PATH = /usr/local/bin:/usr/bin:/usr/sbin:/usr/ucb: Radiusd is in /usr/local/sbin libradius-0.9.3.so is in /usr/local/lib/
What is crle ? (I'm a bit of a Linux/Unix newbie). Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 ----- Original Message ----- From: [EMAIL PROTECTED] Date: Tuesday, June 15, 2004 0:26 am Subject: Freeradius-Users digest, Vol 1 #3358 - 8 msgs > Send Freeradius-Users mailing list submissions to > [EMAIL PROTECTED] > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.freeradius.org/mailman/listinfo/freeradius-users > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Freeradius-Users digest..." > > > Today's Topics: > > 1. Re: Setting up a proxy radius server (Alan DeKok) > 2. test post to list, please ignore (Matthew Schumacher) > 3. Re: Won't run on Solais 8 (Cameron Gregg) > 4. Re: ldap sha1 mschap peap pap (Damjan) > 5. Authenticating to different LDAP servers (Michael Check) > 6. unknown client (Timothy Tan) > 7. Re: rlm_sqlcounter && Max-Daily-Session?? (nsinit) > 8. radius log (apellido jr., wilfredo p.) > > --__--__-- > > Message: 1 > From: "Alan DeKok" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: Setting up a proxy radius server > Date: Mon, 14 Jun 2004 15:44:56 -0400 > Reply-To: [EMAIL PROTECTED] > > "Stephen Petersen" <[EMAIL PROTECTED]> wrote: > > By the docs its setup to do proxy. > > In plain language what conf files need to be edited. > > clients.conf & proxy.conf > > > I've edit client.conf and proxy.conf and can't get any proxying > happening. > Try running it debug mode, as suggested in the FAQ, README, and > INSTALL. > Alan DeKok. > > > --__--__-- > > Message: 2 > To: list <[EMAIL PROTECTED]> > From: Matthew Schumacher <[EMAIL PROTECTED]> > Subject: test post to list, please ignore > Date: Mon, 14 Jun 2004 23:59:34 +0200 > Reply-To: [EMAIL PROTECTED] > > this is a test > > > > --__--__-- > > Message: 3 > Date: Tue, 15 Jun 2004 09:36:05 +1000 > From: Cameron Gregg <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: Won't run on Solais 8 > Reply-To: [EMAIL PROTECTED] > > Ken Connell wrote: > > FreeRadius 0.9.3 > > It's been great on Redhat, but on a Solaris 8 box I get the > following:> fatal: libradius-0.9.3.so: open failed: No such file > or directory > > > > What directory is your libradius-0.9.3.so in? Also where is radiusd? > > Could be a library path issue....what is the output of crle? > > Cam > > > --__--__-- > > Message: 4 > Date: Tue, 15 Jun 2004 01:34:10 +0200 > From: Damjan <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: ldap sha1 mschap peap pap > Reply-To: [EMAIL PROTECTED] > > > TTLS uses different tunneled authentication methods. Check > those to > > see what's possible. > > TTLS + PAP should work doesnt it. > > > --=20 > damjan | =D0=B4=D0=B0=D0=BC=D1=98=D0=B0=D0=BD > This is my jabber ID --> [EMAIL PROTECTED] <-- not my mail > address!!! > > --__--__-- > > Message: 5 > Date: Mon, 14 Jun 2004 20:14:28 -0500 > Subject: Authenticating to different LDAP servers > From: Michael Check <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > > Hello all, > > We are using freeRADIUS version 0.9.3 on a MacOSX box running 10.2.6 > > We have a Patton dial-in access server that is using freeRADIUS to > AAA off > Active Directory running on a W2K box (192.168.2.5) with domain > marshall.com > We have now set up a W2003 server (10.0.1.5) running active > directory for a > domain msi.com > > The domains are on separate LANs but completely routable between. > > The Patton is on the marshall.com side of the network and uses > LDAP through > freeRADIUS and works great. > > Our desire is to configure freeRADIUS to authenticate specific > users off the > msi.com domain also using LDAP. > > I configured radiusd.conf