiencing this issue with FreeRadius 2.1.10 and Postgres.
I cannot figure out how to modify the query that is executed for this, I
Did you read the file sql.conf?
Thanks Fajar,
I actually figured this out 10 minutes after posting to the list, blue
text on black terminal window :(
Thanks for your response.
Regards,
Andrew
On 7/07/2011 3:52 p.m., Fajar A. Nugraha wrote:
On Thu, Jul 7, 2011 at 10:09 AM, ahthriftandyonf...@gmail.com wrote:
I
Hello, i'm using version 1.1.8, my OS is Linux (Gentoo).
My server stop and log this:
Error: FATAL: Thread create failed: Resource temporarily unavailable
Before this log, have:
Wed Jun 29 00:16:13 2011 : Error: Dropping conflicting packet from
client client1:41250 - ID: 195 due to unfinished
On Wed, Jun 29, 2011 at 6:32 PM, Jean Carlos Oliveira Guandalini
jean.guandal...@corp.visaonet.com.br wrote:
Hello, i'm using version 1.1.8, my OS is Linux (Gentoo).
The usual response would be upgrade. 1.x is not supported anymore.
My server stop and log this:
Error: FATAL: Thread create
at 6:32 PM, Jean Carlos Oliveira Guandalini
jean.guandal...@corp.visaonet.com.br wrote:
Hello, i'm using version 1.1.8, my OS is Linux (Gentoo).
The usual response would be upgrade. 1.x is not supported anymore.
My server stop and log this:
Error: FATAL: Thread create failed: Resource
escreveu:
On Wed, Jun 29, 2011 at 6:32 PM, Jean Carlos Oliveira Guandalini
jean.guandal...@corp.visaonet.com.br wrote:
Hello, i'm using version 1.1.8, my OS is Linux (Gentoo).
The usual response would be upgrade. 1.x is not supported anymore.
My server stop and log this:
Error: FATAL
Thank for your advices, I really think what have a problem with DB.
Because the problem only happens when have many authentication requests
simultaneously.
Thanks again.
Jean
Em 29-06-2011 10:46, Fajar A. Nugraha escreveu:
On Wed, Jun 29, 2011 at 8:29 PM, Jean Carlos Oliveira Guandalini
On 06/21/2011 12:07 AM, Alan DeKok wrote:
Russell Jackson wrote:
I'm getting a segfault on exit after logging this to syslog:
...
I suspected that tv_usec needs to be USEC, so I kluged the code to
subtract 1 from when.tv_usec if it's= USEC. So far, I haven't had any
more crashes.
Commit
Russell Jackson wrote:
I'm getting a segfault on exit after logging this to syslog:
...
I suspected that tv_usec needs to be USEC, so I kluged the code to
subtract 1 from when.tv_usec if it's = USEC. So far, I haven't had any
more crashes.
Commit d8084182 seems to be when this code was
I'm getting a segfault on exit after logging this to syslog:
Exiting due to internal error: Failed in select: Invalid argument
kernel: pid 87513 (radiusd), uid 133: exited on signal 11
select(2) indicates that EINVAL is returned when the timeout is invalid
(being negative or too large). I
On 06/20/2011 04:56 PM, Russell Jackson wrote:
I'm getting a segfault on exit after logging this to syslog:
Exiting due to internal error: Failed in select: Invalid argument
kernel: pid 87513 (radiusd), uid 133: exited on signal 11
select(2) indicates that EINVAL is returned when
On 06/20/2011 05:03 PM, Russell Jackson wrote:
On 06/20/2011 04:56 PM, Russell Jackson wrote:
I'm getting a segfault on exit after logging this to syslog:
Exiting due to internal error: Failed in select: Invalid argument
kernel: pid 87513 (radiusd), uid 133: exited on signal 11
Actually
On 06/20/2011 04:56 PM, Russell Jackson wrote:
I'm getting a segfault on exit after logging this to syslog:
Exiting due to internal error: Failed in select: Invalid argument
kernel: pid 87513 (radiusd), uid 133: exited on signal 11
select(2) indicates that EINVAL is returned when
we found the following error messages in the RADIUS log
Error: rlm_ldap: All ldap connections are in use on redhat workstation 5 OS.
