Re: radwho: No configuration information in radutmp section of radiusd.conf
On Mon, Nov 19, 2012 at 2:28 PM, Angel L. Mateo ama...@um.es wrote: accounting { detail unix #radutmp Well, that won't help. You're trying to use radwho, but aren't logging accounting information. That means radwho will NEVER show you anything. I'm not sure about this. I have tried configuration with radutmp line commented and uncommented. But the fact is that radwho is loggin information, because radutmp is updated and if I use radwho -F file then I can see is not empty. That's odd. The only thing writing the utmp file should be accounting section. Did you perhaps forgot to restart the server after making the change? Anyway, from a quick glance at radwho, the relevant change is probably https://github.com/FreeRADIUS/freeradius-server/commit/41960ed2 . If you know how to reverese a patch and build from source, you can try reverting the patch (direct patch link: https://github.com/FreeRADIUS/freeradius-server/commit/41960ed2.diff) and see if it helps. I'm assuming you have a non-empty utmp file already? If it works, then you found a bug and pinpoint the source. If it doesn't, then it's something else. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho: No configuration information in radutmp section of radiusd.conf
El 19/11/12 09:15, Fajar A. Nugraha escribió: On Mon, Nov 19, 2012 at 2:28 PM, Angel L. Mateo ama...@um.es wrote: accounting { detail unix #radutmp Well, that won't help. You're trying to use radwho, but aren't logging accounting information. That means radwho will NEVER show you anything. I'm not sure about this. I have tried configuration with radutmp line commented and uncommented. But the fact is that radwho is loggin information, because radutmp is updated and if I use radwho -F file then I can see is not empty. That's odd. The only thing writing the utmp file should be accounting section. Did you perhaps forgot to restart the server after making the change? Anyway, from a quick glance at radwho, the relevant change is probably https://github.com/FreeRADIUS/freeradius-server/commit/41960ed2 . If you know how to reverese a patch and build from source, you can try reverting the patch (direct patch link: https://github.com/FreeRADIUS/freeradius-server/commit/41960ed2.diff) and see if it helps. I'm assuming you have a non-empty utmp file already? If it works, then you found a bug and pinpoint the source. If it doesn't, then it's something else. Same configuration, with freeradius 2.2.0 but using radwho from 2.1.8 works. Instead of revert patching the file, I have copied radwho command from previous folders, and it works without any problem. So it seems that the problem is that now -F options is mandatory instead of optional. If this was the only problem, it wouldn't be any problem, but I'm having the same problem with radzap: /usr/bin/radzap -P 131833856 -u user -N ip localhost secret radwho: No configuration information in radutmp section of radiusd.conf! This same configuration with previous versions of radius works without any problem. -- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868889150 Fax: 86337 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho: No configuration information in radutmp section of radiusd.conf
On Mon, Nov 19, 2012 at 4:25 PM, Angel L. Mateo ama...@um.es wrote: Same configuration, with freeradius 2.2.0 but using radwho from 2.1.8 works. Instead of revert patching the file, I have copied radwho command from previous folders, and it works without any problem. So it seems that the problem is that now -F options is mandatory instead of optional. At least you determined that it was a regression. The next step depends on whether a developer cares enough to fix this problem quickly. Of course it would be quicker if you could determine which changeset caused the regresession, or (even better) provide a patch to fix this :) If this was the only problem, it wouldn't be any problem, but I'm having the same problem with radzap: /usr/bin/radzap -P 131833856 -u user -N ip localhost secret radwho: No configuration information in radutmp section of radiusd.conf! This same configuration with previous versions of radius works without any problem. radzap is now a wrapper around radwho and radclient. If you say previos version's radwho can be used as-is as a simple drop-in, then the workaround should be to just rename or move 2.2.0-version somewhere else and put the working 2.1.x's version in your path. Personally, I don't use either radwho or radzap. I just use sql, plus some modified queries to automatically invalidate old sessions (e.g. since we use 1-hour interim-update interval, any accounting records that is not in stopped state that is over 2 hour old can be considered invalid). Hope you find the best solution. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho: No configuration information in radutmp section of radiusd.conf
El 16/11/12 17:03, Alan DeKok escribió: Angel L. Mateo wrote: Hello, I have a problem with radwho since I upgraded from 2.1.10 to 2.2.0. The same configuration (I'm trying now the default configuration installed from ubuntu packages) works with version 2.1.10 and not with 2.2.0. The error I get is; radwho: No configuration information in radutmp section of radiusd.conf You need to have a modules section, with radutmp listed in it. In my modules section I have modules { ... $INCLUDE ${confdir}/modules/ .. } and I have a file ${confdir}/modules/radutmp with content: radutmp { filename = ${logdir}/radutmp username = %{User-Name} case_sensitive = yes check_with_nas = yes perm = 0600 callerid = yes } My config (for default virtual server) is: Which doesn't really help. What's in the modules directory? accounting { detail unix #radutmp Well, that won't help. You're trying to use radwho, but aren't logging accounting information. That means radwho will NEVER show you anything. I'm not sure about this. I have tried configuration with radutmp line commented and uncommented. But the fact is that radwho is loggin information, because radutmp is updated and if I use radwho -F file then I can see is not empty. -- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868889150 Fax: 86337 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radwho: No configuration information in radutmp section of radiusd.conf
Hello, I have a problem with radwho since I upgraded from 2.1.10 to 2.2.0. The same configuration (I'm trying now the default configuration installed from ubuntu packages) works with version 2.1.10 and not with 2.2.0. The error I get is; radwho: No configuration information in radutmp section of radiusd.conf My config (for default virtual server) is: authorize { preprocess chap mschap suffix eap { ok = return } unix files expiration logintime pap } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } unix eap } preacct { preprocess suffix files } accounting { detail unix #radutmp attr_filter.accounting_response } # Session database, used for checking Simultaneous-Use. Either the radutmp # or rlm_sql module can handle this. # The rlm_sql module is *much* faster session { radutmp # # See Simultaneous Use Checking Queries in sql.conf # sql } post-auth { exec Post-Auth-Type REJECT { attr_filter.access_reject } } pre-proxy { } # # When the server receives a reply to a request it proxied # to a home server, the request may be massaged here, in the # post-proxy stage. # post-proxy { eap } I have tried it enabling and disabling radutmp in accounting section. As I have already said, this same configuration works with 2.1.8 (default ubuntu package) but not with 2.2.0. Any idea? -- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868889150 Fax: 86337 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho: No configuration information in radutmp section of radiusd.conf
Angel L. Mateo wrote: Hello, I have a problem with radwho since I upgraded from 2.1.10 to 2.2.0. The same configuration (I'm trying now the default configuration installed from ubuntu packages) works with version 2.1.10 and not with 2.2.0. The error I get is; radwho: No configuration information in radutmp section of radiusd.conf You need to have a modules section, with radutmp listed in it. My config (for default virtual server) is: Which doesn't really help. What's in the modules directory? accounting { detail unix #radutmp Well, that won't help. You're trying to use radwho, but aren't logging accounting information. That means radwho will NEVER show you anything. session { radutmp Which again does nothing, because the radutmp file will be empty. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: /etc/raddb/radiusd.conf[249]: Error binding to port for :: port 1812
Dougan, Linda A wrote: I just upgraded to net-dialup/freeradius-2.1.7 Upgrade to 2.1.10. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: /etc/raddb/radiusd.conf[249]: Error binding to port for :: port 1812
Hi, You can recheck the same with ps-ef with grep, may be some process is still there, if you get then kill it or you can try netstat to check for which service 1812 is used for. Regards, Pradyumna On Fri, May 20, 2011 at 3:02 PM, Dougan, Linda A douga...@gru.com wrote: I just upgraded to net-dialup/freeradius-2.1.7 on a* gentoo* linux server. I have already checked to see if there is anything listening on port 1812 including freeradius and there is nothing on that port. Any help would be greatly appreciated. This is my radiusd-X output. FreeRADIUS Version 2.1.7, for host i686-pc-linux-gnu, built on May 12 2011 at 10:43:07 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/raddb/radiusd.conf including configuration file /etc/raddb/proxy.conf including configuration file /etc/raddb/clients.conf including files in directory /etc/raddb/modules/ including configuration file /etc/raddb/modules/cui including configuration file /etc/raddb/modules/pam including configuration file /etc/raddb/modules/pap including configuration file /etc/raddb/modules/otp including configuration file /etc/raddb/modules/chap including configuration file /etc/raddb/modules/echo including configuration file /etc/raddb/modules/exec including configuration file /etc/raddb/modules/expr including configuration file /etc/raddb/modules/ldap including configuration file /etc/raddb/modules/krb5 including configuration file /etc/raddb/modules/perl including configuration file /etc/raddb/modules/unix including configuration file /etc/raddb/modules/inner-eap including configuration file /etc/raddb/modules/radutmp including configuration file /etc/raddb/modules/counter including configuration file /etc/raddb/modules/acct_unique including configuration file /etc/raddb/modules/files including configuration file /etc/raddb/modules/realm including configuration file /etc/raddb/modules/wimax including configuration file /etc/raddb/modules/mac2vlan including configuration file /etc/raddb/modules/linelog including configuration file /etc/raddb/modules/sqlcounter_expire_on_login including configuration file /etc/raddb/modules/detail.example.com including configuration file /etc/raddb/modules/checkval including configuration file /etc/raddb/modules/logintime including configuration file /etc/raddb/modules/sql_log including configuration file /etc/raddb/modules/sradutmp including configuration file /etc/raddb/modules/always including configuration file /etc/raddb/modules/attr_rewrite including configuration file /etc/raddb/modules/krb5 including configuration file /etc/raddb/modules/perl including configuration file /etc/raddb/modules/unix including configuration file /etc/raddb/modules/inner-eap including configuration file /etc/raddb/modules/radutmp including configuration file /etc/raddb/modules/counter including configuration file /etc/raddb/modules/acct_unique including configuration file /etc/raddb/modules/files including configuration file /etc/raddb/modules/realm including configuration file /etc/raddb/modules/wimax including configuration file /etc/raddb/modules/mac2vlan including configuration file /etc/raddb/modules/linelog including configuration file /etc/raddb/modules/sqlcounter_expire_on_login including configuration file /etc/raddb/modules/detail.example.com including configuration file /etc/raddb/modules/checkval including configuration file /etc/raddb/modules/logintime including configuration file /etc/raddb/modules/sql_log including configuration file /etc/raddb/modules/sradutmp including configuration file /etc/raddb/modules/always including configuration file /etc/raddb/modules/attr_rewrite including configuration file /etc/raddb/modules/detail including configuration file /etc/raddb/modules/digest including configuration file /etc/raddb/modules/ippool including configuration file /etc/raddb/modules/mac2ip including configuration file /etc/raddb/modules/mschap including configuration file /etc/raddb/modules/smbpasswd including configuration file /etc/raddb/modules/passwd including configuration file /etc/raddb/modules/policy including configuration file /etc/raddb/modules/smsotp including configuration file /etc/raddb/modules/etc_group including configuration file /etc/raddb/modules/preprocess including configuration file /etc/raddb/modules/attr_filter including configuration file /etc/raddb/modules/detail.log including configuration file /etc/raddb/modules/expiration including configuration file /etc/raddb/eap.conf including configuration file /etc/raddb/sql.conf including configuration
Radiusd.conf
Hello I have a question: I want to configure the radiusd.conf, here es my problem there es two radiusd.conf in diferent paths /usr/local/etc/raddb/radiusd.conf and /root/freeradius-server-2.1.9/raddb/radiusd.conf. which configuration file should I use... is there a manual to configure this module??? Thank You Samuel I. Barriga - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radiusd.conf
Hi, Hello I have a question: I want to configure the radiusd.conf, here es my problem there es two radiusd.conf in diferent paths /usr/local/etc/raddb/radiusd.conf and /root/freeradius-server-2.1.9/raddb/radiusd.conf. which configuration file should I use... is there a manual to configure this module??? the one in /root seems to be the install archive. when you run radiusd, what command do you use, what is your $PATH variable set to and what does the output of radiusd -X say it is using? should be fairly obvious alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radiusd.conf
Am 15.09.2010 um 20:10 schrieb Samuel Isaias Barriga Perez: Hello I have a question: I want to configure the radiusd.conf, here es my problem there es two radiusd.conf in diferent paths /usr/local/ etc/raddb/radiusd.conf and /root/freeradius-server-2.1.9/raddb/ radiusd.conf. which configuration file should I use... is there a manual to configure this module??? Is /root/freeradius-server-2.1.9 thr directory where you (self-)compiled the source code? Then everything in /usr/local/etc/ raddb/ was probably installed and that is the configuration file that you should use. As for documentation, partially it is inside the configuration files, some in the man pages. See also the tetxt files beside the source code, if you have compiled yourself. Thank You Samuel I. Barriga - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Have a nice day! Nicolas Goutte extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany Geschäftsführer: Lars Busch Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
/etc/freeradius/radiusd.conf[236]: Error binding to port for 0.0.0.0 port 1812
