Radius is not starting
When I start freeradius /usr/local/sbin/radiusd -X it displayes the error that radiusd: symbol lookup error: /usr/local/lib/rlm_perl-2.2.0.so: undefined symbol: Perl_Gthr_key_ptr I have googled it but could not resolved it. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [ANN] Version 3.0.0-rc0
Hi, I'd love to try. looking at GITHUB's master branch, I see that the latest commit was 5 months ago, and the last tag is 3_0_0_beta1 ? There's also no other branch name that suggests recent versions. Anything wrong with github? Stefan On 16.07.2013 15:15, Alan DeKok wrote: Stefan Winter wrote: (0) ERROR: %{#User-Password} (0) ERROR: ^ Unknown attribute (0) ERROR: Evaluation of condition failed for some reason. (0)else else { (0) - entering else else {...} Earlier, this would yield the number of characters in the incoming request's User-Password attribute, and see if it's exactly 96 Bytes. I don't know why the # triggers an unknown attribute? Looks like a bug to me... That code was removed because it was horrid. I've pushed a fix, including fixes to documentation. Use %{strlen:...} instead. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473 signature.asc Description: OpenPGP digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [ANN] Version 3.0.0-rc0
On 17 Jul 2013, at 07:59, Stefan Winter stefan.win...@restena.lu wrote: Hi, I'd love to try. looking at GITHUB's master branch, I see that the latest commit was 5 months ago, and the last tag is 3_0_0_beta1 ? You're possibly looking at Alan's repo? Anything wrong with github? No, we switched to hosting FreeRADIUS as an organisation on GitHub instead of it being one of Alan's personal projects. The URL for the repo changed, you may need to update your 'git remotes'. git remote show origin * remote origin Fetch URL: g...@github.com:FreeRADIUS/freeradius-server.git Push URL: g...@github.com:FreeRADIUS/freeradius-server.git The repo URLs should look like that. If they don't: git remote set-url origin g...@github.com:FreeRADIUS/freeradius-server.git -Arran Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [ANN] Version 3.0.0-rc0
Hi, Anything wrong with github? Oh, never mind that. git.freeradius.org has a link to: http://github.com/alandekok/freeradius-server/tree/master which is probably not the best place to link to. Sure, if you read the github notice on that page it'll tell you Alan DeKok's private copy of the FreeRADIUS Server code. Do NOT fork this. Use the link below instead. https://github.com/FreeRADIUS/freeradius-server; And if you do that, you'll get the source. But wouldn't it be much more useful to send people to the correct URL immediately? Stefan Stefan On 16.07.2013 15:15, Alan DeKok wrote: Stefan Winter wrote: (0) ERROR: %{#User-Password} (0) ERROR: ^ Unknown attribute (0) ERROR: Evaluation of condition failed for some reason. (0)else else { (0) - entering else else {...} Earlier, this would yield the number of characters in the incoming request's User-Password attribute, and see if it's exactly 96 Bytes. I don't know why the # triggers an unknown attribute? Looks like a bug to me... That code was removed because it was horrid. I've pushed a fix, including fixes to documentation. Use %{strlen:...} instead. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473 signature.asc Description: OpenPGP digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [ANN] Version 3.0.0-rc0
Stefan Winter wrote: git.freeradius.org has a link to: http://github.com/alandekok/freeradius-server/tree/master Fixed. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Delete one value of multiple attribute(Class)
Okis Chuang wrote: Actually I can write a short perl script to do this, but I try to do with pure unlang. Unlang is not really intended to do that. In fact, the reason why I need this function is that sometimes we treat some attributes as temporary variable for generating another attribute value pair. Use Tmp-String-0, or Tmp-Octets-0 instead. That way the problem goes away. See dictionary.freeradius.internal for more examples. Then erase it before sending request or reply out. So I am wondering would majority of FR user do this things like this? And you don't need to erase the Tmp-* attributes before sending a packet. They will *never* show up in a packet. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius is not starting
radiusd: symbol lookup error: /usr/local/lib/rlm_perl-2.2.0.so: undefined symbol: Perl_Gthr_key_ptr I have googled it but could not resolved it. You can't of googled very hard... https://ask.fedoraproject.org/question/10205/why-is-the-perl_gthr_key_ptr-symbol-missing/ Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Delete one value of multiple attribute(Class)
Okis Chuang wrote: Actually I can write a short perl script to do this, but I try to do with pure unlang. Unlang is not really intended to do that. In fact, the reason why I need this function is that sometimes we treat some attributes as temporary variable for generating another attribute value pair. Use Tmp-String-0, or Tmp-Octets-0 instead. That way the problem goes away. See dictionary.freeradius.internal for more examples. Then erase it before sending request or reply out. So I am wondering would majority of FR user do this things like this? And you don't need to erase the Tmp-* attributes before sending a packet. They will *never* show up in a packet. Alan DeKok. - Hi Alan, Thanks for reply. Yes, I totally can understand the solution you recommend, and I've been using this skill for quite a long time. But the situation I encountered is : 1.I need to save some information returned in Access-Accept from external AAA in the attribute *Class* at the section *post-auth*. So it will return back to gateway. 