use of reply-items in acct_users file??
hi, what is the use of reply-items attributes in acct_users file??? where and how can they be used? also what is the way to avoid logging some (not all) accounting users (in radacct directory)?? Basically i don't want to log the accouting packets of some specified users. --DilipSimha - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: conflicts/duplicates need
On Mon 03 Apr 2006 23:08, Duane Cox wrote: List: I've been using free radius for about a month and learning as I go. But I've noticed that I get a period every few hours when freeradius doesn't authenticate. I'm not sure what the problem is, but here is the log as captured in /var/log/radiusd Any idea what could be causing this? Hi Duane Good to see you using FreeRADIUS :-) Probably you have a cron script of some kind running a report or vacuum on your database and it is not responding to RADIUS. Are you using the database for something else as well? -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpdNGQ7LtdGs.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Install freeradius 1.1.1 get error
On 4/4/06, 杨呈飞 [EMAIL PROTECTED] wrote: After ./configure �Cprefix=/usr/local/freeradius make make install I get: /home/test/freeradius-1.1.1/install-sh -c -c .libs/libradius-1.1.1.so /usr/local/freeradius/libradius-1.1.1.so (cd /usr/local/freeradius rm -f libradius.so ln -s libradius-1.1.1.so libradius.so) /home/test/freeradius-1.1.1/install-sh -c -c .libs/libradius.lai /usr/local/freeradius/libradius.la /home/test/freeradius-1.1.1/install-sh -c -c .libs/libradius.a /usr/local/freeradius/libradius.a ranlib /usr/local/freeradius/libradius.a chmod 644 /usr/local/freeradius/libradius.a libtool: install: warning: remember to run `libtool --finish /usr/local/freeradius/lib' rm -f /usr/local/freeradius/lib/libradius-1.1.1.la; ln -s libradius.la /usr/local/freeradius/lib/libradius-1.1.1.la ln: creating symbolic link `/usr/local/freeradius/lib/libradius-1.1.1.la' to `libradius.la': No such file or directory gmake[4]: *** [install] Error 1 gmake[4]: Leaving directory `/home/test/freeradius-1.1.1/src/lib' gmake[3]: *** [common] Error 2 gmake[3]: Leaving directory `/home/test/freeradius-1.1.1/src' gmake[2]: *** [install] Error 2 gmake[2]: Leaving directory `/home/test/freeradius-1.1.1/src' gmake[1]: *** [common] Error 2 gmake[1]: Leaving directory `/home/test/freeradius-1.1.1' make: *** [install] Error 2 how can I fix that? hello yang, ur mistake is wen ur configuring radius. instead of ./configure --prefix=/usr/local/freeradius try, ./configure --prefix=/usr/local The compiler is probably lookin for library files in a folder that doesnt exist, n so the error... Moreover, all dependancy packages related to freeradius should have the same prefix while configuring just to be safe this mite solve ur problem - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Error on compile with eap_peap_tls
I have the error with the version 1.1.1, and the snapshot-20060604. I have the log available for people who want to have a look. best regards - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Two times authorization and/or both proxying and serving
Thank you very much for this answer... We will check the domains quota by a query into Mysql table located in proxy's own database Thank you in advance for the help you can give us!!! From: Alan DeKok [EMAIL PROTECTED] Reply-To: FreeRadius users mailing list freeradius-users@lists.freeradius.org To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Subject: Re: Two times authorization and/or both proxying and serving Date: Mon, 03 Apr 2006 19:24:42 -0400 Mark Supersonik [EMAIL PROTECTED] wrote: I need to find the cheapest way to reject a request in proxy radius in the case that a domain doesn't has quota. If domain has quota, the proxy must forward the request to the corresponding authserv and finish the cycle in its natural porpose. Write a shell script to do this. Without a more detailed description of *how* you check if a domain has enough quota, it's impossible to give a better answer. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Dale rienda suelta a tu tiempo libre. Mil ideas para exprimir tu ocio con MSN Entretenimiento. http://entretenimiento.msn.es/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Couldn't stop freeradius server!!
Hi All, Installed freeradius 1.1.0-1 on debian system (2.6.15-1-686). The radius server started automatically well each time when the system booting. But I wanted to stop it to do some testing using my modified configuration files. I tried to stop the server using command: 'freeradius stop' ('radiusd' doesn't work on this debian - anyone knows why??) But so werid, no matter what command I gave, with parameter stop|start|restart, the server ALWAYS goes to START again!! even from the /etc/init.d/freeradius I can read that the 'stop' param should stop the server! Can anyone tell me why the command couldn't stop the server?? and how should I stop it?? The log file shows entries like this for each of my trying, even the command viven was to stop: Tue Apr 4 01:14:13 2006 : Info: Using deprecated naslist file. Support for this will go away soon. Tue Apr 4 01:14:13 2006 : Error: There appears to be another RADIUS server running on the authenticat What is happenning here? (I couldn't top the running deamon, so is the 2nd line above) Also, from the log file I noticed: even when the system automatically started the freeradius server deamon, it was Using deprecated naslist file. Log entries show like this: Fri Mar 31 13:51:54 2006 : Info: Using deprecated naslist file. Support for this will go away soon. Fri Mar 31 13:51:54 2006 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Fri Mar 31 13:51:55 2006 : Info: Ready to process requests. Can anyone tell me what is happenning here?? Why it's using the deprecating naslist file? The installed radiusd.conf file doesn't show the server will use the naslist file at all! from where I can stop the server to use this deprecating file? Also what does the 2nd line of the above log entries mean? Any help would be greatly appreciated! Thank you so much for help in advance!! Best regrads, leo __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(no subject)