Dear sir, I had installed freeradius on ubuntu 9.04, but got an error when applying the command : freeradius -X the result of freeradius -X command as per attachement file. Your attention and help would be highly appreciated. Thanks best regards, Edi Sujono FreeRADIUS Version 2.1.0, for host i486-pc-linux-gnu, built on Apr 30 2009 at 07:22:56 Copyright (C) 1999-2008 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/modules/ including configuration file /etc/freeradius/modules/sradutmp including configuration file /etc/freeradius/modules/counter including configuration file /etc/freeradius/modules/detail.example.com including configuration file /etc/freeradius/modules/wimax including configuration file /etc/freeradius/modules/detail including configuration file /etc/freeradius/modules/krb5 including configuration file /etc/freeradius/modules/mac2vlan including configuration file /etc/freeradius/modules/unix including configuration file /etc/freeradius/modules/inner-eap including configuration file /etc/freeradius/modules/expiration including configuration file /etc/freeradius/modules/realm including configuration file /etc/freeradius/modules/preprocess including configuration file /etc/freeradius/modules/expr including configuration file /etc/freeradius/modules/smbpasswd including configuration file /etc/freeradius/modules/attr_rewrite including configuration file /etc/freeradius/modules/always including configuration file /etc/freeradius/modules/etc_group including configuration file /etc/freeradius/modules/detail.log including configuration file /etc/freeradius/modules/pap including configuration file /etc/freeradius/modules/linelog including configuration file /etc/freeradius/modules/digest including configuration file /etc/freeradius/modules/attr_filter including configuration file /etc/freeradius/modules/exec including configuration file /etc/freeradius/modules/acct_unique including configuration file /etc/freeradius/modules/pam including configuration file /etc/freeradius/modules/checkval including configuration file /etc/freeradius/modules/radutmp including configuration file /etc/freeradius/modules/policy including configuration file /etc/freeradius/modules/ldap including configuration file /etc/freeradius/modules/chap including configuration file /etc/freeradius/modules/echo including configuration file /etc/freeradius/modules/mschap including configuration file /etc/freeradius/modules/passwd including configuration file /etc/freeradius/modules/ippool including configuration file /etc/freeradius/modules/files including configuration file /etc/freeradius/modules/logintime including configuration file /etc/freeradius/modules/sql_log including configuration file /etc/freeradius/modules/mac2ip including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/sql.conf including configuration file /etc/freeradius/sql/mysql/dialup.conf including configuration file /etc/freeradius/sql/mysql/counter.conf including configuration file /etc/freeradius/policy.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/default including configuration file /etc/freeradius/sites-enabled/inner-tunnel including dictionary file /etc/freeradius/dictionary main { prefix = /usr localstatedir = /var logdir = /var/log/freeradius libdir = /usr/lib/freeradius radacctdir = /var/log/freeradius/radacct hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 allow_core_dumps = no pidfile = /var/run/freeradius/freeradius.pid checkrad = /usr/sbin/checkrad debug_level = 0 proxy_requests = no log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = testing123 shortname = localhost nastype = other } radiusd: Loading Realms and Home Servers proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = auth secret = testing123 response_window = 20 max_outstanding = 65536
Re: /etc/freeradius/radiusd.conf[236]: Error binding to port for 0.0.0.0 port 1812
Hi, Failed binding to socket: Address already in use /etc/freeradius/radiusd.conf[236]: Error binding to port for 0.0.0.0 port 1812 fairly obvious - somethings already running on that port. suggest that the system is already starting the daemon... use the system scripts to stop the process (eg /etc/init.d/freeradius2 stop or such) or killall radiusd netatst -anp | grep 1812 will show the name of the process using port 1812 once nothing is on that port, you can use it with radiusd -X alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: /etc/freeradius/radiusd.conf[236]: Error binding to port for 0.0.0.0 port 1812
--- Pada Rab, 28/7/10, Alan Buxey a.l.m.bu...@lboro.ac.uk menulis: Dari: Alan Buxey a.l.m.bu...@lboro.ac.uk Judul: Re: /etc/freeradius/radiusd.conf[236]: Error binding to port for 0.0.0.0 port 1812 Kepada: FreeRadius users mailing list freeradius-users@lists.freeradius.org Cc: Edi Sujono edisujo...@gmail.com Tanggal: Rabu, 28 Juli, 2010, 6:01 PM Hi, Failed binding to socket: Address already in use /etc/freeradius/radiusd.conf[236]: Error binding to port for 0.0.0.0 port 1812 fairly obvious - somethings already running on that port. suggest that the system is already starting the daemon... use the system scripts to stop the process (eg /etc/init.d/freeradius2 stop or such) or killall radiusd netatst -anp | grep 1812 will show the name of the process using port 1812 once nothing is on that port, you can use it with radiusd -X alan - Yes... thank you Alan, my freeradius is now running. thanks best regards Edi - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
how to change the radiusd.conf file to fit mysql database?
hi, friends i install freereadius 2.1.7. i follow the instruction as follow: radiusd.conf Find the “authorize” section (near the bottom) and add “sql” (no quotes) between “suffix” and “files”. Comment out “files” by putting a # in front of it. Do the same to “suffix”. Find the “accounting” section (a bit underneath the authorize section) and place the word “sql” (without quotes” between “unix” and radutmp” but i cant find the authorize or suffix key words in the radius.conf file. do you know where is it to set for mysql? Thanks! -- Regards, Sucan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to change the radiusd.conf file to fit mysql database?
hi. In new version you will find it in sites-available/default file. Regards, Saeed Akhtar On Thu, Dec 17, 2009 at 2:35 PM, Zhang Shukun bit...@gmail.com wrote: hi, friends i install freereadius 2.1.7. i follow the instruction as follow: radiusd.conf Find the “authorize” section (near the bottom) and add “sql” (no quotes) between “suffix” and “files”. Comment out “files” by putting a # in front of it. Do the same to “suffix”. Find the “accounting” section (a bit underneath the authorize section) and place the word “sql” (without quotes” between “unix” and radutmp” but i cant find the authorize or suffix key words in the radius.conf file. do you know where is it to set for mysql? Thanks! -- Regards, Sucan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
error too many open files error reading radiusd.conf
[r...@ws11 ws11]# radiusd -x Starting - reading configuration files ... Errors reading dictionary: dict_init: /usr/share/freeradius/dictionary[55]: Couldn't open dictionary /usr/share/freeradius/dictionary.compat: Too many open files Errors reading radiusd.conf I already adjusted the limit of my system [r...@ws11 ws11]# ulimit -aH core file size (blocks, -c) unlimited data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 8176 max locked memory (kbytes, -l) 32 max memory size (kbytes, -m) unlimited open files (-n) 2048 pipe size(512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) unlimited cpu time (seconds, -t) unlimited max user processes (-u) 8176 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited but still end up with the same problem -- ICQ# 209485063 YM: kuroro.rucil...@yahoo.com MSN: angelse...@hotmail.com AIM: SevarSS http://www.pie.us - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: error too many open files error reading radiusd.conf
Open files 2048 ?? Man LSOF ?? Regards, E:S From: freeradius-users-bounces+edvin.seferovic=kolp...@lists.freeradius.org [mailto:freeradius-users-bounces+edvin.seferovic=kolp...@lists.freeradius.or g] On Behalf Of Angel Rivera Sent: Dienstag, 28. April 2009 00:51 To: freeradius-users@lists.freeradius.org Subject: error too many open files error reading radiusd.conf [r...@ws11 ws11]# radiusd -x Starting - reading configuration files ... Errors reading dictionary: dict_init: /usr/share/freeradius/dictionary[55]: Couldn't open dictionary /usr/share/freeradius/dictionary.compat: Too many open files Errors reading radiusd.conf I already adjusted the limit of my system [r...@ws11 ws11]# ulimit -aH core file size (blocks, -c) unlimited data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 8176 max locked memory (kbytes, -l) 32 max memory size (kbytes, -m) unlimited open files (-n) 2048 pipe size(512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) unlimited cpu time (seconds, -t) unlimited max user processes (-u) 8176 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited but still end up with the same problem -- ICQ# 209485063 YM: kuroro.rucil...@yahoo.com MSN: angelse...@hotmail.com AIM: SevarSS http://www.pie.us - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
too many open files error reading radiusd.conf (was Re: Freeradius-Users Digest, Vol 48, Issue 116)
On Tue, 2009-04-28 at 11:22 +0800, Angel Rivera wrote [r...@ws11 ws11]# radiusd -x Starting - reading configuration files ... Errors reading dictionary: dict_init: /usr/share/freeradius/dictionary[55]: Couldn't open dictionary /usr/share/freeradius/dictionary.compat: Too many open files Errors reading radiusd.conf Is it possible that you have a recursive inclusion in your conf file? Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) +61-2-64957160 (h) http://www.biplane.com.au/~kauer/ +61-428-957160 (mob) GPG fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF signature.asc Description: This is a digitally signed message part - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP login failed: check identity, password settings in ldap section of radiusd.conf, (re)connection attempt failed
ldap { server = localhost identity = cn=ManagerĄAdc=nchcĄAdc=orgĄAdc=tw password = hsuan .. rlm_ldap: bind as cn=Manager??dc=nchc??dc=org??dc=tw/hsuan to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf rlm_ldap: (re)connection attempt failed Nothing misterious now. Looks like that identity is wrong (strange characters). Use english keyboard to type those details. Or is it my mail client? Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf
Dear Kalik : I am sorry ! I don't know what are you talking about ? Can you make it clear for me ? thank you very much ! Regards, Vicky -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Sunday, November 23, 2008 7:41 AM To: FreeRadius users mailing list Subject: **SPAM MAIL by NCHC** RE: rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf I have check the file (in raddb/modules/ldap), the config file is set the ldap section as follows : ldap { server = localhost identity = cn=ManagerĄAdc=exampleĄAdc=orgĄAdc=tw password = hsuan basedn = dc= exampleĄAdc=orgĄAdc=tw filter = ((!(objectClass=alias))(uid=%{Stripped-User-Name:-%{User-Name}})) start_tls = no dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 ldap_connections_number = 5 password_header = {crypt} password_attribute =User-Password timeout = 4 timelimit = 3 net_timeout = 1 } But still have the error message rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf That's not the configuration file your server is using. You probably have multiple freeradius installations and you are not starting this one. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf
I am sorry ! I don't know what are you talking about ? Can you make it clear for me ? thank you very much ! You have more than one freeradius installation. Freeradius instance that you are running is not using the configuration files you are changing. There is probably a default installation for the Linux distribution you are using and the one you have downloaded from freeradius. You are running the first one and changing the files for the second one. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
LDAP login failed: check identity, password settings in ldap section of radiusd.conf, (re)connection attempt failed
Hi all : I have install freeradius-server-2.1.1 and I want use LDAP to do authentication. I have set the radiusd configuration file (/usr/local/etc/raddb/radius.conf) about ldap information as follows : ldap { server = localhost identity = cn=Manager,dc=nchc,dc=org,dc=tw password = hsuan basedn = dc=nchc,dc=org,dc=tw filter = ((!(objectClass=alias))(uid=%{Stripped-User-Name:-%{User-Name}})) start_tls = no dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 ldap_connections_number = 5 password_header = {crypt} password_attribute =User-Password timeout = 4 timelimit = 3 net_timeout = 1 } But when I using “radius -X” to start the radius server ,and in the client I using “radtest ldapuser ldapuser radius_server_ip 0 secret” , The server shown the message : [ldap] performing user authorization for ldapuser [ldap] WARNING: Deprecated conditional expansion :-. See man unlang for details [ldap] expand: ((!(objectClass=alias))(uid=%{Stripped-User-Name:-%{User-Name}})) - ((!(objectClass=alias))(uid=ldapuser)) [ldap] expand: dc=nchc??dc=org??dc=tw - dc=nchc??dc=org??dc=tw rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to localhost:389, authentication 0 rlm_ldap: bind as cn=Manager??dc=nchc??dc=org??dc=tw/hsuan to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf rlm_ldap: (re)connection attempt failed [ldap] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns fail Invalid user: [ldapuser/ldapuser] (from client my_radius_client_pc port 0) Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - ldapuser attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 3 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 3 Sending Access-Reject of id 128 to 192.168.2.1 port 49351 Waking up in 4.9 seconds. Cleaning up request 3 ID 128 with timestamp +135542 Then the client receive the “rad_recv: Access-Reject packet from host 192.168.2.1 port 1812, id=22, length=20” What’s the problem ? how can I fix the error ? Regards, Vicky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf
Dear all : I have check the file (in raddb/modules/ldap), the config file is set the ldap section as follows : ldap { server = localhost identity = cn=ManagerĄAdc=exampleĄAdc=orgĄAdc=tw password = hsuan basedn = dc= exampleĄAdc=orgĄAdc=tw filter = ((!(objectClass=alias))(uid=%{Stripped-User-Name:-%{User-Name}})) start_tls = no dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 ldap_connections_number = 5 password_header = {crypt} password_attribute =User-Password timeout = 4 timelimit = 3 net_timeout = 1 } But still have the error message rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf Regards, Vicky -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Saturday, November 22, 2008 1:06 AM To: FreeRadius users mailing list Subject: RE: rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf I have set the radius.conf about ldap as follows : ldap { server = localhost identity = cn=ManagerĄAdc=exampleĄAdc=orgĄAdc=tw password = hsuan basedn = dc= exampleĄAdc=orgĄAdc=tw filter = ((!(objectClass=alias))(uid=%{Stripped-User-Name:-%{User-Name}})) start_tls = no dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 ldap_connections_number = 5 password_header = {crypt} password_attribute =User-Password timeout = 4 timelimit = 3 net_timeout = 1 } Not in the config file your server is reading. You have been told where to fix this (in raddb/modules/ldap). Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf
I have check the file (in raddb/modules/ldap), the config file is set the ldap section as follows : ldap { server = localhost identity = cn=ManagerĄAdc=exampleĄAdc=orgĄAdc=tw password = hsuan basedn = dc= exampleĄAdc=orgĄAdc=tw filter = ((!(objectClass=alias))(uid=%{Stripped-User-Name:-%{User-Name}})) start_tls = no dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 ldap_connections_number = 5 password_header = {crypt} password_attribute =User-Password timeout = 4 timelimit = 3 net_timeout = 1 } But still have the error message rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf That's not the configuration file your server is using. You probably have multiple freeradius installations and you are not starting this one. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf
