Re: Pam radius authentication
Isn't there anyone who tried this implementation? > >Hi! >if you are reffering to this line: >"account required pam_radius_auth.so debug" >than here is the explanation: > "The pam configuration can be: >... >auth sufficient /lib/security/pam_radius_auth.so [options] >... >accountsufficient /lib/security/pam_radius_auth.so" > (this is taken from http://www.freeradius.org/pam_radius_auth/USAGE) > >On the other hand, I don't care if I don't use this module for accounting. As >a matter of fact, I tried in many configurations, even without using it for >accounting. >The main concern is to succed in authetincating the users!!! if anyone can >help me accomplish that, I would be happy and I will not mind about >accounting... > > > > >> >>Hi, >> >>> I don't understand why you are saying that "you are invoking >>> pam_radius_auth in the wrong place and for the wrong reason"...please, be >>> more specific and if you know the right configuration, enlight me! >>> >>> >> >#%PAM-1.0 >>> >> >auth required pam_securetty.so >>> >> >auth sufficient pam_radius_auth.so debug >>> >> >auth required /lib/security/pam_unix_auth.so >>> >> >accountrequired pam_radius_auth.so debug >> >> >>explain >> >>alan >>- >>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Dialupadmin and PHP Question
Hi Darcy, What I feel, you might have missed some linux packages to install and because of those only, you are getting dependancy error. I have install freeradius dialupadmin on debian linux machine. I am listing my package lists for php and mysql. debian:~# dpkg -l | grep php ii php4 4.3.10-16 server-side, HTML-embedded scripting languag ii php4-cgi 4.3.10-16 server-side, HTML-embedded scripting languag ii php4-cli 4.3.10-16 command-line interpreter for the php4 script ii php4-common4.3.10-16 Common files for packages built from the php ii php4-mysql 4.3.10-16 MySQL module for php4 debian:~# dpkg -l | grep mysql ii libdbd-mysql-p 2.9006-1 A Perl5 database interface to the MySQL data ii libmysqlclient 4.0.24-10sarge mysql database client library ii mysql-client 4.0.24-10sarge mysql database client binaries ii mysql-common 4.0.24-10sarge mysql database common files (e.g. /etc/mysql ii mysql-server 4.0.24-10sarge mysql database server binaries ii php4-mysql 4.3.10-16 MySQL module for php4 Hp this helps !! Vineet -Original Message- From: Darcy Parker [mailto:[EMAIL PROTECTED] Sent: Friday, October 20, 2006 1:06 AM To: freeradius-users@lists.freeradius.org Subject: Dialupadmin and PHP Question Good day all, I am running ubuntu 6.06, I have apache2, PHP5, and MySql installed. I ran the following command to install freeradius: [EMAIL PROTECTED]:~# apt-get install freeradius freeradius-ldap freeradius-mysql freeradius-krb5 libperl5.8 I then ran the following command to get dialupadmin [EMAIL PROTECTED]:~# apt-get install freeradius-dialupadmin Reading package lists... Done Building dependency tree... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. Since you only requested a single operation it is extremely likely that the package is simply not installable and a bug report against that package should be filed. The following information may help to resolve the situation: The following packages have unmet dependencies: freeradius-dialupadmin: Depends: php4 but it is not going to be installed E: Broken packages How do I make this work or is there something else I can use? (Webmin?) Darcy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Rewrite Attribute when proxy the specific realm
I found the solution.The preproxy_users file can rewrite attribute by the specific realm.Thanks.Rio2006/10/20, Rio Yang <[EMAIL PROTECTED] >:Thanks.But the hints file can only add new attributes.I wanna to rewrite the attribute not create new one. Any new idea?Rio2006/10/20, Richard Cotrina < [EMAIL PROTECTED]>: You might use regular expressions in the hints file. - Original Message - From: Rio Yang To: freeradius-users@lists.freeradius.org Sent: Tuesday, October 17, 2006 8:03 PM Subject: Rewrite Attribute when proxy the specific realm Hi, I have tried attr_rewrite function to rewrite attribute value on specific attribute successfully.But now, I want to rewrite to attribute that proxy to specific realm.For example, When the AUTH proxy the realm " abc.com".I wanna to rewrite the attribute "NAS-Identifier" value into new one.Could somebody know to how configure it?Thanks.Rio - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Rewrite Attribute when proxy the specific realm
Thanks.But the hints file can only add new attributes.I wanna to rewrite the attribute not create new one.Any new idea?Rio2006/10/20, Richard Cotrina < [EMAIL PROTECTED]>: You might use regular expressions in the hints file. - Original Message - From: Rio Yang To: freeradius-users@lists.freeradius.org Sent: Tuesday, October 17, 2006 8:03 PM Subject: Rewrite Attribute when proxy the specific realm Hi, I have tried attr_rewrite function to rewrite attribute value on specific attribute successfully.But now, I want to rewrite to attribute that proxy to specific realm.For example, When the AUTH proxy the realm " abc.com".I wanna to rewrite the attribute "NAS-Identifier" value into new one.Could somebody know to how configure it?Thanks.Rio - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: static IP's with rlm_perl
