ip pool and gprs
Currently Im using a ip_pool as radius server at my CPD, for a cisco serving as private GPRS APN (property of telecom italia mobile); this setup is intended to get some kind of grps vpn. The problem is that a get always the same 2 ips (but theres a lot more, in fact, actually Im using the example main_pool of radius.conf), I presume the error is on the cisco side that is not serving the connection end, so fradius always thinks the ips are free. Now, I wonder if theres some way to always increment the next pool ip to server, instead of serve the first free ip. Greetings - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Hi
:)) ** ** WARNING: Panda Antivirus GateDefender has detected a virus in file attached to this e-mail message! The attachment has been automatically removed to protect your network. Panda Antivirus GateDefender Administrator: [EMAIL PROTECTED] 10/29/04 10:11:02 Panda Antivirus GateDefender (Version 5.1 R1f (5.0.64.12)) - http://www.pandasoftware.com/ Antivirus Vendor: Panda Software Scan Engine Version: 4.1.4.307 Pattern File Version: 3.85870 (Timestamp: 29/10/2004 094851) Machine name: PandaAppliance Machine IP address: 172.16.1.1 Server: 62.216.30.26 Client: 172.16.32.21 Protocol: SMTP Virus: "W32/Bagle.BC.worm" found! Attachment: price.scr ** **
RE: Eumulate authentication by java
Use jradiusclient Galbayar Dorjgotov Senior Software Engineer Mobile Business Development Department MobiCom Corp http://www.mobicom.mn From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MaFai Sent: 2004 оны 10 дугаар сарын 29 14:16 To: freeradius-users Subject: Eumulate authentication by java Dear freeradius-users: Can we use the java program to emulate the authentication? We want to write some code to post request to the radius server, and make an authentication with this way? does it possible? Any java api? or other language API? Best regards. MaFai [EMAIL PROTECTED] 2004-10-29 34955929 <>
alcatel omniswitch 6600 and 802.1x
hello, I'm trying to set up a configuration with an Alcatel Omniswitch 6600-24 and Freeradius 1.0.1. 802.1x client is either native XP or open1x (EAP-MD5). Communication seem to go between the switch and Freeradius but authentication fails. Did someone succeded with the same kind of configuration: Omniswitch 66xx or 77xx or 88xx ? Here are the logs from "radiudsd -X": Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /opt/etc/raddb/proxy.conf Config: including file: /opt/etc/raddb/clients.conf Config: including file: /opt/etc/raddb/snmp.conf Config: including file: /opt/etc/raddb/eap.conf Config: including file: /opt/etc/raddb/sql.conf main: prefix = "/opt" main: localstatedir = "/opt/var" main: logdir = "/opt/var/log/radius" main: libdir = "/opt/lib" main: radacctdir = "/opt/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/opt/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/opt/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/opt/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /opt/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/opt/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "md5" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/opt/etc/raddb/huntgroups" preprocess: hints = "/opt/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/opt/etc/raddb/users" files: acctusersfile = "/opt/etc/raddb/acct_users" files: preproxy_usersfile = "/opt/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Addre ss, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/opt/var/log/radius/radacct/%{Client-IP-Address}/detail-% Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/opt/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on ac
radrelay segmentation failt
hi. When running radrelay on 162Mb accounting file it dies with segmentation fault. There is quite enough disk space on the working partition: /dev/dsk/c1t0d0s713842586 9457567 424659470%/export/home freeradius is of version 1.0.1. gdb output is below: # gdb /opt/fr/bin/radrelay GNU gdb 6.0 Copyright 2003 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "sparc-sun-solaris2.8"... (gdb) set args -x -a . -n localhost 10.01 (gdb) run Starting program: /opt/fr/bin/radrelay -x -a . -n localhost 10.01 [New LWP 1] [New LWP 2] [New LWP 3] [New LWP 4] [New LWP 5] Program received signal SIGSEGV, Segmentation fault. 0x00013698 in read_one (fp=0x3a418, r_req=0x39d44) at radrelay.c:287 287 if (userparse(buf, &vp) > 0 && (gdb) bt #0 0x00013698 in read_one (fp=0x3a418, r_req=0x39d44) at radrelay.c:287 #1 0x00013e40 in loop (r_args=0xffbef658) at radrelay.c:605 #2 0x00014b08 in main (argc=-4262312, argv=0x13470) at radrelay.c:1003 The machine is SunOS abs-test 5.8 Generic_108528-29 sun4u sparc SUNW,Sun-Fire-V240 The same result is on SunOS mcc-aaa2 5.8 Generic_108528-27 sun4u sparc SUNW,Ultra-60 What can be wrong? -- Sincerely Yours, Alexander Serkin, Skylink, Moscow, ph. +7(095)7952089 fa. +7(095)7952084 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Advice needed (Acct-Session-Id vs. User-Name)