Hi! I have Freeradius ver. 1.1.1 running with MySQL and configured for EAP-PEAP to work with Cisco AP1231AG Wi-Fi Access Point. It is used for user authentication and accounting. I configured AP for accounting updates every 1 minute. I observed a strange behavior. This I get when user is logged in: rad_recv: Accounting-Request packet from host 193.100.101.230:1646, id=11, length=298 Acct-Session-Id = 0002 Called-Station-Id = 0012.7fce.63d0 Calling-Station-Id = 0004.238b.f5e5 Cisco-AVPair = ssid=Registru_Networks Cisco-AVPair = vlan-id=0 Cisco-AVPair = nas-location=Sala_de_Sedinte_et2 WISPr-Location-Name = Sala_de_Sedinte_et2 User-Name = cisco Cisco-AVPair = connect-progress=Call Up Acct-Session-Time = 566 Acct-Input-Octets = 1853338 Acct-Output-Octets = 1811068 Acct-Input-Packets = 3317 Acct-Output-Packets = 2230 Acct-Authentic = RADIUS Acct-Status-Type = Interim-Update NAS-Port-Type = Wireless-802.11 Cisco-NAS-Port = 257 NAS-Port = 257 Service-Type = Framed-User NAS-IP-Address = 193.100.101.230 Acct-Delay-Time = 0 Processing the preacct section of radiusd.conf modcall: entering group preacct for request 20 modcall[preacct]: module preprocess returns noop for request 20 rlm_acct_unique: Hashing 'NAS-Port = 257,Client-IP-Address = 193.100.101.230,NAS-IP-Address = 193.100.101.230,Acct-Session-Id = 0002,User-Name = cisco' rlm_acct_unique: Acct-Unique-Session-ID = 08f82868ccd223c7. modcall[preacct]: module acct_unique returns ok for request 20 rlm_realm: No '@' in User-Name = cisco, looking up realm NULL rlm_realm: No such realm NULL modcall[preacct]: module suffix returns noop for request 20 modcall: leaving group preacct (returns ok) for request 20 Processing the accounting section of radiusd.conf modcall: entering group accounting for request 20 radius_xlat: 'cisco' rlm_sql (sql): sql_set_user escaped user -- 'cisco' radius_xlat: 'UPDATE radacct SET FramedIPAddress = if(''='VoIP','',''), AcctInputOctets = '1853338', AcctOutputOctets = '1811068' WHERE AcctSessionId = '0002' AND UserName = 'cisco' AND NASIPAddress= '193.100.101.230' AND AcctStopTime = 0' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): Released sql socket id: 4 After 10 minutes of working AP sends Access-Request to Radius with Service-Type = Authenticate-Only: rad_recv: Access-Request packet from host 193.100.101.230:1645, id=11, length=119 User-Name = cisco Framed-MTU = 1400 Called-Station-Id = 0012.7fce.63d0 Calling-Station-Id = 0004.238b.f5e5 Service-Type = Authenticate-Only Message-Authenticator = 0x022a4d954819b3fd4dc515c7041f6335 EAP-Message = 0x0201000a01636973636f NAS-Port-Type = Wireless-802.11 NAS-Port = 257 NAS-IP-Address = 193.100.101.230 and after authenticating I get: Processing the preacct section of radiusd.conf modcall: entering group preacct for request 28 modcall[preacct]: module preprocess returns noop for request 28 rlm_acct_unique: Hashing 'NAS-Port = 257,Client-IP-Address = 127.0.0.1,NAS-IP-Address = 193.100.101.230,Acct-Session-Id = 0002,User-Name = cisco' rlm_acct_unique: Acct-Unique-Session-ID = 006880115bf32fe3. modcall[preacct]: module acct_unique returns ok for request 28 rlm_realm: No '@' in User-Name = cisco, looking up realm NULL rlm_realm: No such realm NULL modcall[preacct]: module suffix returns noop for request 28 modcall: leaving group preacct (returns ok) for request 28 Processing the accounting section of radiusd.conf modcall: entering group accounting for request 28 radius_xlat: 'cisco' rlm_sql (sql): sql_set_user escaped user -- 'cisco' radius_xlat: 'UPDATE radacct SET RX='', TX='', AcctStopTime = '2006-04-04 11:45:21', AcctSessionTime = '0', AcctInputOctets = '0', AcctOutputOctets = '0', AcctTerminateCause = if(''='VoIP','',''), AcctStopDelay = '0', ConnectInfo_stop = '' WHERE AcctSessionId = '0002' AND UserName = 'cisco' AND NASIPAddress = '193.100.101.230' AND AcctStopTime = 0' rlm_sql (sql): Reserving sql socket id: 1 rlm_sql (sql): Released sql socket id: 1 This clears the accounting with zero and I loose statistics. Why I get Client-IP-Address = 127.0.0.1 in second accounting hash calculation? In first accounting request Client-IP-Address is 193.100.101.230. I think this causes hases not to be the same (006880115bf32fe3 visa 08f82868ccd223c7) and the result is interim accounting clearing. Is this a BUG? Where I am wrong? Please help me to find the problem. Constantin. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error on compile with eap_peap_tls
Franck wrote: I have the error with the version 1.1.1, and the snapshot-20060604. I have the log available for people who want to have a look. Please copy the log on some website, and post the URL to the list. You should also tell us the operating system you're using. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error on compile with eap_peap_tls
hi, That's exactly what I was saying myself when I received your mail, how stupid I was not to post the log on the net with a link! here it is: http://acmdb.free.fr/freeradius and I'm using mandriva 2006 (updated) Remarque: I was just able to compile the version 1.1.1, but I haven't any idea why it works now, but the snapshot doesn't compile! Franck Nicolas Baradakis a crit: Franck wrote: I have the error with the version 1.1.1, and the snapshot-20060604. I have the log available for people who want to have a look. Please copy the log on some website, and post the URL to the list. You should also tell us the operating system you're using. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RedHat Security updates for FR
RedHat Enterprise (and CentOS) has finally released security updates for their FreeRADIUS rpms: https://rhn.redhat.com/errata/RHSA-2006-0271.html Incase anyone is interested -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius 1.1.1
Hello, the FreeRadius Wiki say HP/UX is a supported platform :-) I try to compile freeradius 1.1.1 on HP-UX 11i with HP's cc but I have no success :-( My question: have anybody successful compiled freeradius 1.1.1 on HP-UX 11i with the HP compiler and can I use HP's TCB for user authentification with freeradius I use configure with this options: ./configure --prefix=/opt/freeradius-1.1.1 --localstatedir=/var/freeradius \ --with-logdir=/pm/freeradius --with-threads=no --with-snmp=no \ --with-openssl-includes=/opt/openssl/include \ --with-openssl-libraries=/opt/openssl/lib 21 | tee config.prot and see e.g. this errors: cc -Ae +O3 -s -DNDEBUG -I/cdwriteau/freeradius-1.1.1/src/include -c rlm_unix.c +Z -DPIC -o .libs/rlm_unix.lo cc: compat.h, line 66: error 1000: Unexpected symbol: shadow_pwd_t. cc: compat.h, line 66: error 1584: Inconsistent type declaration: fgetspent. cc: compat.h, line 67: warning 604: Pointers are not assignment-compatible. gmake[6]: *** [rlm_unix.lo] Error 1 gmake[6]: Leaving directory `/cdwriteau/freeradius-1.1.1/src/modules/rlm_unix' gmake[5]: *** [common] Error 2 Greetings Wolfram Greinert -- ### # Wolfram Greinert # # URZ der Uni Leipzig, Abteilung Netze # # 04109 Leipzig, Augustusplatz 10/11# # Tel.: +(0341) 97-33325# # email: [EMAIL PROTECTED] # ### - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Redundant ldap's bug?