2.Then gateway will send Accounting-Start to my server. In this time, I need to pop out the information I saved in the attribute *Class* in the section *accounting* so that I can generate the avp what I need. Hence, it cannot work by using Tmp-XXX internal attribute because those two events occur in two different sessions to FreeRADIUS. I thought Tmp-* attributes will not exist across two sessions at the same time. So that way I must choose some kind of attribute that gateway must return back for saving temporary attribute value. Concerning about total available length of Class in our wifi gateway, I don't want to do such a waste on attribute Class. Again, just like I said before, because Class is a multi-value attribute I can't find a way to remove a specific value from entire Class array. But anyway, if this is too much for unlang I can use perl to fulfill this definitely. Just curious about if unlang can totally achieve this. :P Cheers, Okis. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Delete one value of multiple attribute(Class)
On 17.07.2013 12:29, Okis Chuang wrote: But the situation I encountered is : 1.I need to save some information returned in Access-Accept from external AAA in the attribute **Class** at the section **post-auth**. So it will return back to gateway. 2.Then gateway will send Accounting-Start to my server. In this time, I need to pop out the information I saved in the attribute **Class** in the section **accounting** so that I can generate the avp what I need. Hence, it cannot work by using Tmp-XXX internal attribute because those two events occur in two different sessions to FreeRADIUS. I thought Tmp-* attributes will not exist across two sessions at the same time. So that way I must choose some kind of attribute that gateway must return back for saving temporary attribute value. Well with the release 3.0.0 you can use the new rlm_cache module that will allow to do that quite easily. And (again with 3.0.0) you can do a foreach on your multi valued attributes, and erase those you don't need in the loop. Olivier -- Olivier Beytrison Network Security Engineer, HES-SO Fribourg Mail: oliv...@heliosnet.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Delete one value of multiple attribute(Class)
Hi Alan, Thanks for reply. Yes, I totally can understand the solution you recommend, and I've been using this skill for quite a long time. But the situation I encountered is : 1.I need to save some information returned in Access-Accept from external AAA in the attribute *Class* at the section *post-auth*. So it will return back to gateway. 2.Then gateway will send Accounting-Start to my server. In this time, I need to pop out the information I saved in the attribute *Class* in the section *accounting* so that I can generate the avp what I need. Hence, it cannot work by using Tmp-XXX internal attribute because those two events occur in two different sessions to FreeRADIUS. I thought Tmp-* attributes will not exist across two sessions at the same time. So that way I must choose some kind of attribute that gateway must return back for saving temporary attribute value. Concerning about total available length of Class in our wifi gateway, I don't want to do such a waste on attribute Class. Again, just like I said before, because Class is a multi-value attribute I can't find a way to remove a specific value from entire Class array. But anyway, if this is too much for unlang I can use perl to fulfill this definitely. Just curious about if unlang can totally achieve this. :P If there are the class attributes then Class = 0x3131 Class = 0x3232 Class = 0x This will delete the second Class attribute with value 0x3232 if (%{Class[1]} =~ /^(0x3232)/i) { update request { Class -= %{Class[1]} } } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Delete one value of multiple attribute(Class)
Okis Chuang wrote: But the situation I encountered is : It helps to describe the situation *accurately*. Otherwise, you're wasting everyone's time. 1.I need to save some information returned in Access-Accept from external AAA in the attribute **Class** at the section **post-auth**. So it will return back to gateway. That's what Class is for. 2.Then gateway will send Accounting-Start to my server. In this time, I need to pop out the information I saved in the attribute **Class** in the section **accounting** so that I can generate the avp what I need. That works already. So that way I must choose some kind of attribute that gateway must return back for saving temporary attribute value. Concerning about total available length of Class in our wifi gateway, I don’t want to do such a waste on attribute Class. If the WiFi gateway doesn't support a long Class attribute, it won't support *two* Class attributes, either. You're better off storing session information in a database. Using the WiFi gateway as a session database is a very bad idea. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [ANN] Version 3.0.0-rc0
I've been going through the packaging effort for 3.0 for Fedora/RHEL. BTW, many thanks to Stefan Paetow who did an initial spec file, Stefan's work has been a big help. I'm coming up with a list of issues as I find them, more to come later, but for now ... 1) The redhat directory is populated with the old 2.x spec file, no sense in updating this until we have a good 3.x spec file, but it should be updated prior to the official 3.0 release. 2) Man pages installed for non-existent features. rlm_policy radwatch These man pages are installed but both features are not part of 3.0 as far as I can tell. 3) Man pages missing. The following are installed in either /bin or /usr/sbin but there are no corresponding man pages. Every command installed needs to have a man page. dhcpclient radattr rad_counter rc.radiusd [1] [1] Debatable as to how necessary a man page is for rc.radiusd, it's use is subsumed by initscript documentation for SysV, plus many systems won't install it all. I only include it in the list for completeness. John - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [ANN] Version 3.0.0-rc0
