Hi everyone. I an new to linux I was wondering if anyone has a static compiled version that I could use. thanks
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, November 21, 2003 2:36 PM To: [EMAIL PROTECTED] Subject: Freeradius-Users digest, Vol 1 #2549 - 10 msgs Send Freeradius-Users mailing list submissions to [EMAIL PROTECTED] To subscribe or unsubscribe via the World Wide Web, visit http://lists.cistron.nl/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than "Re: Contents of Freeradius-Users digest..." Today's Topics: 1. Re: What goes in acct_users & a seg fault (Greg G) 2. Thanks out to Dave M and examples (Kaczmarek, Thaddeus) 3. Re: 0.9.3 install question ([EMAIL PROTECTED]) 4. Re: 093 Crashes with unknown tokens (Greg G) 5. Re: 093 Crashes with unknown tokens (Michael Griego) 6. Re: What goes in acct_users & a seg fault (Chris Parker) 7. Re: 0.9.3 has been released (Alan DeKok) 8. Re: 093 Crashes with unknown tokens (Alan DeKok) 9. Re: Thanks out to Dave M and examples (Kaczmarek, Thaddeus) 10. Re: What goes in acct_users & a seg fault (Greg G) --__--__-- Message: 1 Date: Fri, 21 Nov 2003 14:11:02 -0500 From: Greg G <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: What goes in acct_users & a seg fault Reply-To: [EMAIL PROTECTED] Chris Parker wrote: > At 12:39 PM 11/21/2003, Greg G wrote: > >> I'm trying to figure out what goes into the acct_users. I had >> thought it was user entries like those in the users file, but that >> doesn't seem to really be the case. It appears to be getting parsed >> the same way (based on 'My-Key' entries that get rejected). However, >> at run-time, that doesn't appear to be the case. In fact, I get a >> seg-fault. > > > Huh? You are making things more difficult for yourself than need be. > In most cases you won't need to put anything in acct-users. OK. That wasn't really clear, but that's easy to handle. >> rad_recv: Accounting-Request packet from host xxx.xxx.xxx.xxx:36538, >> id=167, length=27 >> User-Name = "test1" >> modcall: entering group preacct for request 0 > > > http://www.freeradius.org/rfc/rfc2866.html#Accounting-Request > > Any attribute valid in a RADIUS Access-Request or Access-Accept > packet is valid in a RADIUS Accounting-Request packet, except that > the following attributes MUST NOT be present in an Accounting- > Request: User-Password, CHAP-Password, Reply-Message, State. > Either NAS-IP-Address or NAS-Identifier MUST be present in a > RADIUS Accounting-Request. It SHOULD contain a NAS-Port or NAS- > Port-Type attribute or both unless the service does not involve a > port or the NAS does not distinguish among its ports. > > So, the packet being sent is an invaled accounting packet, as it doesn't > contain NAS-IP-Address or NAS-Identifier. Nor a session-id. Now that's strange, because this packet is being sent from radclient. I thought I had seen it work in 092 with the default acct_users, but it's seg faulting in 093 either way. echo "User-Name = test1" | radclient radiusserver.mydomain.net acct a_secret > > That being said, the server shouldn't seg-fault in that instance. It > should reject the packet as invalid and not try to process it further. > We'll look into this and correct the behaviour. That works for me. -Greg G --__--__-- Message: 2 From: "Kaczmarek, Thaddeus" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Thanks out to Dave M and examples Date: Fri, 21 Nov 2003 14:14:29 -0500 Reply-To: [EMAIL PROTECTED] This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C3B063.AF8CD880 Content-Type: text/plain joe-admin Auth-Type := System Acct-Authentic == RADIUS, foundry-privilege-level = 0, foundry-command-exception-flag = 1, Cisco-AVPair = "shell:priv-lvl=0" joe-user Auth-Type := System Foundry-Privilege-Level = 0, Foundry-Command-String = "config terminal; interface *; speed-duplex *", Foundry-Command-Exception-Flag = 0 Cisco-AVPair = "shell:priv-lvl=4" This does what I want, just can't figure out what the hell you do with levels 4 and 5, Foundry cli only allows 1 level. Ted DISCLAIMER e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me and permanently delete the original and any copy of any e-mail and any printout thereof. E-mail transmission cannot be guaranteed to be secure or error-free. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. REGARDING PRIVACY AND CONFIDENTIALITY Crown Financial Group may, at its discretion, monitor and review the content of all e-mail communications. ------_=_NextPart_001_01C3B063.AF8CD880 Content-Type: text/html Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Dus-ascii"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2654.45"> <TITLE>Thanks out to Dave M and examples</TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2>joe-admin = Auth-Type :=3D System</FONT> <BR><FONT = SIZE=3D2> &nb = sp; Acct-Authentic =3D=3D RADIUS,</FONT> <BR><FONT = SIZE=3D2> &nb = sp; foundry-privilege-level =3D 0,</FONT> <BR><FONT = SIZE=3D2> &nb = sp; foundry-command-exception-flag =3D = 1,</FONT> <BR><FONT = SIZE=3D2> &nb = sp; Cisco-AVPair =3D = "shell:priv-lvl=3D0"</FONT> </P> <P><FONT SIZE=3D2>joe-user = Auth-Type :=3D System</FONT> <BR><FONT = SIZE=3D2> &nb = sp; Foundry-Privilege-Level =3D 0,</FONT> <BR><FONT = SIZE=3D2> &nb = sp; Foundry-Command-String =3D "config = terminal; interface *;</FONT> <BR><FONT SIZE=3D2>speed-duplex *",</FONT> <BR><FONT = SIZE=3D2> &nb = sp; Foundry-Command-Exception-Flag =3D 0</FONT> <BR> = <FONT SIZE=3D2>Cisco-AVPair = =3D "shell:priv-lvl=3D4"</FONT> </P> <P><FONT SIZE=3D2>This does what I want, just can't figure out what the = hell you do with</FONT> <BR><FONT SIZE=3D2>levels 4 and 5, Foundry cli only allows 1 = level.</FONT> </P> <BR> <P><FONT SIZE=3D2>Ted</FONT> <BR><FONT SIZE=3D2>DISCLAIMER</FONT> <BR><FONT SIZE=3D2>e-mail, and any attachments thereto, is intended = only for use by the addressee(s) named herein and may contain legally = privileged and/or confidential information. If you are not the intended = recipient of this e-mail, you are hereby notified that any = dissemination, distribution or copying of this e-mail, and any = attachments thereto, is strictly prohibited. If you have received this = e-mail in error, please immediately notify me and permanently delete = the original and any copy of any e-mail and any printout = thereof.</FONT></P> <P><FONT SIZE=3D2>E-mail transmission cannot be guaranteed to be secure = or error-free. The sender therefore does not accept liability for any = errors or omissions in the contents of this message which arise as a = result of e-mail transmission.</FONT></P> <P><FONT SIZE=3D2>REGARDING PRIVACY AND CONFIDENTIALITY</FONT> <BR><FONT SIZE=3D2>Crown Financial Group may, at its discretion, = monitor and review the content of all e-mail communications.</FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C3B063.AF8CD880-- --__--__-- Message: 3 To: [EMAIL PROTECTED] Subject: Re: 0.9.3 install question From: [EMAIL PROTECTED] Date: Fri, 21 Nov 2003 13:15:21 -0600 Reply-To: [EMAIL PROTECTED] [EMAIL PROTECTED] wrote on 11/21/2003 01:04:25 PM: > [EMAIL PROTECTED] wrote: > > > $ cp ./raddb/dictionary /etc/raddb/dictionary > > > > But that note seems to contradict itself. It _seems_ as though it should > > say "please ensure that $prefix/etc/raddb/dictionary is the same as > > /usr/local/share/freeradius/dictionary". > > No. It says to copy 'raddb/dictionary' from the distribution to > $prefix/etc/raddb/dictionary. Ahhhhh! > > Secondly, the INSTALL doc continues on to say that I should delete every > > dictionary file in $prefix/etc/raddb ; is this still correct? (wouldn't > > that just get me back to the starting point?) > > It's correct. See above. > > You delete the OLD dictionaries, and install the NEW one. The 30-40 > others go into blah/share/freeradius/ Gotcha; makes sense now. (And luckily, easy enough to undo.) Works as it should now; thanks! Vincent Giovannone Network Infrastructure Group Information Services Division Rush University Medical Center --__--__-- Message: 4 Date: Fri, 21 Nov 2003 14:16:50 -0500 From: Greg G <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: 093 Crashes with unknown tokens Reply-To: [EMAIL PROTECTED] Chris Parker wrote: >> Nothing is unclear about it. I would prefer that the daemon not >> fail out if there's a data error in one of the files. It should >> report that error to a log and continue on. Otherwise, it becomes a >> fairly trivial task to crash out the daemon. Our users file is >> fairly dynamic and if someone makes a typo putting in a new entry, I >> don't want the whole system coming down. > > > Sorry, I prefer my failures to be deterministic. I don't want the server > carrying on and running with a partial config and doing something un- > expected. For config issues, I agree, but if there's an unknown key in the *users* file, I don't think the system should stop. Especially if it's a key that's only in one or two users (which is usually the case here). > If you are concerned with making typos, you may want to look at the > 'dialup-admin' package, which allows you to easily manage an SQL database > rather than a flat users file. Your chances of making a typo would then > be greatly reduced imho, and if you did typo on one entry for a user, it > would not affect any other users. I will look into it, but I also don't want the authentication server to stop if we take the database down for maintenance. We're a bit tied to the file method at the moment, although I suspect that feeding directly from our database will be better and might be in the plan. -Greg G --__--__-- Message: 5 Subject: Re: 093 Crashes with unknown tokens From: Michael Griego <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Date: Fri, 21 Nov 2003 13:18:42 -0600 Reply-To: [EMAIL PROTECTED] > How would you recommend that I do that? The file will parse > correctly. And it's not something that should be a *fatal* mistake. > It's not really a mistake, either. We use some custom items now and > then. Then those items should go into a custom dictionary. -- --Mike ----------------------------------- Michael Griego Wireless LAN Project Manager The University of Texas at Dallas --__--__-- Message: 6 Date: Fri, 21 Nov 2003 13:20:54 -0600 To: [EMAIL PROTECTED] From: Chris Parker <[EMAIL PROTECTED]> Subject: Re: What goes in acct_users & a seg fault Reply-To: [EMAIL PROTECTED] At 01:11 PM 11/21/2003, Greg G wrote: >Chris Parker wrote: > >>So, the packet being sent is an invalid accounting packet, as it doesn't >>contain NAS-IP-Address or NAS-Identifier. Nor a session-id. > > Now that's strange, because this packet is being sent from > radclient. I thought I had seen it work in 092 with the default > acct_users, but it's seg faulting in 093 either way. > >echo "User-Name = test1" | radclient radiusserver.mydomain.net acct a_secret radclient sends what you tell it to send. If you tell it to send an invalid accounting packet ( since you aren't including one of the manadatory attributes ), it will do so. If you want to send a valid accounting packet, add more attributes to your call to radclient. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless! \ Director, Engineering | @ @ | \ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\------------------------------------------------------ \ Wholesale Internet Services - http://www.megapop.net --__--__-- Message: 7 From: "Alan DeKok" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: 0.9.3 has been released Date: Fri, 21 Nov 2003 14:31:28 -0500 Reply-To: [EMAIL PROTECTED] Bill Campbell <[EMAIL PROTECTED]> wrote: > > For uint8_t arrays, The 'sizeof' the array is the number of elements. > > OK. While that may be the case for uint8_t, it seems to me that good > coding practice is to use sizeof here and not depend on knowledge of the > internal size of the elements. The problem is that the fields are defined in relation to the protocol: 16 octets. sizeof() is a C programming construct, and thus there may be padding in a struct. We do not want that padding to affect the programs ability to generate or parse 16 octet fields. Alan DeKok. --__--__-- Message: 8 From: "Alan DeKok" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: 093 Crashes with unknown tokens Date: Fri, 21 Nov 2003 14:33:21 -0500 Reply-To: [EMAIL PROTECTED] Greg G <[EMAIL PROTECTED]> wrote: > Well, if I have one bad entry in a users file with 10,000 users in > it, I'd rather it just ignore that user with the bad entry. Then use SQL. > > Then double check the files before you let the server use them. > >It's not the servers fault you made a mistake. > > > How would you recommend that I do that? The file will parse > correctly. And it's not something that should be a *fatal* mistake. > It's not really a mistake, either. If it's not really a mistake, why are you complaining? Alan DeKok. --__--__-- Message: 9 From: "Kaczmarek, Thaddeus" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: Thanks out to Dave M and examples Date: Fri, 21 Nov 2003 14:29:31 -0500 Reply-To: [EMAIL PROTECTED] This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C3B065.C9C7B600 Content-Type: text/plain The lower case one is right :-) Ted On Fri, 2003-11-21 at 14:14, Kaczmarek, Thaddeus wrote: > joe-admin Auth-Type := System > Acct-Authentic == RADIUS, > foundry-privilege-level = 0, > foundry-command-exception-flag = 1, > Cisco-AVPair = "shell:priv-lvl=0" > > joe-user Auth-Type := System > Foundry-Privilege-Level = 0, > Foundry-Command-String = "config terminal; interface > *; > speed-duplex *", > Foundry-Command-Exception-Flag = 0 > Cisco-AVPair = "shell:priv-lvl=4" > > This does what I want, just can't figure out what the hell you do with > levels 4 and 5, Foundry cli only allows 1 level. > > > Ted > DISCLAIMER > e-mail, and any attachments thereto, is intended only for use by the > addressee(s) named herein and may contain legally privileged and/or > confidential information. If you are not the intended recipient of > this e-mail, you are hereby notified that any dissemination, > distribution or copying of this e-mail, and any attachments thereto, > is strictly prohibited. If you have received this e-mail in error, > please immediately notify me and permanently delete the original and > any copy of any e-mail and any printout thereof. > > E-mail transmission cannot be guaranteed to be secure or error-free. > The sender therefore does not accept liability for any errors or > omissions in the contents of this message which arise as a result of > e-mail transmission. > > REGARDING PRIVACY AND CONFIDENTIALITY > Crown Financial Group may, at its discretion, monitor and review the > content of all e-mail communications. > DISCLAIMER e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me and permanently delete the original and any copy of any e-mail and any printout thereof. E-mail transmission cannot be guaranteed to be secure or error-free. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. REGARDING PRIVACY AND CONFIDENTIALITY Crown Financial Group may, at its discretion, monitor and review the content of all e-mail communications. ------_=_NextPart_001_01C3B065.C9C7B600 Content-Type: text/html Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Dus-ascii"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2654.45"> <TITLE>Re: Thanks out to Dave M and examples</TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2>The lower case one is right :-)</FONT> <BR><FONT SIZE=3D2>Ted</FONT> <BR><FONT SIZE=3D2>On Fri, 2003-11-21 at 14:14, Kaczmarek, Thaddeus = wrote:</FONT> <BR><FONT SIZE=3D2>> joe-admin = Auth-Type :=3D System</FONT> <BR><FONT = SIZE=3D2>>   = ; Acct-Authentic =3D=3D = RADIUS,</FONT> <BR><FONT = SIZE=3D2>>   = ; foundry-privilege-level =3D = 0,</FONT> <BR><FONT = SIZE=3D2>>   = ; foundry-command-exception-flag = =3D 1,</FONT> <BR><FONT = SIZE=3D2>>   = ; Cisco-AVPair =3D = "shell:priv-lvl=3D0"</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> = joe-user Auth-Type :=3D = System</FONT> <BR><FONT = SIZE=3D2>>   = ; Foundry-Privilege-Level =3D = 0,</FONT> <BR><FONT = SIZE=3D2>>   = ; Foundry-Command-String =3D = "config terminal; interface</FONT> <BR><FONT SIZE=3D2>> *;</FONT> <BR><FONT SIZE=3D2>> speed-duplex *",</FONT> <BR><FONT = SIZE=3D2>>   = ; Foundry-Command-Exception-Flag = =3D 0</FONT> <BR><FONT = SIZE=3D2>>   = ; Cisco-AVPair =3D = "shell:priv-lvl=3D4"</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> This does what I want, just can't figure out = what the hell you do with</FONT> <BR><FONT SIZE=3D2>> levels 4 and 5, Foundry cli only allows 1 = level.