Hello, For accounting_stop packet it's better to use Acct-Session-Time because for a call that the same user do you can use this to seperate the calls. In this way you can handle a lot of calls that one user do. All this if you want to know about the calls one by one. Kyriaki Gali, IT Applications Specialist Kinetix Tele.com Support Center, Tel & Fax: +30 2310 256140 GSM: +30 6947 723737 http://www.kinetix.gr e-mail: [EMAIL PROTECTED] - Original Message - From: "Roman Suzi" <[EMAIL PROTECTED]> To: "Radius Free" <[EMAIL PROTECTED]> Sent: Thursday, October 28, 2004 9:09 AM Subject: Advice needed (Acct-Session-Id vs. User-Name) > > Hi, > > I need an advice. One of my collegues suggested to drop User-Name > for accounting purposes to avoid realm clashes (when CISCO > drops realms in some cases). > > He suggests to store Acct-Session-Id at authorisation and > then restore User-Name at accounting stop event to make accounting. > > He claims it's more accurate than to rely on User-Name. > > As this is completely novel idea, I'd liked to know community opinion. > Thank you! > > Sincerely yours, Roman A.Suzi > -- > - Petrozavodsk - Karelia - Russia - mailto:[EMAIL PROTECTED] - > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Upgrade to 1.0.1 - radiusd wont start
Hello, We have a Fedora Core 2 linux server which unfortunately automatically upgraded, using yum, from freeradius 0.9.3 to 1.0.1 last night. (I did not intend that to happen so that I could check out the changes with 1.0.1 to ensure that it would work okay on our servers.) This morning the server was showing that the freeradius daemon was not running. In our radiusd.conf file in the authorize section we have: mschap { ok = return } It seems that a change in the new version now doesn't like this. Running 'radiusd -X' gives: Module: Instantiated files (files) radiusd.conf[1393] Unknown configuration directive "mschap" in authorize section. If I change this to just 'mschap' then radiusd runs. Is this a bug or was there a reason for what appears to be a syntax change? I'm looking through the mailing list archives but have found nothing about this yet. I'll also try and see if we can get around the problem - just using 'mschap' doesn't work for us, it seems that radiusd then (afer the mschap bit) tries to authenticate (proxy?) against itself (127.0.0.1) so I'm not sure what is going on there. Thanks, John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Can´t install FreeRadius 1.0.1-1 en Fedora Core 2
Title: Mensagem Hi, I´m trying to install freeradius 1.0.1-1 in a Fedora Core 2 box but I´m getting lots os errors in make install command. libtool: install: `rlm_acct_unique.la' is not a valid libtool archiveTry `libtool --help --mode=install' for more information.gmake[6]: Leaving directory `/root/freeradius-snapshot-20041028/src/modules/rlm_acct_unique'Making install in rlm_always...gmake[6]: Entering directory `/root/freeradius-snapshot-20041028/src/modules/rlm_always'if [ "xrlm_always" != "x" ]; then \ /root/freeradius-snapshot-20041028/libtool --mode=install /root/freeradius-snapshot-20041028/install-sh -c -c \ rlm_always.la /usr/local/lib/rlm_always.la; \ rm -f /usr/local/lib/rlm_always-1.1.0-pre0.la; \ ln -s rlm_always.la /usr/local/lib/rlm_always-1.1.0-pre0.la; \filibtool: install: `rlm_always.la' is not a valid libtool archiveTry `libtool --help --mode=install' for more information.gmake[6]: Leaving directory `/root/freeradius-snapshot-20041028/src/modules/rlm_always'Making install in rlm_attr_filter...gmake[6]: Entering directory `/root/freeradius-snapshot-20041028/src/modules/rlm_attr_filter'if [ "xrlm_attr_filter" != "x" ]; then \ /root/freeradius-snapshot-20041028/libtool --mode=install /root/freeradius-snapshot-20041028/install-sh -c -c \ rlm_attr_filter.la /usr/local/lib/rlm_attr_filter.la; \ rm -f /usr/local/lib/rlm_attr_filter-1.1.0-pre0.la; \ ln -s rlm_attr_filter.la /usr/local/lib/rlm_attr_filter-1.1.0-pre0.la; \filibtool: install: `rlm_attr_filter.la' is not