Re: SNMP error
hi alan, i searched the freeradius.org for the debug instructions, but i found nothing. what do you mean exactly by debug instructions i already have this in the radius debug mode SMUX read start SMUX connection closed: 66 SMUX connect try 1 SMUX open oid: 1.3.6.1.4.1.3317.1.3.1 SMUX open progname: radiusd SMUX open password: yallasnmp SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1 SMUX register priority: -1 SMUX register operation: 1 SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1 SMUX register priority: -1 SMUX register operation: 1 Waking up in 14 seconds... SMUX read start SMUX read len: 3 SMUX message received type: 0 rest len: 1 Unknown type: 0 Waking up in 14 seconds... SMUX read start SMUX connection closed: 66 SMUX connect try 1 SMUX open oid: 1.3.6.1.4.1.3317.1.3.1 SMUX open progname: radiusd SMUX open password: yallasnmp SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1 SMUX register priority: -1 SMUX register operation: 1 SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1 SMUX register priority: -1 SMUX register operation: 1 Waking up in 14 seconds... thanks amr [EMAIL PROTECTED] wrote: hi, known SNMP issues with 64bit and that version of SNMP. you will need to follow the debug instructions to help debug alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius and error can't resolve symbol '__uClibc_start_main
Hello, I`ve installed freeradius on OpenWRT (http://openwrt.org/) on RouterBoard 1xx platform. I`m having a problem with running package freeradius_1.1.1-1 (freeradius_1.1.2-1 does the same error). When I type command radiusd I get this error: radiusd: can't resolve symbol '__uClibc_start_main' I`ve no idea what it tries to tell me and neither google nor some forum search helped me. I use these packages, which freeradius depends on: zlib_1.2.3-4_mipsel.ipk libopenssl_0.9.8e-3_mipsel.ipk libltdl_1.5.22-1_mipsel.ipk libpthread_0.9.28.2-10_mipsel.ipk Thak you a lot for your help. Pepe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and error can't resolve symbol '__uClibc_start_main
On Sun, Jan 13, 2008 at 02:36:43PM +0100, [EMAIL PROTECTED] said: The same thing 11 times Can you stop sending the same mail over and over again? -- -- | Stephen Gran | : is not an identifier | | [EMAIL PROTECTED] | | | http://www.lobefin.net/~steve | | -- signature.asc Description: Digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: I can't get 'access-accept' from Linux clients
2008/1/11, Alan DeKok [EMAIL PROTECTED]: Sergio Belkin wrote: Alan, Thanks for clear up the confusion about EAP and PAP. But still I don't understand this: Now I have a windows client working using securew2 with PAP. If PAP is not into the tunnel Then you are not using securew2. It was about a question not a statement :) When you use TTLS + PAP, the passwords go in the tunnel. Ok thanks for your answer, that it was I was asking :) Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- -- Open Kairos http://www.openkairos.com Watch More TV http://sebelk.blogspot.com Sergio Belkin - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and error can't resolve symbol '__uClibc_start_main
Hi there, Thanks for fixing your system (or 'Post' button) so that we don't get multiple copies of the same message. In message [EMAIL PROTECTED], [EMAIL PROTECTED] writes I`ve installed freeradius on OpenWRT (http://openwrt.org/) on RouterBoard 1xx platform. I`m having a problem with running package freeradius_1.1.1-1 (freeradius_1.1.2-1 does the same error). When I type command radiusd I get this error: radiusd: can't resolve symbol '__uClibc_start_main' This isn't a FreeRADIUS error - this is an OpenWRT problem. Either there's an error in the package or with the way that you're starting the server on OpenWRT. It looks as if radiusd can't find the uclibc shared library. I haven't a clue how to fix this - asking on the OpenWRT forum would be better than asking here. 1.1.2 is rather old - if possible, try to get a 1.1.7 or 2.0.0 package. Best wishes, David -- David Wood [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SNMP error
Hi, hi alan, i searched the freeradius.org for the debug instructions, but i found nothing. what do you mean exactly by debug instructions i already have this in the radius debug mode read doc/bugs in the distribution tar file. i can send you a copy if your archive doesnt contain it. beware that you will need an OS kernel that has all the debugging flags enabled (most default distro kernels are compiled in such a way) I have reported this bug to bugs.freeradius.org with the debug output that my system was able to generate alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeBSD port for 2.0.0 (and a FreeRADIUS patch submission)
