Thanks again alan.
ntlm_auth error fixed, just working on the next 1 now :)
On 4/17/07, Alan DeKok [EMAIL PROTECTED] wrote:
Jacob Jarick wrote:
Im currently trying to configure freeradius to authenticate via a
win2k3 server, check the users group and then return a confirmation/
denial +
radiusd -X -A output: http://pastebin.ca/444131
radius.conf: http://pastebin.ca/444132
OK Ive sorted that pesky ntlm_auth error, but I have encountered a
new 1 (at least its something new :D ).
The specific part of the error is below.
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap:
Hi Alan,
On Mon, Apr 16, 2007 at 04:39:16PM +0200, Alan DeKok wrote:
Try 32 HUPs. The memory will increase, but won't grow after that.
At some point in the future, it can be fixed to do more cleanups after
HUP.
== well, I've done the tests with 32 reHUPs and I'm getting
segmentation
radiusd -X -A output: http://pastebin.ca/444162
radiusd.conf: http://pastebin.ca/444163
I just figured out that ou != groups.
So my current freeradius user is \admins\radius\freeradius
admins being an orgnisational unit, radius being an ou inside admins.
I get this error when freeradius trys to
radiusd -X -A output: http://pastebin.ca/444201
radiusd.conf: http://pastebin.ca/444205
After re-reading http://wiki.freeradius.org/index.php/Rlm_ldap
I enabled ldap debug and re-aranged the ldap config like so:
before:
identity = cn=freeradius,ou=admins,ou=radius,dc=tfxschool,dc=internal
Hi all,
On Mon, Apr 16, 2007 at 04:40:18PM +0200, Alan DeKok wrote:
You're using SNMP. You ran into an assertion. Try cvs update.
== I did cvs update this morning. I don't think it's an assertion(no
clean exit on assertion but segmentation fault). I synchronized the
radclient binary +
Milan Holub wrote:
== well, I've done the tests with 32 reHUPs and I'm getting
segmentation fault during the promised cleanup:
...when 32nd HUP received:
Ok... after some work with valgrind, the problem should be fixed. The
server shouldn't use more memory after a HUP, and it shouldn't
radiusd -X -A output: http://pastebin.ca/444201
radiusd.conf: http://pastebin.ca/444205
I am slowly setting up FR to work with ADS, I had ntlm_auth working
fine but have been requested to swap to ldap
my current freeradius user is \admins\radius\freeradius
admins being an orgnisational unit,
hello,
i want testing my Freeradius with mssql.
so by starting radiusd -X i have this error:
rlm_sql (sql): Driver rlm_sql_unixodbc (module rlm_sql_unixodbc) loaded and
linked
rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to
Milan Holub wrote:
Oh and I forgot: when I move definition of localhost from clients.conf
to nas table I'm getting segmentation fault also when sending test
requests from localhost as well.
*Please* run the server under valgrind to find the source of these
problems.
Alan DeKok.
--
the issue is that now Packet-Src-Ip-Address Always matches ! Everywhere.
Should be fixed.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See
Alan DeKok wrote:
the issue is that now Packet-Src-Ip-Address Always matches ! Everywhere.
Should be fixed.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See
Has anyone had any luck compiling pam_radius_auth on ubuntu?
On Mon, 16 Apr 2007 15:13:49 +0200, Alan DeKok [EMAIL PROTECTED] wrote:
daniel wrote:
I am trying to set up unix authentication using radius.
Does the pam module support the maximum session times.
No, because PAM has no
Hy all,
i use freeradius 1.1.3
here is my problem:
i use radiusaccounting into a mysql database.
I want to extract information out of the accounting packet and insert it
into the sql database:
My Acct-Session-Id looks like this.
Acct-Session-Id = domain\\userThu Mar 1 14:29:58 2007NC
the
[EMAIL PROTECTED] wrote:
So i put this to acct_users:
DEFAULT Acct-Session-Id =~ ^.*(NC|JSAM|WSAM).*
My-ST == `%{1}`
Please read man users. You are putting the attribute in the reply
list. You are using ==, which is a comparison operator, rather than ='.
i see that rad_xlat
Hello,
I would like to create a login user on my database backend which allows
everybody - regardless of username - to login as long as the password is
correct.