Hello, Here is the debug info: >From the information it looks like I have added the information correctly >however it is not sent to the client: --snip-- rlm_perl: Added pair Framed-Protocol = PPP rlm_perl: Added pair Framed-Netmask = 255.255.255.255 rlm_perl: Added pair Service-Type = Framed-User rlm_perl: Added pair Framed-IP-Address = 192.168.77.200 rlm_perl: Added pair Framed-Compression = Van-Jacobson-TCP-IP rlm_perl: Added pair Framed-MTU = 576 rlm_perl: Added pair Framed-Protocol = PPP rlm_perl: Added pair NT-Password = 213C197ADF831F46188DC68E3F46860F rlm_perl: Added pair Service-Type = Framed-User rlm_perl: Added pair Auth-Type = MS-CHAP .. Sending Access-Accept of id 70 to 127.0.0.1 port 32809 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User Framed-Protocol = PPP Framed-Compression = Van-Jacobson-TCP-IP Framed-Netmask = 255.255.255.255 MS-CHAP2-Success = 0xa4533d41433543323433323341454632313338464643433730443243453533314646353533423131354634 MS-MPPE-Recv-Key = 0xae0f9b99af199f01fe9ab857a793739a MS-MPPE-Send-Key = 0x3c24917e4b02abdc1bd303ea21d95b71 MS-MPPE-Encryption-Policy = 0x0002 MS-MPPE-Encryption-Types = 0x0004 --snip-- So any feedback would be helpful, the whole debug info is below: --snip-- rad_recv: Access-Request packet from host 127.0.0.1:32809, id=70, length=146 Service-Type = Framed-User Framed-Protocol = PPP User-Name = "rigvpn_user1" MS-CHAP-Challenge = 0xee068979e7bafef383f8c90f3520d8e9 MS-CHAP2-Response = 0xa400809dff2ecb2017413f1b7b5b71e5e1f3cee84de052f0d485d683d9350d9fd4b4410744a13cc2de0c Calling-Station-Id = ".271" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap' modcall[authorize]: module "mschap" returns ok for request 0 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 175 users: Matched entry DEFAULT at line 187 modcall[authorize]: module "files" returns ok for request 0 perl_pool: item 0x8eecac0 asigned new request. Handled so far: 1 found interpetator at address 0x8eecac0 rlm_perl: PASON RPM AUTH REQUEST: Service-Type = Framed-User rlm_perl: PASON RPM AUTH REQUEST: Calling-Station-Id = .271 rlm_perl: PASON RPM AUTH REQUEST: MS-CHAP-Challenge = 0xee068979e7bafef383f8c90f3520d8e9 rlm_perl: PASON RPM AUTH REQUEST: Client-IP-Address = 127.0.0.1 rlm_perl: PASON RPM AUTH REQUEST: Framed-Protocol = PPP rlm_perl: PASON RPM AUTH REQUEST: User-Name = rigvpn_user1 rlm_perl: PASON RPM AUTH REQUEST: MS-CHAP2-Response = 0xa400809dff2ecb2017413f1b7b5b71e5e1f3cee84de052f0d485d683d9350d9fd4b4410744a13cc2de0c rlm_perl: PASON RPM AUTH REQUEST: NAS-IP-Address = 127.0.0.1 rlm_perl: PASON RPM AUTH REQUEST: NAS-Port = 0 rlm_perl: Added pair Framed-Protocol = PPP rlm_perl: Added pair Framed-Netmask = 255.255.255.255 rlm_perl: Added pair Service-Type = Framed-User rlm_perl: Added pair Framed-IP-Address = 192.168.77.200 rlm_perl: Added pair Framed-Compression = Van-Jacobson-TCP-IP rlm_perl: Added pair Framed-MTU = 576 rlm_perl: Added pair Framed-Protocol = PPP rlm_perl: Added pair NT-Password = 213C197ADF831F46188DC68E3F46860F rlm_perl: Added pair Service-Type = Framed-User rlm_perl: Added pair Auth-Type = MS-CHAP perl_pool total/active/spare [32/0/32] Unreserve perl at address 0x8eecac0 modcall[authorize]: module "perl" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type MS-CHAP auth: type "MS-CHAP" Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 0 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: Found NT-Password rlm_mschap: Told to do MS-CHAPv2 for rigvpn_user1 with NT-Password rlm_mschap: adding MS-CHAPv2 MPPE keys modcall[authenticate]: module "mschap" returns ok for request 0 modcall: leaving group MS-CHAP (returns ok) for request 0 Login OK: [rigvpn_user1/] (from client localhost port 0 cli .271) Sending Access-Accept of id 70 to 127.0.0.1 port 32809 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User Framed-Protocol = PPP Framed-Compression = Van-Jacobson-TCP-IP Framed-Netmask = 255.255.255.255 MS-CHAP2-Success = 0xa4533d41433543323433323341454632313338464643433730443243453533314646353533423131354634 MS-MPPE-Recv-Key = 0xae0f9b99af199f01fe9ab857a793739a MS-MPPE-Send-Key = 0x3c24917e4b02abdc1bd303ea21d95b71 MS-MPPE-Encryption-Policy = 0x0002 MS-MPPE-E
Re: Difference between radiusd-cistron and freeradius?
That explains a lot - thank you. I was certain I was trying to install the wrong thing :) Thanks, Jan On 20/10/06, Alan DeKok <[EMAIL PROTECTED]> wrote: "Jan Mulders" <[EMAIL PROTECTED]> wrote: > I've tried looking in the cvs-snapshots subfolder, and found: > > radiusd-cistron-1.6-snapshot-20061019.tar.gz > > Is this freeradius? No. > upon which point it sits there doing nothing for about 20 minutes. The machine appears to be overloaded, with a disk that's nearly full. I'll see if there's anything I can do. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Difference between radiusd-cistron and freeradius?
"Jan Mulders" <[EMAIL PROTECTED]> wrote: > I've tried looking in the cvs-snapshots subfolder, and found: > > radiusd-cistron-1.6-snapshot-20061019.tar.gz > > Is this freeradius? No. > upon which point it sits there doing nothing for about 20 minutes. The machine appears to be overloaded, with a disk that's nearly full. I'll see if there's anything I can do. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Difference between radiusd-cistron and freeradius?
