Re: silly question of framed IP address
Reveal MAP wrote: I wonder if the attribute 8 (framed Ip address) of RADIUS acts like a dhcp server, giving the IP to the supplicant or just verify/compare if is conform to the Anthentication request ?? The Framed-IP-Address assigns IP addresses for PPP sessions. It does *nothing* for 802.1x sessions. You will need to run a DHCP server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Which documentation Re:
jonas m wrote: My Question is about the documentation that I found on the net. Random documentation found on the net is usually wrong. http://www.novell.com/documentation/edir_radius/pdfdoc/radadmin/radadmin.pdf Does anybody know if this is the best documentation there is. For what? FreeRADIUS *does* come with documentation. For example this document describes that you in should export your certificate from the eDirectory server and put it in the Freeradius server. Then edit the radius.conf tls_cacertfile with the path to the imported certificate. Yes if you want to use LDAP over SSL, you need to tell FreeRADIUS about the certificates being used. I have to do some schema changes if I should follow this documentation and before I do that I would like to be shore that this is the best guide. Schema changes have nothing to do with SSL certificates. For starters we don’t use universal passwords today, and I am afraid that implementing this could have some negative affects on our live site. Why? My goal is to use this in a “secure” wireless solution. Certificates used for LDAP have nothing to do with wireless certificates. They are different, and SHOULD be different. Hop somebody can bring me some light in this matter. You seem to have confused different uses for certificates. Different web sites have different certificates. This is exactly the same kind of situation. You have one set of certificates for LDAP, and another for wireless. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Which documentation Re:
Thanks Aland! You have now cleared some things for me. As you said I have mixed things up. About the documentation, I meant the best guide for integrating Freeradius with eDirectory . And you are of course right that schema changes have nothing to do with SSL certificates. But. If I read the Novell Guide then you have to extend eDirectroy schema with the FreeRADIUS schema. About the universal password, I think that I have some reading up to do. /Jonas Magné Date: Thu, 17 Jul 2008 08:24:32 +0200 From: [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Subject: Which documentation Re: jonas m wrote: My Question is about the documentation that I found on the net. Random documentation found on the net is usually wrong. http://www.novell.com/documentation/edir_radius/pdfdoc/radadmin/radadmin.pdf Does anybody know if this is the best documentation there is. For what? FreeRADIUS *does* come with documentation. For example this document describes that you in should export your certificate from the eDirectory server and put it in the Freeradius server. Then edit the radius.conf tls_cacertfile with the path to the imported certificate. Yes if you want to use LDAP over SSL, you need to tell FreeRADIUS about the certificates being used. I have to do some schema changes if I should follow this documentation and before I do that I would like to be shore that this is the best guide. Schema changes have nothing to do with SSL certificates. For starters we don’t use universal passwords today, and I am afraid that implementing this could have some negative affects on our live site. Why? My goal is to use this in a “secure” wireless solution. Certificates used for LDAP have nothing to do with wireless certificates. They are different, and SHOULD be different. Hop somebody can bring me some light in this matter. You seem to have confused different uses for certificates. Different web sites have different certificates. This is exactly the same kind of situation. You have one set of certificates for LDAP, and another for wireless. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Utmana dina kompisar i Sten, sax, påse! http://www.live.msn.se/messenger/#/News/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ippool issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 in radius.conf i have status_server = yes and no other references to Access-Accept. I have no dhcp server started the ip address it's begin alocated it';s from 10.0.0.0 subnet. Ivan Kalik wrote: | What IP address is in the Access-Accept packet? Perhaps you have a dhcp | server running as well and that one is allocating IPs. | | Ivan Kalik | Kalik Informatika ISP | | | Dana 16/7/2008, [EMAIL PROTECTED] [EMAIL PROTECTED] piše: | | Hi, i'm new with freeradius, and i have a few issues with ip allocation |from a mysql database. The server it's functional, it's running with a | pppoe server, authentication goes ok, the user gets authenticated with | the values from mysql tables, but i noticed that ipaddress it's not from | the radippool table, and also i've checked the sqltrace logs and i | saw no mention of this table. I have configured the sqlippool.conf and | sql.conf files with the correct tables but i think i'm missing something. | | Regards Paul. | - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html | | | - | List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIfv7PGPhC6XW20oARAiPCAJ0Wqd1CtVQusqNYreylryh6NUalWgCfYrxY dainIz/RS8YUQtJg0yZlmYA= =lGhY -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ippool issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( ~ 'gogu', 'gogu123', ~ 'Access-Accept', '2008-07-17 11:45:31') . Sending Access-Accept of id 28 to 192.168.1.1 port 37704 Ivan Kalik wrote: | Run the server in debug mode (radiusd -X) and see what's in the | Access-Accept packet. | | Ivan Kalik | | | Dana 17/7/2008, [EMAIL PROTECTED] [EMAIL PROTECTED] piše: | | in radius.conf i have status_server = yes and no other references to | Access-Accept. I have no dhcp server started the ip address it's begin | alocated it';s from 10.0.0.0 subnet. | | | Ivan