Re[2]: rlm_perl detaches when radius runs out of memory
Hello Boian, thank you very much for information. I think attachment did not go through. Can you please repost it or mail to [EMAIL PROTECTED] thank you. Monday, March 29, 2004, 11:28:40 AM, you wrote: BJ On Sun, Mar 28, 2004 at 08:09:56PM +0300, Aivis Olsteins wrote: Hello, I would like to ask if anybody could explain how detaching works with perl module. We had following entry in log file, after which radius was running but not responding to any requests. Sat Mar 27 16:04:00 2004 : Error: out of memory Sat Mar 27 16:04:00 2004 : Error: out of memory Sat Mar 27 16:04:01 2004 : rlm_perl: rlm_perl::Detaching. Reloading. Done. How could we prevent perl module from detaching? If the radius runs out of memory and restarts, why to detach perl module? It leaves server without module which is needed for operation and since radiusd process is still running, it does not give external monitoring programs any idea that it actually has crashed. BJ When radius restarts rlm_perl reloads too. If your radius after BJ restarting is not responding please apply an attached patch. BJ it will fix problems with detaching (sometimes if you do a kill -HUP on BJ running radius process) it stop respond. Note you will need a detach BJ function wich have at least one line 'return RLM_MODULE_OK;' BJ Note patch is against 0.9.3 version 0.9.3 compiled with rlm_perl included. Any feedback will be highly appreciated. -- Best regards, Aivis mailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best regards, Aivismailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
eap-sim config?
hi guys~ I have installed the snapshot-20040322. Idon't know how toconfig the eap_sim ineap.conf. is there anyone kindly give meany suggestion or an example about that? thanks in advance alex
how to specify MSCHAP users passwrod is stored in LDAP
hiplease someone tell me how someone can specify that MSCHAP password are stored in a LDAP directory.thankssayantan bhowmick
Re: start freeradius on boot
which linux-distribution do you use? Marc Am Montag, 29. März 2004 13:51 schrieb Sander Groenhaut: Hello, I would like FreeRadius to boot automatically when the system starts, but I don't get it. Does anybody know how to make it? Sander Encuentra lo que buscas en la Guía de Empresas y Profesionales LYCOS-QDQ http://qdq.lycos.es/buscador.cfm?pCliente=lycos -- Marc Werner [EMAIL PROTECTED] ICQ#190044536 http://tuxxy.in.itzehoe.de - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
single RADIUS server --- two NASes
Hi! I'm already running RADIUS together with: mpd(pptp vpn server), users are checked against smbpasswd, required fields are taken from users, accounting is stored in PostgreSQL database. what I want to do: I want to implement two VPN servers, different Framed-IP-Address for each VPN server. Also I want to put accounting to two separate databases. Can somebody give me working example of what I want ? Cheers, Ilia Chipitsine - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FOR FREERADIUS DEVELOPERS: Building FreeRADIUS under Cygwin
Alan DeKok wrote: Frank Seesink [EMAIL PROTECTED] wrote: Good news: FreeRADIUS BUILDS UNDER CYGWIN!!! With NO modifications! That's nice to hear. Bad news: 'make install' fails. That shouldn't be much of a problem. I've copy/pasted the end of the output at the end of this message. It's weird. But if you're not using rlm_dbm, just delete the module directory, and type make install again. ... Alan, Ok, deleted the rlm_dbm module directory and redid 'make install'. Got further, but not done yet. This time got as far as the following, and if I see it right, I will want this, as it's for EAP. Thoughts? Ideally, I'd really like to get FreeRADIUS to install as it does elsewhere without these gyrations. What exactly do the error messages indicate here? Bug in make on Cygwin? And for what it's worth, the rlm_dbm built just fine, with the appropriate .a .la files as you'd expect. So not really sure what the issue was. Anyway, any help would be appreciated. ... -- Libraries have been installed in: /usr/local/lib If you ever happen to want to link against installed libraries in a given directory, LIBDIR, you must either use libtool, and specify the full pathname of the library, or use the `-LLIBDIR' flag during linking and do at least one of the following: - add LIBDIR to the `PATH' environment variable during execution - add LIBDIR to the `LD_RUN_PATH' environment variable during linking - use the `-Wl,--rpath -Wl,LIBDIR' linker flag See any operating system documentation about shared libraries for more information, such as the ld(1) and ld.so(8) manual pages. -- make[11]: Leaving directory `/usr/local/radiusd/src/modules/rlm_eap/types/rlm_ea p_ttls' make[10]: Leaving directory `/usr/local/radiusd/src/modules/rlm_eap/types' make[9]: Leaving directory `/usr/local/radiusd/src/modules/rlm_eap/types' make[8]: Leaving directory `/usr/local/radiusd/src/modules/rlm_eap' /usr/local/radiusd/install-sh -c -m 755 radeapclient/usr/local/bin cp: `radeapclient' and `/usr/local/bin/#inst.3092#' are the same file make[7]: *** [install-types] Error 1 make[7]: Leaving directory `/usr/local/radiusd/src/modules/rlm_eap' make[6]: *** [install] Error 2 make[6]: Leaving directory `/usr/local/radiusd/src/modules/rlm_eap' make[5]: *** [common] Error 1 make[5]: Leaving directory `/usr/local/radiusd/src/modules' make[4]: *** [install] Error 2 make[4]: Leaving directory `/usr/local/radiusd/src/modules' make[3]: *** [common] Error 1 make[3]: Leaving directory `/usr/local/radiusd/src' make[2]: *** [install] Error 2 make[2]: Leaving directory `/usr/local/radiusd/src' make[1]: *** [common] Error 1 make[1]: Leaving directory `/usr/local/radiusd' make: *** [install] Error 2 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP LEAP and Freeradius
On Fri, 26 Mar 2004, Steve OBrien wrote: Is it possible to use LDAP to authenticate LEAP clients? If so does anyone have the particulars? TIA, Steve - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html If you have clear text passwords in your ldap and set the ldap module to extract them it should work. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with LDAP authorization using groupOfNames and huntgroups
On Fri, 26 Mar 2004, Casey Forbes wrote: Hello, I'm having a lot of trouble getting my freeradius (CVS snap 20040323) to Allow/Deny access based on membership in LDAP groups (where the group names are associated with huntgroups). rlm_ldap docs and the mailing list archive didn't help me much.. I'd like to do something like this: huntgroups: . dialup NAS-IP-Address == 172.16.0.12 wirelessNAS-IP-Address == 172.16.0.13 users: . DEFAULT Huntgroup-Name == dialup, Ldap-Group == cn=Dialup,ou=Remote Access,dc=kensfoods,dc=com Fall-Through = yes DEFAULT Huntgroup-Name == wireless, Ldap-Group == cn=Wireless,ou=Remote Access,dc=kensfoods,dc=com Fall-Through = yes ldif: . dn: cn=Dialup,ou=Remote Access, dc=kensfoods,dc=com objectClass: groupOfUniqueNames objectClass: top uniqueMember: cn=John Smith,ou=Users,dc=kensfoods,dc=com cn: Dialup dn: cn=Wireless,ou=Remote Access, dc=kensfoods,dc=com objectClass: groupOfUniqueNames objectClass: top uniqueMember: cn=Robert Kelley,ou=Users,dc=kensfoods,dc=com cn: Wireless radiusd.conf . modules { ... ldap { server = ldap.kensfoods.com identity = cn=FreeRADIUS,ou=Daemon,dc=kensfoods,dc=com password = ** basedn = ou=Users,dc=kensfoods,dc=com filter = (uid=%u) start_tls = no ldap_connections_number = 5 dictionary_mapping = ${raddbdir}/ldap.attrmap password_header = {SHA} password_attribute = userPassword groupname_attribute = cn groupmembership_filter = ((objectClass=groupOfUniqueNames)(uniquemember=%{Ldap-UserDn}))) timeout = 4 timelimit = 3 net_timeout = 1 compare_check_items = no } } authorize { preprocess chap mschap suffix eap files ldap } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } Auth-Type LDAP { ldap } eap } With the above configuration, no group checks are happening radiusd -X . rad_recv: Access-Request packet from host 127.0.0.1:40092, id=100, length=59 User-Name = cforbes User-Password = NAS-IP-Address = 255.255.255.255 Huntgroup matching with this value for NAS-IP-Address will never work. NAS-Port = 1 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_realm: No '@' in User-Name = cforbes, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 0 modcall[authorize]: module files returns notfound for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for cforbes radius_xlat: '(uid=cforbes)' radius_xlat: 'ou=Users,dc=kensfoods,dc=com' ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to ldap.kensfoods.com:389, authentication 0 rlm_ldap: bind as cn=FreeRADIUS,ou=Daemon,dc=kensfoods,dc=com to ldap.kensfoods.com:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=Users,dc=kensfoods,dc=com, with filter (uid=cforbes) rlm_ldap: looking for check items in directory... rlm_ldap: Adding acctFlags as SMB-Account-CTRL-TEXT rlm_ldap: Adding ntPassword as NT-Password rlm_ldap: Adding lmPassword as LM-Password rlm_ldap: looking for reply items in directory... rlm_ldap: user cforbes authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type LDAP auth: type LDAP Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 0 rlm_ldap: - authenticate rlm_ldap: login attempt by cforbes with password rlm_ldap: user DN: cn=Casey Forbes,ou=Users,dc=kensfoods,dc=com rlm_ldap: (re)connect to ldap.kensfoods.com:389, authentication 1 rlm_ldap: bind as cn=Casey Forbes,ou=Users,dc=kensfoods,dc=com to ldap.kensfoods.com:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: user cforbes authenticated succesfully modcall[authenticate]: module ldap returns ok for request 0 modcall: group Auth-Type returns ok for request 0 Login OK: [cforbes] (from client localhost port 1) Sending Access-Accept of id 100 to 127.0.0.1:40092 Finished request 0 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network
