Oliver Graf [EMAIL PROTECTED] wrote:
hm, not null, it should do as the other possible versions and return
the IP as string. Simply setting hp in error case to NULL should do
it.
Added, thanks.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-term solution is
to fix the VENDOR macro in src/include/libradius.h, so that the number
it returns is only 16 bits long.
I'll commit a fix today.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ron Wahler [EMAIL PROTECTED] wrote:
Would the following error indicate FR can't find the tls module.
No, it looks to me more like the LDAP server you're using doesn't
support TLS.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dmitriy Milashenko [EMAIL PROTECTED] wrote:
There is a small error (if it is an error) in default postgresql.conf. You
should change your authorize_group_check_query to
...
I've fixed this in the CVS head. Please check that it's OK before
0.9 is released!
Alan DeKok.
-
List info
Dave Mason [EMAIL PROTECTED] wrote:
That worked like a champ. Here's my new code, with the old code
commented out. From eap.c:
...
I've added that patch to eap.c. Please double-check that it works
before 0.9 is released.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
of the previous two error messages.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
, but the same results were encountered.
Worth to mention that if I am using the same scenario (database
fail-over) with Authentication the Freeradius did not fail.
Try the latest CVS snapshot. It has many bug fixes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
stay near me and
can see some of output on my monitor. i don't want allow hi
could see absolutely plain passwords. So, password encoding is just for
this.
shrug That's a tiny problem. If they have physical access to the
same machines you do, they don't need to snoop over your shoulder.
Alan
it can't find the IP address for localhost. Weird. It
works fine for me, so I would suggest checking /etc/hosts on your
system.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Jander Sunstar [EMAIL PROTECTED] wrote:
I want to include a users account number in their radius profile and get
it back in the NAS accounting packet. Is this possible via radius
attributes ?
See the Class attribute.
http://www.freeradius.org/rfc/attributes.html
Alan DeKok.
-
List
radtest on a different host.
Sounds like a byte order problem to me.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
, and
as a result, the code added recently to src/main/misc.c was wrong.
I've fixed it in the CVS head.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dave Mason [EMAIL PROTECTED] wrote:
I have a Freeradius server v0.8.1 (built with Red Hat 7.2) that
communicates with a backend server over a UDP socket. I find that I can
only read from the socket if the server is not running as a daemon.
What's the error?
Alan DeKok.
-
List info
of code. The hardest part
would be making the module take configuration values, which it doesn't
currently do.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Joachim Wickman [EMAIL PROTECTED] wrote:
I'm testing the pre-paid solution (with lifetime counter) that was
mentioned here on the list and is now wondering how I can reset one
counter when a client wants one more hour?
See the CVS snapshots: src/modules/rlm_counter/rad_counter.pl
Alan
to plan,
than checking the website now and then.
It should be less than 2 weeks.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
to decrypt the passwords? The key is going to
have to go somewhere, and having a key plus encrypted passwords is no
different than having plain-text passwords.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Lisa Casey [EMAIL PROTECTED] wrote:
Could you give me a url for finding more info about this? I've looked
through the Free Radius web site and can't find it.
Umm... look for the 'CVS snapshot' link on the downloads page?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
on monitor.
So why the heck is a casual observer looking at the encrypted
passwords? What's wrong with your system? Why doesn't it have proper
security and file permissions?
Adding broken code to the server to fix a broken security setup on
your machine isn't a good diea.
Alan DeKok
users with many different
classes of service and I want to create a DEFAULT entry for each class
which the user-specific entry references when authenticating.
Use the 'hints' file.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
module has been modified simplified, with
the result that it's easier to get it working, and easier to
understand why it doesn't work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
that the sequence
is changed (and a warning is added).
The solution is NOT to re-order the checks so that they *accidentally*
work. The solution is to check for one re-entrant version, if that
fails, check for another, etc.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
means that endless other
developers and users will curse your name.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
endpoint experienced a hiccup.
The server is configured by default to re-transmit proxied packets,
until the middle server sees a reply.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
with '-s'. It may work better.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
/shells
Also 'man shells'
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
idea.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-TLS
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
no clue what you're talking about. I think
you're completely misunderstanding the 'hints' file.
FreeRADIUS can be configured to strip the 'P' from the front of a
User-Name attribute. What more do you want?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
though, so it may not be relevant.
For me its relevant. Without freeradius is not thread-safe.
But the server ALREADY uses the '..._r' functions. What's the
problem? Or am I missing something?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
with the software?
I am using Perl on the client side. it would be the best if there
exist a perl module that can connect my program to do authentication
with the RADIUS server.
See CPAN.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AFTER that should work be done on TTLS and PEAP. Those two
protocols depend on common code, and that common code should exist
before any TTLS or PEAP specific work is done.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
yacine rebahi [EMAIL PROTECTED] wrote:
Can anyone give a hint about how to configure freeradius to support
digest authentication. it is not possible to link to the rlm_digest module.