a valid libtool archiveTry `libtool --help --mode=install' for more information.gmake[6]: Leaving directory `/root/freeradius-snapshot-20041028/src/modules/rlm_attr_filter'Making install in rlm_attr_rewrite...gmake[6]: Entering directory `/root/freeradius-snapshot-20041028/src/modules/rlm_attr_rewrite'if [ "xrlm_attr_rewrite" != "x" ]; then \ /root/freeradius-snapshot-20041028/libtool --mode=install /root/freeradius-snapshot-20041028/install-sh -c -c \ rlm_attr_rewrite.la /usr/local/lib/rlm_attr_rewrite.la; \ rm -f /usr/local/lib/rlm_attr_rewrite-1.1.0-pre0.la; \ ln -s rlm_attr_rewrite.la /usr/local/lib/rlm_attr_rewrite-1.1.0-pre0.la; \filibtool: install: `rlm_attr_rewrite.la' is not a valid libtool archiveTry `libtool --help --mode=install' for more information.gmake[6]: Leaving directory `/root/freeradius-snapshot-20041028/src/modules/rlm_attr_rewrite'Making install in rlm_chap...gmake[6]: Entering directory `/root/freeradius-snapshot-20041028/src/modules/rlm_chap'if [ "xrlm_chap" != "x" ]; then \ /root/freeradius-snapshot-20041028/libtool --mode=install /root/freeradius-snapshot-20041028/install-sh -c -c \ rlm_chap.la /usr/local/lib/rlm_chap.la; \ rm -f /usr/local/lib/rlm_chap-1.1.0-pre0.la; \ ln -s rlm_chap.la /usr/local/lib/rlm_chap-1.1.0-pre0.la; \filibtool: install: `rlm_chap.la' is not a valid libtool archiveTry `libtool --help --mode=install' for more information.gmake[6]: Leaving directory `/root/freeradius-snapshot-20041028/src/modules/rlm_chap'Making install in rlm_checkval...gmake[6]: Entering directory `/root/freeradius-snapshot-20041028/src/modules/rlm_checkval'if [ "xrlm_checkval" != "x" ]; then \ /root/freeradius-snapshot-20041028/libtool --mode=install /root/freeradius-snapshot-20041028/install-sh -c -c \ rlm_checkval.la /usr/local/lib/rlm_checkval.la; \ rm -f /usr/local/lib/rlm_checkval-1.1.0-pre0.la; \ ln -s rlm_checkval.la /usr/local/lib/rlm_checkval-1.1.0-pre0.la; \filibtool: install: `rlm_checkval.la' is not a valid libtool archiveTry `libtool --help --mode=install' for more information.gmake[6]: Leaving directory `/root/freeradius-snapshot-20041028/src/modules/rlm_checkval'Making install in rlm_copy_packet...gmake[6]: Entering directory `/root/freeradius-snapshot-20041028/src/modules/rlm_copy_packet'if [ "xrlm_copy_packet" != "x" ]; then \ /root/freeradius-snapshot-20041028/libtool --mode=install /root/freeradius-snapshot-20041028/install-sh -c -c \ rlm_copy_packet.la /usr/local/lib/rlm_copy_packet.la; \ rm -f /usr/local/lib/rlm_copy_packet-1.1.0-pre0.la; \ ln -s rlm_copy_packet.la /usr/local/lib/rlm_copy_packet-1.1.0-pre0.la; \filibtool: install: `rlm_copy_packet.la' is not a valid libtool archiveTry `libtool --help --mode=install' for more information.gmake[6]: Leaving directory `/root/freeradius-snapshot-20041028/src/modules/rlm_copy_packet'Making install in rlm_counter...gmake[6]: Entering directory `/root/freeradius-snapshot-20041028/src/modules/rlm_counter'if [ "xrlm_counter" != "x" ]; then \ /root/freeradius-snapshot-20041028/libtool --mode=install /root/freeradius-snapshot-20041028/install-sh -c -c \ rlm_counter.la /usr/local/lib/rlm_counter.la; \ rm -f /usr/local/lib/rlm_counter-1.1.0-pre0.la; \ ln -s rlm_counter.la /usr/local/lib/rlm_counter-1.1.0-pre0.la; \filibtool: install: `rlm_counter
HP Procurve 5300XL and Privilege Levels
Hi all, Has anyone have some information how i handle priv levels in 5300xl's and freeradius? Id like to make account wich have priv level 14 access (Operator RO) and couple level 15 access (Manager RW). I get aaa working, but i dont know how i must to do that level thing in users.conf. Best regards, Ville Leinonen - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Bad Singature error
Hi, I am using EAP-TLS to authenticate a wireless Station to FreeRADIUS through an AP but am getting Bad Signature error. Following is the output of FreeRADIUS: rlm_eap_tls: <<< TLS 1.0 Handshake [length 05e1], Certificate chain-depth=1, error=0 --> User-Name = Paradigm --> BUF-Name = --> subject = /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd --> issuer = /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd --> verify return:1 chain-depth=0, error=0 --> User-Name = Paradigm --> BUF-Name = Paradigm --> subject = /C=PK/ST=abcdef/L=LH/O=MyOrg/OU=Net/CN=Paradigm/emailAddress=addy --> issuer = /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd --> verify return:1 TLS_accept: SSLv3 read client certificate A rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], CertificateVerify rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal decrypt_error TLS Alert write:fatal:decrypt error TLS_accept:failed in SSLv3 read certificate verify B 79644:error:04077068:rsa routines:RSA_verify:bad signature:/usr/src/crypto/openssl/crypto/rsa/rsa_sign.c:181: 79644:error:1408807A:SSL routines:SSL3_GET_CERT_VERIFY:bad rsa signature:/usr/src/crypto/openssl/ssl/s3_srvr.c:1839: 79644:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:/usr/src/crypto/openssl/ssl/s3_pkt.c:837: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. The FreeRADIUS Server while operating upon the CertificateVerify message from the Client gives out the Bad signature error. I have no clue what is happening here. Could someone please help me out with this issue? Thanks, Bilal - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: HP Procurve 5300XL and Privilege Levels
On Fri, 2004-10-29 at 14:57 +0300, Ville Leinonen wrote: > Hi all, > > Has anyone have some information how i handle > priv levels in 5300xl's and freeradius? > > Id like to make account wich have priv level 14 access (Operator RO) > and couple level 15 access (Manager RW). > > I get aaa working, but i dont know how i must to do that level > thing in users.conf. > > Best regards, > > Ville Leinonen > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html They may be doing something similar to Foundry. Look in the HP docs for privilege-level or command-string. HP support is pretty good with this type of stuff, just a tad on the slow side. Ted DISCLAIMER This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me and permanently delete the original and any copy of any e-mail and any printout thereof. E-mail transmission cannot be guaranteed to be secure or error-free. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. REGARDING PRIVACY AND CONFIDENTIALITY Crown Financial Group may, at its discretion, monitor and review the content of all e-mail communications. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Upgrade to 1.0.1 - radiusd wont start (RESOLVED)
On Fri, 2004-10-29 at 12:40, John Horne wrote: > > We have a Fedora Core 2 linux server which unfortunately automatically > upgraded, using yum, from freeradius 0.9.3 to 1.0.1 last night. (I did > not intend that to happen so that I could check out the changes with > 1.0.1 to ensure that it would work okay on our servers.) This morning > the server was showing that the freeradius daemon was not running. > > In our radiusd.conf file in the authorize section we have: > > mschap { > ok = return > } > Okay, I see that this was reported about 2 weeks ago by a user getting the same type of error when using ldap. I also see that this has been fixed in cvs by Alan DeKok, and should appear in freeradius 1.0.2. Many thanks. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problems moving from FreeRADIUS 1.0.0 to version 1.0.1
Hello, I've been using FreeRADIUS 1.0.0 so far. I just tried to install FreeRADIUS 1.0.1, but I'm encountering a problem : I get a bus error upon receiving an access-request. I've got a very simple module that, on "authorize" event, tries to access "request", "request->packet" and "request->packet->vps". When trying to access request->packet->vps the program generates a bus error, but I don't know if the packet or request are valid pointers either at the beginning of my function... I did not have any problem with exactly the same code and configuration when using FreeRADIUS 1.0.0. In my configuration, I'm also using other modules such as "detail". Those modules work fine, but I don't know why mine doesn't. Any ideas ? (As a side note, the FreeRADIUS 1.0.1 package found at the address below contains CSV directories. Thus, when configuring, the developper mode is enabled. This mode generates tons of warnings when compiling. Removing the top-level CVS directory before "configure" fixes the problem. ftp://ftp.freeradius.org/pub/radius/freeradius-1.0.1.tar.gz ) Please find below : 1. the request that I'm sending to the server with radclient 2. complete debug logs 3. source file of my module 4. my makefile 5. my radiusd.conf file 1. RADIUS test request [EMAIL PROTECTED] User-Password=ABC NAS-IP-Address=172.26.233.18 Framed-IP-Address=1.2.3.4 NAS-Port-Type=19 Acct-Session-ID=1234567890ABCDEF 2. debug logs @freerad0//home2/freerad0>$HOME/freeradius/sbin/radiusd -d $HOME/freeradius/etc/raddb -X Fri Oct 29 15:29:22 2004 : Info: Starting - reading configuration files ... Fri Oct 29 15:29:22 2004 : Debug: reread_config: reading radiusd.conf Fri Oct 29 15:29:22 2004 : Debug: Config: including file: /home2/freerad0/freeradius/etc/raddb/proxy.conf Fri Oct 29 15:29:22 2004 : Debug: Config: including file: /home2/freerad0/freeradius/etc/raddb/clients.conf Fri Oct 29 15:29:22 2004 : Debug: Config: including file: /home2/freerad0/freeradius/etc/raddb/cg_custom.conf Fri Oct 29 15:29:22 2004 : Debug: main: prefix = "/home2/freerad0/freeradius" Fri Oct 29 15:29:22 2004 : Debug: main: localstatedir = "/home2/freerad0/freeradius/var" Fri Oct 29 15:29:22 2004 : Debug: main: logdir = "/home2/freerad0/freeradius/var/log/radius" Fri Oct 29 15:29:22 2004 : Debug: main: libdir = "/home2/freerad0/freeradius/lib" Fri Oct 29 15:29:22 2004 : Debug: main: radacctdir = "/home2/freerad0/freeradius/var/log/radius/radacct" Fri Oct 29 15:29:22 2004 : Debug: main: hostname_lookups = no Fri Oct 29 15:29:22 2004 : Debug: main: max_request_time = 30 Fri Oct 29 15:29:22 2004 : Debug: main: cleanup_delay = 5 Fri Oct 29 15:29:22 2004 : Debug: main: max_requests = 256 Fri Oct 29 15:29:22 2004 : Debug: main: delete_blocked_requests = 0 Fri Oct 29 15:29:22 2004 : Debug: main: port = 1645 Fri Oct 29 15:29:22 2004 : Debug: main: allow_core_dumps = no Fri Oct 29 15:29:22 2004 : Debug: main: log_stripped_names = no Fri Oct 29 15:29:22 2004 : Debug: main: log_file = "/home2/freerad0/freeradius/var/log/radius/radius.log" Fri Oct 29 15:29:22 2004 : Debug: main: log_auth = no Fri Oct 29 15:29:22 2004 : Debug: main: log_auth_badpass = no Fri Oct 29 15:29:22 2004 : Debug: main: log_auth_goodpass = no Fri Oct 29 15:29:22 2004 : Debug: main: pidfile = "/home2/freerad0/freeradius/var/run/radiusd/radiusd.pid" Fri Oct 29 15:29:22 2004 : Debug: main: user = "(null)" Fri Oct 29 15:29:22 2004 : Debug: main: group = "(null)" Fri Oct 29 15:29:22 2004 : Debug: main: usercollide = no Fri Oct 29 15:29:22 2004 : Debug: main: lower_user = "no" Fri Oct 29 15:29:22 2004 : Debug: main: lower_pass = "no" Fri Oct 29 15:29:22 2004 : Debug: main: nospace_user = "no" Fri Oct 29 15:29:22 2004 : Debug: main: nospace_pass = "no" Fri Oct 29 15:29:22 2004 : Debug: main: checkrad = "/home2/freerad0/freeradius/sbin/checkrad" Fri Oct 29 15:29:22 2004 : Debug: main: proxy_requests = yes Fri Oct 29 15:29:22 2004 : Debug: proxy: retry_delay = 5 Fri Oct 29 15:29:22 2004 : Debug: proxy: retry_count = 3 Fri Oct 29 15:29:22 2004 : Debug: proxy: synchronous = no Fri Oct 29 15:29:22 2004 : Debug: proxy: default_fallback = yes Fri Oct 29 15:29:22 2004 : Debug: proxy: dead_time = 60 Fri Oct 29 15:29:22 2004 : Debug: proxy: post_proxy_authorize = no Fri Oct 29 15:29:22 2004 : Debug: proxy: wake_all_if_all_dead = no Fri Oct 29 15:29:22 2004 : Debug: security: max_attributes = 200 Fri Oct 29 15:29:22 2004 : Debug: security: reject_delay = 0 Fri Oct 29 15:29:22 2004 : Debug: security: status_server = no Fri Oct 29 15:29:22 2004 : Debug: main: debug_level = 0 Fri Oct 29 15:29:22 2004 : Debug: read_config_files: reading dictionary Fri Oct 29 15:29:23 2004 : Debug: read_config_files: reading naslist Fri Oct 29 15:29:23 2004 : Info: Using deprecated naslist file. Support for this will go away soon. Fri Oct 29 15:29:23 2004 : Debug: read_config_files: reading clients Fri Oct 29 15:29:23 2004 : Debug: read_config_files: reading realms Fri Oct 2
Re: alcatel omniswitch 6600 and 802.1x
Laurent LAVAUD <[EMAIL PROTECTED]> wrote: > I'm trying to set up a configuration with an Alcatel Omniswitch 6600-24 and > Freeradius 1.0.1. 802.1x client is either native XP or open1x (EAP-MD5). > Communication seem to go between the switch and Freeradius but authentication > fails. The debug log you posted shows the server sending an Access-Accept back to the NAS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radrelay segmentation failt
Alexander Serkin <[EMAIL PROTECTED]> wrote: > When running radrelay on 162Mb accounting file it dies with segmentation fault. > There is quite enough disk space on the working partition: It's probably a previously-reported bug in radrelay. version 1.0.2 will contain the fix. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem Configuring EAP
