Jradius FreeRadius problem!
I installed FreeRadius on the Windows machine. I started JRadius as well. I started the client. The JRadius sends back to the FreeRadius the access accept packet, but Free Radius always sends to the client the Access Reject packet. Only the Reply-Message is read correctly from the returned packet. What is the reason for such an error. Down is the log trace. With the red color, the access accept packet is marked. I hope that somebody will help me solving this issue. rad_recv: Access-Request packet from host 127.0.0.1:1376, id=1, length=108 User-Name = testuser User-Password = testpw NAS-Port-Type = Wireless-802.11 NAS-Port = 1 NAS-IP-Address = 127.0.0.1 X-Ascend-Send-Passwd = \000\000\000\001 Calling-Station-Id = 0982331361 Service-Type = Login-User Message-Authenticator = 0x58c175d66fd2fd81043794526cc39783 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9 rlm_jradius: Trying to (re)connect unconnected handle 5 rlm_jradius: Reserving JRadius socket id: 5 rlm_jradius: got socket 5 after skipping 0 unconnected handles, tried to reconne ct 1 though rlm_jradius: packing attribute User-Name (type: 1; len: 8) rlm_jradius: packing attribute User-Password (type: 2; len: 6) rlm_jradius: packing attribute NAS-Port-Type (type: 61; len: 4) rlm_jradius: packing attribute NAS-Port (type: 5; len: 4) rlm_jradius: packing attribute NAS-IP-Address (type: 4; len: 4) rlm_jradius: packing attribute X-Ascend-Send-Passwd (type: 232; len: 4) rlm_jradius: packing attribute Calling-Station-Id (type: 31; len: 10) rlm_jradius: packing attribute Service-Type (type: 6; len: 4) rlm_jradius: packing attribute Message-Authenticator (type: 80; len: 16) rlm_jradius: packing packet with code: 1 (attr length: 168) rlm_jradius: packing packet with code: 0 (attr length: 0) rlm_jradius: sending 197 bytes to socket 5 rlm_jradius: return code 8; receiving 2 packets rlm_jradius: reading packet: code=1 len=168 rlm_jradius: reading attribute: type=1; len=8 rlm_jradius: reading attribute: type=2; len=6 rlm_jradius: reading attribute: type=61; len=4 rlm_jradius: reading attribute: type=5; len=4 rlm_jradius: reading attribute: type=4; len=4 rlm_jradius: reading attribute: type=232; len=4 rlm_jradius: reading attribute: type=31; len=10 rlm_jradius: reading attribute: type=6; len=4 rlm_jradius: reading attribute: type=80; len=16 rlm_jradius: reading packet: code=0 len=0 rlm_jradius: reading request: config_item: len=57 rlm_jradius: reading attribute: type=1259012098; len=32 rlm_jradius: reading attribute: type=1259012097; len=1 rlm_jradius: Released JRadius socket id: 5 modcall[authorize]: module jradius returns updated for request 9 modcall: leaving group authorize (returns updated) for request 9 auth: No authenticate method (Auth-Type) configuration found for the request: Re jecting the user auth: Failed to validate the user. Login incorrect: [testuser/testpw] (from client localhost port 1 cli 0982331361) Found Post-Auth-Type Processing the post-auth section of radiusd.conf modcall: entering group REJECT for request 9 rlm_jradius: Trying to (re)connect unconnected handle 4 rlm_jradius: Reserving JRadius socket id: 4 rlm_jradius: got socket 4 after skipping 0 unconnected handles, tried to reconne ct 1 though rlm_jradius: packing attribute User-Name (type: 1; len: 8) rlm_jradius: packing attribute User-Password (type: 2; len: 6) rlm_jradius: packing attribute NAS-Port-Type (type: 61; len: 4) rlm_jradius: packing attribute NAS-Port (type: 5; len: 4) rlm_jradius: packing attribute NAS-IP-Address (type: 4; len: 4) rlm_jradius: packing attribute X-Ascend-Send-Passwd (type: 232; len: 4) rlm_jradius: packing attribute Calling-Station-Id (type: 31; len: 10) rlm_jradius: packing attribute Service-Type (type: 6; len: 4) rlm_jradius: packing attribute Message-Authenticator (type: 80; len: 16) rlm_jradius: packing packet with code: 1 (attr length: 168) rlm_jradius: packing packet with code: 3 (attr length: 0) rlm_jradius: packing attribute JRadius-Session-Id (type: 1259012098; len: 32) rlm_jradius: packing attribute JRadius-Request-Id (type: 1259012097; len: 1) rlm_jradius: packing attribute Post-Auth-Type (type: 1014; len: 4) rlm_jradius: sending 270 bytes to socket 4 rlm_jradius: return code 8; receiving 2 packets rlm_jradius: reading packet: code=1 len=168 rlm_jradius: reading attribute: type=1; len=8 rlm_jradius: reading attribute: type=2; len=6 rlm_jradius: reading attribute: type=61; len=4 rlm_jradius: reading attribute: type=5; len=4 rlm_jradius: reading attribute: type=4; len=4 rlm_jradius: reading attribute: type=232; len=4 rlm_jradius: reading attribute: type=31; len=10 rlm_jradius: reading attribute: type=6; len=4 rlm_jradius: reading attribute: type=80; len=16 rlm_jradius: reading packet: code=2 len=154 rlm_jradius: reading attribute: type=18; len=8 rlm_jradius: reading attribute: type=1000; len=4 rlm_jradius: reading
Re: Jradius FreeRadius problem!
