session timeout?
hello people, could someone enlighten me about how exactly the Session-Timeout value within the users file works? if i put in DEFAULT Session-Timeout := 900, Fall-Through = Yes at the top of the file, isn't it supposed to kick any user after 15 minutes? what i'm trying to do is to make dynamic wep keys work so that they get reassigned after a certain amount of time. from what i understand, the freeradius server and the access point, cisco 1200 in my case, both need to have a timeout configured. the cisco has a 900s key rotation interval configured but neither the radiusd -X output nor every possible debug output from the ap shows anything after that timespan. am i missing something? is it possible to monitor the assignment of dynamic wep keys by other means not involving a airsnort or kismet and alikes? any logs? thank you in advance, sven - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
that is what i had done
Thnks DD.
OK...it's seems that I'm not good in explaning this..
My setup is
user/subscriber-->Client-->Forwarding Server-->Remote
Server
forwarding IP=200.200.230.132
Remote IP=200.200.230.136
Is Forwarding server now is the client of the remote
server?
If yes, in The REMOTE SERVER with it CLIENTS.CONF file
looks like this...
client 200.200.230.132 {
secret = amin
shortname = 200.200.230.132
login = amin
password= amin
}
So I assumed the packet comes from forwarding server
with IP 200.200.230.132---iS iT?
AND in the FORWARDING SERVER...Inside the PROXY.CONF
file is like this
realm 200.200.230.136 {
type= radius
authhost= radius.200.200.230.136:1812
accthost= radius.200.200.230.136:1813
secret = amin
}
Is the IP of the authhost and the accthost is the IP
of the REMOTE SERVER?Correct me please..
'radius' before the IP of the remote server indicate
what? The type specified above it or is it something
else?
in REMOTE and Forwarding server both their
radiusd.conf, do we need to altered anything if i used
the realm as their own IP if I want the proxy / realm
works on both way..just the metter of testing this
functionallity...
And, in the other setup I did put the client IP inside
the server's client.conf file ..thats the the basic
thingbut still what is strange is it ignored the
packet as unknown client..only one client that I
define among many other is accepted by it and annother
problem occured...the reply/access accept not received
by the client. Client seems to hear nothing from the
server.
Help me again pleaseThank you and merry christmas
to anyone celebrating it...
__
Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.
http://mobile.yahoo.com/maildemo
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: regarding "stale" IP in ippool
On Wed, Dec 22, 2004 at 07:10:32PM +0100, Alfred H. Dahl wrote: > > > >> If a Mikrotik pppoe-server stops, or the accounting-stop-packet from > > >> the pppoe-server does not reach the radius-server, the IP-address is > > >> not freed from the ip_pool, meaning we get "stale" sessions in the > > >> IP-Pool. > > >Now I think about it, there's supposed to be an accounting packet that > >comes in when a NAS is shut down... I just don't recall if rlm_ippool > >processes it or not. ^_^ > > the rlm_ippool processes only the accounting_STOP-packets, (and, of course, > the start-packet as well) > I am not able to zap the IP from the pool using radzap - but as long as the > rlm_ippool processes accounting_stop-packets, I should be able to use > radclient, as in > "echo "User-Name = username, Password=password" | radclient > " > I am, however, unsure of how to construct this command line in order to send > an accounting_stop-packet. Anyone have any experience here? Isn't that what radzap does for you? -- Paul "TBBle" Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
bug with dead_time in multi threaded mode
Failover seems to work fine when the server is running in single
threaded mode, but not in multi-threaded mode. When the server is
started with the -X option, I see the failed server marked dead when
nothing is returned from the proxy. When it is started with -xxx, I
don't see the server marked dead and all subsequent requests are sent to
the first server. Is this a bug?
