I have a very basic question regarding debugging "radiusd" I guess in the top level Makefile CFLAGS= -ggdb I when I try to run radiusd as gdb radiusd
GDB complains that no symbols found. I believe I am missing something somewhere. Please suggest how I can use GDB/DDD to setp through radiusd executable. Thanks, Shoujit ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, December 09, 2003 5:44 PM Subject: Freeradius-Users digest, Vol 1 #2609 - 15 msgs > Send Freeradius-Users mailing list submissions to > [EMAIL PROTECTED] > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.cistron.nl/mailman/listinfo/freeradius-users > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Freeradius-Users digest..." > > > Today's Topics: > > 1. Re: filtering attributes in proxy (denz) > 2. Unable to load EAP-Type/ttls, as EAP-Type/TLS is required first (Holger Schurig) > 3. RE: rlm_sql and huntgroups (Bart Van Daal) > 4. username changed in-transit (Holger Schurig) > 5. Re: filtering attributes in proxy (Chris Parker) > 6. RE: filtering attributes in proxy (Sergio Molina) > 7. Re: Unable to load EAP-Type/ttls, as EAP-Type/TLS is required first (Alan DeKok) > 8. Re: rlm_sql and huntgroups (Alan DeKok) > 9. Re: dialup_admin (cvs last 12-04-2003) (Guy Fraser) > 10. Re: Setting attribute based on value of another attribute (Alan DeKok) > 11. Re: Setting attribute based on value of another attribute (Dennis Skinner) > 12. Re: username changed in-transit (Alan DeKok) > 13. Re: Freeradius 0.9.3 gone nuts when auth from sql?? (Alan DeKok) > 14. problem compiling rlm_eap_tls (Naman Latif) > 15. Running FreeRADIUS with user other than root (Michael Shanafelt) > > --__--__-- > > Message: 1 > From: "denz" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: Re: filtering attributes in proxy > Date: Tue, 9 Dec 2003 11:59:54 +0600 > Reply-To: [EMAIL PROTECTED] > > > > > but when I start the server I get this message ant the end, and server > > > > exits. > > > > > > > > Module: Instantiated attr_filter (attr_filter) > > > > radiusd.conf: "attr_filter" modules aren't allowed in 'pre-proxy' > > > > sections -- they have no such method. > > > > > > <shrug> Edit the source code for attr_filter to include a pre-proxy > > >section. > > > > This is done in the latest CVS for post-proxy. I've got a patch we've > > used internally for pre-proxy. I'll commit it today. > > Has it been commited to cvs ? I just downloaded. Couldn't see the preproxy > method in rlm_attr_filter. I'd appreciate it very much right now. > > > > > -Chris > > -- > > \\\|||/// \ StarNet Inc. \ Chris Parker > > \ ~ ~ / \ WX *is* Wireless! \ Director, Engineering > > | @ @ | \ http://www.starnetwx.net \ (847) 963-0116 > > oOo---(_)---oOo--\------------------------------------------------------ > > \ Wholesale Internet Services - http://www.megapop.net > > > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > > --__--__-- > > Message: 2 > To: [EMAIL PROTECTED] > From: Holger Schurig <[EMAIL PROTECTED]> > Subject: Unable to load EAP-Type/ttls, as EAP-Type/TLS is required first > Date: Tue, 09 Dec 2003 08:26:00 +0100 > Reply-To: [EMAIL PROTECTED] > > Is there a technical reason that EAP-TTLS and EAP-PEAP both need EAP-TLS > first? > > -- > Try Linux 2.6 from BitKeeper for PXA2x0 CPUs at > http://www.mn-logistik.de/unsupported/linux-2.6/ > > > > --__--__-- > > Message: 3 > From: Bart Van Daal <[EMAIL PROTECTED]> > To: "'[EMAIL PROTECTED]'" > <[EMAIL PROTECTED]> > Subject: RE: rlm_sql and huntgroups > Date: Tue, 9 Dec 2003 13:28:28 +0100 > Reply-To: [EMAIL PROTECTED] > > Thanks for your pointer Alan, > i've searched the list at > http://www.mail-archive.com/[EMAIL PROTECTED]/ > but didn't come up with