Hello, I am new to the freeRadius software. I have a couple of general questions to ask.
1. Does the software support all aspects of AAA - authorization, authentication, and accounting? 2. How many concurrent users are supported by the software? Thank you. Karthy Kasi -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, November 25, 2003 10:16 AM To: [EMAIL PROTECTED] Subject: Freeradius-Users digest, Vol 1 #2559 - 12 msgs Send Freeradius-Users mailing list submissions to [EMAIL PROTECTED] To subscribe or unsubscribe via the World Wide Web, visit http://lists.cistron.nl/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than "Re: Contents of Freeradius-Users digest..." Today's Topics: 1. itz urgent!!!!!!!!!!!!!!!!!!!!! (puneeth b) 2. Re: itz urgent!!!!!!!!!!!!!!!!!!!!! (Oliver Graf) 3. callback-id question (Liyan Tan) 4. Re: simple setup using users file (Jean-Paul Chapalain) 5. freeradius-announce dead? (Antti Alasalmi) 6. pam_radius on Solaris 2.6 (Robert Whamond) 7. Re: 093 Crashes with unknown tokens (Nicolas Baradakis) 8. Frames? (Albert Silva Gibert) 9. (no subject) (Markus Kaufmann) 10. Re: freeradius-announce dead? (Miquel van Smoorenburg) 11. trouble with cisco pix525 and freeradius. (jiang chong) 12. CA.all script failing (Chris Woodfield) --__--__-- Message: 1 Date: Mon, 24 Nov 2003 21:57:17 -0800 (PST) From: puneeth b <[EMAIL PROTECTED]> Subject: itz urgent!!!!!!!!!!!!!!!!!!!!! To: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] --0-2034506717-1069739837=:16682 Content-Type: text/plain; charset=us-ascii hello sir, i cannot use the ODBC driver to connect freeradius to db2. i should build a separate driver so tht it talks to eachother. since db2 has a set of their own rules, will have to follow those set of rules. hence i want to know the connection between the freeradius -----> NAS-------->db2 server. also of the role of the NAS with freeradius as well as db2. also the information of how the other databases works with freeradius which uses a separate driver for communication process with freeradius. give me any address so that i can send a query & check how it works (i.e the interface for freeradius). about how the tables are maintained / stored / the kind of attributes? i didnt get the idea. also can i access db2, oracle,postgresql through any platform? also kindly help me with the testing part of the documentation. thanks in advance puneeth --------------------------------- Do you Yahoo!? Free Pop-Up Blocker - Get it now --0-2034506717-1069739837=:16682 Content-Type: text/html; charset=us-ascii <DIV>hello sir,<BR> &nbs p; i cannot use the ODBC driver to connect freeradius to db2. i should build a <STRONG><U>separate driver </U></STRONG>so tht it talks to eachother.<BR>since db2 has a set of their own rules, will have to follow those set of rules.<BR>hence i want to know the connection between the <STRONG><U>freeradius -----> NAS-------->db2 server</U></STRONG>.</DIV> <DIV>also of the <STRONG><U>role of the NAS with freeradius as well as db2</U></STRONG>.</DIV> <DIV>also the information of how the other databases works with freeradius which uses a separate driver for communication process with freeradius.</DIV> <DIV>give me any address so that i can send a query & check how it works & nbsp; (i.e the interface for freeradius).<BR>about <STRONG><U>how the tables are maintained </U></STRONG>/ stored / the kind of attributes? i didnt get the idea.<BR>also can i access db2, oracle,postgresql through any platform?<BR>also kindly help me with the <STRONG><U>testing part </U></STRONG>of the documentation.<BR>thanks in advance<BR>puneeth<BR><BR></DIV><p><hr SIZE=1> Do you Yahoo!?