Hi! I have freeradius 1.1.0 working and I want to have a redundant/load balancing mecanism but when I use TLS to secure the communication with the ldaps, FR only works with one server (eg: ldapmaster). The log says that it cannot contact the other server (eg: ldapslave). But if I use one ldap in clear-text communication, it works perfectly, that is I have redundant load balancing with one LDAP/TLS and another LDAP/clear. Of course it's not what I want. :-) My configurations are: modules { ... ldap ldapmaster { server = checkpoint2 port = 636 basedn = ou=users,dc=ual,dc=pt filter = (mail=%{User-Name}) dictionary_mapping = ${raddbdir}/ldap.attrmap timeout = 60 timelimit = 60 net_timeout = 60 ldap_connections_number = 30 access_attr = radiusClientIPAddress start_tls = no tls_cacertfile = ${raddbdir}/1x/checkpoint2.pem tls_certfile = ${raddbdir}/1x/checkpoint2.pem tls_keyfile = ${raddbdir}/1x/checkpoint2.pem } ldap ldapslave { server = checkpoint port = 636 basedn = ou=users,dc=ual,dc=pt filter = (mail=%{User-Name}) dictionary_mapping = ${raddbdir}/ldap.attrmap timeout = 60 timelimit = 60 net_timeout = 60 ldap_connections_number = 30 access_attr = radiusClientIPAddress start_tls = no tls_cacertfile = ${raddbdir}/1x/checkpoint.pem tls_certfile = ${raddbdir}/1x/checkpoint.pem tls_keyfile = ${raddbdir}/1x/checkpoint.pem } ... } redundant-load-balance { ldapmaster ldapslave } Any idea? TIA. -- Atentamente, |Paulo Cabrita, Msc| |Director do Centro de Informática | |da Universidade Autónoma de Lisboa| |Tel: +351-213177635 | |Fax: +351-213533702 | |E-mail: [EMAIL PROTECTED]| - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Couldn't stop freeradius server!!
On 4/4/06, lmyho [EMAIL PROTECTED] wrote: Hi All,Installed freeradius 1.1.0-1 on debian system (2.6.15-1-686).The radius serverstarted automatically well each time when the system booting. But I wanted to stop it to do some testing using my modified configuration files. I tried to stop theserver using command: 'freeradius stop' ('radiusd' doesn't work on this debian -anyone knows why??)But so werid, no matter what command I gave, with parameter stop|start|restart, the server ALWAYS goes to START again!! even from the /etc/init.d/freeradius I can readthat the 'stop' param should stop the server!Can anyone tell me why the commandcouldn't stop the server?? and how should I stop it?? The log file shows entries like this for each of my trying, even the command vivenwas to stop:Tue Apr4 01:14:13 2006 : Info: Using deprecated naslist file.Support for thiswill go away soon. Tue Apr4 01:14:13 2006 : Error: There appears to be another RADIUS server runningon the authenticatWhat is happenning here?(I couldn't top the running deamon, so is the 2nd lineabove)Also, from the log file I noticed: even when the system automatically started the freeradius server deamon, it was Using deprecated naslist file. Log entries showlike this:Fri Mar 31 13:51:54 2006 : Info: Using deprecated naslist file.Support for thiswill go away soon. Fri Mar 31 13:51:54 2006 : Info: rlm_exec: Wait=yes but no output defined. Did youmean output=none?Fri Mar 31 13:51:55 2006 : Info: Ready to process requests.Can anyone tell me what is happenning here?? Why it's using the deprecating naslist file? The installed radiusd.conf file doesn't show the server will use the naslistfile at all! from where I can stop the server to use this deprecating file?Alsowhat does the 2nd line of the above log entries mean? Any help would be greatly appreciated!Thank you so much for help in advance!!Best regrads,leo Instead of using the command to stop the radius daemon, herez another simple way. At the console type ps -ax | grep radiusd , this will give u the list of radius servers currently along with its process IDs. The next thing u do is type kill pid# , PID# refers to the process idnumber of ur currently running radius daemon. Hope it helps... Dunno bout the NAS list though... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Implimenting Capping with FreeRadius
I have modified the sqlcounter module to not only replying with a Session-Timeout but with another attribute - Recv-Limit in my case as it is supported by my NAS. The counter module then simply does a query on the database during the access request processing and returns the limit allowed for the user based on the maximum - used value set in the radcheck table for the user or radgroupcheck for the user's group. This works better than an external script as it will also limit the user for the current session - and it implies that he will never be able to use more than his allowed maximum Jaco van Tonder -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shawn Hamman Sent: 03 April 2006 03:23 PM To: freeradius-users@lists.freeradius.org Subject: Implimenting Capping with FreeRadius Hi, OS: Fedora C4 FR: 1.0.2-2 DB: MySQL 4.1.11-2 I was wondering if anybody has a more elegant solution to implementing capping with FreeRadius than writing a script that totals the bytes in/out in the radacct table every couple of minutes and updates the radcheck table to deny further logins? Shawn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: RedHat Security updates for FR
Do you know bugs that this update fixes applies to any installs o n redhat or only to RPMs? -Original Message- From: [EMAIL PROTECTED] .org [mailto:[EMAIL PROTECTED] eeradius.org] On Behalf Of Dennis Skinner Sent: Tuesday, April 04, 2006 9:13 AM To: FreeRadius users mailing list Subject: RedHat Security updates for FR RedHat Enterprise (and CentOS) has finally released security updates for their FreeRADIUS rpms: https://rhn.redhat.com/errata/RHSA-2006-0271.html Incase anyone is interested -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1.1.1
Hi Wolfram As far as I know none of the core developers use HP/UX so it is in the category of Known to work at some point in the past but possibly not work at present/on all versions of HP/UX. We would of course be happy to accept patches to fix any problems thrown up by HP's cc (as long as they don't break existing working platforms) You also may with to try gcc as it will likely work better than HP's version. I personally don't have experience on TCB so I can't help you there, but if PAM can talk to it, you should be able to do it that way... Cheers Peter On Tue 04 Apr 2006 16:34, Wolfram Greinert wrote: Hello, the FreeRadius Wiki say HP/UX is a supported platform :-) I try to compile freeradius 1.1.1 on HP-UX 11i with HP's cc but I have no success :-( My question: have anybody successful compiled freeradius 1.1.1 on HP-UX 11i with the HP compiler and can I use HP's TCB for user authentification with freeradius I use configure with this options: ./configure --prefix=/opt/freeradius-1.1.1 --localstatedir=/var/freeradius \ --with-logdir=/pm/freeradius --with-threads=no --with-snmp=no \ --with-openssl-includes=/opt/openssl/include \ --with-openssl-libraries=/opt/openssl/lib 21 | tee config.prot and see e.g. this errors: cc -Ae +O3 -s -DNDEBUG -I/cdwriteau/freeradius-1.1.1/src/include -c rlm_unix.c +Z -DPIC -o .libs/rlm_unix.lo cc: compat.h, line 66: error 1000: Unexpected symbol: shadow_pwd_t. cc: compat.h, line 66: error 1584: Inconsistent type declaration: fgetspent. cc: compat.h, line 67: warning 604: Pointers are not assignment-compatible. gmake[6]: *** [rlm_unix.lo] Error 1 gmake[6]: Leaving directory `/cdwriteau/freeradius-1.1.1/src/modules/rlm_unix' gmake[5]: *** [common] Error 2 Greetings Wolfram Greinert -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgp6NMGv0KKrc.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: conflicts/duplicates need
