radwtmp woes (was radutmp woes)
On Sun, Jan 16, 2005 at 11:15:35PM -0600, Sam Morris wrote: >> After much hair pulling I have Freeradius 1.0.1 working nearly 100%. >> But I'm having issues with radutmp (at least I think that's where the >> trouble lies). >> When I do a radlast, it says this: >> >> [EMAIL PROTECTED] radius]# radlast >> >> radwtmp begins Sun Jan 16 17:00:27 2005 >Radlast uses radwtmp, radutmp is used by radwho... radutmp has it's own >module, but radwtmp is written by the unix module, which I'm gonna guess >you've disabled since you're not using unix accounts to authenticate. >If that's true, you can just put the unix instance in the accounting >section, and all if will do is write to radwtmp. (Which is pretty neat, >actually. ^_^) What do you mean when you say "If that's true, you can just put the unix instance in the accounting section, and all if will do is write to radwtmp." radwtmp is getting written - it's currently 723k after running for a day and a half. Actually, I didn't (at least intentionally) diable the unix module, at least not knowingly. I think that /etc/passwd and /etc/shadow are the only mechanisms my dialup customers have of authenticating. > So it is authenticating people and logging those authentications > just fine. It's also writing the detail files in /var/log/radius/radacct/ > The radutmp and radwtmp files ARE getting written in > /var/log/radius/ It's as if radlast just doesn't want to read them, or else it doesn't like the format in which they are being written. Would it be helpful to post part of my users file? I've been struggling with this for about three days now, and other than this list, have no place else I can turn for help. Thanks, Sam -- Sam Morris, Owner Loganet Internet Service Logan IA, United States of America 712-644-3578 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL db failover
One more thing related to SQL accounting...
Everytime I received error "Stop packet with zero session length"...
Accounting will be stored in both sql1 & sq2.. please refer debug log..
should I change noop= to something else instead of below...???
--haizam
group {
sql1 {
fail=1
notfound=return
noop=2
ok=return
updated=3
reject=return
userlock=4
invalid=5
handled=6
}
sql2 {
< same as above>
}
}
##
radius_xlat: 'UPDATE radacct SET AcctStopTime = '2005-01-18 10:39:34',
AcctSessionTime = '', AcctInputOctets =
'', AcctOutputOctets = '', AcctTerminateCause = '', AcctStopDelay = '0',
ConnectInfo_stop = '' WHERE AcctSessi
onId = '442225381' AND UserName = '' AND NASIPAddress = '161.142.17.2''
rlm_sql (sql1): Reserving sql socket id: 4
radius_xlat: 'rlm_sql: Stop packet with zero session length. (user '', nas
'161.142.17.2')'
rlm_sql: Stop packet with zero session length. (user '', nas
'161.142.17.2')
rlm_sql (sql1): Released sql socket id: 4
radius_xlat: 'INSERT into radacct (AcctSessionId, AcctUniqueId, UserName,
Realm, NASIPAddress, NASPortId, NASP
ortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic,
ConnectInfo_start, ConnectInfo_stop, Acct
InputOctets, AcctOutputOctets, CalledStationId, CallingStationId,
AcctTerminateCause, ServiceType, FramedProtoc
ol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('442225381',
'18e9d9976b13739f', '', '', '161.142.17
.2', '10202', 'Sync', DATE_SUB('2005-01-18 10:39:34', INTERVAL (0 + 0)
SECOND), '2005-01-18 10:39:34', '', '',
'', '', '', '', '9915600', '0320529716', '', '', '', '', '0', '0')'
rlm_sql (sql1): Released sql socket id: 4
modcall[accounting]: module "sql1" returns noop for request 132
radius_xlat: ''
radius_xlat: 'UPDATE radacct SET AcctStopTime = '2005-01-18 10:39:34',
AcctSessionTime = '', AcctInputOctets =
'', AcctOutputOctets = '', AcctTerminateCause = '', AcctStopDelay = '0',
ConnectInfo_stop = '' WHERE AcctSessi
onId = '442225381' AND UserName = '' AND NASIPAddress = '161.142.17.2''
rlm_sql (sql2): Reserving sql socket id: 4
radius_xlat: 'rlm_sql: Stop packet with zero session length. (user '', nas
'161.142.17.2')'
rlm_sql: Stop packet with zero session length. (user '', nas
'161.142.17.2')
rlm_sql (sql2): Released sql socket id: 4
radius_xlat: 'INSERT into radacct (AcctSessionId, AcctUniqueId, UserName,
Realm, NASIPAddress, NASPortId, NASP
ortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic,
ConnectInfo_start, ConnectInfo_stop, Acct
InputOctets, AcctOutputOctets, CalledStationId, CallingStationId,
AcctTerminateCause, ServiceType, FramedProtoc
ol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('442225381',
'18e9d9976b13739f', '', '', '161.142.17
.2', '10202', 'Sync', DATE_SUB('2005-01-18 10:39:34', INTERVAL (0 + 0)
SECOND), '2005-01-18 10:39:34', '', '',
'', '', '', '', '9915600', '0320529716', '', '', '', '', '0', '0')'
rlm_sql (sql2): Released sql socket id: 4
modcall[accounting]: module "sql2" returns noop for request 132
modcall: group group returns noop for request 132
modcall: group accounting returns ok for request 132
Sending Accounting-Response of id 101 to 161.142.17.2:1027
Finished request 132
Going to the next request
###
- Original Message -
From: "Alan DeKok" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, January 18, 2005 00:40
Subject: Re: SQL db failover
"Rohaizam Abu Bakar" <[EMAIL PROTECTED]> wrote:
But before that.. I tried to use the simplified one using "redundant" as
below:-
redundant {
sql1
sql2
}
But seems everytime accounting record being sent.. I will store in both
of
the mysql server... not the first one that return OK.. why???
It's a known bug. See bugs.freeradius.org
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Installing FreeRadius on RedHat 9 with MySql
C. Townsend said: > > > I've been attempting to install FreeRadius on a RH9 server with MySQL. > > I've gotten MySql installed with some coaxing as well as running the > Creation scripts for the MySQL schema. > /src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sql > > The configure seems to work alright. > When I execute the make I get the following error messages: Did you install the mysql-devel rpms? I had the same errors when I had the incorrect libaries installed. -- Lewis Bergman Texas Communications 4309 Maple ST. Abilene, TX 79602 325-695-6962 ext 115 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Solaris vs. Linux: eap - mschap - mschapv2 failure: smbencryptNT-pa ssword hash different for Sparc and Intel
On Mon, Jan 17, 2005 at 07:01:22PM +0100, [EMAIL PROTECTED] wrote: > Ok, summary: > 1. EAP on Solaris fails, EAP on Linux works. > 2. Version problems with freeradius can be excluded, can we ? Try the current 1.0.2 snapshot from the CVS release_1_0 tree. This could be a bigendian/64 bit issue with the md4 code, which was broken (by me) in FreeRADIUS 1.0.1. I'm pretty sure ms-chap uses md4. ^_^ > 4. Check of smbencrypt: >/usr/bin/smbencrypt y >LM Hash-Solaris 5EE48ABDB55D077DAAD3B435B51404EE >LM Hash-Linux 5EE48ABDB55D077DAAD3B435B51404EE >NT Hash-Solaris DA2798D017BDEBFD4A515999FBF0C1D3 >NT Hash-Linux 075F36789B3133386FBCD952ED3FC23F -- Paul "TBBle" Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dynamic IP addres on EAP/TLS session
On Mon, Jan 17, 2005 at 09:49:48AM -0600, Justin Guidroz wrote: > I'm running Freeradius on the same server that also serves as my LDAP > server, DHCP server, and DNS server, and I have had no problems > getting DHCP addresses using EAP-TTLS or EAP-TLS. Does the EAP gateway thingy relay DHCP requests to your FreeRADIUS box? -- Paul "TBBle" Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Installing FreeRadius on RedHat 9 with MySql
I've been attempting to install FreeRadius on a RH9 server with MySQL. I've gotten MySql installed with some coaxing as well as running the Creation scripts for the MySQL schema. /src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sql The configure seems to work alright. When I execute the make I get the following error messages: sql_mysql.c:39:20: errmsg.h: No such file or directory sql_mysql.c:40:19: mysql.h: No such file or directory sql_mysql.c:47: parse error before "MYSQL" sql_mysql.c:47: warning: no semicolon at end of struct or union sql_mysql.c:48: warning: type defaults to `int' in declaration of `sock' sql_mysql.c:48: warning: data definition has no type or storage class sql_mysql.c:49: parse error before '*' token sql_mysql.c:49: warning: type defaults to `int' in declaration of `result' sql_mysql.c:49: warning: data definition has no type or storage class sql_mysql.c:51: parse error before '}' token sql_mysql.c:51: warning: type defaults to `int' in declaration of `rlm_sql_mysql_sock' sql_mysql.c:51: warning: data definition has no type or storage class sql_mysql.c: In function `sql_init_socket': sql_mysql.c:62: `mysql_sock' undeclared (first use in this function) sql_mysql.c:62: (Each undeclared identifier is reported only once sql_mysql.c:62: for each function it appears in.) sql_mysql.c:65: parse error before ')' token sql_mysql.c:76: warning: implicit declaration of function `mysql_init' sql_mysql.c:77: warning: implicit declaration of function `mysql_real_connect' sql_mysql.c:84: `CLIENT_FOUND_ROWS' undeclared (first use in this function) sql_mysql.c:86: warning: implicit declaration of function `mysql_error' sql_mysql.c:86: warning: format argument is not a pointer (arg 3) sql_mysql.c: In function `sql_check_error': sql_mysql.c:122: `CR_SERVER_GONE_ERROR' undeclared (first use in this function) sql_mysql.c:123: `CR_SERVER_LOST' undeclared (first use in this function) sql_mysql.c:131: `CR_OUT_OF_MEMORY' undeclared (first use in this function) sql_mysql.c:132: `CR_COMMANDS_OUT_OF_SYNC' undeclared (first use in this function) sql_mysql.c:133: `CR_UNKNOWN_ERROR' undeclared (first use in this function) sql_mysql.c: In function `sql_query': sql_mysql.c:151: `mysql_sock' undeclared (first use in this function) sql_mysql.c:160: warning: implicit declaration of function `mysql_query' sql_mysql.c:161: warning: implicit declaration of function `mysql_errno' sql_mysql.c: In function `sql_store_result': sql_mysql.c:175: `mysql_sock' undeclared (first use in this function) sql_mysql.c:181: warning: implicit declaration of function `mysql_store_result' sql_mysql.c:184: warning: format argument is not a pointer (arg 3) sql_mysql.c: In function `sql_num_fields': sql_mysql.c:202: `mysql_sock' undeclared (first use in this function) sql_mysql.c:207: warning: implicit declaration of function `mysql_num_fields' sql_mysql.c:211: warning: format argument is not a pointer (arg 3) sql_mysql.c: In function `sql_num_rows': sql_mysql.c:257: `mysql_sock' undeclared (first use in this function) sql_mysql.c:260: warning: implicit declaration of function `mysql_num_rows' sql_mysql.c: In function `sql_fetch_row': sql_mysql.c:277: `mysql_sock' undeclared (first use in this function) sql_mysql.c:286: warning: implicit declaration of function `mysql_fetch_row' sql_mysql.c:286: warning: assignment makes pointer from integer without a cast sql_mysql.c: In function `sql_free_result': sql_mysql.c:305: `mysql_sock' undeclared (first use in this function) sql_mysql.c:308: warning: implicit declaration of function `mysql_free_result' sql_mysql.c: In function `sql_error': sql_mysql.c:327: `mysql_sock' undeclared (first use in this function) sql_mysql.c:332: warning: return makes pointer from integer without a cast sql_mysql.c: In function `sql_close': sql_mysql.c:346: `mysql_sock' undeclared (first use in this function) sql_mysql.c:349: warning: implicit declaration of function `mysql_close' sql_mysql.c: In function `sql_affected_rows': sql_mysql.c:395: `mysql_sock' undeclared (first use in this function) sql_mysql.c:397: warning: implicit declaration of function `mysql_affected_rows' gmake[10]: *** [sql_mysql.o] Error 1 gmake[9]: *** [common] Error 1 gmake[8]: *** [static] Error 2 gmake[7]: *** [common] Error 1 gmake[6]: *** [static] Error 2 gmake[5]: *** [common] Error 1 gmake[4]: *** [all] Error 2 gmake[3]: *** [common] Error 1 gmake[2]: *** [all] Error 2 gmake[1]: *** [common] Err
FreeRADIUS: Rejecting localhost/Not responding to requests
Hello, I am having trouble configuring our RADIUS server for use as a 802.11b authenticator. The box is running Debian Sarge with the FreeRADIUS package from apt-get install sources (1.0.1 I believe). As such, I have tried to follow the examples on http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2693413,00.html and also from the FreeRADIUS FAQ. Ideally, I would like to have the server setup so that the username is derived from the radio's MAC (both CPE or AP radios), and the password be the secret key shared by both the APs and the server. This way no customer intervention would be necessary (i.e. internet access without entering a password each time). I thought everything was setup correctly, but when I try to run a radtest on localhost from the server itself, it immediately rejects it. I have added it to the clients file (and tried adding to the users file as well, but to no avail). If I try to radtest on its actual IP address, it endlessly resends requests, and never returns a reply. It also doesn't let any client CPEs authenticate with it either, even though they are listed correctly (according to examples) in the users file, and the APs are listed in both users and clients.conf. If anyone could provide any insight on this problem, I would greatly appreciate it. If you need more information, or I didnt include something, please let me know and I'll be happy to respond. Thank you. -- kalen - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL and FreeRadius
Don, If you are in the directory where you unpacked freeradius it would be in: src/modules/rlm_sql/drivers/rlm_sql_mysql/ Hope that helps. D.J. On Mon, 17 Jan 2005 10:26:09 -0600, don <[EMAIL PROTECTED]> wrote: > Hello list, > > I am running freeradius and mysql on Gentoo Linux. > > I have installed mysql, but can't seem to find the file, db_mysql.sql, so > that I can create the radius database using the command: > > mysql -uroot -prootpass radius < db_mysql.sql > > Does anyone out there have a clue where db_mysql.sql is hiding? > > Thanks, > > Don James > Henderson, Texas USA > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Override proxy response
I am using FreeRADIUS 1.0.1 to authenticate MAC addresses (as username) from
various wireless access points. There is a master RADIUS server that
contains a list of valid usernames (MAC addresses) but I want to be able to
override that list for my local wireless access points.
I have configured FreeRADIUS to proxy requests to the master RADIUS server,
but the response of the master server is used regardless of my local users
file.
According to the doc/proxy file, the users file is to be processed as usual
after a proxy response is received. I take this to mean that a username
found in the users file will be used instead of any response given by the
master server.
What is the proper way to configure for proxy but maintain a list of users
that are accepted/rejected either without consulting the master server or
overriding the response from the master server?
Dennis Beach
Systems Engineer
RR Donnelley, Information Technology
(765) 364-4604 - phone
(765) 230-6111 - cellular
(765) 364-3056 - fax
[EMAIL PROTECTED]
-
My proxy.conf file contains:
realm LOCAL {
type = radius
authhost = LOCAL
accthost = LOCAL
}
realm NULL {
type = radius
authhost = masteripaddr:1645
accthost = masteripaddr:1646
secret= wirelesslan
}
realm DEFAULT {
type = radius
authhost = LOCAL
accthost = LOCAL
}
The following is a transcript of log messages from a connection attempt:
rad_recv: Access-Request packet from host 10.225.66.156:1645, id=16,
length=102
User-Name = "00022d37685a"
User-Password = "00022d37685a"
Called-Station-Id = "0002.8a5b.3c44"
Calling-Station-Id = "0002.2d37.685a"
NAS-Port-Type = Virtual
NAS-Port = 405
NAS-IP-Address = 10.225.66.156
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "00022d37685a", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "00022d37685a"
rlm_realm: Proxying request from user 00022d37685a to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Preparing to proxy authentication request to realm "NULL"
modcall[authorize]: module "suffix" returns updated for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched 00022d37685a at 54
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
Sending Access-Request of id 0 to 10.225.100.20:1645
User-Name = "00022d37685a"
User-Password = "00022d37685a"
Called-Station-Id = "0002.8a5b.3c44"
Calling-Station-Id = "0002.2d37.685a"
NAS-Port-Type = Virtual
NAS-Port = 405
NAS-IP-Address = 10.225.66.156
Proxy-State = 0x3136
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Reject packet from host 10.225.100.20:1645, id=0, length=24
Proxy-State = 0x3136
Processing the post-proxy section of radiusd.conf
modcall: entering group post-proxy for request 0
modcall[post-proxy]: module "eap" returns noop for request 0
modcall: group post-proxy returns noop for request 0
Login incorrect (Home Server says so): [00022d37685a/00022d37685a] (from
client cvlmfg-ap-0001 port 405 cli 0002.2d37.685a)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 16 to 10.225.66.156:1645
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 16 with timestamp 41ebf611
Nothing to do. Sleeping until we see a request.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Solaris vs. Linux: eap - mschap - mschapv2 failure: smbencryptNT-pa ssword hash different for Sparc and Intel
Sorry for the long subject :-) Have spent a few days on this setup and learned a lot from your mailinglist (thank you, Alan and everybody else) but I think there is a problem not covered, yet, between Solaris and Linux compiled code (?). Long story: We set up the following: WLAN and/or Cable Clients: WC-1. Windows 2003, DELL TrueMobile 1300 WLAN client, AEGIS client / driver for WPA WC-2. Windows XP, T-Sinus 154 Data WLAN client, WinXP SP1 and patch for WPA AccessPoints: AP-1. T-Sinus 154 DSL AP-2. Cisco Aironet 1200 FreeRadius Server: FR-1. Notebook with Suse 9.1, FreeRadius 1.0.0 FR-2. SUN Sparc E450 (64bit), Solaris 9, FreeRadius 1.0.0 and 1.0.1 Additionally, Java Enterprise System (JES) 2004 Q2, LDAP Dir.Server 5.2 Both WC-1, WC-2 can connect to either AP-x and access FR-1 and FR-2. FR-1 can use JES as backend for LDAP authentication. WLAN setup: Authentication type: PEAP Tunneled Protocol: EAP-MSCHAPv2 Server Identity:do not validate WEP managment: provide encryption key dynamically WPA mode:WPA 802.1X Encryption: TKIP Certificates built for EAP-TLS according FreeRadius Docs: /usr/local/radius/certs.sh cp -r /usr/local/radius/certs /usr/local/etc/raddb/ Verification and checks: radtest and radclient: PAM, UNIX, and LDAP for UNIX and PAM: chmod 404 /etc/passwd chmod 404 /etc/shadow All PATH mentioned below are from Solaris System (sorry): /usr/local/etc/raddb/users /usr/local/etc/raddb/clients.conf /usr/local/etc/raddb/radiusd.conf /usr/local/etc/raddb/ldap.attrmap Details can be provided ... but that is not the problem, because: I. Running WC-2 against FR-1 (Linux) "EAP with local backend" and "EAP with LDAP backend" (Solaris-JES) works fine. II. Running WC-2 against FR-2 (Solaris) "EAP with local backend" and "EAP with LDAP backend" (Solaris-JES) both fail (here the latter): from radiusd -X output --- rlm_ldap: performing search in dc=x,dc=de, with filter (uid=y) rlm_ldap: Password header not found in password 0x075F36789B3133386FBCD952ED3FC23F for user y rlm_ldap: looking for check items in directory... rlm_ldap: Adding displayname as NT-Password, value 0x075F36789B3133386FBCD952ED3FC23F & op=21 rlm_ldap: Adding displayname as LM-Password, value 0x075F36789B3133386FBCD952ED3FC23F & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: user y authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 7 modcall: group authorize returns updated for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 7 rlm_mschap: Found LM-Password rlm_mschap: Found NT-Password rlm_mschap: Told to do MS-CHAPv2 for y with NT-Password rlm_mschap: FAILED: MS-CHAP2-Response is incorrect < modcall[authenticate]: module "mschap" returns reject for request 7 modcall: group Auth-Type returns reject for request 7 end of radiusd -X output - -- This leads to the often -misleading- seen error further down the line: "Had sent TLV failure, rejecting." Ok, summary: 1. EAP on Solaris fails, EAP on Linux works. 