Problem with freeradius on SuSE 9.2
I'm trying to install run freeradius on SuSE 9.2 Pro but when I try running using /usr/sbin/radiusd -sfxxyz I get the following error message: radiusd: entering modules setup Module: Library search path is /usr/lib/freeradius radiusd.conf[1367] Failed to link to module 'rlm_exec': rlm_exec.a: cannot open shared object file: No such file or directory however ls shows: callisto:/etc # ls -la /usr/lib/freeradius/rlm_exec* lrwxrwxrwx 1 root root 11 Feb 12 08:32 /usr/lib/freeradius/rlm_exec-1.0.0.la -> rlm_exec.la -rw-r--r-- 1 root root 7002 Oct 5 2004 /usr/lib/freeradius/rlm_exec.a -rw-r--r-- 1 root root 701 Oct 5 2004 /usr/lib/freeradius/rlm_exec.la I have the following rpms installed: freeradius-1.0.0-5 radiusclient-0.3.2-142 freeradius-devel-1.0.0-5 pam_radius-1.3.16-67 and radiusd.conf is jsut the SuSE 9.2 default at the moment The full output from radiusd startup is below. Can anyone help me track down where I have gone wrong. Thanks, Neil * radiusd -sfxxyg output * callisto:/etc # /usr/sbin/radiusd -sfxxyz Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/lib/freeradius" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/radiusd/radiusd.pid" main: user = "radiusd" main: group = "radiusd" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib/freeradius radiusd.conf[1367] Failed to link to module 'rlm_exec': rlm_exec.a: cannot open shared object file: No such file or directory begin:vcard fn:Neil Muller n:Muller;Neil org:Neologix Pty Ltd adr:;;PO Box 3183;Weston Creek;ACT;2611;Australia email;internet:[EMAIL PROTECTED] tel;work:02 6287 5900 tel;fax:02 6287 5911 tel;cell:0408 977 976 x-mozilla-html:FALSE url:http://www.neologix.net version:2.1 end:vcard - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: multiple huntgroup, same NAS-IP
regexps huh!! care you post an example please? Thanks, --- Jonathan De Graeve <[EMAIL PROTECTED]> wrote: > > -Oorspronkelijk bericht- > > Van: freeradius-users- > > > [EMAIL PROTECTED] > > [mailto:freeradius-users- > > > [EMAIL PROTECTED] > Namens > Agent > > Smith > > Verzonden: zaterdag 11 februari 2006 18:08 > > Aan: FreeRadius users mailing list > > Onderwerp: Re: multiple huntgroup, same NAS-IP > > > > > > I have 100s of users but here is an example. > > goal: > > user u1: has access from NAS-IP 192.168.50.5 > > user u2: has access from NAS-IP 192.168.5 and 6 > > > > currently I have huntgroup defination such as, > > hu1 NAS-IP-Address 192.168.50.5 > > hu2 NAS-IP-Adderss 192.168.50.6 > > > > Then in the users file, (sorry if the syntax is > not > > exactly correct here) > > u1 Auth-by: Local, huntgroup: hu1 > > u2 Auth-by: Local, hungrroup: hu2 > > #then also, > > u1 Auth-by: Local, huntgroup: hu2 > > Using regexp you can match both, that's how I do it > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re:problem with simultanous use...any idea (tommy garsia)
Hi sean.,Ok ...i'll wait for it sean... regards..Hi Tommy,Glad I could help. I'm working on MySQL commands to limit total usage using AccInputOctets and AccOutputOctets in Radacct.I'll let you know when I have it finished and tested.Regards,Sean Brackenhttp://swarmhotspots.com What are the most popular cars? Find out at Yahoo! Autos - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ldap problem
Norbert Wegener <[EMAIL PROTECTED]> wrote: > Is there any way to honor the operator >= in the users file in this case > without modifying the source code? No. This really requires rlm_policy. There you can do something like: ... if ("%{ldap:query...}" >= 500) { ... } ... Assuming you make rlm_policy support integer comparisons, too. This has the added bonus that you can now do fail-over on the LDAP query. But the rlm_policy code isn't quite ready for prime time. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_ldap problem
For an 802.1x authentication radius first asks an ad server to get information about a specific machine account. If this account belongs to a certain group, the users file is consulted to check, which vlan the account gets assigned. In radiusd.conf I set the groupname_attribute in the the ldap section: groupname_attribute = "primaryGroupID" This works with a user file and entries like this without problems: DEFAULT Ldap-Group == "515", Auth-Type := Accept Framed-Type = Framed, Tunnel-Type = VLAN, Tunnel-Medium-Type = 802, Tunnel-Private-Group-ID = Core1 For some reason I want the operator here not to be ==, but >= and change the entry to: DEFAULT Ldap-Group >= "500", Auth-Type := Accept Framed-Type = Framed, Tunnel-Type = VLAN, Tunnel-Medium-Type = 802, Tunnel-Private-Group-ID = Core1, Fall-Through = no In this case I get: rlm_ldap::groupcmp: Group 500 not found or user not a member Further digging in radiusd -AX's output unveiles the reason: rlm_ldap: performing search in dc=MYDOM,dc=NET, with filter (&(primaryGroupID=500)(|(&(objectClass=GroupOfNames)(member=CN=MC The search here is done with "=": primaryGroupID=500 Is there any way to honor the operator >= in the users file in this case without modifying the source code? Thanks Norbert Wegener - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: multiple huntgroup, same NAS-IP