<br> <a href="http://us.rd.yahoo.com/slv/mailtag/*http://companion.yahoo.com/";>F ree Pop-Up Blocker - Get it now</a> --0-2034506717-1069739837=:16682-- --__--__-- Message: 2 Date: Tue, 25 Nov 2003 07:13:54 +0100 From: Oliver Graf <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: itz urgent!!!!!!!!!!!!!!!!!!!!! Organization: KEVAG Telekom GmbH / RZ-Online GmbH Reply-To: [EMAIL PROTECTED] Hi! [ using mutliple ! in Subject does no good ] On Mon, Nov 24, 2003 at 09:57:17PM -0800, puneeth b wrote: > i cannot use the ODBC driver to connect freeradius to db2. i should build a separate driver so tht it talks to eachother. Correct. > since db2 has a set of their own rules, will have to follow those set of rules. > hence i want to know the connection between the freeradius -----> NAS-------->db2 server. > also of the role of the NAS with freeradius as well as db2. The NAS asks the radiusd and the radiusd looks into its data sources (perhaps also a db2 database) to validate the information. NAS -> radius -> db > also the information of how the other databases works with freeradius which uses a separate driver for communication process with freeradius. > give me any address so that i can send a query & check how it works (i.e the interface for freeradius). radclient and radtest can be used to test the server. > about how the tables are maintained / stored / the kind of attributes? i didnt get the idea. As you like it. The queries can be customized to your needs. > also can i access db2, oracle,postgresql through any platform? Through any supported platform, yes. > also kindly help me with the testing part of the documentation. Look into the doc directory of the freeradius distribution and into the sample configs. They should help. Ask google to search in the mail archive of this list for db2 and you should find a mail or two. Oliver. --__--__-- Message: 3 Date: Tue, 25 Nov 2003 15:12:31 +0800 From: Liyan Tan <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]> Subject: callback-id question Organization: capitel Reply-To: [EMAIL PROTECTED] aWYgY2FsbGJhY2staWQgaXMgc2VlbiAsIHNldmVyYWwgcmVwbHkgYXR0cmlidXRlcyBhcmUg ZGVs ZXRlZCwgd2h5Pz8NCg0KaWYgKHNlZW5fY2FsbGJhY2tfaWQpIHsNCiAgICAgICAgICAgICAg ICBw YWlyZGVsZXRlKCZyZXF1ZXN0LT5yZXBseS0+dnBzLCBQV19GUkFNRURfUFJPVE9DT0wpOw0K ICAg ICAgICAgICAgICAgIHBhaXJkZWxldGUoJnJlcXVlc3QtPnJlcGx5LT52cHMsIFBXX0ZSQU1F RF9J UF9BRERSRVNTKTsNCiAgICAgICAgICAgICAgICBwYWlyZGVsZXRlKCZyZXF1ZXN0LT5yZXBs eS0+ dnBzLCBQV19GUkFNRURfSVBfTkVUTUFTSyk7DQogICAgICAgICAgICAgICAgcGFpcmRlbGV0 ZSgm cmVxdWVzdC0+cmVwbHktPnZwcywgUFdfRlJBTUVEX1JPVVRFKTsNCiAgICAgICAgICAgICAg ICBw YWlyZGVsZXRlKCZyZXF1ZXN0LT5yZXBseS0+dnBzLCBQV19GUkFNRURfTVRVKTsNCiAgICAg ICAg ICAgICAgICBwYWlyZGVsZXRlKCZyZXF1ZXN0LT5yZXBseS0+dnBzLCBQV19GUkFNRURfQ09N UFJF U1NJT04pOw0KICAgICAgICAgICAgICAgIHBhaXJkZWxldGUoJnJlcXVlc3QtPnJlcGx5LT52 cHMs IFBXX0ZJTFRFUl9JRCk7DQogICAgICAgICAgICAgICAgcGFpcmRlbGV0ZSgmcmVxdWVzdC0+ cmVw bHktPnZwcywgUFdfUE9SVF9MSU1JVCk7DQogICAgICAgICAgICAgICAgcGFpcmRlbGV0ZSgm cmVx dWVzdC0+cmVwbHktPnZwcywgUFdfQ0FMTEJBQ0tfTlVNQkVSKTsNCiAgICAgICAgfQ0KDQo= --__--__-- Message: 4 Date: Tue, 25 Nov 2003 08:38:16 +0100 From: Jean-Paul Chapalain <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: simple setup using users file Reply-To: [EMAIL PROTECTED] This is a cryptographically signed message in MIME format. --------------ms030506060201050404070107 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Bill Schoolfield wrote: > Hi, > > I'm using freeradius 0.9.3 on redhat 9.0. I'm trying > to get simple authentication working using the users > file. I have edited the client.conf and users file but > nothing else. > > When running under debug, I can see the authentication > request come in and I have verified that the shared > secret is ok. > > However, depending on how I edit the users file, I > either get: > > auth: No password configured for user > > or > > auth: No authentication method (Auth-Type) > configuration found for the request: rejecting user > > > In the first case I have in the users file: > > DEFAULT Auth-Type = Local > Fall-Through = Yes > > 000102-030405 Auth-Type := Local User-Password == > "xxxx" > > In the second case, I have the same without the > DEFAULT entry. > > The user name is a mac address from a wireless device. > Should it be in double quotes? What do I need to do to > get this simple case working? > > Bill > > __________________________________ > Do you Yahoo!? > Free Pop-Up Blocker - Get it now > http://companion.yahoo.com/ > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html There is a comma after 'Local'. See below a exemple of my users's file : yyyyy Auth-type := Local, User-Password == "xxxxx" Service-Type = NAS-Prompt-User -- -- Jean-Paul Chapalain - GICM - Reseaux et Systemes Distribues -- 32 rue Mirabeau - Le Relecq-Kerhuon - 29808 Brest Cedex 9, FRANCE -- Tel +33298002873 - Fax +33298284005 - [EMAIL PROTECTED] -- Key Fingerprint: 192C 1CFE F24A 050D F280 A086 AF15 8631 3ABB 4C7D --------------ms030506060201050404070107 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJ+zCC Az8wggKooAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQI EwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENv bnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAi BgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVy c29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5 NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBM dGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzAN BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV+065yplaHmjAdQRwnd/p/6Me7L3N9Vvy Gna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfArhVqqP3FWy688Cwfn8R+RNiQqE88r1fOC dz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCB kTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwudGhh d3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3JsMAsGA1UdDwQEAwIBBjApBgNV HREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgwDQYJKoZIhvcNAQEFBQAD gYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFi w9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH1sYITq726jTlEBpb NU1341YheILcIRk13iSx0x1G/11fZU8wggNYMIICwaADAgECAgMKysIwDQYJKoZIhvcNAQEE BQAwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0 ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTAz MDkyMzEyMzMxM1oXDTA0MDkyMjEyMzMxM1owfTEfMB0GA1UEAxMWVGhhd3RlIEZyZWVtYWls IE1lbWJlcjEuMCwGCSqGSIb3DQEJARYfSmVhbi1QYXVsLkNoYXBhbGFpbkBiaWdmb290LmNv bTEqMCgGCSqGSIb3DQEJARYbSmVhbi1QYXVsLkNoYXBhbGFpbkBnaWNtLmZyMIIBIjANBgkq hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunJnzYBiIy7dclPsLW4TBofCqAOH6ErRmCUCyZrC xVGv6Mjx4bmzP8xFDCO6CPgAXBh/JUDYJUC6wBERW9y32yqDu0K21tYmzx3y9uH6Z8HbKBXy 3W8GnoCLnpkV0LVAamHKDdW0759SrVRghf2t4xmQMUHa4S1lcpGX9nE2JYzuhDG4Ku5uGNxP iBe78NeO2MKvZVOOofENUnYBOHYU9Aoa/Eeq/iR8dyMt3MxD6WHyoBC0HJbtWTBPLz4wI5eC +nV10LcR7DorMmZ3nwnwicMxUxj0ftJ24ioz3mufVfnC5o1R8/cQyyB0RpZYza70YpfmQF9J 2X3zz5oybZ3Z2QIDAQABo30wezAPBgNVHQ8BAf8EBQMDB/mAMBEGCWCGSAGG+EIBAQQEAwIF IDBHBgNVHREEQDA+gR9KZWFuLVBhdWwuQ2hhcGFsYWluQGJpZ2Zvb3QuY29tgRtKZWFuLVBh dWwuQ2hhcGFsYWluQGdpY20uZnIwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQBT YIJMrVwsEuGgPH8P5BW5heWS4h/SFs8Hdi7c+LaslPdIpI+KSbM4E2Ep3il8xLXkd1o8uUM3 dVyQMVGBedZ7HTiLVX/MAylBGxqybevM17fHjWGwnCFpzWp6aBsBd5dJwpfIzvmixFnzs6vF CkJWLaxDwa7ylUFSB6OjuPoevTCCA1gwggLBoAMCAQICAwrKwjANBgkqhkiG9w0BAQQFADBi MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEs MCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDMwOTIz MTIzMzEzWhcNMDQwOTIyMTIzMzEzWjB9MR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVt YmVyMS4wLAYJKoZIhvcNAQkBFh9KZWFuLVBhdWwuQ2hhcGFsYWluQGJpZ2Zvb3QuY29tMSow