Re: squid+freeradius

2004-09-03 Thread Thor Spruyt 
jassim El-mansori wrote:
 hello guys
 i have freeradius running on RH9 and I'm using pGina
 and RADIUS plug-in and they work like a charm
 now i need the user that was successfully
 authenticated brows the Internet
 i believe squid will do and i about to finish
 configuring it
 the question is how i can point them to each other so
 the allowed user can browse the Internet
 do i need to point radius to squid or the opposite I'm
 really confused to implement this..

I don't know what pGina is, but... I see three options:

1) Access to squid is controlled by another system.
2) Squid asks freeradius what do to for the user (I don't know if this is
possible)
3) Freeradius controls access to squid (via an external script which changes
firewall rules or configuration files)

-- 
Regards,

Thor Spruyt
E: [EMAIL PROTECTED]
W: www.thor-spruyt.com
M: +32 (0)475 67 22 65


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: kill user connection

2004-09-03 Thread Edgars 
yes, Session-Timeout is good,but will it work if i'll will add it to the 
data base table in moment the user is already logged in? i think no 
because attributes are given to user only after authentication, isn't it so?
Maybe someone know how to send, for example, session-timeout=1s to user 
during his login? it will be fanastic good, you know:)

Edgars
Simon Bryden wrote:
There is a RADIUS disconnect mechanism which is not standardised as far as I 
know and not too widely supported. In most cases you need to use SNMP or 
other techniques to disconnect sessions. The most standardised way of 
disconnecting sessions is to use Session-Timeout attribute to tell the NAS 
when to terminate the session.

Regards,
Simon.
---
On Thursday 02 September 2004 14:57, Edgars wrote:
 

is there a way to do subj. from the freeradius - i'll use this when some
time is reached.
Edgars
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
   


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: kill user connection

2004-09-03 Thread Simon Bryden 
It depends what you are trying to do. If you want a constant timeout then you 
can add it to the database as a reply attribute. If you need something 
dynamic, such as what you described in your other post, then you can use 
rlm_exec to calculate and return the timeout at authentication time.

Regards,
Simon.
---

On Friday 03 September 2004 08:24, Edgars wrote:
 yes, Session-Timeout is good,but will it work if i'll will add it to the
 data base table in moment the user is already logged in? i think no
 because attributes are given to user only after authentication, isn't it
 so? Maybe someone know how to send, for example, session-timeout=1s to user
 during his login? it will be fanastic good, you know:)

 Edgars

 Simon Bryden wrote:
 There is a RADIUS disconnect mechanism which is not standardised as far
  as I know and not too widely supported. In most cases you need to use
  SNMP or other techniques to disconnect sessions. The most standardised
  way of disconnecting sessions is to use Session-Timeout attribute to tell
  the NAS when to terminate the session.
 
 Regards,
 Simon.
 ---
 
 On Thursday 02 September 2004 14:57, Edgars wrote:
 is there a way to do subj. from the freeradius - i'll use this when some
 time is reached.
 
 Edgars
 
 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html
 
 -
 List info/subscribe/unsubscribe? See
  http://www.freeradius.org/list/users.html

 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Solaris 9 and pam_radius 1.3.16

2004-09-03 Thread Chew, Darren 
Hi All,
I am having trouble compiling pam_radius 1.3.16 on Solaris 9.
[EMAIL PROTECTED] # CC=gcc;export CC
[EMAIL PROTECTED] # make
gcc -Wall -Wshadow -Wstrict-prototypes -Wmissing-prototypes 
-Wnested-externs -Waggregate-return -c pam_radius_auth.c -o 
pam_radius_auth.o
In file included from pam_radius_auth.h:23,
 from pam_radius_auth.c:63:
md5.h:21: error: parse error before u_int32_t
md5.h:21: warning: no semicolon at end of struct or union
md5.h:22: warning: type defaults to `int' in declaration of `bits'
md5.h:22: warning: data definition has no type or storage class
md5.h:24: error: parse error before '}' token
md5.h:29: error: parse error before buf
md5.h:29: warning: function declaration isn't a prototype
pam_radius_auth.c:151: warning: no previous prototype for '_int_free'
pam_radius_auth.c: In function `ipstr2long':
pam_radius_auth.c:179: warning: subscript has type `char'
pam_radius_auth.c: In function `good_ipaddr':
pam_radius_auth.c:215: warning: subscript has type `char'
pam_radius_auth.c: In function `host2server':
pam_radius_auth.c:271: warning: subscript has type `char'
pam_radius_auth.c: In function `get_random_vector':
pam_radius_auth.c:350: error: storage size of 'my_md5' isn't known
pam_radius_auth.c:350: warning: unused variable `my_md5'
pam_radius_auth.c: In function `get_accounting_vector':
pam_radius_auth.c:382: error: storage size of 'my_md5' isn't known
pam_radius_auth.c:382: warning: unused variable `my_md5'
pam_radius_auth.c: In function `verify_packet':
pam_radius_auth.c:400: error: storage size of 'my_md5' isn't known
pam_radius_auth.c:400: warning: unused variable `my_md5'
pam_radius_auth.c: In function `add_password':
pam_radius_auth.c:497: error: storage size of 'md5_secret' isn't known
pam_radius_auth.c:497: error: storage size of 'my_md5' isn't known
pam_radius_auth.c:497: warning: unused variable `md5_secret'
pam_radius_auth.c:497: warning: unused variable `my_md5'
pam_radius_auth.c: In function `rad_converse':
pam_radius_auth.c:1016: warning: passing arg 3 of `pam_get_item' from 
incompatible pointer type
pam_radius_auth.c:1019: warning: passing arg 2 of pointer to function 
from incompatible pointer type
pam_radius_auth.c: In function `pam_sm_authenticate':
pam_radius_auth.c:1071: warning: passing arg 2 of `pam_get_user' from 
incompatible pointer type
pam_radius_auth.c:1099: warning: passing arg 3 of `pam_get_item' from 
incompatible pointer type
pam_radius_auth.c:1113: warning: passing arg 3 of `pam_get_item' from 
incompatible pointer type
pam_radius_auth.c:1146: warning: passing arg 3 of `pam_get_item' from 
incompatible pointer type
pam_radius_auth.c: In function `pam_private_session':
pam_radius_auth.c:1267: warning: passing arg 2 of `pam_get_user' from 
incompatible pointer type
pam_radius_auth.c:1288: warning: passing arg 3 of `pam_get_item' from 
incompatible pointer type
pam_radius_auth.c: In function `pam_sm_chauthtok':
pam_radius_auth.c:1374: warning: passing arg 2 of `pam_get_user' from 
incompatible pointer type
pam_radius_auth.c:1395: warning: passing arg 3 of `pam_get_item' from 
incompatible pointer type
pam_radius_auth.c:1404: warning: passing arg 3 of `pam_get_item' from 
incompatible pointer type
pam_radius_auth.c:1409: warning: passing arg 3 of `pam_get_item' from 
incompatible pointer type
make: *** [pam_radius_auth.o] Error 1

[EMAIL PROTECTED] # uname -a
SunOS testbox1 5.9 Generic_117171-07 sun4u sparc SUNW,UltraAX-i2
[EMAIL PROTECTED] # gcc --version
gcc (GCC) 3.4.1
Any help greatly appreciated.
Darren
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: kill user connection

2004-09-03 Thread Edgars 
i want such a thing - i have one additional field in radcheck table 
which is true/false. So i have one function which starts to work after 
user is authenticated for the first time. And if there is special 
timeout set for him (i.e. for example 1 hour) then starting from this 
moment his username is valid for one hour. So at this stop time i'm 
putting false in that file,but i am checking this file only at 
authentication, so i should somehow send to this user session-timeout=1s 
or some other way stop him for a while to make him authenticate again.

Thanks!
Edgars
Simon Bryden wrote:
It depends what you are trying to do. If you want a constant timeout then you 
can add it to the database as a reply attribute. If you need something 
dynamic, such as what you described in your other post, then you can use 
rlm_exec to calculate and return the timeout at authentication time.

Regards,
Simon.
---
On Friday 03 September 2004 08:24, Edgars wrote:
 

yes, Session-Timeout is good,but will it work if i'll will add it to the
data base table in moment the user is already logged in? i think no
because attributes are given to user only after authentication, isn't it
so? Maybe someone know how to send, for example, session-timeout=1s to user
during his login? it will be fanastic good, you know:)
Edgars
Simon Bryden wrote:
   

There is a RADIUS disconnect mechanism which is not standardised as far
as I know and not too widely supported. In most cases you need to use
SNMP or other techniques to disconnect sessions. The most standardised
way of disconnecting sessions is to use Session-Timeout attribute to tell
the NAS when to terminate the session.
Regards,
Simon.
---
On Thursday 02 September 2004 14:57, Edgars wrote:
 

is there a way to do subj. from the freeradius - i'll use this when some
time is reached.
Edgars
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
   

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
 

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
   


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Seg fault in rlm_ldap on Redhat Enterprise Linux 3 - solved

2004-09-03 Thread Tarun Bhushan 
For those remotely interested in this issue, the problem was actually due to an issue 
in OpenLDAP, as I mentioned some time ago (see below). Redhat now has a released fix 
for this. The bug description is shown at 
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=111492, and the fix at 
http://rhn.redhat.com/errata/RHBA-2004-224.html.