an answer. > > When I put the Huntgroup-Name attribute in my radreply table; > everything works fine. > When I put it in the radgroupreply table in the same fashion; > it doesn't work > > thanks for any help to the solution > > Bart > > -----Original Message----- > From: Alan DeKok [mailto:[EMAIL PROTECTED] > Sent: maandag 8 december 2003 19:27 > To: [EMAIL PROTECTED] > Subject: Re: rlm_sql and huntgroups > > > Bart Van Daal <[EMAIL PROTECTED]> wrote: > > is this a problem with hunt-groups or > > with all other check items in the > > mysql radgroupcheck table? > > It's a problem just with huntgroups. See the list archives for a > description of the problem, and the solution. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > --__--__-- > > Message: 4 > To: [EMAIL PROTECTED] > From: Holger Schurig <[EMAIL PROTECTED]> > Subject: username changed in-transit > Date: Tue, 09 Dec 2003 15:58:41 +0100 > Reply-To: [EMAIL PROTECTED] > > I have xsupplicant (CVS with hardcoded username/password because they change > the config file format currently) running with this configuration: > > [CONFIG] ----------- Current Values for Network WA22 ----------- > [CONFIG] Username : MNCI > [CONFIG] Password : mnci > [CONFIG] Root Certificate : /etc/1x/root.pem > [CONFIG] Client Certificate : /etc/1x/cert-clt.pem > [CONFIG] Root Cert. Dir. : (null) > [CONFIG] CRL Directory : (null) > [CONFIG] Key File : /etc/1x/cert-clt.pem > > When I call it, I see (besides other stuff) this output: > > ... > [STATE] Processing ACQUIRED state. > Connection established, authenticating... > [STATE] Sending EAPOL-Response-Identification > [ALL] Frame to be sent : > 00 02 2D 81 77 8E 00 10 - C6 19 27 09 88 8E 01 00 ..-.w.....'..... > 00 0B 02 00 00 0B 01 3F - 00 4D 4E 43 49 00 00 00 .......?.MNCI... > ... > > In which RFC is the format of this packet described? I ask this, because > after the EAPOL-Packet goes to an Intermec WA22 Access-Point and then to my > freeRADIUS-Server (CVS), I see this: > > ... > Ready to process requests. > rad_recv: Access-Request packet from host 192.168.233.220:1988, id=15, > length=128 > User-Name = "?\000MNCI" > NAS-IP-Address = 192.168.233.220 > Called-Station-Id = "00-10-40-04-e4-72" > NAS-Identifier = "16600300057" > NAS-Port-Type = Wireless-802.11 > Framed-MTU = 1400 > Calling-Station-Id = "00-10-c6-19-27-09" > EAP-Message = 0x0200000b013f004d4e4349 > Message-Authenticator = 0x3935ecc3ce1242745d5b399879cb3f62 > ... > > Here the username became suddenly "?\000MNCI". > > Anybody any idea on why this happened? > > > -- > Try Linux 2.6 from BitKeeper for PXA2x0 CPUs at > http://www.mn-logistik.de/unsupported/linux-2.6/ > > > > --__--__-- > > Message: 5 > Date: Tue, 09 Dec 2003 09:32:26 -0600 > To: [EMAIL PROTECTED] > From: Chris Parker <[EMAIL PROTECTED]> > Subject: Re: filtering attributes in proxy > Reply-To: [EMAIL PROTECTED] > > At 11:59 PM 12/8/2003, denz wrote: > > > > > but when I start the server I get this message ant the end, and server > > > > > exits. > > > > > > > > > > Module: Instantiated attr_filter (attr_filter) > > > > > radiusd.conf: "attr_filter" modules aren't allowed in 'pre-proxy' > > > > > sections -- they have no such method. > > > > > > > > <shrug> Edit the source code for attr_filter to include a pre-proxy > > > >section. > > > > > > This is done in the latest CVS for post-proxy. I've got a patch we've > > > used internally for pre-proxy. I'll commit it today. > > > >Has it been commited to cvs ? I just downloaded. Couldn't see the preproxy > >method in rlm_attr_filter. I'd appreciate it very much right now. > > No, I'm still working on cleaning the patch up, as well as adding accounting > methods for the