Proxy.conf:
realm failover_org {
type = radius
authhost = 10.0.0.212:1812
secret = foo
}
realm failover_org {
type = radius
authhost = 10.0.0.25:1812
secret = rp
ld_flag = fail_over
dead_time = 60
}
Debug when started with -X
Sending Access-Request of id 0 to 10.0.0.212:1812
NAS-IP-Address = 10.0.0.112
NAS-Identifier = "CSD"
NAS-Port = 1
Calling-Station-Id = "00:0D:93:7F:58:24"
User-Name = "lynn"
User-Password = "lynn"
Proxy-State = 0x313430
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Re-sending Access-Request of id 0 to 10.0.0.212:1812
NAS-IP-Address = 10.0.0.112
NAS-Identifier = "CSD"
NAS-Port = 1
Calling-Station-Id = "00:0D:93:7F:58:24"
User-Name = "lynn"
User-Password =
"\377\374\225\223M\217\017\301x\250\003\371\346+i\357"
Client-IP-Address = 127.0.0.1
Stripped-User-Name = "lynn"
Realm = "failover_org"
Realm = "failover_org"
Proxy-State = 0x313430
Waking up in 5 seconds...
--- Walking the entire request list ---
Re-sending Access-Request of id 0 to 10.0.0.212:1812
NAS-IP-Address = 10.0.0.112
NAS-Identifier = "CSD"
NAS-Port = 1
Calling-Station-Id = "00:0D:93:7F:58:24"
User-Name = "lynn"
User-Password =
"\377\374\225\223M\217\017\301x\250\003\371\346+i\357"
Client-IP-Address = 127.0.0.1
Stripped-User-Name = "lynn"
Realm = "failover_org"
Realm = "failover_org"
Proxy-State = 0x313430
Waking up in 5 seconds...
--- Walking the entire request list ---
Server rejecting request 0.
Sending Access-Reject of id 140 to 127.0.0.1:33251
marking authentication server 10.0.0.212:1812 for realm failover_org
dead
Waking up in 0 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 140 with timestamp 41cb150a
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 127.0.0.1:33252, id=12,
length=93
NAS-IP-Address = 10.0.0.112
NAS-Identifier = "CSD"
NAS-Port = 1
Calling-Station-Id = "00:0D:93:7F:58:24"
User-Name = "[EMAIL PROTECTED]"
User-Password = "lynn"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: Looking up realm "failover_org" for User-Name =
"[EMAIL PROTECTED]"
rlm_realm: Found realm "failover_org"
rlm_realm: Adding Stripped-User-Name = "lynn"
rlm_realm: Proxying request from user lynn to realm failover_org
rlm_realm: Adding Realm = "failover_org"
rlm_realm: Preparing to proxy authentication request to realm
"failover_org"
modcall[authorize]: module "suffix" returns updated for request 1
rlm_realm: Request already proxied. Ignoring.
modcall[authorize]: module "realmslash" returns noop for request 1
rlm_realm: Request already proxied. Ignoring.
modcall[authorize]: module "backslash" returns noop for request 1
rlm_realm: Request already proxied. Ignoring.