Regards
Tarun

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Tarun
Bhushan
Sent: Tuesday, 17 August 2004 6:08 PM
To: [EMAIL PROTECTED]
Subject: RE: Seg fault in rlm_ldap on Redhat Enterprise Linux 3 -
solved, sort of


I found that the problem is within the OpenLDAP library libldap (line 845 in tls.c 
method-ext_free(alt);) and is the same as OpenLDAP problem 1924 
(http://www.openldap.org/its/index.cgi/Software%20Bugs?id=1924;selectid=1924). This 
was reported and fixed back in 2002, but Redhat did not apply it to the OpenLDAP 
released with RHEL3 nearly a year and a half later! Anyway, by adapting the patch, I 
was able to fix this issue - just in case others have encountered it. In case you are 
interested, also see Redhat Bugzilla bugs 128364 and 111492.

Patch for your reference:
--- openldap-2.0.27/libraries/libldap/tls.c 2004-08-18 22:09:10.0 +1000
+++ openldap-2.0.27/libraries/libldap/tls.c 2004-08-18 22:11:09.0 +1000
@@ -816,7 +816,6 @@
int n, len1, len2;
char *domain;
GENERAL_NAME *gn;
-   X509V3_EXT_METHOD *method;
 
len1 = strlen(name);
n = sk_GENERAL_NAME_num(alt);
@@ -841,8 +840,7 @@
break;
}
}
-   method = X509V3_EXT_get(ex);
-   method-ext_free(alt);
+   GENERAL_NAMES_free(alt);
if (i  n)  /* Found a match */
ret = LDAP_SUCCESS;
}

Regards
Tarun


NOTICE
This e-mail and any attachments are confidential and may contain copyright material of 
Macquarie Bank or third parties. If you are not the intended recipient of this email 
you should not read, print, re-transmit, store or act in reliance on this e-mail or 
any attachments, and should destroy all copies of them. Macquarie Bank does not 
guarantee the integrity of any emails or any attached files. The views or opinions 
expressed are the author's own and may not reflect the views or opinions of Macquarie 
Bank.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: please assist in time limit

2004-09-03 Thread Edgars 
ok, will it work also in sucha case - at 16.59 user is still logged in 
and browsing the internet with full power. Will this you described stop 
his nicely browsing at 17?

this is the second type of  time counter i want to made:)
Edgars
Simon Bryden wrote:
You could use rlm_exec to call a script which would check the time and return 
appropriately. If outside the window it can return 1 which will cause the 
user to be rejected. If within the window you can return zero, and also set 
an appropriate session limit to disconnect the user at the end of the window.

Regards,
Simon.
---
On Thursday 02 September 2004 14:06, Edgars wrote:
 

Hi!
for example, i want some clients to give access to the internet at
certain hours (9-17). How can i do that?
I'm using DB for accounting.
Edgars
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
   


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: CHAP works but not PAP

2004-09-03 Thread Muenz, Michael 
  modcall: group authorize returns ok for request 0
rad_check_password:  Found Auth-Type System
  auth: type System
 
   Please read the FAQ.  CHAP doesn't work with system passwords.

I use MySQL stored users and passwords for authentication.
CHAP works .. PAP not 

modcall[authenticate]: module unix returns notfound for request 0
 
   What is unclear about that message?

Because I only use MySQL ...

- Michael

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_mschap: No User-Password configured. Cannot create LM-Password

2004-09-03 Thread Alexandre Durand 
Hi,

i've a problem similar. But i stored my password in LDAP database in clear
mode. So, i don't understand why it doesn't work too.

Passwords are not crypted !!!

the error is :

rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for example with NT-Password
rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module mschap returns reject for request 6



- Original Message - 

From: Alan DeKok [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, September 02, 2004 9:43 PM
Subject: Re: rlm_mschap: No User-Password configured. Cannot create
LM-Password


 Erik Denny [EMAIL PROTECTED] wrote:
  I can auth PAP requests all day long, however, I get the following error
  when a CHAP term server requests auth.
 
  Thu Sep  2 13:27:40 2004 : Auth: rlm_ldap: Attribute User-Password is
  required for authentication. Cannot use CHAP-Password.
  Thu Sep  2 11:35:47 2004 : Auth: Login incorrect:
[EMAIL PROTECTED]/CHAP-Password]

   You are setting Auth-Type := LDAP.  You are setting Auth-Type :=
 LDAP, even for CHAP requests.  That's the source of the problem.

   This is why the server is configured by default to set Auth-Type :=
 CHAP for CHAP requests: because no other module can do CHAP.  The
 LDAP module sets Auth-Type = LDAP only if it has not already been
 set.

   So if you're getting that error for Access-Requests containing CHAP,
 it's because you've over-ridden the default configuration, and told
 the server to NOT use the CHAP module for CHAP requests.

  This is the result of a test from a term server with an account that has
a
  clear-text password.

   You are confusing passwords in the LDAP database with passwords in
 the Access-Request.  Let's look at a little matrix:

   authentication data in Access-Request

   PAP   CHAP
  passwords
  in LDAPclear Auth-Type := LDAP Auth-Type := CHAP

 crypt Auth-Type := LDAP impossible


   The fact that the account has a clear-text password is IRRELEVANT.
 The Access-Request has a CHAP password, and LDAP doesn't do CHAP.  End
 of story.  Don't force LDAP to handle CHAP requests.

  Now, as far as I can see in the configs and code, we have not removed
  anything that would break it, AND there is no User-Password defined in
  the bundled schema for LDAP v3 in the doc directory.
  (RADIUS-LDAPv3.schema)  There appears to be NO conversion from uid to
  User-Name anywhere that I can see, so how can this work out of the
box?

   If the Access-Request contains a PAP password, then Auth-Type :=
 LDAP will work.

  BTW- I don't see how you can test CHAP auth with anything other than a
  term server- radtest/radclient don't appear to support the option?

 $ cat radtest | sed 's/User-Password/CHAP-Password/'  radchaptest
 $ chmod +x radchaptest

   And then use radchaptest to sent CHAP requests.

 Honestly, if PAP works for a user, then MS-CHAP works, too.  Trust
   me in this.

   The problem is that many people get confused between authorization
 and authentication.  LDAP is a *database*, not an authentication
 server.  Let LDAP store passwords, and let FreeRADIUS do
 authentication.

   The whole problem starts when you configure FreeRADIUS to use LDAP
 for authenticating users.  Don't do that.  Use LDAP to store
 clear-text passwords.  LDAP doesn't do CHAP, MS-CHAP, EAP, or anything
 other than PAP.  So if there isn't a User-Password attribute in the
 Access-Request, packet, then setting Auth-Type := LDAP will ALWAYS
 FAIL.

   i.e. Don't list ldap in authenticate.  Yes, you may discover
 that some things break.  This means you've probably got to set
 Auth-Type := Local, for PAP requests.

   Alan DeKok.

 -
 List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_exec vs Exec-Program-Wait attribute

2004-09-03 Thread Kostas Zorbadelos 
On Thu, Sep 02, 2004 at 02:52:13PM -0400, Alan DeKok wrote:

Dear Alan,
though this setup you propose will work, I agree with Thor's oppinion
on the matter. I believe that it would be a good idea to allow
rlm_exec module return reject messages with attributes in them as
Exec-Program-Wait does. In this case, we can have the good things of
Exec-Program-Wait, plus the extras of rlm_exec. 
For now, I think
that for my needs I will use Exec-Program-Wait as I find it a more
elegant setup (of course I do not expect it to go away in a future
version right?). 
Please let us know your thoughts on the matter.

Thanks 

Kostas

 Kostas Zorbadelos [EMAIL PROTECTED] wrote:
 Autz-Type CLID{
  callerid {
   fail=reject
  }
  }
  
  In this case when the external script returns a non zero exit code or
  fails I get an Access-Reject. However I cannot put any attributes
  inside this reject packet. 
 
   So do the following:
 
Autz-Type CLID {
   callerid {
ok = return
notfound = return
... = return
fail = 1
   }
   another_files
}
 
 
   Make the another_files module a copy of rlm_files, and point it
 to different users files.  It will then be run ONLY when the
 external scrip returns fail, and you can add replay attributes to
 the reject packet there.
 
