Problem with freeradius on SuSE 9.2

[Neil Muller]

I'm trying to install run freeradius on SuSE 9.2 Pro but when I try running
using   /usr/sbin/radiusd -sfxxyz I get the following error message:

radiusd:  entering modules setup
Module: Library search path is /usr/lib/freeradius
radiusd.conf[1367] Failed to link to module 'rlm_exec': rlm_exec.a: cannot
open shared object file: No such file or directory

however ls shows:

callisto:/etc # ls -la /usr/lib/freeradius/rlm_exec*
lrwxrwxrwx  1 root root   11 Feb 12
08:32 /usr/lib/freeradius/rlm_exec-1.0.0.la -> rlm_exec.la
-rw-r--r--  1 root root 7002 Oct  5  2004 /usr/lib/freeradius/rlm_exec.a
-rw-r--r--  1 root root  701 Oct  5  2004 /usr/lib/freeradius/rlm_exec.la

I have the following rpms installed:

freeradius-1.0.0-5
radiusclient-0.3.2-142
freeradius-devel-1.0.0-5
pam_radius-1.3.16-67

and radiusd.conf is jsut the SuSE 9.2 default at the moment

The full output from radiusd startup is below.

Can anyone help me track down where I have gone wrong.

Thanks,

Neil

* radiusd -sfxxyg output *
callisto:/etc # /usr/sbin/radiusd -sfxxyz
Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /etc/raddb/proxy.conf
Config:   including file: /etc/raddb/clients.conf
Config:   including file: /etc/raddb/snmp.conf
Config:   including file: /etc/raddb/eap.conf
Config:   including file: /etc/raddb/sql.conf
  main: prefix = "/usr"
  main: localstatedir = "/var"
  main: logdir = "/var/log/radius"
  main: libdir = "/usr/lib/freeradius"
  main: radacctdir = "/var/log/radius/radacct"
  main: hostname_lookups = no
  main: max_request_time = 30
  main: cleanup_delay = 5
  main: max_requests = 1024
  main: delete_blocked_requests = 0
  main: port = 0
  main: allow_core_dumps = no
  main: log_stripped_names = no
  main: log_file = "/var/log/radius/radius.log"
  main: log_auth = no
  main: log_auth_badpass = no
  main: log_auth_goodpass = no
  main: pidfile = "/var/run/radiusd/radiusd.pid"
  main: user = "radiusd"
  main: group = "radiusd"
  main: usercollide = no
  main: lower_user = "no"
  main: lower_pass = "no"
  main: nospace_user = "no"
  main: nospace_pass = "no"
  main: checkrad = "/usr/sbin/checkrad"
  main: proxy_requests = yes
  proxy: retry_delay = 5
  proxy: retry_count = 3
  proxy: synchronous = no
  proxy: default_fallback = yes
  proxy: dead_time = 120
  proxy: post_proxy_authorize = yes
  proxy: wake_all_if_all_dead = no
  security: max_attributes = 200
  security: reject_delay = 1
  security: status_server = no
  main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/lib/freeradius
radiusd.conf[1367] Failed to link to module 'rlm_exec': rlm_exec.a: cannot
open shared object file: No such file or directory

begin:vcard
fn:Neil Muller
n:Muller;Neil
org:Neologix Pty Ltd
adr:;;PO Box 3183;Weston Creek;ACT;2611;Australia
email;internet:[EMAIL PROTECTED]
tel;work:02 6287 5900
tel;fax:02 6287 5911
tel;cell:0408 977 976
x-mozilla-html:FALSE
url:http://www.neologix.net
version:2.1
end:vcard

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: multiple huntgroup, same NAS-IP

[Agent Smith]

regexps huh!!

care you post an example please? 

Thanks,
--- Jonathan De Graeve <[EMAIL PROTECTED]>
wrote:

