session timeout?
hello people, could someone enlighten me about how exactly the Session-Timeout value within the users file works? if i put in DEFAULT Session-Timeout := 900, Fall-Through = Yes at the top of the file, isn't it supposed to kick any user after 15 minutes? what i'm trying to do is to make dynamic wep keys work so that they get reassigned after a certain amount of time. from what i understand, the freeradius server and the access point, cisco 1200 in my case, both need to have a timeout configured. the cisco has a 900s key rotation interval configured but neither the radiusd -X output nor every possible debug output from the ap shows anything after that timespan. am i missing something? is it possible to monitor the assignment of dynamic wep keys by other means not involving a airsnort or kismet and alikes? any logs? thank you in advance, sven - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
that is what i had done
Thnks DD. OK...it's seems that I'm not good in explaning this.. My setup is user/subscriber-->Client-->Forwarding Server-->Remote Server forwarding IP=200.200.230.132 Remote IP=200.200.230.136 Is Forwarding server now is the client of the remote server? If yes, in The REMOTE SERVER with it CLIENTS.CONF file looks like this... client 200.200.230.132 { secret = amin shortname = 200.200.230.132 login = amin password= amin } So I assumed the packet comes from forwarding server with IP 200.200.230.132---iS iT? AND in the FORWARDING SERVER...Inside the PROXY.CONF file is like this realm 200.200.230.136 { type= radius authhost= radius.200.200.230.136:1812 accthost= radius.200.200.230.136:1813 secret = amin } Is the IP of the authhost and the accthost is the IP of the REMOTE SERVER?Correct me please.. 'radius' before the IP of the remote server indicate what? The type specified above it or is it something else? in REMOTE and Forwarding server both their radiusd.conf, do we need to altered anything if i used the realm as their own IP if I want the proxy / realm works on both way..just the metter of testing this functionallity... And, in the other setup I did put the client IP inside the server's client.conf file ..thats the the basic thingbut still what is strange is it ignored the packet as unknown client..only one client that I define among many other is accepted by it and annother problem occured...the reply/access accept not received by the client. Client seems to hear nothing from the server. Help me again pleaseThank you and merry christmas to anyone celebrating it... __ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: regarding "stale" IP in ippool
On Wed, Dec 22, 2004 at 07:10:32PM +0100, Alfred H. Dahl wrote: > > > >> If a Mikrotik pppoe-server stops, or the accounting-stop-packet from > > >> the pppoe-server does not reach the radius-server, the IP-address is > > >> not freed from the ip_pool, meaning we get "stale" sessions in the > > >> IP-Pool. > > >Now I think about it, there's supposed to be an accounting packet that > >comes in when a NAS is shut down... I just don't recall if rlm_ippool > >processes it or not. ^_^ > > the rlm_ippool processes only the accounting_STOP-packets, (and, of course, > the start-packet as well) > I am not able to zap the IP from the pool using radzap - but as long as the > rlm_ippool processes accounting_stop-packets, I should be able to use > radclient, as in > "echo "User-Name = username, Password=password" | radclient > " > I am, however, unsure of how to construct this command line in order to send > an accounting_stop-packet. Anyone have any experience here? Isn't that what radzap does for you? -- Paul "TBBle" Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
bug with dead_time in multi threaded mode
