Re: freeradius password caching problem
System pocztowy Galtex S.A. informuje, iz Twoja wiadomosc zostala dostarczona Wiadomosc wygenerowana automatycznie przez system pocztowy uzytkownika belskia Prosze na ta wiadomosc nie odpowiadac. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius password caching problem
Hi, I am using freeradius version 1.0.5 for authenticating users with Lucent Portmaster 3. I am trying since a few weeks to get the thing straight. People are able to authenticate correctly, but I have a few minor problems. 1- the radiusd.pid file is not created 2- the passwd file (which I believe is from the users file) is not refreshed. I would prefer to use the /etc/passwd file and have it cached, but even if I activate it with cache = yes, it doesn't seem to work. I also use the cache refresh setting. If I use cache = no, it still seem to use the same users file. 3- I want to send all the logs to syslog, but this also doesn't seem to work, unless it's sent to a file. I tried syslog_facility = daemon, but still doesn't work. Any help will be well appreciated. Thanks, Pierre Forget - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Bandwith controll
"Alex M" <[EMAIL PROTECTED]> wrote: > Are there any general variable, because I'm using different NASes, although > mostly D-Link DSA-3100 No. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Computer Logon with PEAP-MSCHAPv2
Sebastian Mauer <[EMAIL PROTECTED]> wrote: > I found a lot of helpful HowTos and Documentations but never > managed to get Information about Computer Logons with PEAP. This was discussed very recently on this list. See the list archives. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Bandwith controll
Are there any general variable, because I'm using different NASes, although mostly D-Link DSA-3100 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Monday, October 31, 2005 4:15 PM To: FreeRadius users mailing list Subject: Re: Bandwith controll "Alex M" <[EMAIL PROTECTED]> wrote: > I'm a newbie here, please tell me where I can find info on controlling user > bandwidth and allowed TCP/IP ports!! Read your NAS documentation. Then, configure FreeRADIUS to send the attributes the NAS expects. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help with config files for wireless EAP-TTLS
Michael Wang <[EMAIL PROTECTED]> wrote: > "qa" Auth-Type := EAP, User-Password == "qa" Don't set "Auth-Type := EAP". See the long explanation why at the top of the "eap.conf" file. Also, use ":=" for the User-Password. See the "man users" page for details. If there's no User-Password in the packet, then '==' can't compare "qa" to anything in the password, and that entry will never match. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Bandwith controll
"Alex M" <[EMAIL PROTECTED]> wrote: > I'm a newbie here, please tell me where I can find info on controlling user > bandwidth and allowed TCP/IP ports!! Read your NAS documentation. Then, configure FreeRADIUS to send the attributes the NAS expects. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Bandwith controll
I’m a newbie here, please tell me where I can find info on controlling user bandwidth and allowed TCP/IP ports!! Appreciate your help!!! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
help with config files for wireless EAP-TTLS
Hi, I am trying to set up my FreeRadius 1.0.4 to do wireless EAP-TTLS. I got it working for EAP-TLS and EAP-PEAP, so I know my config is basically correct. The problem I am having is that I would like to use the same userid for the "outer" and "inner" EAP identity string. So in my user's file, I have a line that looks like: "qa" Auth-Type := EAP, User-Password == "qa" Now when my client tries to authenticate, the TLS tunnel is set up OK, but when we get to the inner MSCHAP protocol, FreeRadius still thinks we are doing EAP and rejects the authentication attempt. Here is a snippet from the output of radiusd -A -X (other): SSL negotiation finished successfully <--- (so far so good) SSL Connection Established eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 3 modcall: group authenticate returns handled for request 3 Sending Access-Challenge of id 3 to 10.222.0.18:1025 EAP-Message = 0x010400451580003b140301000 