Error: Discarding duplicate request from client AP1840-4:1031 - ID: 72 due to
unfinished request 1017
7:05pm - Tried to restarted the RADIUS daemon but the problem
On 13/06/11 14:44, Angus JIANG Jian wrote:
we found the following error messages in the RADIUS log Error:
rlm_ldap: All ldap connections are in use on redhat workstation 5
OS.
Error: Discarding duplicate request from client AP1840-4:1031 - ID:
72 due to unfinished request 1017 7:05pm - Tried
...@lists.freeradius.org] On
Behalf Of Phil Mayers
Sent: Monday, June 13, 2011 10:12 PM
To: freeradius-users@lists.freeradius.org
Subject: Re: Error: rlm_ldap: All ldap connections are in use
On 13/06/11 14:44, Angus JIANG Jian wrote:
we found the following error messages in the RADIUS log Error:
rlm_ldap: All
Hi Phil,
All authentication was stopped at 18:59:36 2011 : Error: TLS Alert
write:fatal:bad record mac
Tue Jun 7 18:59:34 2011 : Auth: Login OK: [s9540746] (from client localhost
port 0) Tue Jun 7 18:59:35 2011 : Auth: Login OK: [s0182695] (from client
localhost port 0)
Tue Jun 7 18:59
logo shows
just the ears and top of the head, everything below that is cut off.
2) when I click the button to auth via github (I've never logged in to
the wiki before), I get a runtime error:
RuntimeError at /auth/github/callback
Invalid data from provider, omniauth user hash {:user_info = {:name
Problem solved. Sorry for the list traffic.
Signed up for my GitHub account a year or so ago and never used it.
Seeing the error below, went back and checked my profile. Sure enough,
blank. OmniAuth doesn't like blank profiles...
-Jason
Jason Antman wrote:
As per the recent discussions, I
I actually rewrote the omniauth integration as a Sinatra plugin, which returns
a 401 error (unauthorized) with more friendly error messages, i've just been
too tied up with other things to install it. It also fixes the button height
issue which is a CSS error that doesn't appear under chrome
On 02/06/11 14:47, Francois Gaudreault wrote:
Did you have a chance to look at it?
Ironically I'm having trouble finding a windows XP install CD...
I have a link to a torrent, just send me a email at pau...@mail.com
-
List info/subscribe/unsubscribe? See
On 03/06/11 13:10, Paul Harris wrote:
On 02/06/11 14:47, Francois Gaudreault wrote:
Did you have a chance to look at it?
Ironically I'm having trouble finding a windows XP install CD...
I have a link to a torrent, just send me a email at pau...@mail.com
Or not.
I'm not downloading a
On 2011/06/03 02:15 PM, Phil Mayers wrote:
I'm not downloading a torrent of copyrighted software to fix someone else's
problem.
As long as you dont get a key, it is legal.
--
Johan Meiring
Cape PC Services CC
Tel: (021) 883-8271
Fax: (021) 886-7782
Before acting on
Johan Meiring wrote:
As long as you dont get a key, it is legal.
No.
This list is not the place to discuss non-FreeRADIUS software.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 03/06/11 15:09, Johan Meiring wrote:
On 2011/06/03 02:15 PM, Phil Mayers wrote:
I'm not downloading a torrent of copyrighted software to fix someone
else's
problem.
As long as you dont get a key, it is legal.
This is getting farcical...
Not picking on any one specific person here, but
Hi Phil,
What I really want to understand is, whether the check is too strict
and FreeRADIUS should be fixed, or whether Windows XP is just buggy.
I will try to check this tomorrow.
e.g. maybe the check should be:
if eap.username == mschap.username:
ok
elif not mschap.domain:
if
On 02/06/11 14:47, Francois Gaudreault wrote:
Did you have a chance to look at it?