KAYJKoZIhvcNAQkBFhtKZWFuLVBhdWwuQ2hhcGFsYWluQGdpY20uZnIwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQC6cmfNgGIjLt1yU+wtbhMGh8KoA4foStGYJQLJmsLFUa/o yPHhubM/zEUMI7oI+ABcGH8lQNglQLrAERFb3LfbKoO7QrbW1ibPHfL24fpnwdsoFfLdbwae gIuemRXQtUBqYcoN1bTvn1KtVGCF/a3jGZAxQdrhLWVykZf2cTYljO6EMbgq7m4Y3E+IF7vw 147Ywq9lU46h8Q1SdgE4dhT0Chr8R6r+JHx3Iy3czEPpYfKgELQclu1ZME8vPjAjl4L6dXXQ txHsOisyZnefCfCJwzFTGPR+0nbiKjPea59V+cLmjVHz9xDLIHRGlljNrvRil+ZAX0nZffPP mjJtndnZAgMBAAGjfTB7MA8GA1UdDwEB/wQFAwMH+YAwEQYJYIZIAYb4QgEBBAQDAgUgMEcG A1UdEQRAMD6BH0plYW4tUGF1bC5DaGFwYWxhaW5AYmlnZm9vdC5jb22BG0plYW4tUGF1bC5D aGFwYWxhaW5AZ2ljbS5mcjAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUAA4GBAFNggkyt XCwS4aA8fw/kFbmF5ZLiH9IWzwd2Ltz4tqyU90ikj4pJszgTYSneKXzEteR3Wjy5Qzd1XJAx UYF51nsdOItVf8wDKUEbGrJt68zXt8eNYbCcIWnNanpoGwF3l0nCl8jO+aLEWfOzq8UKQlYt rEPBrvKVQVIHo6O4+h69MYIDOzCCAzcCAQEwaTBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMc VGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFs IEZyZWVtYWlsIElzc3VpbmcgQ0ECAwrKwjAJBgUrDgMCGgUAoIIBpzAYBgkqhkiG9w0BCQMx CwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wMzExMjUwNzM4MTZaMCMGCSqGSIb3DQEJ BDEWBBS+Sj7EGA3jQLhBGZnQhIDIf3M6pTBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMH MA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIB KDB4BgkrBgEEAYI3EAQxazBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29u c3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwg SXNzdWluZyBDQQIDCsrCMHoGCyqGSIb3DQEJEAILMWugaTBiMQswCQYDVQQGEwJaQTElMCMG A1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBl cnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECAwrKwjANBgkqhkiG9w0BAQEFAASCAQBmHL6f XVKnYdlEezo33F3qquc52AmDCJwXSVhBQ44Uv3L3UB8SusZB0hCVa5xde/4Pmb+NbzuyYqrK LrYVmTRdB8FqLKYsEyM1Y2i9h3HVu36DtJaCSjUuonHNDrikdgDL1dja8i9SKVmtn39ao414 NqIykoZrwKYRH8Fk9BQ2l9k9v9DCP/2TvJC9doMpRx19hxFexiSwtm7u8qeP225h2qzQdaNW dtR9bCsOVlYlGn8/3zllGwW/ykpjLmuveUh899fu4sqAL80EHefhMTE8cKWJcmCG7pCrrMfp +JGeQEuNC3D2jMY3e86dxRGUs/nFpSp1MBMqMANBQ4xZ8NG9AAAAAAAA --------------ms030506060201050404070107-- --__--__-- Message: 5 Date: Tue, 25 Nov 2003 09:43:36 +0200 (EET) From: Antti Alasalmi <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: freeradius-announce dead? Reply-To: [EMAIL PROTECTED] Dear Sirs, As there is also an announce list ([EMAIL PROTECTED]), could the announcements of new FreeRADIUS version be sent there too? Currently the announce list seems to be dead, because the last post was July 15th 2003 [1]. Also, the list of subscribers is unprotected. Best Regards, Antti Alasalmi [1] http://lists.cistron.nl/pipermail/freeradius-announce/ --__--__-- Message: 6 From: Robert Whamond <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: pam_radius on Solaris 2.6 Date: Tue, 25 Nov 2003 19:07:50 +1100 Organization: Moss Products Pty Ltd Reply-To: [EMAIL PROTECTED] I've just installed freeradius 0.9.3 on a Linux box which works OK with some basic tests. I am now trying to install pam_radius on Solaris but get the following errors: #pam_radius-1.3.16; make /usr/local/bin/gcc -Wall -fPIC -c pam_radius_auth.c -o pam_radius_auth.o In file included from pam_radius_auth.h:23, from pam_radius_auth.c:63: md5.h:21: error: parse error before "u_int32_t" md5.h:21: warning: no semicolon at end of struct or union md5.h:22: warning: type defaults to `int' in declaration of `bits' md5.h:22: warning: data definition has no type or storage class md5.h:24: error: parse error before '}' token md5.h:29: error: parse error before "buf" ..... and many subsequent errors. The result is the same for Solaris 2.6, GCC 3.3.2 Solaris 8, GCC 2.95 Any ideas? Do I need pam_radius? I saw a reference to it being included in pam_pwdb. Thanks, -- Rob Whamond Moss Products Pty Ltd Phone: (03) 9552 9900 Box 1610, Rosebank MDC Fax: (03) 9552 9911 Clayton VIC 3169 E-mail: [EMAIL