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> Ted</FONT> <BR><FONT SIZE=3D2>> DISCLAIMER</FONT> <BR><FONT SIZE=3D2>> e-mail, and any attachments thereto, is = intended only for use by the</FONT> <BR><FONT SIZE=3D2>> addressee(s) named herein and may contain = legally privileged and/or</FONT> <BR><FONT SIZE=3D2>> confidential information. If you are not the = intended recipient of</FONT> <BR><FONT SIZE=3D2>> this e-mail, you are hereby notified that any = dissemination,</FONT> <BR><FONT SIZE=3D2>> distribution or copying of this e-mail, and any = attachments thereto,</FONT> <BR><FONT SIZE=3D2>> is strictly prohibited. If you have received = this e-mail in error,</FONT> <BR><FONT SIZE=3D2>> please immediately notify me and permanently = delete the original and</FONT> <BR><FONT SIZE=3D2>> any copy of any e-mail and any printout = thereof.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> E-mail transmission cannot be guaranteed to be = secure or error-free.</FONT> <BR><FONT SIZE=3D2>> The sender therefore does not accept liability = for any errors or</FONT> <BR><FONT SIZE=3D2>> omissions in the contents of this message which = arise as a result of</FONT> <BR><FONT SIZE=3D2>> e-mail transmission.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>> REGARDING PRIVACY AND CONFIDENTIALITY</FONT> <BR><FONT SIZE=3D2>> Crown Financial Group may, at its discretion, = monitor and review the</FONT> <BR><FONT SIZE=3D2>> content of all e-mail communications.</FONT> <BR><FONT SIZE=3D2>> </FONT> <BR><FONT SIZE=3D2>DISCLAIMER</FONT> <BR><FONT SIZE=3D2>e-mail, and any attachments thereto, is intended = only for use by the addressee(s) named herein and may contain legally = privileged and/or confidential information. If you are not the intended = recipient of this e-mail, you are hereby notified that any = dissemination, distribution or copying of this e-mail, and any = attachments thereto, is strictly prohibited. If you have received this = e-mail in error, please immediately notify me and permanently delete = the original and any copy of any e-mail and any printout = thereof.</FONT></P> <P><FONT SIZE=3D2>E-mail transmission cannot be guaranteed to be secure = or error-free. The sender therefore does not accept liability for any = errors or omissions in the contents of this message which arise as a = result of e-mail transmission.</FONT></P> <P><FONT SIZE=3D2>REGARDING PRIVACY AND CONFIDENTIALITY</FONT> <BR><FONT SIZE=3D2>Crown Financial Group may, at its discretion, = monitor and review the content of all e-mail communications.</FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C3B065.C9C7B600-- --__--__-- Message: 10 Date: Fri, 21 Nov 2003 14:34:56 -0500 From: Greg G <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: What goes in acct_users & a seg fault Reply-To: [EMAIL PROTECTED] Chris Parker wrote: > At 01:11 PM 11/21/2003, Greg G wrote: > >> Chris Parker wrote: >> >>> So, the packet being sent is an invalid accounting packet, as it >>> doesn't >>> contain NAS-IP-Address or NAS-Identifier. Nor a session-id. >> >> >> Now that's strange, because this packet is being sent from >> radclient. I thought I had seen it work in 092 with the default >> acct_users, but it's seg faulting in 093 either way. >> >> echo "User-Name = test1" | radclient radiusserver.mydomain.net acct >> a_secret > > > radclient sends what you tell it to send. If you tell it to send an > invalid accounting packet ( since you aren't including one of the > manadatory > attributes ), it will do so. If you want to send a valid accounting > packet, > add more attributes to your call to radclient. Ah. I see. OK. I'm having trouble figuring out what a good set of attributes are to send through for this. I'm giving it all 4 parameters that it's asking for (User-Name, NAS-IP-Address, NAS-Port-Id, Acct-Session-Id) and it's still seg faulting, so I guess I'll have to wait until this gets fixed anyay. -Greg G --__--__-- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html End of Freeradius-Users Digest - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