Ironically I'm having trouble finding a windows XP install CD...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Thu, Jun 2, 2011 at 9:01 PM, Phil Mayers p.may...@imperial.ac.uk wrote:
On 02/06/11 14:47, Francois Gaudreault wrote:
Did you have a chance to look at it?
Ironically I'm having trouble finding a windows XP install CD...
This might help:
On 05/29/2011 03:10 PM, Francois Gaudreault wrote:
Hi Phil,
On 11-05-29 6:16 AM, Phil Mayers wrote:
Ok, so as before what we're seeing is that the host is sending
STIC08862\TechRMC
...in the EAP-Identity response, but:
TechRMC
...in the MSCHAP packet (the hex above decodes to that)
This
Hi Phil,
Forget about all that. Adding Realm's and fiddling with the packet
won't help; the check is hard-coded into the mschap module as a fairly
obvious security measure.
For example - suppose I have an environment with two separate domains:
STAFF
STUDENTS
...if the mschap module did
On Mon, May 30, 2011 at 07:54:01AM -0400, Francois Gaudreault wrote:
There's no guarantee that STAFF\john and STUDENT\john at the same
person; you can't just ignore the fact that the client has changed
their username.
True. But I don't think it is possible to send a different Username in
: Re: Error: User-Name is not the same as MS-CHAP name
On Mon, May 30, 2011 at 07:54:01AM -0400, Francois Gaudreault wrote:
There's no guarantee that STAFF\john and STUDENT\john at the same
person; you can't just ignore the fact that the client has changed
their username.
True. But I don't think
Hi,
On 11-05-30 9:55 AM, Phil Mayers wrote:
On Mon, May 30, 2011 at 07:54:01AM -0400, Francois Gaudreault wrote:
There's no guarantee that STAFF\john and STUDENT\john at the same
person; you can't just ignore the fact that the client has changed
their username.
True. But I don't think it
On 05/28/2011 06:33 PM, Francois Gaudreault wrote:
Sending tunneled request
EAP-Message =
0x020700421a0207003d3187ddf68b18fb1dce4cdd5b001c06abc09a7812e4d4a1f425347de951e68fac50054fd8ff32d403fa0054656368524d43
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name
Hi Phil,
On 11-05-29 6:16 AM, Phil Mayers wrote:
Ok, so as before what we're seeing is that the host is sending
STIC08862\TechRMC
...in the EAP-Identity response, but:
TechRMC
...in the MSCHAP packet (the hex above decodes to that)
This is obviously broken, but here's where I get confused:
On 05/27/2011 09:04 PM, Francois Gaudreault wrote:
Hi,
I had a look at this issue with him since he is one of our client.
Machine authentications are working flawlessly, windows 7 authentication
as well (no hostname is sent with the username).
I honestly lost track of this issue; the guy had
authorization
will work properly, but the authentication will fail even if the
Cleartext-Password attribute is set by the LDAP module. It will throw
that MS-CHAP error. We also ensure that everything that comes from
something that is not matching host/something will use the
MS-CHAP-NTLM-Auth
/inner-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] ERROR: User-Name (STIC08862\TechRMC) is not the same as MS-CHAP
Name (TechRMC) from EAP-MSCHAPv2
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
} # server inner-tunnel
[peap] Got
a realm specially for this HOSTNAME, but we got the same
error.
Well... re-writing the names in the inner-tunnel server is breaking
authentication.
We don't. The sites configuration are very straightforward (almost default),
no fency rewrites in the default or the inner-tunnel.
*Why
Francois Gaudreault wrote:
We are using mschap:user-name in the LDAP filter and in the ntlm_auth
line. Again, we are *NOT* rewriting the User-Name.
We need other ideas here.