This must be right, or on the right track because I have 2 radius servers with identical configuration and both share the same database. Both servers experience this outage at the same time... Thanks Duane Cox - Original Message - From: Alan DeKok [EMAIL PROTECTED] To: Duane Cox [EMAIL PROTECTED]; FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Monday, April 03, 2006 3:33 PM Subject: Re: conflicts/duplicates need Duane Cox [EMAIL PROTECTED] wrote: But I've noticed that I get a period every few hours when freeradius doesn't authenticate. I'm not sure what the problem is, but here is the log as captured in /var/log/radiusd Any idea what could be causing this? Usually it's because your database is slow or not responding. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: post-auth question, prevent exec if attribute == foo
change NAS-IP-Address before relayingDoes anyone have any insight to this? - Original Message - From: Duane Cox To: FreeRadius users mailing list Sent: Monday, April 03, 2006 4:44 PM Subject: post-auth question, prevent exec if attribute == foo Hello List: I'm using the post-auth section in radiusd.conf along with the Post-Auth-Type REJECT (thanks alan) to log auth replies to my sql server. My question is... Is there a way within the radiusd.conf file to say, if nasipaddress = x.x.x.x then don't process the sql module in post-auth I would like to prevent certain auth replies from being logged, like our monitoring software for example. Thanks Duane Cox - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: conflicts/duplicates need
Well I believe Alan is correct, that it must be related to the database because I have 2 radius servers both sharing the same database, and they both experience this outage at the exact same time. It lasts for about 45 seconds every several hours. I'm using unixODBC and MSSQL database, the database server is running on a dual proc system and 2 gigs of ram. During some of these outages (early morning) no one is using the database, only freeradius. I think I am going to have to check the performance monitors on the MSSQL server to see if there are any spikes or hangs during this time. (I don't think my problem is freeradius, freeradius is just suffering from the condition) But I've noticed that I get a period every few hours when freeradius doesn't authenticate. I'm not sure what the problem is, but here is the log as captured in /var/log/radiusd Any idea what could be causing this? Hi Duane Good to see you using FreeRADIUS :-) Probably you have a cron script of some kind running a report or vacuum on your database and it is not responding to RADIUS. Are you using the database for something else as well? -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RedHat Security updates for FR
Alex M wrote: Do you know bugs that this update fixes applies to any installs o n redhat or only to RPMs? Not sure what you mean. If you installed FR via RPM, this would update it. If you installed it from source (not the source rpm), then you will most likely screw up your FR install by overlaying the rpm version. Pick one method and stick with it or completely remove one before trying the other... See: http://www.freeradius.org/security.html for questions regarding security related bug fixes and FR. The notice from RedHat says that they backported a couple security fixes to the 1.0.1 version (although their descriptions of the bugs don't match the ones on the FR site as closely as I'd like...) -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: L2tp and fixed Framed IP Address for ADSL customers
Hello All Just to let you know that i finally find the solution to setup a fixed IP into an l2tp tunnel for my DSL subscribers I needed to tell Radius to send the fixed Framed IP address in the access-req packet by adding the following to my cisco config: radius-server attribute 8 include-in-access-req Hope this will help someone who will face the same problem -- |-Adil Bikarbass |-IT Manager, MTDS |-tel +212.3.767.4861 |-fax +212.3.767.4863 |-gsm +212.6.139. 4541 |-14, rue 16 novembre |-Rabat, Kingdom of Morocco -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guy Fraser Sent: mardi 28 mars 2006 20:10 To: freeradius-users@lists.freeradius.org Subject: Re: L2tp and fixed Framed IP Address for ADSL customers On Tue, 2006-28-03 at 12:05 -0500, Alan DeKok wrote: Adil Bikarbass [EMAIL PROTECTED] wrote: My radius is listening on 1645 for auth and 1646 for acct, I can see the auth request coming into my radius box but the IP address is never got from the Framed-IP reply item but assigned from the Cisco pool Any clue about what could be the problem? The NAS. Fight with it some more. I don't think there's anything you can do to FreeRADIUS to fix it. Is the IP address in a valid range configured on the NAS? A Cisco will not assign an IP address that it is not configured to handle. It seems to me we used eigrp to handle the static ip address networks for our NAS servers. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
module programming
Hi, i would like to develop an authentication method based on EAP... I've look around a bit but didn't find much documentation, is there something I'm missing ? I've also looked in the /doc directory ( coding-methods.txt, module_interface ... ) thank you, kky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error on compile with eap_peap_tls
Franck wrote: here it is: http://acmdb.free.fr/freeradius and I'm using mandriva 2006 (updated) Remarque: I was just able to compile the version 1.1.1, but I haven't any idea why it works now, but the snapshot doesn't compile! There is indeed a typo in rlm_eap_tls.c. Do a cvs update or download a new snapshot tomorrow. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
L2tp and fixed Framed IP Address for ADSL customers
Hello All Just to let you know that i finally find the solution to setup a fixed IP into an l2tp tunnel for my DSL subscribers I needed to tell Radius to send the fixed Framed IP address in the access-req packet by adding the following to my cisco config: radius-server attribute 8 include-in-access-req Hope this will help someone who will face the same problem -- |-Adil Bikarbass |-IT Manager, MTDS |-tel +212.3.767.4861 |-fax +212.3.767.4863 |-gsm +212.6.139. 4541 |-14, rue 16 novembre |-Rabat, Kingdom of Morocco -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guy Fraser Sent: mardi 28 mars 2006 20:10 To: freeradius-users@lists.freeradius.org Subject: Re: L2tp and fixed Framed IP Address for ADSL customers On Tue, 2006-28-03 at 12:05 -0500, Alan DeKok wrote: Adil Bikarbass [EMAIL PROTECTED] wrote: My radius is listening on 1645 for auth and 1646 for acct, I can see the auth request coming into my radius box but the IP address is never got from the Framed-IP reply item but assigned from the Cisco pool Any clue about what could be the problem? The NAS. Fight with it some more. I don't think there's anything you can do to FreeRADIUS to fix it. Is the IP address in a valid range configured on the NAS? A Cisco will not assign an IP address that it is not configured to handle. It seems to me we used eigrp to handle the static ip address networks for our NAS servers. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RedHat Security updates for FR
Dennis Skinner [EMAIL PROTECTED] wrote: for questions regarding security related bug fixes and FR. The notice from RedHat says that they backported a couple security fixes to the 1.0.1 version (although their descriptions of the bugs don't match the ones on the FR site as closely as I'd like...) Their description is incorrect. It's not the MS-CHAPv2 protool, it's EAP-MS-CHAPv2, which is substantially different. I also don't think it's pissible to execute arbitrary code, but the CVE listing they reference says that. This highlights the problem with having multiple grouips reporting on the same error. Few of them talk to the developers, so they end up playing a game of telephone among themselves, and get a lot of things wrong. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Redundant ldap's bug?