John Dennis wrote: 1) The redhat directory is populated with the old 2.x spec file, no sense in updating this until we have a good 3.x spec file, but it should be updated prior to the official 3.0 release. OK. I've pushed a simple change which gets rid of 10 years of changelog at least. 2) Man pages installed for non-existent features. Deleted. 3) Man pages missing. The following are installed in either /bin or /usr/sbin but there are no corresponding man pages. Every command installed needs to have a man page. dhcpclient radattr Hmm... those two probably shouldn't be installed. They're really only for testing. Can the spec file just ignore them? rad_counter rc.radiusd [1] [1] Debatable as to how necessary a man page is for rc.radiusd, it's use is subsumed by initscript documentation for SysV, plus many systems won't install it all. I only include it in the list for completeness. OK. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [ANN] Version 3.0.0-rc0
On 07/17/2013 12:26 PM, Alan DeKok wrote: John Dennis wrote: The following are installed in either /bin or /usr/sbin but there are no corresponding man pages. Every command installed needs to have a man page. dhcpclient radattr Hmm... those two probably shouldn't be installed. They're really only for testing. Can the spec file just ignore them? Sure it's no problem for the spec file to ignore them but I'm wondering if they are valuable for testing won't others find them useful too? If so shouldn't we keep them and add a man page? Right now we don't have a tools subpackage, this is common for other large packages. A tools subpackage contains useful commands for admins and developers which are not necessary for running the basic package. Perhaps 3.0 is a good time to introduce a tools package and move some of this stuff into tools making it an optional install. This would also bring freeradius in line with other packages. Comments? John - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [ANN] Version 3.0.0-rc0
On 17 Jul 2013, at 17:47, John Dennis jden...@redhat.com wrote: On 07/17/2013 12:26 PM, Alan DeKok wrote: John Dennis wrote: The following are installed in either /bin or /usr/sbin but there are no corresponding man pages. Every command installed needs to have a man page. dhcpclient radattr Hmm... those two probably shouldn't be installed. They're really only for testing. Can the spec file just ignore them? Sure it's no problem for the spec file to ignore them but I'm wondering if they are valuable for testing won't others find them useful too? If so shouldn't we keep them and add a man page? Right now we don't have a tools subpackage, this is common for other large packages. A tools subpackage contains useful commands for admins and developers which are not necessary for running the basic package. Perhaps 3.0 is a good time to introduce a tools package and move some of this stuff into tools making it an optional install. This would also bring freeradius in line with other packages. Comments? Yes, packaging radsniff, radclient, radwho et al seems useful. What do people think about breaking the default configuration out into a separate package? It means bin/share/lib can be installed, and then a site local package used to install the configuration. Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [ANN] Version 3.0.0-rc0
John Dennis wrote: Sure it's no problem for the spec file to ignore them but I'm wondering if they are valuable for testing won't others find them useful too? If so shouldn't we keep them and add a man page? Maybe. radattr is really a test tool for RFC6929 attributes. And now for parsing %{...} expansions, and conditions in unlang. It should have no end-user utility. dhcpclient is a *very* bad DHCP client. It's meant for testing the DHCP functionality of the server. Because the other DHCP clients always want to go poke interfaces with new IP addresses. Right now we don't have a tools subpackage, this is common for other large packages. A tools subpackage contains useful commands for admins and developers which are not necessary for running the basic package. Perhaps 3.0 is a good time to introduce a tools package and move some of this stuff into tools making it an optional install. This would also bring freeradius in line with other packages. Comments? The radsniff, etc. could be put into a tools package. radattr and dhcpclient should probablt just be skipped during the make install process. I'll go see if I can do that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [ANN] Version 3.0.0-rc0
Hi Don't you have freeradius-utils already. .. which contains radtest etc which is very useful for admins alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [ANN] Version 3.0.0-rc0
On 07/17/2013 04:16 PM, Alan Buxey wrote: Hi Don't you have freeradius-utils already. .. which contains radtest etc which is very useful for admins Yes, my bad, sorry, not enough coffee. John -- jden...@redhat.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: [ANN] Version 3.0.0-rc0