2. Version problems with freeradius can be excluded, can we ? 3. Library problem ? Short description of possible source of trouble: Buildung FreeRadius LDAP support needs some fiddling: Download OpenLDAP Support from www.blastwave.org cp -r /opt/csw/include/* /usr/include/ to get /usr/include/ldap.h to hold all the definitions: LDAP_OPT_SUCCES LDAP_OPT_X_TLS_ ./configure --without-rlm_sql_iodbc --without-rlm_sql_mysql --without- rlm_sql_postgresql \ --without-rlm_sql_oracle --without- rlm_sql_unixodbc \ --with-rlm-ldap-include- dir=/opt/csw/include \ --with-openssl- includes=/usr/local/ssl/include\ --with-openssl-libraries=/usr/local/ssl/lib After this make & make install works with a lot of warnings. So, maybe a library problem? Not sure. 4. Check of smbencrypt: /usr/bin/smbencrypt y LM Hash-Solaris 5EE48ABDB55D077DAAD3B435B51404EE LM Hash-Linux 5EE48ABDB55D077DAAD3B435B51404EE NT Hash-Solaris DA2798D017BDEBFD4A515999FBF0C1D3 NT Hash-Linux 075F36789B3133386FBCD952ED3FC23F Compare this to the log (see above) and it seems t
WG: Re: Cisco Aironet 1100, PEAP , mschapv2 and freeradius
in case you are using WinXP with less than SP2 or Win2003 Server your problem is windows. WinXP needs SP1 and a patch from MS or SP2. Win2003 Server only works with commercial third party SW. Works fine here. Matthias Rumitz TC Unix / Netzwerke ADIVA Computertechnologie GmbH Norsk-Data-Str. 1 D-61352 Bad Homburg v.d.H. Fon: +49(0) 61 72 / 48 61 - 0 Fax: +49(0) 61 72 / 48 61 - 700 Web: http://www.adiva.de eMail: [EMAIL PROTECTED] Diese E-Mail Nachricht enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. This e-mail message may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. - Originalnachricht - Von: Dinko Korunic <[EMAIL PROTECTED]> Datum: Montag, Januar 17, 2005 6:32 pm Betreff: Re: Cisco Aironet 1100, PEAP , mschapv2 and freeradius > On Mon, Jan 17, 2005 at 05:53:22PM +0100, > [EMAIL PROTECTED] wrote: > > But when i try to authenticate with a windows supplicant using > > mschapv2, there is a problem. > > You are using *Microsoft* supplicant using *Microsoft* MS-CHAPv2 > implementation, and Cisco is only relaying PEAP to FreeRadius > server and > waiting for responses. > > > i read in file eap.conf > > > > # > > # This module is the *Microsoft* implementation of > MS-CHAPv2 > > # in EAP. There is another (incompatible) > implementation> # of MS-CHAPv2 in EAP by Cisco, > which FreeRADIUS does not > > # currently support. > > That isn't connected in any way with your problem, AFAIK. I'm using > several 1100 and 1200 APs and FreeRadius without any problem. > Check your > log, especially the bottom lines. > > -- > | |--..-. Dinko 'kreator' Korunic #include > |<| _| -__| http://kreator.esa.fer.hr/ | > http://kre.deviantart.com/|__|__|__| |_| PGP:0xEA160D0B | > IRC:kre | ICQ:16965294 | AIM:kreatorMoo > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco Aironet 1100, PEAP , mschapv2 and freeradius
On Mon, Jan 17, 2005 at 05:53:22PM +0100, [EMAIL PROTECTED] wrote: > But when i try to authenticate with a windows supplicant using > mschapv2, there is a problem. You are using *Microsoft* supplicant using *Microsoft* MS-CHAPv2 implementation, and Cisco is only relaying PEAP to FreeRadius server and waiting for responses. > i read in file eap.conf > > # > # This module is the *Microsoft* implementation of MS-CHAPv2 > # in EAP. There is another (incompatible) implementation > # of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not > # currently support. That isn't connected in any way with your problem, AFAIK. I'm using several 1100 and 1200 APs and FreeRadius without any problem. Check your log, especially the bottom lines. -- | |--..-. Dinko 'kreator' Korunic #include |<| _| -__| http://kreator.esa.fer.hr/ | http://kre.deviantart.com/ |__|__|__| |_| PGP:0xEA160D0B | IRC:kre | ICQ:16965294 | AIM:kreatorMoo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mysql an date limits
Hi all I was playing with the module rlm_sql counter and four operating modes were available, noreset, daily, monthly and annually counter resets. Is it posible to set an expiration date ??? i.e. I would set accounting livetine with or without time limits. Thanks :)
Re: MySQL and FreeRadius
Thanks! Please could you help with any guide to be able to install MySQL development package? Have done some googling! Pls help. - Original Message - From: Neil Craig To: freeradius-users@lists.freeradius.org Sent: Monday, January 17, 2005 5:58 PM Subject: Re: MySQL and FreeRadius I think you need MySQl development package installed >>> [EMAIL PROTECTED] 17/01/2005 16:52:48 >>> --- Alan DeKok <[EMAIL PROTECTED]> wrote: > "Mike-Olumide, Johnson" <[EMAIL PROTECTED]> > wrote: > > rlm_sql (sql): Could not link driver > rlm_sql_mysql: > > file not found > > rlm_sql (sql): Make sure it (and all its dependent > > libraries!) are in the search > > path of your system's ld. > > radiusd.conf[14]: sql: Module instantiation > failed. > > > > How can I correct this pls? > > Please read the FAQ. > > Alan DeKok. I have read the FAQ and chose to make & make install from source, but it returned with plenty errors as below. The other options with lib path and linker are strange as i couldn't figure out what to do. Will appreciate any help on this! ibraries have been installed in: /usr/local/lib If you ever happen to want to link against installed libraries in a given directory, LIBDIR, you must either use libtool, and specify the full pathname of the library, or use the `-LLIBDIR' flag during linking and do at least one of the following: - add LIBDIR to the `LD_LIBRARY_PATH' environment variable during execution - add LIBDIR to the `LD_RUN_PATH' environment variable during linking - use the `-Wl,--rpath -Wl,LIBDIR' linker flag - have your system administrator add LIBDIR to `/etc/ld.so.conf' See any operating system documentation about shared libraries for more information, such as the ld(1) and ld.so(8) manual pages. -- gmake[6]: Leaving directory `/root/freeradius-1.0.1/src/modules/rlm_realm' Making install in rlm_sql... gmake[6]: Entering directory `/root/freeradius-1.0.1/src/modules/rlm_sql' if [ "xrlm_sql" != "x" ]; then \ /root/freeradius-1.0.1/libtool --mode=install /root/freeradius-1.0.1/install -sh -c -c \ rlm_sql.la /usr/local/lib/rlm_sql.la; \ rm -f /usr/local/lib/rlm_sql-1.0.1.la; \ ln -s rlm_sql.la /usr/local/lib/rlm_sql-1.0.1.la; \ fi libtool: install: `rlm_sql.la' is not a valid libtool archive Try `libtool --help --mode=install' for more information. gmake[7]: Entering directory `/root/freeradius-1.0.1/src/modules/rlm_sql' gmake[8]: Entering directory `/root/freeradius-1.0.1/src/modules/rlm_sql' Making install in drivers... gmake[9]: Entering directory `/root/freeradius-1.0.1/src/modules/rlm_sql/drivers ' /usr/bin/gmake -w WHAT_TO_MAKE=install common gmake[10]: Entering directory `/root/freeradius-1.0.1/src/modules/rlm_sql/driver s' Making install in rlm_sql_iodbc... gmake[11]: Entering directory `/root/freeradius-1.0.1/src/modules/rlm_sql/driver s/rlm_sql_iodbc' [ "x" = "x" ] || /root/freeradius-1.0.1/libtool --mode=install /root/freeradius- 1.0.1/install-sh -c -c .la /usr/local/lib/.la gmake[11]: Leaving directory `/root/freeradius-1.0.1/src/modules/rlm_sql/drivers /rlm_sql_iodbc' Making install in rlm_sql_mysql... gmake[11]: Entering directory `/root/freeradius-1.0.1/src/modules/rlm_sql/driver s/rlm_sql_mysql' [ "xrlm_sql_mysql" = "x" ] || /root/freeradius-1.0.1/libtool --mode=install /roo t/freeradius-1.0.1/install-sh -c -c rlm_sql_mysql.la /usr/local/lib/rlm_sql_mysq l.la libtool: install: `rlm_sql_mysql.la' is not a valid libtool archive Try `libtool --help --mode=install' for more information. gmake[11]: *** [install] Error 1 gmake[11]: Leaving directory `/root/freeradius-1.0.1/src/modules/rlm_sql/drivers /rlm_sql_mysql' gmake[10]: *** [common] Error 1 gmake[10]: Leaving directory `/root/freeradius-1.0.1/src/modules/rlm_sql/drivers ' gmake[9]: *** [install] Error 2 gmake[9]: Leaving directory `/root/freeradius-1.0.1/src/modules/rlm_sql/drivers' gmake[8]: *** [common] Error 1 gmake[8]: Leaving directory `/root/freeradius-1.0.1/src/modules/rlm_sql' gmake[7]: *** [install-drivers] Error 2 gmake[7]: Leaving directory `/root/freeradius-1.0.1/src/modules/rlm_sql' gmake[6]: *** [install] Error 2 gmake[6]: Leaving directory `/root/freeradius-1.0.1/src/modules/rlm_sql' gmake[5]: *** [common] Error 1 gmake[5]: Leaving directory `/root/freeradius-1.0.1/src/modules' gmake[4]: *** [install] Error 2 gmake[4]: Leaving directory `/root/freeradius-1.0.1/src/modules' gmake[3]: *** [common] Error 1 gmake[3]: Leaving directory `/root/freeradius-1.0.1/src' gmake[2]: *** [install] Error 2 gmake[2]: Leaving directory `/root/freeradius-1.0.1/src' gmake[1]: *** [common] Error 1 gmake[1]: Leaving directory `/root/freeradius-1.0.1' make: *** [install] Error 2 > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > Thanks for your help. Mike = Michael-Olumide Johnson B.Sc.(Phy), PG.D(Fin.Mgt), MCP, CCNA 08033133324 __
Cisco Aironet 1100, PEAP , mschapv2 and freeradius
hi everyody!