Paulo Cabrita [EMAIL PROTECTED] wrote: I have freeradius 1.1.0 working and I want to have a redundant/load balancing mecanism but when I use TLS to secure the communication with the ldaps, FR only works with one server (eg: ldapmaster). The log says that it cannot contact the other server (eg: ldapslave). But if I use one ldap in clear-text communication, it works perfectly, that is I have redundant load balancing with one LDAP/TLS and another LDAP/clear. Of course it's not what I want. :-) I don't see why using TLS or not would make any difference to the load balancing. Could you post the errors? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: use of reply-items in acct_users file??
DilipSimha.N.M [EMAIL PROTECTED] wrote: what is the use of reply-items attributes in acct_users file??? where and how can they be used? mainly for setting things like Exec-Program. also what is the way to avoid logging some (not all) accounting users (in radacct directory)?? Basically i don't want to log the accouting packets of some specified users. Use Acct-Type, and set it to to a module that doesn't do logging. See rlm_always. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Couldn't stop freeradius server!!
--- monish ar [EMAIL PROTECTED] wrote: Instead of using the command to stop the radius daemon, herez another simple way. At the console type ps -ax | grep radiusd , this will give u the list of radius servers currently along with its process IDs. The next thing u do is type kill pid# , PID# refers to the process id number of ur currently running radius daemon. Hope it helps... Dunno bout the NAS list though... Hi Monish, Thank you for the idea! I checked, and found the process. but on this debian system, the process is actually named freeradius, instead of the traditional radiusd.:( So there are indeed some changes on how the freeradius is run on debian. Do you have more idea about it? Can anyone tell me more on how the debian is running the freeradius and how I can stop the server from command line in debian system? (pls see problem detail below) Thanks a lot!! leo On 4/4/06, lmyho [EMAIL PROTECTED] wrote: Hi All, Installed freeradius 1.1.0-1 on debian system (2.6.15-1-686). The radius server started automatically well each time when the system booting. But I wanted to stop it to do some testing using my modified configuration files. I tried to stop the server using command: 'freeradius stop' ('radiusd' doesn't work on this debian - anyone knows why??) But so werid, no matter what command I gave, with parameter stop|start|restart, the server ALWAYS goes to START again!! even from the /etc/init.d/freeradius I can read that the 'stop' param should stop the server! Can anyone tell me why the command couldn't stop the server?? and how should I stop it?? The log file shows entries like this for each of my trying, even the command given was to stop: Tue Apr 4 01:14:13 2006 : Info: Using deprecated naslist file. Support for this will go away soon. Tue Apr 4 01:14:13 2006 : Error: There appears to be another RADIUS server running on the authenticat What is happenning here? (I couldn't top the running deamon, so is the 2nd line above) Also, from the log file I noticed: even when the system automatically started the freeradius server deamon, it was Using deprecated naslist file. Log entries show like this: Fri Mar 31 13:51:54 2006 : Info: Using deprecated naslist file. Support for this will go away soon. Fri Mar 31 13:51:54 2006 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Fri Mar 31 13:51:55 2006 : Info: Ready to process requests. Can anyone tell me what is happenning here?? Why it's using the deprecating naslist file? The installed radiusd.conf file doesn't show the server will use the naslist file at all! from where I can stop the server to use this deprecating file? Also what does the 2nd line of the above log entries mean? Any help would be greatly appreciated! Thank you so much for help in advance!! Best regrads, leo __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Couldn't stop freeradius server!!
Try killall radiusd or killall freeradius. I have debian and that commands are allwright. - Original Message - From: lmyho [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Tuesday, April 04, 2006 6:19 PM Subject: Re: Couldn't stop freeradius server!! --- monish ar [EMAIL PROTECTED] wrote: Instead of using the command to stop the radius daemon, herez another simple way. At the console type ps -ax | grep radiusd , this will give u the list of radius servers currently along with its process IDs. The next thing u do is type kill pid# , PID# refers to the process id number of ur currently running radius daemon. Hope it helps... Dunno bout the NAS list though... Hi Monish, Thank you for the idea! I checked, and found the process. but on this debian system, the process is actually named freeradius, instead of the traditional radiusd.:( So there are indeed some changes on how the freeradius is run on debian. Do you have more idea about it? Can anyone tell me more on how the debian is running the freeradius and how I can stop the server from command line in debian system? (pls see problem detail below) Thanks a lot!! leo On 4/4/06, lmyho [EMAIL PROTECTED] wrote: Hi All, Installed freeradius 1.1.0-1 on debian system (2.6.15-1-686). The radius server started automatically well each time when the system booting. But I wanted to stop it to do some testing using my modified configuration files. I tried to stop the server using command: 'freeradius stop' ('radiusd' doesn't work on this debian - anyone knows why??) But so werid, no matter what command I gave, with parameter stop|start|restart, the server ALWAYS goes to START again!! even from the /etc/init.d/freeradius I can read that the 'stop' param should stop the server! Can anyone tell me why the command couldn't stop the server?? and how should I stop it?? The log file shows entries like this for each of my trying, even the command given was to stop: Tue Apr 4 01:14:13 2006 : Info: Using deprecated naslist file. Support for this will go away soon. Tue Apr 4 01:14:13 2006 : Error: There appears to be another RADIUS server running on the authenticat What is happenning here? (I couldn't top the running deamon, so is the 2nd line above) Also, from the log file I noticed: even when the system automatically started the freeradius server deamon, it was Using deprecated naslist file. Log entries show like this: Fri Mar 31 13:51:54 2006 : Info: Using deprecated naslist file. Support for this will go away soon. Fri Mar 31 13:51:54 2006 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Fri Mar 31 13:51:55 2006 : Info: Ready to process requests. Can anyone tell me what is happenning here?? Why it's using the deprecating naslist file? The installed radiusd.conf file doesn't show the server will use the naslist file at all! from where I can stop the server to use this deprecating file? Also what does the 2nd line of the above log entries mean? Any help would be greatly appreciated! Thank you so much for help in advance!! Best regrads, leo __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Couldn't stop freeradius server!!