Kalik wrote: | | What IP address is in the Access-Accept packet? Perhaps you have a dhcp | | server running as well and that one is allocating IPs. | | | | Ivan Kalik | | Kalik Informatika ISP | | | | | | Dana 16/7/2008, [EMAIL PROTECTED] [EMAIL PROTECTED] piĂae: | | | | Hi, i'm new with freeradius, and i have a few issues with ip allocation | |from a mysql database. The server it's functional, it's running with a | | pppoe server, authentication goes ok, the user gets authenticated with | | the values from mysql tables, but i noticed that ipaddress it's not from | | the radippool table, and also i've checked the sqltrace logs and i | | saw no mention of this table. I have configured the sqlippool.conf and | | sql.conf files with the correct tables but i think i'm missing | something. | | | | Regards Paul. | | | - | List info/subscribe/unsubscribe? See | http://www.freeradius.org/list/users.html | | | | | | | - | | List info/subscribe/unsubscribe? See | http://www.freeradius.org/list/users.html - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html | | | - | List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIfwcnGPhC6XW20oARApyvAJ4i7/4ta01ivU1GAZiPo7MjuDaPxgCff70Y EtqDm3w8z7xG0rl1551knzA= =2VML -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Which documentation Re:
jonas m wrote: About the documentation, I meant the best guide for integrating Freeradius with eDirectory . The documentation written by Novell? And you are of course right that schema changes have nothing to do with SSL certificates. But. If I read the Novell Guide then you have to extend eDirectroy schema with the FreeRADIUS schema. Yes. So? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ippool issue
[EMAIL PROTECTED] wrote: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( ~ 'gogu', 'gogu123', ~ 'Access-Accept', '2008-07-17 11:45:31') . Sending Access-Accept of id 28 to 192.168.1.1 port 37704 You've deleted almost everything from the debug output. You are trying VERY hard to make it impossible for anyone to help you. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ippool issue
Nice. So server did send an Access-Accept. What was in it? Let's try again: Run the server in debug mode (radiusd -X) and see what's in the Access-Accept packet. Also, have in mind that radius sends framed IP address which is not very likely to be used in wireless setup. If you have sent one, debug the NAS and see if it was ignored. Ivan Kalik Kalik Informatika ISP Dana 17/7/2008, [EMAIL PROTECTED] [EMAIL PROTECTED] piše: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 . INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( ~ 'gogu', 'gogu123', ~ 'Access-Accept', '2008-07-17 11:45:31') .. Sending Access-Accept of id 28 to 192.168.1.1 port 37704 Ivan Kalik wrote: | Run the server in debug mode (radiusd -X) and see what's in the | Access-Accept packet. | | Ivan Kalik | | | Dana 17/7/2008, [EMAIL PROTECTED] [EMAIL PROTECTED] piše: | | in radius.conf i have status_server = yes and no other references to | Access-Accept. I have no dhcp server started the ip address it's begin | alocated it';s from 10.0.0.0 subnet. | | | Ivan Kalik wrote: | | What IP address is in the Access-Accept packet? Perhaps you have a dhcp | | server running as well and that one is allocating IPs. | | | | Ivan Kalik | | Kalik Informatika ISP | | | | | | Dana 16/7/2008, [EMAIL PROTECTED] [EMAIL PROTECTED] piĂae: | | | | Hi, i'm new with freeradius, and i have a few issues with ip allocation | |from a mysql database. The server it's functional, it's running with a | | pppoe server, authentication goes ok, the user gets authenticated with | | the values from mysql tables, but i noticed that ipaddress it's not from | | the radippool table, and also i've checked the sqltrace logs and i | | saw no mention of this table. I have configured the sqlippool.conf and | | sql.conf files with the correct tables but i think i'm missing | something. | | | | Regards Paul. | | | - | List info/subscribe/unsubscribe? See | http://www.freeradius.org/list/users.html | | | | | | | - | | List info/subscribe/unsubscribe? See | http://www.freeradius.org/list/users.html - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html | | | - | List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIfwcnGPhC6XW20oARApyvAJ4i7/4ta01ivU1GAZiPo7MjuDaPxgCff70Y EtqDm3w8z7xG0rl1551knzA= =2VML -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ippool issue
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
sry for the bad output, but this ware the lines with Access-Accept,
this is the whole thing:
- - the whole log it's at http://alexandrunet.ro/radius_log;
radiusd -X | grep Access-Accept
~expand: INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES (
~ '%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S') - INSERT INTO radpostauth
~ (username, pass, reply, authdate)
VALUES ( 'gogu',
'gogu123', 'Access-Accept', '2008-07-17 11:45:31')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth
~ (username, pass, reply, authdate)
~ VALUES ( 'gogu',
~ 'gogu123', 'Access-Accept', '2008-07-17
11:45:31')
rlm_sql_mysql: query: INSERT INTO radpostauth
~ (username, pass, reply, authdate) VALUES (
~'gogu', 'gogu123',
~ 'Access-Accept', '2008-07-17 11:45:31')
~expand: INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES (
~ '%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S') - INSERT INTO radpostauth
~ (username, pass, reply, authdate)
VALUES ( 'gogu',
'gogu123', 'Access-Accept', '2008-07-17 11:45:31')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth
~ (username, pass, reply, authdate)
~ VALUES ( 'gogu',
~ 'gogu123', 'Access-Accept', '2008-07-17
11:45:31')
rlm_sql_mysql: query: INSERT INTO radpostauth
~ (username, pass, reply, authdate) VALUES (
~'gogu', 'gogu123',
~ 'Access-Accept', '2008-07-17 11:45:31')
Sending Access-Accept of id 28 to 192.168.1.1 port 37704
Paul
Alan DeKok wrote:
| [EMAIL PROTECTED] wrote:
|
| INSERT INTO radpostauth (username, pass,
| reply, authdate) VALUES (
| ~ 'gogu', 'gogu123',
| ~ 'Access-Accept', '2008-07-17 11:45:31')
| .