modcall[authorize]: module "realmpercent" returns noop for request 1
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 1
users: Matched DEFAULT at 12
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns updated for request 1
Sending Access-Request of id 0 to 10.0.0.25:1812
NAS-IP-Address = 10.0.0.112
NAS-Identifier = "CSD"
NAS-Port = 1
Calling-Station-Id = "00:0D:93:7F:58:24"
User-Name = "lynn"
User-Password = "lynn"
Proxy-State = 0x3132
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Accept packet from host 10.0.0.25:1812, id=0, length=99
Cisco-AVPair = ""ssid=momo230""
Tunnel-Type:1 = VLAN
Tunnel-Medium-Type:1 = IEEE-802
Tunnel-Private-Group-Id:1 = "30"
Framed-IP-Address = 255.255.255.255
Proxy-State = 0x3132
Class =
0x434953434f4143533a30303035396230632f30613030303037302f31
Processing the post-proxy section of radiusd.conf
Debug from -xxx
rad_recv: Access-Request packet from host 127.0.0.1:33365, id=237,
length=93
Fri Dec 24 14:30:21 2004 : Debug: --- Walking the entire request list
---
Fri
Re: log_badlogins with remote mysql db
Peter LaForest wrote: I do not have mysql installed on the freeradius machine (Debian Linux), so the script fails because it cannot find the mysql binary when it tries to use the temporary mysql batch file to write to the db. You don't need the mysql server, but you DO need the mysql client (not the libraries, which you only need at freeradius compile time)! For example, on Fedora the mysql client is provided by the mysql- rpm. -- Regards, Thor Spruyt E: [EMAIL PROTECTED] W: www.thor-spruyt.com M: +32 (0)475 67 22 65 Bestel nu uw exemplaar van Operationele verkoop (Walter Spruyt - Liesbeth Huysmans) via www.salesguide.be Ontdek de Telenet Hotspot service op www.telenet.be/hotspots - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
log_badlogins with remote mysql db
Hello all, Trying to use log_badlogins with a remote mysql db. I do not have mysql installed on the freeradius machine (Debian Linux), so the script fails because it cannot find the mysql binary when it tries to use the temporary mysql batch file to write to the db. I believe I should be able use mysql development libraries, or something along that line, without having to install mysql. I have the libmysqlclient library and development files already installed. Can I somehow point the script to the libraries to get it to work, or am I looking at some rewriting- perhaps using the perl mysql interface to connect to the db and write to the accounting table. Any thoughts would be appreciated. Thank you. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Huntgroups, ldap, groupofnames
On Dec 22, 2004, at 12:57 PM, Dustin Doris wrote: I cliped some of your message and only left the relevant parts. The packet you show came from the NASIP of 149.28.3.101, not 192.168.1.10. Is that your entire huntgroups file you showed? If so, this isn't matching the rule in the users file because its not in that huntgroup. Sorry I was trying to substitute out the IP's, the IP's do actually match up. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
regarding "stale" IP in ippool
> >> If a Mikrotik pppoe-server stops, or the accounting-stop-packet from > >> the pppoe-server does not reach the radius-server, the IP-address is > >> not freed from the ip_pool, meaning we get "stale" sessions in the > >> IP-Pool. >Now I think about it, there's supposed to be an accounting packet that >comes in when a NAS is shut down... I just don't recall if rlm_ippool >processes it or not. ^_^ the rlm_ippool processes only the accounting_STOP-packets, (and, of course, the start-packet as well) I am not able to zap the IP from the pool using radzap - but as long as the rlm_ippool processes accounting_stop-packets, I should be able to use radclient, as in "echo "User-Name = username, Password=password" | radclient " I am, however, unsure of how to construct this command line in order to send an accounting_stop-packet. Anyone have any experience here? -- Med vennlig hilsen/Sincerely Alfred H. Dahl Hostmaster Élla Kommunikasjon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Huntgroups, ldap, groupofnames
