Re: Wimax VSA support

[Alan DeKok]

katro kar wrote:
   Does the latest 2.0-pre of freeradius support
 parsing of wimax VSA attributes ?

  No.

 If it is not (I feel it is not supported yet, as i
 could not see any dictionary for wimax vsa), is there
 any plans or work in progress to implement it ?

  There are no plans to support it.  i.e. If someone sends in a patch,
or supports the feature via some other method, then it will go in.

 Another question is, does the wimax forum dictate what
 to be done with these attributes in radius server ?

  Yes.  The WiMAX NWG specification has detailed requirements.  You need
to be a member of the WiMAX forum to obtain the specifications, I believe.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius logging w/syslog

[Alan DeKok]

[EMAIL PROTECTED] wrote:
 I'm running freeradius 1.0.1

  Why?  Upgrade.  Now.

 on CentOS 4.4 and I'm trying to get the
 radius to log to a syslog server. I followed the example Syslog_HOWTO
 but its not working. I was hoping that someone else might know the
 answer / fix.

  Upgrade.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_passwd pulling file?

[Alan DeKok]

Joe Mom wrote:
 looking for some sort of indication that the radius.conf file is working.
 
 I've created a section in the radius.conf file under modules as per
 man rlm_passwd

  Did you list the tovc_group entry in the authorize section?

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: [Fwd: Re: rlm_perl (threads) performance question]

[Alan DeKok]

Apostolos Pantsiopoulos wrote:
 Well, yes that has been my main concern I must admit... because I have
 seen so many replies in the mailing
 list urging people to make the backend DB faster (and concentrating on
 that aspect alone when the server performs poorly).

  There are many factors to consider in tuning a system.  A RADIUS
server all by itself can handle 5k requests/s, if it doesn't access DB's
or any files.  A stand-along DB client can do 1000's of reads/s all by
itself.

  The combination of the two does NOT necessarily get the best of
both... i.e. 1000's of reads/s through RADIUS.  Interaction effects mean
that the maximum throughput is LESS than the maximum throughput of each
piece in isolation.

   Find out what else is stopping the server from processing requests.
 Is there ANYTHING you have configured other than your Perl script?  If
 so, that may be the issue.
   
 I''ll re-check it.

  Run cachegrind to see where all of the CPU time is spent.  It won't
count sleeping (or waiting for network activity), so the times may be
somewhat misleading.  But it may help.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Using freeradius and 802.1x for dynamic VLAN

[Alan DeKok]

Arran Cudbard-Bell wrote:
 Not true, see HPs Open VLAN feature. The NAS may also request that the
 supplicant be put into a certain VLAN based on the static VLAN
 assignment on the port the supplicant is connecting to.

  Wild.  I hadn't seen that before.

  In any case, the original poster hasn't configured a check vlan
policy, and hasn't showed via radiusd -X that the client is in fact
sending vlan information.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Set freeradius attribute value

[yangcuilin]

Hi, all

I want to store a value in freeradius, and change it sometimes by radius
request.

 

I think there must be some attributes in freeradius which client can change
or get its value by request.

 

How can I implement it?  Please give me some solutions or advice. Or give me
some key points.

 

Thanks very much.

 

Rock


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: [Fwd: Re: rlm_perl (threads) performance question]

[Boian Jordanov]

I have a clue, maybe your client is not able to do more requests or  
your configuration on client side is wrong.


Best Regards,
Boian Jordanov
SNE
Orbitel - Next Generation Telecom
tel. +359 2 4004 723
tel. +359 2 4004 002




On Oct 17, 2007, at 9:17 AM, Alan DeKok wrote:


Apostolos Pantsiopoulos wrote:
Well, yes that has been my main concern I must admit... because I  
have

seen so many replies in the mailing
list urging people to make the backend DB faster (and  
concentrating on

that aspect alone when the server performs poorly).


  There are many factors to consider in tuning a system.  A RADIUS
server all by itself can handle 5k requests/s, if it doesn't access  
DB's

or any files.  A stand-along DB client can do 1000's of reads/s all by
itself.

  The combination of the two does NOT necessarily get the best of
both... i.e. 1000's of reads/s through RADIUS.  Interaction effects  
mean
that the maximum throughput is LESS than the maximum throughput of  
each

piece in isolation.