Post the debug output.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Dougan, Linda A wrote:
I just upgraded to net-dialup/freeradius-2.1.7
Upgrade to 2.1.10.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
{...} for more modules to load
} # modules
} # server
radiusd: Opening IP addresses and Ports
listen {
type = auth
ipv6addr = :: IPv6 address [::]
port = 0
/etc/raddb/radiusd.conf[249]: Error binding to port for :: port 1812
Thank's Alan, it works!
We had the same issue with python auths being serialized that we had
with pam, but running out of debug mode fixed the issue. Pam probably
would have worked if we tried that, but it was a pam_python module
anyway so it is better going directly to python.
Thanks again,
I am hoping someone can help me. We compiled 2.1.x from source and
finally got it to accept our python Auth-Type as the default in the
users file.
DEFAULT Auth-Type := python
But, after sucessfully calling our python module the user is rejected
ERROR: No authenticate method (Auth-Type
Jim Whitescarver wrote:
But, after sucessfully calling our python module the user is rejected
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
Don't edit the default configuration and break it.
Below is the complete log.
Any ideas of what we may
On Tue, May 17, 2011 at 3:08 PM, Alan DeKok al...@deployingradius.com wrote:
Jim Whitescarver wrote:
But, after sucessfully calling our python module the user is rejected
ERROR: No authenticate method (Auth-Type) found for the request:
Rejecting the user
Don't edit the default
Jim Whitescarver wrote:
The only thing we want is python authentication. I just commented out
everything else. I will start again and try to minimize edits. I am
rather clueless about the nature the minimum edits should have.
Add what you need. The default configuration *works*.
It
Hi,
I'm using rancid-2.3.3 and freeradius-1.1.3-1.6.el5. Both installed at
different machines. My problem is whenever I test rancid it gave error
below..
[rancid@mycompany bin]$ clogin clientA
ClientA
spawn telnet clientA
Trying x.x.x.34...
telnet: connect to address x.x.x.34: Connection refused
zulfadli wrote:
Hi,
I'm using rancid-2.3.3 and freeradius-1.1.3-1.6.el5. Both installed at
different machines. My problem is whenever I test rancid it gave error
below..
rancid isn't written by us. Go ask the rancid authors how it works.
What could possibly cause the problem here?can
error or if its an issue in the dev
code. Radius -X output is below.
FreeRADIUS Version 2.1.11, for host x86_64-unknown-linux-gnu, built on
May 10 2011 at 11:21:52
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS
Doty, Seth wrote:
I have downloaded and installed the git repo version of what will become
2.1.11 on May 10 because of a proxy bug that is fixed in this version.
In our current testing setup freeradius takes all information from the
realm and passes in to a MS network policy server for
If the User-Name is being rewritten it is not intentional.
Now, I reinstalled from scratch, save the default configuration, join the
server to the domain, modified clients.conf, attr_rewrite, ldap, mschap and
inner-tunnel and ran diff. I can see in the debug output of the server that
User-Name =
On 05/10/2011 03:35 PM, Robert Mc Cready wrote:
If the User-Name is being rewritten it is not intentional.
Now, I reinstalled from scratch, save the default configuration, join the
server to the domain, modified clients.conf, attr_rewrite, ldap, mschap and
inner-tunnel and ran diff. I can see
Robert Mc Cready wrote:
If the User-Name is being rewritten it is not intentional.
Well... it's obviously someone you've changed, because it doesn't
happen in the default configuration.
Now, I reinstalled from scratch, save the default configuration, join the
server to the domain, modified
[mailto:freeradius-users-bounces+robert-mccready=cspi.qc.ca@lists.freeradius
.org] De la part de Alan DeKok
Envoyé : 10 mai 2011 10:49
À : FreeRadius users mailing list
Objet : Re: Error: User-Name is not the same as MS-CHAP name
Robert Mc Cready wrote:
If the User-Name is being rewritten
[mschapv2] # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] ERROR: User-Name (CAD08862\ldapuser) is not the same as MS-CHAP
Name (ldapuser) from EAP-MSCHAPv2
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Robert Mc Cready wrote:
The host name are not domain names, there are computers account name, and we
have hundreds of them . We only use the MS Domain to authenticate the
computers account, not the users.