Hello, I'm currently trying to get hold of a CVS snapshot of the latest FreeRADIUS build - but I'm having some real trouble. I've tried looking in the cvs-snapshots subfolder, and found: radiusd-cistron-1.6-snapshot-20061019.tar.gz Is this freeradius? I would like the new functionality that allows me to write to the RAD_CHECK hash from rlm_perl, that's the only reason I want to use CVS. When I attempt to connect to CVS, I get the following: [EMAIL PROTECTED] [~/installs/radiusd-cvs]# cvs -d :pserver:[EMAIL PROTECTED]:/source login Logging in to :pserver:[EMAIL PROTECTED]:2401/source CVS password: [EMAIL PROTECTED] [~/installs/radiusd-cvs]# cvs -d :pserver:[EMAIL PROTECTED]:/source checkout radiusd upon which point it sits there doing nothing for about 20 minutes. I presume this is not normal CVS behaviour? Where do I get the correct CVS snapshot for freeradius? I apologise, this is probably very obvious but I've been trying all day to figure out why the snapshot I had downloaded (see top of email) doesn't read from config files, or accept the radiusd -X switch... Regards, Jan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ***SPAM*** RE: Windows Vista doing PEAP
__LINE__ is an unsigned int... its being referenced in the patch as a string (%s as opposed to %u). --Mike On Oct 19, 2006, at 10:30 AM, King, Michael wrote: It seg faults when I do -X (or -sxx. But not with -x) Here is the gdb log rad2:/home/mking/freeradius-1.1.3/doc# more gdb-radiusd.log Starting program: /usr/sbin/freeradius -X [Thread debugging using libthread_db enabled] [New Thread 1077729984 (LWP 2603)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1077729984 (LWP 2603)] 0x4018675b in strlen () from /lib/tls/libc.so.6 * 1 Thread 1077729984 (LWP 2603) 0x4018675b in strlen () from /lib/ tls/libc.so.6 * 1 Thread 1077729984 (LWP 2603) 0x4018675b in strlen () from /lib/ tls/libc.so.6 * 1 Thread 1077729984 (LWP 2603) 0x4018675b in strlen () from /lib/ tls/libc.so.6 * 1 Thread 1077729984 (LWP 2603) 0x4018675b in strlen () from /lib/ tls/libc.so.6 Thread 1 (Thread 1077729984 (LWP 2603)): #0 0x4018675b in strlen () from /lib/tls/libc.so.6 No symbol table info available. #1 0x4015a064 in vfprintf () from /lib/tls/libc.so.6 No symbol table info available. #2 0x40178161 in vsnprintf () from /lib/tls/libc.so.6 No symbol table info available. #3 0x08051805 in vradlog (lvl=-1073760198, fmt=0x4040528c "VISTA[% s:%s]: here", ap=0xbfffd864 "µS@@U\001") at log.c:132 s = timeval = 1161271351 msgfd = (FILE *) 0xbfffb6ec p = buffer = "Thu Oct 19 11:22:31 2006\n: Debug: VISTA [eap_authenticate:[EMAIL PROTECTED]@ô \217$@ [EMAIL PROTECTED]<@\230¸ÿ¿ô\217$@ \ [EMAIL PROTECTED]@ [EMAIL PROTECTED] [EMAIL PROTECTED] \000èØÿ¿\224\031\005\b \223$@ [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]<@ø¸ÿ¿Thu Oct "... #4 0x08051a4f in log_debug (msg=0x4040528c "VISTA[%s:%s]: here") at log.c:205 ap = 0xbfffd864 "µS@@U\001" r = 341 #5 0x40402cb4 in eap_authenticate (instance=0x814ddd8, request=0x8164170) at rlm_eap.c:341 vp = handler = (EAP_HANDLER *) 0x8165eb8 eap_packet = (eap_packet_t *) 0x0 rcode = __FUNCTION__ = "eap_authenticate" #6 0x08055ad8 in modcall (component=0, c=0x815ea00, request=0x8164170) at modcall.c:236 myresult = 0 #7 0x0805617c in call_one (component=341, p=0x40157393, request=0x1, priority=0xbfffd964, result=0xbfffd968) at modcall.c:269 r = #8 0x08055cca in modcall (component=0, c=0x815eb10, request=0x8164170) at modcall.c:324 g = (modgroup *) 0x815eb10 myresult = 0 #9 0x08053d2e in indexed_modcall (comp=0, idx=1075147667, request=0x8164170) at modules.c:469 this = (indexed_modcallable *) 0x8159710 #10 0x0804ce93 in rad_check_password (request=0x8164170) at auth.c:367 dval = (DICT_VALUE *) 0x155 auth_type_pair = cur_config_item = password_pair = (VALUE_PAIR *) 0x0 auth_item = string = "[EMAIL PROTECTED]@w\a\bàL\006\b\000\000 [EMAIL PROTECTED]@[EMAIL PROTECTED]@ ` [EMAIL PROTECTED]@[EMAIL PROTECTED] 7EÈ\204\006\b\nM\006\bÐu\a\bHÚÿ¿O\032\005\b\001\000\000\000PP\006 \bTÚÿ¿|a\005\b\001\000\000\000à\024\026\bpA\026\bÈ\204\006\bTÚÿ¿È \204\006\b¨Úÿ¿\\]\005\bPP\0 06\bk6\006\bÐu\a\b\nM\006\b\000\000\000\000|[EMAIL PROTECTED] \224Úÿ¿\b\000\000\000¨Úÿ¿p\221\025\b\001\000\000\000,H\006\b\000\000 [EMAIL PROTECTED]@\00 4\000"... auth_type = 6 result = auth_type_count = 1 #11 0x0804d3bf in rad_authenticate (request=0x8164170) at auth.c:662 check_item = vp = (VALUE_PAIR *) 0x40157393 namepair = (VALUE_PAIR *) 0x8164270 check_item = reply_item = auth_item = (VALUE_PAIR *) 0x0 module_msg = tmp = (VALUE_PAIR *) 0x0 result = 3 r = umsg = "[EMAIL PROTECTED]@\004\000\000\000\000\000\000 \000\001\000\000\000\000\000\000\000\001\000\000\000ô\217$@<\000\000 \000 [EMAIL PROTECTED] [EMAIL PROTECTED](±\027@ [EMAIL PROTECTED]@ ¡\004\b$É\b\b \227$ [EMAIL PROTECTED]@\026\b\024\000\000\000hï\006@ \223 [EMAIL PROTECTED]|\027@ [EMAIL PROTECTED] 006@ [EMAIL PROTECTED]@[EMAIL PROTECTED] [EMAIL PROTECTED]@[EMAIL PROTECTED]@\001\000\000 [EMAIL PROTECTED]@\000". .. user_msg = exec_program = exec_wait = seen_callback_id = buf = "[EMAIL PROTECTED] [EMAIL PROTECTED]@[EMAIL PROTECTED] \000\000P;[EMAIL PROTECTED] [EMAIL PROTECTED]@[EMAIL PROTECTED]@P;[EMAIL PROTECTED]< [EMAIL PROTECTED] [EMAIL PROTECTED]@¨: [EMAIL PROTECTED]@:È\006@ [EMAIL PROTECTED]:È\006@", '\0' times>, " [EMAIL PROTECTED]"... logstr = "P;[EMAIL PROTECTED]|Ûÿ¿\223Ñ [EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@ \001\000\000\000xáÿ¿\037o\0 [EMAIL PROTECTED]@\001\000\000\000\000\000\000\000\004\000\000\000P; [EMAIL PROTECTED]@\000:\026\bPáÿ¿)[EMAIL PROTECTED]@\"\000\000dÛ [EMAIL PROTECTED] [EMAIL PROTECTED] \âÿ¿([EMAIL PROTECTED]@Ò?\026\b\000 \000\000\000\030\000\000\00 [EMAIL PROTECTED]@"... autz_r
Re: billing problem in freeradius