  Find out what else is stopping the server from processing  
requests.
Is there ANYTHING you have configured other than your Perl  
script?  If

so, that may be the issue.


I''ll re-check it.


  Run cachegrind to see where all of the CPU time is spent.  It  
won't

count sleeping (or waiting for network activity), so the times may be
somewhat misleading.  But it may help.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ 
users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE : Re: Wimax VSA support

[Geoffroy Arnoud]

  Another question is, does the wimax forum dictate
 what
  to be done with these attributes in radius server
 ?
 
   Yes.  The WiMAX NWG specification has detailed
 requirements.  You need
 to be a member of the WiMAX forum to obtain the
 specifications, I believe.
 
Since v1, the specifications are freely available on
WiMAX forum web site:
http://www.wimaxforum.org/technology/documents/

Geoff.


  
_ 
Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail 
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: problem in integeration with poptop

[Alan DeKok]

hadi golestani wrote:
 I've add that line and comment ntlm line but still some error( tnx god
 it's not the same error)
 
 my radtest syntax:
 radtest root rootpassword localhost.localdomain 1645 testing123
 
 modcall[authorize]: module files returns ok for request 4

  sigh  You deleted most of the debug log.  If you don't know what the
problem is, you don't know what's important in the debug log, and what's
not important.

 rlm_pap: WARNING! No known good password found for the user. 
 Authentication may fail because of this.
   modcall[authorize]: module pap returns noop for request 4
 modcall: leaving group authorize (returns ok) for request 4
   rad_check_password:  Found Auth-Type System
 auth: type System

  So you didn't put the entry at the TOP of the users file.  The FAQ
contains instructions for getting simple PAP authentication working.
It's really not hard.

 i've attached radius.conf and users and output of debug mode for both
 radtest and vpn client.

  Why?  The problem is simple: you haven't followed the instructions in
the FAQ for PAP authentication.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problem with LDAP and Groups

[tnt]

Huntgroups file

packeteer_read_only  NAS-IP-Address == 10.17.69.12


Delete this.

Users file

 165 DEFAULT Huntgroup-Name == packeteer_read_only,Ldap-Group == 
 packeteer_read_only,User-Profile := 
 uid=packeteer_read_only,ou=profiles,ou=radius,dc=csctus,dc=net, Auth-Type 
 := LDAP 

166 Fall-Through = no


Change it to:

DEFAULT Huntgroup-Name == packeteer,Ldap-Group ==
packeteer_read_only,User-Profile :=
uid=packeteer_read_only,ou=profiles,ou=radius,dc=csctus,dc=net,
Auth-Type := LDAP

That's what I was on about overlaping groups and devices. Just don't
have userA (B or any other) in both packeteer groups and it will work
fine.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: problem in integeration with poptop

[tnt]

It's Cleartext not Clertext for the password attribute.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: problem in integeration with poptop

[hadi golestani]

I know that it's taking too much , but plz accept my apologize 'cause I a
little confused and have no time(sorry to say that and I know that it's not
a commercial community so plz don't be angry at me).

I've add the below line at the top of the users file.
root  Cleartext-Password := myRealRootPassword

because this is the real root / root's password of my linux, this line in
debug 'cause that access-accept via radtest

modcall: entering group authenticate for request 0
  modcall[authenticate]: module unix returns ok for request 0
modcall: leaving group authenticate (returns ok) for request 0
Sending Access-Accept of id 219 to 127.0.0.1 port 32772

but when I've changed it to e.g. test / testpass old error occurred.
and when I try to connect from vpn client even for root / root's real
password the access has been rejected with this debug output:

modcall: entering group MS-CHAP for request 1
  rlm_mschap: No User-Password configured.  Cannot create LM-Password.
  rlm_mschap: No User-Password configured.  Cannot create NT-Password.
  rlm_mschap: Told to do MS-CHAPv2 for root with NT-Password
  rlm_mschap: FAILED: No NT/LM-Password.  Cannot perform authentication.
  rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
  modcall[authenticate]: module mschap returns reject for request 1
modcall: leaving group MS-CHAP (returns reject) for request 1
auth: Failed to validate the user.

why radiusd said No User-Password configured? Does it mean that password is
not received from pptpd?

tnx a lot.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: problem in integeration with poptop

[Alan DeKok]

hadi golestani wrote:
 I know that it's taking too much , but plz accept my apologize 'cause I
 a little confused and have no time(sorry to say that and I know that
 it's not a commercial community so plz don't be angry at me).