Well... re-writing the names in the inner-tunnel server is breaking
authentication.
-Name}:-%{User-Name}})
The User-Name attribute is untouch.
[mschap] ERROR: User-Name (CAD08862\ldapuser) is not the same as MS-CHAP
Name (ldapuser) from EAP-MSCHAPv2
As I mentionned before the host name (CAD08862) is not a domain name it's a
computer account name.
I tried with_ntdomain_hack
Robert Mc Cready wrote:
I do not rewrite the User-name attribute I rewrite only the
Stripped-User-Name attribute with these:
No. Go READ the debug log you posted. The inner-tunnel virtual
server gets:
Sending tunneled request
EAP-Message =
On 05/07/2011 07:50 PM, Robert Mc Cready wrote:
The MS-CHAP-Use-NTLM-Auth := no did the job but I still have one
problem with Windows XP clients, I get a [mschap] ERROR: User-Name
(CAD08862\ldapuser) is not the same as MS-CHAP Name (ldapuser) from
EAP-MSCHAPv2. Users log on locally, the host
The MS-CHAP-Use-NTLM-Auth := no did the job but I still have one problem
with Windows XP clients, I get a [mschap] ERROR: User-Name
(CAD08862\ldapuser) is not the same as MS-CHAP Name (ldapuser) from
EAP-MSCHAPv2. Users log on locally, the host name is not a domain name.
Windows 7 clients work
W dniu 2011-05-07 20:50, Robert Mc Cready pisze:
The MS-CHAP-Use-NTLM-Auth := no did the job but I still have one
problem with Windows XP clients, I get a [mschap] ERROR: User-Name
(CAD08862\ldapuser) is not the same as MS-CHAP Name (ldapuser) from
EAP-MSCHAPv2. Users log on locally
Hi ! I meet a ERROR in the test of EAP/PEAP
radtest sqluser 123 localhost 1812 testing123 is OK
,I just delete the # before 'eap' in radiusd.conf and default files.
the test eapol_test -c peap.txt -s testing123
my peap.txt is
network={
eap=PEAP
eapol_flags=0
key_mgmt
Hi,
Hi ! I meet a ERROR in the test of EAP/PEAP
radtest sqluser 123 localhost 1812 testing123 is OK
�,I just delete the # before 'eap' in radiusd.conf and default files.
the test �eapol_test -c peap.txt -s testing123
you are using SQL as the user storage? you havent enabled
On 04/28/2011 01:06 AM, Andrei M. Castillo wrote:
rlm_eap_md5: Cleartext-Password is required for EAP-MD5 authentication
Sigh. Did you spot this?
Kindly check my users conf.
Your first line is commented out.
#test-01 Cleartext-Password := test-01
-
List info/subscribe/unsubscribe?
Andrei M. Castillo wrote:
New to Freeradius. I installed freeradius in a virtualbox but cant get
it work. This is the error that I get.
See the FAQ for how to set up a test user.
[pap] WARNING! No known good password found for the user.
Authentication may fail because of this.
That's
Hello All,
the SQL HOWTO page at:
http://wiki.freeradius.org/SQL_HOWTO
Has an is incorrect instruction.
where it says:
Your radiusd.conf should then look something like this:
it should be:
Your default file should then look something like this:
Thanks, Rich
--
Using Opera's revolutionary
Hi ! I meet a ERROR in the test of EAP/PEAP
radtest sqluser 123 localhost 1812 testing123 is OK
,I just delete the # before 'eap' in radiusd.conf and default files.