   Alan DeKok.
 
 
 
 - 
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
 

-- 
  Kostas Zorbadelos
  Systems Developer, Otenet SA 
  mailto: [EMAIL PROTECTED]
  
  Out there in the darkness, out there in the night
  out there in the starlight, one soul burns brighter
  than a thousand suns.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: please assist in time limit

2004-09-03 Thread Keith Yoder 
Edgars escreveu:
ok, will it work also in sucha case - at 16.59 user is still logged in 
and browsing the internet with full power. Will this you described 
stop his nicely browsing at 17?

this is the second type of  time counter i want to made:)
There is a much easier solution:  The Login-Time attribute.  You can set 
a record in your db like this:  Login-Time := Al0900-1700 and your 
user will be authenticated from 9:00 - 17:00 and as long as your nas 
supports the Session-Timeout attribute (almost all should) he will be 
disconnected at 17:00.

Hope that helps,
Keith Yoder
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Problem with Radius-TLS

2004-09-03 Thread sureshbabu 
Dear Team,
I was working with EAP-TLS configuration of radius server for proxim 
AccessPoint.
I followed the steps as told in HOWTO by Raymond McKay, When I 
configured my  Win Xp client , it is not getting connected to the Access 
Point. It keeps on trying to contact , but failed. Also , though I have 
already imported and added the certificate to the wireless network 
properties , message saying select a certificate  is comming , But on 
clicking the icon its points, only the network properties dialog is 
opened.  See below the debug message in radius server when the xp client 
tried to connect it. Can anyone tell me what the problem was and how to 
solve it.

*
Going to the next request
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 192.168.111.248:6001, id=254, 
length=163
   User-Name = whatever1
   NAS-IP-Address = 192.168.111.248
   Called-Station-Id = 00-20-a6-52-bc-96
   Calling-Station-Id = 00-0d-54-98-e0-db
   NAS-Identifier = proxim2000
   State = 
0xc7df77b3bebde4560ea3d9dc33b8b0cef745384187c9f253275394a98ea48348839fbb21
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   EAP-Message = 0x02060315
   Message-Authenticator = 0xc9f455e5c1d3efec1b1ea8ae9a15022e
modcall: entering group authorize for request 1022
 modcall[authorize]: module preprocess returns ok for request 1022
 rlm_eap: EAP packet type notification id 0 length 6
 rlm_eap: EAP Start not found
 modcall[authorize]: module eap returns updated for request 1022
   rlm_realm: No '@' in User-Name = whatever1, looking up realm NULL
   rlm_realm: No such realm NULL
 modcall[authorize]: module suffix returns noop for request 1022
   users: Matched whatever1 at 91
 modcall[authorize]: module files returns ok for request 1022
modcall: group authorize returns updated for request 1022
 rad_check_password:  Found Auth-Type EAP
auth: type EAP
modcall: entering group authenticate for request 1022
 rlm_eap: EAP packet type notification id 0 length 6
 rlm_eap: EAP Start not found
 rlm_eap: Request found, released from the list
 rlm_eap: EAP NAK
 rlm_eap: Unknown EAP type 21, reverting to default_eap_type
 rlm_eap: processing type tls
 rlm_eap_tls: Initiate
 rlm_eap_tls: Start returned 1
 modcall[authenticate]: module eap returns ok for request 1022
modcall: group authenticate returns ok for request 1022
Sending Access-Challenge of id 254 to 192.168.111.248:6001
   EAP-Message = 0x010100060d20
   Message-Authenticator = 0x
   State = 
0xe99abe272deb068f6ffc1af1cf00eaa5f74538410d43b5fca7b822c8e53ef78193558777
Finished request 1022


**
--
Regards,
S.Suresh Babu
' You must be the change you wish to see in the world.'
-M.K.Gandhi.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: please assist in time limit

2004-09-03 Thread Edgars 
Keith,
thak you so much!i didn't know anything about such an attribute.
But in the log file i'm getting unknown attribute Lgin-Time...
Should i manuaaly ad it to dictionary file?like this
ATTRIBUTE *Login-Time* 1042 string
Edgars
Keith Yoder wrote:
Edgars escreveu:
ok, will it work also in sucha case - at 16.59 user is still logged 
in and browsing the internet with full power. Will this you described 
stop his nicely browsing at 17?

this is the second type of  time counter i want to made:)
There is a much easier solution:  The Login-Time attribute.  You can 
set a record in your db like this:  Login-Time := Al0900-1700 and 
your user will be authenticated from 9:00 - 17:00 and as long as your 
nas supports the Session-Timeout attribute (almost all should) he will 
be disconnected at 17:00.

Hope that helps,
Keith Yoder
- List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius 1.0.0 Solaris compile issues [Partially SOLVED]

2004-09-03 Thread Kostas Zorbadelos 
On Thu, Aug 26, 2004 at 05:19:06PM +0300, Kostas Zorbadelos wrote:

Hello to everyone.
I had sent 2 compile issues of freeradius-1.0.0 on Solaris 2.8, gcc
2.95.3

 I can see that ltdl.h is not in the include path passed to gcc but in
 ./libltdl/ltdl.h. The problem is solved if we use the
 --with-ltdl-include in the configure line 


This one was my problem. I had used 
$./configure --prefix=~/freeradius-1.0.0/BUILD

in configure. The problem does not exist if I use a full path in
--prefix and not the '~' shortcut of bash.

However, the error regarding rlm_x99_token exists.
 
 
 Making static dynamic in rlm_x99_token...
 make[6]: Entering directory 
 `/space/radius/freeradius-1.0.0/src/modules/rlm_x99_token'
 gcc  -fcse-skip-blocks -fexpensive-optimizations -finline-functions 
 -fomit-frame-pointer -O3 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 
 -Wall -D_GNU_SOURCE -DNDEBUG  -I../../include -DX99_MODULE_NAME=\rlm_x99_token\  
 -DFREERADIUS -c x99_rlm.c -o x99_rlm.o
 In file included from x99_rlm.c:54:
 x99.h:26: openssl/des.h: No such file or directory
 
 I do not have openssl in the system. Shouldn't autoconf diagnose this
 and disable rlm_x99_token as it did in several eap modules?
 I solved it using  --without-rlm_x99_token in the configure line.
 

-- 
  Kostas Zorbadelos
  Systems Developer, Otenet SA 
  mailto: [EMAIL PROTECTED]
  
  Out there in the darkness, out there in the night
  out there in the starlight, one soul burns brighter
  than a thousand suns.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: please assist in time limit

2004-09-03 Thread Thor Spruyt 
Edgars wrote:
 ok, will it work also in sucha case - at 16.59 user is still logged in
 and browsing the internet with full power. Will this you described
 stop
 his nicely browsing at 17?

If it is now 16:59 and you want to disconnect to user at 17:00, then send
Session-Timeout = 1

-- 
Regards,

Thor Spruyt
E: [EMAIL PROTECTED]
W: www.thor-spruyt.com
M: +32 (0)475 67 22 65


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: please assist in time limit

2004-09-03 Thread Edgars 
if i could:/
maybe you know how to do that? i mean in the time when user is already 
logged in.

Edgars
Thor Spruyt wrote:
Edgars wrote:
 

ok, will it work also in sucha case - at 16.59 user is still logged in
and browsing the internet with full power. Will this you described
stop
his nicely browsing at 17?
   

If it is now 16:59 and you want to disconnect to user at 17:00, then send
Session-Timeout = 1
 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

exec module

2004-09-03 Thread Edgars 
can somone explain how rlm_exec module works?
i'm interested in how to run *.php program before user authentication, 
is this module capable of doing that?
How and in what form to pass the necessary attributes to the PHP program 
and what should be returned?

Your help will be greatly appreciated!
Edgars
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: kill user connection

2004-09-03 Thread Troy Davis 
http://freshmeat.net/projects/radkill/

Regards Troy
Comstech Systems
Ph: 1300 550 664
www.comstech.com
- Original Message - 
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, September 03, 2004 10:12 AM
Subject: Re: kill user connection


 Could you explain how to use snmp to disconnect a session, I been told you
need to
 use snmpwalk and do some configs on NAS to autentificate, also a  problem
is
 knowing what is the channel, ofcourse obtaining it by radius to send to
the NAS a line
 clear.

 I had tried to find a snmp scripts to do that specific function, without
luck, I
 understand I  need to understand better how snmp works, but taking a look
on a
 piece of code will help a lot.

 Armando Leal.



 On 3 Sep 2004 at 0:19, Simon Bryden wrote:

  There is a RADIUS disconnect mechanism which is not standardised as
far as I
  know and not too widely supported. In most cases you need to use SNMP or
  other techniques to disconnect sessions. The most standardised way of
  disconnecting sessions is to use Session-Timeout attribute to tell the
NAS
  when to terminate the session.
 