to authorize off the new server and it > does, but > when authentication comes around, it tries to authenticate off the > firstLDAP server it finds which is 192.168.2.5 > > I have tracked the issue to the fact that the radiusd.conf file > specificallystates that authentication does not cascade (fall > through?) but > authorization does. > > Here are the conf file areas: > > modules { > > # <snip> > > ldap ldap1 { > server = "192.168.2.5" > identity = "cn=ldapuser,cn=users,dc=marshall,dc=com" > password = foo > basedn = "cn=users,dc=marshall,dc=com" > filter = "(sAMAccountName=%{Stripped-User-Name:-%{User- > Name}})" access_attr="msNPAllowDialin" > password_attribute=userPassword > > # <snip> > > } > > ldap ldap2 { > server = "10.0.1.5" > identity = "cn=radiusserver,cn=users,dc=msi,dc=com" > password = foo > basedn = "ou=merchandisers,dc=msi,dc=com" > filter = "(sAMAccountName=%{Stripped-User-Name:-%{User- > Name}})" # access_attr="msNPAllowDialin" > password_attribute=userPassword > > # <snip> > > } > } > > > authorize { > > # The ldap module will set Auth-Type to LDAP if it has not already > been set > ldap1 > ldap2 > } > > authenticate { > # Uncomment it if you want to use ldap for authentication > authtype LDAP { > ldap1 > ldap2 > } > } > > > So debugging shows that the authorize section works as expected, > but, also > as expected, it tries to authenticate off the _first_ LDAP server > only and > fails. > > How can we get freeRADIUS to know that we're authenticating off > the _second_ > LDAP server? I tried setting up another DEFAULT user in the users > filethinking that I could define another Auth-Type, but I cannot > figure out how > to direct freeRADIUS to choose the correct DEFAULT user. > > Any help is greatly appreciated. > > Thanks, > > Michael Check > Solo Group, Inc. > > -- > [EMAIL PROTECTED] > www.sologroup.com > > > > --__--__-- > > Message: 6 > Subject: unknown client > Date: Tue, 15 Jun 2004 09:16:10 +0800 > From: "Timothy Tan" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > > Hi people... > > I had a similar problem when I tried out the freeradius-1.0.0-pre1 > buildwith fedora core 2... whenever I try to get my cisco AP to > auth with > freeradius, I get the same unknown client message, and the IP is > alreadyadded in the clients.conf file... > > Localhost works though, ports are configured... does anybody know why? > Perhaps I erred at some point of the installation? But when I put it > back to 0.9.3, it worked fine... > > > Tim. > > -----Original Message----- > From: [EMAIL PROTECTED] > [EMAIL PROTECTED] On Behalf Of > prabhdeep > Sent: Monday, June 14, 2004 10:58 PM > To: [EMAIL PROTECTED] > Subject: (no subject) > > Thanks Thor, > > I tried 0.0.0.0/1, but it still does not work... I keep getting > following=20 > messages. > Just curious what the networking standard... I thought it was > 0/8/16/24or=20 > is it 1/8/16/24? > > rad_recv: Accounting-Request packet from host 192.168.0.121:1024, > id=3D243,=20 > length=3D141 > Ignoring request from unknown client 192.168.0.121:1024 > --- Walking the entire request list --- > Nothing to do. Sleeping until we see a request. > rad_recv: Access-Request packet from host 192.168.0.121:1024, > id=3D206,=20length=3D228 > Ignoring request from unknown client 192.168.0.121:1024 > > Thanks again. > > prabh > > > > > > > Hi, > > > > How can one allow any NAS client to be authenticated as long as > secret > matches? > > > > client 0.0.0.0/1 { > ... > } > client 128.0.0.0/1 { > ... > } > > > 0.0.0.0/0 does not work in clients.conf.... there does not seem > to be > any > > default entry that I can set.... > > something like "if the IP does not match then use this". > > > > Thannk. > > > > with regards, > > prabh > > > > > -=20 > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > --__--__-- > > Message: 7 > Date: Tue, 15 Jun 2004 10:41:01 +0800 > From: "nsinit" <[EMAIL PROTECTED]> > To: "[EMAIL PROTECTED]" <freeradius- > [EMAIL PROTECTED]>Subject: Re: rlm_sqlcounter && Max- > Daily-Session?? > Reply-To: [EMAIL PROTECTED] > > Hi > > > > > >hi, are you referring in sqlcounter dailycounter in > sqlcounter.conf? Do > >u want to configure the daily counter? > > > > Yeah, it works well. and so what? Maybe i have basical > misunderstanding for > the attribute&&dictionary. Can anyone point it to me? Thx in > advance. > > ============================ > Hello World! > ============================ > [EMAIL PROTECTED] > ��������������������2004-06-15 > > > > > > --__--__-- > > Message: 8 > From: "apellido jr., wilfredo p." <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: radius log > Date: Tue, 15 Jun 2004 12:11:55 +0800 > Reply-To: [EMAIL PROTECTED] > > This is a multi-part message in MIME format. > > ------=_NextPart_000_002E_01C452D1.F38022C0 > Content-Type: text/plain; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > Hello i configured freeradius (rlm_pap + rlm_mysql + > rlm_sqlcounter) = > successfuly and it authenticate perfectfully but i dont see any > stop = > message in radius.log. when trying to run freeradius in debugging > mode = > (radiusd -X) then try to test, freeradius debugging show it accept > and = > when i try to disconnect then stop message appear also. But when i > tried = > to run freeradius and tail radius.log, Only Auth: Login OK message = > appear and not Disconnect or Stop. > > > Sun Jun 13 23:36:40 2004 : Auth: Login OK: [apellido] (from client = > portmaster.mactan.ph port 0) > Sun Jun 13 23:38:05 2004 : Auth: Login incorrect: > [gunday/molendijk] = > (from client portmaster.mactan.ph port 13) > Sun Jun 13 23:38:40 2004 : Auth: Login OK: [gunday] (from client = > portmaster.mactan.ph port 13) > Sun Jun 13 23:38:47 2004 : Auth: Login incorrect: > [lmharm/literock] = > (from client portmaster.mactan.ph port 27) > Sun Jun 13 23:40:19 2004 : Auth: Login OK: [apellido] (from client = > portmaster.mactan.ph port 1) > Sun Jun 13 23:41:00 2004 : Auth: Login OK: [gunday] (from client = > portmaster.mactan.ph port 13) > Sun Jun 13 23:42:17 2004 : Auth: Login OK: [mim] (from client = > portmaster.mactan.ph port 27) > > > here's part of radius.conf > > prefix =3D /usr/local > exec_prefix =3D ${prefix} > sysconfdir =3D /etc > localstatedir =3D /var > sbindir =3D ${exec_prefix}/sbin > logdir =3D ${localstatedir}/log/radius > raddbdir =3D ${sysconfdir}/raddb > radacctdir =3D ${logdir}/radacct > > # Location of config and logfiles. > confdir =3D ${raddbdir} > run_dir =3D ${localstatedir}/run/radiusd > log_file =3D ${logdir}/radius.log > libdir =3D ${exec_prefix}/lib > pidfile =3D ${run_dir}/radiusd.pid > #user =3D nobody > #group =3D nobody > max_request_time =3D 30 > delete_blocked_requests =3D no > cleanup_delay =3D 5 > max_requests =3D 1024 > bind_address =3D * > port =3D 0 > #listen { > # ipaddr =3D * > # port =3D 0 > # type =3D auth > #} > hostname_lookups =3D no > allow_core_dumps =3D no > regular_expressions =3D yes > extended_expressions =3D yes > log_stripped_names =3D no > log_auth =3D yes > log_auth_badpass =3D yes > log_auth_goodpass =3D yes > usercollide =3D no > lower_user =3D no > lower_pass =3D no > nospace_user =3D no > nospace_pass =3D no > checkrad =3D ${sbindir}/checkrad > security { > max_attributes =3D 200 > reject_delay =3D 1 > status_server =3D no > } > > > thanks in advance > > ------=_NextPart_000_002E_01C452D1.F38022C0 > Content-Type: text/html; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> > <HTML><HEAD> > <META http-equiv=3DContent-Type