> > -Oorspronkelijk bericht-
> > Van: freeradius-users-
> >
>
[EMAIL PROTECTED]
> > [mailto:freeradius-users-
> >
>
[EMAIL PROTECTED]
> Namens
> Agent
> > Smith
> > Verzonden: zaterdag 11 februari 2006 18:08
> > Aan: FreeRadius users mailing list
> > Onderwerp: Re: multiple huntgroup, same NAS-IP
> > 
> > 
> > I have 100s of users but here is an example.
> > goal:
> > user u1: has access from NAS-IP 192.168.50.5
> > user u2: has access from NAS-IP 192.168.5 and 6
> > 
> > currently I have huntgroup defination such as,
> > hu1 NAS-IP-Address 192.168.50.5
> > hu2 NAS-IP-Adderss 192.168.50.6
> > 
> > Then in the users file, (sorry if the syntax is
> not
> > exactly correct here)
> > u1 Auth-by: Local, huntgroup: hu1
> > u2 Auth-by: Local, hungrroup: hu2
> > #then also,
> > u1 Auth-by: Local, huntgroup: hu2
> 
> Using regexp you can match both, that's how I do it
> 
> 
> - 
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re:problem with simultanous use...any idea (tommy garsia)

[tommy garsia]

Hi sean.,Ok ...i'll wait for it sean...  regards..Hi Tommy,Glad I could help. I'm working on MySQL commands to limit total usage using AccInputOctets and AccOutputOctets in Radacct.I'll let you know when I have it finished and tested.Regards,Sean Brackenhttp://swarmhotspots.com 
		  
What are the most popular cars? Find out at Yahoo! Autos 
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_ldap problem

[Alan DeKok]

Norbert Wegener <[EMAIL PROTECTED]> wrote:
> Is there any way to honor the operator >= in the users file in this case 
> without modifying the source code?

  No.

  This really requires rlm_policy.  There you can do something like:

  ...
  if ("%{ldap:query...}" >= 500) {
...
  }
  ...

  Assuming you make rlm_policy support integer comparisons, too.  This
has the added bonus that you can now do fail-over on the LDAP query.

  But the rlm_policy code isn't quite ready for prime time.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

rlm_ldap problem

[Norbert Wegener]

For an 802.1x authentication radius first asks an ad server to get 
information about a specific machine account. If this account belongs to 
a certain group,

the users file is consulted to check, which vlan the account gets assigned.

In radiusd.conf  I set the groupname_attribute in the the ldap section:

groupname_attribute = "primaryGroupID"

This works with a user file and entries like this without problems:

DEFAULT Ldap-Group == "515",  Auth-Type := Accept
   Framed-Type = Framed,
   Tunnel-Type = VLAN,
   Tunnel-Medium-Type = 802,
  Tunnel-Private-Group-ID = Core1
 


For some reason I want the operator here not to be ==, but >=
and change the entry to:

DEFAULT Ldap-Group >= "500",  Auth-Type := Accept
   Framed-Type = Framed,
   Tunnel-Type = VLAN,
   Tunnel-Medium-Type = 802,
  Tunnel-Private-Group-ID = Core1,
   Fall-Through = no

In this case I get:

rlm_ldap::groupcmp: Group 500 not found or user not a member

Further digging in radiusd -AX's output unveiles the reason:
rlm_ldap: performing search in dc=MYDOM,dc=NET, with filter 
(&(primaryGroupID=500)(|(&(objectClass=GroupOfNames)(member=CN=MC

The search here is done with "=": primaryGroupID=500

Is there any way to honor the operator >= in the users file in this case 
without modifying the source code?


Thanks
Norbert Wegener


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: multiple huntgroup, same NAS-IP

[Jonathan De Graeve]

> -Oorspronkelijk bericht-
> Van: freeradius-users-
> [EMAIL PROTECTED]
> [mailto:freeradius-users-
> [EMAIL PROTECTED] Namens
Agent
> Smith
> Verzonden: zaterdag 11 februari 2006 18:08
> Aan: FreeRadius users mailing list
> Onderwerp: Re: multiple huntgroup, same NAS-IP
> 
> 
> I have 100s of users but here is an example.
> goal:
> user u1: has access from NAS-IP 192.168.50.5
> user u2: has access from NAS-IP 192.168.5 and 6
> 
> currently I have huntgroup defination such as,
> hu1 NAS-IP-Address 192.168.50.5
> hu2 NAS-IP-Adderss 192.168.50.6
> 
> Then in the users file, (sorry if the syntax is not
> exactly correct here)
> u1 Auth-by: Local, huntgroup: hu1
> u2 Auth-by: Local, hungrroup: hu2
> #then also,
> u1 Auth-by: Local, huntgroup: hu2

Using regexp you can match both, that's how I do it


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: multiple huntgroup, same NAS-IP

[Agent Smith]

I have 100s of users but here is an example.
goal:
user u1: has access from NAS-IP 192.168.50.5
user u2: has access from NAS-IP 192.168.5 and 6

currently I have huntgroup defination such as,
hu1 NAS-IP-Address 192.168.50.5
hu2 NAS-IP-Adderss 192.168.50.6

Then in the users file, (sorry if the syntax is not
exactly correct here)
u1 Auth-by: Local, huntgroup: hu1
u2 Auth-by: Local, hungrroup: hu2
#then also,
u1 Auth-by: Local, huntgroup: hu2

see how I had to make two entries for user u1. I was
wonderig if there is better way to do that.