  Regards,
  Simon.
  ---
 
  On Thursday 02 September 2004 14:57, Edgars wrote:
   is there a way to do subj. from the freeradius - i'll use this when
some
   time is reached.
  
   Edgars
  
   -
   List info/subscribe/unsubscribe? See
   http://www.freeradius.org/list/users.html
 
 
  -
  List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html



 -
 List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Oracle bug report

2004-09-03 Thread Kostas Zorbadelos 
OK, it seems bugs.freeradius.org is experiencing problems.
I submit the bug here with the corresponding debugging outputs. When
the problems are restored, I will submit it in bugs also...

Short Description:
Freeradius crashes upon oracle errors in accounting queries

Way to reproduce:
Run radiusd -X and from a shell

for ((i=0;$i30; i=$i+1)); do radclient -d ~/freeradius/BUILD/etc/raddb/ -f testacct 
localhost acct testing123; sleep 2; done

testacct file:
User-Name = kzorbatest
Acct-Session-Id = 123456789009876543211234567890ABCDEFGHI
NAS-IP-Address = 62.103.3.155
Acct-Status-Type = Start

(very big Acct-Session-Id will cause oracle error (ORA-01401: inserted
value too large for column)


Environment:
Solaris 8, gcc 2.95.3, Oracle 8.1.7

Attached are the outputs of 
gdb executable core with the bt and also output of truss

Kostas
 
-- 
  Kostas Zorbadelos
  Systems Developer, Otenet SA 
  mailto: [EMAIL PROTECTED]
  
  Out there in the darkness, out there in the night
  out there in the starlight, one soul burns brighter
  than a thousand suns.

[EMAIL PROTECTED]:~-gdb /space/radius/freeradius/BUILD/sbin/radiusd ./core 
GNU gdb 6.0
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type show copying to see the conditions.
There is absolutely no warranty for GDB.  Type show warranty for details.
This GDB was configured as sparc-sun-solaris2.8...(no debugging symbols found)...
Core was generated by `radiusd -X'.
Program terminated with signal 10, Bus error.
Reading symbols from /usr/lib/libcrypt_i.so.1...(no debugging symbols found)...
done.
Loaded symbols for /usr/lib/libcrypt_i.so.1
Reading symbols from /space/radius/freeradius/BUILD/lib/libradius-1.0.0.so...done.
Loaded symbols for /space/radius/freeradius/BUILD/lib/libradius-1.0.0.so
Reading symbols from /space/radius/freeradius/BUILD/lib/libltdl.so.3...done.
Loaded symbols for /space/radius/freeradius/BUILD/lib/libltdl.so.3
Reading symbols from /usr/lib/libdl.so.1...done.
Loaded symbols for /usr/lib/libdl.so.1
Reading symbols from /usr/lib/libnsl.so.1...done.
Loaded symbols for /usr/lib/libnsl.so.1
Reading symbols from /usr/lib/libresolv.so.2...done.
Loaded symbols for /usr/lib/libresolv.so.2
Reading symbols from /usr/lib/libsocket.so.1...done.
Loaded symbols for /usr/lib/libsocket.so.1
Reading symbols from /usr/lib/librt.so.1...done.
Loaded symbols for /usr/lib/librt.so.1
Reading symbols from /usr/lib/libpthread.so.1...done.
Loaded symbols for /usr/lib/libpthread.so.1
Reading symbols from /usr/lib/libc.so.1...done.
Loaded symbols for /usr/lib/libc.so.1
Reading symbols from /usr/lib/libgen.so.1...done.
Loaded symbols for /usr/lib/libgen.so.1
Reading symbols from /usr/lib/libmp.so.2...done.
Loaded symbols for /usr/lib/libmp.so.2
Reading symbols from /usr/lib/libaio.so.1...done.
Loaded symbols for /usr/lib/libaio.so.1
Reading symbols from /usr/platform/SUNW,Sun-Fire-480R/lib/libc_psr.so.1...done.
Loaded symbols for /usr/platform/SUNW,Sun-Fire-480R/lib/libc_psr.so.1
Reading symbols from /usr/lib/libthread.so.1...done.
Loaded symbols for /usr/lib/libthread.so.1
Reading symbols from /usr/lib/nss_files.so.1...done.
Loaded symbols for /usr/lib/nss_files.so.1
Reading symbols from /space/radius/freeradius-1.0.0/BUILD/lib/rlm_exec-1.0.0.so...
done.
Loaded symbols for /space/radius/freeradius-1.0.0/BUILD/lib/rlm_exec-1.0.0.so
Reading symbols from /space/radius/freeradius-1.0.0/BUILD/lib/rlm_expr-1.0.0.so...
done.
Loaded symbols for /space/radius/freeradius-1.0.0/BUILD/lib/rlm_expr-1.0.0.so
Reading symbols from /space/radius/freeradius-1.0.0/BUILD/lib/rlm_pap-1.0.0.so...
done.
Loaded symbols for /space/radius/freeradius-1.0.0/BUILD/lib/rlm_pap-1.0.0.so
Reading symbols from /space/radius/freeradius-1.0.0/BUILD/lib/rlm_chap-1.0.0.so...
done.
Loaded symbols for /space/radius/freeradius-1.0.0/BUILD/lib/rlm_chap-1.0.0.so
Reading symbols from 
/space/radius/freeradius-1.0.0/BUILD/lib/rlm_mschap-1.0.0.so...done.
Loaded symbols for /space/radius/freeradius-1.0.0/BUILD/lib/rlm_mschap-1.0.0.so
Reading symbols from /space/radius/freeradius-1.0.0/BUILD/lib/rlm_unix-1.0.0.so...
done.
Loaded symbols for /space/radius/freeradius-1.0.0/BUILD/lib/rlm_unix-1.0.0.so
Reading symbols from /space/radius/freeradius-1.0.0/BUILD/lib/rlm_eap-1.0.0.so...
done.
Loaded symbols for /space/radius/freeradius-1.0.0/BUILD/lib/rlm_eap-1.0.0.so
Reading symbols from 
/space/radius/freeradius-1.0.0/BUILD/lib/rlm_eap_md5-1.0.0.so...done.
Loaded symbols for /space/radius/freeradius-1.0.0/BUILD/lib/rlm_eap_md5-1.0.0.so
Reading symbols from 
/space/radius/freeradius-1.0.0/BUILD/lib/rlm_eap_leap-1.0.0.so...done.
Loaded symbols for /space/radius/freeradius-1.0.0/BUILD/lib/rlm_eap_leap-1.0.0.so
Reading symbols from 
/space/radius/freeradius-1.0.0/BUILD/lib/rlm_eap_gtc-1.0.0.so...done.
Loaded symbols for

Re: Oracle bug report

2004-09-03 Thread Dave Weis 
On Fri, 3 Sep 2004, Kostas Zorbadelos wrote:
OK, it seems bugs.freeradius.org is experiencing problems.
I submit the bug here with the corresponding debugging outputs. When
the problems are restored, I will submit it in bugs also...
Short Description:
Freeradius crashes upon oracle errors in accounting queries
Way to reproduce:
Run radiusd -X and from a shell
for ((i=0;$i30; i=$i+1)); do radclient -d ~/freeradius/BUILD/etc/raddb/ -f testacct 
localhost acct testing123; sleep 2; done
testacct file:
User-Name = kzorbatest
Acct-Session-Id = 123456789009876543211234567890ABCDEFGHI
NAS-IP-Address = 62.103.3.155
Acct-Status-Type = Start
(very big Acct-Session-Id will cause oracle error (ORA-01401: inserted
value too large for column)
That is because the session ID column is declared as a 32 character 
varchar. You are putting 39 characters into it. If the spec defines a 
maximum length of 32 characters, then you have too long of a session ID, 
or the column isn't large enough.

dave
--
Dave Weis
[EMAIL PROTECTED]
http://www.internetsolver.com/
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: squid+freeradius

2004-09-03 Thread Dustin Doris 
Below should help.  If you have more specific questions about squid, I
would check their documentation as they explain it pretty well on how to
do external authentication.

Here is a brief overview on how you can setup squid to use radius
authentication.

In squid.conf under the auth_param section, add something to point to your
external radius authentication module.  You should search the web for one
that does radius, I found one that is a perl script that works well.
http://www.devet.org/squid/proxy_auth/contrib/auth.pl

example config:
auth_param basic program /usr/local/bin/rad_auth.pl

Then in your ACL configuration, you put a line to tell it to require
authentication
acl password proxy_auth REQUIRED

Then you add that ACL to your http_access statement
http_access allow password

Now your squid proxy should prompt users for authentication which will
then be sent over to radius.

You then configure radius to authenticate the users.  Make sure you add
the IP of your proxy server and the secret you define in the perl script
to the clients.conf file.