  If cannot make the time to understand the problem and solution, you
won't be very successful in fixing it.

 I've add the below line at the top of the users file.
 root  Cleartext-Password := myRealRootPassword
 
 because this is the real root / root's password of my linux, this line
 in debug 'cause that access-accept via radtest
 
 modcall: entering group authenticate for request 0
   modcall[authenticate]: module unix returns ok for request 0

  Then it's not using the entry you configured.

 modcall: leaving group authenticate (returns ok) for request 0
 Sending Access-Accept of id 219 to 127.0.0.1 http://127.0.0.1 port 32772
 
 but when I've changed it to e.g. test / testpass old error occurred.

  sigh  You're not posting the full debug log, as suggested in the
FAQ, README, INSTALL, etc.

  You're probably also massively editing radiusd.conf.  STOP IT.

  Start with the default configuration files, and follow the FAQ to add
a test account in the users file.  Follow the FAQ to check that the
account works, via radtest.

  Then, login from the VPN client using that test account.

  If it doesn't work, I will be shocked.

  Again, most of the problems you see are because you are editing the
configuration without understanding what you're doing.  The default
configuration is designed to work in the widest possible set of
circumstances, with minimum changes required to get ANYTHING to work.

  I feel like putting that in letters 10 feet high in the FAQ, README,
etc.  But somehow I think there will still be people who won't bother
reading them.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

accounting update

[Daann]

I'm trying to do something like 
http://www.netexpertise.eu/en/FreeRadius/DailyAcct.html this tutorial  so
that traffic is collected at a regular intervals.
The only thing is that they use a cisco router, which has some shell command
configuration (I suppose?), anyway, I don't think my router supports the aaa
accounting update commands, neither it has many configuration options.
Is there any way to work around this.
Freeradius server and client run on a linux computer, with apache, and
chillispot(for web based login).

Greetz Daan

EDIT: Could someone post me some more info about the Acct-Interim-Interval
command, how this works and if this could be a workaround for traffic
collection on a regular base.
I saw on this site how someone did this.

I use freeradius  MySQL. I am able to set frequency of acct update by
setting attribute Acct-Interim-Interval in rad[group]reply table to
number of seconds between updates. 




 but I'd like to have some more detailed instructions on what to do.

Thanks in advance

-- 
View this message in context: 
http://www.nabble.com/accounting-update-tf4635760.html#a13238963
Sent from the FreeRadius - User mailing list archive at Nabble.com.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: stuck with no errors

[Joe Mom]

K, so i switched to Cleartext-Password for testing purposes.

and I am testing with radiusd -X

here is the bit that is failing.

rad_recv: Access-Request packet from host 127.0.0.1:32768, id=22, length=62
User-Name = 5198546373
User-Password = 123
NAS-IP-Address = 255.255.255.255
NAS-Port = 10
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module preprocess returns ok for request 1
  modcall[authorize]: module chap returns noop for request 1
  modcall[authorize]: module mschap returns noop for request 1
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module eap returns noop for request 1
users: Matched entry DEFAULT at line 153
  modcall[authorize]: module files returns ok for request 1
rlm_passwd: Added Cleartext-Password: '123' to config_items


modcall[authorize]: module tcovc_group returns ok for request 1


rlm_pap: Found existing Auth-Type, not changing it.
  modcall[authorize]: module pap returns noop for request 1
modcall: leaving group authorize (returns ok) for request 1
  rad_check_password:  Found Auth-Type System
auth: type System


 ERROR: Unknown value specified for Auth-Type.  Cannot perform requested action.
auth: Failed to validate the user.


according to documentation I shouldnt be using an auth-type anymore.



