to be using threading
functions.
Weird.
That being said, SIGHUP isn't, in general, supported. A running
server may kill itself when sent a SIGHUP, due to data structures
being deleted underneath from running threads. This should be fixed
before 1.0...
Alan DeKok.
-
List info/subscribe
message, saying you've tried it, and it works.
Until then... I doubt that much will happen.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
:-)
The post-proxy is whenever I get around to it, I guess...
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
'
Fall-Thriugh = No
That's NOT a quote from your 'users' file. When asking for help,
it's a good idea to QUOTE the file, and not mangle it by re-typing it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
a problem, but we have no way of verifying
the problem is what you claim. We have no way of reproducing the
problem.
So there's little to nothing that we can do to fix it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Svetlana Vyslanko [EMAIL PROTECTED] wrote:
I am new mamber in this discussion. I have used freeradius 0.7.1.
I've got such warning from rlm_sql:
Error: Invalid operator for item Password: reverting to '=='
Look at the operator your using for the Password attribute?
Alan DeKok.
-
List
=?ISO-8859-1?Q?Mois=E9s?= David =?ISO-8859-1?Q?Rinc=F3n?= D'Hoyos
[EMAIL PROTECTED] wrote:
It just adds 'Op' to the select, to make postgresql work in the same way
mysql and mssql configurations do.
Well, the patch was inverted, but I've managed to figure it out, and
add it. Thanks.
Alan
. They're nothing I
recognize.
Try the latest version from CVS. (I think you said you were running
0.7...). Version 0.7 had an issue where certain packets could cause
the server to call memset() with a NULL pointer, which would cause it
to crash. This problem has been fixed in the CVS head.
Alan
-prototypes -Wmissing-declarations
-Wnested-externs -I../include -c request_list.c
make[4]: *** No rule to make target `-lltdl', needed by `radiusd'. Stop.
You probably told it to NOT use or install libltdl, and you don't
have one on your system.
Alan DeKok.
-
List info/subscribe/unsubscribe
this '-y' and '-z' but i
don't use there.
Then you've got them enabled in the configuration file.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
reason, the original Merit/LDAP servers now
receive the following in ther logs:
shrug If Merit is broken, I cant help you there.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
become clear very quickly.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
When using preproxy, *all* requests which get proxied get passed
through the 'preproxy_users' file. This means BOTH accounting and
authentication.
It may be useful to split them up, but that may be more work than
it's worth.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
Guillermo Schimmel [EMAIL PROTECTED] wrote:
I will have to wait at least until 0.8 (That sounds stable enough for
him. I don't get it.)
So, there isn't any chances for me to rewrite the Calling-Station-Id value?
Not until 0.8, sorry.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
=?iso-8859-1?Q?H=E5kan_H=F6glin?= [EMAIL PROTECTED] wrote:
I'm failing to run it as a server. I havent really seen any docs regarding
this but I tried to run it from inetd, but it wont start.
Huh? Where did you get the idea that it could run from inetd?
Alan DeKok.
-
List info/subscribe
configured to do both PAP and CHAP.
Read the radiusd.conf file for more details.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
to completely
kill and completely restart it.
That would be a good work-around for now, until someone supplies a
patch to handle HUP's a little better.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
that is.
(Which is a bit of a circular argument...)
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
on. All my gettys, my sshd. Only init
and the various kernel threads survive. Actually, bash
survives too... I dunno how that works. :-)
Yeah, sorry more dumb typos on my part. I'll fix it today or
tomorrow.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
that a user wants to do.
If you buy the book from Amazon through the link on freeradius.org,
then some money will go back into FreeRADIUS development.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the 'realms' file, and 'proxy.conf'
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
McKay, Raymond [EMAIL PROTECTED] wrote:
I am setting up a wireless network using FreeRadius and ORINOCO AP-2000
access points. I am trying to setup EAP/TLS for auth and encryption.
See the EAPTLS document in:
http://www.freeradius.org/doc/
Alan DeKok.