| Sending Access-Accept of id 28 to 192.168.1.1 port 37704
|
| You've deleted almost everything from the debug output.
|
| You are trying VERY hard to make it impossible for anyone to help you.
|
| Alan DeKok.
| -
| List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIfw9nGPhC6XW20oARAl70AJ9W5KuBYKF98wetQie1ZZ2rKDknCwCfXE4/
njD7JUTjquAkvVv2ecztosE=
=w4M4
-END PGP SIGNATURE-
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_attr_rewrite question
I have some rewrites like this (in pre-proxy):
attr_rewrite fixcboss6 {
attribute = NAS-IP-Address
searchin = proxy
searchfor = 172.29.51.24
replacewith = 172.26.64.100
new_attribute = no
append = no
max_matches = 1
}
Radius gets packet generated by radtest:
User-Name = guest
User-Password = guest
NAS-IP-Address = 172.29.51.24
NAS-Port = 1
[...skipped...]
+- entering group pre-proxy
expand: 172.29.51.24 - 172.29.51.24
fixcboss6: Does not match: NAS-IP-Address = ╛?3?
fixcboss6: Could not find value pair for attribute NAS-IP-Address
++[fixcboss6] returns ok
++[pre_proxy_log] returns ok
User-Name = guest
User-Password = guest
NAS-IP-Address = 172.29.51.24
NAS-Port = 1
Proxy-State = 0x3336
Proxying request 1 to home server 172.29.51.10 port 1812
User-Name = guest
User-Password = guest
NAS-IP-Address = 172.29.51.24
NAS-Port = 1
Proxy-State = 0x3336
Why it does not works?
PS Here is the full debug - http://rafb.net/p/le0HmX69.html
and here is parts of config: http://rafb.net/p/UB04Mr14.html
--
With best regards, Evgeniy Kozhuhovskiy,
Leader of Services team,
Minsk State Phony Network, RUE Beltelecom.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ippool issue
sry for the bad output, but this ware the lines with Access-Accept, this is the whole thing: - - the whole log it's at http://alexandrunet.ro/radius_log; No, it's not. That's just the debug of the startup. Post the log of the request being processed. Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ippool issue
[EMAIL PROTECTED] wrote: sry for the bad output, but this ware the lines with Access-Accept, this is the whole thing: - the whole log it's at http://alexandrunet.ro/radius_log; Which has ZERO use. The server doesn't even receive any packets! Do you even understand what an Access-Accept is? radiusd -X | grep Access-Accept No. Do NOT do that. You are trying VERY hard to ignore all of the output of radiusd -X. If you're not going to follow the instructions on this list, then don't ask questions here. If you're not going to read the output of radiusd -X, then don't even other trying to run the server. You will NEVER get the problem fixes. And you ARE aware that RADIUS cannot assign IP's for wireless networks, right? You've been told this multiple times already. I have no idea why you insist on ignoring the output of radiusd -X. It is the ONLY thing which can help solve the problem. We have asked you for this REPEATEDLY, and every time you have gone out of your way to delete ALL useful information from the debug output. Again, you are trying very hard to make it impossible for us to help you. STOP IT. It's annoying. Follow the instructions, and stop trying to be smart about it. Every little edit you do to simplify the output of radiusd -X destroys the information we need to help you. Did I mention to run radiusd -X? And to post the full logs, without editing it? And INCLUDE in the logs the output from when the server receives a packet, processes it, and sends a response? That last bit shouldn't be rocket science. Honestly, I have no idea why you think it's useful to post the (un-edited) logs from when the server does nothing, and then the (edited) logs from when the server receives a packet. It's like you're *trying* to make it impossible for us to help you. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ippool issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 sorry about that, you have a good point, i just restarted the server and i forgot i did not try to connect. Regarding to the wireless network, no, it's not a wireless netowork it's an UTP network, i'm using radius with a pppoe server. I've updated the file at http://alexandrunet.ro/radius_log; and it now has the full log from the time the user connects. Alan DeKok wrote: | [EMAIL PROTECTED] wrote: | sry for the bad output, but this ware the lines with Access-Accept, | this is the whole thing: | - the whole log it's at http://alexandrunet.ro/radius_log; | | Which has ZERO use. The server doesn't even receive any packets! | | Do you even understand what an Access-Accept is? | | radiusd -X | grep Access-Accept | | No. Do NOT do that. You are trying VERY hard to ignore all of the | output of radiusd -X. | | If you're not going to follow the instructions on this list, then | don't ask questions here. If you're not going to read the output of | radiusd -X, then don't even other trying to run the server. You will | NEVER get the problem fixes. | | And you ARE aware that RADIUS cannot assign IP's for wireless | networks, right? You've been told this multiple times already. | | I have no idea why you insist on ignoring the output of radiusd -X. |It is the ONLY thing which can help solve the problem. We have asked | you for this REPEATEDLY, and every time you have gone out of your way to | delete ALL useful information from the debug output. | | Again, you are trying very hard to make it impossible for us to help | you. STOP IT. It's annoying. Follow the instructions, and stop trying | to be smart about it. Every little edit you do to simplify the output | of radiusd -X destroys the information we need to help you. | | Did I mention to run radiusd -X? And to post the full logs, without | editing it? And INCLUDE in the logs the output from when the server | receives a packet, processes it, and sends a response? | | That last bit shouldn't be rocket science. Honestly, I have no idea | why you think it's useful to post the (un-edited) logs from when the | server does nothing, and then the (edited) logs from when the server | receives a packet. | | It's like you're *trying* to make it impossible for us to help you. | | Alan DeKok. | - | List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIfxdAGPhC6XW20oARAt49AJ93d3/xv0TmO6mjLPVR7gfHE1J1fQCfYazN iVpZcFq6sUGj6HtX270jJNg= =c3Pl -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ippool issue
[EMAIL PROTECTED] wrote: sorry about that, you have a good point, i just restarted the server and i forgot i did not try to connect. Regarding to the wireless network, no, it's not a wireless netowork it's an UTP network, i'm using radius with a pppoe server. I've updated the file at http://alexandrunet.ro/radius_log; and it now has the full log from the time the user connects. Right. Now YOU read it. It's not hard. Look for pool. Think about it. Then think about it again. Then fix the problem before asking more questions. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ippool issue
You have not assigned the IP address via radius. It's assigned by the dhcp server: Sending Access-Accept of id 31 to 192.168.1.1 port 40086 Framed-Protocol := PPP Framed-IP-Netmask = 255.255.255.255 Framed-MTU := 1500 Framed-Compression := Van-Jacobson-TCP-IP Session-Timeout = 14400 Idle-Timeout = 600 Port-Limit = 1 Service-Type := Framed-User *** No IP address in Access-Accept; Pool-Name or Framed-IP-Address were not set for this user *** Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Accounting-Request packet from host 192.168.1.1 port 34314, id=32, length=115 Acct-Session-Id = 487F15BE052000 User-Name = gogu Acct-Status-Type = Start Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = 00:FF:74:D6:85:27 Acct-Authentic = RADIUS NAS-Port-Type = Async Framed-IP-Address = 10.67.15.34 == This came from dhcp NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Acct-Delay-Time = 0 Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_attr_rewrite question
Evgeniy Kozhuhovskiy wrote:
...
fixcboss6: Does not match: NAS-IP-Address = ╛?3?
It's trying to do a regex match against the packed (32-bit) IP
address, not against the ASCII string describing the IP address. That
can easily be fixed.
But in any case, you *don't* need to use attr_rewrite for this. Just
put the following into the pre-proxy section, instead of the fixcboss6
line:
...
if (proxy:NAS-IP-Address == 172.29.51.24) {
update proxy {
NAS-IP-Address := 172.26.64.100
}
}
...