Hi all : I have install freeradius-server-2.1.1 and I want use LDAP to do authentication. But when I using radius -X to start the radius server ,and in the client I using radtest ldapuser ldapuser radius_server_ip 0 secret , The server shown the message : rad_recv: Access-Request packet from host radius_client_ip port 35833, id=168, length=60 User-Name = ldapuser User-Password = ldapuser NAS-IP-Address = 127.0.0.1 NAS-Port = 0 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = ldapuser, looking up realm NULL [suffix] Found realm NULL [suffix] Adding Realm = NULL [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[unix] returns updated [sql] expand: %{User-Name} - ldapuser [sql] sql_set_user escaped user -- 'ldapuser' rlm_sql (sql): Reserving sql socket id: 2 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'ldapuser' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority - SELECT groupname FROM radusergroup WHERE username = 'ldapuser' ORDER BY priority rlm_sql (sql): Released sql socket id: 2 [sql] User ldapuser not found ++[sql] returns notfound [ldap] performing user authorization for ldapuser [ldap] WARNING: Deprecated conditional expansion :-. See man unlang for details [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) - (uid=ldapuser) [ldap] expand: o=My Org,c=UA - o=My Org,c=UA rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to localhost:389, authentication 0 rlm_ldap: bind as cn=Manager,o=My Org,c=UA/hsuan to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf rlm_ldap: (re)connection attempt failed [ldap] search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns fail Invalid user: [ldapuser/ldapuser] (from client my_radius_client_pc port 0) Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - ldapuser attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 2 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 2 Sending Access-Reject of id 168 to radius_server_ip port 35833 Waking up in 4.9 seconds. Cleaning up request 2 ID 168 with timestamp +1020 The error looks like rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf rlm_ldap: (re)connection attempt failed , what's the problem ?? Regards, Vicky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf
rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf Slightly missleading - should say: rlm_ldap: LDAP login failed: check identity, password settings in ldap module configuration - raddb/modules/ldap You haven't configured ldap module. Debug is showing default settings. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
unlang (was: switch/case in radiusd.conf)
man unlang Oh, this seems to be new in 2.x. Would be nice if this was documented somewhere on the Website. Or am I simply too stupid to find the documentation? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: unlang (was: switch/case in radiusd.conf)
Would be nice if this was documented somewhere on the Website. Or am I simply too stupid to find the documentation? http://freeradius.org/radiusd/man/unlang.html Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf
Dear all: I have set the radius.conf about ldap as follows : ldap { server = localhost identity = cn=Manager,dc=example,dc=org,dc=tw password = hsuan basedn = dc= example,dc=org,dc=tw filter = ((!(objectClass=alias))(uid=%{Stripped-User-Name:-%{User-Name}})) start_tls = no dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 ldap_connections_number = 5 password_header = {crypt} password_attribute =User-Password timeout = 4 timelimit = 3 net_timeout = 1 } Regards, Vicky -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, November 21, 2008 6:44 PM To: FreeRadius users mailing list Subject: Re: rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf Slightly missleading - should say: rlm_ldap: LDAP login failed: check identity, password settings in ldap module configuration - raddb/modules/ldap You haven't configured ldap module. Debug is showing default settings. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf
I have set the radius.conf about ldap as follows : ldap { server = localhost identity = cn=ManagerĄAdc=exampleĄAdc=orgĄAdc=tw password = hsuan basedn = dc= exampleĄAdc=orgĄAdc=tw filter = ((!(objectClass=alias))(uid=%{Stripped-User-Name:-%{User-Name}})) start_tls = no dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 ldap_connections_number = 5 password_header = {crypt} password_attribute =User-Password timeout = 4 timelimit = 3 net_timeout = 1 } Not in the config file your server is reading. You have been told where to fix this (in raddb/modules/ldap). Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
switch/case in radiusd.conf (was: ldap backend and Realm)
switch %{Realm} { case domain1 { I'm admittedly feeling totally stupid, but is this syntax documented anywhere? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: switch/case in radiusd.conf (was: ldap backend and Realm)
man unlang Ken On Tue, Nov 18, 2008 at 01:51:11PM +0100, Edgar Fu? wrote: switch %{Realm} { case domain1 { I'm admittedly feeling totally stupid, but is this syntax documented anywhere? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radiusd -x gives error Errors reading /usr/local/etc/raddb/radiusd.conf
Hi all: I have check my raddb directory. The file proxy.conf is in raddb directory. Then I have re- download the radius code and copy file radius.conf from radiusd-version/raddb to /usr/local/etc/raddb/. But when I start the radius server using radiusd -x I got the same error. Please tell me how to solve the problem ? Thanks for any help Regards Vicky From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Yawar Hadi Sent: Thursday, November 06, 2008 3:55 PM To: FreeRadius users mailing list Subject: Re: radiusd -x gives error Errors reading /usr/local/etc/raddb/radiusd.conf ARE YOU FACING THIS PROBLEM as i am testing yous radiusd.conf file..its showing me thisif u facing this error then probbley u r missign a file proxy.conf file in raddb directoy a one more solution isgo towhere u download the radius code then in raddb directory. like radiusd-version/raddb and copy file radiusd.conf to you usr/local/etc/raddb/ may this solve your problem... radiusd.conf file is changed .. /usr/local/etc/raddb/radiusd.conf[522]: Unable to open file proxy.conf: No such file or directory Errors reading radiusd.conf On Thu, Nov 6, 2008 at 12:45 PM, hsuan [EMAIL PROTECTED] wrote: Hi all : My radius.conf path is /usr/local/etc/raddb/ (attached radius.conf) Do I have to modify the radiusd.conf ? How to modify ? From: [EMAIL PROTECTED] [mailto:freeradius-users-bounces+hsuan mailto:freeradius-users-bounces%2Bhsuan [EMAIL PROTECTED] On Behalf Of Yawar Hadi Sent: Thursday, November 06, 2008 3:27 PM To: FreeRadius users mailing list Subject: Re: radiusd -x gives error Errors reading /usr/local/etc/raddb/radiusd.conf hi , you have changed something in your radiusd.conf file which is not chaged according to the file rules.let check them again and post you changes portion of file in mail to have more resopnses. On Thu, Nov 6, 2008 at 11:46 AM, hsuan [EMAIL PROTECTED] wrote: Hi all: I have installed freeradius-server-2.1.1. when I start the radius server using radiusd -x i get the following error including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/wimax including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/modules/rlm_sql.so /usr/local/etc/raddb/modules/rlm_sql.so[31]: Expecting section start brace '{' after ; P Errors reading /usr/local/etc/raddb/radiusd.conf the radiusd.conf is in /usr/local/etc/raddb/ directory What's the problem with radius.conf ? How can I to solve the problem ? thanx, regards, Vicky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best regards Yawar Hadi Noshahi QAU Islamabad (+92-0300-5504798) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best regards Yawar Hadi Noshahi QAU Islamabad (+92-0300-5504798) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radiusd -x gives error Errors reading /usr/local/etc/raddb/radiusd.conf
Hi all: when I start the radius server using radiusd -x i get the following message : including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/wimax including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/modules/rlm_sql.so /usr/local/etc/raddb/modules/rlm_sql.so[31]: Expecting section start brace '{' after ; P Errors reading /usr/local/etc/raddb/radiusd.conf the radiusd.conf is in /usr/local/etc/raddb/ directory P.s freeradius version : freeradius-server-2.1.1 OS : Centos 5.2 Thanks for any help Regards Vicky From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Yawar Hadi Sent: Thursday, November 06, 2008 4:19 PM To: FreeRadius users mailing list Subject: Re: radiusd -x gives error Errors reading /usr/local/etc/raddb/radiusd.conf Vick can you copy and paste the error msg from console in mailplz so we get some points where is the error..and also mention which version of free radius u are using.. On Thu, Nov 6, 2008 at 1:11 PM, hsuan [EMAIL PROTECTED] wrote: Hi all: I have check my raddb directory. The file proxy.conf is in raddb directory. Then I have re- download the radius code and copy file radius.conf from radiusd-version/raddb to /usr/local/etc/raddb/. But when I start the radius server using radiusd -x I got the same error. Please tell me how to solve the problem ? Thanks for any help Regards Vicky From: [EMAIL PROTECTED] [mailto:freeradius-users-bounces+hsuan mailto:freeradius-users-bounces%2Bhsuan [EMAIL PROTECTED] On Behalf Of Yawar Hadi Sent: Thursday, November 06, 2008 3:55 PM To: FreeRadius users mailing list Subject: Re: radiusd -x gives error Errors reading /usr/local/etc/raddb/radiusd.conf ARE YOU FACING THIS PROBLEM as i am testing yous radiusd.conf file..its showing me thisif u facing this error then probbley u r missign a file proxy.conf file in raddb directoy a one more solution isgo towhere u download the radius code then in raddb directory. like radiusd-version/raddb and copy file radiusd.conf to you usr/local/etc/raddb/ may this solve your problem... radiusd.conf file is changed .. /usr/local/etc/raddb/radiusd.conf[522]: Unable to open file proxy.conf: No such file or directory Errors reading radiusd.conf On Thu, Nov 6, 2008 at 12:45 PM, hsuan [EMAIL PROTECTED] wrote: Hi all : My radius.conf path is /usr/local/etc/raddb/ (attached radius.conf) Do I have to modify the radiusd.conf ? How to modify ? From: [EMAIL PROTECTED] [mailto:freeradius-users-bounces+hsuan mailto:freeradius-users-bounces%2Bhsuan [EMAIL PROTECTED] On Behalf Of Yawar Hadi Sent: Thursday, November 06, 2008 3:27 PM To: FreeRadius users mailing list Subject: Re: radiusd -x gives error Errors reading /usr/local/etc/raddb/radiusd.conf hi , you have changed something in your radiusd.conf file which is not chaged according to the file rules.let check them again and post you changes portion of file in mail to have more resopnses. On Thu, Nov 6, 2008 at 11:46 AM, hsuan [EMAIL PROTECTED] wrote: Hi all: I have installed freeradius-server-2.1.1. when I start the radius server using radiusd -x i get the following error including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/wimax including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/modules/rlm_sql.so /usr/local/etc/raddb/modules/rlm_sql.so[31]: Expecting section start brace '{' after ; P Errors reading /usr/local/etc/raddb/radiusd.conf the radiusd.conf is in /usr/local/etc/raddb/ directory What's the problem with radius.conf ? How can I to solve the problem ? thanx, regards, Vicky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best regards Yawar Hadi Noshahi QAU Islamabad (+92-0300-5504798) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best regards Yawar Hadi Noshahi QAU Islamabad (+92-0300-5504798) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best regards Yawar Hadi Noshahi QAU Islamabad (+92-0300-5504798) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list
Re: radiusd -x gives error Errors reading /usr/local/etc/raddb/radiusd.conf
have u installed the prerequsites of free radius... mysql -client mysql mysql-devel plz check it if u want to add support of db while compiling and installed have a close look on outputon consloe which shows you any error or waning so first u have to iremove it first. On Thu, Nov 6, 2008 at 1:36 PM, hsuan [EMAIL PROTECTED] wrote: Hi all: when I start the radius server using radiusd -x i get the following message : including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/wimax including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/modules/rlm_sql.so /usr/local/etc/raddb/modules/rlm_sql.so[31]: Expecting section start brace '{' after ; P Errors reading /usr/local/etc/raddb/radiusd.conf the radiusd.conf is in /usr/local/etc/raddb/ directory P.s freeradius version : freeradius-server-2.1.1 OS : Centos 5.2 Thanks for any help Regards Vicky *From:* [EMAIL PROTECTED]: freeradius-users-bounces+hsuan freeradius-users-bounces%2Bhsuan= [EMAIL PROTECTED] *On Behalf Of *Yawar Hadi *Sent:* Thursday, November 06, 2008 4:19 PM *To:* FreeRadius users mailing list *Subject:* Re: radiusd -x gives error Errors reading /usr/local/etc/raddb/radiusd.conf Vick can you copy and paste the error msg from console in mailplz so we get some points where is the error..and also mention which version of free radius u are using.. On Thu, Nov 6, 2008 at 1:11 PM, hsuan [EMAIL PROTECTED] wrote: Hi all: I have check my raddb directory. The file proxy.conf is in raddb directory. Then I have re- download the radius code and copy file radius.conf from radiusd-version/raddb to /usr/local/etc/raddb/. But when I start the radius server using radiusd -x I got the same error. Please tell me how to solve the problem ? Thanks for any help Regards Vicky *From:* [EMAIL PROTECTED]: freeradius-users-bounces+hsuan freeradius-users-bounces%2Bhsuan= [EMAIL PROTECTED] *On Behalf Of *Yawar Hadi *Sent:* Thursday, November 06, 2008 3:55 PM *To:* FreeRadius users mailing list *Subject:* Re: radiusd -x gives error Errors reading /usr/local/etc/raddb/radiusd.conf ARE YOU FACING THIS PROBLEM as i am testing yous radiusd.conf file..its showing me thisif u facing this error then probbley u r missign a file proxy.conf file in raddb directoy a one more solution isgo towhere u download the radius code then in raddb directory. like radiusd-version/raddb and copy file radiusd.conf to you usr/local/etc/raddb/ may this solve your problem... radiusd.conf file is changed .. /usr/local/etc/raddb/radiusd.conf[522]: Unable to open file proxy.conf: No such file or directory Errors reading radiusd.conf On Thu, Nov 6, 2008 at 12:45 PM, hsuan [EMAIL PROTECTED] wrote: Hi all : My radius.conf path is /usr/local/etc/raddb/ (attached radius.conf) Do I have to modify the radiusd.conf ? How to modify ? *From:* [EMAIL PROTECTED]: freeradius-users-bounces+hsuan freeradius-users-bounces%2Bhsuan= [EMAIL PROTECTED] *On Behalf Of *Yawar Hadi *Sent:* Thursday, November 06, 2008 3:27 PM *To:* FreeRadius users mailing list *Subject:* Re: radiusd -x gives error Errors reading /usr/local/etc/raddb/radiusd.conf hi , you have changed something in your radiusd.conf file which is not chaged according to the file rules.let check them again and post you changes portion of file in mail to have more resopnses. On Thu, Nov 6, 2008 at 11:46 AM, hsuan [EMAIL PROTECTED] wrote: Hi all: I have installed freeradius-server-2.1.1. when I start the radius server using radiusd -x i get the following error including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/wimax including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/modules/rlm_sql.so /usr/local/etc/raddb/modules/rlm_sql.so[31]: Expecting section start brace '{' after ; P Errors reading /usr/local/etc/raddb/radiusd.conf the radiusd.conf is in /usr/local/etc/raddb/ directory What's the problem with radius.conf ? How can I to solve the problem ? thanx, regards, Vicky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list