-
List info/subscribe
complaining to the list that you've broken your local
configuration, and go fix it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Nikhil Chauhan [EMAIL PROTECTED] wrote:
Does Cisco's Aironet 350 series AP run with Windows 2000 Radius server?
Who cares?
And why are you posting a question about a commercial RADIUS server
to the FreeRADIUS list?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
'online' accounting information to be
stored somewhere. For 0.7, this means 'radutmp'. So without using
the 'radutmp' module, you'll have a hard time getting Simultaneous-Use
to work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
in background (without any options), after TERM
modules are NOT cleaned-up (but main process and its child are
all terminated).
shrug So supply patches.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
snapshot. The problem is fixed there.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
:= SQL1
DEFAULT NAS-IP-Address == 10.0.0.2, Acct-Status-Type == Stop,
Auth-Type := SQL2
Auth-Type is for authentication. Use Autz-Type for authorization.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
? And why do you think it has
anything to do with RADIUS?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
instead of the LDAP username.
Again, you didn't post the debugging output of the server. This
time, you posted the accounting logs. If you're trying to debug
authentication, why are you wasting your time looking at the
accounting logs?
Read the FAQ. It's really not that hard.
Alan DeKok
on thread programming. Go read some books or 'man'
pages, and try to figure out what the server is doing. If you see any
bugs, please report them on the list.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
that information away.
I don't recall if SQL sessions are supported completely in 0.7. I
do know they're in the CVS head.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
, and therefore can't
be resolved into an IP address. So how do you expect the server to
know what that hostname is? You don't know yourself!
Stop blaming the server, and fix your DNS. Even better, put IP
addresses in the 'clients' file, instead of hostnames which don't
exist.
Alan DeKok.
-
List
Alexandr Skarbo [EMAIL PROTECTED] wrote:
...
Hmm.. a duplicate post from someone who didn't read my response to
his first post.
delete
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Raymond Chen [EMAIL PROTECTED] wrote:
Do any of you know how make freeradius return multiple AV pairs back to
NAS? Please provide detail.
Read the 'users' file shipped with the server? It has examples of
doing exactly that.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
FreeRADIUS so that I can have our Airport Base
Stations and other various wireless access points utilize LEAP
encryption.
Uh... FreeRADIUS doesn't do LEAP. That's a Cisco special protocol.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
support to a RADIUS server?
As for adding modules, I add most of the ones people write. And
people outside of the FreeRADIUS core hacve contributed a substantial
number of the modules, which is why it was designed around modules in
the first place...
Alan DeKok.
-
List info/subscribe
. 'make', curse, and re-edit until it works. ;)
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
And the RADIUS server has to support LEAP, unless I'm missing
something. LEAP is encapsulated in EAP, which is sent in a RADIUS
packet. See the documentation.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[EMAIL PROTECTED] wrote:
While in debug mode, after Ctrl-C server does mot
exit clearly.
Yes... if you had seen one of my previous messages on this topic,
you would know that this is intentional, and WHY it's intentional.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
Ricardo Gadea [EMAIL PROTECTED] wrote:
Is it possible to give Radius authentication to oracle users through the
radius module for PAM?
I don't see why not.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
: undefined
reference to `lt_preloaded_symbols'
You don't have libltdl on that system. It comes with the server, so
I don't see why it isn't there.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
database takes more than 5
seconds to respond to a request, then the RADIUS server will not be
able to authenticate people.
Once the database is broken, the RADIUS server (which depends on the
database) can't be any better.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
. I just want to send the
Redback VSA for Client_DNS_Pri and Client_DNS_Sec in the response.
Have you tried adding the attribute name, value, and operator, just
like for any other attribute? There's nothing magic about VSA's.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
!.
Any other behaviour is wrong.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
more description of the operators.
I tried the following entries:
Client_DNS_Pri = 1.2.3.4
Redback:Client_DNS_Primary = 1.2.3.4
Where? How did you configure them? What did the server say when
you used them?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
easier to set up.