i am trying to make a secure wireless access using PEAP, but i have a
problem during authentication.
I had sucessfully configured TLS module, and it seems to work fine.
But when i try to authenticate with a windows supplicant using
mschapv2, there is a problem.
i read in file eap.conf
#
# This module is the *Microsoft* implementation of MS-CHAPv2
# in EAP. There is another (incompatible) implementation
# of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not
# currently support.
#
when will freeradius support this "incompatible" implementation of
ms-chapv2?
is this incompatible implementation of MS-CHAPv2 in EAP by Cisco my
problem?
what can i do?
bash-2.05# radiusd -v
radiusd: FreeRADIUS Version 1.0.1, for host , built on Jan 13 2005 at 12:25:42
Copyright (C) 2000-2003 The FreeRADIUS server project.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
For more information about these matters, see the file named COPYRIGHT.
Radius logs
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/eap.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/usr/local/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/usr/local/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = no
main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = yes
mschap: require_strong = yes
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded eap
eap: default_eap_type = "peap"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/filer/PKI/radius/radius_wireless_privatekey.pem"
tls: certificate_file = "/filer/PKI/signed_requests/radius_wireless_cert.pem"
tls: CA_file = "/filer/PKI/ca_cert.pem"
tls: private_key_password = "xxx"
tls: dh_file = "/filer/PKI/radius/dh"
tls: random_file = "/filer/PKI/radius/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "%{User-Name}"
rlm_eap: Loaded and initialized type tls
peap: default_eap_type = "tls"
peap: copy_request_to_tunnel = yes
peap: use_tunneled_reply = no
peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
pr
Re: MySQL and FreeRadius
I think you need MySQl development package installed>>> [EMAIL PROTECTED] 17/01/2005 16:52:48 >>> --- Alan DeKok <[EMAIL PROTECTED]> wrote:> "Mike-Olumide, Johnson" <[EMAIL PROTECTED]>> wrote:> > rlm_sql (sql): Could not link driver> rlm_sql_mysql:> > file not found> > rlm_sql (sql): Make sure it (and all its dependent> > libraries!) are in the search> > path of your system's ld.> > radiusd.conf[14]: sql: Module instantiation> failed.> > > > How can I correct this pls?> > Please read the FAQ.> > Alan DeKok.I have read the FAQ and chose to make & make installfrom source, but it returned with plenty errors asbelow. The other options with lib path and linker arestrange as i couldn't figure out what to do. Willappreciate any help on this!ibraries have been installed in: /usr/local/libIf you ever happen to want to link against installedlibrariesin a given directory, LIBDIR, you must either uselibtool, andspecify the full pathname of the library, or use the`-LLIBDIR'flag during linking and do at least one of thefollowing: - add LIBDIR to the `LD_LIBRARY_PATH' environmentvariable during execution - add LIBDIR to the `LD_RUN_PATH' environmentvariable during linking - use the `-Wl,--rpath -Wl,LIBDIR' linker flag - have your system administrator add LIBDIR to`/etc/ld.so.conf'See any operating system documentation about sharedlibraries formore information, such as the ld(1) and ld.so(8)manual pages.--gmake[6]: Leaving directory`/root/freeradius-1.0.1/src/modules/rlm_realm'Making install in rlm_sql...gmake[6]: Entering directory`/root/freeradius-1.0.1/src/modules/rlm_sql'if [ "xrlm_sql" != "x" ]; then \ /root/freeradius-1.0.1/libtool --mode=install/root/freeradius-1.0.1/install-sh -c -c \ rlm_sql.la /usr/local/lib/rlm_sql.la; \ rm -f /usr/local/lib/rlm_sql-1.0.1.la; \ ln -s rlm_sql.la /usr/local/lib/rlm_sql-1.0.1.la;\filibtool: install: `rlm_sql.la' is not a valid libtoolarchiveTry `libtool --help --mode=install' for moreinformation.gmake[7]: Entering directory`/root/freeradius-1.0.1/src/modules/rlm_sql'gmake[8]: Entering directory`/root/freeradius-1.0.1/src/modules/rlm_sql'Making install in drivers...gmake[9]: Entering directory`/root/freeradius-1.0.1/src/modules/rlm_sql/drivers'/usr/bin/gmake -w WHAT_TO_MAKE=install commongmake[10]: Entering directory`/root/freeradius-1.0.1/src/modules/rlm_sql/drivers'Making install in rlm_sql_iodbc...gmake[11]: Entering directory`/root/freeradius-1.0.1/src/modules/rlm_sql/drivers/rlm_sql_iodbc'[ "x" = "x" ] || /root/freeradius-1.0.1/libtool--mode=install /root/freeradius-1.0.1/install-sh -c -c .la /usr/local/lib/.lagmake[11]: Leaving directory`/root/freeradius-1.0.1/src/modules/rlm_sql/drivers/rlm_sql_iodbc'Making install in rlm_sql_mysql...gmake[11]: Entering directory`/root/freeradius-1.0.1/src/modules/rlm_sql/drivers/rlm_sql_mysql'[ "xrlm_sql_mysql" = "x" ] ||/root/freeradius-1.0.1/libtool --mode=install /root/freeradius-1.0.1/install-sh -c -c rlm_sql_mysql.la/usr/local/lib/rlm_sql_mysql.lalibtool: install: `rlm_sql_mysql.la' is not a validlibtool archiveTry `libtool --help --mode=install' for moreinformation.gmake[11]: *** [install] Error 1gmake[11]: Leaving directory`/root/freeradius-1.0.1/src/modules/rlm_sql/drivers/rlm_sql_mysql'gmake[10]: *** [common] Error 1gmake[10]: Leaving directory`/root/freeradius-1.0.1/src/modules/rlm_sql/drivers'gmake[9]: *** [install] Error 2gmake[9]: Leaving directory`/root/freeradius-1.0.1/src/modules/rlm_sql/drivers'gmake[8]: *** [common] Error 1gmake[8]: Leaving directory`/root/freeradius-1.0.1/src/modules/rlm_sql'gmake[7]: *** [install-drivers] Error 2gmake[7]: Leaving directory`/root/freeradius-1.0.1/src/modules/rlm_sql'gmake[6]: *** [install] Error 2gmake[6]: Leaving directory`/root/freeradius-1.0.1/src/modules/rlm_sql'gmake[5]: *** [common] Error 1gmake[5]: Leaving directory`/root/freeradius-1.0.1/src/modules'gmake[4]: *** [install] Error 2gmake[4]: Leaving directory`/root/freeradius-1.0.1/src/modules'gmake[3]: *** [common] Error 1gmake[3]: Leaving directory`/root/freeradius-1.0.1/src'gmake[2]: *** [install] Error 2gmake[2]: Leaving directory`/root/freeradius-1.0.1/src'gmake[1]: *** [common] Error 1gmake[1]: Leaving directory `/root/freeradius-1.0.1'make: *** [install] Error 2> - > List info/subscribe/unsubscribe? See> http://www.freeradius.org/list/users.html> Thanks for your help.Mike=Michael-Olumide Johnson B.Sc.(Phy), PG.D(Fin.Mgt), MCP, CCNA08033133324 __ Do you Yahoo!? Yahoo! Mail - 250MB free storage. Do more. Manage less. http://info.mail.yahoo.com/mail_250- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL and FreeRadius