> I'm trying to get freeradius (1.0.1) working with huntgroups and ldap > groups, after toying with this for a few days and searching the mailing > list I still can't seem to make it work, perhaps someone can assist. > > huntgroups: > apsdialin NAS-IP-Address == 192.168.1.10 > > users: > > DEFAULT Huntgroup-Name == "apsdialin", Ldap-Group != > "cn=dialin,ou=radiusgroups,dc=myhost", Auth-Type := Reject > Fall-Through = no > > DEFAULT Auth-Type := Reject > > > radtest testuser testuser 192.168.1.20 10 testing123 0 192.168.1.10 > > This is from the host 192.168.1.10, that testuser is in the "apsdialin" > group so it should be allowed access, which it is. If I remove the user > from the group they are still allowed access though! > > radiusd -X: > rad_recv: Access-Request packet from host 149.28.3.101:52461, id=219, > length=66 > User-Name = "testuser" > User-Password = "testuser" > NAS-IP-Address = 149.28.3.101 > NAS-Port = 10 > Framed-Protocol = PPP >Processing the authorize section of radiusd.conf I cliped some of your message and only left the relevant parts. The packet you show came from the NASIP of 149.28.3.101, not 192.168.1.10. Is that your entire huntgroups file you showed? If so, this isn't matching the rule in the users file because its not in that huntgroup. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Switching from Cistron radius to Free radius
Le jeudi 16 décembre 2004 à 10:49 -0500, Lisa Casey a écrit : > Hi, > > I have a radius server currently authenticating dialup users using Cistron. > I'm in the process of switching over to Free radius. I have downloaded and > installed Free radius 1.0.1 and have edited radiusd.conf to suit my needs. I > haven't started using it yet in place of Cistron but I'm about ready to. I > have a qauestion though: > > In .../freeradius-1.0.1/scripts there is a script to start the radius daemon > called rc.radiusd. My cistron is currently started with a script in > /etc/init.d called radiusd. Should I just copy rc.radiusd to /etc/init.d > then rename it radiusd? > > Actually, in .../freeradius-1.0.1/scripts, there are two scripts: > rc.radiusd and rc.radiusd.in What's the difference between these and which > should I use? rc.radiusd is generated from rc.radiusd.in at build-time. The one you should use is rc.radiusd, unless you want to fix things and submit your changes to FreeRADIUS. > Thanks, > > Lisa Casey - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius and multiple mysql servers
yes
doc/configurable_failover
Brian
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Wade
Kemp
Sent: Wednesday, December 22, 2004 11:29 AM
To: freeradius-users@lists.freeradius.org
Subject: freeradius and multiple mysql servers
Pardon my asking but I have not been able to find a definitive answer.
Can Freeradius send accounting packets to multiple mysql servers?
i.e.
accounting {
sql1
sql2
}
Wade
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius and multiple mysql servers
Pardon my asking but I have not been able to find a definitive answer.
Can Freeradius send accounting packets to multiple mysql servers?
i.e.
accounting {
sql1
sql2
}
Wade
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/TLS, EAP-TTLS with LDAP
Tomasz Wolniewicz <[EMAIL PROTECTED]> wrote: > Does someone have an idea how to switch off LDAP for processing of the > outer part of the EAP-TTLS message? Put ldap into an Atz-Type block, and configure the server to call the block only in the conditions you want it to be called. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dynamic Authorization Extensions to RADIUS
"xuxu" <[EMAIL PROTECTED]> wrote: > Does Freeradius implement the Dynamic Authorization Extensions= > discribed in RFC3576 ? No. As always, patches are welcome. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with passwords
Hello,
I change it already but it keeps reject
me...
pap
{#
encryption_scheme
=crypt
encryption_scheme = clear
}
I don't know what else must change...
Your PAP works with this change?
Kyriaki Gali,IT Applications SpecialistKinetix Tele.com Support
Center,Tel & Fax: +30 2310 256140GSM: +30 6947 723737http://www.kinetix.gre-mail: [EMAIL PROTECTED]
- Original Message -
From:
vamsikv
To: freeradius-users@lists.freeradius.org
Sent: Wednesday, December 22, 2004 3:58
PM
Subject: RE: Problem with passwords
I also encountered the same problem.For this to work i made
one change in the radiusd.conf i.e
encryption-scheme = clear
Please let me know if i am
missing anything.
Thanks in
Advance,
vamsi
-Original Message-From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]On Behalf Of
Kyriaki GaliSent: Wednesday, 22 December 2004 8:00
PMTo: freeradius-users@lists.freeradius.orgSubject:
Problem with passwords
Hello, does anyone know what is the difference
between CHAP-Password and PAP-Password?
Because if i use CHAP working fine and if i
use PAP rejects me.