RE: radiusd -x gives error Errorsreading /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/wimax including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/modules/rlm_sql.so /usr/local/etc/raddb/modules/rlm_sql.so[31]: Expecting section start brace '{' after ; P What is rlm_sql.so doing in /modules directory? It shouldn't be there. That directory is for module configuration files. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radiusd -x gives error Errorsreading /usr/local/etc/raddb/radiusd.conf
Hi all : When I delete the file rlm_sql.so(/usr/local/etc/raddb/modules),then I start the radius server using radiusd -x i get the following message : Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot open shared object file: No such file or directory Make sure it (and all its dependent libraries!) are in the search path of your s ystem's ld. /usr/local/etc/raddb/sql.conf[22]: Instantiation failed for module sql /usr/local/etc/raddb/sites-enabled/default[152]: Failed to find module sql. /usr/local/etc/raddb/sites-enabled/default[62]: Errors parsing authorize section . } Errors initializing modules What's the problem ? how can I to solve the problem ? Thanks for any help Regards Vicky -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, November 06, 2008 5:47 PM To: FreeRadius users mailing list Subject: RE: radiusd -x gives error Errorsreading /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/wimax including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/modules/rlm_sql.so /usr/local/etc/raddb/modules/rlm_sql.so[31]: Expecting section start brace '{' after ; P What is rlm_sql.so doing in /modules directory? It shouldn't be there. That directory is for module configuration files. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd -x gives error Errorsreading /usr/local/etc/raddb/radiusd.conf
you must have to install mysql mysql-libs mysql-devel in order to add support of mysql before compiling freeradius On Thu, Nov 6, 2008 at 3:08 PM, hsuan [EMAIL PROTECTED] wrote: Hi all : When I delete the file rlm_sql.so(/usr/local/etc/raddb/modules),then I start the radius server using radiusd -x i get the following message : Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot open shared object file: No such file or directory Make sure it (and all its dependent libraries!) are in the search path of your s ystem's ld. /usr/local/etc/raddb/sql.conf[22]: Instantiation failed for module sql /usr/local/etc/raddb/sites-enabled/default[152]: Failed to find module sql. /usr/local/etc/raddb/sites-enabled/default[62]: Errors parsing authorize section . } Errors initializing modules What's the problem ? how can I to solve the problem ? Thanks for any help Regards Vicky -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius-users-bounces+hsuan freeradius-users-bounces%2Bhsuan= [EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, November 06, 2008 5:47 PM To: FreeRadius users mailing list Subject: RE: radiusd -x gives error Errorsreading /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/wimax including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/modules/rlm_sql.so /usr/local/etc/raddb/modules/rlm_sql.so[31]: Expecting section start brace '{' after ; P What is rlm_sql.so doing in /modules directory? It shouldn't be there. That directory is for module configuration files. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best regards Yawar Hadi Noshahi QAU Islamabad (+92-0300-5504798) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radiusd -x gives error Errorsreading /usr/local/etc/raddb/radiusd.conf
Hi all : How can I to install mysql-libs ? Thanks for any help Regards Vicky From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Yawar Hadi Sent: Thursday, November 06, 2008 7:17 PM To: FreeRadius users mailing list Subject: Re: radiusd -x gives error Errorsreading /usr/local/etc/raddb/radiusd.conf you must have to install mysql mysql-libs mysql-devel in order to add support of mysql before compiling freeradius On Thu, Nov 6, 2008 at 3:08 PM, hsuan [EMAIL PROTECTED] wrote: Hi all : When I delete the file rlm_sql.so(/usr/local/etc/raddb/modules),then I start the radius server using radiusd -x i get the following message : Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot open shared object file: No such file or directory Make sure it (and all its dependent libraries!) are in the search path of your s ystem's ld. /usr/local/etc/raddb/sql.conf[22]: Instantiation failed for module sql /usr/local/etc/raddb/sites-enabled/default[152]: Failed to find module sql. /usr/local/etc/raddb/sites-enabled/default[62]: Errors parsing authorize section . } Errors initializing modules What's the problem ? how can I to solve the problem ? Thanks for any help Regards Vicky -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius-users-bounces+hsuan mailto:freeradius-users-bounces%2Bhsuan [EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, November 06, 2008 5:47 PM To: FreeRadius users mailing list Subject: RE: radiusd -x gives error Errorsreading /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/wimax including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/modules/rlm_sql.so /usr/local/etc/raddb/modules/rlm_sql.so[31]: Expecting section start brace '{' after ; P What is rlm_sql.so doing in /modules directory? It shouldn't be there. That directory is for module configuration files. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best regards Yawar Hadi Noshahi QAU Islamabad (+92-0300-5504798) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radiusd -x gives error Errorsreading /usr/local/etc/raddb/radiusd.conf
Hi all : I have install mysql-libs(/usr/lib/mysql) and Package mysql-devel - 5.0.45-7.el5.i386 is already installed by yum install mysql-devel . But when I I start the radius server using radiusd -x i get the following message : Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot open shared object file: No such file or directory Make sure it (and all its dependent libraries!) are in the search path of your s ystem's ld. /usr/local/etc/raddb/sql.conf[22]: Instantiation failed for module sql /usr/local/etc/raddb/sites-enabled/default[152]: Failed to find module sql. /usr/local/etc/raddb/sites-enabled/default[62]: Errors parsing authorize section . } Errors initializing modules What's the problem ? how can I to solve the problem ? Thanks for any help Regards Vicky From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Yawar Hadi Sent: Thursday, November 06, 2008 7:17 PM To: FreeRadius users mailing list Subject: Re: radiusd -x gives error Errorsreading /usr/local/etc/raddb/radiusd.conf you must have to install mysql mysql-libs mysql-devel in order to add support of mysql before compiling freeradius On Thu, Nov 6, 2008 at 3:08 PM, hsuan [EMAIL PROTECTED] wrote: Hi all : When I delete the file rlm_sql.so(/usr/local/etc/raddb/modules),then I start the radius server using radiusd -x i get the following message : Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot open shared object file: No such file or directory Make sure it (and all its dependent libraries!) are in the search path of your s ystem's ld. /usr/local/etc/raddb/sql.conf[22]: Instantiation failed for module sql /usr/local/etc/raddb/sites-enabled/default[152]: Failed to find module sql. /usr/local/etc/raddb/sites-enabled/default[62]: Errors parsing authorize section . } Errors initializing modules What's the problem ? how can I to solve the problem ? Thanks for any help Regards Vicky -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius-users-bounces+hsuan mailto:freeradius-users-bounces%2Bhsuan [EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, November 06, 2008 5:47 PM To: FreeRadius users mailing list Subject: RE: radiusd -x gives error Errorsreading /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/wimax including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/modules/rlm_sql.so /usr/local/etc/raddb/modules/rlm_sql.so[31]: Expecting section start brace '{' after ; P What is rlm_sql.so doing in /modules directory? It shouldn't be there. That directory is for module configuration files. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best regards Yawar Hadi Noshahi QAU Islamabad (+92-0300-5504798) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radiusd -x gives error Errors reading /usr/local/etc/raddb/radiusd.conf
Hi all: I have installed freeradius-server-2.1.1. when I start the radius server using radiusd -x i get the following error including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/wimax including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/modules/rlm_sql.so /usr/local/etc/raddb/modules/rlm_sql.so[31]: Expecting section start brace '{' after ; P Errors reading /usr/local/etc/raddb/radiusd.conf the radiusd.conf is in /usr/local/etc/raddb/ directory What's the problem with radius.conf ? How can I to solve the problem ? thanx, regards, Vicky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd -x gives error Errors reading /usr/local/etc/raddb/radiusd.conf
hi , you have changed something in your radiusd.conf file which is not chaged according to the file rules.let check them again and post you changes portion of file in mail to have more resopnses. On Thu, Nov 6, 2008 at 11:46 AM, hsuan [EMAIL PROTECTED] wrote: Hi all: I have installed freeradius-server-2.1.1. when I start the radius server using radiusd -x i get the following error including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/wimax including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/modules/rlm_sql.so /usr/local/etc/raddb/modules/rlm_sql.so[31]: Expecting section start brace '{' after ; P Errors reading /usr/local/etc/raddb/radiusd.conf the radiusd.conf is in /usr/local/etc/raddb/ directory What's the problem with radius.conf ? How can I to solve the problem ? thanx, regards, Vicky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best regards Yawar Hadi Noshahi QAU Islamabad (+92-0300-5504798) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radiusd -x gives error Errors reading /usr/local/etc/raddb/radiusd.conf
Hi all : My radius.conf path is /usr/local/etc/raddb/ (attached radius.conf) Do I have to modify the radiusd.conf ? How to modify ? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Yawar Hadi Sent: Thursday, November 06, 2008 3:27 PM To: FreeRadius users mailing list Subject: Re: radiusd -x gives error Errors reading /usr/local/etc/raddb/radiusd.conf hi , you have changed something in your radiusd.conf file which is not chaged according to the file rules.let check them again and post you changes portion of file in mail to have more resopnses. On Thu, Nov 6, 2008 at 11:46 AM, hsuan [EMAIL PROTECTED] wrote: Hi all: I have installed freeradius-server-2.1.1. when I start the radius server using radiusd -x i get the following error including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/wimax including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/modules/rlm_sql.so /usr/local/etc/raddb/modules/rlm_sql.so[31]: Expecting section start brace '{' after ; P Errors reading /usr/local/etc/raddb/radiusd.conf the radiusd.conf is in /usr/local/etc/raddb/ directory What's the problem with radius.conf ? How can I to solve the problem ? thanx, regards, Vicky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best regards Yawar Hadi Noshahi QAU Islamabad (+92-0300-5504798) radiusd.conf Description: Binary data - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd -x gives error Errors reading /usr/local/etc/raddb/radiusd.conf
ARE YOU FACING THIS PROBLEM as i am testing yous radiusd.conf file..its showing me thisif u facing this error then probbley u r missign a file proxy.conf file in raddb directoy a one more solution isgo towhere u download the radius code then in raddb directory. like radiusd-version/raddb and copy file radiusd.conf to you usr/local/etc/raddb/ may this solve your problem... radiusd.conf file is changed .. /usr/local/etc/raddb/radiusd.conf[522]: Unable to open file proxy.conf: No such file or directory Errors reading radiusd.conf On Thu, Nov 6, 2008 at 12:45 PM, hsuan [EMAIL PROTECTED] wrote: Hi all : My radius.conf path is /usr/local/etc/raddb/ (attached radius.conf) Do I have to modify the radiusd.conf ? How to modify ? *From:* [EMAIL PROTECTED]: freeradius-users-bounces+hsuan freeradius-users-bounces%2Bhsuan= [EMAIL PROTECTED] *On Behalf Of *Yawar Hadi *Sent:* Thursday, November 06, 2008 3:27 PM *To:* FreeRadius users mailing list *Subject:* Re: radiusd -x gives error Errors reading /usr/local/etc/raddb/radiusd.conf hi , you have changed something in your radiusd.conf file which is not chaged according to the file rules.let check them again and post you changes portion of file in mail to have more resopnses. On Thu, Nov 6, 2008 at 11:46 AM, hsuan [EMAIL PROTECTED] wrote: Hi all: I have installed freeradius-server-2.1.1. when I start the radius server using radiusd -x i get the following error including configuration file /usr/local/etc/raddb/modules/etc_group including configuration file /usr/local/etc/raddb/modules/wimax including configuration file /usr/local/etc/raddb/modules/detail including configuration file /usr/local/etc/raddb/modules/pap including configuration file /usr/local/etc/raddb/modules/expiration including configuration file /usr/local/etc/raddb/modules/digest including configuration file /usr/local/etc/raddb/modules/mac2ip including configuration file /usr/local/etc/raddb/modules/rlm_sql.so /usr/local/etc/raddb/modules/rlm_sql.so[31]: Expecting section start brace '{' after ; P Errors reading /usr/local/etc/raddb/radiusd.conf the radiusd.conf is in /usr/local/etc/raddb/ directory What's the problem with radius.conf ? How can I to solve the problem ? thanx, regards, Vicky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best regards Yawar Hadi Noshahi QAU Islamabad (+92-0300-5504798) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best regards Yawar Hadi Noshahi QAU Islamabad (+92-0300-5504798) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ntlm_auth works on commandline but not in radiusd.conf
Please forgive me as I'm a newbie to Radius. I've been reading FAQs and archived mail list for three days and haven't seen a problem similar to mine. ntlm_auth works as expected on the command line, however it does not work in radius. In radius it ALWAYS returns a status ok and authenticates the user, even the the password is incorrect. Below are log snippets from issuing radiusd -X I'm using the latest version, FreeRadius 2.1.1, compiled from source. Very specifically, I followed the (out of date) guide by Alan DeKok called Deploying Radius http://deployingradius.com/documents/configuration/active_directory.html Everything works ok in the guide up to the point of the first radtest command. I can put ANY password for the user in the radtest command and it works. Again issuing ntml_auth from the command line gives predictable results. Here's the real work example demonstrating that I have ntlm_auth properly working. These are the expected results. Is there a better way to debug the exec module to see what is really happening when exec called ntlm_auth from within freeradius? [EMAIL PROTECTED] ~]# ntlm_auth --domain=GTDEV --request-nt-key --username=ntlmtest --password=radpw NT_STATUS_OK: Success (0x0) [EMAIL PROTECTED] ~]# ntlm_auth --domain=GTDEV --request-nt-key --username=ntlmtest --password=radpwnogood NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc06a) Radtest is issued from the command line and this is the debug output from radiusd -X [EMAIL PROTECTED] ~]# radtest ntlmtest radpw localhost 0 testing123 Sending Access-Request of id 103 to 127.0.0.1 port 1812 User-Name = ntlmtest User-Password = radpw NAS-IP-Address = 10.10.3.5 NAS-Port = 0 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=103, length=20 Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 60006, id=103, length=60 User-Name = ntlmtest User-Password = radpw NAS-IP-Address = 10.10.3.5 NAS-Port = 0 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = ntlmtest, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound [files] users: Matched entry ntlmtest at line 96 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No known good password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = ntlm_auth +- entering group authenticate {...} [ntlm_auth] expand: --username=%{mschap:User-Name} - --username=ntlmtest [ntlm_auth] expand: --password=%{User-Password} - --password=radpw ++[ntlm_auth] returns ok Login OK: [ntlmtest/radpw] (from client localhost port 0) +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 103 to 127.0.0.1 port 60006 Finished request 0. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 103 with timestamp +3 Ready to process requests. OK now here's the same radtest with a bad password. It works but it shouldnt! Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 58940, id=87, length=60 User-Name = ntlmtest User-Password = radpwnogood NAS-IP-Address = 10.10.3.5 NAS-Port = 0 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = ntlmtest, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound [files] users: Matched entry ntlmtest at line 96 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No known good password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = ntlm_auth +- entering group authenticate {...} [ntlm_auth] expand: --username=%{mschap:User-Name} - --username=ntlmtest [ntlm_auth] expand: --password=%{User-Password} - --password=radpwnogood ++[ntlm_auth] returns ok Login OK: [ntlmtest/radpwnogood] (from client localhost port 0) +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 87 to 127.0.0.1 port 58940 Finished request 0. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 87 with timestamp +7 Ready to process requests. And for those of you who must see the ntlm_auth config portion, here it is: (it's the same as the deployment guide) $INCLUDE ${confdir}/modules/ # # put exec ntlm_auth AFTER the exec module is defined # exec ntlm_auth { wait = no program = /usr/bin/ntlm_auth