anand kumar wrote: HI, i want to configure the billing server(mysql database) with freeradius. Include sql in the accounting { } section towards the end of your radiusd.conf. If you're working with the default radiusd.conf, all you have to do is uncomment that line. Then configure sql.conf so that freeradius can connect to your MySQL server (username, password, database name) and so that the accounting queries match the schema on your billing server. -- James Wakefield, Unix Administrator, Information Technology Services Division Deakin University, Geelong, Victoria 3217 Australia. Phone: 03 5227 8690 International: +61 3 5227 8690 Fax: 03 5227 8866 International: +61 3 5227 8866 E-mail: [EMAIL PROTECTED] Website: http://www.deakin.edu.au - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: static IP's with rlm_perl
Michael Gale <[EMAIL PROTECTED]> wrote: > I thought I could assign the IP by using the method below: > > $RAD_REPLY{'Framed-IP-Address'} = '192.168.77.200'; > $RAD_REPLY{'Framed-Netmask'}= '255.255.255.255'; > $RAD_REPLY{'Framed-Protocol'} = 'PPP'; > $RAD_REPLY{'Service-Type'} = 'Framed-User'; > > However it looks like the IP is not being sent back to the client. Did you run the server in DEBUGGING MODE to see if it sent that address in the Access-Accept? If not, why are you avoiding the one tool that will give you the most information about what's really going on? If you did run it in debugging mode, why didn't you post the output here? Honestly... repeating the same comment that you're trying to assign a static IP a second time doesn't help. Giving more information as suggested in the FAQ, README, INSTALL, "man" page, and daily on this list would help. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Windows Vista doing PEAP
"King, Michael" <[EMAIL PROTECTED]> wrote: > I did some reading, and __LINE__ returns an integer (%d). Would that > cause a segfault, I figured it would just cause a compile error. > > I changed __FUNCTION__ to __func__ and the second %s to %d, and the last > line in the patch, I removed the two %s%s which had no varibles. Ok. The previous patch had %s:%d, and that failed, so I'm not sure what's up... > I got this.. (The Patch worked) Unfortunately, that debug output shows nothing special. The server sends a final Access-Challenge, and Vista doesn't respond. The original report was that FreeRADIUS discarded the EAP session, for unknown reasons. This debug log doesn't show that. Maybe Vista is expecting additional data inside of the TLS tunnel once the session is established... Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Rewrite Attribute when proxy the specific realm
You might use regular expressions in the hints file. - Original Message - From: Rio Yang To: freeradius-users@lists.freeradius.org Sent: Tuesday, October 17, 2006 8:03 PM Subject: Rewrite Attribute when proxy the specific realm Hi, I have tried attr_rewrite function to rewrite attribute value on specific attribute successfully.But now, I want to rewrite to attribute that proxy to specific realm.For example, When the AUTH proxy the realm " abc.com".I wanna to rewrite the attribute "NAS-Identifier" value into new one.Could somebody know to how configure it?Thanks.Rio - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: static IP's with rlm_perl
Hello, On the client side I receive the error: TCP/IP CP reported error 738: The server did not assign an address. In my authorize function in rlm_perl I am trying to assign a static IP to the client based on their username: I thought I could assign the IP by using the method below: $RAD_REPLY{'Framed-IP-Address'} = '192.168.77.200'; $RAD_REPLY{'Framed-Netmask'}= '255.255.255.255'; $RAD_REPLY{'Framed-Protocol'} = 'PPP'; $RAD_REPLY{'Service-Type'} = 'Framed-User'; However it looks like the IP is not being sent back to the client. Michael Alan DeKok wrote: Michael Gale <[EMAIL PROTECTED]> wrote: I am trying the following as a test but it is not working: What's not working, why? Any help would be great full. You've carefully not given any information about what you expect it to do, or what is happening. No one can help you without that information. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Michael Gale Red Hat Certified Engineer Network Administrator Pason Systems Corp. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Windows Vista doing PEAP
-Original Message- >>Again, I have no idea why it's core dumping. It shouldn't be. >>I don't have Vista, and I can't debug this issue myself. It's up to you. Should this line be like this? DEBUG2("VISTA[%s:%s]: here", __FUNCTION__, __LINE__); I have not coded in C (or C++) for 5 years. I did some reading, and __LINE__ returns an integer (%d). Would that cause a segfault, I figured it would just cause a compile error. I changed __FUNCTION__ to __func__ and the second %s to %d, and the last line in the patch, I removed the two %s%s which had no varibles. I got this.. (The Patch worked) =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2006.10.19 17:52:44 =~=~=~=~=~=~=~=~=~=~=~= clear/usr/sbin/freeradius -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/freeradius/proxy.conf Config: including file: /etc/freeradius/clients.conf Config: including file: /etc/freeradius/snmp.conf Config: including file: /etc/freeradius/eap.conf Config: including file: /etc/freeradius/sql.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/freeradius" main: libdir = "/usr/lib/freeradius" main: radacctdir = "/var/log/freeradius/radacct" main: hostname_lookups = no main: snmp = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 128 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/freeradius/radius.log" main: log_auth = yes main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/freeradius/freeradius.pid" main: user = "freerad" main: group = "freerad" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib/freeradius Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = yes mschap: passwd = "(null)" mschap: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --challenge=%{mschap:Challenge} --nt-response=%{mschap:NT-Response} " Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/var/log/freeradius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/etc/freeradius/certs/rad2.campus.bridgew.edu.privkey.pem" tls: certificate_file = "/etc/freeradius/certs/rad2.campus.bridgew.edu.cer" tls: CA_file = "/etc/freeradius/certs/IPS-IPSCABUNDLE.CRT" tls: private_key_password = "(null)" tls: dh_file = "/etc/freeradius/certs/dh" tls: random_file = "/etc/freeradius/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" tls: cipher_list = "(null)" tls: check_cert_issuer = "(null)" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls ttls: default_eap_type = "md5" ttls: copy_request_to_tunnel = no ttls: use_tunneled_reply = no rlm_eap: Loaded and initialized type ttls peap: default_eap_type = "mschapv2" peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap
rlm_perl and checking request status in post-proxy
Hi, I have a simple question - is it possible to check the status of request (Accept/Reject) in a post-proxy phase using rlm_perl? And if so - how? kind regards pshemko - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Windows Vista doing PEAP
Could you try the patch Alan has posted, run the server in debug mode, and post the logs? Please don't do this on a production server. For some reason, the patch is causing my server to segfault. (It doesn't matter what the OS is (WinXP, VISTA, they all cause it to seg fault with DEBUG printing) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dourty, Brian R. (IATS) Sent: Thursday, October 19, 2006 4:44 PM To: FreeRadius users mailing list Subject: RE: Windows Vista doing PEAP We have also posted here about our difficulties with Windows Vista and our FR. It isn't working for us either. Brian > -Original Message- > From: freeradius-users- > [EMAIL PROTECTED] [mailto:freeradius- > [EMAIL PROTECTED] On Behalf Of > King, Michael > Sent: Thursday, October 19, 2006 2:52 PM > To: FreeRadius users mailing list > Subject: RE: Windows Vista doing PEAP > > > > -Original Message- > Sorry - I've come late to this thread. Do we have a general problem > with Vista failing to authenticate against FR, or is this just one > instance failing, and we know of other instances where it is working? > > > > > It's most likely I'm the first to try it, and I've had. > Difficulties > :-) > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: static IP's with rlm_perl
Michael Gale <[EMAIL PROTECTED]> wrote: > I am trying the following as a test but it is not working: What's not working, why? > Any help would be great full. You've carefully not given any information about what you expect it to do, or what is happening. No one can help you without that information. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Privelege Level with Different Manufacturers
On Thursday 19 October 2006 08:20, Maestro_Ba wrote: > > > user1Auth-Type := System >Service-Type = Shell-User, >cisco-avpair = "shell:priv-lvl=15" > > However, now I have other manufacturers' devices in my network, namely > Alcatel, Enterasys and Nortel. > I want this user to be able to authenticate in any device, and with high > privilege levels, if possible. > As it is right now, an error occurs in non-cisco equipment (because of > "cisco-avpair"). > > Can anyone tell me: > 1 - How to configure file? > 2 - How to configure the different devices? > > Thanks a lot, any information will be very helpful! > Maestro_Ba One option is to use huntgroups to identify the class of each NAS device on your network. In your users file, you can match the user with the specific huntgroup and configure attributes to be returned. -- huntgroups -- cisco NAS-IP-Address == A.B.C.D cisco NAS-IP-Address == G.H.I.J nortel NAS-IP-Address == W.X.Y.Z -- end huntgroups -- -- users -- user1Huntgroup-Name == "cisco", Auth-Type := System Service-Type = Shell-User, cisco-avpair = "shell:priv-lvl=15" user1Huntgroup-Name == "nortel", Auth-Type := System ... Nortel specific attributes ... -- end users -- Kevin Bonner pgp1ngFwwofv4.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Windows Vista doing PEAP
We have also posted here about our difficulties with Windows Vista and our FR. It isn't working for us either. Brian > -Original Message- > From: freeradius-users- > [EMAIL PROTECTED] [mailto:freeradius- > [EMAIL PROTECTED] On Behalf Of > King, Michael > Sent: Thursday, October 19, 2006 2:52 PM > To: FreeRadius users mailing list > Subject: RE: Windows Vista doing PEAP > > > > -Original Message- > Sorry - I've come late to this thread. Do we have a general problem > with > Vista failing to authenticate against FR, or is this just one instance > failing, and we know of other instances where it is working? > > > > > It's most likely I'm the first to try it, and I've had. > Difficulties > :-) > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Windows Vista doing PEAP
Josh Howlett <[EMAIL PROTECTED]> wrote: > Sorry - I've come late to this thread. Do we have a general problem with > Vista failing to authenticate against FR, or is this just one instance > failing, and we know of other instances where it is working? It's not working at all. The failure mode is pretty opaque: the server decides to stop talking to Vista at some point, but it's not clear why. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Duplicate accounting packets
On Fri, Oct 13, 2006 at 12:49:48PM +0100, John Williams wrote: > Why would I see more than one start entry in the radacct table for a user > all with the same session id? > > +-+---+-+-+ > | UserName| AccStatus | AcctStartTime | AcctStopTime| > +-+---+-+-+ > | [EMAIL PROTECTED] | Start | 2006-10-13 12:39:08 | -00-00 00:00:00 | > | [EMAIL PROTECTED] | Start | 2006-10-13 12:39:15 | -00-00 00:00:00 | > | [EMAIL PROTECTED] | Start | 2006-10-13 12:39:22 | -00-00 00:00:00 | > | [EMAIL PROTECTED] | Start | 2006-10-13 12:39:30 | -00-00 00:00:00 | > | [EMAIL PROTECTED] | Start | 2006-10-13 12:39:37 | -00-00 00:00:00 | It seems you have some issues with your SQL queries. Stop Queries are probably not matching the already open record... ciao Luca - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
static IP's with rlm_perl
Hello, I am trying to set static IP addresses for clients I have authenticated via radius with my rlm_perl module. I am trying the following as a test but it is not working: --snip-- $RAD_CHECK{'NT-Password'} = $pass; $RAD_REPLY{'Framed-IP-Address'} = '192.168.77.200'; $RAD_REPLY{'Framed-Netmask'}= '255.255.255.255'; $RAD_REPLY{'Framed-Protocol'} = 'PPP'; $RAD_REPLY{'Service-Type'} = 'Framed-User'; --snip-- Any help would be great full. -- Michael Gale Red Hat Certified Engineer Network Administrator Pason Systems Corp. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SNMP with Freeradius - Again