On 10/17/07, Stefan Winter [EMAIL PROTECTED] wrote:
 Hi,

  i need to know either, how to get a more verbose log so i can tell
  what it is i'm doing wrong or simply what is wrong with the statement:

 radiusd -X, as is well documented in lots of places.

   passwd pull_export {
  filename = /home/ftpuser/export.txt
  format = *User-Name:Crypt-Password
   }

 You don't use Crypt-Passwords, so saying that the file contains
 Crypt-Passwords seems not so wise.
 What you are looking for is

 format = *User-Name:MD5-Password

 I believe.

 Stefan

 --
 Stefan WINTER

 Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
 la Recherche
 Ingenieur Forschung  Entwicklung

 6, rue Richard Coudenhove-Kalergi
 L-1359 Luxembourg
 E-Mail: [EMAIL PROTECTED] Tel.:   +352 424409-1
 http://www.restena.lu   Fax: +352 422473

 -
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




-- 


Regards
Joe

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: stuck with no errors

[Alan DeKok]

Joe Mom wrote:
 K, so i switched to Cleartext-Password for testing purposes.
...
 users: Matched entry DEFAULT at line 153

  Delete that entry from the users file.  It is setting Auth-Type to
System.

 rlm_pap: Found existing Auth-Type, not changing it.

  Once the above entry is deleted, it SHOULD just work.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: mod_auth_radius

[Nick Owen]

On 7/19/07, Alan DeKok [EMAIL PROTECTED] wrote:
 Rascher, Markus wrote:
  # service httpd start
  Starting httpd: httpd: Syntax error on line 205 of
  /etc/httpd/conf/httpd.conf: Cannot load
  /usr/lib/httpd/modules/mod_auth_radius-2.0.so into server:
  /usr/lib/httpd/modules/mod_auth_radius-2.0.so: undefined symbol: ap_snprintf

   There are patches to make the module build with newer versions of
 Apache.  They should really be applied, but I've been busy with other
 things.

   Once that's done, a new version of the module should be released. Or are 
 the patches are available somewhere and can be applied?

Any idea on a time-frame for a new release?

thanks,

nick


-- 
Nick Owen
WiKID Systems, Inc.
404.962.8983
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: stuck with no errors

[Joe Mom]

eureka!!!

the culprit was the line in users that stated


#
# First setup all accounts to be checked against the UNIX /etc/passwd.
# (Unless a password was already given earlier in this file).
#
#DEFAULTAuth-Type = System
#   Fall-Through = 1

now i just gotta get the md5 working, but thats another story for
another thread :P

thanks for the help Alan

On 10/17/07, Alan DeKok [EMAIL PROTECTED] wrote:
 Joe Mom wrote:
  K, so i switched to Cleartext-Password for testing purposes.
 ...
  users: Matched entry DEFAULT at line 153

   Delete that entry from the users file.  It is setting Auth-Type to
 System.

  rlm_pap: Found existing Auth-Type, not changing it.

   Once the above entry is deleted, it SHOULD just work.

   Alan DeKok.
 -
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



-- 


Regards
Joe
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

ssh, pam, radius not playing nicely

[Miles O'Neal]

We are trying to set up and ssh server and a VPN server to
both use the same radius server.  We are currently using
freeradius-1.0.1-3 with EL4.4 .  It works fine with our
Cisco 3015 VOPN concentrator.  It's not working so well
with our EL4.4-based ssh server.

I doanloaded the pam_radius_auth source and built and
installed per 
http://www.hoei.com/2007/09/linux-sshd-authentication-to-external-radius/
and the INSTALL file that came with the software.  I
can get radtest to work just fine from the ssh system,
but when I try to authenticate via ssh onto that system,
it fails.

Running debug on the server, I was seeing this:

   User-Password = \010\n\rINCORRECT

I found something on the list saying this could happen
if the user wasn't in the passwd file on the ssh box.
I added the user there:

   meo:x::100::/home/meo:/bin/tcsh

and now the radius server is happy.  It claims to be
authenticating OK (we use shadow passwd on the radius
server, but I did not make shadow entries on the ssh
box), but the ssh login fails.

Any ideas?