Re: ntlm_auth works on commandline but not in radiusd.conf
[EMAIL PROTECTED] wrote: Very specifically, I followed the (out of date) guide by Alan DeKok called Deploying Radius Hmm... OK. I've updated the instructions for 2.x. exec ntlm_auth { wait = no That's the issue. It should say wait = yes. Sorry. I've updated the web site to fix this. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ntlm_auth works on commandline but not in radiusd.conf
--- El mié, 1/10/08, Alan DeKok [EMAIL PROTECTED] escribió: De: Alan DeKok [EMAIL PROTECTED] Asunto: Re: ntlm_auth works on commandline but not in radiusd.conf Para: FreeRadius users mailing list freeradius-users@lists.freeradius.org Fecha: miércoles, 1 octubre, 2008 2:38 [EMAIL PROTECTED] wrote: Very specifically, I followed the (out of date) guide by Alan DeKok called Deploying Radius Hmm... OK. I've updated the instructions for 2.x. exec ntlm_auth { wait = no That's the issue. It should say wait = yes. Sorry. I've updated the web site to fix this. Alan DeKok. i believe that you saw the images that i sent to you to see :) well im still stuck in the config . /etc/radb/radiusd.conf exec ntlm_auth { wait = yes program = /usr/bin/ntlm_auth ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password} } -- /etc/radb/sites-enabled/default authenticate { # # PAP authentication, when a back-end database listed # in the 'authorize' section supplies a password. The # password can be clear-text, or encrypted. Auth-Type PAP { pap } } authenticate { ntlm_auth } radtest luis ..4wr123,,todoloco 127.0.0.1 0 testing123 Sending Access-Request of id 137 to 127.0.0.1 port 1812 User-Name = luis User-Password = test NAS-IP-Address = xx.xx.xx.xx NAS-Port = 0 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=137, length=20 what them ??? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ntlm_auth works on commandline but not in radiusd.conf
luis a wrote: i believe that you saw the images that i sent to you to see :) As a general rule, I ignore most private email asking for free help. That's what the list is for. radtest luis ..4wr123,,todoloco 127.0.0.1 0 testing123 Sending Access-Request of id 137 to 127.0.0.1 port 1812 sigh Can you explain why you're not following the instructions for posting debug output to the list? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ntlm_auth works on commandline but not in radiusd.conf
http://hotjobs.mycasacorp.com/images there are the images step by step setting up freeradius against AD and its not working for me in the config in the command line everything work okay but in the config he does not check it there pals greetings --- El mié, 1/10/08, Alan DeKok [EMAIL PROTECTED] escribió: De: Alan DeKok [EMAIL PROTECTED] Asunto: Re: ntlm_auth works on commandline but not in radiusd.conf Para: [EMAIL PROTECTED], FreeRadius users mailing list freeradius-users@lists.freeradius.org Fecha: miércoles, 1 octubre, 2008 4:42 luis a wrote: i believe that you saw the images that i sent to you to see :) As a general rule, I ignore most private email asking for free help. That's what the list is for. radtest luis ..4wr123,,todoloco 127.0.0.1 0 testing123 Sending Access-Request of id 137 to 127.0.0.1 port 1812 sigh Can you explain why you're not following the instructions for posting debug output to the list? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ntlm_auth works on commandline but not in radiusd.conf
I was under impression I answered this already, but I don't see it on the list, so here we go again: 1. Your ntlm_auth users file entry is wrong. There is no username or DEFAULT in it. 2. Instructions clearly say to put the entry at the beginning of the users file. What did you do - you put that entry at the end. Follow instructions. If you can't manage that - find someone who can. Ivan Kalik Kalik Informatika ISP Dana 1/10/2008, luis a [EMAIL PROTECTED] piše: http://hotjobs.mycasacorp.com/images there are the images step by step setting up freeradius against AD and its not working for me in the config in the command line everything work okay but in the config he does not check it there pals greetings --- El miĂŠ, 1/10/08, Alan DeKok [EMAIL PROTECTED] escribiĂł: De: Alan DeKok [EMAIL PROTECTED] Asunto: Re: ntlm_auth works on commandline but not in radiusd.conf Para: [EMAIL PROTECTED], FreeRadius users mailing list freeradius-users@lists.freeradius.org Fecha: miĂŠrcoles, 1 octubre, 2008 4:42 luis a wrote: i believe that you saw the images that i sent to you to see :) As a general rule, I ignore most private email asking for free help. That's what the list is for. radtest luis ..4wr123,,todoloco 127.0.0.1 0 testing123 Sending Access-Request of id 137 to 127.0.0.1 port 1812 sigh Can you explain why you're not following the instructions for posting debug output to the list? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
LDAP configuration in radiusd.conf
Hello, I'd like to know if it's possible to use 2 different basedn in one ldap { section in radius.conf. In my LDAP database, I've got 2 entries : ou=phones, cn=. ou=users,cn=. I want to authenticate devices from phones and from users. Actually, I configured 2 ldap sections in radius.conf : Ldap ldap1 { Basedn=ou=phones,cn=. [.] } Ldap ldap2 { Basedn=ou=users,cn=. [.] } In my authenticate section, I'v got : Ldap1 Ldap2 If I want to authenticate a user, the first check on ldap1 fails and the second one on ldap2 works fine (this is normal regarding to the configuration). The authentication takes about 10 sec and only 1.5 sec with the ldap2 attribute alone in authenticate section. So, is it possible to use 2 basedn in radiusd.conf file to prevent from the first ldap1 Access-Reject ? Regards, Nicolas SOULEMAN. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ldap configuration parameters in radiusd.conf file
Hi, Does any body has idea whether the below parameters are mandatory in radiusd.conf file ldap section. groupname_attribute = cn groupmembership_filter = (|((objectClass=group)(member=%{Ldap-UserDn}))((objectClass=GroupOfUniqueNames)(uniquemember==%{Ldap-UserDn}))) groupmembership_attribute = radiusGroupName Iam trying to see whether ldap group search functionality can be avoided using radiusd.conf file. Thanks in advance. regards -gnr - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radiusd.conf dictionary troubleshooting
Hi all and thanks ahead of time for any responders. The scenario: I have been given the task to install a radius server on a Linux platform. After doing some research, I went with Fedora Core 6 and FreeRadius-1.1.7. It's currently running on my HP Laptop for configuring and testing. As for my strength with Linux, I am a novice but learning quickly just by the amount of work I have done so far with this system. As for the guide I have been following so far for a lot of my work: http://www.jrdcorp.com/index.php?option=com_contenttask=viewid=22Itemid=46 I have also reviewed several other sites along the way for cross checking information, file names, locations, and etc. After the installation of Fedora Core 6, I updated the system and installed with yum the: openssl-perl, mysql, and libnet. All work has been done under root privilege. So now, on to the trouble code lines. This is the first part of trouble I had but I think I was able to fix it since I didn't see some of these lines again, this is not my actual trouble part. It will follow below this. After checking all my certificates and checking locations, such as CA.all, certs.sh, CA.certs, I get to the point of starting up the radius server. While in the /etc/init.d directory I do, radiusd -s -X rlm_exec: Wait=yes but no output defined. Did you mean output=none? rlm_eap_tls: Loading the certificate file as a chain rlm_eap_tls: SSL error error :lib(0):func(0):reason(0) rlm_eap_tls: Error reading Trusted root CA list rlm_eap: Failed to initialize type tls radius.conf[10]: eap: Module instantiation failed radius.conf[1939] Unknown module eap. radius.conf[1886] Failed to parse authentication section The SSL error I gathered after researching is ignorable, no errors actually occurred? Anyways, I did some trouble shooting and it looks like a lot was resolved since I didn't see some of these lines again. Now for the last couple lines that I am having trouble with and can't figure out. The last error problems I have seen by running /radiusd -s -X read_config_files: reading directory Errors reading dictionary: dict_init: /etc/raddb/dictionary[14]: Couldn't open dictionary /usr/local/share/freeradius/dictionary: No such file or directory Errors reading radius.conf For my first troubleshooting and seeing what might work, I copied the dictionary file, i think from the raddb directory, should have made a note, to the directory that the dictionary file points to. The result of that was the same message except for the No such file or directory, I got a: To many open files. So I canceled that idea and I am stuck with that line. Now for the radiusd.conf file. I have no clue at all what could be wrong with this. I have checked the radius.log files and it reports the same printouts I have seen but doesn't go any farther. Can anyone possibly shine a light on the direction to go with this? Thanks a lot - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radiusd.conf dictionary troubleshooting
On Tue, 2007-08-14 at 01:00 -0700, Dan Jones wrote: Hi all and thanks ahead of time for any responders. The scenario: I have been given the task to install a radius server on a Linux platform. After doing some research, I went with Fedora Core 6 and FreeRadius-1.1.7 . It's currently running on my HP Laptop for configuring and testing. As for my strength with Linux, I am a novice but learning quickly just by the amount of work I have done so far with this system. As for the guide I have been following so far for a lot of my work: http://www.jrdcorp.com/index.php?option=com_contenttask=viewid=22Itemid=46 That guide has several mistakes just at a glance. Please consult wiki.freeradius.org where the docs you read have a much higher chance of being correct. rlm_exec: Wait=yes but no output defined. Did you mean output=none? rlm_eap_tls: Loading the certificate file as a chain rlm_eap_tls: SSL error error :lib(0):func(0):reason(0) rlm_eap_tls: Error reading Trusted root CA list rlm_eap: Failed to initialize type tls radius.conf [10]: eap: Module instantiation failed radius.conf[1939] Unknown module eap. radius.conf[1886] Failed to parse authentication section Those last 3 lines mean the include eap.conf line is commented out in radiusd.conf read_config_files: reading directory Errors reading dictionary: dict_init: /etc/raddb/dictionary[14]: Couldn't open dictionary /usr/local/share/freeradius/dictionary: No such file or directory The server isn't installed properly; make install should copy those files into place, if they're not there it didn't work. Un-tar a clean copy and re-try: ./configure make make install echo success Errors reading radius.conf For my first troubleshooting and seeing what might work, I copied the dictionary file, i think from the raddb directory, should have made a No. You've made it worse. note, to the directory that the dictionary file points to. The result of that was the same message except for the No such file or directory, I got a: To many open files. So I canceled that idea and I am stuck with that line. Now for the radiusd.conf file. I have no clue at all what could be What's wrong is that radiusd.conf references raddb/dictionary; raddb/dictionary references /usr/local/share/freeradius/dictionary; and the latter isn't there, so the error is propagated upwards since it's discovered whilst parsing radiusd.conf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.0 documentation for radiusd.conf
Hugh Messenger wrote: ... I like this new unlang. Thanks. It makes me much more confident in releasing a 2.0 that is *much* better than 1.1. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.0 documentation for radiusd.conf
Alan DeKok [EMAIL PROTECTED] said: Hugh Messenger wrote: ... I like this new unlang. Thanks. It makes me much more confident in releasing a 2.0 that is *much* better than 1.1. My only suggestion is adding some examples to the man page, and/or in the config file comments. I'm sure you already intend to do this, just wanted to get it back on your radar. As has been noted by others, unlang is likely to top the league table of FMF's (Frequently Misunderstood Features). BTW, reproducing my 1.1.6 setup on 2.0.0 has actually been remarkably painless. In fact, the only problematic parts have been unrelated to core radiusd. It's just been things like getting PAM/winbind working on the test server (repeat after me, install pam-devel BEFORE ./configure), and some teething trouble with the MySQL sqlippool stuff, which Peter has jumped on. Good work, guys. Alan DeKok. -- hugh - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.0 documentation for radiusd.conf
Hugh Messenger wrote: My only suggestion is adding some examples to the man page, and/or in the config file comments. I'm sure you already intend to do this, just wanted to get it back on your radar. As has been noted by others, unlang is likely to top the league table of FMF's (Frequently Misunderstood Features). Examples will go into raddb/sites-available/*. e.g. How to do X? Look in file X. As always, patches are welcome. It also means that the server can ship with a number of canned configuration files for various purposes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.0 documentation for radiusd.conf
Alan Dekok [EMAIL PROTECTED] said: Hugh Messenger wrote: Any luck fixing this stuff: DEFAULT Called-Station-Id =~ ^([A-z0-9]+_[0-9]+)$, Pool-Name := `%{0}` Framed-IP-Netmask = 255.255.0.0, Fall-Through = 1 ... in either users or hints? Don't use users or hints. Use the new unlanguage. [snip] authorize { ... if (Called-Station-Id =~ /^([A-z0-9]+_[0-9]+)$/) { update config { Pool-Name := %{0} } update reply { Framed-IP-Netmask = 255.255.0.0 } } } Much easier to understand, I think. And better yet, it works. :0 One small fix though, it needs the %{} around Called-Station-Id ... If (%{Called-Station-Id} =~ /^([A-z0-9]+_[0-9]+)$/) { Alan DeKok. I like this new unlang. -- hugh - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.0 documentation for radiusd.conf.