Thanks,
Kyriaki Gali,IT Applications
SpecialistKinetix Tele.com Support Center,Tel & Fax: +30 2310
256140GSM: +30 6947 723737http://www.kinetix.gre-mail: [EMAIL PROTECTED]***This
message is proprietary to Future Software Limited (FSL)and is intended
solely for the use of the individual to whom itis addressed. It may
contain privileged or confidential informationand should not be circulated
or used for any purpose other than forwhat it is intended.If you
have received this message in error, please notify theoriginator
immediately. If you are not the intended recipient,you are notified that
you are strictly prohibited from using,copying, altering, or disclosing
the contents of this message.FSL accepts no responsibility for loss or
damage arising fromthe use of the information transmitted by this email
includingdamage from
virus.***
RE: Problem with passwords
I also encountered the same problem.For this to work i made one change in the radiusd.conf i.e encryption-scheme = clear Please let me know if i am missing anything. Thanks in Advance, vamsi -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Kyriaki GaliSent: Wednesday, 22 December 2004 8:00 PMTo: freeradius-users@lists.freeradius.orgSubject: Problem with passwords Hello, does anyone know what is the difference between CHAP-Password and PAP-Password? Because if i use CHAP working fine and if i use PAP rejects me. Thanks, Kyriaki Gali,IT Applications SpecialistKinetix Tele.com Support Center,Tel & Fax: +30 2310 256140GSM: +30 6947 723737http://www.kinetix.gre-mail: [EMAIL PROTECTED] *** This message is proprietary to Future Software Limited (FSL) and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. FSL accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus. ***
Re: realm setup problem
> I try to setup proxy and realm for freeradius
> in my forwarding server, in the proxy.conf file, it
> looks like this:
What is setup in radiusd.conf to determine realm? If you are using
something like suffix, then it would determine on the username. ie:
[EMAIL PROTECTED] and your proxy.conf file would show
realm test.com {
...
}
>
> realm 200.200.230.136 {
> type= radius
> authhost= radius.200.200.230.136:1812
> accthost= radius.200.200.230.136:1813
> secret = amin
> }
authhost and accthost should be either an IP or fully qualified domain
name. ie: radius.test.com or 200.200.230.136, not radius.200.200.x.x.
>
> The IP of the forwarding server is 200.200.230.132
>
> at the remote server, the client.conf looks like
> this..
>
>
> client 200.200.230.132 {
> secret = amin
> shortname = 200.200.230.132
> login = amin
> password= amin
> }
>
> When i try to run the radiusd -X, at the forwarding
> server, it stoped at ..reading realm
> files..host 200.200.230.136 not found
> then it stoped totally..
You say you have .132 in clients.conf, but the radius packet came from
.136. You need to add that IP as well to clients.conf.
> Another Problem is in one seperate server I run
> FreeRADIUS. Client.conf are set to listen to client
> 200.200.230.148
> but still in the debug mode the ignore messages
> appeared receiving from unknown
> client...200.200.230.148, why is this happen? Or I
> missed something again?
> Thanks for your help...really really appreciate it.