It's that easy. See man unlang for details.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ippool issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 :) yes that's what it was thank you for your help. I'm sorry you had a bad day my friend. Paul. Alan DeKok wrote: | [EMAIL PROTECTED] wrote: | sorry about that, you have a good point, i just restarted the server and | i forgot i did not try to connect. Regarding to the wireless network, | no, it's not a wireless netowork it's an UTP network, i'm using radius | with a pppoe server. I've updated the file at | http://alexandrunet.ro/radius_log; and it now has the full log from the | time the user connects. | | Right. Now YOU read it. It's not hard. | | Look for pool. Think about it. Then think about it again. | | Then fix the problem before asking more questions. | | Alan DeKok. | - | List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIfxyAGPhC6XW20oARArfHAKCUegjh8GZ3Exl3XsO5ZJKHacAqygCgm8p0 MMWfcREYJWv0rMU24YGB/Yk= =ekCu -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ippool issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 there is not dhcp running on that server, and there is no dhcprelay. I supposed it's the radius default, i don't know if that makes any sense to you:), anyways i will dig more. Thank you. [EMAIL PROTECTED]:/usr/local/etc/raddb# ps -aux | grep dhcp Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html root 1670 0.0 0.0 2000 632 pts/2R+ 13:18 0:00 grep dhcp [EMAIL PROTECTED]:/usr/local/etc/raddb# Ivan Kalik wrote: | You have not assigned the IP address via radius. It's assigned by the | dhcp server: | | Sending Access-Accept of id 31 to 192.168.1.1 port 40086 | Framed-Protocol := PPP | Framed-IP-Netmask = 255.255.255.255 | Framed-MTU := 1500 | Framed-Compression := Van-Jacobson-TCP-IP | Session-Timeout = 14400 | Idle-Timeout = 600 | Port-Limit = 1 | Service-Type := Framed-User | | *** No IP address in Access-Accept; Pool-Name or Framed-IP-Address were | not set for this user *** | | Finished request 0. | Going to the next request | Waking up in 4.9 seconds. | rad_recv: Accounting-Request packet from host 192.168.1.1 port 34314, | id=32, | length=115 | Acct-Session-Id = 487F15BE052000 | User-Name = gogu | Acct-Status-Type = Start | Service-Type = Framed-User | Framed-Protocol = PPP | Calling-Station-Id = 00:FF:74:D6:85:27 | Acct-Authentic = RADIUS | NAS-Port-Type = Async | Framed-IP-Address = 10.67.15.34 == This came from dhcp | NAS-IP-Address = 127.0.0.1 | NAS-Port = 0 | Acct-Delay-Time = 0 | | Ivan Kalik | Kalik Informatika ISP | | - | List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIfx3kGPhC6XW20oARAu+IAJ0exNuiVsW+FT/2FcUuPJ5dwZdPpgCglifv POa6JfxgjMf+3zWdWFlDcyo= =yUa2 -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ippool issue
[EMAIL PROTECTED] wrote: :) yes that's what it was thank you for your help. I'm sorry you had a bad day my friend. You have tried very hard to make it a bad day. It's incredibly frustrating to help people who fight every attempt to help them. I have no idea why people do that, but it happens a lot. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ippool issue
[EMAIL PROTECTED] wrote: there is not dhcp running on that server, and there is no dhcprelay. I supposed it's the radius default, No. If RADIUS doesn't assign an IP address, then something else you've configured in your network is assigning that IP. It's clear that you have no idea what's going on in your network. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ippool issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 again ty for your help, you don't have to (help) if you don't fell like, and i suggest to keep your bad day to your self and not spread the feeling around. As i said in my original email i'm new at this and i-m learning as i go, i'm sure you have begin here also at one point. Again sry you had a bad day. Paul. Alan DeKok wrote: | [EMAIL PROTECTED] wrote: | there is not dhcp running on that server, and there is no dhcprelay. I | supposed it's the radius default, | | No. | | If RADIUS doesn't assign an IP address, then something else you've | configured in your network is assigning that IP. | | It's clear that you have no idea what's going on in your network. | | Alan DeKok. | - | List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIfycAGPhC6XW20oARAhTtAJ9YPqnq7hO20+UnkgyEWQdXOOVRJACgkUSV S6sNnsvUxBWALQ9M1lwkBF4= =sMrY -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ippool issue
[EMAIL PROTECTED] wrote: As i said in my original email i'm new at this and i-m learning as i go, Once again, you are missing the point. The point is that you were *not* learning. The ALL CAPS discussion was there because nothing else seemed to get through to you. And it did get through to you. You learned, didn't you? You should be having a great day right about now. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP-TLS OK - EAP-PEAP KO!! why that?
Why could EAP-TLS run OK and not EAP-PEAP, giving a message like that:
rlm_eap_peap: Received EAP-TLV response.
below is the entire output.
Thanx for the response!!
---
rad_recv: Access-Request packet from host 10.10.44.246 port 1027, id=99,
length=194
User-Name = maman
NAS-IP-Address = 10.10.44.246
NAS-Port = 1
Called-Station-Id = 00-1C-F0-08-FB-F8:MoJo
Calling-Station-Id = 00-12-F0-0C-97-61
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = CONNECT 54Mbps 802.11g
EAP-Message =
0x020800261900170301001b97054012345511dfddf34251f30af4349bfda0f83797d643a3cea1
State = 0x766398ac716b81afdd1454abb61d46ce
Message-Authenticator = 0xf76a88f5654802fac4faed08e055d5fb
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = maman, looking up realm NULL
rlm_realm: No such realm NULL
++[suffix] returns noop
rlm_eap: EAP packet type response id 8 length 38
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type EAP
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Had sent TLV failure. User was rejected earlier in this
session.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
++[eap] returns invalid
auth: Failed to validate the user.
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} - maman
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 99 to 10.10.44.246 port 1027
EAP-Message = 0x04080004
Message-Authenticator = 0x
Finished request 8.
Going to the next request
Waking up in 4.8 seconds.
Cleaning up request 0 ID 91 with timestamp +139
Cleaning up request 1 ID 92 with timestamp +139
Cleaning up request 2 ID 93 with timestamp +139
Cleaning up request 3 ID 94 with timestamp +139
Cleaning up request 4 ID 95 with timestamp +139
Cleaning up request 5 ID 96 with timestamp +140
Cleaning up request 6 ID 97 with timestamp +140
Cleaning up request 7 ID 98 with timestamp +140
Cleaning up request 8 ID 99 with timestamp +140
Ready to process requests.