Arran Cudbard-Bell wrote: Have you managed to reproduce the bus error? No. Maybe today. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.0 documentation for radiusd.conf.
Arran Cudbard-Bell wrote: ... *narrowed* authorize { # Some devices send their loopback address as Nas IP Address, overwrite this with packet source. if(%{NAS-IP-Address} == 127.0.0.1){ update request { NAS-IP-Address := %{Packet-Src-IP-Address} } } Nope. It works for me. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.0 documentation for radiusd.conf.
Alan Dekok wrote: Arran Cudbard-Bell wrote: ... *narrowed* authorize { # Some devices send their loopback address as Nas IP Address, overwrite this with packet source. if(%{NAS-IP-Address} == 127.0.0.1){ update request { NAS-IP-Address := %{Packet-Src-IP-Address} } } Nope. It works for me. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Ok, is there any way to get it to be more verbose about whats causing the bus error ? I'm going grab a fresh copy from the repository, just in case cvs update has mangled one of the files -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.0 documentation for radiusd.conf.
[EMAIL PROTECTED] wrote: Hi, Ok, is there any way to get it to be more verbose about whats causing the bus error ? I'm going grab a fresh copy from the repository, just in case cvs update has mangled one of the files make distclean ./configure --with-you-options make rm -rf /usr/local/lib/rlm_* (or whatever to remove all old version of the libraries) make install ldconfig -v if you dont delete your old rlm_ libraries then if there isnt a major revision update they WILL come back to bite you. rm -rf /usr/local/src/freeradius-cvscurrent rm -rf /usr/local/freeradius-cvs140607 cvs -d :pserver:[EMAIL PROTECTED]:/source checkout radiusd ./configure --prefix=/usr/local/freeradius-cvs150607 make make install Best to be safe :) -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.0 documentation for radiusd.conf.
Hi, Ok, is there any way to get it to be more verbose about whats causing the bus error ? I'm going grab a fresh copy from the repository, just in case cvs update has mangled one of the files make distclean ./configure --with-you-options make rm -rf /usr/local/lib/rlm_* (or whatever to remove all old version of the libraries) make install ldconfig -v if you dont delete your old rlm_ libraries then if there isnt a major revision update they WILL come back to bite you. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.0 documentation for radiusd.conf.
Arran Cudbard-Bell wrote: [EMAIL PROTECTED] wrote: Hi, Ok, is there any way to get it to be more verbose about whats causing the bus error ? I'm going grab a fresh copy from the repository, just in case cvs update has mangled one of the files make distclean ./configure --with-you-options make rm -rf /usr/local/lib/rlm_* (or whatever to remove all old version of the libraries) make install ldconfig -v if you dont delete your old rlm_ libraries then if there isnt a major revision update they WILL come back to bite you. rm -rf /usr/local/src/freeradius-cvscurrent rm -rf /usr/local/freeradius-cvs140607 cvs -d :pserver:[EMAIL PROTECTED]:/source checkout radiusd ./configure --prefix=/usr/local/freeradius-cvs150607 make make install Best to be safe :) Ok wth ... modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating pap pap { encryption_scheme = auto auto_header = yes } Module: Linked to module rlm_chap Module: Instantiating chap Bus error Thats with the default config ?! -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.0 documentation for radiusd.conf.
Arran Cudbard-Bell wrote: ... modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating pap pap { encryption_scheme = auto auto_header = yes } Module: Linked to module rlm_chap Module: Instantiating chap Bus error Thats with the default config ?! Delete all of your existing libraries and binaries, and re-install. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.0 documentation for radiusd.conf.
Alan Dekok wrote: Arran Cudbard-Bell wrote: ... modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating pap pap { encryption_scheme = auto auto_header = yes } Module: Linked to module rlm_chap Module: Instantiating chap Bus error Thats with the default config ?! Delete all of your existing libraries and binaries, and re-install. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html I have, all libraries are installed into /usr/local/freeradius-cvsDATE/lib And so get rebuilt and installed every time I build ... -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.0 documentation for radiusd.conf.
Arran Cudbard-Bell wrote: Control instead of config ? ... Both appear to work and do the same thing when updating things... I didn't want to break existing 2.0.0-pre systems. But config will be removed before 2.0.0-final. It appears that either update request is broken, or something else weird is happening. OK. There was a corner case where if the attribute set via = or :=, and not already in the destination list, it wouldn't be added. I've committed a fix. To see for yourself what's going on with the internals of the condition matching and attribute adding, do: radiusd -x :) Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.0 documentation for radiusd.conf.
Alan Dekok wrote: Arran Cudbard-Bell wrote: Control instead of config ? ... Both appear to work and do the same thing when updating things... I didn't want to break existing 2.0.0-pre systems. But config will be removed before 2.0.0-final. It appears that either update request is broken, or something else weird is happening. OK. There was a corner case where if the attribute set via = or :=, and not already in the destination list, it wouldn't be added. I've committed a fix. To see for yourself what's going on with the internals of the condition matching and attribute adding, do: radiusd -x :) Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Lines and lines and lines and lines ! Thu Jun 14 10:55:17 2007 : Debug: ++? if (%{NAS-IP-Address} == 127.0.0.1) - TRUE Thu Jun 14 10:55:17 2007 : Debug: ++- entering if (%{NAS-IP-Address} == 127.0.0.1) Thu Jun 14 10:55:17 2007 : Debug: expand: %{Packet-Src-IP-Address} - 139.184.6.42 Thu Jun 14 10:55:17 2007 : Debug: FROM 1 TO 12 MAX 13 Thu Jun 14 10:55:17 2007 : Debug: OVERWRITING NAS-IP-Address FROM 0 TO 1 Bus error # USERNAME FORMATTING # User-Name Formatting, extracts Realm, User. Ignores NT domain # This will accept # * user # * [EMAIL PROTECTED] # * ntdomain\\user # * [EMAIL PROTECTED] # * user-emergency* if((%{User-Name} =~ /([^-]+)-emergency-/) || (%{User-Name} =~ /?([EMAIL PROTECTED])@?([-[:alnum:]._]*)?$/)) { if((%{2} == ) || (%{2} == sussex.ac.uk)){ update request { Stripped-User-Name := %{1} Realm := local } } else{ update request { Stripped-User-Name := %{0} Realm = %{2} } } } # PROXYING LOGIC # Eventually if we ever need to proxy to multiple locations we can do checks here, but for now assume all non local realms go through JRS switch %{Realm} { case local { # Don't do any proxy stuff here, request will be handled later. } case { update control { Proxy-To-Realm := jrs } update request { Realm := jrs } } } # Rewrite macs using attr rewrite. # * Write uniform mac addresses with seperators removed uniform_called_id uniform_calling_id # SET CERTAIN ATTRIBUTE DEFAULTS # If the request is coming in from an offsite proxy then set the service-type to authenticate only. # this saves us doing some authorisation checks. if(%{Huntgroup-Name} == jrs-proxy){ update request { Service-Type = Authenticate-Only } } # Some NASs don't write a Service-Type in the access request # packets. For packets with no Service-Type, assume the user is a framed user. elsif(%{Service-Type} == ){ update request { Service-Type = Framed-User } } # Apple airports send the wrong NAS-Port-Type, so correct this. # if nas didn't send a NAS-Port-Type assume it's wireless. if((%{NAS-Port-Type} == )||(%{NAS-Port-Id} =~ /wl[0-9]*/)){ update request { NAS-Port-Type = Wireless-802.11 } } # Some devices send their loopback address as Nas IP Address, overwrite this with packet source. if(%{NAS-IP-Address} == 127.0.0.1){ update request { NAS-IP-Address := %{Packet-Src-IP-Address} } } # HP Access Points send called-station-id:ssid correct this here. # Seperate into Called-Station-Id and Called-Station-SSID # Then do lookup on Called-Station-SSID, instead of Called-Station-Id if(%{Called-Station-Id} =~ /(.*):(.*)/) { update request { Stripped-Called-Station-Id = %{1} Called-Station-SSID = %{2} Nas-Flags = %{sql_clients:SELECT EXPORT_SET(ssid_defaults.nas_flags,'1','0','',30) FROM `ssid_defaults` WHERE ssid_defaults.ssid_name = '%{Called-Station-SSID}' LIMIT 0,1} } } # Fix stupid bug in recent hp firmwares, don't perform lookup on last hex pair. # Remember to put SQL statement back to normal later elsif(%{Called-Station-Id} =~ /(^[[:alnum:]]{10})/){ update request { Nas-Flags = %{sql_clients:SELECT EXPORT_SET(master.nas_flags,'1','0','',30) FROM `master` WHERE master.hw_address LIKE '%{1}%' LIMIT 0,1} } } update request { Supplicant-Flags = %{sql_clients:SELECT EXPORT_SET(master.supplicant_flags,'1','0','',10) FROM `master` WHERE master.hw_address = '%{Calling-Station-Id}' LIMIT 0,1} } -- Oh and empty case statements screw things up in strange and weird ways... case local with content ++- entering switch %{Realm} +++- entering case local
Re: 2.0.0 documentation for radiusd.conf.
Hi, We have three different models of NAS, each with their own weirdnesses... Apple airports send Ethernet as their medium type ... even with latest firmware? if so, nasty! HP530s Don't send a service-type in the request, they also send their loopback address as NAS-IP-Address ?! And they do a weird thing with appending the SSID to the called-station-id ... They also don't send a NAS-Identifier, which makes things fun in terms of accounting records. most devices allow you to specify the interface address to be used as the source address for RADIUS. most guides also say 'use the local loopback address' (expecting you to use the lookback address as their unique address for connecting to/from etc) we dont use the loopback but instead use the administrative address for RADIUS, TACACS+ etc source address. a lot of devices also append the SSID to the called-station-id (Cisco kit tends to do this too) - VERY handy as a single call/check can throw the logic down the right path! :-) HP 2626 switches, with firmware revision H.10.35 get the first 10 chars of their own mac address right, then screw up the last two ... er, if they act like cisco kit, then the last part of their MAC address will change for special purposes. Cisco kit changes the last octet for each wireless interface and each port MAC address and admin interface etc. Then you have users who enter [EMAIL PROTECTED] domain sussex.ac.uk in the windows supplicant, which comes out as sussex.ac.uk/[EMAIL PROTECTED] er, yes. thats how it should come out. IF they fill in the REALM box for PEAL then their realm gets prepended to the call. this is trivial to search and strip out. if its a machine authentication then it'll have host/ instead as the UserID. in fact, FR already can handle the REALM prefix as part of the proxy etc. you may need to enforce the nt-hack stuff too. several examples posted to this list over the past 2 years have shown various ntlm_auth command lines that can handle the REALM or over-write the supplied REALM alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.0 documentation for radiusd.conf.