Hi Nicolas, In message [EMAIL PROTECTED], Nicolas Baradakis [EMAIL PROTECTED] writes David Wood wrote: PATCH SUBMISSION - THREADING ISSUES [...] Firstly, for threading on FreeBSD you should just use -pthread (and not use -lpthread). There are different threading libraries available on FreeBSD; the OS does the correct thing if you just use -pthread. -pthread vs -lpthread is a long discussion. If the configure script says -lpthread is supported, I think we can use it in all cases. (including FreeBSD) I know - and I'm sorry to have to ask to complicate things further. The behaviour of -pthread on at least some FreeBSD systems is explained in: http://lists.freebsd.org/pipermail/freebsd-ports/2005-January/019345.html that is, -pthread means the thread library symbols are resolved by the linker, but it doesn't emit the DT_NEEDED for the thread library when building a shared library. At the time post this was written, 7.0 didn't exist, and I can quite believe that the different gcc and bintools versions in 7.0 changes things (see later). FreeBSD 6.x is very different to 7.x - 6.x is a gcc 3.4 based toolchain, whilst 7.x is gcc 4.2 based; most of the other bintools are similarly elderly in 6.x. That said, 6.x is still a current release series, and will need supporting for around another two years. I mention this to explain why it's quite possible for 6.x and 7.x to behave quite differently. I can't check, as I haven't got a 5.x machine to hand, but I suspect 5.x behaves the same as 6.x. A further complication with -lpthread is that FreeBSD sparc64 doesn't have libpthread, just libthr. These two threading libraries both conform (as much as really matters) to the POSIX threading ABI. I'm unsure there's a need to make one more special case in the mainstream FreeRADIUS tree. Moreover I note that -pthread has been removed from the pthread manpage. The reference to gcc -pthread on the pthread man page was because that flag used to be needed to link against a thread safe libc, libc_r. libc_r disappeared from FreeBSD 5.x, as did the note about gcc -pthread on the pthread man page. -pthread is still the way that threading is handled within FreeBSD ports - I did reference the appropriate documentation in the patch. For further confirmation, look at the value of PTHREAD_LIBS in /usr/ports/Mk/bsd.port.mk - CVSweb at http://www.freebsd.org/cgi/cvsweb.cgi/ports/Mk/bsd.port.mk I detest the complexity, but as the FreeRADIUS port maintainer, I have to live with it. Building FreeRADIUS outside a port could hit problems on at least some FreeBSD versions unless -pthread is used. When I was developing the patch, I found at least one other 'well known' application with logic to use -pthread on FreeBSD - but I can't remember which - sorry! Secondly, it deals with the case where python is built with threads (as is now the default for python on FreeBSD). As I don't use rlm_python, I can't test whether it works after this patch, but rlm_python won't even build on FreeBSD without it. I believe this is a problem with the python library. The linker should report the dependencies of libpython2.4.so. I've asked a friend who is running 7.0-CURRENT and it looks OK for him: $ ldd /usr/local/lib/libpython2.4.so.1 /usr/local/lib/libpython2.4.so.1: libutil.so.6 = /lib/libutil.so.6 (0x800c24000) libm.so.4 = /lib/libm.so.4 (0x800d32000) libthr.so.2 = /lib/libthr.so.2 (0x800e4c000) libc.so.7 = /lib/libc.so.7 (0x800632000) If the system is showing 7.0-CURRENT, that's rather old - and python 2.5 is now the default version. Recent CURRENT is now 8.0-CURRENT, whilst 7.0 is on course for a release. [EMAIL PROTECTED] ~]$ uname -mrs FreeBSD 7.0-BETA4 i386 [EMAIL PROTECTED] ~]$ ldd /usr/local/lib/libpython2.5.so /usr/local/lib/libpython2.5.so: libutil.so.7 = /lib/libutil.so.7 (0x2817d000) libm.so.5 = /lib/libm.so.5 (0x2818a000) libthr.so.3 = /lib/libthr.so.3 (0x2819f000) libc.so.7 = /lib/libc.so.7 (0x2808) This system is actually a little beyond 7.0-BETA4 - it's on the way to 7.0-RC1 level, so it's fairly recent. I shall probably rebuild it a 7.0-RC2 level when that's available. Actually this system is a VMware virtual machine - it's my 7.0 development platform. However, back on what is still the latest release: [EMAIL PROTECTED] ~]$ uname -mrs FreeBSD 6.2-RELEASE-p9 i386 [EMAIL PROTECTED] ~]$ ldd /usr/local/lib/libpython2.5.so /usr/local/lib/libpython2.5.so: libutil.so.5 = /lib/libutil.so.5 (0x482a6000) libm.so.4 = /lib/libm.so.4 (0x482b3000) In both cases, python was built via the lang/python25 port without any special knobs or similar configuration. Note that there's no threading library in the ldd output of 6.x, even though the library is threaded. (The lack of a libc.so dependency is because of the lack of a threading library - both libthr.so and libpthread.so depend on libc.so.) I don't see why
SQLippool problems (duplicate IPs handed out).