--- Alan DeKok <[EMAIL PROTECTED]> wrote: > "Mike-Olumide, Johnson" <[EMAIL PROTECTED]> > wrote: > > rlm_sql (sql): Could not link driver > rlm_sql_mysql: > > file not found > > rlm_sql (sql): Make sure it (and all its dependent > > libraries!) are in the search > > path of your system's ld. > > radiusd.conf[14]: sql: Module instantiation > failed. > > > > How can I correct this pls? > > Please read the FAQ. > > Alan DeKok. I have read the FAQ and chose to make & make install from source, but it returned with plenty errors as below. The other options with lib path and linker are strange as i couldn't figure out what to do. Will appreciate any help on this! ibraries have been installed in: /usr/local/lib If you ever happen to want to link against installed libraries in a given directory, LIBDIR, you must either use libtool, and specify the full pathname of the library, or use the `-LLIBDIR' flag during linking and do at least one of the following: - add LIBDIR to the `LD_LIBRARY_PATH' environment variable during execution - add LIBDIR to the `LD_RUN_PATH' environment variable during linking - use the `-Wl,--rpath -Wl,LIBDIR' linker flag - have your system administrator add LIBDIR to `/etc/ld.so.conf' See any operating system documentation about shared libraries for more information, such as the ld(1) and ld.so(8) manual pages. -- gmake[6]: Leaving directory `/root/freeradius-1.0.1/src/modules/rlm_realm' Making install in rlm_sql... gmake[6]: Entering directory `/root/freeradius-1.0.1/src/modules/rlm_sql' if [ "xrlm_sql" != "x" ]; then \ /root/freeradius-1.0.1/libtool --mode=install /root/freeradius-1.0.1/install -sh -c -c \ rlm_sql.la /usr/local/lib/rlm_sql.la; \ rm -f /usr/local/lib/rlm_sql-1.0.1.la; \ ln -s rlm_sql.la /usr/local/lib/rlm_sql-1.0.1.la; \ fi libtool: install: `rlm_sql.la' is not a valid libtool archive Try `libtool --help --mode=install' for more information. gmake[7]: Entering directory `/root/freeradius-1.0.1/src/modules/rlm_sql' gmake[8]: Entering directory `/root/freeradius-1.0.1/src/modules/rlm_sql' Making install in drivers... gmake[9]: Entering directory `/root/freeradius-1.0.1/src/modules/rlm_sql/drivers ' /usr/bin/gmake -w WHAT_TO_MAKE=install common gmake[10]: Entering directory `/root/freeradius-1.0.1/src/modules/rlm_sql/driver s' Making install in rlm_sql_iodbc... gmake[11]: Entering directory `/root/freeradius-1.0.1/src/modules/rlm_sql/driver s/rlm_sql_iodbc' [ "x" = "x" ] || /root/freeradius-1.0.1/libtool --mode=install /root/freeradius- 1.0.1/install-sh -c -c .la /usr/local/lib/.la gmake[11]: Leaving directory `/root/freeradius-1.0.1/src/modules/rlm_sql/drivers /rlm_sql_iodbc' Making install in rlm_sql_mysql... gmake[11]: Entering directory `/root/freeradius-1.0.1/src/modules/rlm_sql/driver s/rlm_sql_mysql' [ "xrlm_sql_mysql" = "x" ] || /root/freeradius-1.0.1/libtool --mode=install /roo t/freeradius-1.0.1/install-sh -c -c rlm_sql_mysql.la /usr/local/lib/rlm_sql_mysq l.la libtool: install: `rlm_sql_mysql.la' is not a valid libtool archive Try `libtool --help --mode=install' for more information. gmake[11]: *** [install] Error 1 gmake[11]: Leaving directory `/root/freeradius-1.0.1/src/modules/rlm_sql/drivers /rlm_sql_mysql' gmake[10]: *** [common] Error 1 gmake[10]: Leaving directory `/root/freeradius-1.0.1/src/modules/rlm_sql/drivers ' gmake[9]: *** [install] Error 2 gmake[9]: Leaving directory `/root/freeradius-1.0.1/src/modules/rlm_sql/drivers' gmake[8]: *** [common] Error 1 gmake[8]: Leaving directory `/root/freeradius-1.0.1/src/modules/rlm_sql' gmake[7]: *** [install-drivers] Error 2 gmake[7]: Leaving directory `/root/freeradius-1.0.1/src/modules/rlm_sql' gmake[6]: *** [install] Error 2 gmake[6]: Leaving directory `/root/freeradius-1.0.1/src/modules/rlm_sql' gmake[5]: *** [common] Error 1 gmake[5]: Leaving directory `/root/freeradius-1.0.1/src/modules' gmake[4]: *** [install] Error 2 gmake[4]: Leaving directory `/root/freeradius-1.0.1/src/modules' gmake[3]: *** [common] Error 1 gmake[3]: Leaving directory `/root/freeradius-1.0.1/src' gmake[2]: *** [install] Error 2 gmake[2]: Leaving directory `/root/freeradius-1.0.1/src' gmake[1]: *** [common] Error 1 gmake[1]: Leaving directory `/root/freeradius-1.0.1' make: *** [install] Error 2 > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > Thanks for your help. Mike = Michael-Olumide Johnson B.Sc.(Phy), PG.D(Fin.Mgt), MCP, CCNA 08033133324 __ Do you Yahoo!? Yahoo! Mail - 250MB free storage. Do more. Manage less. http://info.mail.yahoo.com/mail_250 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL and FreeRadius
"Mike-Olumide, Johnson" <[EMAIL PROTECTED]> wrote: > rlm_sql (sql): Could not link driver rlm_sql_mysql: > file not found > rlm_sql (sql): Make sure it (and all its dependent > libraries!) are in the search > path of your system's ld. > radiusd.conf[14]: sql: Module instantiation failed. > > How can I correct this pls? Please read the FAQ. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: xlat sql trouble
Red Cayenne <[EMAIL PROTECTED]> wrote:
> Thanks, this got me going. I got a clue that radius_xlat should call
> itself to do the substitution, however I'm uncertain how to do this.
I mean that your sql xlat function needs to call radius_xlat, too.
How else will it expand the variables passed to your function?
> I'm executing test_query using "%{sql:%{config:modules.sql.test_query}}".
Print out the string that gets passed to your sql xlat function. It
will be "%{config:modules.sql.test_query}".
Please also READ the original sql_xlat function. It explains this
in the comments!
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL db failover
"Rohaizam Abu Bakar" <[EMAIL PROTECTED]> wrote:
> But before that.. I tried to use the simplified one using "redundant" as
> below:-
>
> redundant {
> sql1
> sql2
> }
>
> But seems everytime accounting record being sent.. I will store in both of
> the mysql server... not the first one that return OK.. why???