Failover seems to work fine when the server is running in single threaded mode, but not in multi-threaded mode. When the server is started with the -X option, I see the failed server marked dead when nothing is returned from the proxy. When it is started with -xxx, I don't see the server marked dead and all subsequent requests are sent to the first server. Is this a bug? Proxy.conf: realm failover_org { type = radius authhost = 10.0.0.212:1812 secret = foo } realm failover_org { type = radius authhost = 10.0.0.25:1812 secret = rp ld_flag = fail_over dead_time = 60 } Debug when started with -X Sending Access-Request of id 0 to 10.0.0.212:1812 NAS-IP-Address = 10.0.0.112 NAS-Identifier = "CSD" NAS-Port = 1 Calling-Station-Id = "00:0D:93:7F:58:24" User-Name = "lynn" User-Password = "lynn" Proxy-State = 0x313430 --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Re-sending Access-Request of id 0 to 10.0.0.212:1812 NAS-IP-Address = 10.0.0.112 NAS-Identifier = "CSD" NAS-Port = 1 Calling-Station-Id = "00:0D:93:7F:58:24" User-Name = "lynn" User-Password = "\377\374\225\223M\217\017\301x\250\003\371\346+i\357" Client-IP-Address = 127.0.0.1 Stripped-User-Name = "lynn" Realm = "failover_org" Realm = "failover_org" Proxy-State = 0x313430 Waking up in 5 seconds... --- Walking the entire request list --- Re-sending Access-Request of id 0 to 10.0.0.212:1812 NAS-IP-Address = 10.0.0.112 NAS-Identifier = "CSD" NAS-Port = 1 Calling-Station-Id = "00:0D:93:7F:58:24" User-Name = "lynn" User-Password = "\377\374\225\223M\217\017\301x\250\003\371\346+i\357" Client-IP-Address = 127.0.0.1 Stripped-User-Name = "lynn" Realm = "failover_org" Realm = "failover_org" Proxy-State = 0x313430 Waking up in 5 seconds... --- Walking the entire request list --- Server rejecting request 0. Sending Access-Reject of id 140 to 127.0.0.1:33251 marking authentication server 10.0.0.212:1812 for realm failover_org dead Waking up in 0 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 140 with timestamp 41cb150a Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 127.0.0.1:33252, id=12, length=93 NAS-IP-Address = 10.0.0.112 NAS-Identifier = "CSD" NAS-Port = 1 Calling-Station-Id = "00:0D:93:7F:58:24" User-Name = "[EMAIL PROTECTED]" User-Password = "lynn" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: Looking up realm "failover_org" for User-Name = "[EMAIL PROTECTED]" rlm_realm: Found realm "failover_org" rlm_realm: Adding Stripped-User-Name = "lynn" rlm_realm: Proxying request from user lynn to realm failover_org rlm_realm: Adding Realm = "failover_org" rlm_realm: Preparing to proxy authentication request to realm "failover_org" modcall[authorize]: module "suffix" returns updated for request 1 rlm_realm: Request already proxied. Ignoring. modcall[authorize]: module "realmslash" returns noop for request 1 rlm_realm: Request already proxied. Ignoring. modcall[authorize]: module "backslash" returns noop for request 1 rlm_realm: Request already proxied. Ignoring. modcall[authorize]: module "realmpercent" returns noop for request 1 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 1 users: Matched DEFAULT at 12 modcall[authorize]: module "files" returns ok for request 1 modcall: group authorize returns updated for request 1 Sending Access-Request of id 0 to 10.0.0.25:1812 NAS-IP-Address = 10.0.0.112 NAS-Identifier = "CSD" NAS-Port = 1 Calling-Station-Id = "00:0D:93:7F:58:24" User-Name = "lynn" User-Password = "lynn" Proxy-State = 0x3132 --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Accept packet from host 10.0.0.25:1812, id=0, length=99 Cisco-AVPair = ""ssid=momo230"" Tunnel-Type:1 = VLAN Tunnel-Medium-Type:1 = IEEE-802 Tunnel-Private-Group-Id:1 = "30" Framed-IP-Address = 255.255.255.255 Proxy-State = 0x3132 Class = 0x434953434f4143533a30303035396230632f30613030303037302f31 Processing the post-proxy section of radiusd.conf Debug from -xxx rad_recv: Access-Request packet from host 127.0.0.1:33365, id=237, length=93 Fri Dec 24 14:30:21 2004 : Debug: --- Walking the entire request list --- Fri
Re: log_badlogins with remote mysql db
Peter LaForest wrote: I do not have mysql installed on the freeradius machine (Debian Linux), so the script fails because it cannot find the mysql binary when it tries to use the temporary mysql batch file to write to the db. You don't need the mysql server, but you DO need the mysql client (not the libraries, which you only need at freeradius compile time)! For example, on Fedora the mysql client is provided by the mysql- rpm. -- Regards, Thor Spruyt E: [EMAIL PROTECTED] W: www.thor-spruyt.com M: +32 (0)475 67 22 65 Bestel nu uw exemplaar van Operationele verkoop (Walter Spruyt - Liesbeth Huysmans) via www.salesguide.be Ontdek de Telenet Hotspot service op www.telenet.be/hotspots - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