Hope that helps

Dusty Doris


On Thu, 2 Sep 2004, jassim El-mansori wrote:

 hello guys
 i have freeradius running on RH9 and I'm using pGina
 and RADIUS plug-in and they work like a charm
 now i need the user that was successfully
 authenticated brows the Internet
 i believe squid will do and i about to finish
 configuring it
 the question is how i can point them to each other so
 the allowed user can browse the Internet
 do i need to point radius to squid or the opposite I'm
 really confused to implement this..
 any help is appreciated
 thank u
 jasem



 ___
 Do you Yahoo!?
 Win 1 of 4,000 free domain names from Yahoo! Enter now.
 http://promotions.yahoo.com/goldrush

 -
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Is there some kind of trick to make Cisco LEAP work???

2004-09-03 Thread Coates Carter 
Richard,
Thanks for that input, it sounds very straightforward to me.  I'll try  
your patches on Tuesday (Monday is a holiday here).  Have you brought  
this up with Cisco?  If not, I will open a case next week.  I'd like to  
know whether Cisco's leap/eap developers intended for the ID to not  
increment-- or whether they've made a mistake against their own  
standard.

I'd like to use the same freeradius server for WLSE/APs as for other  
non-LEAP clients, such as TLS/PEAP.  Since your patch to rlm_eap.c  
should only kick in when  reply-type.type == PW_EAP_LEAP, there should  
be no problem, wouldn't you say?

Thanks again,
Coates Carter
University of Richmond
On Sep 1, 2004, at 6:04 AM, Richard Timsit wrote:
James,
We have gotten LEAP to work with Cisco access points.  My last posting
on the subject might help if you haven't gotten there yet...

However, we have not been able to get LEAP for Cisco's WDS worked out.
All of the access points in the group authenticate successfully, but
the WLSE does not.
Yes, WLSE is not running exatly like an access point :-((
Comparing the answer of Cisco server radius ACS who authenticate
WLSE and access points, with freeradius, we can see that ACS don't
increment the EAP ID as said in doc/rfc/leap.txt :
-
 4. RS-AP: Access-Challenge/EAP Success (with EAP id++)
   + State (may be different than the satate send in 2)
-
So with this first patch in  
freeradius-1.0.0/src/modules/rlm_eap/types/rlm_eap_
leap :
 
---
--
--- rlm_eap_leap.c.FCS	2004-08-16 18:29:23.0 +0200
+++ rlm_eap_leap.c	2004-08-16 18:34:25.0 +0200
@@ -147,7 +147,10 @@
 		/*
 		 *	Do this only for Success.
 		 */
-		handler-eap_ds-request-id = handler-eap_ds-response-id + 1;
+		 	 /* RT   Oops WLSE don't like CISCO LEAP standard
+		handler-eap_ds-request-id = handler-eap_ds-response-id + 1; */
+
+		handler-eap_ds-request-id = handler-eap_ds-response-id ;
 		handler-eap_ds-set_request_id = 1;

 		/*
 
---


The WLSE accept the response of freeradius and send an  
Access-Request/EAP
Request/LEAP

But in stage 6 the WLSE does not accept the SUCCESS response of RS if  
the
normal id++
so i made a second patch  of eap.c in  
freeradius-1.0.0/src/modules/rlm_eap :
 
---

--- eap.c.FCS	2004-08-16 18:25:05.0 +0200
+++ eap.c	2004-08-16 18:28:47.0 +0200
@@ -393,6 +393,16 @@

 	hdr-code = (reply-code  0xFF);
 	hdr-id = (reply-id  0xFF);
+	
+	/* RT  Oops WLSE don't like CISCO LEAP Standard ... so we make as ACS  
do
 */
+	if((reply-code == PW_EAP_RESPONSE) 
+   (reply-type.type == PW_EAP_LEAP) 
+	   (reply-type.length == 30)) { hdr-id -= 1 ;}
+
+DEBUG2(  rlm_eap: RT Modif EAP-Type = %d EAP-LENGTH = %d,
+		   reply-type.type,reply-type.length);
+/* END MODIF RT */
+			
 	total_length = htons(total_length);
 	memcpy(hdr-length, total_length, sizeof(uint16_t));

 
---


Since i have freeradius working with thousands of users with many  
protocols,
i made a rogue_radius with this 2 bad patchs listening on port 1645  
only for
Cisco WDS !!!


   +--+
   | ???  |
   |{O-O}  Richard Timsit |
   |  ^_   SIC STI|
   |/ T \_ EPFL Lausanne  |
   |   '` I   1015 Ecublens,SUISSE   |
   |  M(021) 693 22 35|
   | | |   [EMAIL PROTECTED] |
   | I I  |
   +--+

-
List info/subscribe/unsubscribe? See  
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Oracle bug report

2004-09-03 Thread Kostas Zorbadelos 
On Fri, Sep 03, 2004 at 08:54:42AM -0500, Dave Weis wrote:
 
 On Fri, 3 Sep 2004, Kostas Zorbadelos wrote:
 OK, it seems bugs.freeradius.org is experiencing problems.
 I submit the bug here with the corresponding debugging outputs. When
 the problems are restored, I will submit it in bugs also...
 Short Description:
 Freeradius crashes upon oracle errors in accounting queries
 Way to reproduce:
 Run radiusd -X and from a shell
 for ((i=0;$i30; i=$i+1)); do radclient -d ~/freeradius/BUILD/etc/raddb/ 
 -f testacct localhost acct testing123; sleep 2; done
 testacct file:
 User-Name = kzorbatest
 Acct-Session-Id = 123456789009876543211234567890ABCDEFGHI
 NAS-IP-Address = 62.103.3.155
 Acct-Status-Type = Start
 (very big Acct-Session-Id will cause oracle error (ORA-01401: inserted
 value too large for column)
 
 That is because the session ID column is declared as a 32 character 
 varchar. You are putting 39 characters into it. If the spec defines a 
 maximum length of 32 characters, then you have too long of a session ID, 
 or the column isn't large enough.
 
 dave


Yes, I know. I caused the oracle error on purpose to cause the crash.

Kostas
 
 -- 
 Dave Weis
 [EMAIL PROTECTED]
 http://www.internetsolver.com/
 
 
 - 
 List info/subscribe/unsubscribe? See 
 http://www.freeradius.org/list/users.html
 

-- 
  Kostas Zorbadelos
  Systems Developer, Otenet SA 
  mailto: [EMAIL PROTECTED]
  
  Out there in the darkness, out there in the night
  out there in the starlight, one soul burns brighter
  than a thousand suns.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: kill user connection

2004-09-03 Thread armando 
On 3 Sep 2004 at 22:36, Troy Davis wrote:

 http://freshmeat.net/projects/radkill/
 
 Regards Troy
 Comstech Systems
 Ph: 1300 550 664
 www.comstech.com

This proggy is a simple Telnet, disconnect user and exit.. using expect, getting the 
actual online users from radwho.

* its not a snmp connection.. that might be faster and a better option.. 

But even tho is an option, tnx for your advise.

Armando Leal

 - Original Message -
 From: [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Friday, September 03, 2004 10:12 AM
 Subject: Re: kill user connection
 
 
  Could you explain how to use snmp to disconnect a session, I been told you
 need to
  use snmpwalk and do some configs on NAS to autentificate, also a  problem
 is
  knowing what is the channel, ofcourse obtaining it by radius to send to
 the NAS a line
  clear.
 
  I had tried to find a snmp scripts to do that specific function, without
 luck, I
  understand I  need to understand better how snmp works, but taking a look
 on a
  piece of code will help a lot.
 
  Armando Leal.
 
 
 
  On 3 Sep 2004 at 0:19, Simon Bryden wrote:
 
   There is a RADIUS disconnect mechanism which is not standardised as
 far as I
   know and not too widely supported. In most cases you need to use SNMP or
   other techniques to disconnect sessions. The most standardised way of
   disconnecting sessions is to use Session-Timeout attribute to tell the
 NAS
   when to terminate the session.
  
   Regards,
   Simon.
   ---
  
   On Thursday 02 September 2004 14:57, Edgars wrote:
is there a way to do subj. from the freeradius - i'll use this when
 some
time is reached.
   