It's a known bug. See bugs.freeradius.org
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius-1.0.1 die randomly
Stephan Jaeger <[EMAIL PROTECTED]> wrote: > But they're not yet in cvs, right? > I'd really like to give them a try. I'll put them in CVS in the next few days. My life just got a lot simpler, so I have some more time. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MySQL and FreeRadius
Hello list, I am running freeradius and mysql on Gentoo Linux. I have installed mysql, but can't seem to find the file, db_mysql.sql, so that I can create the radius database using the command: mysql -uroot -prootpass radius < db_mysql.sql Does anyone out there have a clue where db_mysql.sql is hiding? Thanks, Don James Henderson, Texas USA - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dynamic IP addres on EAP/TLS session
"Jacques VUVANT" <[EMAIL PROTECTED]> wrote: > How Can I allow dynamic IP address for a EAP/TLS session. DHCP server on > same machine as Freeradius, seems not to work. Posting a message like "it doesn't work" means that you're asking for help, but have given ZERO information that anyone can use to help you. Once the client is asking for an address via DHCP, FreeRADIUS is no longer involved. So it's no longer an issue for this list. Alan DeKOk. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
how to create certificate for winxpsp2
hallo... i need your help can you show me to create certificate peap-mschapv2 and install it to winxp sp2 ( client ) Regards, Pojer Yahoo! Messenger - Communicate instantly..."Ping" your friends today! Download Messenger Now http://uk.messenger.yahoo.com/download/index.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: AW: MySQL and FreeRadius
As mentioned before - you can install the RPM or get Freeradius source and compile the module from there>>> [EMAIL PROTECTED] 17/01/2005 15:48:43 >>> Hello yes you canUnder Debian you must install the Packet freeradius-mysql for your Linux idon't know it> -Ursprüngliche Nachricht-> Von: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Im > Auftrag von Mike-Olumide, Johnson> Gesendet: Montag, 17. Januar 2005 16:10> An: freeradius-users@lists.freeradius.org> Betreff: MySQL and FreeRadius> > Hi All,> > Freeradius1.0.1 was installed on RH9.0 linux and it ran ok.> > Afterwards downloaded the standard version> 4.0.23 of MySQL and installed. Radisud.conf was also edited > to authenticate and authorize via MySQL. Debug output is as below.> > Is there a way forward from here? Please help!> > [EMAIL PROTECTED] raddb]# radiusd -X> Starting - reading configuration files ...> reread_config: reading radiusd.conf> Config: including file:> /usr/local/etc/raddb/proxy.conf> Config: including file:> /usr/local/etc/raddb/clients.conf> Config: including file:> /usr/local/etc/raddb/snmp.conf> Config: including file:> /usr/local/etc/raddb/eap.conf> Config: including file:> /usr/local/etc/raddb/sql.conf> main: prefix = "/usr/local"> main: localstatedir = "/usr/local/var"> main: logdir = "/usr/local/var/log/radius"> main: libdir = "/usr/local/lib"> main: radacctdir => "/usr/local/var/log/radius/radacct"> main: hostname_lookups = no> main: max_request_time = 30> main: cleanup_delay = 5> main: max_requests = 1024> main: delete_blocked_requests = 0> main: port = 0> main: allow_core_dumps = no> main: log_stripped_names = no> main: log_file => "/usr/local/var/log/radius/radius.log"> main: log_auth = yes> main: log_auth_badpass = no> main: log_auth_goodpass = no> main: pidfile => "/usr/local/var/run/radiusd/radiusd.pid"> main: user = "(null)"> main: group = "(null)"> main: usercollide = no> main: lower_user = "no"> main: lower_pass = "no"> main: nospace_user = "no"> main: nospace_pass = "no"> main: checkrad = "/usr/local/sbin/checkrad"> main: proxy_requests = yes> proxy: retry_delay = 5> proxy: retry_count = 3> proxy: synchronous = no> proxy: default_fallback = yes> proxy: dead_time = 120> proxy: post_proxy_authorize = yes> proxy: wake_all_if_all_dead = no> security: max_attributes = 200> security: reject_delay = 1> security: status_server = no> main: debug_level = 0> read_config_files: reading dictionary> read_config_files: reading naslist> Using deprecated naslist file. Support for this will go away soon.> read_config_files: reading clients> read_config_files: reading realms> radiusd: entering modules setup> Module: Library search path is /usr/local/lib> Module: Loaded exec> exec: wait = yes> exec: program = "(null)"> exec: input_pairs = "request"> exec: output_pairs = "(null)"> exec: packet_type = "(null)"> rlm_exec: Wait=yes but no output defined. Did you mean output=none?> Module: Instantiated exec (exec)> Module: Loaded expr> Module: Instantiated expr (expr)> Module: Loaded PAP> pap: encryption_scheme = "crypt"> Module: Instantiated pap (pap)> Module: Loaded CHAP> Module: Instantiated chap (chap)> Module: Loaded MS-CHAP> mschap: use_mppe = yes> mschap: require_encryption = no> mschap: require_strong = no> mschap: with_ntdomain_hack = no> mschap: passwd = "(null)"> mschap: authtype = "MS-CHAP"> mschap: ntlm_auth = "(null)"> Module: Instantiated mschap (mschap)> Module: Loaded eap> eap: default_eap_type = "md5"> eap: timer_expire = 60> eap: ignore_unknown_eap_types = no> eap: cisco_accounting_username_bug = no> rlm_eap: Loaded and initialized type md5> rlm_eap: Loaded and initialized type leap> gtc: challenge = "Password: "> gtc: auth_type = "PAP"> rlm_eap: Loaded and initialized type gtc> mschapv2: with_ntdomain_hack = no> rlm_eap: Loaded and initialized type mschapv2> Module: Instantiated eap (eap)> Module: Loaded preprocess> preprocess: huntgroups => "/usr/local/etc/raddb/huntgroups"> preprocess: hints = "/usr/local/etc/raddb/hints"> preprocess: with_ascend_hack = no> preprocess: ascend_channels_per_line = 23> preprocess: with_ntdomain_hack = no> preprocess: with_specialix_jetstream_hack = no> preprocess: with_cisco_vsa_hack = no> Module: Instantiated preprocess (preprocess)> Module: Loaded realm> realm: format = "suffix"> realm: delimiter = "@"> realm: ignore_default = no> realm: ignore_null = no> Module: Instantiated realm (suffix)> Module: Loaded SQL> sql: driver = "rlm_sql_mysql"> sql: server = "localhost"> sql: port = ""> sql: login = "root"> sql: password = "rootpass"> sql: radius_db = "radius"> sql: acct_table = "radacct"> sql: acct_table2 = "radacct"> sql: authcheck_table = "radcheck"> sql: authreply_table = "radreply"> sql: groupcheck_table = "radgroupcheck"> sql: groupreply_table = "radgroupreply"> sql: usergroup_table = "userg
Re: Dynamic IP addres on EAP/TLS session
I'm running Freeradius on the same server that also serves as my LDAP server, DHCP server, and DNS server, and I have had no problems getting DHCP addresses using EAP-TTLS or EAP-TLS. On Mon, 17 Jan 2005 19:10:49 +1100, Paul Hampson <[EMAIL PROTECTED]> wrote: > On Mon, Jan 17, 2005 at 05:23:04PM +1100, Jacques VUVANT wrote: > > How Can I allow dynamic IP address for a EAP/TLS session. DHCP server on > > same machine as Freeradius, seems not to work. > > The DHCP server needs to be on the EAP gatekeeper (I forget the proper > name, the thing that isn't the Supplicant, and isn't the RADIUS server.) > as far as I recall. > > -- > Paul "TBBle" Hampson, on an alternate email client. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Justin Guidroz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AW: MySQL and FreeRadius
Hello yes you can Under Debian you must install the Packet freeradius-mysql for your Linux i don't know it > -Ursprüngliche Nachricht- > Von: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Im > Auftrag von Mike-Olumide, Johnson > Gesendet: Montag, 17. Januar 2005 16:10 > An: freeradius-users@lists.freeradius.org > Betreff: MySQL and FreeRadius > > Hi All, > > Freeradius1.0.1 was installed on RH9.0 linux and it ran ok. > > Afterwards downloaded the standard version > 4.0.23 of MySQL and installed. Radisud.conf was also edited > to authenticate and authorize via MySQL. Debug output is as below. > > Is there a way forward from here? Please help! > > [EMAIL PROTECTED] raddb]# radiusd -X > Starting - reading configuration files ... > reread_config: reading radiusd.conf > Config: including file: > /usr/local/etc/raddb/proxy.conf > Config: including file: > /usr/local/etc/raddb/clients.conf > Config: including file: > /usr/local/etc/raddb/snmp.conf > Config: including file: > /usr/local/etc/raddb/eap.conf > Config: including file: > /usr/local/etc/raddb/sql.conf > main: prefix = "/usr/local" > main: localstatedir = "/usr/local/var" > main: logdir = "/usr/local/var/log/radius" > main: libdir = "/usr/local/lib" > main: radacctdir = > "/usr/local/var/log/radius/radacct" > main: hostname_lookups = no > main: max_request_time = 30 > main: cleanup_delay = 5 > main: max_requests = 1024 > main: delete_blocked_requests = 0 > main: port = 0 > main: allow_core_dumps = no > main: log_stripped_names = no > main: log_file = > "/usr/local/var/log/radius/radius.log" > main: log_auth = yes > main: log_auth_badpass = no > main: log_auth_goodpass = no > main: pidfile = > "/usr/local/var/run/radiusd/radiusd.pid" > main: user = "(null)" > main: group = "(null)" > main: usercollide = no > main: lower_user = "no" > main: lower_pass = "no" > main: nospace_user = "no" > main: nospace_pass = "no" > main: checkrad = "/usr/local/sbin/checkrad" > main: proxy_requests = yes > proxy: retry_delay = 5 > proxy: retry_count = 3 > proxy: synchronous = no > proxy: default_fallback = yes > proxy: dead_time = 120 > proxy: post_proxy_authorize = yes > proxy: wake_all_if_all_dead = no > security: max_attributes = 200 > security: reject_delay = 1 > security: status_server = no > main: debug_level = 0 > read_config_files: reading dictionary > read_config_files: reading naslist > Using deprecated naslist file. Support for this will go away soon. > read_config_files: reading clients > read_config_files: reading realms > radiusd: entering modules setup > Module: Library search path is /usr/local/lib > Module: Loaded exec > exec: wait = yes > exec: program = "(null)" > exec: input_pairs = "request" > exec: output_pairs = "(null)" > exec: packet_type = "(null)" > rlm_exec: Wait=yes but no output defined. Did you mean output=none? > Module: Instantiated exec (exec) > Module: Loaded expr > Module: Instantiated expr (expr) > Module: Loaded PAP > pap: encryption_scheme = "crypt" > Module: Instantiated pap (pap) > Module: Loaded CHAP > Module: Instantiated chap (chap) > Module: Loaded MS-CHAP > mschap: use_mppe = yes > mschap: require_encryption = no > mschap: require_strong = no > mschap: with_ntdomain_hack = no > mschap: passwd = "(null)" > mschap: authtype = "MS-CHAP" > mschap: ntlm_auth = "(null)" > Module: Instantiated mschap (mschap) > Module: Loaded eap > eap: default_eap_type = "md5" > eap: timer_expire = 60 > eap: ignore_unknown_eap_types = no > eap: cisco_accounting_username_bug = no > rlm_eap: Loaded and initialized type md5 > rlm_eap: Loaded and initialized type leap > gtc: challenge = "Password: " > gtc: auth_type = "PAP" > rlm_eap: Loaded and initialized type gtc > mschapv2: with_ntdomain_hack = no > rlm_eap: Loaded and initialized type mschapv2 > Module: Instantiated eap (eap) > Module: Loaded preprocess > preprocess: huntgroups = > "/usr/local/etc/raddb/huntgroups" > preprocess: hints = "/usr/local/etc/raddb/hints" > preprocess: with_ascend_hack = no > preprocess: ascend_channels_per_line = 23 > preprocess: with_ntdomain_hack = no > preprocess: with_specialix_jetstream_hack = no > preprocess: with_cisco_vsa_hack = no > Module: Instantiated preprocess (preprocess) > Module: Loaded realm > realm: format = "suffix" > realm: delimiter = "@" > realm: ignore_default = no > realm: ignore_null = no > Module: Instantiated realm (suffix) > Module: Loaded SQL > sql: driver = "rlm_sql_mysql" > sql: server = "localhost" > sql: port = "" > sql: login = "root" > sql: password = "rootpass" > sql: radius_db = "radius" > sql: acct_table = "radacct" > sql: acct_table2 = "radacct" > sql: authcheck_table = "radcheck" > sql: authreply_table = "radreply" > sql: groupcheck_table = "radgroupcheck" > sql: groupreply_table = "radgroupreply" > sql: usergroup_table = "usergroup" > sql: nas_table = "nas" > sql: dict_table = "dictionary" > sql: sqltrace = no >
MySQL and FreeRadius
Hi All,
Freeradius1.0.1 was installed on RH9.0 linux and it
ran ok.