Also, RADIUS won't supply all of the information to the second PC
that it needs. NIS will.
Don't use RADIUS.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| password | == |
+-+--+---++--+
The SQL schema is meant to mimic what goes on in the 'users' file.
So look at the 'users' file for examples...
should the op field be null?
Absolutely not.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
it but that
seems excessive.
Simply do 'mv radius.log radius.log.1'
The server always opens the log file by name, so moving it out of
the way will cause a new one to be created.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ricardo Gadea [EMAIL PROTECTED] wrote:
Does anyone now if AIX supports PAM authentication?
Have you tried reading your AIX documentation?
And the PAM to RADIUS authentication module?
I don't know of any system which ships with a PAM to RADIUS module.
Alan DeKok.
-
List info/subscribe
radrelay to
copy the data to another system.
p.s.: does rlm_detail locking work together with NFS? (I'm not an NFS
guru, please explain your answer, thanks)
I would expect so, if NFS supports locks, without bugs. Not all NFS
implementations do...
Alan DeKok.
-
List info/subscribe
.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
for the schema to do 'op NOTNULL'. I know next to
nothing about SQL, so I'm wary of doing it myself.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
As for radwtmp, you might as well delete it, if it gets big enough.
I don't even see a need for it, for most situations.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
, 192.168.192.22 and
192.168.192.23, in my /usr/adm/radacct directory, as it should be, and
these two directories have details files, as they should.
Yeah, it's a bug in older versions of the server. See why upgrading
is a good idea?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
Daniel Monjar [EMAIL PROTECTED] wrote:
it is 0.7.1... should I upgrade?
Wait a week or so.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
that, the request will be processed as before the patch.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
perform when running the server.
If all goes well, we hope to have an official release of 0.8 some
time next week.
Alan DeKok.
On behalf of the FreeRADIUS team.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
. But I still think there's something wrong.
If the function doesn't exist, then the module shouldn't even
compile.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
a complicated
local configuration.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Milan P. Stanic [EMAIL PROTECTED] wrote:
I don't know of any system which ships with a PAM to RADIUS module.
GNU/Debian 3.0 (Woody)
Description
...
The module I wrote. That shows the Debian people are perceptive and
wise. :)
Alan DeKok.
-
List info/subscribe/unsubscribe? See
.) It's a step ahead over
the docs shipped with the server.
I'll be adding a freeradius configuration section to my 'Pedantic
FreeBSD' so at least my users have usable documentation for use in
future implenentations.
Are you willing to write docs for inclusion with the server?
Alan DeKok
support has been removed in the CVS head, as the libraries
it needs are still in development, and aren't done.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
information free Radius is looking for, and when!
The server doesn't look for ANY information, other than what you
configure it to look for.
Read the files in the 'doc' directory. See 'doc/aaa.txt'.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Class=0x101
but this doesn't work
Exactly how does that entry look like the example given in
'radiusd.conf'? THat might be the cause of your problem...
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Emre Bastuz [EMAIL PROTECTED] wrote:
I was wondering if there are plans to operate a tool like
Chora (http://www.horde.org/) on the FreeRadius homepage.
Would be nice to have a browsable CVS tree.
Why? What would it gain us?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
Paul Hampson [EMAIL PROTECTED] wrote:
Why? What would it gain us?
The ability to go back and see when a markedly broken problem
(such as that kill(-1) thing from last week) was introduced
and what the _intention_ was.
http://www.freeradius.org/cvs-log/
Alan DeKok.
-
List info
to do
additional work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
to simply re-post the docs, I don't see why you're
wasting your time.
I'm interested in seeing *solutions*, or *patches* to the server,
not re-posts of the documentation.
Any suggestions?
Will you submit a patch?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
on the firewall, and proxy
SSH to another machine. You can then set up SSH on the firewall on a
non-standard port, and allow only administrators to log in to the
firewall directly.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
. And I don't see how re-posting
bits from the documentation will help solve the problems it talks
about.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Miles Wilton [EMAIL PROTECTED] wrote:
Is there any way to make authentication occur first from PAM an dthen if
this fails, off a username/password in MySQL db?