10116030100303e6bb07c9ba8bcdd94b7f0ee66d43b439d87b89b99025c1310aa4dc9bf7491555d4d0888ef91a0c7f628b79868ced090 Message-Authenticator = 0x State = 0x3d987f832d6f6ed2f7e42b0fe6b2d77b Finished request 3 Going to the next request Waking up in 2 seconds... rad_recv: Access-Request packet from host 10.222.0.18:1025, id=4, length=353 Message-Authenticator = 0x1d82927ff8e036beeb0aca3ee45c1608 Service-Type = Framed-User User-Name = "qa" Framed-MTU = 1488 State = 0x3d987f832d6f6ed2f7e42b0fe6b2d77b Called-Station-Id = "00-03-7F-04-03-F6:TomAP48" Calling-Station-Id = "00-03-7D-00-06-32" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020400b015001703010020fb074fcc5e5f2df2d24fcee30e4d18a4638a526f045e84651467daae520e2f4417030100809d045521172337970b871775afd53193cae98494128c873dd3786f75c340f7c4992c0f7aa2c4fdecdf595ec0ec65a9692e448c5f7df7b9bff4d975bd7fb112a1cec89c01ea8aba0c328d087ffee23a6637970e1dab1fc959838cbf8e42dae0832c35f409b77a61229991f6ee238292239bec74fc6d5f09a16979aa6f5af4a3c9 NAS-IP-Address = 10.222.0.18 NAS-Port = 1 NAS-Port-Id = "STA port # 1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "qa", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 4 length 176 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched entry qa at line 104 modcall[authorize]: module "files" returns ok for request 4 modcall: group authorize returns updated for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes. Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = MS-CHAP' <--- (At this point, freeradius correctly sets auth-type MSCHAP) modcall[authorize]: module "mschap" returns ok for request 4 rlm_realm: No '@' in User-Name = "qa", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 4 users: Matched entry qa at line 104 < (Uh, oh, we matched that qa line again, and now.) modcall[authorize]: module "files" returns ok for request 4 modcall: group authorize returns ok for request 4 rad_check_password: Found Auth-Type EAP <- (auth-type is set to EAP again, which is not what I want.) auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: EAP-Message not found rlm_eap: Malformed EAP Message modcall[authenticate]: module "eap" returns fail for request 4 modcall: group authenticate returns fail for request 4 auth: Failed to validate the user. TTLS: Got tunneled Access-Reject rlm_eap:
Re: radwtmp
"King, Michael" <[EMAIL PROTECTED]> wrote: > So what is the radwtmp and what is it's purpose? It's a record of who logged in. See "radlast". > Mine's at 500 megs, and growing. I'm wondering if I should get > concerned, since I might have misconfigured something. No. Just nuke it, it won't affect anything. If you don't use radlast, delete "unix" from the "accounting" section. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radwtmp
So what is the radwtmp and what is it's purpose? Mine's at 500 megs, and growing. I'm wondering if I should get concerned, since I might have misconfigured something. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Installation of freeradius on cobalt raq3
Hi there, I am trying to install freeradius-0.9.1 using a tar on a Cobalt Raq 3 box. Some reading I have done it says their should be no issue. It keeps on failing at the end of the make and make install Is their anything special I should be doing ... <<< ls.c: In function `load_dh_params': tls.c:38: too many arguments to function `PEM_read_bio_DHparams' tls.c: In function `init_tls_ctx': tls.c:111: warning: implicit declaration of function `SSL_CTX_set_default_passwd_cb_userdata' tls.c:112: warning: passing arg 2 of `SSL_CTX_set_default_passwd_cb' from incompatible pointer type tls.c:179: warning: implicit declaration of function `RAND_load_file' tls.c: In function `new_tls_session': tls.c:220: warning: implicit declaration of function `SSL_set_msg_callback' tls.c:221: warning: implicit declaration of function `SSL_set_msg_callback_arg' gmake[10]: *** [tls.o] Error 1 Shaun Krok -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.12.6/151 - Release Date: 10/28/2005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Computer Logon with PEAP-MSCHAPv2