I had the same problem on RedHat (well name was the way it supposed to be) it was caused by some conflict between fr and something with os... still investigating the problem, but in my case kill and reboot, halt command where blocked I think that was cased because SSH connection was lost during execution of the command. -Original Message- From: [EMAIL PROTECTED] .org [mailto:[EMAIL PROTECTED] eeradius.org] On Behalf Of debik Sent: Wednesday, April 05, 2006 2:26 PM To: FreeRadius users mailing list Subject: Re: Couldn't stop freeradius server!! Try killall radiusd or killall freeradius. I have debian and that commands are allwright. - Original Message - From: lmyho [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Tuesday, April 04, 2006 6:19 PM Subject: Re: Couldn't stop freeradius server!! --- monish ar [EMAIL PROTECTED] wrote: Instead of using the command to stop the radius daemon, herez another simple way. At the console type ps -ax | grep radiusd , this will give u the list of radius servers currently along with its process IDs. The next thing u do is type kill pid# , PID# refers to the process id number of ur currently running radius daemon. Hope it helps... Dunno bout the NAS list though... Hi Monish, Thank you for the idea! I checked, and found the process. but on this debian system, the process is actually named freeradius, instead of the traditional radiusd.:( So there are indeed some changes on how the freeradius is run on debian. Do you have more idea about it? Can anyone tell me more on how the debian is running the freeradius and how I can stop the server from command line in debian system? (pls see problem detail below) Thanks a lot!! leo On 4/4/06, lmyho [EMAIL PROTECTED] wrote: Hi All, Installed freeradius 1.1.0-1 on debian system (2.6.15-1-686). The radius server started automatically well each time when the system booting. But I wanted to stop it to do some testing using my modified configuration files. I tried to stop the server using command: 'freeradius stop' ('radiusd' doesn't work on this debian - anyone knows why??) But so werid, no matter what command I gave, with parameter stop|start|restart, the server ALWAYS goes to START again!! even from the /etc/init.d/freeradius I can read that the 'stop' param should stop the server! Can anyone tell me why the command couldn't stop the server?? and how should I stop it?? The log file shows entries like this for each of my trying, even the command given was to stop: Tue Apr 4 01:14:13 2006 : Info: Using deprecated naslist file. Support for this will go away soon. Tue Apr 4 01:14:13 2006 : Error: There appears to be another RADIUS server running on the authenticat What is happenning here? (I couldn't top the running deamon, so is the 2nd line above) Also, from the log file I noticed: even when the system automatically started the freeradius server deamon, it was Using deprecated naslist file. Log entries show like this: Fri Mar 31 13:51:54 2006 : Info: Using deprecated naslist file. Support for this will go away soon. Fri Mar 31 13:51:54 2006 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Fri Mar 31 13:51:55 2006 : Info: Ready to process requests. Can anyone tell me what is happenning here?? Why it's using the deprecating naslist file? The installed radiusd.conf file doesn't show the server will use the naslist file at all! from where I can stop the server to use this deprecating file? Also what does the 2nd line of the above log entries mean? Any help would be greatly appreciated! Thank you so much for help in advance!! Best regrads, leo __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_ldap authentication
hi ppl, i'm havin trouble authenticating radius with rlm_ldap module. Could anyone of u mail me the sample configuration files in case ur workin radius for LDAP authenticationthink i'm goin wrong in my config settings but dunno where, i just need a working reference for the configuration if anyone of u wud be so grateful... thanks in advance - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Worked!- RE: Couldn't stop freeradius server!!
Hi Alex, The command '/etc/init.d/freeradius stop' worked! but 'freeradius stop' won't! Maybe you can try this too? Regards, leo :) --- Alex M [EMAIL PROTECTED] wrote: I had the same problem on RedHat (well name was the way it supposed to be) it was caused by some conflict between fr and something with os... still investigating the problem, but in my case kill and reboot, halt command where blocked I think that was cased because SSH connection was lost during execution of the command. -Original Message- From: [EMAIL PROTECTED] .org [mailto:[EMAIL PROTECTED] eeradius.org] On Behalf Of debik Sent: Wednesday, April 05, 2006 2:26 PM To: FreeRadius users mailing list Subject: Re: Couldn't stop freeradius server!! Try killall radiusd or killall freeradius. I have debian and that commands are allwright. - Original Message - From: lmyho [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Tuesday, April 04, 2006 6:19 PM Subject: Re: Couldn't stop freeradius server!! --- monish ar [EMAIL PROTECTED] wrote: Instead of using the command to stop the radius daemon, herez another simple way. At the console type ps -ax | grep radiusd , this will give u the list of radius servers currently along with its process IDs. The next thing u do is type kill pid# , PID# refers to the process id number of ur currently running radius daemon. Hope it helps... Dunno bout the NAS list though... Hi Monish, Thank you for the idea! I checked, and found the process. but on this debian system, the process is actually named freeradius, instead of the traditional radiusd.:( So there are indeed some changes on how the freeradius is run on debian. Do you have more idea about it? Can anyone tell me more on how the debian is running the freeradius and how I can stop the server from command line in debian system? (pls see problem detail below) Thanks a lot!! leo On 4/4/06, lmyho [EMAIL PROTECTED] wrote: Hi All, Installed freeradius 1.1.0-1 on debian system (2.6.15-1-686). The radius server started automatically well each time when the system booting. But I wanted to stop it to do some testing using my modified configuration files. I tried to stop the server using command: 'freeradius stop' ('radiusd' doesn't work on this debian - anyone knows why??) But so werid, no matter what command I gave, with parameter stop|start|restart, the server ALWAYS goes to START again!! even from the /etc/init.d/freeradius I can read that the 'stop' param should stop the server! Can anyone tell me why the command couldn't stop the server?? and how should I stop it?? The log file shows entries like this for each of my trying, even the command given was to stop: Tue Apr 4 01:14:13 2006 : Info: Using deprecated naslist file. Support for this will go away soon. Tue Apr 4 01:14:13 2006 : Error: There appears to be another RADIUS server running on the authenticat What is happenning here? (I couldn't top the running deamon, so is the 2nd line above) Also, from the log file I noticed: even when the system automatically started the freeradius server deamon, it was Using deprecated naslist file. Log entries show like this: Fri Mar 31 13:51:54 2006 : Info: Using deprecated naslist file. Support for this will go away soon. Fri Mar 31 13:51:54 2006 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Fri Mar 31 13:51:55 2006 : Info: Ready to process requests. Can anyone tell me what is happenning here?? Why it's using the deprecating naslist file? The installed radiusd.conf file doesn't show the server will use the naslist file at all! from where I can stop the server to use this deprecating file? Also what does the 2nd line of the above log entries mean? Any help would be greatly appreciated! Thank you so much for help in advance!! Best regrads, leo __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Worked!- Re: Couldn't stop freeradius server!!