the test eapol_test -c peap.txt -s testing123
my peap.txt is
network={
eap=PEAP
eapol_flags=0
key_mgmt
/usr/local/freeradius/etc/raddb/sites-enabled/inner-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Creating challenge hash with username:
Date: Fri, 1 Apr 2011 07:30:07 +0200
From: al...@deployingradius.com
To: freeradius-users@lists.freeradius.org
Subject: Re: version error rlm_exec module
Raheel Itrat wrote:
I am getting this error while I installed a 2.1.0 version. How do I
delete
Apr 2011 07:30:07 +0200
From: al...@deployingradius.com
To: freeradius-users@lists.freeradius.org
Subject: Re: version error rlm_exec module
Raheel Itrat wrote:
I am getting this error while I installed a 2.1.0 version. How do I
delete the older version of freeradius? Kindly let me know
Hi Friends,
I met a problem with FreeRADIUS2.1.9 (Mysql+centos, about 500 pppoe users)as
below:
In general, I found some users couldn't dial to radius and log information
as below
- Fri Apr 1 19:22:09 2011 : Error: Discarding duplicate request
from client mpth12 port 40039 - ID
@lists.freeradius.org
Subject: Dial up error and freeraius is down
Hi Friends,
I met a problem with FreeRADIUS2.1.9 (Mysql+centos, about 500 pppoe users)as
below:
In general, I found some users couldn't dial to radius and log information as
below
- Fri Apr 1 19:22:09 2011 : Error
-bounces+freeradius=itpm@lists.freeradius.org]
On Behalf Of Mark Holmes
Sent: Friday, April 01, 2011 11:23 PM
To: FreeRadius users mailing list
Subject: RE: Dial up error and freeraius is down
Hi,
- Brand width is insufficient from pppoe server to radius server;
- Server
Hi,
- Fri Apr 1 19:22:09 2011 : Error: Discarding duplicate request
from client mpth12 port 40039 - ID: 129 due to unfinished request 10524
- Fri Apr 1 19:22:10 2011 : Error: Discarding conflicting packet
from client mpth12 port 40039 - ID: 129 due to recent request
]
On Behalf Of Alan Buxey
Sent: Saturday, April 02, 2011 1:58 AM
To: FreeRadius users mailing list
Subject: Re: Dial up error and freeraius is down
Hi,
- Fri Apr 1 19:22:09 2011 : Error: Discarding duplicate request
from client mpth12 port 40039 - ID: 129 due to unfinished request 10524
On Sat, Apr 2, 2011 at 9:20 AM, Robin freerad...@itpm.net wrote:
Hi,
If I can understand it, my freeradius for some reason has slowed due to
response behind time?
I don't understand what you mean by my freeradius for some reason has
slowed due to response behind time, but like Alan said, the
@lists.freeradius.org]
On Behalf Of Fajar A. Nugraha
Sent: Saturday, April 02, 2011 10:41 AM
To: FreeRadius users mailing list
Subject: Re: Dial up error and freeraius is down
On Sat, Apr 2, 2011 at 9:20 AM, Robin freerad...@itpm.net wrote:
Hi,
If I can understand it, my freeradius for some reason has
Hi,
I am getting this error while I installed a 2.1.0 version. How do I delete the
older version of freeradius? Kindly let me know the exact command to remove all
files of older version.
radiusd: Instantiating modules
instantiate {
/usr/local/etc/raddb/modules/exec[25]: Invalid
Sorry the path is as follows
instantiate {
/etc/freeradius/modules/exec[25]: Invalid version in module 'rlm_exec'
Errors initializing modules
From: raheel...@hotmail.com
To: freeradius-users@lists.freeradius.org
Subject: version error rlm_exec module
Date: Fri, 1 Apr 2011 10:19:43 +0500
Raheel Itrat wrote:
I am getting this error while I installed a 2.1.0 version. How do I
delete the older version of freeradius? Kindly let me know the exact
command to remove all files of older version.
rm
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
to not being able to execute the script and this is logged in
radius.log
Error: Exec-Program: FAILED to execute /etc/raddb/otpverify.sh:
Permission denied
In all the above scenarios, I was root when executing the statements.