Re: Help with LDAP authorization using groupOfNames and huntgroups
On Mon, 29 Mar 2004, Kostas Kalevras wrote: rad_recv: Access-Request packet from host 127.0.0.1:40092, id=100, length=59 User-Name = cforbes User-Password = NAS-IP-Address = 255.255.255.255 Huntgroup matching with this value for NAS-IP-Address will never work. Ugh - I did a radtest and I didn't specify the NAS IP. Dustin's suggestion worked... This was the part that I didn't do right: On Fri, 26 Mar 2004, Dustin Doris wrote: Try setting Fall-Through to no and putting a reject at the bottom of the file. DEFAULT Huntgroup-Name == dialup, Ldap-Group == cn=Dialup,ou=Remote Access,dc=kensfoods,dc=com Fall-Through = no DEFAULT Huntgroup-Name == wireless, Ldap-Group == cn=Wireless,ou=Remote Access,dc=kensfoods,dc=com Fall-Through = no DEFAULT Auth-Type := Reject Thanks guys, Casey - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
linking to rlm_exec under Cygwin
I'm running Cygwin version 1.5.9-1 and freeradius-0.9.3 or freeradius-snapshot-20040326. The reason for the snapshot version is to have all of the eap flavors available. Freeradius configures and makes cleanly but when I run radiusd.exe -X I get the following error: Radiusd.conf[1241] Failed to link to module 'rlm_exec': dlopen: Win32 error 126 Can anyone tell me how to correct the problem? Thanks, Sandy _ Sandra McConathy Corporate Systems Engineer Chantry Networks Direct: 781.547.0070 Mobile: 978.994.6900 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRADIUS with Cisco hardware for VoIP
I'm searching for FreeRADIUS with Cisco hardware for VoIP. Specifically, I'm having trouble with the cisco-av-pair stuff. I read somewhere that Peter Nixon had experience in this, but can't find him. Thanks to help. -- Jérôme Warnier Consultant BeezNest http://beeznest.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: R: MySQL accounting and Cisco-AVPair
Le ven 26/03/2004 à 11:24, Pugnaloni Federico a écrit : I've found an old patch to cisco_vsa_hack http://lists.cistron.nl/pipermail/freeradius-devel/2001-August/001181.html This patch (well, a modified version) has already been applied to the 0.9.2 version in Debian Sarge/Sid. I rebuild FreeRADIUS with latest PostgreSQL version anyway, and it seems at least to run. I will let you know, guys. i don't know C language so i've applied the patch as it was... it works!! cisco_vsa_hack change Cisco-AVPair = ip:source-ip=192.168.0.127 to ip:source-ip=192.168.0.127 so i've modified sql.conf to store this info on db radacct and now it's ok i don't know if the cisco_vsa_hack now is ok but it seems to works fine -Messaggio originale- Da: Jérôme Warnier [mailto:[EMAIL PROTECTED] Inviato: giovedì 25 marzo 2004 19:30 A: '[EMAIL PROTECTED]' Oggetto: Re: MySQL accounting and Cisco-AVPair Le lun 22/03/2004 à 11:47, Pugnaloni Federico a écrit : Hi, i'm using FreeRADIUS Version 0.9.3on FreeBSD 4.9 i'm using with a Cisco PIX to AAA internet access it works fine, but i need to store the Cisco-AVPair info in radacct SQL table. As i can see in the detail accounting freeradius store Cisco-AVPair info -snip- Cisco-AVPair = ip:source-ip=192.168.0.127 Cisco-AVPair = ip:source-port=4051 Cisco-AVPair = ip:destination-ip=10.10.10.1 Cisco-AVPair = ip:destination-port=23 -snip but i cannot store this info on sql I've tried to modify sql.conf as is: accounting_stop_query_alt = INSERT into ${acct_table2} (RadAcctId, AcctSessionId... AcctStopDelay) values('', '%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}'... '%{Cisco-AVPair}', '%{Cisco-AVPair}'..}') but it returns only the first instance of Cisco-AVPair (ip:source-ip=192.168.0.127) how can i store all the values? Does the following help you? http://www.freeradius.org/cgi-bin/cvsweb.cgi/~checkout~/radius d/src/billing/README?rev=1.5content-type=text/plain -- Federico Pugnaloni -- Jérôme Warnier Consultant BeezNest http://beeznest.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
fast connect support in Free Radius
Hi, I am wondering if FreeRadius EAP_TLS has support for session reuse or does it always have to restart from scratch for reauthentications? Thanks, Htin
Re: fast connect support in Free Radius {Scanned}
Not sure. I just set it up and let it run. - Original Message - From: Htin Hlaing To: [EMAIL PROTECTED] Sent: Tuesday, March 30, 2004 11:11 AM Subject: fast connect support in Free Radius {Scanned} Hi, I am wondering if FreeRadius EAP_TLS has support for session reuse or does it always have to restart from scratch for reauthentications? Thanks, Htin