Hi I tried to configure EAP-md5 : I did NOT set "Auth-Type := EAP" in the users file (as written in eap.conf) moduel eap ist loaded: Module: Loaded eap eap: default_eap_type = "md5" in the authorize and the authenticate section of radiusd.conf I entered eap but I get following errors: modcall: group authorize returns ok for request 1 auth: type Local auth: No User-Password or CHAP-Password attribute in the request auth: Failed to validate the user. the Server somehow does not find out to use EAP-md5 by its own If I set Auth-Type := EAP in the users file I get following error msg: modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" ERROR: Unknown value specified for Auth-Type. Cannot perform requested action. auth: Failed to validate the user. could anybode help my ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Logging to syslog
Recently I installed 1.0.1 and am very pleased with it. One thing I would like to do is have it log to syslog so I can send the logs to a central server so technical staff can use the logs for troubleshooting. If I tell FreeRadius to log to syslog the correct way, it doesn't. I know the source supports it and understand how it "should" work but it refuses to log to syslog. I've seen a few posts about this but nobody seems to have figured it out. Anyone have any tips, or a direction for me? Thanks so much! Christian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem Configuring EAP
=?iso-8859-1?Q?Geissb=FChler_Johannes?= <[EMAIL PROTECTED]> wrote: > I tried to configure EAP-md5 : > > I did NOT set "Auth-Type := EAP" in the users file (as written in eap.conf) Ok... > in the authorize and the authenticate section of radiusd.conf I entered eap Why? They're already included in those sections. > but I get following errors: > > modcall: group authorize returns ok for request 1 > auth: type Local > auth: No User-Password or CHAP-Password attribute in the request > auth: Failed to validate the user. Read the REST OF THE DEBUG LOG to see if the "eap" module is being used. looking at only part of the debug log is a guaranteed way to miss important messages which tell you what the server is doing. > the Server somehow does not find out to use EAP-md5 by its own Yes... read the debug log to see why. > If I set Auth-Type := EAP in the users file I get following error msg: > > modcall[authorize]: module "files" returns ok for request 0 > modcall: group authorize returns ok for request 0 > rad_check_password: Found Auth-Type EAP > auth: type "EAP" > ERROR: Unknown value specified for Auth-Type. Cannot perform requested > action. > auth: Failed to validate the user. That doesn't sound right. > could anybode help my ? Read the entire debug log. Or failing that, post it to the list. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Logging to syslog
"Christian Reeves" <[EMAIL PROTECTED]> wrote: > If I tell FreeRadius to log to syslog the correct way, it doesn't. What "correct" way? I think that in 1.0.x, the "-l syslog" command-line option doesn't work. In the CVS snapshots, there is another, better way to tell the server to log to syslog. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Logging to syslog
> > If I tell FreeRadius to log to syslog the correct way, it doesn't. > > What "correct" way? I set the -l flag in the startup script and the -g flag to set the facility. > In the CVS snapshots, there is another, better > way to tell the server to log to syslog. I'll have a look at the snapshot and see what I come up with. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
migration to freeradius
Hello, I have an interesting problem. We are trying to migrate from Merit radius 3.6B to freeradius. It seems to work for 99% of the users, however about 1% of the users, it fails to receive a password for. If we point the NAS back to the merit server they get on without a problem. We are using USR/3COM Total Control HiperArc's. Anyone have an idea of what I can do to resolve this issue ? Wade - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: migration to freeradius
Wade Kemp <[EMAIL PROTECTED]> wrote: > Hello, I have an interesting problem. We are trying to migrate from > Merit radius 3.6B to freeradius. It seems to work for 99% > of the users, however about 1% of the users, it fails to receive a > password for. for the user? That's odd. The NAS sends packets, and doesn't know what kind of server it's sending packets to. So switching from Merit to FreeRADIUS makes *zero* difference to the packets sent by the NAS. I doubt very much that what you described is the problem. Can you post a debug log from FreeRADIUS of a request which works with Merit, but not with FreeRADIUS? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Can´t install FreeRadius 1.0.1-1 en Fedora Core 2