_
Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re : silly question of framed IP address
Thanx Alan, it is clearer! But, is there a way to oblige some comp to use a specific IP address using radius attribute?? - Message d'origine De : Alan DeKok [EMAIL PROTECTED] À : FreeRadius users mailing list freeradius-users@lists.freeradius.org Envoyé le : Jeudi, 17 Juillet 2008, 6h21mn 00s Objet : Re: silly question of framed IP address Reveal MAP wrote: I wonder if the attribute 8 (framed Ip address) of RADIUS acts like a dhcp server, giving the IP to the supplicant or just verify/compare if is conform to the Anthentication request ?? The Framed-IP-Address assigns IP addresses for PPP sessions. It does *nothing* for 802.1x sessions. You will need to run a DHCP server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-TLS OK - EAP-PEAP KO!! why that?
rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Had sent TLV failure. User was rejected earlier in this session. Read the *whole* debug output; somewhere further up will be the reason the user was rejected. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_attr_rewrite question
Alan DeKok wrote:
It's trying to do a regex match against the packed (32-bit) IP
address, not against the ASCII string describing the IP address. That
can easily be fixed.
But in any case, you *don't* need to use attr_rewrite for this. Just
put the following into the pre-proxy section, instead of the fixcboss6
line:
Yeah, this is possible too. attr_rewrite left from 1.x version
PS Thanks :)
...
if (proxy:NAS-IP-Address == 172.29.51.24) {
update proxy {
NAS-IP-Address := 172.26.64.100
}
}
...
It's that easy. See man unlang for details.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
With best regards, Evgeniy Kozhuhovskiy,
Leader of Services team,
Minsk State Phony Network, RUE Beltelecom.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re : silly question of framed IP address
But, is there a way to oblige some comp to use a specific IP address using radius attribute?? I refer the Honourable Member to the answer given before. :) The Framed-IP-Address assigns IP addresses for PPP sessions. It does *nothing* for 802.1x sessions. The fact you don't like the answer doesn't change a thing. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Keeping a set amount of detail logs
[EMAIL PROTECTED] wrote: I've enabled detail auth_log and detail reply_log (it'd be great if there was a way to tie auths and replies together from the different log files somehow) and FreeRadius is creating new logs each day. I'm assuming that I'll need to take care of removing old logs on my own? Otherwise I'll be filling my disk up pretty quickly. Yes. See logrotate, or any one of many log rotation tools. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re : EAP-TLS OK - EAP-PEAP KO!! why that?
well...
i am not sure, but it might be: the fact that peap needs user/password and i
just sent username...
or that realm is null...
i read the entire output and am still no sure. anyway, i'll check it as soon as
i will be in front of the machine again!
thank you
-
- Message d'origine
De : Reveal MAP [EMAIL PROTECTED]
À : Freeradius Mailing-List freeradius-users@lists.freeradius.org
Envoyé le : Jeudi, 17 Juillet 2008, 12h35mn 15s
Objet : EAP-TLS OK - EAP-PEAP KO!! why that?
Why could EAP-TLS run OK and not EAP-PEAP, giving a message like that:
rlm_eap_peap: Received EAP-TLV response.
below is the entire output.
Thanx for the response!!
---
rad_recv: Access-Request packet from host 10.10.44.246 port 1027, id=99,
length=194
User-Name = maman
NAS-IP-Address = 10.10.44.246
NAS-Port = 1
Called-Station-Id = 00-1C-F0-08-FB-F8:MoJo
Calling-Station-Id = 00-12-F0-0C-97-61
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = CONNECT 54Mbps 802.11g
EAP-Message =
0x020800261900170301001b97054012345511dfddf34251f30af4349bfda0f83797d643a3cea1
State = 0x766398ac716b81afdd1454abb61d46ce
Message-Authenticator = 0xf76a88f5654802fac4faed08e055d5fb
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = maman, looking up realm NULL
rlm_realm: No such realm NULL
++[suffix] returns noop
rlm_eap: EAP packet type response id 8 length 38
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type EAP
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Had sent TLV failure. User was rejected earlier in this
session.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
++[eap] returns invalid
auth: Failed to validate the user.
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} - maman
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 99 to 10.10.44.246 port 1027
EAP-Message = 0x04080004
Message-Authenticator = 0x
Finished request 8.
Going to the next request
Waking up in 4.8 seconds.
Cleaning up request 0 ID 91 with timestamp +139
Cleaning up request 1 ID 92 with timestamp +139
Cleaning up request 2 ID 93 with timestamp +139
Cleaning up request 3 ID 94 with timestamp +139
Cleaning up request 4 ID 95 with timestamp +139
Cleaning up request 5 ID 96 with timestamp +140
Cleaning up request 6 ID 97 with timestamp +140
Cleaning up request 7 ID 98 with timestamp +140
Cleaning up request 8 ID 99 with timestamp +140
Ready to process requests.
Envoyé avec Yahoo! Mail.
Une boite mail plus intelligente.