Edgars
   
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
  
  
   -
   List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html
 
 
 
  -
  List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html
 
 
 
 -
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Ldap and Ldap-Group

2004-09-03 Thread Lew A 
Hello,

freeradius-0.9.3_1
openldap-2.2.6
freebsd-4.9-p11

For some reason this isn't working. I could have sworn I got it working
before doing this. But this is my setup:

radius.conf:
ldap dialup {
server = localhost
identity = cn=Manager,dc=gwi,dc=net
password = 
basedn = ou=Users,o=gwi.net,dc=gwi,dc=net
filter = (uid=%{Stripped-User-Name:-%{User-Name}})
start_tls = no
tls_mode = no
dictionary_mapping = ${raddbdir}/ldap-dialup.attrmap
ldap_connections_number = 5
groupname_attribute = gidNumber
groupmembership_filter = (uid=%{Stripped-User-Name:-%{User-Name}})
timeout = 4
timelimit = 3
net_timeout = 1
compare_check_items = no
}

users:
# Setup Auth Attributes
DEFAULT Auth-Type = LDAP, Autz-Type = LDAP
Fall-Through = Yes

#Regular POP connection, then check for Static IP/Subnet POP connections
DEFAULT Huntgroup-Name == dialup, Autz-Type := DIALUP
Fall-Through = Yes

#Reject mbox accounts
DEFAULT Ldap-Group == 27
Idle-Timeout = 1,
Filter-Id = denied

It hits the first default, hits the second default, but doesn't hit the
third default. I've read that groupname_attribute should = cn, but we'd
really like to just use gidNumber (that's the group their in). Here is a
log of a user connecting (that should be getting the denied filter-id).
For some reason it's completely ignoring my groupname_attribute and
groupmembership_filter settings, and just using the defaults.

rad_recv: Access-Request packet from host 127.0.0.1:4272, id=221,
length=61
User-Name = celtadmin
User-Password = ***
NAS-IP-Address = 207.5.128.1
NAS-Port = 2
modcall: entering group authorize for request 68
  modcall[authorize]: module preprocess returns ok for request 68
rlm_realm: No '@' in User-Name = celtadmin, looking up realm NULL
rlm_realm: Found realm NULL
rlm_realm: Adding Stripped-User-Name = celtadmin
rlm_realm: Proxying request from user celtadmin to realm NULL
rlm_realm: Adding Realm = NULL
rlm_realm: Authentication realm is LOCAL.
  modcall[authorize]: module suffix returns noop for request 68
users: Matched DEFAULT at 49
  huntgroups: Matched dialup at 47
users: Matched DEFAULT at 57
rlm_ldap: Entering ldap_groupcmp()
radius_xlat:  'ou=Users,o=gwi.net,dc=gwi,dc=net'
radius_xlat:  '(uid=celtadmin)'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=Users,o=gwi.net,dc=gwi,dc=net, with
filter (uid=celtadmin)
ldap_release_conn: Release Id: 0
radius_xlat:
'(|((objectClass=GroupOfNames)(member=uid=celtadmin,ou=Users,o=gwi.net,dc=gwi,dc=net))((objectClass=GroupOfUniqueNames)(uniquemember=uid=celtadmin,ou=Users,o=gwi.net,dc=gwi,dc=net)))'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=Users,o=gwi.net,dc=gwi,dc=net, with
filter
((cn=25)(|((objectClass=GroupOfNames)(member=uid=celtadmin,ou=Users,o=gwi.net,dc=gwi,dc=net))((objectClass=GroupOfUniqueNames)(uniquemember=uid=celtadmin,ou=Users,o=gwi.net,dc=gwi,dc=net
rlm_ldap: object not found or got ambiguous search result
ldap_release_conn: Release Id: 0
rlm_ldap::ldap_groupcmp: Group 25 not found or user is not a member.
rlm_ldap: Entering ldap_groupcmp()
radius_xlat:  'ou=Users,o=gwi.net,dc=gwi,dc=net'
radius_xlat:
'(|((objectClass=GroupOfNames)(member=uid=celtadmin,ou=Users,o=gwi.net,dc=gwi,dc=net))((objectClass=GroupOfUniqueNames)(uniquemember=uid=celtadmin,ou=Users,o=gwi.net,dc=gwi,dc=net)))'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=Users,o=gwi.net,dc=gwi,dc=net, with
filter
((cn=26)(|((objectClass=GroupOfNames)(member=uid=celtadmin,ou=Users,o=gwi.net,dc=gwi,dc=net))((objectClass=GroupOfUniqueNames)(uniquemember=uid=celtadmin,ou=Users,o=gwi.net,dc=gwi,dc=net
rlm_ldap: object not found or got ambiguous search result
ldap_release_conn: Release Id: 0
rlm_ldap::ldap_groupcmp: Group 26 not found or user is not a member.
rlm_ldap: Entering ldap_groupcmp()
radius_xlat:  'ou=Users,o=gwi.net,dc=gwi,dc=net'
radius_xlat:
'(|((objectClass=GroupOfNames)(member=uid=celtadmin,ou=Users,o=gwi.net,dc=gwi,dc=net))((objectClass=GroupOfUniqueNames)(uniquemember=uid=celtadmin,ou=Users,o=gwi.net,dc=gwi,dc=net)))'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=Users,o=gwi.net,dc=gwi,dc=net, with
filter
((cn=27)(|((objectClass=GroupOfNames)(member=uid=celtadmin,ou=Users,o=gwi.net,dc=gwi,dc=net))((objectClass=GroupOfUniqueNames)(uniquemember=uid=celtadmin,ou=Users,o=gwi.net,dc=gwi,dc=net
rlm_ldap: object not found or got ambiguous search result
ldap_release_conn: Release Id: 0
rlm_ldap::ldap_groupcmp: Group 27 not found or user is not a member.
rlm_ldap: Entering ldap_groupcmp()
radius_xlat:  'ou=Users,o=gwi.net,dc=gwi,dc=net'
radius_xlat:

Re: CHAP works but not PAP

2004-09-03 Thread kevin J 
Hi Muenz,
I think your DEFAULT profile has a wrong link.
Why don't you try to set DEFAULT with Auth-Type = PAP and check how it 
works for both CHAP and PAP?

Kevin
Muenz, Michael wrote:
modcall: group authorize returns ok for request 0
 rad_check_password:  Found Auth-Type System
auth: type System
 

 Please read the FAQ.  CHAP doesn't work with system passwords.
   

I use MySQL stored users and passwords for authentication.
CHAP works .. PAP not 

 

 modcall[authenticate]: module unix returns notfound for request 0
 

 What is unclear about that message?
   

Because I only use MySQL ...
- Michael
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_exec vs Exec-Program-Wait attribute

2004-09-03 Thread Alan DeKok 
Thor Spruyt [EMAIL PROTECTED] wrote:
 I hope the rlm_exec module is going to be changed to enable outputting
 Reject attributes! If you have to run 2 scripts each time, what's the whole
 point of making the module?

  The module can be updated, once patches are supplied.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: CHAP works but not PAP

2004-09-03 Thread Alan DeKok 
Muenz, Michael [EMAIL PROTECTED] wrote:
Please read the FAQ.  CHAP doesn't work with system passwords.
 
 I use MySQL stored users and passwords for authentication.
 CHAP works .. PAP not 

  You are contradicting the debug log you posted to the list.

What is unclear about that message?
 
 Because I only use MySQL ...

  You are contradicting the debug log you posted to the list.

  Whatever you think the server is doing is very different than what
you told the server to do.  The debug logs shows what you told the
server to do.

  Alan DeKok.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_mschap: No User-Password configured. Cannot create LM-Password

2004-09-03 Thread Alan DeKok 
Alexandre Durand [EMAIL PROTECTED] wrote:
 i've a problem similar. But i stored my password in LDAP database in clear
 mode. So, i don't understand why it doesn't work too.
 
 Passwords are not crypted !!!

  shrug  Then the server isn't obtaining the passwords from LDAP.

  Read the debug log to see what it's doing.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Does proxy.xonf support include files?

2004-09-03 Thread Alan DeKok 
David [EMAIL PROTECTED] wrote:
 Is $INCLUDE supported in proxy.conf ?

  Yes.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Orinoco AP2000 - Logout Entry Has Wrong ID?

2004-09-03 Thread Alan DeKok 
Brian Sumpter [EMAIL PROTECTED] wrote:
 I'm getting these errors in the logs from a few of the AP units:
  
 Error: rlm_radutmp: Logout entry for NAS Reaves Hill 2.4 port 2 has
 wrong ID

  That's saying that the user logged in with one Acct-Session-Id, and
is logging out with another.

  The most common reason is that the server missed an accounting stop
packet.

 When this happens, the server no longer shows anyone on that particular
 AP as being logged on, although they are according to the AP themselves.

  That's weird.

 I do have a couple of AP units that are not exhibiting this behavior,
 and I've found the common denominator.  The AP units that appear to work
 properly only have one user per AP - I never have the accounting errors
 from those AP's and session times are working as expected.  But if I
 connect another client to them, sure enough I get the error and
 accounting stats go down the tubes again.

  Then it sounds like a bug in the AP's.