Thanks,
Miles
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

radiusd deadlock on recvfrom on port 1814

[Ryan Melendez]

Hey,

I've had FreeRADIUS Version 1.1.0 hang twice recently.  The core dumps
are very similar in that it appears that main is waiting on some stuff
from port 1814.  Honestly I don't know what 1814 is really for (proxy
port?) but it seems as if fd_isset says so we should expect some data on
that socket.  Unless something _else_ had already received that data.

I hadn't noticed this before I added radrelay and another radiusd
process on the same box.  Both radiusd processes are bound to different
virtual interfaces and radrelay is duplicating acct packets from one to
the other.  It's not obvious why there would be a race condition on that
socket, but my guess is something is going on there.  It seems as though
both radiusd processes are using the same descriptors for each of their
three sockets.  I've included some debug info from the core files.

Is this a know bug or can it be fixed with a configuration change?



Thanks,
Ryan
--
Process One:
(gdb) print *(rad_listen_t *) mainconfig.listen
$1 = {next = 0x458023e8, ipaddr = 486477016, type = RAD_LISTEN_AUTH,
port = 1812, fd = 3}
(gdb) print *(rad_listen_t *) mainconfig.listen-next
$2 = {next = 0x4580eef8, ipaddr = 486477016, type = RAD_LISTEN_ACCT,
port = 1813, fd = 4}
(gdb) print *(rad_listen_t *) mainconfig.listen-next-next
$3 = {next = 0x0, ipaddr = 486477016, type = RAD_LISTEN_PROXY, port =
1814, fd = 5}

Process Two:
gdb) print *(rad_listen_t *) mainconfig.listen
$2 = {next = 0x8117fe0, ipaddr = 145944, type = RAD_LISTEN_AUTH,
port = 1812, fd = 3}
(gdb) print *(rad_listen_t *) mainconfig.listen-next
$3 = {next = 0x8117ff8, ipaddr = 145944, type = RAD_LISTEN_ACCT,
port = 1813, fd = 4}
(gdb) print *(rad_listen_t *) mainconfig.listen-next-next
$4 = {next = 0x0, ipaddr = 145944, type = RAD_LISTEN_PROXY, port =
1814, fd = 5}

Process One:
(gdb) info threads
* 6 process 11191  0x0804d145 in main (argc=1166077688, argv=0xbfffd0c0)
at radiusd.c:1323
  5 process 19865  0x401c8d0b in [EMAIL PROTECTED] ()
from /lib/tls/libpthread.so.0
  4 process 19864  0x401c8d0b in [EMAIL PROTECTED] ()
from /lib/tls/libpthread.so.0
  3 process 19863  0x401c8d0b in [EMAIL PROTECTED] ()
from /lib/tls/libpthread.so.0
  2 process 19862  0x401c8d0b in [EMAIL PROTECTED] ()
from /lib/tls/libpthread.so.0
  1 process 19861  0x401c8d0b in [EMAIL PROTECTED] ()
from /lib/tls/libpthread.so.0
(gdb) bt
#0  0x401c99fe in recvfrom () from /lib/tls/libpthread.so.0
#1  0x4004e6d1 in rad_recv (fd=5) at radius.c:1044
#2  0x0804d145 in main (argc=1166077688, argv=0xbfffd0c0) at
radiusd.c:1323
(gdb) print *(rad_listen_t *) listener
$22 = {next = 0x0, ipaddr = 486477016, type = RAD_LISTEN_PROXY, port =
1814, fd = 5}
(gdb) frame 1
#1  0x4004e6d1 in rad_recv (fd=5) at radius.c:1044
1044radius.c: No such file or directory.
in radius.c
(gdb) info locals
packet = (RADIUS_PACKET *) 0x4780dc38
saremote = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0},
sin_zero = \000\000\000\000\000\000\000}
totallen = 263
salen = 16
attr = (uint8_t *) 0x0
count = -1073758352
host_ipaddr = \000\000\000\000۾\005\b
seen_eap = 0
data = stuff...
-- 

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Segment Fault after reload

[Joe Mom]

Hey,

I'm using freeradius 1.1.6 on gentoo and I've noticed that if I
attempt to do a /etc/init.d/radiusd reload that freeradius stops
responding.