log_badlogins with remote mysql db
Hello all, Trying to use log_badlogins with a remote mysql db. I do not have mysql installed on the freeradius machine (Debian Linux), so the script fails because it cannot find the mysql binary when it tries to use the temporary mysql batch file to write to the db. I believe I should be able use mysql development libraries, or something along that line, without having to install mysql. I have the libmysqlclient library and development files already installed. Can I somehow point the script to the libraries to get it to work, or am I looking at some rewriting- perhaps using the perl mysql interface to connect to the db and write to the accounting table. Any thoughts would be appreciated. Thank you. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Huntgroups, ldap, groupofnames
On Dec 22, 2004, at 12:57 PM, Dustin Doris wrote: I cliped some of your message and only left the relevant parts. The packet you show came from the NASIP of 149.28.3.101, not 192.168.1.10. Is that your entire huntgroups file you showed? If so, this isn't matching the rule in the users file because its not in that huntgroup. Sorry I was trying to substitute out the IP's, the IP's do actually match up. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
regarding "stale" IP in ippool
> >> If a Mikrotik pppoe-server stops, or the accounting-stop-packet from > >> the pppoe-server does not reach the radius-server, the IP-address is > >> not freed from the ip_pool, meaning we get "stale" sessions in the > >> IP-Pool. >Now I think about it, there's supposed to be an accounting packet that >comes in when a NAS is shut down... I just don't recall if rlm_ippool >processes it or not. ^_^ the rlm_ippool processes only the accounting_STOP-packets, (and, of course, the start-packet as well) I am not able to zap the IP from the pool using radzap - but as long as the rlm_ippool processes accounting_stop-packets, I should be able to use radclient, as in "echo "User-Name = username, Password=password" | radclient " I am, however, unsure of how to construct this command line in order to send an accounting_stop-packet. Anyone have any experience here? -- Med vennlig hilsen/Sincerely Alfred H. Dahl Hostmaster Élla Kommunikasjon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Huntgroups, ldap, groupofnames
> I'm trying to get freeradius (1.0.1) working with huntgroups and ldap > groups, after toying with this for a few days and searching the mailing > list I still can't seem to make it work, perhaps someone can assist. > > huntgroups: > apsdialin NAS-IP-Address == 192.168.1.10 > > users: > > DEFAULT Huntgroup-Name == "apsdialin", Ldap-Group != > "cn=dialin,ou=radiusgroups,dc=myhost", Auth-Type := Reject > Fall-Through = no > > DEFAULT Auth-Type := Reject > > > radtest testuser testuser 192.168.1.20 10 testing123 0 192.168.1.10 > > This is from the host 192.168.1.10, that testuser is in the "apsdialin" > group so it should be allowed access, which it is. If I remove the user > from the group they are still allowed access though! > > radiusd -X: > rad_recv: Access-Request packet from host 149.28.3.101:52461, id=219, > length=66 > User-Name = "testuser" > User-Password = "testuser" > NAS-IP-Address = 149.28.3.101 > NAS-Port = 10 > Framed-Protocol = PPP >Processing the authorize section of radiusd.conf I cliped some of your message and only left the relevant parts. The packet you show came from the NASIP of 149.28.3.101, not 192.168.1.10. Is that your entire huntgroups file you showed? If so, this isn't matching the rule in the users file because its not in that huntgroup. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Switching from Cistron radius to Free radius
Le jeudi 16 décembre 2004 à 10:49 -0500, Lisa Casey a écrit : > Hi, > > I have a radius server currently authenticating dialup users using Cistron. > I'm in the process of switching over to Free radius. I have downloaded and > installed Free radius 1.0.1 and have edited radiusd.conf to suit my needs. I > haven't started using it yet in place of Cistron but I'm about ready to. I > have a qauestion though: > > In .../freeradius-1.0.1/scripts there is a script to start the radius daemon > called rc.radiusd. My cistron is currently started with a script in > /etc/init.d called radiusd. Should I just copy rc.radiusd to /etc/init.d > then rename it radiusd? > > Actually, in .../freeradius-1.0.1/scripts, there are two scripts: > rc.radiusd and rc.radiusd.in What's the difference between these and which > should I use? rc.radiusd is generated from rc.radiusd.in at build-time. The one you should use is rc.radiusd, unless you want to fix things and submit your changes to FreeRADIUS. > Thanks, > > Lisa Casey - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius and multiple mysql servers