Thank you Debik! Command 'etc/init.d/freeradius stop' worked! but 'freeradius stop' won't. Found the problem anyway. Thanks! Regards, leo --- debik [EMAIL PROTECTED] wrote: Try killall radiusd or killall freeradius. I have debian and that commands are allwright. - Original Message - From: lmyho [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Tuesday, April 04, 2006 6:19 PM Subject: Re: Couldn't stop freeradius server!! --- monish ar [EMAIL PROTECTED] wrote: Instead of using the command to stop the radius daemon, herez another simple way. At the console type ps -ax | grep radiusd , this will give u the list of radius servers currently along with its process IDs. The next thing u do is type kill pid# , PID# refers to the process id number of ur currently running radius daemon. Hope it helps... Dunno bout the NAS list though... Hi Monish, Thank you for the idea! I checked, and found the process. but on this debian system, the process is actually named freeradius, instead of the traditional radiusd.:( So there are indeed some changes on how the freeradius is run on debian. Do you have more idea about it? Can anyone tell me more on how the debian is running the freeradius and how I can stop the server from command line in debian system? (pls see problem detail below) Thanks a lot!! leo On 4/4/06, lmyho [EMAIL PROTECTED] wrote: Hi All, Installed freeradius 1.1.0-1 on debian system (2.6.15-1-686). The radius server started automatically well each time when the system booting. But I wanted to stop it to do some testing using my modified configuration files. I tried to stop the server using command: 'freeradius stop' ('radiusd' doesn't work on this debian - anyone knows why??) But so werid, no matter what command I gave, with parameter stop|start|restart, the server ALWAYS goes to START again!! even from the /etc/init.d/freeradius I can read that the 'stop' param should stop the server! Can anyone tell me why the command couldn't stop the server?? and how should I stop it?? The log file shows entries like this for each of my trying, even the command given was to stop: Tue Apr 4 01:14:13 2006 : Info: Using deprecated naslist file. Support for this will go away soon. Tue Apr 4 01:14:13 2006 : Error: There appears to be another RADIUS server running on the authenticat What is happenning here? (I couldn't top the running deamon, so is the 2nd line above) Also, from the log file I noticed: even when the system automatically started the freeradius server deamon, it was Using deprecated naslist file. Log entries show like this: Fri Mar 31 13:51:54 2006 : Info: Using deprecated naslist file. Support for this will go away soon. Fri Mar 31 13:51:54 2006 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Fri Mar 31 13:51:55 2006 : Info: Ready to process requests. Can anyone tell me what is happenning here?? Why it's using the deprecating naslist file? The installed radiusd.conf file doesn't show the server will use the naslist file at all! from where I can stop the server to use this deprecating file? Also what does the 2nd line of the above log entries mean? Any help would be greatly appreciated! Thank you so much for help in advance!! Best regrads, leo __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Worked!- RE: Couldn't stop freeradius server!!
Try linking /etc/init.d/freeradius to your /sbin ;) Regards, Edvin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of lmyho Sent: Dienstag, 04. April 2006 21:04 To: 'FreeRadius users mailing list' Subject: Worked!- RE: Couldn't stop freeradius server!! Hi Alex, The command '/etc/init.d/freeradius stop' worked! but 'freeradius stop' won't! Maybe you can try this too? Regards, leo :) --- Alex M [EMAIL PROTECTED] wrote: I had the same problem on RedHat (well name was the way it supposed to be) it was caused by some conflict between fr and something with os... still investigating the problem, but in my case kill and reboot, halt command where blocked I think that was cased because SSH connection was lost during execution of the command. -Original Message- From: [EMAIL PROTECTED] .org [mailto:[EMAIL PROTECTED] eeradius.org] On Behalf Of debik Sent: Wednesday, April 05, 2006 2:26 PM To: FreeRadius users mailing list Subject: Re: Couldn't stop freeradius server!! Try killall radiusd or killall freeradius. I have debian and that commands are allwright. - Original Message - From: lmyho [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Tuesday, April 04, 2006 6:19 PM Subject: Re: Couldn't stop freeradius server!! --- monish ar [EMAIL PROTECTED] wrote: Instead of using the command to stop the radius daemon, herez another simple way. At the console type ps -ax | grep radiusd , this will give u the list of radius servers currently along with its process IDs. The next thing u do is type kill pid# , PID# refers to the process id number of ur currently running radius daemon. Hope it helps... Dunno bout the NAS list though... Hi Monish, Thank you for the idea! I checked, and found the process. but on this debian system, the process is actually named freeradius, instead of the traditional radiusd.:( So there are indeed some changes on how the freeradius is run on debian. Do you have more idea about it? Can anyone tell me more on how the debian is running the freeradius and how I can stop the server from command line in debian system? (pls see problem detail below) Thanks a lot!! leo On 4/4/06, lmyho [EMAIL PROTECTED] wrote: Hi All, Installed freeradius 1.1.0-1 on debian system (2.6.15-1-686). The radius server started automatically well each time when the system booting. But I wanted to stop it to do some testing using my modified configuration files. I tried to stop the server using command: 'freeradius stop' ('radiusd' doesn't work on this debian - anyone knows why??) But so werid, no matter what command I gave, with parameter stop|start|restart, the server ALWAYS goes to START again!! even from the /etc/init.d/freeradius I can read that the 'stop' param should stop the server! Can anyone tell me why the command couldn't stop the server?? and how should I stop it?? The log file shows entries like this for each of my trying, even the command given was to stop: Tue Apr 4 01:14:13 2006 : Info: Using deprecated naslist file. Support for this will go away soon. Tue Apr 4 01:14:13 2006 : Error: There appears to be another RADIUS server running on the authenticat What is happenning here? (I couldn't top the running deamon, so is the 2nd line above) Also, from the log file I noticed: even when the system automatically started the freeradius server deamon, it was Using deprecated naslist file. Log entries show like this: Fri Mar 31 13:51:54 2006 : Info: Using deprecated naslist file. Support for this will go away soon. Fri Mar 31 13:51:54 2006 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Fri Mar 31 13:51:55 2006 : Info: Ready to process requests. Can anyone tell me what is happenning here?? Why it's using the deprecating naslist file? The installed radiusd.conf file doesn't show the server will use the naslist file at all! from where I can stop the server to use this deprecating file? Also what does the 2nd line of the above log entries mean? Any help would be greatly appreciated! Thank you so much for help in advance!! Best regrads, leo __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection
Freeradius won't authorize off redundant sql
Freeradius running using redunant sql scenario. If first sql is not available it falls to secondary.. When FR Start is links correctly to both databases. When the primary stops.. It won't respond at all. Below is the radiusd -X output. Original request is with both primary and secondary sql servers available. Then I shut the primary off. and it just sits their.. Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/sql.conf Config: including file: /etc/raddb/sql2.conf main: prefix = /usr main: localstatedir = /var main: logdir = /var/log/radius main: libdir = /usr/lib main: radacctdir = /var/log/radius/radacct main: hostname_lookups = yes main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = yes main: log_file = /var/log/radius/radius.log main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = /var/run/radiusd/radiusd.pid main: user = radiusd main: group = radiusd main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/sbin/checkrad main: proxy_requests = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = (null) mschap: authtype = MS-CHAP mschap: ntlm_auth = (null) Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = (null) unix: shadow = /etc/shadow unix: group = (null) unix: radwtmp = /var/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = md5 eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = /etc/raddb/huntgroups preprocess: hints = /etc/raddb/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = suffix realm: delimiter = @ realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded SQL sql: driver = rlm_sql_mysql sql: server = server1 sql: port = sql: login = radius2 sql: password = password sql: radius_db = radius sql: acct_table = radacct sql: acct_table2 = radacct sql: authcheck_table = radcheck sql: authreply_table = radreply sql: groupcheck_table = radgroupcheck sql: groupreply_table = radgroupreply sql: usergroup_table = usergroup sql: nas_table = nas sql: dict_table = dictionary sql: sqltrace = yes sql: sqltracefile = /var/log/radius/sqltrace.sql sql: readclients = no sql: deletestalesessions = yes sql: num_sql_socks = 5 sql: sql_user_name = %{User-Name} sql: default_user_profile = sql: query_on_not_found = no sql: authorize_check_query = SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id sql: authorize_reply_query = SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id sql: authorize_group_check_query = SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id sql: authorize_group_reply_query = SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id sql: accounting_onoff_query = UPDATE radacct SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = %{Acct-Delay-Time} WHERE
rlm_ldap: object not found
Hi, thanks to those who answered me for my previous post. It turned out to be a certificate problem. Now, freeradius binds to LDAP on Netware, but does not find any object: rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in o=college, with filter (uid=delislma) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed Thanks, Marc Delisle - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius won't authorize off redundant sql
Cris Boisvert [EMAIL PROTECTED] wrote: Freeradius running using redunant sql scenario. If first sql is not available it falls to secondary.. When FR Start is links correctly to both databases. When the primary stops.. It won't respond at all. Below is the radiusd -X output. ... rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '[EMAIL PROTECTED]' ORDER BY id See: http://dev.mysql.com/doc/refman/5.0/en/mysql-options.html It has a read timeout, but it doesn't work on Linux. The problem is that the MySQL client is waiting forever for the primary to comne back. Until they implement the read timeout on Linux, there's little that can be done on the FreeRADIUS side to fix it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
conditional post-auth ???