_
Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re : EAP-TLS OK - EAP-PEAP KO!! why that?
i am not sure, but it might be: the fact that peap needs user/password and i just sent username... No. Password is in the EAP-Message. or that realm is null... Not very likely to be a problem. i read the entire output and am still no sure. anyway, i'll check it as soon as i will be in front of the machine again! Post the whole debug so people who do understand it better than you can help you find the problem. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Solaris 10 - Zone Compiling FreeRadius 2.04
thekat wrote: rlm_sql_oracle is not compiling The configure scripts are just for ease of use. They solve common problems. It *is* possible to edit the Makefiles directly. Just go to the rlm_sql_oracle/Makefile, and edit it so that the module builds. You will have to define TARGET = rlm_sql_oracle, and then edit the clfags libs to point to the Oracle directories. Alan DeKok. - FreeRadius 2.05 I have been away and came back to this . I did get the configure to run. ./configure \ --prefix=/usr/local/freeradius \ --with-openssl=yes \ --with-openssl-dir=/usr/local/ssl \ --with-openssl-includes=/usr/local/ssl/include \ --with-openssl-libraries=/usr/local/ssl/lib \ --with-oracle-lib-dir=/u007/app/oracle/product/10.2.0/client_1/lib \ --with-oracle-home-dir=/u007/app/oracle/product/10.2.0/client_1/rdbms/public (Regarding oracle, I have both the client and the database installed, using the client or the database for the dependencies result in the same output) WARNINGS configure: WARNING: pcap library not found, silently disabling the RADIUS sniffer. config.status: WARNING: ./Make.inc.in seems to ignore the --datarootdir setting config.status: WARNING: ./src/include/build-radpaths-h.in seems to ignore the --datarootdir setting chmod: WARNING: can't access check-radiusd-config configure: WARNING: silently not building rlm_eap_ikev2. configure: WARNING: FAILURE: rlm_eap_ikev2 requires: libeap-ikev2 EAPIKEv2/connector.h. configure: WARNING: the TNCS library isn't found! configure: WARNING: silently not building rlm_eap_tnc. configure: WARNING: FAILURE: rlm_eap_tnc requires: -lTNCS. configure: WARNING: neither krb5 'k5crypto' nor 'crypto' libraries are found! configure: WARNING: the comm_err library isn't found! configure: WARNING: silently not building rlm_krb5. configure: WARNING: FAILURE: rlm_krb5 requires: krb5.h. configure: WARNING: silently not building rlm_ldap. configure: WARNING: FAILURE: rlm_ldap requires: libldap_r. configure: WARNING: openssl/des.h: accepted by the compiler, rejected by the preprocessor! configure: WARNING: openssl/des.h: proceeding with the compiler's result configure: WARNING: openssl/hmac.h: accepted by the compiler, rejected by the preprocessor! configure: WARNING: openssl/hmac.h: proceeding with the compiler's result configure: WARNING: openssl/md4.h: accepted by the compiler, rejected by the preprocessor! configure: WARNING: openssl/md4.h: proceeding with the compiler's result configure: WARNING: openssl/md5.h: accepted by the compiler, rejected by the preprocessor! configure: WARNING: openssl/md5.h: proceeding with the compiler's result configure: WARNING: openssl/sha.h: accepted by the compiler, rejected by the preprocessor! configure: WARNING: openssl/sha.h: proceeding with the compiler's result configure: WARNING: silently not building rlm_perl. configure: WARNING: FAILURE: rlm_perl requires: EXTERN.h perl.h libperl.so. configure: WARNING: silently not building rlm_python. configure: WARNING: FAILURE: rlm_python requires: Python.h libpython2.3. configure: WARNING: silently not building rlm_sql_iodbc. configure: WARNING: FAILURE: rlm_sql_iodbc requires: libiodbc isql.h. configure: WARNING: silently not building rlm_sql_unixodbc. configure: WARNING: FAILURE: rlm_sql_unixodbc requires: libodbc sql.h. the rlm_sql_oracle does configure. I get this error (at the end) when running: # make all gcc -g -O2 -D_LIBRADIUS -I/export/packages/freeradius-server-2.0.5/src -c dhcp.c -o dhcp.o /dev/null 21 /export/packages/freeradius-server-2.0.5/libtool --mode=link gcc -release 2.0.5 \ -export-dynamic -o libfreeradius-radius.la -rpath /usr/local/freeradius/lib dict.lo filters.lo hash.lo hmac.lo hmacsha1.lo isaac.lo log.lo misc.lo missing.lo md4.lo md5.lo print.lo radius.lo rbtree.lo sha1.lo snprintf.lo strlcat.lo strlcpy.lo token.lo udpfromto.lo valuepair.lo fifo.lo packet.lo event.lo getaddrinfo.lo vqp.lo heap.lo dhcp.lo gcc -shared -Wl,-h -Wl,libfreeradius-radius-2.0.5.so -o .libs/ libfreeradius-radius-2.0.5.so .libs/dict.o .libs/filters.o .libs/hash.o .libs/hmac.o .libs/hmacsha1.o .libs/isaac.o .libs/log.o .libs/misc.o .libs/missing.o .libs/md4.o .libs/md5.o .libs/print.o .libs/radius.o .libs/rbtree.o .libs/sha1.o .libs/snprintf.o .libs/strlcat.o .libs/strlcpy.o .libs/token.o .libs/udpfromto.o .libs/valuepair.o .libs/fifo.o .libs/packet.o .libs/event.o .libs/getaddrinfo.o .libs/vqp.o .libs/heap.o .libs/dhcp.o -lc (cd .libs rm -f libfreeradius-radius.so ln -s libfreeradius-radius-2.0.5.so libfreeradius-radius.so) false cru .libs/libfreeradius-radius.a dict.o filters.o hash.o hmac.o hmacsha1.o isaac.o log.o misc.o missing.o md4.o md5.o print.o radius.o rbtree.o sha1.o snprintf.o strlcat.o strlcpy.o token.o udpfromto.o valuepair.o fifo.o packet.o event.o getaddrinfo.o vqp.o heap.o dhcp.o gmake[4]: *** [libfreeradius-radius.la] Error 1 gmake[4]: Leaving directory `/export/packages/freeradius-server-2.0.5/src/lib' gmake[3]: *** [common] Error 2 gmake[3]:
Re: Keeping a set amount of detail logs