  Try watching the detail file, to see what's in the accounting
start/stop packets.  That's the only way of knowing what's really happening.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

PEAP segmentation fault

2004-09-03 Thread Baig 
Hi All,
I am running Freeradius 1.0.0 and I can autheticate a client fine with LEAP
but with PEAP I get the following segmentation fault.

Any help is greatly appreciated.

rad_recv: Access-Request packet from host 172.30.2.7:21649, id=101,
length=117
User-Name = baig
Framed-MTU = 1400
Called-Station-Id = 0002.8aa3.02d8
Calling-Station-Id = 000c.412d.01bd
Service-Type = Login-User
Message-Authenticator = 0x854872664931c4fe56aae3c58b93f6b4
EAP-Message = 0x020100090162616967
NAS-Port-Type = Wireless-802.11
NAS-Port = 1226
NAS-IP-Address = 172.30.2.7
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module preprocess returns ok for request 0
  modcall[authorize]: module chap returns noop for request 0
  modcall[authorize]: module mschap returns noop for request 0
rlm_realm: No '@' in User-Name = baig, looking up realm NULL
rlm_realm: No such realm NULL
  modcall[authorize]: module suffix returns noop for request 0
  rlm_eap: EAP packet type response id 1 length 9
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module eap returns updated for request 0
users: Matched baig at 96
radius_xlat:  'Hello, baig'
  modcall[authorize]: module files returns ok for request 0
modcall: group authorize returns updated for request 0
  rad_check_password:  Found Auth-Type EAP
auth: type EAP
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  rlm_eap: EAP Identity
  rlm_eap: processing type leap
  rlm_eap_leap: Stage 2
  rlm_eap_leap: Issuing AP Challenge
  rlm_eap_leap: Successfully initiated
  modcall[authenticate]: module eap returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 101 to 172.30.2.7:21649
Reply-Message = Hello, baig
EAP-Message = 0x01020014110100084b6521fd17dff5de62616967
Message-Authenticator = 0x
State = 0x79c0c87bca1119fca67d5070537af5fd
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.30.2.7:21649, id=102,
length=132
User-Name = baig
Framed-MTU = 1400
Called-Station-Id = 0002.8aa3.02d8
Calling-Station-Id = 000c.412d.01bd
Service-Type = Login-User
Message-Authenticator = 0x092bec1c33d1923277c4244deee5c7e6
EAP-Message = 0x020200060319
NAS-Port-Type = Wireless-802.11
NAS-Port = 1226
State = 0x79c0c87bca1119fca67d5070537af5fd
NAS-IP-Address = 172.30.2.7
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module preprocess returns ok for request 1
  modcall[authorize]: module chap returns noop for request 1
  modcall[authorize]: module mschap returns noop for request 1
rlm_realm: No '@' in User-Name = baig, looking up realm NULL
rlm_realm: No such realm NULL
  modcall[authorize]: module suffix returns noop for request 1
  rlm_eap: EAP packet type response id 2 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module eap returns updated for request 1
users: Matched baig at 96
radius_xlat:  'Hello, baig'
  modcall[authorize]: module files returns ok for request 1
modcall: group authorize returns updated for request 1
  rad_check_password:  Found Auth-Type EAP
auth: type EAP
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
  rlm_eap: Request found, released from the list
  rlm_eap: EAP NAK
 rlm_eap: EAP-NAK asked for EAP-Type/peap
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module eap returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 102 to 172.30.2.7:21649
Reply-Message = Hello, baig
EAP-Message = 0x010300061920
Message-Authenticator = 0x
State = 0xfcdfe17825640d3c8e02641648f22dbf
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.30.2.7:21649, id=103,
length=224
User-Name = baig
Framed-MTU = 1400
Called-Station-Id = 0002.8aa3.02d8
Calling-Station-Id = 000c.412d.01bd
Service-Type = Login-User
Message-Authenticator = 0x2d6ed31d2c2b0e7f8bd8a8f63a02eb50
EAP-Message =
0x02030062198000581603010053014f03014138bce1851ca58cff10d6e22bcb085a
a5006530deaaf18a3cae07c0955a46402800160013006600150012000a00050004000900
6300650060006200610064001400110003000600080100
NAS-Port-Type = Wireless-802.11
NAS-Port = 1226

Re: PEAP segmentation fault

2004-09-03 Thread Michael Griego 
What OS are you using?  Do you have any GDB output?  Can you also
provide the ldd output for your radiusd binary?

--Mike


On Fri, 2004-09-03 at 14:01, Baig wrote:
 Hi All,
   I am running Freeradius 1.0.0 and I can autheticate a client fine with LEAP
 but with PEAP I get the following segmentation fault.
 
 Any help is greatly appreciated.
 
 rad_recv: Access-Request packet from host 172.30.2.7:21649, id=101,
 length=117
 User-Name = baig
 Framed-MTU = 1400
 Called-Station-Id = 0002.8aa3.02d8
 Calling-Station-Id = 000c.412d.01bd
 Service-Type = Login-User
 Message-Authenticator = 0x854872664931c4fe56aae3c58b93f6b4
 EAP-Message = 0x020100090162616967
 NAS-Port-Type = Wireless-802.11
 NAS-Port = 1226
 NAS-IP-Address = 172.30.2.7
   Processing the authorize section of radiusd.conf
 modcall: entering group authorize for request 0
   modcall[authorize]: module preprocess returns ok for request 0
   modcall[authorize]: module chap returns noop for request 0
   modcall[authorize]: module mschap returns noop for request 0
 rlm_realm: No '@' in User-Name = baig, looking up realm NULL
 rlm_realm: No such realm NULL
   modcall[authorize]: module suffix returns noop for request 0
   rlm_eap: EAP packet type response id 1 length 9
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module eap returns updated for request 0
 users: Matched baig at 96
 radius_xlat:  'Hello, baig'
   modcall[authorize]: module files returns ok for request 0
 modcall: group authorize returns updated for request 0
   rad_check_password:  Found Auth-Type EAP
 auth: type EAP
   Processing the authenticate section of radiusd.conf
 modcall: entering group authenticate for request 0
   rlm_eap: EAP Identity
   rlm_eap: processing type leap
   rlm_eap_leap: Stage 2
   rlm_eap_leap: Issuing AP Challenge
   rlm_eap_leap: Successfully initiated
   modcall[authenticate]: module eap returns handled for request 0
 modcall: group authenticate returns handled for request 0
 Sending Access-Challenge of id 101 to 172.30.2.7:21649
 Reply-Message = Hello, baig
 EAP-Message = 0x01020014110100084b6521fd17dff5de62616967
 Message-Authenticator = 0x
 State = 0x79c0c87bca1119fca67d5070537af5fd
 Finished request 0
 Going to the next request
 --- Walking the entire request list ---
 Waking up in 6 seconds...
 rad_recv: Access-Request packet from host 172.30.2.7:21649, id=102,
 length=132
 User-Name = baig
 Framed-MTU = 1400
 Called-Station-Id = 0002.8aa3.02d8
 Calling-Station-Id = 000c.412d.01bd
 Service-Type = Login-User
 Message-Authenticator = 0x092bec1c33d1923277c4244deee5c7e6
 EAP-Message = 0x020200060319
 NAS-Port-Type = Wireless-802.11
 NAS-Port = 1226
 State = 0x79c0c87bca1119fca67d5070537af5fd
 NAS-IP-Address = 172.30.2.7
   Processing the authorize section of radiusd.conf
 modcall: entering group authorize for request 1
   modcall[authorize]: module preprocess returns ok for request 1
   modcall[authorize]: module chap returns noop for request 1
   modcall[authorize]: module mschap returns noop for request 1
 rlm_realm: No '@' in User-Name = baig, looking up realm NULL
 rlm_realm: No such realm NULL
   modcall[authorize]: module suffix returns noop for request 1
   rlm_eap: EAP packet type response id 2 length 6
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module eap returns updated for request 1
 users: Matched baig at 96
 radius_xlat:  'Hello, baig'
   modcall[authorize]: module files returns ok for request 1
 modcall: group authorize returns updated for request 1
   rad_check_password:  Found Auth-Type EAP
 auth: type EAP
   Processing the authenticate section of radiusd.conf
 modcall: entering group authenticate for request 1
   rlm_eap: Request found, released from the list
   rlm_eap: EAP NAK
  rlm_eap: EAP-NAK asked for EAP-Type/peap
   rlm_eap: processing type tls
   rlm_eap_tls: Initiate
   rlm_eap_tls: Start returned 1
   modcall[authenticate]: module eap returns handled for request 1
 modcall: group authenticate returns handled for request 1
 Sending Access-Challenge of id 102 to 172.30.2.7:21649
 Reply-Message = Hello, baig
 EAP-Message = 0x010300061920
 Message-Authenticator = 0x
 State = 0xfcdfe17825640d3c8e02641648f22dbf
 Finished request 1
 Going to the next request
 Waking up in 6 seconds...
 rad_recv: Access-Request packet from host 172.30.2.7:21649, id=103,
 length=224
 User-Name = baig
 Framed-MTU = 1400
 Called-Station-Id = 0002.8aa3.02d8
 Calling-Station-Id = 000c.412d.01bd
 Service-Type = Login-User
 Message-Authenticator = 0x2d6ed31d2c2b0e7f8bd8a8f63a02eb50
 EAP-Message =

Re: Ldap and Ldap-Group

2004-09-03 Thread Quanah Gibson-Mount 

--On Friday, September 03, 2004 11:16 AM -0400 Lew A [EMAIL PROTECTED] wrote:
Hello,
freeradius-0.9.3_1
openldap-2.2.6
freebsd-4.9-p11
Just as an aside, I'll note that Openldap-2.2.6 is a rather old and 
unstable release.