>
You need to add that IP to clients.conf as well.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP/TLS, EAP-TTLS with LDAP
I expect my users to athenticate with either EAP/TLS or EAP-TTLS/PAP. In the first case User-Name is processed twice, first the outer identity, and later the inner one. Actually I have no interest in processing the outer identity as this only serves setting up the correct realm, but the uid has no meaning. It turns out that I search the whole user database and throw away the result, which seems like a big waste of resources. And to make things worse, this goes on with every packet of the conversation. I have figured out a way of dealing with this, by returning from the authorize list whenever eap returns updated, unfortunately this does not work with TTLS in which case the outer identity is THE one that we are interested in. Does someone have an idea how to switch off LDAP for processing of the outer part of the EAP-TTLS message? Tomasz -- Tomasz Wolniewicz [EMAIL PROTECTED]http://www.uni.torun.pl/~twoln Uczelniane Centrum Informatyczne Information&Communication Technology Centre Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University, pl. Rapackiego 1, Torun pl. Rapackiego 1, Torun, Poland tel: +48-56-611-2750 fax: +48-56-622-1850 tel kom.: +48-693-032-576 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with passwords
On Wed, 22 Dec 2004, Kyriaki Gali wrote: Hello, does anyone know what is the difference between CHAP-Password and PAP-Password? Because if i use CHAP working fine and if i use PAP rejects me. http://www.freeradius.org/faq/#4.4 Thanks, Kyriaki Gali, IT Applications Specialist Kinetix Tele.com Support Center, Tel & Fax: +30 2310 256140 GSM: +30 6947 723737 http://www.kinetix.gr e-mail: [EMAIL PROTECTED] -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with passwords
Hello, does anyone know what is the difference between CHAP-Password and PAP-Password? Because if i use CHAP working fine and if i use PAP rejects me. Thanks, Kyriaki Gali,IT Applications SpecialistKinetix Tele.com Support Center,Tel & Fax: +30 2310 256140GSM: +30 6947 723737http://www.kinetix.gre-mail: [EMAIL PROTECTED]
Re: where i put restrictions to users
EAP-TTLS (and I'm assuming PEAP, but I don't use it) will only allow network use if authentication succeeds. On Wed, 22 Dec 2004 12:50:26 +, Antonio Carola <[EMAIL PROTECTED]> wrote: > Hi, > > i have a some doubts, > > i trying to put wireless authentication with freeradius, > > I have a freeradius running in machine with ip 10.10.96.128, acess point > in ip 10.10.96.150 . > > I use my laptop for client, i connect with acess point and i have network. > > I try radiusclient with a user and i receive accepts and rejects. > > How to only have network when i put username e password, or either where > i put restrictions to users ? > > tanks, > Antonio Carola > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Justin Guidroz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql seg fault
Am Mi, den 22.12.2004 schrieb Mathias Röhl um 13:28: > Am Mi, den 22.12.2004 schrieb Mathias Röhl um 11:47: > Seems so I forgot to read the Documentation > > "In order to build the drivers, you MUST ALSO install the development > versions of the database." > Hm'kay, I'll try it again Hi I did this, installed the libmysqlclient-dev.deb package and in the /src/modules/rlm_sql I did ./configure make && make install. Same with rlm_sql_mysql. LD_LIBRARY_PATH is correct set to /usr/local/lib. But after starting radius -X it says - sql: safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" rlm_sql (sql): Could not link driver rlm_sql_mysql: /usr/local/lib/rlm_sql_mysql.a: invalid ELF header rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. --- The gdb says sql: safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1076734432 (LWP 13679)] 0x0809059e in lt_dlsym (handle=0x81a7668, symbol=0x81a4038 "rlm_sql_freetds") at ltdl.c:3330 3330 lensym = LT_STRLEN (symbol) + LT_STRLEN (handle->loader->sym_prefix) (gdb) bt #0 0x0809059e in lt_dlsym (handle=0x81a7668, symbol=0x81a4038 "rlm_sql_freetds") at ltdl.c:3330 #1 0x080702ae in rlm_sql_instantiate (conf=0x81a4038, instance=0xf) at rlm_sql.c:682 #2 0x08059763 in find_module_instance (instname=0x80f4130 "sql") at modules.c:358 #3 0x0805ac4d in do_compile_modsingle (component=3, ci=0x80f4110, filename=0x80972f4 "radiusd.conf", grouptype=0, modname=0xbfffeae8) at modcall.c:814 #4 0x0805add2 in compile_modsingle (component=3, ci=0xf, filename=0xf , modname=0xf) at modcall.c:829 #5 0x08059c6d in load_component_section (cs=0x80f40a0, comp=3, filename=0x80972f4 "radiusd.conf") at modules.c:584 #6 0x0805a044 in setup_modules () at modules.c:874 #7 0x08050bfd in main (argc=2, argv=0xbd34) at radiusd.c:965 -- May be I forget something to doI don't think this is a bug... thx in advance for kindly help regards [EMAIL PROTECTED] -- TANK!!! I need an exit!! FAAAST!!! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
