Re[2]: rlm_perl detaches when radius runs out of memory
Hello Boian, thank you very much for information. I think attachment did not go through. Can you please repost it or mail to [EMAIL PROTECTED] thank you. Monday, March 29, 2004, 11:28:40 AM, you wrote: BJ On Sun, Mar 28, 2004 at 08:09:56PM +0300, Aivis Olsteins wrote: Hello, I would like to ask if anybody could explain how detaching works with perl module. We had following entry in log file, after which radius was running but not responding to any requests. Sat Mar 27 16:04:00 2004 : Error: out of memory Sat Mar 27 16:04:00 2004 : Error: out of memory Sat Mar 27 16:04:01 2004 : rlm_perl: rlm_perl::Detaching. Reloading. Done. How could we prevent perl module from detaching? If the radius runs out of memory and restarts, why to detach perl module? It leaves server without module which is needed for operation and since radiusd process is still running, it does not give external monitoring programs any idea that it actually has crashed. BJ When radius restarts rlm_perl reloads too. If your radius after BJ restarting is not responding please apply an attached patch. BJ it will fix problems with detaching (sometimes if you do a kill -HUP on BJ running radius process) it stop respond. Note you will need a detach BJ function wich have at least one line 'return RLM_MODULE_OK;' BJ Note patch is against 0.9.3 version 0.9.3 compiled with rlm_perl included. Any feedback will be highly appreciated. -- Best regards, Aivis mailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best regards, Aivismailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
eap-sim config?
hi guys~ I have installed the snapshot-20040322. Idon't know how toconfig the eap_sim ineap.conf. is there anyone kindly give meany suggestion or an example about that? thanks in advance alex
how to specify MSCHAP users passwrod is stored in LDAP
hiplease someone tell me how someone can specify that MSCHAP password are stored in a LDAP directory.thankssayantan bhowmick
Re: start freeradius on boot
which linux-distribution do you use? Marc Am Montag, 29. März 2004 13:51 schrieb Sander Groenhaut: Hello, I would like FreeRadius to boot automatically when the system starts, but I don't get it. Does anybody know how to make it? Sander Encuentra lo que buscas en la Guía de Empresas y Profesionales LYCOS-QDQ http://qdq.lycos.es/buscador.cfm?pCliente=lycos -- Marc Werner [EMAIL PROTECTED] ICQ#190044536 http://tuxxy.in.itzehoe.de - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
single RADIUS server --- two NASes
Hi! I'm already running RADIUS together with: mpd(pptp vpn server), users are checked against smbpasswd, required fields are taken from users, accounting is stored in PostgreSQL database. what I want to do: I want to implement two VPN servers, different Framed-IP-Address for each VPN server. Also I want to put accounting to two separate databases. Can somebody give me working example of what I want ? Cheers, Ilia Chipitsine - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FOR FREERADIUS DEVELOPERS: Building FreeRADIUS under Cygwin
Alan DeKok wrote: Frank Seesink [EMAIL PROTECTED] wrote: Good news: FreeRADIUS BUILDS UNDER CYGWIN!!! With NO modifications! That's nice to hear. Bad news: 'make install' fails. That shouldn't be much of a problem. I've copy/pasted the end of the output at the end of this message. It's weird. But if you're not using rlm_dbm, just delete the module directory, and type make install again. ... Alan, Ok, deleted the rlm_dbm module directory and redid 'make install'. Got further, but not done yet. This time got as far as the following, and if I see it right, I will want this, as it's for EAP. Thoughts? Ideally, I'd really like to get FreeRADIUS to install as it does elsewhere without these gyrations. What exactly do the error messages indicate here? Bug in make on Cygwin? And for what it's worth, the rlm_dbm built just fine, with the appropriate .a .la files as you'd expect. So not really sure what the issue was. Anyway, any help would be appreciated. ... -- Libraries have been installed in: /usr/local/lib If you ever happen to want to link against installed libraries in a given directory, LIBDIR, you must either use libtool, and specify the full pathname of the library, or use the `-LLIBDIR' flag during linking and do at least one of the following: - add LIBDIR to the `PATH' environment variable during execution - add LIBDIR to the `LD_RUN_PATH' environment variable during linking - use the `-Wl,--rpath -Wl,LIBDIR' linker flag See any operating system documentation about shared libraries for more information, such as the ld(1) and ld.so(8) manual pages. -- make[11]: Leaving directory `/usr/local/radiusd/src/modules/rlm_eap/types/rlm_ea p_ttls' make[10]: Leaving directory `/usr/local/radiusd/src/modules/rlm_eap/types' make[9]: Leaving directory `/usr/local/radiusd/src/modules/rlm_eap/types' make[8]: Leaving directory `/usr/local/radiusd/src/modules/rlm_eap' /usr/local/radiusd/install-sh -c -m 755 radeapclient/usr/local/bin cp: `radeapclient' and `/usr/local/bin/#inst.3092#' are the same file make[7]: *** [install-types] Error 1 make[7]: Leaving directory `/usr/local/radiusd/src/modules/rlm_eap' make[6]: *** [install] Error 2 make[6]: Leaving directory `/usr/local/radiusd/src/modules/rlm_eap' make[5]: *** [common] Error 1 make[5]: Leaving directory `/usr/local/radiusd/src/modules' make[4]: *** [install] Error 2 make[4]: Leaving directory `/usr/local/radiusd/src/modules' make[3]: *** [common] Error 1 make[3]: Leaving directory `/usr/local/radiusd/src' make[2]: *** [install] Error 2 make[2]: Leaving directory `/usr/local/radiusd/src' make[1]: *** [common] Error 1 make[1]: Leaving directory `/usr/local/radiusd' make: *** [install] Error 2 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP LEAP and Freeradius
On Fri, 26 Mar 2004, Steve OBrien wrote: Is it possible to use LDAP to authenticate LEAP clients? If so does anyone have the particulars? TIA, Steve - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html If you have clear text passwords in your ldap and set the ldap module to extract them it should work. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with LDAP authorization using groupOfNames and huntgroups
On Fri, 26 Mar 2004, Casey Forbes wrote:
Hello,
I'm having a lot of trouble getting my freeradius (CVS snap 20040323)
to Allow/Deny access based on membership in LDAP groups (where the
group names are associated with huntgroups). rlm_ldap docs and the mailing
list archive didn't help me much..