Yes. See 'doc/configurable_failover'
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
versions)...
I'll fix that, thanks.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the
dictionary files for details.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
like the server isn't receiving accounting packets.
Run it in debugging mode UNTIL it sees accounting packets, and then
look at radutmp and detail.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
like?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Victor Sanchez [EMAIL PROTECTED] wrote:
i used freeradius 0.4. this bug is that resolve in 0.6 and say in changelog ??
* Fix race conditions when duplicate packets resulted in a request
being processed by two threads, at the same time.
Yes.
Alan DeKok.
-
List info/subscribe
instance use another? Can
you post a sample of the debug messages, which shows the problem?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
No, CPPFLAGS are for C++ compilation. Use CFLAGS for C.
There is no C++ code in FreeRADIUS.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
in the Makefiles? This is a basic
Unix tool set question, and has nothing to do with your platform or
FreeRADIUS.
Yes, I have seen. But I do not see how to add -fast... With CPPFLAGS -fast
it works... but can not compile libltdl..
So don't use it there.
Alan DeKok.
-
List info/subscribe
it work with netscape, sorry.
Alan Dekok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mode.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
, then everything will
work for me. Is there any other way to do it without changing
dictionary?
Right now, no.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mody Sachin (Princeton) [EMAIL PROTECTED] wrote:
Does anyone know of any front-end tools for FreeRadius?
Like dialup_admin (web gui), which is included in the distribution?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
no relationship to each other.
I still don't understand why it's an issue.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
a module to pull the information you want out
of the attributes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
snapshot from later tonight. I've updated a lot
of the error messages in the SQL module to be more helpful.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
releases.
The fix to valuepair.c is very minor -
I believe that this fix is already in the latest CVS version.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
to keep track of users locally
by information OTHER than their username, but to check for
Simultaneous-Use on the NAS by username and NAS port.
I'm not sure how to do this right now.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
to
access the kerberos server.
Unfortunately, when we try to authenticate, nothing is coming up in
radius.log, so I can't find out anything there.
So run the server in debugging mode, as it suggests in the README,
the documention, and in the FAQ.
Alan DeKok.
-
List info/subscribe/unsubscribe
returns ok
auth: No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
Hmm... can you try this using the latest CVS version? I think
there's a bugfix there which may help.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
them to add that to their login name.
and decided against realms, since I would have to notify a few thousand
people.
With the attr_rewrite module, it should be possible to have the
server re-write the usernames for them.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
you're refusing to do any work to find out
the answer for yourself. I don't know what's going on in your
server. YOU can find out by running it in debugging mode.
I've said that until I'm sick of saying it, and still you refuse to
follow simple instructions.
Go away.
Alan DeKok.
-
List
to another generic Radius server?
Yes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
additional information.
A patch to rlm_krb5, so that it takes any return error string/code
from kerberos, and outputs debug information saying WHY it failed?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
know. But if they support RADIUS, they should work
with FreeRADIUS.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Brian Johnson [EMAIL PROTECTED] wrote:
? I am looking to create a completely custom user system database backend
for FreeRADIUS. I was wondering if there is a doc on the variables that
may be used in the SQL queries specified in the mssql.conf file.
doc/variables.txt ?
Alan DeKok.
-
List
.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Brian Johnson [EMAIL PROTECTED] wrote:
So I could use %n or %{Framed IP address}.
Is that correct?
No, you've got to use the dictionary names: %{Framed-IP-Address}
pedantic mode off
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ynjiun P. Wang [EMAIL PROTECTED] wrote:
more information about Segmentation fault:
...
Which version are you using? If you're using 0.7.1 (or earlier) try
the latest CVS snapshot before spending any more time tracking down
the problem.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
901 - 1000 of 2612 matches
Mail list logo