Nonsense.
The latest CVS snapshot comes configured to automatically do digest
authentication.
Alan
Peter Markowsky [EMAIL PROTECTED] wrote:
I'm attempting to build freeradius-8.1 on my laptop a 12
powerbook.
Don't. Use the latest CVS snapshot. It's not perfect, either, but
it's a lot easier to build on OS X than 0.8.1 was.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
IF the existing code in rlm_eap doesn't use it.
This could go in before 0.9, in which case you wouldn't have to
worry about keeping up to date with later versions.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
*do* write documentation get that
documentation included in the server.
The users who don't like the documentation, don't submit updates,
and just complain about, will usually get ignored.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mark Lowe [EMAIL PROTECTED] wrote:
I'm looking through the configure script and make logs but if anyone's
has solved this then i'd appreciate the pearls of wisdom.
doc/OSX ?
The server *does* have some documentation, and it usually helps to
read it.
Alan DeKok.
-
List info/subscribe
the encrypted userPassword in ldap?
No. Absolutely not. It's totally impossible.
The FAQ makes this clear.
Alan Dekok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-proxy section,
Yes, for LEAP weirdness. If you're using the 0.8.1 EAP module, it
doesn't do LEAP.
Any chance of submitting the EAP module for inclusion with the rest
of the tree?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Rhys \(Gallamda\) [EMAIL PROTECTED] wrote:
Hi Have an NT4 Radius client (yea, I know) and am using sql
All is well excpet I never get data used in the logfile:
Is the client *sending* that data?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
are required.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
codes, which
are essentially identical to the RLM_MODULE return codes. Step one
would be fixing rlm_eap so that the return codes are sane. After
that, the question of what to return when, and how to handle the
return codes becomes much easier.
Alan DeKok.
-
List info/subscribe/unsubscribe
of the attributes in un-encrypted form.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
to use a mutex to prevent this problem?
Two radius server logging to the same detail file? It's odd, but
possible.
File locking is more robust.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
If the server loads it, and you can see it sending/receiving
netscreen attributes, then it works.
Once I can verify it, I'll happily pass it back to the FreeRadius people
for inclusion as a standard dictionary if they wish.
Sure. If it isn't too big, just post it to the list.
Alan DeKok.
-
List
?
In the debug log you posted to the list.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
You've listed the module in the 'authorize' block in radiusd.conf,
but haven;'t supplied an 'authorize' function in the perl script.
I dont have any authorize function, the example.pl doesn't have it either.
So... add one? Delete the module from the 'authorize' block?
Alan DeKok
being processed in a thread which
requires servicing before then.
I plan on having it fixed in 0.9.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the FAQ and the README's.
Read the FAQ and the README's.
Read the FAQ and the README's.
Read the FAQ and the README's.
Did I mention I *really* meant that you should read the FAQ and the
README's?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
, and fix
the code so that the PAP module works.
That will allow the mutex to be in a logical place: the PAP module's
data structure.
ALan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
, then
authentication should still be working when accounting stops.
Are you *sure* that the server is sending Access-Reject packets?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
() and possibly crypt(), but not
necessarily crypt().
All of it's hacks as to caching /etc/passwd should go away, once we
verify that rlm_passwd does the same thing.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Jeff Sullivan [EMAIL PROTECTED] wrote:
rlm_sql (sql): failed after re-connect
rlm_sql (sql): Couldn't update SQL accounting STOP record - ERROR:
pg_atoi: zero-length string
So... fix the string so it isn't zero length?
The CVS head contains fixes to the PostgreSQL queries.
Alan DeKok
,
and with Apache. It isn't clear how to keep per-request configuration
data, for use by other modules.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
headers: no, they get sent back to the browser
c) ?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
?
First, check that your SQL server is responding within a reasonable
time. See 'doc/rlm_sql'.
Otherwise, upgrade to the CVS head. It has fixes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
this:
ClinetMachineName Auth-Type := EAP
cisco-avpair= tunnel-type(#64)=VLAN(13)
cisco-avpair= tunnel-medium-type(#65)=802 media(6)
cisco-avpair= tunnel-private-group-ID(#81)=Service
See 'man users'
Use '+='
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
string
Any Help?
The same question was asked and answered yesterday, I believe.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the switch is supposed to use chap. The radius server sees all
the right attributes, but what is this chap stuff all about?
Read the debugging messages.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
an ACCEPT or REJECT according to succesful authorization and
authentication responses, where X+Y6.
That's a horrendously evil hack, and I would strongly advise against
it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
) solution, is to patch radrelay, so that
it calls 'xlat' on the filename. This allows the detail file to be
time-specific, so that it is automatically rotated.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
large changes in the latest CVS, but it appears to
be more stable than 0.8.1.
0.9 should be released by the end of June.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
processing the accounting packets is the one using the
CPU, obviously.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Jeff Sullivan [EMAIL PROTECTED] wrote:
My accounting is going to postgres.