Is there a way to create such a user?
thanks and regards
Christoph
---
Ing.
Hello,
well so far it seems to works partly as I get the following error:
auth: type EAP
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
rlm_eap: EAP-Message not found
rlm_eap: Malformed EAP Message
Currently working on that.
regards
Hello!
1. During setup of rlm_sqlippool module, I found some compatibility issues
with PostgreSQL server. I remind that rlm_sqlippool uses transactions. In
that case all of queries and commands including BEGIN, COMMIT and
ROLLBACK in PostgreSQL must ends with ; or query will fail. I have this
Auth-Type:= Accept will let everyone in.
Ivan Kalik
Kalik Informatika ISP
Dana 17/4/2007, inverse [EMAIL PROTECTED] piše:
Anybody got an idea on how the entry in the users-file has to look like
something like
DEFAULT Auth-Type := Eap, User-Password == blah
with deafult eap type set to md5.
I've managed to reach my goal with the following entry in the users-file:
DEFAULT Auth-Type := Local, User-Password == something
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Compression = Van-Jabobsen-TCP-IP,
Cisco-AVPair = 'ip:addr-pool=somepool'
Hi,
We seem to be having the The maximum number of threads (32) are active
with Freeradius 1.0.3. Version 1.0.1 works just fine.
I tried to do a valgrind with - but when radiusd displays that message,
you can no longer kill it.
I have the debug output from the - and it shows the
On Tue 17 Apr 2007, Alexander V. Klepikov wrote:
Hello!
1. During setup of rlm_sqlippool module, I found some compatibility issues
with PostgreSQL server. I remind that rlm_sqlippool uses transactions. In
that case all of queries and commands including BEGIN, COMMIT and
ROLLBACK in
On 4/17/07, Alan DeKok [EMAIL PROTECTED] wrote:
Rick Macdougall wrote:
Hi,
We seem to be having the The maximum number of threads (32) are active
with Freeradius 1.0.3. Version 1.0.1 works just fine.
Upgrade to 1.1.6. It has a whole host of fixes.
Yah, I've already downloaded it in
Hi Alan,
On Tue, Apr 17, 2007 at 11:45:28AM +0200, Alan DeKok wrote:
*Please* run the server under valgrind to find the source of these
problems.
== finally I managed to compile valgrind and can give you thus its
output...
I did fresh cvs checkout and then created a debian package on
Anybody got an idea on how the entry in the users-file has to look like
something like
DEFAULT Auth-Type := Eap, User-Password == blah
with deafult eap type set to md5.
I've yet to try it tho, may you report back if it works?
-
List info/subscribe/unsubscribe? See
Rick Macdougall wrote:
Hi,
We seem to be having the The maximum number of threads (32) are active
with Freeradius 1.0.3. Version 1.0.1 works just fine.
Upgrade to 1.1.6. It has a whole host of fixes.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
Hello,
well I guess I can't do that with MySQL-Queries.
Anybody got an idea on how the entry in the users-file has to look like.
thanks and regards
Chris
-Ursprüngliche Nachricht-
Von: Galuschka Christoph
Gesendet: Dienstag, 17. April 2007 14:04
An:
daniel wrote:
Has anyone had any luck compiling pam_radius_auth on ubuntu?
$ apt-get install libpam0g-dev
$ cd pam_radius
$ make
Does the pam module support accounting packets (ie. send accounting packet to
radius when user logs on?)
Yes.
Alan DeKok.
--
http://deployingradius.com
Galuschka Christoph wrote:
I've managed to reach my goal with the following entry in the users-file:
DEFAULT Auth-Type := Local, User-Password == something
Don't set Auth-Type = Local. PLEASE.
Instead:
DEFAULT Cleartext-Password := something
...