I'd like to do something like this:
huntgroups:
.
dialup NAS-IP-Address == 172.16.0.12
wirelessNAS-IP-Address == 172.16.0.13
users:
.
DEFAULT Huntgroup-Name == dialup,
Ldap-Group == cn=Dialup,ou=Remote Access,dc=kensfoods,dc=com
Fall-Through = yes
DEFAULT Huntgroup-Name == wireless,
Ldap-Group == cn=Wireless,ou=Remote Access,dc=kensfoods,dc=com
Fall-Through = yes
ldif:
.
dn: cn=Dialup,ou=Remote Access, dc=kensfoods,dc=com
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: cn=John Smith,ou=Users,dc=kensfoods,dc=com
cn: Dialup
dn: cn=Wireless,ou=Remote Access, dc=kensfoods,dc=com
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: cn=Robert Kelley,ou=Users,dc=kensfoods,dc=com
cn: Wireless
radiusd.conf
.
modules {
...
ldap {
server = ldap.kensfoods.com
identity = cn=FreeRADIUS,ou=Daemon,dc=kensfoods,dc=com
password = **
basedn = ou=Users,dc=kensfoods,dc=com
filter = (uid=%u)
start_tls = no
ldap_connections_number = 5
dictionary_mapping = ${raddbdir}/ldap.attrmap
password_header = {SHA}
password_attribute = userPassword
groupname_attribute = cn
groupmembership_filter =
((objectClass=groupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))
timeout = 4
timelimit = 3
net_timeout = 1
compare_check_items = no
}
}
authorize {
preprocess
chap
mschap
suffix
eap
files
ldap
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
Auth-Type LDAP {
ldap
}
eap
}
With the above configuration, no group checks are happening
radiusd -X
.
rad_recv: Access-Request packet from host 127.0.0.1:40092, id=100,
length=59
User-Name = cforbes
User-Password =
NAS-IP-Address = 255.255.255.255
Huntgroup matching with this value for NAS-IP-Address will never work.
NAS-Port = 1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
modcall[authorize]: module chap returns noop for request 0
modcall[authorize]: module mschap returns noop for request 0
rlm_realm: No '@' in User-Name = cforbes, looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module suffix returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module eap returns noop for request 0
modcall[authorize]: module files returns notfound for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cforbes
radius_xlat: '(uid=cforbes)'
radius_xlat: 'ou=Users,dc=kensfoods,dc=com'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap.kensfoods.com:389, authentication 0
rlm_ldap: bind as cn=FreeRADIUS,ou=Daemon,dc=kensfoods,dc=com
to ldap.kensfoods.com:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=Users,dc=kensfoods,dc=com, with filter
(uid=cforbes)
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding acctFlags as SMB-Account-CTRL-TEXT
rlm_ldap: Adding ntPassword as NT-Password
rlm_ldap: Adding lmPassword as LM-Password
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cforbes authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module ldap returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type LDAP
auth: type LDAP
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
rlm_ldap: - authenticate
rlm_ldap: login attempt by cforbes with password
rlm_ldap: user DN: cn=Casey Forbes,ou=Users,dc=kensfoods,dc=com
rlm_ldap: (re)connect to ldap.kensfoods.com:389, authentication 1
rlm_ldap: bind as cn=Casey Forbes,ou=Users,dc=kensfoods,dc=com to
ldap.kensfoods.com:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: user cforbes authenticated succesfully
modcall[authenticate]: module ldap returns ok for request 0
modcall: group Auth-Type returns ok for request 0
Login OK: [cforbes] (from client localhost port 1)
Sending Access-Accept of id 100 to 127.0.0.1:40092
Finished request 0
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Kostas Kalevras Network
Re: Help with LDAP authorization using groupOfNames and huntgroups