module. > > I'll post to the list when it is in CVS, which should hopefully be later > today. > > -Chris > -- > \\\|||/// \ StarNet Inc. \ Chris Parker > \ ~ ~ / \ WX *is* Wireless! \ Director, Engineering > | @ @ | \ http://www.starnetwx.net \ (847) 963-0116 > oOo---(_)---oOo--\------------------------------------------------------ > \ Wholesale Internet Services - http://www.megapop.net > > > > > --__--__-- > > Message: 6 > From: "Sergio Molina" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: RE: filtering attributes in proxy > Date: Tue, 9 Dec 2003 17:36:35 +0100 > Reply-To: [EMAIL PROTECTED] > > Have you tried with pre-proxy and attr_rewrite? I?m trying but attr_rewrite > module is not called (/usr/sbin/freeradius -x). I don?t know why. > > Sergio. > > > -----Mensaje original----- > > De: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] nombre de Chris > > Parker > > Enviado el: martes, 09 de diciembre de 2003 16:32 > > Para: [EMAIL PROTECTED] > > Asunto: Re: filtering attributes in proxy > > > > > > At 11:59 PM 12/8/2003, denz wrote: > > > > > > but when I start the server I get this message ant the > > end, and server > > > > > > exits. > > > > > > > > > > > > Module: Instantiated attr_filter (attr_filter) > > > > > > radiusd.conf: "attr_filter" modules aren't allowed in 'pre-proxy' > > > > > > sections -- they have no such method. > > > > > > > > > > <shrug> Edit the source code for attr_filter to include > > a pre-proxy > > > > >section. > > > > > > > > This is done in the latest CVS for post-proxy. I've got a patch we've > > > > used internally for pre-proxy. I'll commit it today. > > > > > >Has it been commited to cvs ? I just downloaded. Couldn't see > > the preproxy > > >method in rlm_attr_filter. I'd appreciate it very much right now. > > > > No, I'm still working on cleaning the patch up, as well as adding > > accounting > > methods for the module. > > > > I'll post to the list when it is in CVS, which should hopefully be later > > today. > > > > -Chris > > -- > > \\\|||/// \ StarNet Inc. \ Chris Parker > > \ ~ ~ / \ WX *is* Wireless! \ Director, Engineering > > | @ @ | \ http://www.starnetwx.net \ (847) 963-0116 > > oOo---(_)---oOo--\------------------------------------------------------ > > \ Wholesale Internet Services - http://www.megapop.net > > > > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > --__--__-- > > Message: 7 > From: "Alan DeKok" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: Unable to load EAP-Type/ttls, as EAP-Type/TLS is required first > Date: Tue, 09 Dec 2003 11:37:32 -0500 > Reply-To: [EMAIL PROTECTED] > > Holger Schurig <[EMAIL PROTECTED]> wrote: > > Is there a technical reason that EAP-TTLS and EAP-PEAP both need EAP-TLS > > first? > > Yes. Why would it be otherwise? > > TTLS & PEAP both involve using EAP-TLS, and then tunneling > additional data in the TLS tunnel. Therefore, they both need EAP-TLS. > > Alan DeKok. > > > --__--__-- > > Message: 8 > From: "Alan DeKok" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: rlm_sql and huntgroups > Date: Tue, 09 Dec 2003 11:39:48 -0500 > Reply-To: [EMAIL PROTECTED] > > Bart Van Daal <[EMAIL PROTECTED]> wrote: > > Thanks for your pointer Alan, > > i've searched the list at > > http://www.mail-archive.com/[EMAIL PROTECTED]/ > > but didn't come up with an answer. > > The problem is a bug in rlm_preprocess. So far, no one has submitted a > patch. See a 'gdb' backtrace for what's going wrong. It should be > pretty obvious. > > Alan DeKok. > > > --__--__-- > > Message: 9 > Date: Tue, 09 Dec 2003 09:46:25 -0700 > From: Guy Fraser <[EMAIL PROTECTED]> > Organization: The Internet Centre > To: [EMAIL PROTECTED] > Subject: Re: dialup_admin (cvs last 12-04-2003) > Reply-To: [EMAIL PROTECTED] > > Please explain. > > What online information are you refering to ? > > Do you have your NAS boxes configured in naslist.conf ? > > apellido jr., wilfredo p wrote: > > >hello guys, NAS doesnt show in User's Online > >Information. > > > >===== > >wilfredo pahilanga apellido jr. > >technical support > >mactan online > >bacolod city, philippines > >+63 34 4348311 > > > >If you can't hear me, it's because i'm in parentheses. > > > >__________________________________ > >Do you Yahoo!? > >New Yahoo! Photos - easier uploading and sharing. > >http://photos.yahoo.com/ > > > >- > >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > > > > > > > -- > Guy Fraser > Network Administrator > The Internet Centre > 780-450-6787 , 1-888-450-6787 > > There is a fine line between genius and lunacy, fear not, walk the > line with pride. Not all things will end up as you wanted, but you > will certainly discover things the meek and timid will miss out on. > > > > > > > --__--__-- > > Message: 10 > From: "Alan DeKok" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: Setting attribute based on value of another attribute > Date: Tue, 09 Dec 2003 11:50:07 -0500 > Reply-To: [EMAIL PROTECTED] > > Dennis Skinner <[EMAIL PROTECTED]> wrote: > > I'm trying to set the value of a custom attribute based on the value of > > one passed in the packet from the client/nas (specifically > > Client-IP-Address). Something akin to this if it were allowed: > > > > DEFAULT Client-IP-Address =~ "10.1.1." > > Custom-Attr := "network1" > > It's allowed. The reason it doesn't work for you is that "10.1.1." > isn't a useful regular expression. Try "^10\.1\.1\.", and it should > work. > > > If necessary, I could just use the client-ip attr directly in the > > radcheck db, but if the IP addresses change for the clients, or new ones > > are added, I would have to change everyone's entry in radcheck. > > Why not use rlm_passwd? Have a "passwd" style file, looking up the > client IP, and returning your Custom-Attr. That way, there's only one > file to manage. > > Alan DeKok. > > > --__--__-- > > Message: 11 > Subject: Re: Setting attribute based on value of another attribute > From: Dennis Skinner <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Date: Tue, 09 Dec 2003 12:33:09 -0500 > Reply-To: [EMAIL PROTECTED] > > On Tue, 2003-12-09 at 11:50, Alan DeKok wrote: > > Dennis Skinner <[EMAIL PROTECTED]> wrote: > > > I'm trying to set the value of a custom attribute based on the value of > > > one passed in the packet from the client/nas (specifically > > > Client-IP-Address). Something akin to this if it were allowed: > > > > > > DEFAULT Client-IP-Address =~ "10.1.1." > > > Custom-Attr := "network1" > > > > It's allowed. The reason it doesn't work for you is that "10.1.1." > > isn't a useful regular expression. Try "^10\.1\.1\.", and it should > > work. > > Hmm...ok. Actually, I was escaping the periods in my test (I forgot > them in the email, sorry), but I didn't anchor it to the beginning. > I'll give it another try. I was testing between putting out fires. It > seemed to be always true. I used: > > DEFAULT Client-IP-Address =~ "garbage" > > and it seemed to be matching. > > > > If necessary, I could just use the client-ip attr directly in the > > > radcheck db, but if the IP addresses change for the clients, or new ones > > > are added, I would have to change everyone's entry in radcheck. > > > > Why not use rlm_passwd? Have a "passwd" style file, looking up the > > client IP, and returning your Custom-Attr. That way, there's only one > > file to manage. > > > > Alan DeKok. > > Excellent idea. I will look into that. Thanks! > > -- > Dennis Skinner > Systems Administrator > BlueFrog Internet > http://www.bluefrog.com > > > > --__--__-- > > Message: 12 > From: "Alan DeKok" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: username changed in-transit > Date: Tue, 09 Dec 2003 12:47:27 -0500 > Reply-To: [EMAIL PROTECTED] > > Holger Schurig <[EMAIL PROTECTED]> wrote: > > [ALL] Frame to be sent : > > 00 02 2D 81 77 8E 00 10 - C6 19 27 09 88 8E 01 00 ..