Is there a way to have a conditional if statement in the post-auth process? For instance, I don't want to log to sql (postauth_query) if the nas-ip-address == foobar Is this possible? TIA Duane Cox - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to make FR reset the logs
hiIs it possible to make FR remove all monthly accounting logs from the database mysql? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to make FR reset the logs
Mordor Networks [EMAIL PROTECTED] wrote: Is it possible to make FR remove all monthly accounting logs from the database mysql? No. That's what external cron jobs are for. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Why is the post-auth process result returned by jRadius Module over-written by freeradius?
Hi all, I am struggling with this issue right now. I have installed a JRadius module on FreeRadius 1.1.0 , and made FreeRadius to call the Jradius module in post-auth section. The Jradius handler is supposed to replace the access-accept packet obtained from prior authentication with a access-challenge packet. My logs show that rlm_jradius has correctly return FreeRadius an Access-challenge module, with code 11. However, Freeradius still returns an Access-accept to the client (which is an radtest program). Does anyone know what is the possible reason? Or maybe someone can enlighten me as which part of the freeradius code is actually handling this portion, so I can take a look? following is the debug output of freeradius: (the dashed line and below are of the primary concern) Thank you very much? rad_recv: Access-Request packet from host 127.0.0.1:4820, id=197, length=64 User-Name = hellouser123 User-Password = [EMAIL PROTECTED] NAS-IP-Address = 255.255.255.255 NAS-Port = 0 Wed Apr 5 11:51:50 2006 : Debug: Processing the authorize section of radiusd.conf Wed Apr 5 11:51:50 2006 : Debug: modcall: entering group authorize for request 0 Wed Apr 5 11:51:50 2006 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Wed Apr 5 11:51:50 2006 : Error: Invalid operator for item Suffix: reverting to '==' Wed Apr 5 11:51:50 2006 : Error: Invalid operator for item Suffix: reverting to '==' Wed Apr 5 11:51:50 2006 : Error: Invalid operator for item Suffix: reverting to '==' Wed Apr 5 11:51:50 2006 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Wed Apr 5 11:51:50 2006 : Debug: modcall[authorize]: module preprocess returns ok for request 0 Wed Apr 5 11:51:50 2006 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 0 Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: - authorize Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: performing user authorization for hellouser123 Wed Apr 5 11:51:50 2006 : Debug: radius_xlat: '((cn=hellouser123)(objectclass=user))' Wed Apr 5 11:51:50 2006 : Debug: radius_xlat: 'cn=Users,dc=hellotechnology,dc=com' Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: attempting LDAP reconnection Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: (re)connect to 10.26.1.202:389, authentication 0 Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: bind as cn=krazy,cn=Users,dc=hellotechnology,dc=com/welcome123 to 10.26.1.202:389 Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: waiting for bind result ... Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: Bind was successful Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: performing search in cn=Users,dc=hellotechnology,dc=com, with filter ((cn=hellouser123)(objectclass=user)) Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: checking if remote access for hellouser123 is allowed by msNPAllowDialin Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: looking for check items in directory ... Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: looking for reply items in directory... Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: user hellouser123 authorized to use remote access Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Wed Apr 5 11:51:50 2006 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 0 Wed Apr 5 11:51:50 2006 : Debug: modcall[authorize]: module ldap returns ok for request 0 Wed Apr 5 11:51:50 2006 : Debug: modcall: leaving group authorize (returns ok) for request 0 Wed Apr 5 11:51:50 2006 : Debug: rad_check_password: Found Auth-Type ldap Wed Apr 5 11:51:50 2006 : Debug: auth: type LDAP Wed Apr 5 11:51:50 2006 : Debug: Processing the authenticate section of radiusd.conf Wed Apr 5 11:51:50 2006 : Debug: modcall: entering group LDAP for request 0 Wed Apr 5 11:51:50 2006 : Debug: modsingle[authenticate]: calling ldap (rlm_ldap) for request 0 Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: - authenticate Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: login attempt by hellouser123 with password [EMAIL PROTECTED] Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: user DN: CN=hellouser123,CN=Users,DC=HelloTechnology,DC=com Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: (re)connect to 10.26.1.202:389, authentication 1 Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: bind as CN=hellouser123,CN=Users,DC=HelloTechnology,DC=com/[EMAIL PROTECTED] to 10.26.1.202:389 Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: waiting for bind result ... Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: Bind was successful Wed Apr 5 11:51:50 2006 : Debug: rlm_ldap: user hellouser123 authenticated succesfully Wed Apr 5 11:51:50 2006 : Debug: modsingle[authenticate]: returned from ldap (rlm_ldap) for request 0 Wed Apr 5 11:51:50 2006 : Debug: modcall[authenticate]: module ldap returns ok for request 0 Wed Apr 5 11:51:50
Re: rlm_ldap: object not found
Hey Mark, I've got the same problem as yours and i've been restlessly trying to fix it. Its been 2 days now and i still cant figure what to do.It seems that rlm_ldap is not able to authenticate to the user credentials that you've specified, is that right? Even I get the successful bind but not authentication. If ya come across a solution, please lemme know... thanks in advance :) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ldap: object not found
HI, Change the filter configuration in ldap section of radiusd.conf to the following: filter = (cn=%{Stripped-User-Name:-%{User-Name}}) -Sayantan On Wed, Apr 5, 2006 at 1:53 am, in message [EMAIL PROTECTED], Marc Delisle [EMAIL PROTECTED] wrote: Hi, thanks to those who answered me for my previous post. It turned out to be a certificate problem. Now, freeradius binds to LDAP on Netware, but does not find any object: rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in o=college, with filter (uid=delislma) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed Thanks, Marc Delisle - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html