On Thursday 19 October 2006 08:38, Velikanov wrote: > when I run /usr/local/sbin/radiusd -X > > And NOW, again, there are no strings with "smux", as shown in wiki > > Where is my mistake? > What must I looking for? > > Thanks. Did you also configure your local SNMP daemon with the proper smuxpeer entry? Can you post your debug mode output? Kevin Bonner pgpVVr0PKPGLO.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Windows Vista doing PEAP
-Original Message- Sorry - I've come late to this thread. Do we have a general problem with Vista failing to authenticate against FR, or is this just one instance failing, and we know of other instances where it is working? It's most likely I'm the first to try it, and I've had. Difficulties :-) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dialupadmin and PHP Question
Good day all, I am running ubuntu 6.06, I have apache2, PHP5, and MySql installed. I ran the following command to install freeradius: [EMAIL PROTECTED]:~# apt-get install freeradius freeradius-ldap freeradius-mysql freeradius-krb5 libperl5.8 I then ran the following command to get dialupadmin [EMAIL PROTECTED]:~# apt-get install freeradius-dialupadmin Reading package lists... Done Building dependency tree... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. Since you only requested a single operation it is extremely likely that the package is simply not installable and a bug report against that package should be filed. The following information may help to resolve the situation: The following packages have unmet dependencies: freeradius-dialupadmin: Depends: php4 but it is not going to be installed E: Broken packages How do I make this work or is there something else I can use? (Webmin?) Darcy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Windows Vista doing PEAP
Alan DeKok wrote: "King, Michael" <[EMAIL PROTECTED]> wrote: It seg faults when I do -X (or -sxx. But not with -x) At this point, I have no clue why it's dying. I suggest editing the code yourself. The issue is that a decision is being made by the module to not continue processing the EAP session, but I don't know why. The patches were an attempt to have it print out more information, soe we could see what information was being used to make that wrong decision. Again, I have no idea why it's core dumping. It shouldn't be. I don't have Vista, and I can't debug this issue myself. It's up to you. Sorry - I've come late to this thread. Do we have a general problem with Vista failing to authenticate against FR, or is this just one instance failing, and we know of other instances where it is working? josh. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: more info in the log file
"Mike May" <[EMAIL PROTECTED]> wrote: > Hello everyone, I need some help on logging, I want to grab some more info > out of the radius logs, I currently use the log options in radiusd.conf > file, but wanted to get some time stamps. The log messages are time stamped... > I am using radius and LDAP, and would like to be able to see when > the radius server perfomed the search on the directory and when the > response came back to the radius servers from the directory servers, > in essence some time stamps on how long it was waiting for the > downstream systems to respond. You have the source code. Edit it to print out the information you want. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Windows Vista doing PEAP
"King, Michael" <[EMAIL PROTECTED]> wrote: > It seg faults when I do -X (or -sxx. But not with -x) At this point, I have no clue why it's dying. I suggest editing the code yourself. The issue is that a decision is being made by the module to not continue processing the EAP session, but I don't know why. The patches were an attempt to have it print out more information, soe we could see what information was being used to make that wrong decision. Again, I have no idea why it's core dumping. It shouldn't be. I don't have Vista, and I can't debug this issue myself. It's up to you. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Windows Vista doing PEAP
It seg faults when I do -X (or -sxx. But not with -x) Here is the gdb log rad2:/home/mking/freeradius-1.1.3/doc# more gdb-radiusd.log Starting program: /usr/sbin/freeradius -X [Thread debugging using libthread_db enabled] [New Thread 1077729984 (LWP 2603)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1077729984 (LWP 2603)] 0x4018675b in strlen () from /lib/tls/libc.so.6 * 1 Thread 1077729984 (LWP 2603) 0x4018675b in strlen () from /lib/tls/libc.so.6 * 1 Thread 1077729984 (LWP 2603) 0x4018675b in strlen () from /lib/tls/libc.so.6 * 1 Thread 1077729984 (LWP 2603) 0x4018675b in strlen () from /lib/tls/libc.so.6 * 1 Thread 1077729984 (LWP 2603) 0x4018675b in strlen () from /lib/tls/libc.so.6 Thread 1 (Thread 1077729984 (LWP 2603)): #0 0x4018675b in strlen () from /lib/tls/libc.so.6 No symbol table info available. #1 0x4015a064 in vfprintf () from /lib/tls/libc.so.6 No symbol table info available. #2 0x40178161 in vsnprintf () from /lib/tls/libc.so.6 No symbol table info available. #3 0x08051805 in vradlog (lvl=-1073760198, fmt=0x4040528c "VISTA[%s:%s]: here", ap=0xbfffd864 "µS@@U\001") at log.c:132 s = timeval = 1161271351 msgfd = (FILE *) 0xbfffb6ec p = buffer = "Thu Oct 19 11:22:31 2006\n: Debug: VISTA[eap_authenticate:[EMAIL PROTECTED]@[EMAIL PROTECTED]@ÀÚ<@[EMAIL PROTECTED] [EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED] [EMAIL PROTECTED]<@ø¸ÿ¿Thu Oct "... #4 0x08051a4f in log_debug (msg=0x4040528c "VISTA[%s:%s]: here") at log.c:205 ap = 0xbfffd864 "µS@@U\001" r = 341 #5 0x40402cb4 in eap_authenticate (instance=0x814ddd8, request=0x8164170) at rlm_eap.c:341 vp = handler = (EAP_HANDLER *) 0x8165eb8 eap_packet = (eap_packet_t *) 0x0 rcode = __FUNCTION__ = "eap_authenticate" #6 0x08055ad8 in