yes doc/configurable_failover Brian -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Wade Kemp Sent: Wednesday, December 22, 2004 11:29 AM To: freeradius-users@lists.freeradius.org Subject: freeradius and multiple mysql servers Pardon my asking but I have not been able to find a definitive answer. Can Freeradius send accounting packets to multiple mysql servers? i.e. accounting { sql1 sql2 } Wade - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius and multiple mysql servers
Pardon my asking but I have not been able to find a definitive answer. Can Freeradius send accounting packets to multiple mysql servers? i.e. accounting { sql1 sql2 } Wade - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/TLS, EAP-TTLS with LDAP
Tomasz Wolniewicz <[EMAIL PROTECTED]> wrote: > Does someone have an idea how to switch off LDAP for processing of the > outer part of the EAP-TTLS message? Put ldap into an Atz-Type block, and configure the server to call the block only in the conditions you want it to be called. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dynamic Authorization Extensions to RADIUS
"xuxu" <[EMAIL PROTECTED]> wrote: > Does Freeradius implement the Dynamic Authorization Extensions= > discribed in RFC3576 ? No. As always, patches are welcome. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with passwords
Hello, I change it already but it keeps reject me... pap {# encryption_scheme =crypt encryption_scheme = clear } I don't know what else must change... Your PAP works with this change? Kyriaki Gali,IT Applications SpecialistKinetix Tele.com Support Center,Tel & Fax: +30 2310 256140GSM: +30 6947 723737http://www.kinetix.gre-mail: [EMAIL PROTECTED] - Original Message - From: vamsikv To: freeradius-users@lists.freeradius.org Sent: Wednesday, December 22, 2004 3:58 PM Subject: RE: Problem with passwords I also encountered the same problem.For this to work i made one change in the radiusd.conf i.e encryption-scheme = clear Please let me know if i am missing anything. Thanks in Advance, vamsi -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Kyriaki GaliSent: Wednesday, 22 December 2004 8:00 PMTo: freeradius-users@lists.freeradius.orgSubject: Problem with passwords Hello, does anyone know what is the difference between CHAP-Password and PAP-Password? Because if i use CHAP working fine and if i use PAP rejects me. Thanks, Kyriaki Gali,IT Applications SpecialistKinetix Tele.com Support Center,Tel & Fax: +30 2310 256140GSM: +30 6947 723737http://www.kinetix.gre-mail: [EMAIL PROTECTED]***This message is proprietary to Future Software Limited (FSL)and is intended solely for the use of the individual to whom itis addressed. It may contain privileged or confidential informationand should not be circulated or used for any purpose other than forwhat it is intended.If you have received this message in error, please notify theoriginator immediately. If you are not the intended recipient,you are notified that you are strictly prohibited from using,copying, altering, or disclosing the contents of this message.FSL accepts no responsibility for loss or damage arising fromthe use of the information transmitted by this email includingdamage from virus.***
RE: Problem with passwords
I also encountered the same problem.For this to work i made one change in the radiusd.conf i.e encryption-scheme = clear Please let me know if i am missing anything. Thanks in Advance, vamsi -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Kyriaki GaliSent: Wednesday, 22 December 2004 8:00 PMTo: freeradius-users@lists.freeradius.orgSubject: Problem with passwords Hello, does anyone know what is the difference between CHAP-Password and PAP-Password? Because if i use CHAP working fine and if i use PAP rejects me. Thanks, Kyriaki Gali,IT Applications SpecialistKinetix Tele.com Support Center,Tel & Fax: +30 2310 256140GSM: +30 6947 723737http://www.kinetix.gre-mail: [EMAIL PROTECTED] *** This message is proprietary to Future Software Limited (FSL) and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. FSL accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus. ***
