Thanks,
Silpa
[EMAIL PROTECTED] wrote:
Send Freeradius-Users mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Re: Question Regarding FreeRADIUS debug ----please help!
(Alan DeKok)
2. Re: FreeRADIUS 1.1.1 Segmentation fault on Fedora 4 (Alan DeKok)
3. Re: Freeradius-Users Digest, Vol 12, Issue 56 (Out Of Office)
(BRETT WEEAST)
4. freeradius 1.0.5 - Max-All-Session, Max-Daily-Session and
Max-Monthly-Session maximum value limit (James)
5. Re: freeradius 1.0.5 - Max-All-Session, Max-Daily-Session and
Max-Monthly-Session maximum value limit (Alan DeKok)
6. Simultaneous-Use Issue (James)
7. EAP/TLS Authentication fail~~~~ (=?gb2312?B?y+8gx78=?=)
----------------------------------------------------------------------
Message: 1
Date: Wed, 12 Apr 2006 17:13:26 -0400
From: "Alan DeKok"
Subject: Re: Question Regarding FreeRADIUS debug ----please help!
To: FreeRadius users mailing list
Message-ID: <[EMAIL PROTECTED]>
Silpa Akkinawrote:
> server....i think all i can get is debug with seconds resolution...but for my
>
> project i have to take milli seconds readings....please help!
Edit the source code.
Alan DeKok.
------------------------------
Message: 2
Date: Wed, 12 Apr 2006 17:15:04 -0400
From: "Alan DeKok"
Subject: Re: FreeRADIUS 1.1.1 Segmentation fault on Fedora 4
To: FreeRadius users mailing list
Message-ID: <[EMAIL PROTECTED]>
Nikolas Thomanwrote:
> Any help in diagnosing the reason why I'm encountering a fault in
> malloc would be much appreciated.
It usually happens because something else in the code is
over-writing a buffer, or writing to free'd memory.
Run the server under valgrind to see what's going on. You'll have
to pass special options to work around the infinite SSL warnings, but
those warnings can be ignored.
Alan DeKok.
------------------------------
Message: 3
Date: Wed, 12 Apr 2006 17:40:12 -0400
From: "BRETT WEEAST"
Subject: Re: Freeradius-Users Digest, Vol 12, Issue 56 (Out Of Office)
To:
Message-ID:
Content-Type: text/plain; charset=US-ASCII
I will be out of the office Thu, April 13 through Fri, April 21.
If you require assistance prior to April 24, email the Network Services Unit at: [EMAIL PROTECTED]
>>> freeradius-users 04/12/06 17:12 >>>
Send Freeradius-Users mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Re: Freeradius, mysql, please help!!! (YvesDM)
2. Re: Question (YvesDM)
3. Re: Freeradius, mysql, please help!!! (Laker Netman)
4. Multiple Locations and configuring 2 different methods of
Access (James)
5. Re: FreeRADIUS and SNMP (Kevin Bonner)
6. FreeRADIUS 1.1.1 Segmentation fault on Fedora 4 (Nikolas Thoman)
7. Question Regarding FreeRADIUS debug ----please help!
(Silpa Akkina)
----------------------------------------------------------------------
Message: 1
Date: Wed, 12 Apr 2006 20:43:22 +0200
From: YvesDM
Subject: Re: Freeradius, mysql, please help!!!
To: "FreeRadius users mailing list"
Message-ID:
<[EMAIL PROTECTED]>
Content-Type: text/plain; charset="iso-8859-1"
On 4/12/06, [EMAIL PROTECTED] wrote:
>
> Hi,
>
> ummm. I'm not too certain here but wasnt the password you defined in the
> mySQL database for john $1$bkW9WNor$tq5sRRiUcwOV4/fwk3CYM/
> if this is a crypted password then surely the attribute is Crypt-Password
> rather than User-Password?