PROTECTED] --__--__-- Message: 7 Date: Tue, 25 Nov 2003 10:14:42 +0100 From: Nicolas Baradakis <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: 093 Crashes with unknown tokens Reply-To: [EMAIL PROTECTED] Greg G wrote: > How would you recommend that I do that? The file will parse > correctly. And it's not something that should be a *fatal* mistake. > It's not really a mistake, either. We use some custom items now and then. If despite what you said you're still using FreeRADIUS, you could use the script check-radiusd-config each time you update your config files and then avoid stopping an already running server. I think the script check-radiusd-config is installed in the same time with radiusd, or you can find it in the source tarball in the directory freeradius-0.9.3/scripts -- Nicolas Baradakis --__--__-- Message: 8 Date: Tue, 25 Nov 2003 13:02:13 +0100 (CET) From: Albert Silva Gibert <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Frames? Reply-To: [EMAIL PROTECTED] Hi everybody! I'm trying to adapt the FreeRadius to the 802.1x protocol over Linux Redhat and I'd to know in which part of the source the program checks the frames. Anybody know where it is? Thanks!!!! Albert --__--__-- Message: 9 From: "Markus Kaufmann" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Date: Tue, 25 Nov 2003 13:34:13 +0100 Subject: (no subject) Reply-To: [EMAIL PROTECTED] Markus Kaufmann VTX Network Solutions AG - a member of the Smart Telecom group Formerly part of the Cable & Wireless group Direct Phone: +41 1 437 86 78 Switchboard: +41 1 437 86 00 Mobile: +41 78 842 43 96 Fax: +41 1 437 86 79 Hohlstrasse 536 CH - 8048 Z=FCrich E-Mail: [EMAIL PROTECTED] more info on: www.vtx.ch --__--__-- Message: 10 From: "Miquel van Smoorenburg" <[EMAIL PROTECTED]> Subject: Re: freeradius-announce dead? Date: Tue, 25 Nov 2003 13:03:41 +0000 (UTC) Organization: Cistron Group To: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] In article <[EMAIL PROTECTED]>, Antti Alasalmi <[EMAIL PROTECTED]> wrote: >As there is also an announce list ([EMAIL PROTECTED]), >could the announcements of new FreeRADIUS version be sent there too? >Currently the announce list seems to be dead, because the last post was >July 15th 2003 [1]. Also, the list of subscribers is unprotected. I fixed that last issue. Mike. -- If I seem short sighted, it is because I stand on the shoulders of midgets. --__--__-- Message: 11 From: "jiang chong" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: trouble with cisco pix525 and freeradius. Date: Tue, 25 Nov 2003 13:59:53 +0000 Reply-To: [EMAIL PROTECTED] hi, everybody,i am sorry that my english is very pool.i got some trouble with cisco pix525 and freeradius.the relation configuration of pix525 is blow list: aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server authout protocol radius aaa-server nm protocol radius aaa-server nm (inside) host 10.61.16.71 l2tp timeout 10 And my radius server is redhat 9.0 with freeradius 0.9.3.I install it by "./configure,make,make install",it seems all ok.Then i changed some files to adapt my environment. at last,i saw the information of radius server: rad_recv: Access-Request packet from host 10.61.114.253:1645, id=85, length=162 User-Name = "jiang" NAS-IP-Address = 10.61.114.253 Calling-Station-Id = "0.0.0.0" MS-CHAP-Challenge = 0x1e1c9a5f64ed06d9 MS-CHAP-Response = 0x0101000000000000000000000000000000000000000000000000ab2d88181066a1082f ec333d07d2e4b51d5f85717f57da28 Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 5 Cisco-AVPair = "ip:source-ip=0.0.0.0" modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "eap" returns noop for request 0 rlm_realm: No '@' in User-Name = "jiang", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 users: Matched DEFAULT at 152 users: Matched DEFAULT at 171 users: Matched DEFAULT at 183 modcall[authorize]: module "files" returns ok for request 0 rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type := MS-CHAP' modcall[authorize]: module "mschap" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type MS-CHAP auth: type "MS-CHAP" modcall: entering group Auth-Type for request 0 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: No LM-Password or NT-Password attribute found. Cannot perform MS-CHAP authentication. modcall[authenticate]: module "mschap" returns fail for request 0 modcall: group Auth-Type returns fail for request 0 auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 85 to 10.61.114.253:1645 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 85 with timestamp 3fc415a6 Nothing to do. Sleeping until we see a request. anybody can help me ?thanks a lot. _________________________________________________________________ �����������ѽ��н�������ʹ�� MSN Messenger: http://messenger.msn.com/cn --__--__-- Message: 12 Date: Tue, 25 Nov 2003 11:14:34 -0500 From: Chris Woodfield <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: CA.all script failing Reply-To: [EMAIL PROTECTED] --XsQoSWH+UP9D9v3l Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello, I'm trying to set up freeradius to use EAP-TLS, using the CA.all script inc= luded with=20 the distribution to generate the necessary server and client certificates. = I'm using=20 the CVS snapshot from 11/20/2003, with openssl 0.9.7c. openssl is installed= in=20 /usr/local/ssl, and I'm running the script from the /usr/local/ssl/certs di= rectory. Here's the output I get at the end at the step where the server cert is gen= erated: Certificate is to be certified until Nov 24 00:42:41 2004 GMT (365 days) Sign the certificate? [y/n]:y failed to update database TXT_DB error number 2 + openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-srv.p1= 2 -clcerts=20 -pa ssin pass:whatever -passout pass:whatever No certificate matches private key + openssl pkcs12 -in cert-srv.p12 -out cert-srv.pem -passin pass:whatever -= passout=20 pass:w hatever 23242:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too=20 long:asn1_lib.c:14 0: + openssl x509 -inform PEM -outform DER -in cert-srv.pem -out cert-srv.der unable to load certificate 23243:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:632:= Expecting:=20 TRU STED CERTIFICATE + echo -e '\n\t\t##################\n' ################## And here is the state of the certs directory: -rwxr-xr-x 1 root staff 3119 Nov 21 17:52 CA.all -rw-r--r-- 1 root staff 9304 Nov 24 19:43 CA_output -rw-r--r-- 1 root staff 689 Nov 24 19:42 cert-clt.der -rw-r--r-- 1 root staff 1709 Nov 24 19:42 cert-clt.p12 -rw-r--r-- 1 root staff 2389 Nov 24 19:42 cert-clt.pem -rw-r--r-- 1 root staff 0 Nov 24 19:42 cert-srv.p12 -rw-r--r-- 1 root staff 0 Nov 24 19:42 cert-srv.pem drwxr-sr-x 6 root staff 4096 Nov 24 19:42 demoCA -rw-r--r-- 1 root staff 0 Nov 24 19:42 newcert.pem -rw-r--r-- 1 root staff 1667 Nov 24 19:42 newreq.pem -rw-r--r-- 1 root staff 906 Nov 24 19:42 root.der -rw-r--r-- 1 root staff 1925 Nov 24 19:42 root.p12 -rw-r--r-- 1 root staff 2681 Nov 24 19:42 root.pem -rw-r--r-- 1 root staff 148 Nov 21 18:29 xpextensions Can someone take a look at this and possible tell me if I'm doing anything = wrong? I=20 scripted the entre output of CA.all, so I can send as an attachment if requ= ested. Thanks, -Chris --XsQoSWH+UP9D9v3l Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/w3/qqP/YiunDNcERAgxvAJ9BdG3h4HaUiMNmDNL3P7cX6JL2DwCg6Tcb its0jhqRLcM7kq92NtfhiEo= =xHEO -----END PGP SIGNATURE----- --XsQoSWH+UP9D9v3l-- --__--__-- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html End of Freeradius-Users Digest - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