On Thu, Jul 17, 2008 at 7:49 AM, Alan DeKok [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: I've enabled detail auth_log and detail reply_log (it'd be great if there was a way to tie auths and replies together from the different log files somehow) and FreeRadius is creating new logs each day. I'm assuming that I'll need to take care of removing old logs on my own? Otherwise I'll be filling my disk up pretty quickly. Yes. See logrotate, or any one of many log rotation tools. Right, I'm familiar with logrotate. The problem is that FreeRadius is rotating the logs already and I don't know of a way to get logrotate to just keep track of a set number of logfiles that it doesn't rotate itself. ie., keep 10 logfiles only - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_eap: SSL error error:0906D06C:PEM routines:PEM_read_bio:no start line
Hi , I'm facing the above said problem can any one please give me the solution. [EMAIL PROTECTED] sbin]# ./radiusd -xX Thu Jul 17 18:04:42 2008 : Info: FreeRADIUS Version 2.0.5, for host i686-pc-linux-gnu, built on Jul 7 2008 at 17:33:14 Thu Jul 17 18:04:42 2008 : Info: Copyright (C) 1999-2008 The FreeRADIUS server project and contributors. Thu Jul 17 18:04:42 2008 : Info: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A Thu Jul 17 18:04:42 2008 : Info: PARTICULAR PURPOSE. Thu Jul 17 18:04:42 2008 : Info: You may redistribute copies of FreeRADIUS under the terms of the Thu Jul 17 18:04:42 2008 : Info: GNU General Public License v2. Thu Jul 17 18:04:42 2008 : Info: Starting - reading configuration files ... Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/radiusd.conf Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/proxy.conf Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/clients.conf Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/snmp.conf Thu Jul 17 18:04:42 2008 : Debug: including files in directory /usr/local/etc/raddb/modules/ Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/modules/counter Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/modules/always Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/modules/etc_group Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/modules/sql_log Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/modules/ldap Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/modules/ippool Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/modules/acct_unique Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/modules/pam Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/modules/attr_rewrite Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/modules/echo Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/modules/expr Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/modules/realm Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/modules/smbpasswd Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/modules/expiration Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/modules/mac2ip Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/modules/policy Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/modules/chap Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/modules/unix Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/modules/krb5 Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/modules/detail.log Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/modules/checkval Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/modules/exec Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/modules/detail Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/modules/passwd Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/modules/radutmp Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/modules/preprocess Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/modules/attr_filter Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/modules/sradutmp Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/modules/mschap Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/modules/logintime Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/modules/mac2vlan Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/modules/pap Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/modules/files Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/modules/digest Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/eap.conf Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/sql.conf Thu Jul 17 18:04:42 2008 : Debug: including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf Thu Jul 17 18:04:42 2008 : Debug: including configuration file
Re: Keeping a set amount of detail logs
Matt Alexander wrote: Right, I'm familiar with logrotate. The problem is that FreeRadius is rotating the logs already No, you said that the server is creating new logs every day. That means the detail filename has a date in it. (%Y, %m, etc.) If you don't want it to create a new file every day, then configure the filename to have a name that doesn't include the date. and I don't know of a way to get logrotate to just keep track of a set number of logfiles that it doesn't rotate itself. ie., keep 10 logfiles only $ ls -c | tail -n +11 Will sort files in the directory by creation time, and then chop off the first 10. What's left is the oldest ones, that you can deleted. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Solaris 10 - Zone Compiling FreeRadius 2.04
thekat wrote: I have been away and came back to this . I did get the configure to run. ... WARNINGS PLEASE ignore the warnings. They're not relevant. There is NO NEED to post them to the list. the rlm_sql_oracle does configure. So that works, at least. I get this error (at the end) when running: # make all ... false cru .libs/libfreeradius-radius.a dict.o filters.o hash.o hmac.o It looks like you don't have a dynamic linker on your system. i.e. false is NOT a valid linker. Ensure that your system has the tools that allow it to compile programs. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