content=3D"text/html; = > charset=3Diso-8859-1"> > <META content=3D"MSHTML 6.00.2800.1400" name=3DGENERATOR> > <STYLE></STYLE> > </HEAD> > <BODY bgColor=3D#ffffff> > <DIV><FONT face=3DArial size=3D2>Hello i configured freeradius > (rlm_pap = > + rlm_mysql=20 > + rlm_sqlcounter) successfuly and it authenticate perfectfully but > i = > dont see=20 > any stop message in radius.log. when trying to run freeradius in = > debugging mode=20 > (radiusd -X) then try to test, freeradius debugging show it accept > and = > when i=20 > try to disconnect then stop message appear also. But when i tried > to run = > > freeradius and tail radius.log, Only Auth: Login OK message appear > and = > not=20 > Disconnect or Stop.</FONT></DIV> > <DIV><FONT face=3DArial size=3D2></FONT> </DIV> > <DIV><FONT face=3DArial size=3D2></FONT> </DIV> > <DIV><FONT face=3DArial size=3D2>Sun Jun 13 23:36:40 2004 : Auth: > Login = > OK:=20 > [apellido] (from client portmaster.mactan.ph port 0)<BR>Sun Jun 13 = > 23:38:05 2004=20 > : Auth: Login incorrect: [gunday/molendijk] (from client = > portmaster.mactan.ph=20 > port 13)<BR>Sun Jun 13 23:38:40 2004 : Auth: Login OK: [gunday] > (from = > client=20 > portmaster.mactan.ph port 13)<BR>Sun Jun 13 23:38:47 2004 : Auth: > Login=20incorrect: [lmharm/literock] (from client > portmaster.mactan.ph port = > 27)<BR>Sun=20 > Jun 13 23:40:19 2004 : Auth: Login OK: [apellido] (from client=20 > portmaster.mactan.ph port 1)<BR>Sun Jun 13 23:41:00 2004 : Auth: > Login = > OK:=20 > [gunday] (from client portmaster.mactan.ph port 13)<BR>Sun Jun 13 = > 23:42:17 2004=20 > : Auth: Login OK: [mim] (from client portmaster.mactan.ph port=20 > 27)<BR></FONT></DIV> > <DIV><FONT face=3DArial size=3D2></FONT> </DIV> > <DIV><FONT face=3DArial size=3D2>here's part of > radius.conf</FONT></DIV><DIV><FONT face=3DArial size=3D2></FONT> > </DIV><DIV><FONT face=3DArial size=3D2>prefix =3D > /usr/local<BR>exec_prefix = > =3D=20 > ${prefix}<BR>sysconfdir =3D /etc<BR>localstatedir =3D > /var<BR>sbindir = > =3D=20 > ${exec_prefix}/sbin<BR>logdir =3D = > ${localstatedir}/log/radius<BR>raddbdir =3D=20 > ${sysconfdir}/raddb<BR>radacctdir =3D ${logdir}/radacct</FONT></DIV> > <DIV><FONT face=3DArial size=3D2></FONT> </DIV> > <DIV><FONT face=3DArial size=3D2># Location of config and = > logfiles.<BR>confdir=20 > =3D ${raddbdir}<BR>run_dir =3D > ${localstatedir}/run/radiusd<BR>log_file = > =3D=20 > ${logdir}/radius.log<BR>libdir =3D ${exec_prefix}/lib<BR>pidfile > =3D=20${run_dir}/radiusd.pid<BR>#user =3D nobody<BR>#group =3D = > nobody<BR>max_request_time=20 > =3D 30<BR>delete_blocked_requests =3D no<BR>cleanup_delay =3D = > 5<BR>max_requests =3D=20 > 1024<BR>bind_address =3D *<BR>port =3D 0<BR>#listen=20 > {<BR># ipaddr =3D=20 > *<BR># port =3D=20 > 0<BR># type =3D = > auth<BR>#}<BR>hostname_lookups=20 > =3D no<BR>allow_core_dumps =3D = > no<BR>regular_expressions =3D=20 > yes<BR>extended_expressions =3D = > yes<BR>log_stripped_names =3D=20 > no<BR>log_auth =3D yes<BR>log_auth_badpass =3D > yes<BR>log_auth_goodpass = > =3D=20 > yes<BR>usercollide =3D no<BR>lower_user =3D no<BR>lower_pass =3D = > no<BR>nospace_user =3D=20 > no<BR>nospace_pass =3D no<BR>checkrad =3D = > ${sbindir}/checkrad<BR>security=20 > {<BR> max_attributes =3D=20 > 200<BR> reject_delay =3D=20 > 1<BR> status_server =3D=20 > no<BR>}<BR></FONT></DIV> > <DIV><FONT face=3DArial size=3D2></FONT> </DIV> > <DIV><FONT face=3DArial size=3D2>thanks in advance</FONT></DIV> > <DIV><FONT face=3DArial size=3D2> </DIV></FONT></BODY></HTML> > > ------=_NextPart_000_002E_01C452D1.F38022C0-- > > > > > --__--__-- > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > End of Freeradius-Users Digest > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