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
Correct, alan DeKok told me too. I changed it, but it didn't solve the
problem.
tnx
yves
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060412/8e9693ce/attachment-0001.html
------------------------------
Message: 2
Date: Wed, 12 Apr 2006 20:58:34 +0200
From: YvesDM
Subject: Re: Question
To: "FreeRadius users mailing list"
Message-ID:
<[EMAIL PROTECTED]>
Content-Type: text/plain; charset="iso-8859-1"
On 4/12/06, [EMAIL PROTECTED] wrote:
>
> Hi,
>
> > modcall: leaving group authorize (returns ok) for request 0
> > rad_check_password: Found Auth-Type System
> > auth: type "System"
>
> try removing the default System authentication method from your
> users file.
>
> alan
Working now!
i changed "system to "radius" in the users file and now it's working.
# First setup all accounts to be checked against the UNIX /etc/passwd.
# (Unless a password was already given earlier in this file).
#
DEFAULT Auth-Type = Radius
Fall-Through = 1
Many tnx
Yves
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060412/2b4efff6/attachment-0001.html
------------------------------
Message: 3
Date: Wed, 12 Apr 2006 12:23:05 -0700 (PDT)
From: Laker Netman
Subject: Re: Freeradius, mysql, please help!!!
To: FreeRadius users mailing list
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=iso-8859-1
--- YvesDMwrote:
> On 4/12/06, Alan DeKokwrote:
> >
> > YvesDMwrote:
> > > mysql> select * from radcheck;
> > >
> >
>
+----+----------+---------------+----+------------------------------------+
> > > | id | UserName | Attribute | op |
> > Value |
> > >
> >
>
+----+----------+---------------+----+------------------------------------+
> > > | 1 | steve | User-Password | :=3D |
> > $1$nyiGAEuR$5wcFr5bT7SfkVjIChnbZo0=
> > > |
> >
> > These are *not* clear-text passwords. They're
> encrypted
> > passwords. Change the attribute name to
> Crypt-Password, and it should
> > work.
> >
> > Alan DeKok.
>
>
>
> Tnx for the reply, but it didn't solve my problem.
>
> mysql> select * from radcheck;
>
+----+----------+----------------+----+------------------------------------+
> | id | UserName | Attribute | op | Value
> |
>
+----+----------+----------------+----+------------------------------------+
> | 1 | steve | User-Password | := |
> $1$nyiGAEuR$5wcFr5bT7SfkVjIChnbZo0 |
> | 2 | maureen | Crypt-Password | := |
> $1$LTvKoOtc$X2fVg8uDqyP4.mU.iLNKm0 |
> | 3 | john | Crypt-Password | := |
> $1$bkW9WNor$tq5sRRiUcwOV4/fwk3CYM/ |
>
+----+----------+----------------+----+------------------------------------+
> 3 rows in set (0.00 sec)
>
> mysql> quit
> Bye
> radius:/usr/local/etc/raddb# radtest john test
> localhost 1812 testing123
> Sending Access-Request of id 213 to 127.0.0.1 port
> 1812
> User-Name = "john"
> User-Password = "test"
> NAS-IP-Address = 255.255.255.255
> NAS-Port = 1812
> Re-sending Access-Request of id 213 to 127.0.0.1
> port 1812
> User-Name = "john"
> User-Password = "test"
> NAS-IP-Address = 255.255.255.255
> NAS-Port = 1812
> rad_recv: Access-Reject packet from host
> 127.0.0.1:1812, id=213, length=20
> radius:/usr/local/etc/raddb# radtest maureen test
> localhost 1812 testing123
> Sending Access-Request of id 219 to 127.0.0.1 port
> 1812
> User-Name = "maureen"
> User-Password = "test"
> NAS-IP-Address = 255.255.255.255
> NAS-Port = 1812
> Re-sending Access-Request of id 219 to 127.0.0.1
> port 1812
> User-Name = "maureen"
> User-Password = "test"
> NAS-IP-Address = 255.255.255.255
> NAS-Port = 1812
> rad_recv: Access-Reject packet from host
> 127.0.0.1:1812, id=219, length=20
> radius:/usr/local/etc/raddb#
>
> Any other suggestions?