So... see how long the postgres queries take.
See if the postgres server is running on the same machine as
freeradius.
See if the postgres process is using all of the CPU.
Alan DeKok.
-
List info/subscribe
Hmm... try the latest CVS snapshot. It has a number of issues fixed
with SQL qeueries, and PostgreSQL specifically.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
:
On further checking, the CVS head already has large file support, so
it should work fine with files larger than 2G.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Gene Parks [EMAIL PROTECTED] wrote:
I would love to post process it but our accounting system calls for the
detail file and is looking for that attribute so I thought it might be
easier to just change it in Freeeradius.
So use rlm_attr_rewrite...
Alan DeKok.
-
List info/subscribe
be patched to 'auto-detect' the authentication
mechanism, and do the right thing.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
for the response. During this time,
the server does NOTHING but wait.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
=?GB2312?Q?=CD=F5=D6=BE=D0=C0?= [EMAIL PROTECTED] wrote:
Does FreeRADIUS supprot EAP-TTLS and PEAP?
It's not in the list of features on the web site, so my guess would
be no.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Wei Ming Long [EMAIL PROTECTED] wrote:
Can advice me on how to understand source code for freeradius?
Read the source code.
where to begin
main() is a good start.
any flowcharts for the code?
In free software?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
at the application data.
TTLS and PEAP will then be almost exactly the same as the re-written
TLS module.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
$ ./configure
and it will work. 'configure' is designed to do that.
So you have multiple options to get FreeRADIUS working on your
system, and none involve patches or changes to FreeRADIUS.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
, I would suggest
buying a Unix administration book, and reading that.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
guess I'm asking how to merge in new code that uses
threads, while using only one thread for freeradius services.
I'm not sure why having one thread for FreeRADIUS would be a
requirement.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
2) Is the Reject value case sensitive?
No.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ajai Khattri [EMAIL PROTECTED] wrote:
Is it possible to log to a MySQL database rather than a log file?
Not right now.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
a meaningful error message.
There's little you can do to FreeRADIUS to fix the problem, if the
Quintum box won't even tell you waht the problem is.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
standard this matches
FreeRADIUS is adhering to.
It's the default for 'configure' scripts. It's easy enough to
change by passing arguments to 'configure' that it's not much of a
problem.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
, and to authenticate the user
locally.
You don't need to set an Auth-Type. If the packet has EAP, then the
EAP module will set it for you.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
in the
flags portion, the packet should contain another 4
bytes of data.
OK... does the EAP header (length field) say that the 4 bytes are
*not* in the packet?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
each device's IP individually in my
'clients' file, or will I simply be able to put a network block, and the
key for that entire block?
You can do that, but I wouldn't recommend it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found
rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the
search path of your system's ld.
radiusd.conf[14]: sql: Module instantiation failed.
You probably don't have a static MySQL library.
Alan DeKok.
-
List
worried about with that?
Yes. A secret shared by hundreds of network devices isn't very
secret.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
instances of the SQL module by using standard methods.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the RADIUS server assign an address. This is what RADIUS does.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
glance, but I'm sure there are non-obvious problems.
I don't know. A lot of people have been using it with some measure
of success.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Khakbiz [EMAIL PROTECTED] wrote:
i have installed freeradius-0.5 and postgresql-7.0.3 .
Huh? YOu've gone out of your way to install a version of the server
which is about a year old? Why not use the latest version, 0.8.1?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
[authorize]: module suffix returns noop
users: Matched steve at 80
modcall[authorize]: module files returns ok modcall: group authorize
returns ok
And you haven't listed 'eap' as an authentication method, so the
EAP-Message in the packet will be ignored by the server.
Alan DeKok
not
found in the config files ?
No, the port number is not used to determine known/unknown clients.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
. Network outages cause serious problems.
Nota: in the USAGE file of pam_radius, the 'retry' parameter is said
to be not currently implemented, which is wrong
Yes, that's corrected in the latest CVS version of the module.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
at the same time.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
It's looking pretty good. A number of serious issues (e.g. HUP)
have been fixed, and a lot of cool new features have been added
(e.g. LEAP)
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
something wrong.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
: ldap_enable_cache
This was discussed on this list just a few days ago.
Upgrade to the latest CVS snapshot.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-authentication. It's crazy, and it'll be painful to implement,
because of that.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
in an module specifically for 802.11f, which will do all of that
crazy packing/unpacking, so that the rest of the server can access the
attributes in a sane manner.
i didn't take a look yet, but it seems to me that it's not the first
time you mention it :-)
It scares me.
Alan DeKok.
-
List
what I've
seen. It would be easier to add PEAP to FreeRADIUS than to add EAP,
and then PEAP to another server.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
. Ignoring them
means you may have been told why it won't work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
901 - 1000 of 2612 matches
Mail list logo