I use the sql IP pool setup with mysql, and been using it fine for a while, but I have a problem where if I have an influx of connections at one time (30++) That freeradius will hand out an IP to my NAS, but it doesnt get written to the database fast enuff and another thread of freeradius hands out the same IP to another user, and logs that entry to the radippool table. So I get users with duplicate IP addresses.. this never happens if the connections are coming in slow enough, (1 or 2 at a time). freeradius 1.1.6 with mysql 5.0.26. Here is my sqlippool.conf. sqlippool { ## SQL instance to use (from sql.conf) sql-instance-name = sql ## Table to keep ippool info ippool_table = radippool ## lease_duration. fix for lost acc-stop packets lease-duration = 3600 ## Attribute which should be considered unique per NAS ## Using NAS-Port gives behaviour similar to rlm_ippool. Calling-Station-Id is for NAS that send fixed NAS-Port pool-key = %{NAS-Port} # pool-key = %{Calling-Station-Id} ## Logging configuration. sqlippool_log_exists = Existing IP: %{reply:Framed-IP-Address} \ (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name}) sqlippool_log_success = Allocated IP: %{reply:Framed-IP-Address} from %{check:Pool-Name} \ (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name}) sqlippool_log_clear = Released IP %{Framed-IP-Address}\ (did %{Called-Station-Id} cli %{Calling-Station-Id} user %{User-Name}) sqlippool_log_failed = IP Allocation FAILED from %{check:Pool-Name} \ (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name}) sqlippool_log_nopool = No Pool-Name defined \ (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name}) # ## This series of queries allocates an IP address # allocate-clear = UPDATE ${ippool_table} \ # SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', \ # expiry_time = '-00-00 00:00:00' \ # WHERE pool_key = '${pool-key}' ## This will clear all expired leases for lost acc-stop packets allocate-clear = UPDATE radippool \ SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', \ expiry_time = '-00-00 00:00:00' \ WHERE expiry_time = NOW() - INTERVAL 1 SECOND # ## The ORDER BY clause of this query tries to allocate the same IP-address # ## which user had last session... allocate-find = SELECT framedipaddress FROM ${ippool_table} \ WHERE pool_name = '%{check:Pool-Name}' AND expiry_time NOW() \ ORDER BY (username '%{User-Name}'), (callingstationid '%{Calling-Station-Id}'), expiry_time \ LIMIT 1 \ FOR UPDATE ## If you prefer to allocate a random IP address every time, use this query instead #allocate-find = SELECT framedipaddress FROM ${ippool_table} \ # WHERE pool_name = '%{check:Pool-Name}' AND expiry_time = '-00-00 00:00:00' \ # ORDER BY RAND() \ # LIMIT 1 \ # FOR UPDATE ## If an IP could not be allocated, check to see if the pool exists or not ## This allows the module to differentiate between a full pool and no pool ## Note: If you are not running redundant pool modules this query may be commented ## out to save running this query every time an ip is not allocated. pool-check = SELECT id FROM ${ippool_table} WHERE pool_name='%{check:Pool-Name}' LIMIT 1 allocate-update = UPDATE ${ippool_table} \ SET nasipaddress = '%{NAS-IP-Address}', pool_key = '${pool-key}', \ callingstationid = '%{Calling-Station-Id}', username = '%{User-Name}', \ expiry_time = NOW() + INTERVAL ${lease-duration} SECOND \ WHERE framedipaddress = '%I' ## This series of queries frees an IP number when an accounting ## START record arrives start-update = UPDATE ${ippool_table} \ SET expiry_time = NOW() + INTERVAL ${lease-duration} SECOND \ WHERE nasipaddress = '%{NAS-IP-Address}' AND pool_key = '${pool-key}' ## This series of queries frees an IP number when an accounting ## STOP record arrives stop-clear = UPDATE ${ippool_table} \ SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', \ expiry_time = '-00-00 00:00:00' \ WHERE nasipaddress = '%{Nas-IP-Address}' AND pool_key = '${pool-key}' AND username = '%{User-Name}' \ AND callingstationid = '%{Calling-Station-Id}' AND framedipaddress = '%{Framed-IP-Address}' ## This series of queries frees an IP number when an accounting ## ALIVE record arrives alive-update = UPDATE ${ippool_table} \ SET expiry_time = NOW() + INTERVAL ${lease-duration} SECOND \ WHERE nasipaddress = '%{Nas-IP-Address}' AND pool_key = '${pool-key}' AND username = '%{User-Name}' \ AND callingstationid = '%{Calling-Station-Id}' AND framedipaddress = '%{Framed-IP-Address}' ## This series of queries frees the IP numbers allocate to a ## NAS when an accounting ON record arrives on-clear = UPDATE ${ippool_table} \ SET nasipaddress
Verifying framed-ip-address using unlang
Hi, Is it possible to use unlang to verify whether framed-ip-address is in the right range or not? We would like to use it on our wholesale proxies. Wholesale customers of ours are allowed to allocate IPs to their customers, but only from certain ranges. Will a normal comparison ( ) work with IP addresses? Or do I have to use one of 'real' languages for that? kind regards Pshem - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Python and return attributes in `postproxy`
Hi Guys It would seem as if the rlm_python does not provide the returned attributes from the proxy, this happens in both a patched version of 1.1.7 and 2.0.0. Code: def postproxy(params): log.log('RLM_PYTHON: handling Post Proxy request...', log.VERBOSE) pprint.pprint(params) returnval = send_message('postproxy', params, False) return lib.radiusd.RLM_MODULE_OK Result: +- entering group post-proxy 2008-01-14T13:14:09.412107: Verbose: RLM_PYTHON: handling Post Proxy request... (('Framed-Protocol', 'PPP'), ('User-Name', '[EMAIL PROTECTED]'), ('User-Password', 'x'), ('Service-Type', 'Framed-User'), ('NAS-IP-Address', '118.xx.xx.xx'), ('Realm', 'dsl.*'), ++[python] returns ok Command line test: Sending Access-Request of id 39 to 118.67.209.51 port 1812 Framed-Protocol = PPP User-Name = [EMAIL PROTECTED] User-Password = x Service-Type = Framed-User NAS-IP-Address = 118.xx.xx.xx rad_recv: Access-Accept packet from host 118.67.209.51 port 1812, id=39, length=44 Port-Limit = 1 Framed-Protocol = PPP Service-Type = Framed-User Framed-IP-Address = 118.xx.xx.21 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
help
please help! i have to install freeRADIUS 1.1.7 on fedora core 7 ,but i am unable to add users to the 'users' file . i am getting help from the website : www.aerospacesoftware.com/radius.html i add the user in this way, johndoe Auth-Type := Local, User-Password == johndoepassword Reply-Message = Hello, %u AND AFTER THAT # radiusd -X# radtest johndoe johndoepassword localhost 1812 yoursharedsecret BUT THE RESPONSE FROM THE SERVER IS NOT rad_recv: Access Accept packet BUT rad_recv: Access-Rejected packet please tell me what to do should i install an older version ? _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radgroupreply do not read (read_grous directive)
Hi,I am usind freeradius 2.0 an need to load radcheck, radreply, radgroupcheck and radgroupreply tables. But radcheck and radreply work. To load radgroupcheck e need to set Fall-Through = Yes, but radgroupreply don't work. The read_groups directive is 'Yes' but not appers in the radius debug mode.How can I do freeradius load radgroupreply? I have the Simultaneous-Use attribut in this table, I need to use this attribute to all users.Someone please? -- Acelerador POP Acelere a sua conexo discada em at 19 x. Use o Acelerador POP. grtis, pegue j o seu. http://www.pop.com.br/acelerador - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQLippool problems (duplicate IPs handed out).