Arran Cudbard-Bell wrote: ... if((%{2} == ) || (%{2} == sussex.ac.uk)){ You don't need to check if strings are empty like that. You can do: if (!%{2} || ... which may be easier to read. Oh and empty case statements screw things up in strange and weird ways... I think much of that is just an issue with it not printing the right thing in debug mode. case local with content ++- entering switch %{Realm} +++- entering case local expand: %{Packet-Src-IP-Address} - 139.184.6.42 expand: %{Packet-Src-IP-Address} - 139.184.6.42 ... Not sure why that's happening... But thats pretty minor compared with the bus issue... still trying to track down whats causing it ... = works fine := breaks ... I just don't see that. Can you narrow it down to a particular packet, and a 5-6 line config? But anyway, still loving the unlang, it's made things so much easier ! I know. I started down a similar path with rlm_policy, but it was awkward and annoying. I always wanted some kind of brains in the config files, but only recently managed to do it in a way that makes sense. Even with it's limited functionality, it's a *huge* step over 1.1.x. HP530s Don't send a service-type in the request, they also send their loopback address as NAS-IP-Address ?! And they do a weird thing with appending the SSID to the called-station-id ... That last bit is actually supposed to happen. HP 2626 switches, with firmware revision H.10.35 get the first 10 chars of their own mac address right, then screw up the last two ... Wow... Oh and update request is now unbroken , thanks . I've just added = and =, which do things like enforce limits. ... update reply { Session-Timeout = 7200 } ... update reply { Session-Timeout = 3600 } Will set it to 3600. See man unlang. Oh, and -= works. With the users file, it didn't. And there are other corner-case bugs fixed, too. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.0 documentation for radiusd.conf.
Alan Dekok wrote: Arran Cudbard-Bell wrote: ... if((%{2} == ) || (%{2} == sussex.ac.uk)){ You don't need to check if strings are empty like that. You can do: if (!%{2} || ... which may be easier to read. Oh and empty case statements screw things up in strange and weird ways... I think much of that is just an issue with it not printing the right thing in debug mode. case local with content ++- entering switch %{Realm} +++- entering case local expand: %{Packet-Src-IP-Address} - 139.184.6.42 expand: %{Packet-Src-IP-Address} - 139.184.6.42 ... Not sure why that's happening... But thats pretty minor compared with the bus issue... still trying to track down whats causing it ... = works fine := breaks ... I just don't see that. Can you narrow it down to a particular packet, and a 5-6 line config? rad_recv: Access-Request packet from host 139.184.6.42 port 1141, id=42, length=151 User-Name = ac221 NAS-IP-Address = 127.0.0.1 NAS-Port = 1 Called-Station-Id = 00-14-C2-B6-7D-32:eduroam Calling-Station-Id = 00-19-E3-0C-CD-58 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = CONNECT 54Mbps 802.11g EAP-Message = 0x020a016163323231 Message-Authenticator = 0xae11e154e1819b9fde40d27a0147ad04 Processing the authorize section of radiusd.conf +- entering group authorize ++? if (%{NAS-IP-Address} == 127.0.0.1) expand: %{NAS-IP-Address} - 127.0.0.1 ? Evaluating (%{NAS-IP-Address} == 127.0.0.1) - TRUE ++? if (%{NAS-IP-Address} == 127.0.0.1) - TRUE ++- entering if (%{NAS-IP-Address} == 127.0.0.1) expand: %{Packet-Src-IP-Address} - 139.184.6.42 Bus error *narrowed* authorize { # Some devices send their loopback address as Nas IP Address, overwrite this with packet source. if(%{NAS-IP-Address} == 127.0.0.1){ update request { NAS-IP-Address := %{Packet-Src-IP-Address} } } } HP530s Don't send a service-type in the request, they also send their loopback address as NAS-IP-Address ?! And they do a weird thing with appending the SSID to the called-station-id ... That last bit is actually supposed to happen. Ah, ok. HP 2626 switches, with firmware revision H.10.35 get the first 10 chars of their own mac address right, then screw up the last two ... Wow... Yes, last two octets bare no resemblance what-so-ever to the base mac *impressed* -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.0 documentation for radiusd.conf.
rad_recv: Access-Request packet from host 139.184.6.42 port 1141, id=42, length=151 User-Name = ac221 NAS-IP-Address = 127.0.0.1 NAS-Port = 1 Called-Station-Id = 00-14-C2-B6-7D-32:eduroam Calling-Station-Id = 00-19-E3-0C-CD-58 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = CONNECT 54Mbps 802.11g EAP-Message = 0x020a016163323231 Message-Authenticator = 0xae11e154e1819b9fde40d27a0147ad04 Processing the authorize section of radiusd.conf +- entering group authorize ++? if (%{NAS-IP-Address} == 127.0.0.1) expand: %{NAS-IP-Address} - 127.0.0.1 ? Evaluating (%{NAS-IP-Address} == 127.0.0.1) - TRUE ++? if (%{NAS-IP-Address} == 127.0.0.1) - TRUE ++- entering if (%{NAS-IP-Address} == 127.0.0.1) expand: %{Packet-Src-IP-Address} - 139.184.6.42 Bus error *narrowed* authorize { # Some devices send their loopback address as Nas IP Address, overwrite this with packet source. if(%{NAS-IP-Address} == 127.0.0.1){ update request { NAS-IP-Address := %{Packet-Src-IP-Address} } } } Heh, located the issue with the access point... If you tell it to fail over to it's internal RADIUS server after trying the primary and secondary, it'll send 127.0.0.1 to the primary and secondary too ... fun. My faith has wained quite a bit in the quality of HP products since starting this project *sigh*. -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.0 documentation for radiusd.conf.
expand: %{Supplicant-Flags} - 00 ??? Evaluating 00 - FALSE ?? Converting !FALSE - TRUE A string of 0 evaluates to false ? This is where you begin to need typed variables. INT(0) - FALSE INT(1) - TRUE STRING(0) - TRUE STRING(1) - TRUE -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE:2.0.0 documentation for radiusd.conf
From: Alan Dekok [EMAIL PROTECTED] Oh, and -= works. With the users file, it didn't. And there are other corner-case bugs fixed, too. Any luck fixing this stuff: DEFAULT Called-Station-Id =~ ^([A-z0-9]+_[0-9]+)$, Pool-Name := `%{0}` Framed-IP-Netmask = 255.255.0.0, Fall-Through = 1 ... in either users or hints? If you recall, I'm trying to find a way of having just one DEFAULT for setting my sqlippool Pool-Name, rather than having to have 50+ individual entries. So far no luck with the above mechanism in either users or hints files. Alan DeKok. -- hugh - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.0 documentation for radiusd.conf.
Arran Cudbard-Bell wrote: expand: %{Supplicant-Flags} - 00 ??? Evaluating 00 - FALSE ?? Converting !FALSE - TRUE A string of 0 evaluates to false ? It's treated as an integer. This is where you begin to need typed variables. It's not a language. You can work around this issue by doing: if (0 != ) ... which will get you what you want. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.0 documentation for radiusd.conf
Hugh Messenger wrote: Any luck fixing this stuff: DEFAULT Called-Station-Id =~ ^([A-z0-9]+_[0-9]+)$, Pool-Name := `%{0}` Framed-IP-Netmask = 255.255.0.0, Fall-Through = 1 ... in either users or hints? Don't use users or hints. Use the new unlanguage. If you recall, I'm trying to find a way of having just one DEFAULT for setting my sqlippool Pool-Name, rather than having to have 50+ individual entries. So far no luck with the above mechanism in either users or hints files. authorize { ... if (Called-Station-Id =~ /^([A-z0-9]+_[0-9]+)$/) { update config { Pool-Name := %{0} } update reply { Framed-IP-Netmask = 255.255.0.0 } } } Much easier to understand, I think. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.0 documentation for radiusd.conf.
Alan Dekok wrote: Arran Cudbard-Bell wrote: expand: %{Supplicant-Flags} - 00 ??? Evaluating 00 - FALSE ?? Converting !FALSE - TRUE A string of 0 evaluates to false ? It's treated as an integer. This is where you begin to need typed variables. It's not a language. Yes it's an unlanguage. You can work around this issue by doing: if (0 != ) ... which will get you what you want. I know I was just being pinicity ;) Have you managed to reproduce the bus error? -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
2.0.0 documentation for radiusd.conf.
I've updated the documentation for radiusd.conf, to document the new un-language. Text is attached here for comment. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog unlang(5) FreeRADIUS Processing un-language unlang(5) NAME unlang - FreeRADIUS Processing un-language DESCRIPTION FreeRADIUS supports a simple processing language in its configuration files. We call it an un-language because the intention is NOT to create yet another programming language. If you need something more complicated than what is described here, we suggest using the Perl or Python modules rlm_perl, or rlm_python. The language is similar to C in some respects, and is also similar to Unix shell scripts in other respects. The keywords for the language are if, else, elsif, switch, case, and update. Subject to some limitations below on switch and case, any keyword can appear in any context. KEYWORDS if Checks for a particular condition. If true, the block after the condition is processed. Otherwise, the block is ignored. if (condition) { ... } else Define a block to be executed only if the previous if condiâ tion returned false. else { ... } elsif Define a block to be executed only if the previous if condiâ tion returned false, and if the specified condition evaluates to true. elsif (condition) { ... } switch Evaluate the given string, and choose the first matching case statement inside of the current block. No statement other than case can appear in a switch block. switch string { ... } case Define a static string to match a parent switch statement. A case statement cannot appear outside of a switch block. case string { ... } update Update a particular attribute list, based on the attributes given in the current block. update list { attribute = value ... } The list can be one of request, reply, proxy-request, proxy-reply, or control. The control list is the list of attributes maintainted internally by the server that controls how the server processes the request. Any attribute that does not go in a packet on the network will generally be placed in the control list. For a detailed description of the contents of the update secâ tion, see the ATTRIBUTES section below. CONDITIONS The conditions are similar to C conditions in syntax, though quoted strings are supported, as with the Unix shell. Simple conditions (foo) Evalutes to true if âfooâ is a non-empty string, or if âfooâ is a non-zero number. Negation (!foo) Evalutes to true if âfooâ evaluates to false, and vice-versa. Short-circuit operators (foo || bar) (foo bar) and || are short-circuit operators. evaluates the first condition, and evaluates the second condition if and only if the result of the first condition is true. || is similar, but executes the second command if and only if the result of the first condition is false. Comparisons (foo == bar) Compares âfooâ to âbarâ, and evaluates to true if the comparison holds true. Valid comparison operators are ==, !=, , =, , =, =~, and !~, all with their usual meanings. Invalid comparison operators are := and =. STRINGS AND NUMBERS Strings and numbers can appear as stand-alone conditions, in which case they are evaluated as described in Simple conditions, above. They can also appear (with some exceptions noted below) on the left-hand or on the right-hand side of a comparison. Numbers Numbers are composed of decimal digits. Floating point, hex, and octal numbers are not supported. The maximum value for a number is machine-dependent, but is usually 32-bits, including one bit for a sign value
Re: 2.0.0 documentation for radiusd.conf.
switch Evaluate the given string, and choose the first matching case statement inside of the current block. No statement other than case can appear in a switch block. switch string { ... } These work now ? :D case Define a static string to match a parent switch statement. A case statement cannot appear outside of a switch block. case string { ... } update Update a particular attribute list, based on the attributes given in the current block. update list { attribute = value ... } The list can be one of request, reply, proxy-request, proxy-reply, or control. The control list is the list of attributes maintainted internally by the server that controls how the server processes the request. Any attribute that does not go in a packet on the network will generally be placed in the control list. Control instead of config ? Cool , very nice work :) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.0 documentation for radiusd.conf.
Arran Cudbard-Bell wrote: switch These work now ? :D Yes. I just added a default to the switch statements, too. See the updated man unlang. Control instead of config ? Yes. config is already used for configuration-file stuff. Cool , very nice work :) Thanks. I think it's nearly time for a -pre2. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.0 documentation for radiusd.conf.