>
> Yves
> > -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Try switching everything back to clear text, with
User-Password attribute and *clear text passwords* and
see if anybody can auth that way.
Laker
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam
protection around
http://mail.yahoo.com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
------------------------------
Message: 4
Date: Wed, 12 Apr 2006 13:02:35 -0700
From: James
Subject: Multiple Locations and configuring 2 different methods of
Access
To: [email protected]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Hello,
I am running freeradius 1.0.5 on FC4 i386
My end-users right now are getting authenticated by the login-based
mysql radcheck table from freeradius and they are coming from multiple
locations through a web-based portal redirected by their gateway.
My question is, if there is a way to setup freeradius for example: to
allow for 3 locations to login through the login based authentication
(the way it is setup right now) and at the same time grant 2 other
locations access without the need of using login based authentication, I
now there is an option to allow access without authentication, but to my
understanding this is global for all locations, I am looking for a way
to allow access without athentication for a specific location and at the
same time not interfere with the locations that are using login-based
authentication.
Is this possible? If so, where can I get more documentation on this
topic and where can I see an actual configuration example of this type
of setup?
If this is not possible "out of the box", where can I get documentation
on a work around or similar solutions?
Thank you in advance for all your help,
James
------------------------------
Message: 5
Date: Wed, 12 Apr 2006 16:34:14 -0400
From: Kevin Bonner
Subject: Re: FreeRADIUS and SNMP
To: [email protected]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="iso-8859-15"
On Wednesday 12 April 2006 10:48, DESETech - German P. Santillan wrote:
> But... I can't obtain a valid response for OID 1.3.6.1.4.1.3317
The OIDs you want to query are:
radiusAuthServ 1.3.6.1.2.1.67.1.1.1.1.* (or mib-2.67.1.1.1.1.*)
radiusAccServ 1.3.6.1.2.1.67.2.1.1.1.* (or mib-2.67.2.1.1.1.*)
Loading the MIBS from the mibs/ directory in the FR source will allow you to
query the actual names instead of OIDs.
Kevin Bonner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060412/4cea40ea/attachment-0001.bin
------------------------------
Message: 6
Date: Wed, 12 Apr 2006 13:56:18 -0700 (PDT)
From: Nikolas Thoman
Subject: FreeRADIUS 1.1.1 Segmentation fault on Fedora 4
To: [email protected]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="iso-8859-1"
I am running FreeRADIUS 1.1.1 on a Fedora Core 4 server (kernel 2.6.11-1.1369_FC4smp) to authenticate using EAP-SIM.
After ~400 successful auths at 20 requests/second the radiusd service encounters a segmentation fault. The output of the gdb dump is as follows:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1208572224 (LWP 9805)]
0x0072ec33 in _int_malloc () from /lib/libc.so.6
(gdb) bt
#0 0x0072ec33 in _int_malloc () from /lib/libc.so.6
#1 0x00730792 in malloc () from /lib/libc.so.6
#2 0x005007e4 in eap_compose (handler=0x8fb8220) at eap.c:395
#3 0x004ffa94 in eap_authenticate (instance=0x8f8e4b8, request=0x8fbe648) at rlm_eap.c:341
#4 0x08053009 in modcall ()
#5 0x0805351d in modcall ()
#6 0x0805312d in modcall ()
#7 0x080525ba in find_module_instance ()
#8 0x0804c532 in rad_check_password ()
#9 0x0804cb03 in rad_authenticate ()
#10 0x08054c0a in rad_respond ()
#11 0x08056287 in main ()
(gdb)
I have another FreeRADIUS 1.0.3 server running on a Red Hat 9 server (kernel 2.4.20-8) that has had no problems running this kind of traffic.
Any help in diagnosing the reason why I'm encountering a fault in malloc would be much appreciated.
Thanks,
Nik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060412/4cb8661f/attachment-0001.html
------------------------------
Message: 7
Date: Wed, 12 Apr 2006 14:02:30 -0700 (PDT)
From: Silpa Akkina
Subject: Question Regarding FreeRADIUS debug ----please help!