-.w.....'..... > > 00 0B 02 00 00 0B 01 3F - 00 4D 4E 43 49 00 00 00 .......?.MNCI... > ... > > In which RFC is the format of this packet described? > > Look for EAP. > > > rad_recv: Access-Request packet from host 192.168.233.220:1988, id=15, > > length=128 > > User-Name = "?\000MNCI" > > See the packet trace. The "?\000" is in the EAP packet, so the > program sending that EAP packet is probably the one to blame. > > > Here the username became suddenly "?\000MNCI". > > It doesn't look that way to me. > > Alan DeKok. > > > --__--__-- > > Message: 13 > From: "Alan DeKok" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: Freeradius 0.9.3 gone nuts when auth from sql?? > Date: Tue, 09 Dec 2003 12:53:54 -0500 > Reply-To: [EMAIL PROTECTED] > > "Nikolas Geyer" <[EMAIL PROTECTED]> wrote: > > I just upgraded to FreeRadius 0.9.3 from 0.9.2 and am having a problem. Our > > users authenticate against a MySQL database, which used to work just fine. > > Now hoever it doesn't return a reply, and when running fr in debug mode it > > just shows multiple requests and floods the server. > > Ok.. > > > Below is an excerpt of what its doing. It just repeats whats pasted > > over and over again until it does it 200 times (takes about half a > > minute or less) until its blocked. > > Until the whole server blocks? > > > rlm_realm: Preparing to proxy authentication request to realm > > "infinite.net.au" > > That would seem to be relevant. > > > rlm_sql (sql): Released sql socket id: 4 > > modcall[authorize]: module "sql" returns ok for request 0 > > It's not an SQL problem. > > > modcall: group authorize returns updated for request 0 > > Sending Access-Request of id 1 to 210.9.75.200:1645 > > User-Name = "[EMAIL PROTECTED]" > > It's proxying the request to another server. > > What part of that debug output was unclear? > > Alan DeKok. > > > --__--__-- > > Message: 14 > Subject: problem compiling rlm_eap_tls > Date: Tue, 9 Dec 2003 14:19:00 -0800 > From: "Naman Latif" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > > Hi, > I am trying to install version 0.9.3 on a Solaris 8 box. I have openssl > installed in /usr/local/ssl. However the configure script comes up with > below message for "rlm_eap_tls" module. > > +++++ > <snip> > checking for openssl/ssl.h... no > <snip> > +++++ > > I do have ssl.h present in /usr/local/ssl/include/openssl/ssl.h . I > tried different suggestions from past archives as > > ./configure --with-openssl-inc=3D/usr/local/ssl/include > --with-openssl-lib=3D/usr/local/ssl/lib > > ./configure --with-openssl-includes=3D/usr/local/ssl/include/ > --with-openssl-libraries=3D/usr/local/ssl/lib > > But it still gives me the above error. > > Any more suggestions ? > > > --__--__-- > > Message: 15 > Subject: Running FreeRADIUS with user other than root > Date: Tue, 9 Dec 2003 17:43:42 -0500 > From: "Michael Shanafelt" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > > I'm sure this is simple, but... > > How do I run freeRADIUS when logged in as a user other than root? When > I try now, I get an error akin to "File not found, etc..." > > -Mike > > > > --__--__-- > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > End of Freeradius-Users Digest > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