Hello there, after setting up our new central Radius Server I now want to finally set up PEAP-MSCHAPv2 with support for Computer acces, that my users can log in to the Samba administered Domain from Wireless Terminals (like their Laptops). I found a lot of helpful HowTos and Documentations but never managed to get Information about Computer Logons with PEAP. I understand that PEAP only uses certificates to identify the Radius Server, but uses Username/Password for connecting Users to the Wireless Network. Can someone point me to a resource or tell me how to do this all for Machines that they can authenticate when no user has logged in, to manage connection to the Domain when it comes to specific User login. Greetings, Sebastian Mauer - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 1.0.5 installation on Suse 64 biut platform
libgdbm-devel rpm package installed? -- GLS IT Services Thomas Mieslinger GLS Germany Str. 1-7 fon: +49 6677 17 463 36286 Neuenstein fax: +49 6677 17 111 GermanyeMail: [EMAIL PROTECTED] [EMAIL PROTECTED] schrieb am 31.10.2005 13:49:49: > Good day. > > I am having a problem installing freeradius on Suse Linux. I am using a > 64 bit AMD dual core platform. Please see the log below : > > -module -export-dynamic \ > -o rlm_counter.la -rpath /usr/local/lib rlm_counter.lo -lgdbm -lssl > -lcrypto -lnsl -lresolv -lpthread > rm -fr .libs/rlm_counter.la .libs/rlm_counter.* > .libs/rlm_counter-1.0.5.* > gcc -shared rlm_counter.lo /usr/lib/libgdbm.so -lssl -lcrypto -lnsl > -lresolv -lpthread -Wl,-soname -Wl,rlm_counter-1.0.5.so -o > .libs/rlm_counter-1.0.5.so > /usr/lib/libgdbm.so: could not read symbols: Invalid operation > collect2: ld returned 1 exit status > gmake[6]: *** [rlm_counter.la] Error 1 > gmake[6]: Leaving directory > `/usr/software/freeradius-1.0.5/src/modules/rlm_counter' > gmake[5]: *** [common] Error 2 > gmake[5]: Leaving directory `/usr/software/freeradius-1.0.5/src/modules' > gmake[4]: *** [all] Error 2 > gmake[4]: Leaving directory `/usr/software/freeradius-1.0.5/src/modules' > gmake[3]: *** [common] Error 2 > gmake[3]: Leaving directory `/usr/software/freeradius-1.0.5/src' > gmake[2]: *** [all] Error 2 > gmake[2]: Leaving directory `/usr/software/freeradius-1.0.5/src' > gmake[1]: *** [common] Error 2 > gmake[1]: Leaving directory `/usr/software/freeradius-1.0.5' > make: *** [all] Error 2 > “This e-mail is sent on the Terms and Conditions that can be > accessed by Clicking on this link http://www.vodacom.net/legal/email.aspx " > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxy Forwarding on User-Name attribute
jeah nice, it works! thanks & regards, -christian --On Sunday, October 30, 2005 11:21:49 AM -0500 Alan DeKok <[EMAIL PROTECTED]> wrote: Christian Meutes <[EMAIL PROTECTED]> wrote: i have the demand to forward some auth-requests to some further radius servers, but only in the case when a specific User-Name is for authorization requested. The User-Name attributes look like this "[EMAIL PROTECTED]" and the userpart is always changing but the realm is always the same. How can i accomplish this without defining every user which is to forward in "proxy.conf"? Set up a realm as normal, and then do: DEFAULT User-Name == "", Proxy-To-Realm: = "realm" Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius 1.0.5 installation on Suse 64 biut platform
Good day. I am having a problem installing freeradius on Suse Linux. I am using a 64 bit AMD dual core platform. Please see the log below : -module -export-dynamic \ -o rlm_counter.la -rpath /usr/local/lib rlm_counter.lo -lgdbm -lssl -lcrypto -lnsl -lresolv -lpthread rm -fr .libs/rlm_counter.la .libs/rlm_counter.* .libs/rlm_counter-1.0.5.* gcc -shared rlm_counter.lo /usr/lib/libgdbm.so -lssl -lcrypto -lnsl -lresolv -lpthread -Wl,-soname -Wl,rlm_counter-1.0.5.so -o .libs/rlm_counter-1.0.5.so /usr/lib/libgdbm.so: could not read symbols: Invalid operation collect2: ld returned 1 exit status gmake[6]: *** [rlm_counter.la] Error 1 gmake[6]: Leaving directory `/usr/software/freeradius-1.0.5/src/modules/rlm_counter' gmake[5]: *** [common] Error 2 gmake[5]: Leaving directory `/usr/software/freeradius-1.0.5/src/modules' gmake[4]: *** [all] Error 2 gmake[4]: Leaving directory `/usr/software/freeradius-1.0.5/src/modules' gmake[3]: *** [common] Error 2 gmake[3]: Leaving directory `/usr/software/freeradius-1.0.5/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/usr/software/freeradius-1.0.5/src' gmake[1]: *** [common] Error 2 gmake[1]: Leaving directory `/usr/software/freeradius-1.0.5' make: *** [all] Error 2 This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link http://www.vodacom.net/legal/email.aspx " - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SV: rlm_sql module won't compile under Solaris 10