And make sure you have pap
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Setting up 1.1.6 on a Sun with `uname -a` giving
SunOS sunfire 5.10 Generic_118822-26 sun4u sparc SUNW,Ultra-30
configure does not show errors, only warnings. Unfortunately make dies
with:
creating rlm_dbm.la
(cd .libs rm -f rlm_dbm.la ln -s ../rlm_dbm.la rlm_dbm.la)
On Monday 16 April 2007 07:52:43 Alan DeKok wrote:
Kevin Bonner wrote:
Try http://bugs.freeradius.org/show_bug.cgi?id=150
I doubt that patch will still apply cleanly due to the many recent
changes. I'll see if I can test the CVS head later today and submit a
newer patch.
Please try
[EMAIL PROTECTED] wrote:
Auth-Type:= Accept will let everyone in.
No. Every EAP method I am aware of will require the successful
completion of the challenge-response. Just setting Auth-Type to Accept
will break things completely.
You *might* possibly be able to use EAP TTLS+PAP and set
inverse wrote:
Anybody got an idea on how the entry in the users-file has to look like
something like
DEFAULT Auth-Type := Eap, User-Password == blah
with deafult eap type set to md5.
I've yet to try it tho, may you report back if it works?
This suggestion is wrong on a number of
On Tue 17 Apr 2007, Rick Macdougall wrote:
On 4/17/07, Alan DeKok [EMAIL PROTECTED] wrote:
Rick Macdougall wrote:
Hi,
We seem to be having the The maximum number of threads (32) are
active with Freeradius 1.0.3. Version 1.0.1 works just fine.
Upgrade to 1.1.6. It has a whole
hi,
do you have OpenSSL installed or using a Solaris derivation?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Norbert Wegener wrote:
Setting up 1.1.6 on a Sun with `uname -a` giving
SunOS sunfire 5.10 Generic_118822-26 sun4u sparc SUNW,Ultra-30
configure does not show errors, only warnings. Unfortunately make dies
with:
...
creating rlm_dbm.la
...
In file included from
Milan Holub wrote:
1) snmpwalk (read-query) - when reading the NAS entries
...
I get Segmentation fault:-(
== full -X debug output + valgrind:
http://pastebin.ca/444684
It looks like a NULL de-reference. i.e. a NULL isn't checked before
it's de-referenced to look into a structure. It
Kevin Bonner wrote:
...
Tested with the CVS head as of this morning and everything looks good to me,
even the per-client data. I'm hitting a segfault when testing the cases I
listed in bug#150, but I don't think it is related to the SNMP portion of the
code. Segfault info is below.
With nearly the same config files as I had working on 1.0.1, I'm having
problems with 1.1.6 authenticating WPA users.
Probably something to do with this:
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create
[EMAIL PROTECTED] schrieb:
hi,
do you have OpenSSL installed or using a Solaris derivation?
I am not really familiar with Solaris.
[EMAIL PROTECTED]:/# openssl version
OpenSSL 0.9.7b 10 Apr 2003
Is this information sufficient?
Norbert Wegener
alan
- List info/subscribe/unsubscribe?
Alan DeKok schrieb:
...
In file included from /root/freeradius-1.1.6/src/include/radiusd.h:31,
from rlm_dbm_parser.c:52:
/usr/include/netinet/in.h:302: warning: `INADDR_ANY' redefined
/root/freeradius-1.1.6/src/include/missing.h:73: warning: this is the
location of the
Has anyone a sample configuration of 3Com 4500 switch to work with
Freeradius?
I :)
I conf. that 3Com few days ago :) with pdf from 3com cd.
Any question for that configuration?
Br
Kamyk
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Norbert Wegener wrote:
This leads to a related problem in another context:
/root/freeradius-1.1.6/src/lib/.libs/libradius.so: undefined reference
to [EMAIL PROTECTED]'
It looks like libradius is looking for crypt, for reasons I don't
understand.
Alan DeKok.
--
matthew zeier wrote:
With nearly the same config files as I had working on 1.0.1, I'm having
problems with 1.1.6 authenticating WPA users.
See man rlm_pap in 1.1.6. That might help.
If there are other relevant files, let me know. Box is more or less a
stock RHEL4.
Debug output?