Re: realm setup problem
> I try to setup proxy and realm for freeradius > in my forwarding server, in the proxy.conf file, it > looks like this: What is setup in radiusd.conf to determine realm? If you are using something like suffix, then it would determine on the username. ie: [EMAIL PROTECTED] and your proxy.conf file would show realm test.com { ... } > > realm 200.200.230.136 { > type= radius > authhost= radius.200.200.230.136:1812 > accthost= radius.200.200.230.136:1813 > secret = amin > } authhost and accthost should be either an IP or fully qualified domain name. ie: radius.test.com or 200.200.230.136, not radius.200.200.x.x. > > The IP of the forwarding server is 200.200.230.132 > > at the remote server, the client.conf looks like > this.. > > > client 200.200.230.132 { > secret = amin > shortname = 200.200.230.132 > login = amin > password= amin > } > > When i try to run the radiusd -X, at the forwarding > server, it stoped at ..reading realm > files..host 200.200.230.136 not found > then it stoped totally.. You say you have .132 in clients.conf, but the radius packet came from .136. You need to add that IP as well to clients.conf. > Another Problem is in one seperate server I run > FreeRADIUS. Client.conf are set to listen to client > 200.200.230.148 > but still in the debug mode the ignore messages > appeared receiving from unknown > client...200.200.230.148, why is this happen? Or I > missed something again? > Thanks for your help...really really appreciate it. > You need to add that IP to clients.conf as well. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP/TLS, EAP-TTLS with LDAP
I expect my users to athenticate with either EAP/TLS or EAP-TTLS/PAP. In the first case User-Name is processed twice, first the outer identity, and later the inner one. Actually I have no interest in processing the outer identity as this only serves setting up the correct realm, but the uid has no meaning. It turns out that I search the whole user database and throw away the result, which seems like a big waste of resources. And to make things worse, this goes on with every packet of the conversation. I have figured out a way of dealing with this, by returning from the authorize list whenever eap returns updated, unfortunately this does not work with TTLS in which case the outer identity is THE one that we are interested in. Does someone have an idea how to switch off LDAP for processing of the outer part of the EAP-TTLS message? Tomasz -- Tomasz Wolniewicz [EMAIL PROTECTED]http://www.uni.torun.pl/~twoln Uczelniane Centrum Informatyczne Information&Communication Technology Centre Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University, pl. Rapackiego 1, Torun pl. Rapackiego 1, Torun, Poland tel: +48-56-611-2750 fax: +48-56-622-1850 tel kom.: +48-693-032-576 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with passwords
On Wed, 22 Dec 2004, Kyriaki Gali wrote: Hello, does anyone know what is the difference between CHAP-Password and PAP-Password? Because if i use CHAP working fine and if i use PAP rejects me. http://www.freeradius.org/faq/#4.4 Thanks, Kyriaki Gali, IT Applications Specialist Kinetix Tele.com Support Center, Tel & Fax: +30 2310 256140 GSM: +30 6947 723737 http://www.kinetix.gr e-mail: [EMAIL PROTECTED] -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with passwords
Hello, does anyone know what is the difference between CHAP-Password and PAP-Password? Because if i use CHAP working fine and if i use PAP rejects me. Thanks, Kyriaki Gali,IT Applications SpecialistKinetix Tele.com Support Center,Tel & Fax: +30 2310 256140GSM: +30 6947 723737http://www.kinetix.gre-mail: [EMAIL PROTECTED]
Re: where i put restrictions to users