modcall (component=0, c=0x815ea00, request=0x8164170) at modcall.c:236 myresult = 0 #7 0x0805617c in call_one (component=341, p=0x40157393, request=0x1, priority=0xbfffd964, result=0xbfffd968) at modcall.c:269 r = #8 0x08055cca in modcall (component=0, c=0x815eb10, request=0x8164170) at modcall.c:324 g = (modgroup *) 0x815eb10 myresult = 0 #9 0x08053d2e in indexed_modcall (comp=0, idx=1075147667, request=0x8164170) at modules.c:469 this = (indexed_modcallable *) 0x8159710 #10 0x0804ce93 in rad_check_password (request=0x8164170) at auth.c:367 dval = (DICT_VALUE *) 0x155 auth_type_pair = cur_config_item = password_pair = (VALUE_PAIR *) 0x0 auth_item = string = "[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@ [EMAIL PROTECTED]@[EMAIL PROTECTED] 7EÈ\204\006\b\nM\006\bÐu\a\bHÚÿ¿O\032\005\b\001\000\000\000PP\006\bTÚÿ¿|a\005\b\001\000\000\000à\024\026\bpA\026\bÈ\204\006\bTÚÿ¿È\204\006\b¨Úÿ¿\\]\005\bPP\0 06\bk6\006\bÐu\a\b\nM\006\b\000\000\000\000|[EMAIL PROTECTED],[EMAIL PROTECTED]@\00 4\000"... auth_type = 6 result = auth_type_count = 1 #11 0x0804d3bf in rad_authenticate (request=0x8164170) at auth.c:662 check_item = vp = (VALUE_PAIR *) 0x40157393 namepair = (VALUE_PAIR *) 0x8164270 check_item = reply_item = auth_item = (VALUE_PAIR *) 0x0 module_msg = tmp = (VALUE_PAIR *) 0x0 result = 3 r = umsg = "[EMAIL PROTECTED]@\004\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\001\000\000\000ô\217$@<[EMAIL PROTECTED] [EMAIL PROTECTED]([EMAIL PROTECTED]@[EMAIL PROTECTED] [EMAIL PROTECTED]@[EMAIL PROTECTED]@øæÿ¿9|[EMAIL PROTECTED]@hï\ 006@ [EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]". .. user_msg = exec_program = exec_wait = seen_callback_id = buf = "[EMAIL PROTECTED]@[EMAIL PROTECTED]@Ôúÿ¿\002\000\000\000P;[EMAIL PROTECTED] [EMAIL PROTECTED]@[EMAIL PROTECTED]@P;[EMAIL PROTECTED]<[EMAIL PROTECTED]@[EMAIL PROTECTED]: [EMAIL PROTECTED]@:[EMAIL PROTECTED]@\000æÿ¿:È\006@", '\0' , " [EMAIL PROTECTED]"... logstr = "P;[EMAIL PROTECTED]|[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@\001\000\000\000xáÿ¿\037o\0 [EMAIL PROTECTED]@\001\000\000\000\000\000\000\000\004\000\000\000P;[EMAIL PROTECTED]@\000:\026\bPáÿ¿)[EMAIL PROTECTED]@\"[EMAIL PROTECTED] [EMAIL PROTECTED]([EMAIL PROTECTED]@Ò?\026\b\000\000\000\000\030\000\000\00 [EMAIL PROTECTED]@"... autz_retry = 0 '\0' autz_type = #12 0x08057347 in rad_respond (request=0x8164170, fun=0x804d150 ) at radiusd.c:1653 rcode = packet = original = secret = 0x8164194 "d0wnh1ll" finished = reprocess = #13 0x080591f6 in main (argc=2, argv=0xbad4) at radiusd.c:1427 cl = fun = (RAD_REQUEST_FUNP) 0x804d150 request = (REQUEST *) 0x8164170 packet = (RADIUS_PACKET *) 0x8164078 se
more info in the log file
Hello everyone, I need some help on logging, I want to grab some more info out of the radius logs, I currently use the log options in radiusd.conf file, but wanted to get some time stamps. I am using radius and LDAP, and would like to be able to see when the radius server perfomed the search on the directory and when the response came back to the radius servers from the directory servers, in essence some time stamps on how long it was waiting for the downstream systems to respond. I am not sure if that is even in the packet, but thought I would ask Hope it does not sound to far out there. thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Privelege Level with Different Manufacturers
Hi, I've been using freeradius for a while, for authentication in a network of cisco devices. All my users follow this pattern: user1Auth-Type := System Service-Type = Shell-User, cisco-avpair = "shell:priv-lvl=15" However, now I have other manufacturers' devices in my network, namely Alcatel, Enterasys and Nortel. I want this user to be able to authenticate in any device, and with high privilege levels, if possible. As it is right now, an error occurs in non-cisco equipment (because of "cisco-avpair"). Can anyone tell me: 1 - How to configure file? 2 - How to configure the different devices? Thanks a lot, any information will be very helpful! Maestro_Ba -- View this message in context: http://www.nabble.com/Privelege-Level-with-Different-Manufacturers-tf2473008.html#a6895616 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool load failure
"Francisco Gimeno" <[EMAIL PROTECTED]> wrote: > freeradius: relocation error: /usr/lib/freeradius/rlm_sqlippool-1.1.3.so: > undefined symbol: sql_get_socket It looks like the linker on your system isn't resolving symbols globally. Since the same problem appears with the CVS head, it looks like it's a system issue, and not FreeRADIUS. From what I recall of Debian, they have RTLD_GLOBAL turned off by default, so this behavior is expected. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SNMP with Freeradius - Again
I want to use SNMP with Freeradius. NOW, after some work, I have: 1.FreeRADIUS Version 1.1.3, for host, configured with option '-with-snmp' Now I see in src/include/autoconf.h: /* Include SNMP subagent */ #define WITH_SNMP 1 #define HAVE_UCD_SNMP_ASN1_SNMP_SNMPIMPL_H 1 /* #undef HAVE_ASN1_SNMP_SNMPIMPL_H */ #define HAVE_LIBSNMP 1 All other rest the same 2.Red Hat Linux v.3.3; 2.6.9-34.EL 3.net-snmp-5.1.2-11.EL4.6 configured with option '--with-mib-modules=host agentx smux ucd-snmp/lmSensors' radiusd.conf, snmp.conf, snmpd.conf - where configured as in docs and in http://wiki.freeradius.org/SNMP_HOWTO when I run /usr/local/sbin/radiusd -X And NOW, again, there are no strings with "smux", as shown in wiki Where is my mistake? What must I looking for? Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: User collision/duplicate users and mysql backend