Title: Message someone else suggested this to me and it worked for me on FC 2 - ln -s /usr/include/et/com_err.h /usr/include/com_err.h Ron Ron Nutter[EMAIL PROTECTED]Network ManagerInformation Technology Services(502)863-7002Georgetown College Georgetown, KY40324-1696 -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of João Romariz SobrinhoSent: Friday, October 29, 2004 7:35 AMTo: [EMAIL PROTECTED]Subject: Can´t install FreeRadius 1.0.1-1 en Fedora Core 2 Hi, I´m trying to install freeradius 1.0.1-1 in a Fedora Core 2 box but I´m getting lots os errors in make install command. libtool: install: `rlm_acct_unique.la' is not a valid libtool archiveTry `libtool --help --mode=install' for more information.gmake[6]: Leaving directory `/root/freeradius-snapshot-20041028/src/modules/rlm_acct_unique'Making install in rlm_always...gmake[6]: Entering directory `/root/freeradius-snapshot-20041028/src/modules/rlm_always'if [ "xrlm_always" != "x" ]; then \ /root/freeradius-snapshot-20041028/libtool --mode=install /root/freeradius-snapshot-20041028/install-sh -c -c \ rlm_always.la /usr/local/lib/rlm_always.la; \ rm -f /usr/local/lib/rlm_always-1.1.0-pre0.la; \ ln -s rlm_always.la /usr/local/lib/rlm_always-1.1.0-pre0.la; \filibtool: install: `rlm_always.la' is not a valid libtool archiveTry `libtool --help --mode=install' for more information.gmake[6]: Leaving directory `/root/freeradius-snapshot-20041028/src/modules/rlm_always'Making install in rlm_attr_filter...gmake[6]: Entering directory `/root/freeradius-snapshot-20041028/src/modules/rlm_attr_filter'if [ "xrlm_attr_filter" != "x" ]; then \ /root/freeradius-snapshot-20041028/libtool --mode=install /root/freeradius-snapshot-20041028/install-sh -c -c \ rlm_attr_filter.la /usr/local/lib/rlm_attr_filter.la; \ rm -f /usr/local/lib/rlm_attr_filter-1.1.0-pre0.la; \ ln -s rlm_attr_filter.la /usr/local/lib/rlm_attr_filter-1.1.0-pre0.la; \filibtool: install: `rlm_attr_filter.la' is not a valid libtool archiveTry `libtool --help --mode=install' for more information.gmake[6]: Leaving directory `/root/freeradius-snapshot-20041028/src/modules/rlm_attr_filter'Making install in rlm_attr_rewrite...gmake[6]: Entering directory `/root/freeradius-snapshot-20041028/src/modules/rlm_attr_rewrite'if [ "xrlm_attr_rewrite" != "x" ]; then \ /root/freeradius-snapshot-20041028/libtool --mode=install /root/freeradius-snapshot-20041028/install-sh -c -c \ rlm_attr_rewrite.la /usr/local/lib/rlm_attr_rewrite.la; \ rm -f /usr/local/lib/rlm_attr_rewrite-1.1.0-pre0.la; \ ln -s rlm_attr_rewrite.la /usr/local/lib/rlm_attr_rewrite-1.1.0-pre0.la; \filibtool: install: `rlm_attr_rewrite.la' is not a valid libtool archiveTry `libtool --help --mode=install' for more information.gmake[6]: Leaving directory `/root/freeradius-snapshot-20041028/src/modules/rlm_attr_rewrite'Making install in rlm_chap...gmake[6]: Entering directory `/root/freeradius-snapshot-20041028/src/modules/rlm_chap'if [ "xrlm_chap" != "x" ]; then \ /root/freeradius-snapshot-20041028/libtool --mode=install /root/freeradius-snapshot-20041028/install-sh -c -c \ rlm_chap.la /usr/local/lib/rlm_chap.la; \ rm -f /usr/local/lib/rlm_chap-1.1.0-pre0.la; \ ln -s rlm_chap.la /usr/local/lib/rlm_chap-1.1.0-pre0.la; \filibtool: install: `rlm_chap.la' is not a valid libtool archiveTry `libtool --help --mode=install' for more information.gmake[6]: Leaving directory `/root/freeradius-snapshot-20041028/src/modules/rlm_chap'Making install in rlm_checkval...gmake[6]: Entering directory `/root/freeradius-snapshot-20041028/src/modules/rlm_checkval'if [ "xrlm_checkval" != "x" ]; then \ /root/freeradius-snapshot-20041028/libtool --mode=install /root/freeradius-snapshot-20041028/install-sh -c -c \ rlm_checkval.la /usr/local/lib/rlm_checkval.la; \ rm -f /usr/local/lib/rlm_checkval-1.1.0-pre0.la; \ ln -s rlm_checkval.la /usr/local/lib/rlm_checkval-1.1.0-pre0.la; \filibtool: install: `rlm_checkval.la' is not a valid libtool archiveTry `libtool --help --mode=install' for more information.gmake[6]: Leaving directory `/root/freeradius-snapshot-20041028/src/modules/rlm_checkval'Making install in rlm_copy_packet...gmake[6]: Entering directory `/root/freeradius-snapshot-20041028/src/modules/rlm_copy_packet'if [ "xrlm_copy_packet" != "x" ]; then \ /root/freeradius-snapshot-20041028/libtool --mode=install /root/freeradius-snapshot-20041028/install-sh -c -c \ rlm_copy_packet.la /usr/lo
SV: Eumulate authentication by java