Sorry John, But you do have a tools package. It's called freeradius-utils. :-) I'd guess radattr probably fits nicely into that. Stefan From: freeradius-users-bounces+stefan.paetow=diamond.ac...@lists.freeradius.org [freeradius-users-bounces+stefan.paetow=diamond.ac...@lists.freeradius.org] on behalf of John Dennis [jden...@redhat.com] Sent: Wednesday, July 17, 2013 5:47 PM To: FreeRadius users mailing list Cc: Alan DeKok Subject: Re: [ANN] Version 3.0.0-rc0 On 07/17/2013 12:26 PM, Alan DeKok wrote: John Dennis wrote: The following are installed in either /bin or /usr/sbin but there are no corresponding man pages. Every command installed needs to have a man page. dhcpclient radattr Hmm... those two probably shouldn't be installed. They're really only for testing. Can the spec file just ignore them? Sure it's no problem for the spec file to ignore them but I'm wondering if they are valuable for testing won't others find them useful too? If so shouldn't we keep them and add a man page? Right now we don't have a tools subpackage, this is common for other large packages. A tools subpackage contains useful commands for admins and developers which are not necessary for running the basic package. Perhaps 3.0 is a good time to introduce a tools package and move some of this stuff into tools making it an optional install. This would also bring freeradius in line with other packages. Comments? John - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- This e-mail and any attachments may contain confidential, copyright and or privileged material, and are for the use of the intended addressee only. If you are not the intended addressee or an authorised recipient of the addressee please notify us of receipt by returning the e-mail and do not use, copy, retain, distribute or disclose the information in or attached to the e-mail. Any opinions expressed within this e-mail are those of the individual and not necessarily of Diamond Light Source Ltd. Diamond Light Source Ltd. cannot guarantee that this e-mail or any attachments are free from viruses and we cannot accept liability for any damage which you may sustain as a result of software viruses which may be transmitted in or with the message. Diamond Light Source Limited (company no. 4375679). Registered in England and Wales with its registered office at Diamond House, Harwell Science and Innovation Campus, Didcot, Oxfordshire, OX11 0DE, United Kingdom - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [ANN] Version 3.0.0-rc0
On 17 Jul 2013, at 22:42, stefan.pae...@diamond.ac.uk wrote: Sorry John, But you do have a tools package. It's called freeradius-utils. :-) I'd guess radattr probably fits nicely into that. No it's part of the internal test framework. It's really of absolutely no use to anyone except developers. Really, really, were not making it up. -Arran Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius-Users Digest, Vol 99, Issue 55
Hi all, Really appreciate all your kind supports and helps very much. Alan..I didn't meant to be inaccurate about describing my situation...I just don't want to blur my question with too many details. Well, I think I didn't keep the balance well. If let you feel bad, I'm very sorry about that. Then you mentioned keeping information in the gateway...in fact, it's a long story.. Anyway, I agree the most part of your point. However, in some kind of situation, I almost can't avoid that. Like this time, due to lacking of supporting on another mandatory attribute(Chargeable-User-Identity) that external AAA needs in our wi-fi gateway, we decide to make this workaround without database. The less database transaction, the better solution it would be. This is the principle we follow on the implementation of RADIUS Proxy server. Our proxy server is like a guard who should check and make many policy or criteria before requests are proxied out. So we do our most effort to prevent us from relying on database. And Thank to Olivier! I've been desired to try 3.0.0 for a long time, while there isn't a good chance for. I've found some new and helpful features in 3.0.0 about Unlang, but never experience them yet. The functions you mention are really helpful. Maybe I should start to plan migrating to 3.0.0. And also thanks for SerpentoR, but unfortunately I can't know which index of Class array is what I want, and even cannot sure about how many items in Class array. So such like foreach could be my need for solving this problem. Thanks for all respondents again! Sincerely, Okis. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Delete one value of multiple attribute(Class)
Hi all, Really appreciate all your kind supports and helps very much. Alan..I didn't meant to be inaccurate about describing my situation...I just don't want to blur my question with too many details. Well, I think I didn't keep the balance well. If let you feel bad, I'm very sorry about that. Then you mentioned keeping information in the gateway...in fact, it's a long story.. Anyway, I agree the most part of your point. However, in some kind of situation, I almost can't avoid that. Like this time, due to lacking of supporting on another mandatory attribute(Chargeable-User-Identity) that external AAA needs in our wi-fi gateway, we decide to make this workaround without database. The less database transaction, the better solution it would be. This is the principle we follow on the implementation of RADIUS Proxy server. Our proxy server is like a guard who should check and make many policy or criteria before requests are proxied out. So we do our most effort to prevent us from relying on database. And Thank to Olivier! I've been desired to try 3.0.0 for a long time, while there isn't a good chance for. I've found some new and helpful features in 3.0.0 about Unlang, but never experience them yet. The functions you mention are really helpful. Maybe I should start to plan migrating to 3.0.0. And also thanks for SerpentoR, but unfortunately I can't know which index of Class array is what I want, and even cannot sure about how many items in Class array. So such like foreach could be my need for solving this problem. Thanks for all respondents again! Sincerely, Okis. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html