where i put restrictions to users
Hi, i have a some doubts, i trying to put wireless authentication with freeradius, I have a freeradius running in machine with ip 10.10.96.128, acess point in ip 10.10.96.150 . I use my laptop for client, i connect with acess point and i have network. I try radiusclient with a user and i receive accepts and rejects. How to only have network when i put username e password, or either where i put restrictions to users ? tanks, Antonio Carola - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql seg fault
Am Mi, den 22.12.2004 schrieb Mathias Röhl um 11:47: > Hi > Seems so I forgot to read the Documentation "In order to build the drivers, you MUST ALSO install the development versions of the database." Hm'kay, I'll try it again regards [EMAIL PROTECTED] -- TANK!!! I need an exit!! FAAAST!!! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius client unknown
This is the debug mode
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file:
/usr/local/etc/raddb/proxy.conf
Config: including file:
/usr/local/etc/raddb/clients.conf
Config: including file:
/usr/local/etc/raddb/snmp.conf
Config: including file:
/usr/local/etc/raddb/eap.conf
Config: including file:
/usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir =
"/usr/local/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file =
"/usr/local/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile =
"/usr/local/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will
go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean
output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded preprocess
preprocess: huntgroups =
"/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded SQL
sql: driver = "rlm_sql_mysql"
sql: server = "localhost"
sql: port = ""
sql: login = "radius"
sql: password = "radius"
sql: radius_db = "radius"
sql: acct_table = "radacct"
sql: acct_table2 = "radacct"
sql: authcheck_table = "radcheck"
sql: authreply_table = "radreply"
sql: groupcheck_table = "radgroupcheck"
sql: groupreply_table = "radgroupreply"
sql: usergroup_table = "usergroup"
sql: nas_table = "nas"
sql: dict_table = "dictionary"
sql: sqltrace = no
sql: sqltracefile =
"/usr/local/var/log/radius/sqltrace.sql"
sql: readclients = no
sql: deletestalesessions = yes
sql: num_sql_socks = 5
sql: sql_user_name = "%{User-Name}"
sql: default_user_profile = ""
sql: query_on_not_found = no
sql: authorize_check_query =
.
sql: group_membership_query = "SELECT GroupName FROM
usergroup WHERE UserName='%{SQL-User-Name}'"
sql: connect_failure_retry_delay = 60
sql: simul_count_query = ""
sql: simul_verify_query = "SELECT RadAcctId,
AcctSessionId, UserName, NASIPAddress, NASPortId,
FramedIPAddress, CallingStationId, FramedProtocol FROM
radacct WHERE UserName='%{SQL-User-Name}' AND
AcctStopTime = 0"
sql: postauth_table = "radpostauth"
sql: postauth_query = "INSERT into radpostauth (id,
user, pass, reply, date) values ('', '%{User-Name}',
'%{User-Password:-Chap-Password}',
'%{reply:Packet-Type}', NOW())"
sql: safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:
/"
rlm_sql (sql): Driver rlm_sql_mysql (module
rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to
[EMAIL PROTECTED]:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_my
mysql seg fault
Hi
I installed fr from the source, also openssl, and tested with EAP/TLS
and it works fine. So far...Now I want to do it with LDAP and MYSQL,
LDAP for users and MYSQL for storing accounting informations. I
configured in rlm_ldap and rlm_sql and after doing this I started radius
-X -A, but nwo I got a segmentation fault. Looks like this
Module: Loaded SQL
sql: driver = "rlm_sql_mysql"
sql: server = "localhost"
sql: port = ""
sql: login = "root"
sql: password = "bintec"
sql: radius_db = "radius"
sql: acct_table = "radacct"
sql: acct_table2 = "radacct"
sql: authcheck_table = "radcheck"
sql: authreply_table = "radreply"
sql: groupcheck_table = "radgroupcheck"
sql: groupreply_table = "radgroupreply"
sql: usergroup_table = "usergroup"
sql: nas_table = "nas"
sql: dict_table = "dictionary"
sql: sqltrace = no