Afterwards downloaded the standard version
4.0.23 of MySQL and installed. Radisud.conf was also
edited to authenticate and authorize via MySQL. Debug
output is as below.
Is there a way forward from here? Please help!
[EMAIL PROTECTED] raddb]# radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file:
/usr/local/etc/raddb/proxy.conf
Config: including file:
/usr/local/etc/raddb/clients.conf
Config: including file:
/usr/local/etc/raddb/snmp.conf
Config: including file:
/usr/local/etc/raddb/eap.conf
Config: including file:
/usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir =
"/usr/local/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file =
"/usr/local/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile =
"/usr/local/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will
go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean
output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded eap
eap: default_eap_type = "md5"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups =
"/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded SQL
sql: driver = "rlm_sql_mysql"
sql: server = "localhost"
sql: port = ""
sql: login = "root"
sql: password = "rootpass"
sql: radius_db = "radius"
sql: acct_table = "radacct"
sql: acct_table2 = "radacct"
sql: authcheck_table = "radcheck"
sql: authreply_table = "radreply"
sql: groupcheck_table = "radgroupcheck"
sql: groupreply_table = "radgroupreply"
sql: usergroup_table = "usergroup"
sql: nas_table = "nas"
sql: dict_table = "dictionary"
sql: sqltrace = no
sql: sqltracefile =
"/usr/local/var/log/radius/sqltrace.sql"
sql: readclients = no
sql: deletestalesessions = yes
sql: num_sql_socks = 5
sql: sql_user_name = "%{User-Name}"
sql: default_user_profile = ""
sql: query_on_not_found = no
sql: authorize_check_query = "SELECT
id,UserName,Attribute,Value,op FROM radche
ck WHERE Username = '%{SQL-User-Name}' ORDER BY id"
sql: authorize_reply_query = "SELECT
id,UserName,Attribute,Value,op FROM radrep ly WHERE
Username =
'%{SQL-User-Name}' ORDER BY id"
sql: authorize_group_check_query = "SELECT
radgroupcheck.id,radgroupcheck.Group
Name,radgroupcheck.Attribute,radgroupcheck.Value,radgroupche
Autz-Type, auth without passwords
As an extension to my answer to Sagar's question...
We are currently looking up usernames in a single LDAP instance and
accepting the auth if they exist, without checking to make sure the
password matches - see my email from a few minutes ago for that setup.
Now, we want to support realms, and have more than one LDAP instance.
We still don't want to check passwords.
I.e. if we get a request for [EMAIL PROTECTED] we should accept
it if dn=tarrall,ou=ecentral,blah=blah is found in LDAP, and reject
otherwise; if we get a request for [EMAIL PROTECTED] we'll check
for dn=tarrall,ou=example,blah instead.
It appears that Autz-Type is the answer to the first part of this -
checking different LDAP trees depending on the realm. That part's
working for me.
HOWEVER - we're now accepting everyone, even when the authorize
module returns notfound. That's not what we want.
>From radiusd.conf:
authorize {
preprocess
suffix
autztype ecentralldap {
ecentralldap
}
autztype exampleldap {
exampleldap
}
files
}
authenticate {
}
>From users:
DEFAULT Realm == "ecentral.com", Autz-Type := ecentralldap, Auth-Type := Accept
Fall-Through = Yes
DEFAULT Realm == "example.com", Autz-Type := exampleldap, Auth-Type := Accept
Fall-Through = Yes
And from the log:
modcall[authorize]: module "ecentralldap" returns notfound
modcall: group autztype returns notfound
rad_check_password: Found Auth-Type Accept
rad_check_password: Auth-Type = Accept, accepting the user
For reference, here's what the log used to look like when a user wasn't
found in LDAP, before I started messing with Autz-Type:
modcall[authorize]: module "ldap" returns notfound
modcall: group authorize returns notfound
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
Is there a way to ensure that Auth-Type is set to 'Accept' ONLY if
authorize returns 'ok'? Or some other way of accomplishing what I'm
after?
Thanks -
-Robert Tarrall.-
Unix System/Network Admin
E.Central/Neighborhood Link
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Copy Request Attribute Values to Reply using MySQL DB
Gurus,
In the users file, I can have the following line to copy the
framed-ip-address from the request into the reply:
Framed-IP-Address == `%{Request:Framed-IP-Address}`
Doing this with MySQL as user data base, Freeradius allways puts a
framed-ip-address of 255.255.255.255 into the reply.
What will be the exact notation of the reply attributes value for this
purpose?
Thank you.
Stefan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Is it possible to authenticate RADIUS users just on Username with no password?
[EMAIL PROTECTED] wrote:
-> [...]
-> Can I use these PINs as RADIUS username?
-> Each PIN is 16 digits long.
->
-> In short how can I make password un-necessary for RADIUS authentication?
The main thing you need is Auth-Type:=Accept.
We do something similar - username has to exist in LDAP, but password
isn't checked. I expect you could do something similar using SQL or
other modules besides LDAP.
Here's the relevant bit in our 'users' file:
DEFAULT Auth-Type := Accept
Fall-Through = Yes
And the bits in radiusd.conf:
authorize {
preprocess
suffix
ldap { notfound = return }
files
}
authenticate {
}
Hope this helps -
-Robert Tarrall.-
Unix System/Network Admin
E.Central/Neighborhood Link
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius-1.0.1 die randomly
Mensaje citado por Stephan Jaeger <[EMAIL PROTECTED]>: > Am Freitag, den 14.01.2005, 09:57 -0500 schrieb Alan DeKok: > > > I have some fixes to "threads.c", which will enable the server to > > better deal with edge conditions, where it's starved of CPU time. > > They should go into 1.0.2 and following versions. > > But they're not yet in cvs, right? > I'd really like to give them a try. > me too because i notice that our FR servers responce very bad under heavy load just after the start, and because we use Centos our FR use threads cu roger -- Nodo central de la red Infomed (http://www.sld.cu) Usuario linux: 97152 (http://counter.li.org) Miembro del grupo de coordinacion de LinuxCuba (http://www.linux.cu) "Whatever you do will be insignificant, but it is very important that you do it." Gandhi -- - Este mensaje fue enviado usando el servicio de correo en web de Infomed http://webmail.sld.cu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: xlat sql trouble
On Sun, 16 Jan 2005 11:46:52 -0500, Alan DeKok <[EMAIL PROTECTED]> wrote:
> Read the original sql_xlat function, and see what the differences
> are between it and your function.
>
> Odds are you're not calling radius_xlat.
>
> Alan DeKok.
Thanks, this got me going. I got a clue that radius_xlat should call
itself to do the substitution, however I'm uncertain how to do this.
I'm executing test_query using "%{sql:%{config:modules.sql.test_query}}".
I found a solution that seems to work, by concating variable from the
query to the above statement - "%{sql:%{config:modules.sql.test_query}
'%User-Name' }", and altering query according to this.
Although this seems to work, I'm not quite satisfied with this
solution, because a question still bothers me: how to make radius_xlat
call itself?
Regards,
R.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Login-Time Attribute
Hi List, How does FreeRadius handle Login-Time attribute...? In the README of FreeRadius, it's written: "Radiusd calculates the number of seconds left in the time span, and sets the Session-Timeout to that number of seconds. So if someones Login-Time is "Al0800-1800" and she logs in at 17:30, Session-Timeout is set to 1800 seconds so that she is kicked off at 18:00." Does it mean FreeRadius read the Login-Time attribute in users file, then calculate the time left based on current time and set the value in the session-timeout attribute ? If that's the case what happens if the users file contains both login-time attribute and session-timeout attribute ? I read somewhere that login-time is an RFC defined attribute...which RFC defines it ? I can't find any info on the net Thanks for clearing my doubts, Lara La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit- Guy de Maupassant -__Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
RE: Exec-Program-Wait Problem
I found that there no way without restarting. Not sure what is difference between reloading radius and restarting radius Amit Gupta Mobile: 91-9891062552 Yahoo IM: amitguptainn MSN IM : amitguptainn -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Neil Craig Sent: Monday, January 17, 2005 3:57 PM To: freeradius-users@lists.freeradius.org Subject: Re: Exec-Program-Wait Problem Hi I am using a MySQL DB to store the list of NAS's - if I add one to the nas table, is there a way to get Freeradius to read it without having to restart radiusd? Thanks in advance Neil - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Is it possible to authenticate RADIUS users just on Username with no password?