To: [email protected]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="iso-8859-1"
Hi....i am new to this group and joined just few minutes back. I had a
question regarding how to view the milliseonds resolution in the RADIUS
debug....i am trying to collect the output from the proxy radius
server....i think all i can get is debug with seconds resolution...but for my
project i have to take milli seconds readings....please help!
>
> Thanks,
> Silpa
http://akkinasilpa.blogspot.com
---------------------------------
Yahoo! Messenger with Voice. PC-to-Phone calls for ridiculously low rates.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060412/198f927e/attachment.html
------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
End of Freeradius-Users Digest, Vol 12, Issue 56
************************************************
------------------------------
Message: 4
Date: Wed, 12 Apr 2006 17:48:54 -0700
From: James
Subject: freeradius 1.0.5 - Max-All-Session, Max-Daily-Session and
Max-Monthly-Session maximum value limit
To: [email protected]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Hello I am using freeradius 1.0.5, what is the maximum value of seconds
allowed in the attributes: Max-All-Session, Max-Daily-Session and
Max-Monthly-Session ?
I cannot find this information in my research.
Thank you,
James
------------------------------
Message: 5
Date: Wed, 12 Apr 2006 20:46:02 -0400
From: "Alan DeKok"
Subject: Re: freeradius 1.0.5 - Max-All-Session, Max-Daily-Session and
Max-Monthly-Session maximum value limit
To: FreeRadius users mailing list
Message-ID: <[EMAIL PROTECTED]>
Jameswrote:
> Hello I am using freeradius 1.0.5, what is the maximum value of seconds
> allowed in the attributes: Max-All-Session, Max-Daily-Session and
> Max-Monthly-Session ?
They're integers, so 32-bits, or 4 billion.
Alan DeKok.
------------------------------
Message: 6
Date: Wed, 12 Apr 2006 20:55:57 -0700
From: James
Subject: Simultaneous-Use Issue
To: [email protected]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=windows-1252; format=flowed
I have freeradius 1.0.5 installed
my end-users are able to login simultaneously using the same username
and password, the radacct table is recording the aggregating session
time that the multiple simultaneous users use.
in my radcheck table I have all my users login attributes set to:
User-Password = somepassword
Max-All-Session = 123456
Simultaneous-Use := 1
Is there extra attributes that I need to set or configuration that I
need to add in order to not let the same user login simultaneously
through different machines?
Thank you,
James
------------------------------
Message: 7
Date: Thu, 13 Apr 2006 14:07:38 +0800
From: =?gb2312?B?y+8gx78=?=
Subject: EAP/TLS Authentication fail~~~~
To: [email protected]
Message-ID:
Content-Type: text/plain; charset=gb2312; format=flowed
Hi
I want to build a freeradius+openssl server to authenticate 802.1x
and I've installed freeradius-1.0.2 and openssl-0.9.7e
the server is built in RedHat 9 and the client is Odyssey Client Manager in
Windows XP.
now i can use EAP/MD5 get the authentication well.
but when we use EAP/TLS, the client cannot be authenticated ~~
I don't whether it's the problem of the freeradius server configure or CAs
or anyother
I paste the fail information and the freeradius debug infos below.
Please give me some help ,Thanks!
there're such errors:
line242: TLS_accept:error in SSLv3 read client certificate A
line344: rlm_eap_tls: <<< TLS 1.0 Handshake [length 05d2], Certificate
--> verify error:num=18:self signed certificate
line361: rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert write:fatal:unknown CA
TLS_accept:error in SSLv3 read client certificate B
5385:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no
certificate returned:s3_srvr.c:1989:
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
##the debug infos of freeradius
[EMAIL PROTECTED] sbin]# radiusd -X -A
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/eap.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/usr/local/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 1812
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/usr/local/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
=== message truncated ===
http://akkinasilpa.blogspot.com
Yahoo! Messenger with Voice. PC-to-Phone calls for ridiculously low rates.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