EAP-TTLS (and I'm assuming PEAP, but I don't use it) will only allow network use if authentication succeeds. On Wed, 22 Dec 2004 12:50:26 +, Antonio Carola <[EMAIL PROTECTED]> wrote: > Hi, > > i have a some doubts, > > i trying to put wireless authentication with freeradius, > > I have a freeradius running in machine with ip 10.10.96.128, acess point > in ip 10.10.96.150 . > > I use my laptop for client, i connect with acess point and i have network. > > I try radiusclient with a user and i receive accepts and rejects. > > How to only have network when i put username e password, or either where > i put restrictions to users ? > > tanks, > Antonio Carola > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Justin Guidroz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql seg fault
Am Mi, den 22.12.2004 schrieb Mathias Röhl um 13:28: > Am Mi, den 22.12.2004 schrieb Mathias Röhl um 11:47: > Seems so I forgot to read the Documentation > > "In order to build the drivers, you MUST ALSO install the development > versions of the database." > Hm'kay, I'll try it again Hi I did this, installed the libmysqlclient-dev.deb package and in the /src/modules/rlm_sql I did ./configure make && make install. Same with rlm_sql_mysql. LD_LIBRARY_PATH is correct set to /usr/local/lib. But after starting radius -X it says - sql: safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" rlm_sql (sql): Could not link driver rlm_sql_mysql: /usr/local/lib/rlm_sql_mysql.a: invalid ELF header rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. --- The gdb says sql: safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1076734432 (LWP 13679)] 0x0809059e in lt_dlsym (handle=0x81a7668, symbol=0x81a4038 "rlm_sql_freetds") at ltdl.c:3330 3330 lensym = LT_STRLEN (symbol) + LT_STRLEN (handle->loader->sym_prefix) (gdb) bt #0 0x0809059e in lt_dlsym (handle=0x81a7668, symbol=0x81a4038 "rlm_sql_freetds") at ltdl.c:3330 #1 0x080702ae in rlm_sql_instantiate (conf=0x81a4038, instance=0xf) at rlm_sql.c:682 #2 0x08059763 in find_module_instance (instname=0x80f4130 "sql") at modules.c:358 #3 0x0805ac4d in do_compile_modsingle (component=3, ci=0x80f4110, filename=0x80972f4 "radiusd.conf", grouptype=0, modname=0xbfffeae8) at modcall.c:814 #4 0x0805add2 in compile_modsingle (component=3, ci=0xf, filename=0xf , modname=0xf) at modcall.c:829 #5 0x08059c6d in load_component_section (cs=0x80f40a0, comp=3, filename=0x80972f4 "radiusd.conf") at modules.c:584 #6 0x0805a044 in setup_modules () at modules.c:874 #7 0x08050bfd in main (argc=2, argv=0xbd34) at radiusd.c:965 -- May be I forget something to doI don't think this is a bug... thx in advance for kindly help regards [EMAIL PROTECTED] -- TANK!!! I need an exit!! FAAAST!!! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
where i put restrictions to users
Hi, i have a some doubts, i trying to put wireless authentication with freeradius, I have a freeradius running in machine with ip 10.10.96.128, acess point in ip 10.10.96.150 . I use my laptop for client, i connect with acess point and i have network. I try radiusclient with a user and i receive accepts and rejects. How to only have network when i put username e password, or either where i put restrictions to users ? tanks, Antonio Carola - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql seg fault
Am Mi, den 22.12.2004 schrieb Mathias Röhl um 11:47: > Hi > Seems so I forgot to read the Documentation "In order to build the drivers, you MUST ALSO install the development versions of the database." Hm'kay, I'll try it again regards [EMAIL PROTECTED] -- TANK!!! I need an exit!! FAAAST!!! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius client unknown
This is the debug mode Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/usr/local/var" main: logdir = "/usr/local/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/usr/local/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded preprocess preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" preprocess: hints = "/usr/local/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded SQL sql: driver = "rlm_sql_mysql" sql: server = "localhost" sql: port = "" sql: login = "radius" sql: password = "radius" sql: radius_db = "radius" sql: acct_table = "radacct" sql: acct_table2 = "radacct" sql: authcheck_table = "radcheck" sql: authreply_table = "radreply" sql: groupcheck_table = "radgroupcheck" sql: groupreply_table = "radgroupreply" sql: usergroup_table = "usergroup" sql: nas_table = "nas" sql: dict_table = "dictionary" sql: sqltrace = no sql: sqltracefile = "/usr/local/var/log/radius/sqltrace.sql" sql: readclients = no sql: deletestalesessions = yes sql: num_sql_socks = 5 sql: sql_user_name = "%{User-Name}" sql: default_user_profile = "" sql: query_on_not_found = no sql: authorize_check_query = . sql: group_membership_query = "SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}'" sql: connect_failure_retry_delay = 60 sql: simul_count_query = "" sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0" sql: postauth_table = "radpostauth" sql: postauth_query = "INSERT into radpostauth (id, user, pass, reply, date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', NOW())" sql: safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_my
mysql seg fault
Hi I installed fr from the source, also openssl, and tested with EAP/TLS and it works fine. So far...Now I want to do it with LDAP and MYSQL, LDAP for users and MYSQL for storing accounting informations. I configured in rlm_ldap and rlm_sql and after doing this I started radius -X -A, but nwo I got a segmentation fault. Looks like this Module: Loaded SQL sql: driver = "rlm_sql_mysql" sql: server = "localhost" sql: port = "" sql: login = "root" sql: password = "bintec" sql: radius_db = "radius" sql: acct_table = "radacct" sql: acct_table2 = "radacct" sql: authcheck_table = "radcheck" sql: authreply_table = "radreply" sql: groupcheck_table = "radgroupcheck" sql: groupreply_table = "radgroupreply" sql: usergroup_table = "usergroup" sql: nas_table = "nas" sql: dict_table = "dictionary" sql: sqltrace = no sql: sqltracefile = "/usr/local//var/log/radius/sqltrace.sql" sql: readclients = no sql: deletestalesessions = yes sql: num_sql_socks = 5 sql: sql_user_name = "%{User-Name}" sql: default_user_profile = "" sql: query_on_not_found = no sql: authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id" sql: authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id" sql: authorize_group_check_query = "SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id" sql: authorize_group_reply_query = "SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id" sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}' WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'" sql: accounting_update_query = "UPDATE radacct ? SET FramedIPAddress = '%{Framed-IP-Address}', ? AcctSessionTime = '%{Acct-Session-Time}', ? AcctInputOctets = '%{Acct-Input-Octets}', ? AcctOutputOctets = '%{Acct-Output-Octets}' ? WHERE AcctSessionId = '%{Acct-Session-Id}' ? AND UserName = '%{SQL-User-Name}' ? AND NASIPAddress= '%{NAS-IP-Address}'" sql: accounting_update_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0')" sql: accounting_start_query = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0')" sql: accounting_start_query_alt = "UPDATE radacct SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'" sql: accounting_stop_query = "UPDATE radacct SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'" sql: accounting_stop_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NA
Realm proxy setup probs
I try to setup proxy and realm for freeradius in my forwarding server, in the proxy.conf file, it looks like this: realm 200.200.230.136 { type= radius authhost= radius.200.200.230.136:1812 accthost= radius.200.200.230.136:1813 secret = amin } The IP of the forwarding server is 200.200.230.132 at the remote server, the client.conf looks like this.. client 200.200.230.132 { secret = amin shortname = 200.200.230.132 login = amin password= amin } When i try to run the radiusd -X, at the forwarding server, it stoped at ..reading realm files..host 200.200.230.136 not found then it stoped totally.. can I just put the IP address of the remote server just like that? which part of configuration file that I missed to alter? Another Problem is in one seperate server I run FreeRADIUS. Client.conf are set to listen to client 200.200.230.148 but still in the debug mode the ignore messages appeared receiving from unknown client...200.200.230.148, why is this happen? Or I missed something again? Thanks for your help...really really appreciate it. __ Do you Yahoo!? Meet the all-new My Yahoo! - Try it today! http://my.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html