You can allow anonymous logins Amit Gupta Mobile: 91-9891062552 Yahoo IM: amitguptainn MSN IM : amitguptainn -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, January 17, 2005 4:12 PM To: freeradius-users@lists.freeradius.org Subject: Is it possible to authenticate RADIUS users just on Username with no password? Hi All, I am using radius for my personal wireless ISP venture. I got some pre-paid cards used for long distance voice calls and I want to use them for occasional wi-fi users. Though radius needs a username/pwd pair for authentication they have only PIN printed on them. Can I use these PINs as RADIUS username? Each PIN is 16 digits long. In short how can I make password un-necessary for RADIUS authentication? Thanks, Sagar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Is it possible to authenticate RADIUS users just on Username with no password?
Hi Why not have the form break the code into a username and password then send it to the NAS. On Mon, 17 Jan 2005 10:41:40 -, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Hi All, > > I am using radius for my personal wireless ISP venture. > I got some pre-paid cards used for long distance voice calls and I want > to use them for occasional wi-fi users. Though radius needs a > username/pwd pair for authentication they have only PIN printed on them. > Can I use these PINs as RADIUS username? > Each PIN is 16 digits long. > > In short how can I make password un-necessary for RADIUS authentication? > > Thanks, > Sagar > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Is it possible to authenticate RADIUS users just on Username with no password?
Hi All, I am using radius for my personal wireless ISP venture. I got some pre-paid cards used for long distance voice calls and I want to use them for occasional wi-fi users. Though radius needs a username/pwd pair for authentication they have only PIN printed on them. Can I use these PINs as RADIUS username? Each PIN is 16 digits long. In short how can I make password un-necessary for RADIUS authentication? Thanks, Sagar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dropping Requests without Realm
DUH! Figured it out. DEFAULT Auth-Type = REJECT, NAS-IP-Address == 192.168.0.22, User-Name !~ "@venturenet.co.za" Thanks Anyway - Original Message - From: Peter Kolbe To: freeradius-users@lists.freeradius.org Sent: Monday, January 17, 2005 10:03 AM Subject: Dropping Requests without Realm Hi I currently run freeradius I have a system whereby I have auth requests being proxied to me (stripped) and I have my own Portmaster that gives unstripped info. I want (from my portmaster) to reject anybody that does not have the realm (@venturenet.co.za) specified, but all other nas's logins must be accepted, with or without the realm. ie - pm3 & valid user & @venturenet.co.za =ACCEPT pm3 & valid user & NOT @venturenet.co.za=REJECT other nas & valid user = ACCEPT This is a bit beyond me Thanks peter-- The information transmitted is intended only for the person to whom it is addressed and may contain confidential and/or privileged material. Although SCDS / Venturenet scans incoming and outgoing emails and email attachments for viruses we cannot guarantee a communication to be free of all viruses nor accept any responsibility for viruses. Although SCDS / Venturenet monitors incoming and outgoing emails for inappropriate content, we cannot be held responsible for the views or expressions of the author. The views expressed may not necessarily be those of SCDS / Venturenet and as such, cannot be held responsible for any loss or injury resulting from the contents of a message. -- -- The information transmitted is intended only for the person to whom it is addressed and may contain confidential and/or privileged material. Although SCDS / Venturenet scans incoming and outgoing emails and email attachments for viruses we cannot guarantee a communication to be free of all viruses nor accept any responsibility for viruses. Although SCDS / Venturenet monitors incoming and outgoing emails for inappropriate content, we cannot be held responsible for the views or expressions of the author. The views expressed may not necessarily be those of SCDS / Venturenet and as such, cannot be held responsible for any loss or injury resulting from the contents of a message. --
Re: Exec-Program-Wait Problem
Hi I am using a MySQL DB to store the list of NAS's - if I add one to the nas table, is there a way to get Freeradius to read it without having to restart radiusd? Thanks in advance Neil - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Re: Exec-Program-Wait Problem
Quoting Dustin Doris <[EMAIL PROTECTED]>: > > > On Sun, 16 Jan 2005, Emman S. Loloy wrote: > > > Hi, > > > > > > i have a problem using Exec-Program-Wait Attribute.. any comments or > suggestion how to fix this problem. here's my configuration. > > > > /tmp/checkras > > > > #!/bin/sh > > if [ $1 == "192.168.0.1" ] ; then > > exit -1 ; #fail > > elif [ $1 == "192.168.0.2" ]; then > > exit -1 ; #fail > > fi > > exit 0 ; #pass > > > > > > Processing the session section of radiusd.conf > > modcall: entering group session for request 1008 > > radius_xlat: 'dialup' > > rlm_sql (sql): sql_set_user escaped user --> 'dialup' > > radius_xlat: 'SELECT COUNT(*) FROM radacct WHERE UserName='dialup' AND > AcctStopTime = 0' > > rlm_sql (sql): Reserving sql socket id: 1 > > rlm_sql (sql): Released sql socket id: 1 > > modcall[session]: module "sql" returns ok for request 1008 > > modcall: group session returns ok for request 1008 > > radius_xlat: '192.168.0.1' > > Exec-Program output: Exec-Program: FAILED to execute /tmp/checkras: Bad > address > > Exec-Program-Wait: plaintext: Exec-Program: FAILED to execute > /tmp/checkras: Bad address > > Exec-Program: Abnormal child exit: No child processes > > Login incorrect (external check failed): [dilaup/foobar] (from client > foobar port 125) > > Delaying request 1008 for 1 seconds > > Finished request 1008 > > Going to the next request > > --- Walking the entire request list --- > > Waking up in 1 seconds... > > --- Walking the entire request list --- > > Waking up in 1 seconds... > > --- Walking the entire request list --- > > Cleaning up request 1006 ID 62 with timestamp 41e9f160 > > Sending Access-Reject of id 84 to 192.168.0.5:38613 > > Reply-Message := "Exec-Program: FAILED to execute /tmp/checkras: > Bad address\n" > > Waking up in 1 seconds... > > --- Walking the entire request list --- > > Cleaning up request 1007 ID 182 with timestamp 41e9f161 > > Waking up in 3 seconds... > > --- Walking the entire request list --- > > Cleaning up request 1008 ID 84 with timestamp 41e9f164 > > Nothing to do. Sleeping until we see a request. > > > > > > Thanks, > > > > Emman > > > Can you run that program from the command line? yes i can run the program from the command. >Also, how are you calling it, can you paste your users file entry? am just adding an attribute Exec-Program-Wait := /tmp/checkras %n to run this program. I don't use the users file entry, instead am using mySQL for may attribute entry, acctually this is working from the previous version of freeradius-1.0.1. right now am using the cvs version. don't know what is wrong my setup.. Thanks, Emman > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > ** This message was sent through GLOBALink Webmail Service. If you are a GLOBALink Internet subscriber or among its affiliates, go to http://webmail.globalink.net.ph to check emails. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dynamic IP addres on EAP/TLS session
On Mon, Jan 17, 2005 at 05:23:04PM +1100, Jacques VUVANT wrote: > How Can I allow dynamic IP address for a EAP/TLS session. DHCP server on same > machine as Freeradius, seems not to work. The DHCP server needs to be on the EAP gatekeeper (I forget the proper name, the thing that isn't the Supplicant, and isn't the RADIUS server.) as far as I recall. -- Paul "TBBle" Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dropping Requests without Realm
Hi I currently run freeradius I have a system whereby I have auth requests being proxied to me (stripped) and I have my own Portmaster that gives unstripped info. I want (from my portmaster) to reject anybody that does not have the realm (@venturenet.co.za) specified, but all other nas's logins must be accepted, with or without the realm. ie - pm3 & valid user & @venturenet.co.za =ACCEPT pm3 & valid user & NOT @venturenet.co.za=REJECT other nas & valid user = ACCEPT This is a bit beyond me Thanks peter -- The information transmitted is intended only for the person to whom it is addressed and may contain confidential and/or privileged material. Although SCDS / Venturenet scans incoming and outgoing emails and email attachments for viruses we cannot guarantee a communication to be free of all viruses nor accept any responsibility for viruses. Although SCDS / Venturenet monitors incoming and outgoing emails for inappropriate content, we cannot be held responsible for the views or expressions of the author. The views expressed may not necessarily be those of SCDS / Venturenet and as such, cannot be held responsible for any loss or injury resulting from the contents of a message. --
Re: radutmp woes
On Sun, Jan 16, 2005 at 11:15:35PM -0600, Sam Morris wrote: > Hello > After much hair pulling I have Freeradius 1.0.1 working nearly 100%. But I'm > having issues with radutmp (at least I think that's where the trouble > lies). > When I do a radlast, it says this: > [EMAIL PROTECTED] radius]# radlast > > radwtmp begins Sun Jan 16 17:00:27 2005 Radlast uses radwtmp, radutmp is used by radwho... radutmp has it's own module, but radwtmp is written by the unix module, which I'm gonna guess you've disabled since you're not using unix accounts to authenticate. If that's true, you can just put the unix instance in the accounting section, and all if will do is write to radwtmp. (Which is pretty neat, actually. ^_^) > This even though hundreds of people have logged in (via dialup). > radlast also shows nothing. > So it is authenticating people and logging those authentications > just fine. It's also writing the detail files in /var/log/radius/radacct/ > The radutmp and radwtmp files ARE getting written in /var/log/radius/ I found something was creating radwtmp even though I'm not using it, but I haven't bothered to find out _what_... I think something in the default start script must touch it, since it seems to exist but be 0 bytes long. Presumably this is to ensure correct permissions on the file, since I think it is by default treated like wtmp and readable by anyone. (Like safe_radutmp and unlike radutmp instances in the default radius.conf) -- Paul "TBBle" Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