--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: exec module

2004-09-03 Thread Simon Bryden 
Ok, this is not tested but hopefully should help you get started:

In your radiusd.conf you need to define an exec module:

modules {
   ...
   exec allow9to5 {
wait = yes
program = /usr/bin/php -f /somedir/allow9-5.php
input_pairs = request
output_pairs = reply
packet_type = Access-Request
}
...
}

Then for the module itself (allow9-5.php):

?php
// you might need this with earlier versions of php which 
// always spit out http headers. This will buffer all of 
// that and later we will throw it away
ob_start();


// just in case you want to read some 
// attributes ...
$nasip = $_ENV['NAS_IP_ADDRESS'];
$nasid = $_ENV['NAS_IDENTIFIER'];

// throw away anything already in the output buffer
ob_end_clean();

// Now to the meat, first see if we are within the window
// get current date
$date = getdate();
$curhour = $date['hour'];
if ($curhour  9 || $curhour = 17) {

// current unix timestamp
$curtime = time();

// unix timestamp at 17:00
$fivepm = mktime (17, 00, 00, $date['month'], $date['day'], 
$date['year']);

// seconds until 17:00
$seconds = $fivepm - $curtime;
$minutes = $seconds / 60;  

// return this as an attribute
echo Session-Timeout := \$minutes\;

// zero return means accept
$retval = 0;
} else {
// otherwise reject
$retval = 1;
}   
exit ($retval);
?

Note that some 4.x phps print the return value to stdout - beware of this. 
Also note that the responsibility of disconnecting is with the NAS - you are 
telling it how long to allow the session which if our arithmetic is correct 
is until 5pm. At that time you are at the mercy of your NAS - make sure it is 
configured to do this.

Hope this helps,
Regards,
Simon.
---

On Friday 03 September 2004 14:56, Edgars wrote:
 can somone explain how rlm_exec module works?
 i'm interested in how to run *.php program before user authentication,
 is this module capable of doing that?
 How and in what form to pass the necessary attributes to the PHP program
 and what should be returned?

 Your help will be greatly appreciated!
 Edgars

 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

None Stop timer?

2004-09-03 Thread sarky 

Just wondering is there a way of when a user is restricted to 2 hours browsing time,
the account expires after 2 hours from the time the user logs in?

for example:

User logs in at 1:00pm and logs off at 1:30pmthen he tries to logon again at 3:01
the account will have expired. that is a requirement of a hotel.

Thank you

Sarky


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: None Stop timer?

2004-09-03 Thread Dana Hudes 
On Fri, 3 Sep 2004, sarky wrote:
 Just wondering is there a way of when a user is restricted to 2 hours browsing time,
 the account expires after 2 hours from the time the user logs in?
 
 for example:
 
 User logs in at 1:00pm and logs off at 1:30pmthen he tries to logon again at 3:01
 the account will have expired. that is a requirement of a hotel.

Typically in a hotel one purchases access by the room-night. The account 
expires at checkout time even if the user is online at the time (and even 
if they have arranged late checkout or even if they're staying another 
night).

It certainly can be done to sell blocks of time in hours and probably this 
is a more customer-friendly approach. I personally stayed at the Four 
Seasons Aviara in 2002 and bought Internet access only when I got up in 
the AM but it expired at 2pm checkout time anyway even though I was 
staying the next night -- but would not be using the Internet the next 
day. An interesting approach would be the Internet cafe model where
one pays for time used -- one registers, then signs out and one's credit 
card or hotel tab is charged.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

freeradius kerberosV lookups

2004-09-03 Thread Quanah Gibson-Mount 
I have grabbed the debian freeradius and freeraduis-krb5 packages, and
dropped them onto my system.  However, I don't see any documentation that
explains how to set up freeradius so that it will take an incoming user
request and validate their user id against my KDC.  Does someone have
documentation on this somewhere, or pointers?
Thanks,
Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: PEAP segmentation fault

2004-09-03 Thread Baig 
Mike,
I am using RedHat 9.0

This is my gdb output

]0;[EMAIL PROTECTED]:/usr/local/[EMAIL PROTECTED] sbin]# gdb
GNU gdb Red Hat Linux (5.3post-0.20021129.18rh)
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type show copying to see the conditions.
There is absolutely no warranty for GDB.  Type show warranty for details.
This GDB was configured as i386-redhat-linux-gnu.
(gdb) quit





This my ldd output
libcrypt.so.1 = /lib/libcrypt.so.1 (0x40023000)
libnsl.so.1 = /lib/libnsl.so.1 (0x4005)
libresolv.so.2 = /lib/libresolv.so.2 (0x40065000)
libpthread.so.0 = /lib/tls/libpthread.so.0 (0x40077000)
libcrypto.so.4 = /lib/libcrypto.so.4 (0x40084000)
libssl.so.4 = /lib/libssl.so.4 (0x40175000)
libradius-1.0.0.so = /usr/local/lib/libradius-1.0.0.so (0x401ab000)
libltdl.so.3 = /usr/lib/libltdl.so.3 (0x401be000)
libdl.so.2 = /lib/libdl.so.2 (0x401c5000)
libc.so.6 = /lib/tls/libc.so.6 (0x4200)
/lib/ld-linux.so.2 = /lib/ld-linux.so.2 (0x4000)
libgssapi_krb5.so.2 = /usr/kerberos/lib/libgssapi_krb5.so.2 (0x401c8000)
libkrb5.so.3 = /usr/kerberos/lib/libkrb5.so.3 (0x401db000)
libk5crypto.so.3 = /usr/kerberos/lib/libk5crypto.so.3 (0x4023a000)
libcom_err.so.3 = /usr/kerberos/lib/libcom_err.so.3 (0x4024a000)
libz.so.1 = /usr/lib/libz.so.1 (0x4024c000)

Thanks
Baig


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: PEAP segmentation fault

2004-09-03 Thread Michael Griego 
On Fri, 2004-09-03 at 16:41, Baig wrote:
 Mike,
 I am using RedHat 9.0
 
 This is my gdb output


Read docs/bugs for more info on how to get proper debugging output from
gdb, then post your results again.

Thanks.

-- 

--Mike

---
Michael Griego
Wireless LAN Project Manager
The University of Texas at Dallas



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

radius accounting

2004-09-03 Thread jassim El-mansori 
hello

I'm using NTRadping as test utility and it works like
a charm
I'm wondering guys about why radius sends the
accounting
* Accounting-response 
unlike the when doing authentication it sends 
* Access-Accept
what does it mean i cant get it really is just an
initial response and there is another action has to
come afterward
any advice 
thank vary much indeed




___
Do you Yahoo!?
Win 1 of 4,000 free domain names from Yahoo! Enter now.
http://promotions.yahoo.com/goldrush

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius and dialup_admin

2004-09-03 Thread apellido jr., wilfredo p. 
maybe this will help ...

?
phpinfo()
?





- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius and dialup_admin

2004-09-03 Thread Herbert Maosa 
I have checked php.ini, but I really dont know what I am looking for in 
there. I dont see any configuration parameter that makes reference to 
mysql, so I dont know whether that means it is enabled or not.

regards
Herbert.
apellido jr., wilfredo p. wrote:
maybe this will help ...
?
phpinfo()
?


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius and dialup_admin

2004-09-03 Thread apellido jr., wilfredo p. 
create php script with this code ..

?
phpinfo()
?

and this will show it mysql is enabled ... thanks



- Original Message - 
From: Herbert Maosa [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, September 04, 2004 11:22 AM
Subject: Re: Freeradius and dialup_admin


I have checked php.ini, but I really dont know what I am looking for in 
there. I dont see any configuration parameter that makes reference to 
mysql, so I dont know whether that means it is enabled or not.


 regards
 Herbert.
 apellido jr., wilfredo p. wrote:

maybe this will help ...

?
phpinfo()
?





- List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html






 - List info/subscribe/unsubscribe? See 
 http://www.freeradius.org/list/users.html 



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html