Hi, Jradius is a good API. I have extended the API with vendor specific attributes and multiple attribute values which I’m glad to share if you want it. Regards /P Från: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] För MaFai Skickat: Friday, October 29, 2004 8:16 AM Till: freeradius-users Ämne: Eumulate authentication by java Dear freeradius-users: Can we use the java program to emulate the authentication? We want to write some code to post request to the radius server, and make an authentication with this way? does it possible? Any java api? or other language API? Best regards. MaFai [EMAIL PROTECTED] 2004-10-29 34955929 <>
RADIUS Proxy
Title: Nachricht Gurus, I'll need a RADIUS Proxy sytsem wich is able to proxy requests qualified by -usernam, -called-station-id, -source IP, to some other RADIUS servers. The big thing is: it must be fault tolerant and must proxy some thousends of requests per second (starting with 1000 complete sessions: Auth, Acct-Start, Acct-Stop). Would Freeradius be able to do this? Is there a nearly equivalent implementation around there? What would be the HW requirement? I'm thinking about an infrastucture of some loadbalancers hiding some systems to do the proxying. I don't need any HD writings for logfiles or sessiond data. The receivers of the packets will take care of the date. Logfiles for debug will be used sometimes. Thank You Stefan <>
Re: RADIUS Proxy
On Fri, 29 Oct 2004, Stefan wrote: > The big thing is: it must be fault tolerant and must proxy some thousends of > requests per second (starting with 1000 complete sessions: Auth, Acct-Start, > Acct-Stop). > Would Freeradius be able to do this? Yes. > Is there a nearly equivalent implementation around there? ??? > What would be the HW requirement? Minimal. josh. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius - mysql auth issues
Having a bit of trouble with the setup on of MYSQL with Freeradius. I am able to test these accounts using DA's check password tool so I don't believe I have the wrong password. Where I seem to be missing some configuration is in the radiusd.conf file with regards to the auth: type . I cant for the life of me find where the setting would be to get radiusd to use mysql to check passwords. Please can someone point me in the right direction - I have reviewed most Free-radius mysql faq docs and havent see this particular error. Any help would be greatly appreciated - please review the debug below - everything seems fine until the auth: type local line. rad_recv: Access-Request packet from host 10.149.204.32:2293, id=6, length=46 User-Name = "Andrew" User-Password = "removed" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "Andrew", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 radius_xlat: 'Andrew' rlm_sql (sql): sql_set_user escaped user --> 'Andrew' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'Andrew' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'Andrew' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'Andrew' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'Andrew' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok for request 0 modcall: group authorize returns ok for request 0 auth: type Local auth: user supplied User-Password does NOT match local User-Password auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 6 to 10.149.204.32:2293 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 6 with timestamp 4182b32c Thanks, Andrew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems moving from FreeRADIUS 1.0.0 to version 1.0.1
Chaigneau Nicolas <[EMAIL PROTECTED]> wrote: > I've been using FreeRADIUS 1.0.0 so far. I just tried > to install FreeRADIUS 1.0.1, but I'm encountering a > problem : I get a bus error upon receiving an > access-request. Did you re-build you module in 1.0.1, or just re-use the lobrary from 1.0.0? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius - mysql auth issues
"Kirk, Andrew J." <[EMAIL PROTECTED]> wrote: > Where I seem to be missing some configuration is in the radiusd.conf file > with regards to the auth: type . I cant for the life of me find where the > setting would be to get radiusd to use mysql to check passwords. You don't. MySQL is a database, it stores user information (like passwords). FreeRADIUS is an authentication server. It uses databases like MySQL to get passwords, and then uses those passwords to authenticate people. > auth: type Local > auth: user supplied User-Password does NOT match local User-Password That's fairly definitive. The server got the users password from MySQL, but it didn't match what was in the packet. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html