Alan DeKok wrote:
matthew zeier wrote:
With nearly the same config files as I had working on 1.0.1, I'm having
problems with 1.1.6 authenticating WPA users.
See man rlm_pap in 1.1.6. That might help.
If there are other relevant files, let me know. Box is more or less a
stock
matthew zeier wrote:
I pasted all of 'radiusd -X' to http://pastebin.mozilla.org/10251. Is
that enough debug ?
Yes.
In 1.0.1, where are the passwords obtained from? LDAP? users file?
LDAP.
The debug output doesn't reference LDAP. i.e. you moved only part of
your configuration
Alan DeKok wrote:
matthew zeier wrote:
I pasted all of 'radiusd -X' to http://pastebin.mozilla.org/10251. Is
that enough debug ?
Yes.
In 1.0.1, where are the passwords obtained from? LDAP? users file?
LDAP.
The debug output doesn't reference LDAP. i.e. you moved only part
Can you post the errors?
I haven't used 1.0.1 in *years*, so I have no idea what may or may not
work when upgrading from 1.0.1 to 1.1.6.
Should have mentioned that that's what RHEL4 ships.
--
matthew zeier | Network Engineer | Mozilla Corp. | (650)903-0800 x219
-
List
I am still stuck on this problem, HELP PLEASE. I have 4 questions atm,
1 Does the password needs to be encrypted before being pasted to the
config file.
2 Is it neccesary to configure the ldap client files.
3 Can you auth against ADS using LDAP without a password ?
4 If radiusd runs a command
Hello, Im looking for a company that can provide professional level of
technical support.
If any one here can reccomend one I would appreciate it.
I am after technical support, due to lack of good documentation on the
freeradius project. Most the stuff I need done has only incomplete
docs.
-
What's your location?
-Original Message-
From:
[EMAIL PROTECTED]
.org
[mailto:[EMAIL PROTECTED]
eeradius.org] On Behalf Of Jacob Jarick
Sent: Tuesday, April 17, 2007 10:25 PM
To: FreeRadius users mailing list
Subject: Technical support
Hello, Im looking for a company that can provide
I am In Western Australia Perth.
Current having major issues with ldap authentication (done correctly
as far as I can tell but I dont get replys from forums / mailing
groups) and once that is sorted I need to figure out vlan assignment
bassed on ou or group.
On 4/18/07, Alex M [EMAIL PROTECTED]
Fedora 6, openldap rpms installed via smart package manager.
slapd.conf: http://pastebin.ca/445851
tfxschool.internal.lidf: http://pastebin.ca/445852
root.ldif: http://pastebin.ca/445854
ldapusers.ldif: http://pastebin.ca/445855
I decided to try setting up openldap in hopes of learning more
Well we are in New York. So the only way we can help you is to do SSH.
Technically LDAP should work straight forward, unless your DC does not want
to accept connections from remote PC and especially Linux. We don't use
Widows in our company any more, but I can set up DC and see if my radius can
step 1 for me is to get radius to auth against ADS via ldap (I got
ntlm working fine).
Unfortunately because this job is contracted by the govt it has to be
done their specific way every step which means freeradius HAS TO auth
against a 2003 ADS via LDAP.
Unfortunately I cannot give out access to
Just added debug output to help.
Fedora 6, openldap rpms installed via smart package manager.
slapd.conf: http://pastebin.ca/445851
tfxschool.internal.lidf: http://pastebin.ca/445852
root.ldif: http://pastebin.ca/445854
ldapusers.ldif: http://pastebin.ca/445855
ldapadd -d9 -x -D
Jacob Jarick wrote:
ldapadd -d9 -x -D cn=Manager,dc=tfxschool,dc=internal -W -f
/etc/openldap/tfxschool.internal.ldif - http://pastebin.ca/445899
...
It seems to be similar if not the same problem I am having with FR
refusing to auth via ldap to our ADS server. I am stuck though I have
no
Might buy that book, thanks for the reply Alan.
I have also posted the same q to the the openldap mailing list so I
hope to get some info from those people.
Its just quite frustrating, the govt has said we can only do it this 1
way (but they themselves have never done it) and I cant find any
59 matches
Mail list logo