On Mon, 29 Mar 2004, Kostas Kalevras wrote: rad_recv: Access-Request packet from host 127.0.0.1:40092, id=100, length=59 User-Name = cforbes User-Password = NAS-IP-Address = 255.255.255.255 Huntgroup matching with this value for NAS-IP-Address will never work. Ugh - I did a radtest and I didn't specify the NAS IP. Dustin's suggestion worked... This was the part that I didn't do right: On Fri, 26 Mar 2004, Dustin Doris wrote: Try setting Fall-Through to no and putting a reject at the bottom of the file. DEFAULT Huntgroup-Name == dialup, Ldap-Group == cn=Dialup,ou=Remote Access,dc=kensfoods,dc=com Fall-Through = no DEFAULT Huntgroup-Name == wireless, Ldap-Group == cn=Wireless,ou=Remote Access,dc=kensfoods,dc=com Fall-Through = no DEFAULT Auth-Type := Reject Thanks guys, Casey - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
linking to rlm_exec under Cygwin
I'm running Cygwin version 1.5.9-1 and freeradius-0.9.3 or freeradius-snapshot-20040326. The reason for the snapshot version is to have all of the eap flavors available. Freeradius configures and makes cleanly but when I run radiusd.exe -X I get the following error: Radiusd.conf[1241] Failed to link to module 'rlm_exec': dlopen: Win32 error 126 Can anyone tell me how to correct the problem? Thanks, Sandy _ Sandra McConathy Corporate Systems Engineer Chantry Networks Direct: 781.547.0070 Mobile: 978.994.6900 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRADIUS with Cisco hardware for VoIP
I'm searching for FreeRADIUS with Cisco hardware for VoIP. Specifically, I'm having trouble with the cisco-av-pair stuff. I read somewhere that Peter Nixon had experience in this, but can't find him. Thanks to help. -- Jérôme Warnier Consultant BeezNest http://beeznest.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: R: MySQL accounting and Cisco-AVPair
Le ven 26/03/2004 à 11:24, Pugnaloni Federico a écrit :
I've found an old patch to cisco_vsa_hack
http://lists.cistron.nl/pipermail/freeradius-devel/2001-August/001181.html
This patch (well, a modified version) has already been applied to the
0.9.2 version in Debian Sarge/Sid. I rebuild FreeRADIUS with latest
PostgreSQL version anyway, and it seems at least to run.
I will let you know, guys.
i don't know C language so i've applied the patch as it was...
it works!!
cisco_vsa_hack change
Cisco-AVPair = ip:source-ip=192.168.0.127
to
ip:source-ip=192.168.0.127
so i've modified sql.conf to store this info on db radacct
and now it's ok
i don't know if the cisco_vsa_hack now is ok but it seems to works fine
-Messaggio originale-
Da: Jérôme Warnier [mailto:[EMAIL PROTECTED]
Inviato: giovedì 25 marzo 2004 19:30
A: '[EMAIL PROTECTED]'
Oggetto: Re: MySQL accounting and Cisco-AVPair
Le lun 22/03/2004 à 11:47, Pugnaloni Federico a écrit :
Hi,
i'm using FreeRADIUS Version 0.9.3on FreeBSD 4.9
i'm using with a Cisco PIX to AAA internet access
it works fine, but i need to store the Cisco-AVPair info in
radacct SQL
table.
As i can see in the detail accounting freeradius store
Cisco-AVPair info
-snip-
Cisco-AVPair = ip:source-ip=192.168.0.127
Cisco-AVPair = ip:source-port=4051
Cisco-AVPair = ip:destination-ip=10.10.10.1
Cisco-AVPair = ip:destination-port=23
-snip
but i cannot store this info on sql
I've tried to modify sql.conf as is:
accounting_stop_query_alt = INSERT into ${acct_table2} (RadAcctId,
AcctSessionId... AcctStopDelay) values('', '%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}',
'%{NAS-IP-Address}', '%{NAS-Port}'... '%{Cisco-AVPair}',
'%{Cisco-AVPair}'..}')
but it returns only the first instance of Cisco-AVPair
(ip:source-ip=192.168.0.127)
how can i store all the values?
Does the following help you?
http://www.freeradius.org/cgi-bin/cvsweb.cgi/~checkout~/radius
d/src/billing/README?rev=1.5content-type=text/plain
--
Federico Pugnaloni
--
Jérôme Warnier
Consultant
BeezNest
http://beeznest.net
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
fast connect support in Free Radius
Hi, I am wondering if FreeRadius EAP_TLS has support for session reuse or does it always have to restart from scratch for reauthentications? Thanks, Htin �
Re: fast connect support in Free Radius {Scanned}
Not sure. I just set it up and let it
run.
- Original Message -
From:
Htin Hlaing
To: [EMAIL PROTECTED]
Sent: Tuesday, March 30, 2004 11:11
AM
Subject: fast connect support in Free
Radius {Scanned}
Hi,
I am wondering if FreeRadius
EAP_TLS has support for session reuse or does it always have to restart from
scratch for reauthentications?
Thanks,
Htin