Control instead of config ? Yes. config is already used for configuration-file stuff. Both appear to work and do the same thing when updating things... Ok, It appears that either update request is broken, or something else weird is happening. if((%{User-Name} =~ /([^-]+)-emergency-/) || (%{User-Name} =~ /?([EMAIL PROTECTED])@?([-[:alnum:]._]*)?$/)) { if((%{2} == ) || (%{2} == sussex.ac.uk)){ update request { Stripped-User-Name := %{1} Realm := local } } else{ update request { Stripped-User-Name := %{0} Realm = %{2} } } } That sorts out username formating, means you can use [EMAIL PROTECTED], and things will still work *sigh* (never underestimate the stupidity of yours users). It basically says if user has no realm or has specified sussex as their realm, update the request, set stripped-user-name to be their username and set Realm to be local. else set their username as the entire User-Name string and set the request realm to be their specified Realm. Later in the config file theres: # PROXYING LOGIC # Eventually if we ever need to proxy to multiple locations we can do checks here, but for now assume all non local realms go through JRS if(%{request:Realm} != local){ update control { Proxy-To-Realm := jrs } update request { Realm := jrs } } So if the realm is not local then proxy to realm jrs (this is why I was waiting for the switch statement :) ) ++? if ((%{User-Name} =~ /([^-]+)-emergency-/) || (%{User-Name} =~ /?([EMAIL PROTECTED])@?([-[:alnum:]._]*)?$/)) expand: %{User-Name} - ac221 ?? Evaluating (%{User-Name} =~ /([^-]+)-emergency-/) - FALSE expand: %{User-Name} - ac221 ?? Evaluating (%{User-Name} =~ /?([EMAIL PROTECTED])@?([-[:alnum:]._]*)?$/) - TRUE ++? if ((%{User-Name} =~ /([^-]+)-emergency-/) || (%{User-Name} =~ /?([EMAIL PROTECTED])@?([-[:alnum:]._]*)?$/)) - TRUE ++- entering if ((%{User-Name} =~ /([^-]+)-emergency-/) || (%{User-Name} =~ /?([EMAIL PROTECTED])@?([-[:alnum:]._]*)?$/)) +++? if ((%{2} == ) || (%{2} == sussex.ac.uk)) expand: %{2} - ?? Evaluating (%{2} == ) - TRUE ?? Skipping (%{2} == sussex.ac.uk) +++? if ((%{2} == ) || (%{2} == sussex.ac.uk)) - TRUE +++- entering if ((%{2} == ) || (%{2} == sussex.ac.uk)) expand: %{1} - ac221 [request] returns updated +++- if ((%{2} == ) || (%{2} == sussex.ac.uk)) returns updated +++ ... skipping else for request 0: Preceding if was taken ++- if ((%{User-Name} =~ /([^-]+)-emergency-/) || (%{User-Name} =~ /?([EMAIL PROTECTED])@?([-[:alnum:]._]*)?$/)) returns updated ++? if (%{request:Realm} != local) expand: %{request:Realm} - ? Evaluating (%{request:Realm} != local) - TRUE ++? if (%{request:Realm} != local) - TRUE ++- entering if (%{request:Realm} != local) +++[control] returns updated See brokeness: ?? Evaluating (%{2} == ) - TRUE ?? Skipping (%{2} == sussex.ac.uk) +++? if ((%{2} == ) || (%{2} == sussex.ac.uk)) - TRUE +++- entering if ((%{2} == ) || (%{2} == sussex.ac.uk)) expand: %{1} - ac221 [request] returns updated Stripped-User-Name set to ac221 and i'm guessing Realm set to local... but then: ++? if (%{request:Realm} != local) expand: %{request:Realm} - No local ?! -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help stuck on error: rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf
How did u resolve this issue? thanks SB - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Add a secondary ldap server to radiusd.conf
On 23 Apr 2007 at 18:00, Jacob Jarick wrote: Hubert would you mind showing me how you map the ldap password to the radius password. Ive Tried checkItem userPassword User-Password but the radius debug logs complain that it Needs User-Password still :| On 4/23/07, Hubert Kupper [EMAIL PROTECTED] wrote: Hello, how can I add a secondary ldap server to radiusd.conf for failover? Jacob, we authenticate freeradius requests against Novell eDirectory with ldap. password_attribute = nspmPassword Regard Boert - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Add a secondary ldap server to radiusd.conf
Sigh, I should just tell my employers to buy novell edirectory, it does look very nice. On 4/24/07, Hubert Kupper [EMAIL PROTECTED] wrote: On 23 Apr 2007 at 18:00, Jacob Jarick wrote: Hubert would you mind showing me how you map the ldap password to the radius password. Ive Tried checkItem userPassword User-Password but the radius debug logs complain that it Needs User-Password still :| On 4/23/07, Hubert Kupper [EMAIL PROTECTED] wrote: Hello, how can I add a secondary ldap server to radiusd.conf for failover? Jacob, we authenticate freeradius requests against Novell eDirectory with ldap. password_attribute = nspmPassword Regard Boert - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Add a secondary ldap server to radiusd.conf
Hello, how can I add a secondary ldap server to radiusd.conf for failover? Regards Boert - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Add a secondary ldap server to radiusd.conf
O/H Hubert Kupper έγραψε: Hello, how can I add a secondary ldap server to radiusd.conf for failover? Just create a second ldap module instance with the secondary ldap server configuration and read doc/configurable_failover Regards Boert - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Add a secondary ldap server to radiusd.conf
Hubert would you mind showing me how you map the ldap password to the radius password. Ive Tried checkItem userPassword User-Password but the radius debug logs complain that it Needs User-Password still :| On 4/23/07, Hubert Kupper [EMAIL PROTECTED] wrote: Hello, how can I add a secondary ldap server to radiusd.conf for failover? Regards Boert - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Add a secondary ldap server to radiusd.conf
On 23 Apr 2007 at 11:18, Kostas Kalevras wrote: O/H Hubert Kupper : Hello, how can I add a secondary ldap server to radiusd.conf for failover? Just create a second ldap module instance with the secondary ldap server configuration and read doc/configurable_failover Thanks! I have 2 ldap module instances and will add 2 instances with the secondary ldap server. Boert - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help stuck on error: rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf
radiusd -X -A output: http://pastebin.ca/444201 radiusd.conf: http://pastebin.ca/444205 I am slowly setting up FR to work with ADS, I had ntlm_auth working fine but have been requested to swap to ldap my current freeradius user is \admins\radius\freeradius admins being an orgnisational unit, radius being an ou inside admins. I get this error when freeradius trys to confirm the user/passwd against the ADS. rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Fwd: Help stuck on error: rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf
I am still stuck on this problem, HELP PLEASE. I have 4 questions atm, 1 Does the password needs to be encrypted before being pasted to the config file. 2 Is it neccesary to configure the ldap client files. 3 Can you auth against ADS using LDAP without a password ? 4 If radiusd runs a command when auth'ing against ADS what is the command so I might test it. Id really appreciate any info at all, Thanks guys. -- Forwarded message -- From: Jacob Jarick [EMAIL PROTECTED] Date: Apr 17, 2007 4:55 PM Subject: Help stuck on error: rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf To: FreeRadius users mailing list freeradius-users@lists.freeradius.org radiusd -X -A output: http://pastebin.ca/444201 radiusd.conf: http://pastebin.ca/444205 I am slowly setting up FR to work with ADS, I had ntlm_auth working fine but have been requested to swap to ldap my current freeradius user is \admins\radius\freeradius admins being an orgnisational unit, radius being an ou inside admins. I get this error when freeradius trys to confirm the user/passwd against the ADS. rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd.conf: Why extra Auth-Type in authenticate section?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alan DeKok wrote: Martin Gadbois [EMAIL PROTECTED] wrote: Why the Auth-Type PAP { } construct? I tried RTFM and RTFC, but I have not seen an actual description of why that is there. It's not strictly necessary, but it doesn't hurt to have it. Does it mean if(Auth-Type == PAP) then { call pap } ? Is it general purpose? Could I do Group == staff { pap } in the authenticate {} section? Could you give me a function name in the source where this is done? (I like to RTFC!) Thanks! - -- == +--+ Martin Gadbois | Windows might take you from 0 to 60 faster, | S/W Developer | but to go to 100 you need Unix.| Colubris Networks Inc. +--+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFbZH19Y3/iTTCEDkRAssbAJ4oVPsDLGI2xeMJUdDdiBYE5Q2k7gCfW6W+ MpY30iG/NGAlrb+bgBrcbCg= =5ra6 -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd.conf: Why extra Auth-Type in authenticate section?
Martin Gadbois wrote: Does it mean if(Auth-Type == PAP) then { call pap } ? No. When the authenticate section is run, the Auth-Type is used to choose a particular module or section. It is NOT more general than that. Is it general purpose? Could I do Group == staff { pap } in the authenticate {} section? No. Could you give me a function name in the source where this is done? (I like to RTFC!) src/main/modules.c src/main/modcall.c Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd.conf: Why extra Auth-Type in authenticate section?
Martin Gadbois [EMAIL PROTECTED] wrote: Why the Auth-Type PAP { } construct? I tried RTFM and RTFC, but I have not seen an actual description of why that is there. It's not strictly necessary, but it doesn't hurt to have it. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Adding queries to sql.conf and/or radiusd.conf
Hi, I am looking to set radcheck.activeDate and radcheck.activated when a user logs in for the first time. At this same time I want to update or insert an expiration attribute for that user. I tried putting an update in the sql.conf file for the radcheck table with the queries that insert /or update radacct. Of course it didn't work. How can I add more queries to this area and how do I let Radius know that these queries have to run at specific times like accounting_start_query and accounting_update_query. I also tried concatenation of two queries but that didn't work either. Has anyone tried this before? Any ideas for me? I also thought about putting it in radiusd.conf file. Not sure where to start there. Thanks much. Michelle Running freeRadius 1.1.3 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Default radiusd.conf and Auth-Type LDAP comment
Thibault Le Meur [EMAIL PROTECTED] wrote: * the inner PAP authentication is processed by the ldap module in which I don't need to define which password hashing method is used (I use at least CRYPT _and_ MD5 in the same directory for historical reasons) Version 2.0 has fixes that make it much easier to handle multiple hashing types in the same LDAP database. Yes, I remember having read something about this in the list... I'm longing to test this release ;-) * I don't need to have freeradius _read_ the passwords from the directory: the DN identity defined in the ldap module can only have auth and read access to radius entries but not to the passwords (which in my point of view is more secure) If all you're doing is PAP, sure. Most wireless deployments use PEAP, and then people wonder why bind as user doesn't work. It's frustrating. I understand (It's true that this list is nearly 30% about this kind of issue despite the faqs on this) :-( Again, I might not have caught your meaning: Are you saying that in the future the standards ldap module will be only an authorization module, and that a new ldap_bind module could be used in the authenticate section ? I think it's a good idea. Why not indeed ... (as long as there's a new ldap_bind module to replace the ldap 'authentication' part ;-) ). Thanks for this reply and for this great opensource project. Regards, Thibault - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Default radiusd.conf and Auth-Type LDAP comment
On Fri 22 Sep 2006 10:52, Thibault Le Meur wrote: Thibault Le Meur [EMAIL PROTECTED] wrote: * the inner PAP authentication is processed by the ldap module in which I don't need to define which password hashing method is used (I use at least CRYPT _and_ MD5 in the same directory for historical reasons) Version 2.0 has fixes that make it much easier to handle multiple hashing types in the same LDAP database. Yes, I remember having read something about this in the list... I'm longing to test this release ;-) ftp://ftp.freeradius.org/pub/radius/CVS-snapshots It gets better every day. :-) -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpLEa9EZNSQn.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Default radiusd.conf and Auth-Type LDAP comment
On Fri 22 Sep 2006 10:52, Thibault Le Meur wrote: Thibault Le Meur [EMAIL PROTECTED] wrote: * the inner PAP authentication is processed by the ldap module in which I don't need to define which password hashing method is used (I use at least CRYPT _and_ MD5 in the same directory for historical reasons) Version 2.0 has fixes that make it much easier to handle multiple hashing types in the same LDAP database. Yes, I remember having read something about this in the list... I'm longing to test this release ;-) ftp://ftp.freeradius.org/pub/radius/CVS-snapshots Thanks, in fact I know that by using the developpment version I could have a test at the 2.0 branch, but I'm a little frightened to test it in my production environment... I think I'll use the CVS code on my backup server. It gets better every day. :-) I have no doubt about this ;-) Thibault - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE : Default radiusd.conf and Auth-Type LDAP comment
Thanks, in fact I know that by using the developpment version I could have a test at the 2.0 branch, but I'm a little frightened to test it in my production environment... I just want to correct my words because I don't want users on the list to misunderstand my meaning: I think the CVS code is certainly enough stable now to be used, but I need to install my new radius server quickly and I don't currently have time to adapt my setup to the new 2.0 code. I think I'll use the CVS code on my backup server. I'll really do, because testing and reporting is also a way to contribute. Thanks to all developpers for this great work. Thibault - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Default radiusd.conf and Auth-Type LDAP comment
Hi, This is just a comment on the default radiusd.conf provided information. In the authenticate section of the default radiusd.conf I can read about Auth-Type LDAP: quote # Note that this means check plain-text password against # the ldap database, which means that EAP won't work, # as it does not supply a plain-text password. /quote While usually true, this assumption is a little confusing sometimes. Indeed, when EAP-TTLS uses PAP (not an EAP protocol I know) as its inside authentication protocol, a cleartext password is provided to Freeradius which is then able to use a simple ldap bind exchange to authenticate the user. Could we replace with something like that quote # Note that this means check plain-text password against # the ldap database, which means that most EAP types won't work # as they do not supply a plain-text password (unless you use a # composite EAP scheme with and inner cleartext-enabled protocol # such as EAP-TTLS/PAP) /quote But this is a little tricky... Or more simply: quote # Note that this means check plain-text password against # the ldap database, which means that most EAP types won't work # as they do not supply a plain-text password # (an exception beeing EAP-TTLS with inner PAP authentication) /quote The second one could be less confusing for people trying to setup EAP-TTLS/PAP on ldap directories but of course this is not a big deal... Thibault - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html