Dave This is quite possible, as I dont think the MySQL queries currently do the correct locking. If you can fix the problem, please send us a patch. -Peter On Mon 14 Jan 2008, Dave wrote: I use the sql IP pool setup with mysql, and been using it fine for a while, but I have a problem where if I have an influx of connections at one time (30++) That freeradius will hand out an IP to my NAS, but it doesnt get written to the database fast enuff and another thread of freeradius hands out the same IP to another user, and logs that entry to the radippool table. So I get users with duplicate IP addresses.. this never happens if the connections are coming in slow enough, (1 or 2 at a time). freeradius 1.1.6 with mysql 5.0.26. Here is my sqlippool.conf. -- -- sqlippool { ## SQL instance to use (from sql.conf) sql-instance-name = sql ## Table to keep ippool info ippool_table = radippool ## lease_duration. fix for lost acc-stop packets lease-duration = 3600 ## Attribute which should be considered unique per NAS ## Using NAS-Port gives behaviour similar to rlm_ippool. Calling-Station-Id is for NAS that send fixed NAS-Port pool-key = %{NAS-Port} # pool-key = %{Calling-Station-Id} ## Logging configuration. sqlippool_log_exists = Existing IP: %{reply:Framed-IP-Address} \ (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name}) sqlippool_log_success = Allocated IP: %{reply:Framed-IP-Address} from %{check:Pool-Name} \ (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name}) sqlippool_log_clear = Released IP %{Framed-IP-Address}\ (did %{Called-Station-Id} cli %{Calling-Station-Id} user %{User-Name}) sqlippool_log_failed = IP Allocation FAILED from %{check:Pool-Name} \ (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name}) sqlippool_log_nopool = No Pool-Name defined \ (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name}) # ## This series of queries allocates an IP address # allocate-clear = UPDATE ${ippool_table} \ # SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', \ # expiry_time = '-00-00 00:00:00' \ # WHERE pool_key = '${pool-key}' ## This will clear all expired leases for lost acc-stop packets allocate-clear = UPDATE radippool \ SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', \ expiry_time = '-00-00 00:00:00' \ WHERE expiry_time = NOW() - INTERVAL 1 SECOND # ## The ORDER BY clause of this query tries to allocate the same IP-address # ## which user had last session... allocate-find = SELECT framedipaddress FROM ${ippool_table} \ WHERE pool_name = '%{check:Pool-Name}' AND expiry_time NOW() \ ORDER BY (username '%{User-Name}'), (callingstationid '%{Calling-Station-Id}'), expiry_time \ LIMIT 1 \ FOR UPDATE ## If you prefer to allocate a random IP address every time, use this query instead #allocate-find = SELECT framedipaddress FROM ${ippool_table} \ # WHERE pool_name = '%{check:Pool-Name}' AND expiry_time = '-00-00 00:00:00' \ # ORDER BY RAND() \ # LIMIT 1 \ # FOR UPDATE ## If an IP could not be allocated, check to see if the pool exists or not ## This allows the module to differentiate between a full pool and no pool ## Note: If you are not running redundant pool modules this query may be commented ## out to save running this query every time an ip is not allocated. pool-check = SELECT id FROM ${ippool_table} WHERE pool_name='%{check:Pool-Name}' LIMIT 1 allocate-update = UPDATE ${ippool_table} \ SET nasipaddress = '%{NAS-IP-Address}', pool_key = '${pool-key}', \ callingstationid = '%{Calling-Station-Id}', username = '%{User-Name}', \ expiry_time = NOW() + INTERVAL ${lease-duration} SECOND \ WHERE framedipaddress = '%I' ## This series of queries frees an IP number when an accounting ## START record arrives start-update = UPDATE ${ippool_table} \ SET expiry_time = NOW() + INTERVAL ${lease-duration} SECOND \ WHERE nasipaddress = '%{NAS-IP-Address}' AND pool_key = '${pool-key}' ## This series of queries frees an IP number when an accounting ## STOP record arrives stop-clear = UPDATE ${ippool_table} \ SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', \ expiry_time = '-00-00 00:00:00' \ WHERE nasipaddress = '%{Nas-IP-Address}' AND pool_key = '${pool-key}' AND username = '%{User-Name}' \ AND callingstationid = '%{Calling-Station-Id}' AND framedipaddress = '%{Framed-IP-Address}' ## This series of queries frees an IP number when an accounting ## ALIVE record arrives alive-update = UPDATE ${ippool_table} \ SET expiry_time = NOW() + INTERVAL ${lease-duration} SECOND \ WHERE nasipaddress = '%{Nas-IP-Address}' AND pool_key =