O, I did tried that... sql.conf authorize_check_query = "SELECT id, UserName, Attribute, Value, op, Attribute2, Value2, op2\ FROM ${authcheck_table} \ WHERE Username = '%{SQL-User-Name}' \ ORDER BY id" - and ofcoz, i altered the table.. but no good luck here either... duplicate users still failed.. or didn't you mean that ?? Collen. Peter Nixon wrote: On Thu 19 Oct 2006 10:19, Collen Blijenberg wrote: I was wondering, any change of getting the User collision/duplicate users option in to the sql module (pref. mysql) ?? I'm still trying to get the mysql backend to work, with duplicate usernames. (still stuck here) in the tuning guide, i found a document called 'tuning guide' under the sql module section, it says something about 'multi column index' and 'sql for double login detection' ? but what is mend with this ?? the problem is that i have (a few) users with 1 username and multiple computers. we filter on username and calling-station-id (MAC). but somehow the mysql backend can't handle this (tell me if I'm wrong!!) So change the auth query to search for calling-station-id also.. simple. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: More CVS madness: Radiusd not actually doing anything
Hi, > I'm trying to run radiusd on my server, replacing an existing, working > configuration. > > When I run radiusd (specifying paths or using defaults, it doesn't > matter), I get the following: > > [EMAIL PROTECTED] [/etc/raddb]# radiusd -xx > Starting - reading configuration files ... > Ready to process requests. > [ then I press ctrl-c, as the server isn't doing anything ] > CHILD: exit on signal (2) > MASTER: accounting process died - exit. > [EMAIL PROTECTED] [/etc/raddb]# > > It does this regardless of the presence of a radiusd.conf file in the > /etc/raddb folder. radiusd -X will give you full debugging. if its working then its reading the files from somewhere else. /usr/local/etc/raddb for example... alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
certificat
Hi, I want to give certificat to my server freeradius. My CA is a Windows CA. Can you tell me how do it please, thank you? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool load failure
2006/10/19, Peter Nixon <[EMAIL PROTECTED]>: > This is my first post in the list, so please excuse any eventual problem I> could cause.> I'm running a FreeRadius 1.1.3 server with the Debian patches and a little> patch I made to correct the NAS-Port known behaviour for fixed NAS-Port. You shouldn't need any patches for that. sqlippool handles fixed ports. Checkthe config file.The failure is not on the tiny patch. > rlm_sql (sql): Attempting to connect rlm_sql_postgresql #3> rlm_sql (sql): Connected new DB handle, #3> rlm_sql (sql): starting 4> rlm_sql (sql): Attempting to connect rlm_sql_postgresql #4> rlm_sql (sql): Connected new DB handle, #4 > Module: Instantiated sql (sql)> freeradius: relocation error: /usr/lib/freeradius/rlm_sqlippool-1.1.3.so:> undefined symbol: sql_get_socket>> >> The strange thing is that the sql module seems initialized, but sqlippool> doesn't load.> I looked the sql_get_socket function over the code, and I found it in the> sql.c file in the rlm_sql module. Furthermore, I see that function being > compiled and linked in the rlm_sql.so file as it's shown here:> -> [08:11:33]> [EMAIL PROTECTED]:/home/fgd/src/freeradius-1.1.3/src/modules/rlm_sql/.libs# nm> rlm_sql.so | grep sql_get_socket > 47f0 T sql_get_socket> ->> I don't know how to force it to be loaded... any hint?I have not seen this error before. Alan? Any ideas?I have tested with the CVS HEAD version, still the same problem here. rlm_sql (sql): Attempting to connect rlm_sql_postgresql #4rlm_sql (sql): Connected new DB handle, #4Module: Instantiated sql (sql)freeradius: relocation error: /usr/lib/freeradius/rlm_sqlippool- 2.0.0-pre0.so: undefined symbol: sql_get_socketummm.. I don't have any idea how to solve it...I'm thinking about #including "sql.c" in the rlm_sqlippool.Thanks for your fast response, Peter, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AW: PEAP-MSCHAP failure. Please help
Thanks for your answers, I forgot to mention that when I generated the certs I did use the OID. When I look at the certs' details, one of those details reads "Enhanced key usage: Server Authentication (1.3.6.1.5.5.7.3.1)" Even with this, it doesn't work. I'll try generating (once again) the certs. Thanks -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Alan DeKok Gesendet: Mittwoch, 18. Oktober 2006 20:55 An: FreeRadius users mailing list Betreff: Re: PEAP-MSCHAP failure. Please help [EMAIL PROTECTED] wrote: > hmm, or just simply make radiusd die with such a message as its last > line of output - just like when some other settings are messed up ;-) Some people do deploy TTLS only, which doesn't need those OID's. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: User collision/duplicate users and mysql backend
On Thu 19 Oct 2006 10:19, Collen Blijenberg wrote: > I was wondering, any change of getting the User collision/duplicate > users option in to the sql module (pref. mysql) ?? > > I'm still trying to get the mysql backend to work, with duplicate > usernames. (still stuck here) > > in the tuning guide, i found a document called 'tuning guide' > under the sql module section, it says something about 'multi column > index' and 'sql for double login detection' ? > but what is mend with this ?? > > the problem is that i have (a few) users with 1 username and multiple > computers. > we filter on username and calling-station-id (MAC). > > but somehow the mysql backend can't handle this (tell me if I'm wrong!!) So change the auth query to search for calling-station-id also.. simple. -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgps9beGuh5ti.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
User collision/duplicate users and mysql backend
I was wondering, any change of getting the User collision/duplicate users option in to the sql module (pref. mysql) ?? I'm still trying to get the mysql backend to work, with duplicate usernames. (still stuck here) in the tuning guide, i found a document called 'tuning guide' under the sql module section, it says something about 'multi column index' and 'sql for double login detection' ? but what is mend with this ?? the problem is that i have (a few) users with 1 username and multiple computers. we filter on username and calling-station-id (MAC). but somehow the mysql backend can't handle this (tell me if I'm wrong!!) any solution is welcome... Cheers Collen - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html