sql: sqltracefile = "/usr/local//var/log/radius/sqltrace.sql"
sql: readclients = no
sql: deletestalesessions = yes
sql: num_sql_socks = 5
sql: sql_user_name = "%{User-Name}"
sql: default_user_profile = ""
sql: query_on_not_found = no
sql: authorize_check_query = "SELECT id,UserName,Attribute,Value,op
FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id"
sql: authorize_reply_query = "SELECT id,UserName,Attribute,Value,op
FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id"
sql: authorize_group_check_query = "SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}'
AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id"
sql: authorize_group_reply_query = "SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}'
AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id"
sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S',
AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime),
AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay =
'%{Acct-Delay-Time}' WHERE AcctSessionTime=0 AND AcctStopTime=0 AND
NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'"
sql: accounting_update_query = "UPDATE radacct ? SET FramedIPAddress =
'%{Framed-IP-Address}', ? AcctSessionTime = '%{Acct-Session-Time}', ?
AcctInputOctets = '%{Acct-Input-Octets}', ? AcctOutputOctets =
'%{Acct-Output-Octets}' ? WHERE AcctSessionId = '%{Acct-Session-Id}' ?
AND UserName = '%{SQL-User-Name}' ? AND NASIPAddress=
'%{NAS-IP-Address}'"
sql: accounting_update_query_alt = "INSERT into radacct (AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,
AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start,
AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId,
ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay)
values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} +
%{Acct-Delay-Time:-0}) SECOND), '%{Acct-Session-Time}',
'%{Acct-Authentic}', '', '%{Acct-Input-Octets}',
'%{Acct-Output-Octets}', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}', '0')"
sql: accounting_start_query = "INSERT into radacct (AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,
AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic,
ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets,
CalledStationId, CallingStationId, AcctTerminateCause, ServiceType,
FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay)
values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', '%S', '0', '0',
'%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0',
'%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}',
'%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}',
'0')"
sql: accounting_start_query_alt = "UPDATE radacct SET AcctStartTime =
'%S', AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start =
'%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND
UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'"
sql: accounting_stop_query = "UPDATE radacct SET AcctStopTime = '%S',
AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets =
'%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}',
AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay =
'%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}' WHERE
AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}'
AND NASIPAddress = '%{NAS-IP-Address}'"
sql: accounting_stop_query_alt = "INSERT into radacct (AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NA
Realm proxy setup probs
I try to setup proxy and realm for freeradius
in my forwarding server, in the proxy.conf file, it
looks like this:
realm 200.200.230.136 {
type= radius
authhost= radius.200.200.230.136:1812
accthost= radius.200.200.230.136:1813
secret = amin
}
The IP of the forwarding server is 200.200.230.132
at the remote server, the client.conf looks like
this..
client 200.200.230.132 {
secret = amin
shortname = 200.200.230.132
login = amin
password= amin
}
When i try to run the radiusd -X, at the forwarding
server, it stoped at ..reading realm
files..host 200.200.230.136 not found
then it stoped totally..
can I just put the IP address of the remote server
just like that? which part of configuration file that
I missed to alter?
Another Problem is in one seperate server I run
FreeRADIUS. Client.conf are set to listen to client
200.200.230.148
but still in the debug mode the ignore messages
appeared receiving from unknown
client...200.200.230.148, why is this happen? Or I
missed something again?
Thanks for your help...really really appreciate it.
__
Do you Yahoo!?
Meet the all-new My Yahoo! - Try it today!
http://my.yahoo.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