also you will need the mysql client libraries, download the full source and ./configure --without-server ; make && make install On Mon, 31 Oct 2005, Torkel Mathisen wrote: Hi Add /usr/ccs/bin to your PATH. Regards, Torkel -Opprinnelig melding- Fra: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] På vegne av M.McNeil Sendt: 28. oktober 2005 22:55 Til: freeradius-users@lists.freeradius.org Emne: rlm_sql module won't compile under Solaris 10 Viktighet: Høy Hello, I'm trying to get FreeRadius 1.0.5 to compile with MySQL / RLM_SQL, under Solaris 10. Configure works just fine, however, after running "make", I get the following: gmake[7]: Entering directory `/export/home/freeradius-1.0.5/src/modules/rlm_sql' Making static in drivers... gmake[8]: Entering directory `/export/home/freeradius-1.0.5/src/modules/rlm_sql/drivers' /usr/sfw/bin/gmake -w WHAT_TO_MAKE=static common gmake[9]: Entering directory `/export/home/freeradius-1.0.5/src/modules/rlm_sql/drivers' Making static in rlm_sql_iodbc... gmake[10]: Entering directory `/export/home/freeradius-1.0.5/src/modules/rlm_sql/drivers/rlm_sql_iodbc' gmake[10]: Nothing to be done for `static'. gmake[10]: Leaving directory `/export/home/freeradius-1.0.5/src/modules/rlm_sql/drivers/rlm_sql_iodbc' Making static in rlm_sql_mysql... gmake[10]: Entering directory `/export/home/freeradius-1.0.5/src/modules/rlm_sql/drivers/rlm_sql_mysql' gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -W -Wredundant-decls -Wundef -I../.. -I../../../../include -I/usr/local/mysql/include -xO3 -mt -D_FORTEC_ -xarch=v8 -xc99=none -c sql_mysql.c -o sql_mysql.o gcc: language c99=none not recognized gcc: sql_mysql.c: linker input file unused because linking not done /export/home/freeradius-1.0.5/libtool --mode=link ld -module -static -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -W -Wredundant-decls -Wundef -I../.. -I../../../../include -I/usr/local/mysql/include -xO3 -mt -D_FORTEC_ -xarch=v8 -xc99=none sql_mysql.o -o rlm_sql_mysql.a mkdir .libs (cd . && ln -s sql_mysql.lo sql_mysql.o) ar cru rlm_sql_mysql.a sql_mysql.o ar: cannot open sql_mysql.o No such file or directory ar: sql_mysql.o not found gmake[10]: *** [rlm_sql_mysql.a] Error 1 gmake[10]: Leaving directory `/export/home/freeradius-1.0.5/src/modules/rlm_sql/drivers/rlm_sql_mysql' gmake[9]: *** [common] Error 2 gmake[9]: Leaving directory `/export/home/freeradius-1.0.5/src/modules/rlm_sql/drivers' gmake[8]: *** [static] Error 2 gmake[8]: Leaving directory `/export/home/freeradius-1.0.5/src/modules/rlm_sql/drivers' gmake[7]: *** [common] Error 2 gmake[7]: Leaving directory `/export/home/freeradius-1.0.5/src/modules/rlm_sql' gmake[6]: *** [static] Error 2 gmake[6]: Leaving directory `/export/home/freeradius-1.0.5/src/modules/rlm_sql' gmake[5]: *** [common] Error 2 gmake[5]: Leaving directory `/export/home/freeradius-1.0.5/src/modules' gmake[4]: *** [all] Error 2 gmake[4]: Leaving directory `/export/home/freeradius-1.0.5/src/modules' gmake[3]: *** [common] Error 2 gmake[3]: Leaving directory `/export/home/freeradius-1.0.5/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/export/home/freeradius-1.0.5/src' gmake[1]: *** [common] Error 2 gmake[1]: Leaving directory `/export/home/freeradius-1.0.5' *** Error code 2 The following command caused the error: /usr/sfw/bin/gmake WHAT_TO_MAKE=all common make: Fatal error: Command failed for target `all' I dowloaded the binary MySQL package from mysql.com and added /usr/local/mysql to my PATH and LD_LIBRARY_PATH variables. FreeRadius can see the files, however, it will *not* compile the rlm_sql module. I've combed the mailing list archive, but I have yet to find a solution to this problem. Has anyone else experienced this issue ? Best Regards, Mike McNeil Sr. Network Engineer Communications & Network Services University of California Berkeley - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html