I am *not* in a chroot jail, all the necessary directories are
read/write
proper Accept Replys. When it 'fails',
its due to not being able to execute the script and this is logged in
radius.log
Error: Exec-Program: FAILED to execute /etc/raddb/otpverify.sh:
Permission denied
In all the above scenarios, I was root when executing the statements.
I am *not* in a chroot jail
. When it 'fails',
its due to not being able to execute the script and this is logged in
radius.log
Error: Exec-Program: FAILED to execute /etc/raddb/otpverify.sh:
Permission denied
In all the above scenarios, I was root when executing the statements.
I am *not* in a chroot jail, all
On 03/29/2011 03:20 PM, Christopher Athans wrote:
*sigh* it was indeed SELinux. I thought it had it disabled. Still
not exactly sure why when I wrapped the init.d statement with a 'sh'
it works, but nevertheless you solved my issue. Thanks John.
The behavior is different because
service radiusd start or /etc/init.d/radiusd start FAILS
sh /etc/init.d/radiusd start Works
When it works properly, I get proper Accept Replys. When it 'fails',
its due to not being able to execute the script and this is logged in
radius.log
Error: Exec-Program: FAILED to execute /etc/raddb
Hi,
*sigh* it was indeed SELinux. I thought it had it disabled. Still
not exactly sure why when I wrapped the init.d statement with a 'sh'
it works, but nevertheless you solved my issue. Thanks John.
you are going to fix the issue as shown by audit2allow etc rathr than just
leave SELinux
I have a tendency to over complicate things with freeradius, so I will
just post my error on my first start up:
I understand the dummy certs are created when launching radiusd -X, but
not sure how to fix the missing dh file without creating new ones. Is
the unknown module eap error because
Raymond Norton wrote:
I have a tendency to over complicate things with freeradius, so I will
just post my error on my first start up:
I understand the dummy certs are created when launching radiusd -X, but
not sure how to fix the missing dh file without creating new ones. Is
the unknown
:
I have a tendency to over complicate things with freeradius, so I will
just post my error on my first start up:
I understand the dummy certs are created when launching radiusd -X, but
not sure how to fix the missing dh file without creating new ones. Is
the unknown module eap error because
Hi,
tls: dh_file = /private/etc/raddb/certs/dh
tls: random_file = /private/etc/raddb/certs/random
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = (null)
tls: cipher_list = (null)
tls: check_cert_issuer = (null)
rlm_eap_tls:
Thanks. I understood that. It seems there was an old version of
freeradius installed on the server by default. I'm no mac head, and am
trying to figure out how to remove it.
On 03/04/2011 10:10 AM, Alan Buxey wrote:
Hi,
tls: dh_file = /private/etc/raddb/certs/dh
tls: random_file =
Raymond Norton wrote:
Thanks. I understood that. It seems there was an old version of
freeradius installed on the server by default. I'm no mac head, and am
trying to figure out how to remove it.
$ rm ...
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Thanks for the pointers. Freeradius is working fine now against OD.
How would I disable the old radius start up script and enable the new
one instead?
On 03/04/2011 10:35 AM, Alan DeKok wrote:
Raymond Norton wrote:
Thanks. I understood that. It seems there was an old version of
On Mon, Feb 21, 2011 at 5:27 PM, Alan DeKok al...@deployingradius.comwrote:
adx grave wrote:
I got this after server HUP and it just die. The same error appeared
after i manually restart the server but it continue to work just fine.
A bug? Or maybe something wrong with my config? Any hint
adx grave wrote:
I got this after server HUP and it just die. The same error appeared
after i manually restart the server but it continue to work just fine.
A bug? Or maybe something wrong with my config? Any hint to where should
i look?
See doc/bugs
Alan DeKok.
-
List info/subscribe
Hi list,
I got this after server HUP and it just die. The same error appeared after i
manually restart the server but it continue to work just fine.
A bug? Or maybe something wrong with my config? Any hint to where should i
look?
Freeradius 2.1.10.
Thanks.
-
List info/subscribe/unsubscribe? See
501 - 600 of 2734 matches
Mail list logo