--- Alan DeKok <[EMAIL PROTECTED]> wrote:

> Agent Smith <[EMAIL PROTECTED]> wrote:
> > first, thanks for writting and giving out FR. I
> have
> > been given $$ to buy commercial radius but I
> haven't
> > since I love FR, I think it has more featurs then
> the
> > commercial one we looked at so good job!!!
> 
>   Thanks.
> 
> > Is it possible for same NAS-IP to be in multiple
> > huntgroups?
> 
>   I'm not sure.
> 
> > see what I am trying to do is limit access based
> on
> > NAS-IP address, is there any other way to do this?
> 
>   Limit who's access to what?
>  
> > one more thing, I wrote a dictionay.raritan file,
> > where do I contribute? 
> 
>   Mail it to the list.
> 
>   Alan DeKok.
> - 
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: multiple huntgroup, same NAS-IP

[alan]

I use radius groups for this.
Huntgroups to differentiate my nas ips and radius groups to control my
clients

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Jonathan De Graeve
Sent: 10 February 2006 22:55
To: FreeRadius users mailing list
Subject: RE: multiple huntgroup, same NAS-IP 

> > Is it possible for same NAS-IP to be in multiple
> > huntgroups?
> 
>   I'm not sure.

No, it will match the first huntgroup it reaches in the huntgroups file.

I tried that to.

--
Jonathan De Graeve
Network/System Administrator
Imelda vzw
Informatica Dienst
015/50.52.98
[EMAIL PROTECTED]


- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re:problem with simultanous use...any idea (tommy garsia)

[Sean]

> > Thanks seanit works great!!
> > 
> >  is there any way to limit  user's bandwidth?? 
> >  can i specify how many user's content/total bandwidth which can be 
> > downloaded?
> >  e.gi give only 10 MB to user A...
> >  
> >  regards,
> >  
> > 
> > Sean <[EMAIL PROTECTED]> wrote: On Fri, 2006-02-10 at 11:15 +0100,
> > [EMAIL PROTECTED] wrote:
> > > problem with simultanous use...any idea???tommy garsia
> > 
> > 
> > > Hi guys...
> > >   
> > >   I've finished compile and install freeradius v1.1.0 with mysql...and
> > > work great...
> > >   and i'm happy with it...
> > >   now i have a problem during the accounting
> > >   what should i do if i want to limit only one connection per one
> > > user..??
> > >   what should i do with my freeradius configuration? 
> > >   
> > >   best regards,
> > >   
> > >   
> > >   tommy
> > >   
> > Set simultaneous-use :=1 in radcheck
> > and enable simultaneous use checking in sql.conf
> > 
Hi Tommy,
Glad I could help. 

I'm working on MySQL commands to limit total usage using AccInputOctets and 
AccOutputOctets in Radacct.
I'll let you know when I have it finished and tested.

Regards,

Sean Bracken
http://swarmhotspots.com 
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re:problem with simultanous use...any idea

[tommy garsia]

Thanks seanit works great!! is there any way to limit  user's bandwidth??  can i specify how many user's content/total bandwidth which can be downloaded? e.gi give only 10 MB to user A...  regards,  Sean <[EMAIL PROTECTED]> wrote: On Fri, 2006-02-10 at 11:15 +0100,[EMAIL PROTECTED] wrote:> problem with simultanous use...any idea???tommy garsia> Hi guys...>   >   I've finished compile and install freeradius v1.1.0 with mysql...and> work great...>   and i'm happy with it...>   now i have a problem during the accounting>   what should i do if i want to limit only one connection per one> user..??>   what should i do with my freeradius configuration? >   >   best regards!
 ,>
   >   >   tommy>   Set simultaneous-use :=1 in radcheckand enable simultaneous use checking in sql.confRegards,Seanhttp://swarmhotspots.com- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html__Do You Yahoo!?Tired of spam?  Yahoo! Mail has the best spam protection around http://mail.yahoo.com - 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html