> -Oorspronkelijk bericht- > Van: freeradius-users- > [EMAIL PROTECTED] > [mailto:freeradius-users- > [EMAIL PROTECTED] Namens Agent > Smith > Verzonden: zaterdag 11 februari 2006 18:08 > Aan: FreeRadius users mailing list > Onderwerp: Re: multiple huntgroup, same NAS-IP > > > I have 100s of users but here is an example. > goal: > user u1: has access from NAS-IP 192.168.50.5 > user u2: has access from NAS-IP 192.168.5 and 6 > > currently I have huntgroup defination such as, > hu1 NAS-IP-Address 192.168.50.5 > hu2 NAS-IP-Adderss 192.168.50.6 > > Then in the users file, (sorry if the syntax is not > exactly correct here) > u1 Auth-by: Local, huntgroup: hu1 > u2 Auth-by: Local, hungrroup: hu2 > #then also, > u1 Auth-by: Local, huntgroup: hu2 Using regexp you can match both, that's how I do it - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: multiple huntgroup, same NAS-IP
I have 100s of users but here is an example. goal: user u1: has access from NAS-IP 192.168.50.5 user u2: has access from NAS-IP 192.168.5 and 6 currently I have huntgroup defination such as, hu1 NAS-IP-Address 192.168.50.5 hu2 NAS-IP-Adderss 192.168.50.6 Then in the users file, (sorry if the syntax is not exactly correct here) u1 Auth-by: Local, huntgroup: hu1 u2 Auth-by: Local, hungrroup: hu2 #then also, u1 Auth-by: Local, huntgroup: hu2 see how I had to make two entries for user u1. I was wonderig if there is better way to do that. --- Alan DeKok <[EMAIL PROTECTED]> wrote: > Agent Smith <[EMAIL PROTECTED]> wrote: > > first, thanks for writting and giving out FR. I > have > > been given $$ to buy commercial radius but I > haven't > > since I love FR, I think it has more featurs then > the > > commercial one we looked at so good job!!! > > Thanks. > > > Is it possible for same NAS-IP to be in multiple > > huntgroups? > > I'm not sure. > > > see what I am trying to do is limit access based > on > > NAS-IP address, is there any other way to do this? > > Limit who's access to what? > > > one more thing, I wrote a dictionay.raritan file, > > where do I contribute? > > Mail it to the list. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: multiple huntgroup, same NAS-IP
I use radius groups for this. Huntgroups to differentiate my nas ips and radius groups to control my clients -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jonathan De Graeve Sent: 10 February 2006 22:55 To: FreeRadius users mailing list Subject: RE: multiple huntgroup, same NAS-IP > > Is it possible for same NAS-IP to be in multiple > > huntgroups? > > I'm not sure. No, it will match the first huntgroup it reaches in the huntgroups file. I tried that to. -- Jonathan De Graeve Network/System Administrator Imelda vzw Informatica Dienst 015/50.52.98 [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re:problem with simultanous use...any idea (tommy garsia)
> > Thanks seanit works great!! > > > > is there any way to limit user's bandwidth?? > > can i specify how many user's content/total bandwidth which can be > > downloaded? > > e.gi give only 10 MB to user A... > > > > regards, > > > > > > Sean <[EMAIL PROTECTED]> wrote: On Fri, 2006-02-10 at 11:15 +0100, > > [EMAIL PROTECTED] wrote: > > > problem with simultanous use...any idea???tommy garsia > > > > > > > Hi guys... > > > > > > I've finished compile and install freeradius v1.1.0 with mysql...and > > > work great... > > > and i'm happy with it... > > > now i have a problem during the accounting > > > what should i do if i want to limit only one connection per one > > > user..?? > > > what should i do with my freeradius configuration? > > > > > > best regards, > > > > > > > > > tommy > > > > > Set simultaneous-use :=1 in radcheck > > and enable simultaneous use checking in sql.conf > > Hi Tommy, Glad I could help. I'm working on MySQL commands to limit total usage using AccInputOctets and AccOutputOctets in Radacct. I'll let you know when I have it finished and tested. Regards, Sean Bracken http://swarmhotspots.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re:problem with simultanous use...any idea
Thanks seanit works great!! is there any way to limit user's bandwidth?? can i specify how many user's content/total bandwidth which can be downloaded? e.gi give only 10 MB to user A... regards, Sean <[EMAIL PROTECTED]> wrote: On Fri, 2006-02-10 at 11:15 +0100,[EMAIL PROTECTED] wrote:> problem with simultanous use...any idea???tommy garsia> Hi guys...> > I've finished compile and install freeradius v1.1.0 with mysql...and> work great...> and i'm happy with it...> now i have a problem during the accounting> what should i do if i want to limit only one connection per one> user..??> what should i do with my freeradius configuration? > > best regards! ,> > > tommy> Set simultaneous-use :=1 in radcheckand enable simultaneous use checking in sql.confRegards,Seanhttp://swarmhotspots.com- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html__Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html