When i run the server with Radiusd -X and do a reload I get:

snip
reread_config:  reading radiusd.conf
Config:   including file: /etc/raddb/proxy.conf
Config:   including file: /etc/raddb/clients.conf
Config:   including file: /etc/raddb/snmp.conf
Config:   including file: /etc/raddb/eap.conf
Config:   including file: /etc/raddb/sql.conf
 main: prefix = /usr
 main: localstatedir = /var
 main: logdir = /var/log/radius
 main: libdir = /usr/lib64
 main: radacctdir = /var/log/radius/radacct
 main: hostname_lookups = no
 main: snmp = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_file = /var/log/radius/radius.log
 main: log_auth = no
 main: log_auth_badpass = no
 main: log_auth_goodpass = no
 main: pidfile = /var/run/radiusd/radiusd.pid
 main: user = radiusd
 main: group = radiusd
 main: usercollide = no
 main: lower_user = no
 main: lower_pass = no
 main: nospace_user = no
 main: nospace_pass = no
 main: checkrad = /usr/sbin/checkrad
 main: proxy_requests = yes
 proxy: retry_delay = 5
 proxy: retry_count = 3
 proxy: synchronous = no
 proxy: default_fallback = yes
 proxy: dead_time = 120
 proxy: post_proxy_authorize = no
 proxy: wake_all_if_all_dead = no
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
Using deprecated naslist file.  Support for this will go away soon.
read_config_files:  reading clients
read_config_files:  reading realms
Wed Oct 17 18:26:20 2007 : Info: rlm_exec: Wait=yes but no output
defined. Did you mean output=none?
Wed Oct 17 18:26:20 2007 : Error: radiusd.conf[1910] Auth-Type PAP
already configured - skipping
Wed Oct 17 18:26:20 2007 : Error: radiusd.conf[1919] Auth-Type CHAP
already configured - skipping
Wed Oct 17 18:26:20 2007 : Error: radiusd.conf[1925] Auth-Type MS-CHAP
already configured - skipping
Wed Oct 17 18:26:20 2007 : Info: radiusd.conf Auth-Type eap already
configured - skipping
Wed Oct 17 18:26:20 2007 : Info: rlm_passwd: nfields: 2 keyfield
0(User-Name) listable: no
Wed Oct 17 18:26:20 2007 : Info: Ready to process requests.

/snip

Then once I attempt to do a radtest i get a Segmentation fault and
the server quits.

Any thoughts?

-- 


Regards
Joe
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Segment Fault after reload

[Alan DeKok]

Joe Mom wrote:
 I'm using freeradius 1.1.6 on gentoo and I've noticed that if I
 attempt to do a /etc/init.d/radiusd reload that freeradius stops
 responding.

  Don't reload it.  This is a known issue.

  Maybe HUP will work in 2.x.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

SOLVED: ssh, pam, radius not playing nicely

[Miles O'Neal]

Miles O'Neal said...

|I added the user there:
|
|   meo:x::100::/home/meo:/bin/tcsh

I changed this to

   meo:::100::/home/meo:/bin/tcsh

and now it works.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Freeradius logging w/syslog

[[EMAIL PROTECTED]]

Hi Alan,

Ok, seems the default install is dated that comes with CentOS 4.4...

I've upgraded to FreeRADIUS Version 1.1.7 now and logging seems to be  
working but I'd like to be able to get more usable data.

I nthe /etc/syslog.conf file I have this entry:

# .* will log all messages in the same log file
local1.*/var/log/radius/radius.log

From the syslog server I see this data:
Oct 17 19:11:16 radius radiusd(pam_unix)[15776]: authentication  
failure; logname= uid=95 euid=95 tty= ruser= rhost=
Oct 17 19:12:06 radius radiusd(pam_unix)[15776]: authentication  
failure; logname= uid=95 euid=95 tty= ruser= rhost=
Oct 17 19:12:26 radius radiusd(pam_unix)[15776]: authentication  
failure; logname= uid=95 euid=95 tty= ruser= rhost=
Oct 17 19:13:52 radius radiusd(pam_unix)[15776]: authentication  
failure; logname= uid=95 euid=95 tty= ruser= rhost=



But I'd like to see the User_Name and Client_Name similar to what you  
in localhost:/var/log/radius/radius.log file.



Thanks again,
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html