attribute: type=1; len=8 rlm_jradius: reading attribute: type=2; len=6 rlm_jradius: reading attribute: type=61; len=4 rlm_jradius: reading attribute: type=5; len=4 rlm_jradius: reading attribute: type=4; len=4 rlm_jradius: reading attribute: type=232; len=4 rlm_jradius: reading attribute: type=31; len=10 rlm_jradius: reading attribute: type=6; len=4 rlm_jradius: reading attribute: type=80; len=16 rlm_jradius: reading packet: code=2 len=154 rlm_jradius: reading attribute: type=18; len=8 rlm_jradius: reading attribute: type=1000; len=4 rlm_jradius: reading attribute: type=1; len=8 rlm_jradius: reading attribute: type=2; len=6 rlm_jradius: reading attribute: type=6; len=4 rlm_jradius: reading attribute: type=7; len=4 rlm_jradius: reading attribute: type=8; len=4 rlm_jradius: reading attribute: type=13; len=4 rlm_jradius: reading attribute: type=12; len=4 rlm_jradius: reading request: config_item: len=73 rlm_jradius: reading attribute: type=1259012098; len=32 rlm_jradius: reading attribute: type=1259012097; len=1 rlm_jradius: reading attribute: type=1014; len=4 rlm_jradius: Released JRadius socket id: 4 modcall[post-auth]: module jradius returns updated for request 9 modcall: leaving group REJECT (returns updated) for request 9 Sending Access-Reject of id 1 to 127.0.0.1 port 1376 Reply-Message := Accepted Finished request 9 -- next part -- An HTML attachment was scrubbed... URL: https://lists.freeradius.org/pipermail/freeradius-users/attachments/20080925/b4a00053/attachment.html -- next part -- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3406 bytes Desc: not available Url : https://lists.freeradius.org/pipermail/freeradius-users/attachments/20080925/b4a00053/attachment.bin -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html End of Freeradius-Users Digest, Vol 41, Issue 113 * - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_unix cannot find users (2.1.0)
Martin Pauly wrote: I have a large set of users handled by LDAP, and a small group (admins with only a few logins) that I used to handle by setting up a bunch of local unix accounts and doing Auth-Type := System. So my users file looks like Auth-Type := System has been deprecated in 2.x. It's not needed. Just list unix in the authorize section, and the server will figure it out. In sites-available/default, I have 'unix' in both the authorize and authenticate section. The debug output upon a request reads: ... ++[unix] returns notfound OK... [ the whole thing is sent to LDAP for authorization now which succeeds, but could perhaps be avoided anyway] ? What do you mean by that? So to me it looks like rlm_unix can't find me :-( The module just calls the system API's to get the passwd file entry for the user. If the system returns notfound, so does the module. I've read about rlm_passwd, but I don't need any caching or the like. Oh, and user freerad is in group shadow. But as I understand it, this is no longer relevant for my case since rlm_unix uses getpwent which is supposed to handle access to /etc/shadow, right? No. getpwent still depends on the calling application having permission to read /etc/shadow. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Jradius FreeRadius problem!
I put the next line im jradius module:
# configure the rlm_jradius module
jradius {
name = example # The Requester name (a
single
# JRadius server can have
# multiple applications)
primary = localhost # Uses default port 1814
secondary = localhost # Fail-over server
tertiary = localhost # Fail-over server on port
8002
timeout = 1 # Connect Timeout
onfail= NOOP # What to do if no JRadius
# Server is found. Options are:
# FAIL (default), OK, REJECT, NOOP
keepalive = yes # Keep connections to JRadius
pooled
connections = 8 # Number of pooled JRadius
connections
allow_codechange = yes
}
But still the same problem appears.
Sincerelly,
Žagar Jelena
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of wlanmac
Sent: Thursday, September 25, 2008 8:16 AM
To: freeradius-users@lists.freeradius.org
Subject: Re: Jradius FreeRadius problem!
If you are trying to change an AccessReject into an AccessAccept in the
post-auth section, then you must have the following option configured for
the rlm_jradius module:
jradius {
...
allow_codechange = yes
}
David
Date: Thu, 25 Sep 2008 07:58:56 +0200
From: Jelena ?agar [EMAIL PROTECTED]
Subject: Jradius FreeRadius problem!
To: freeradius-users@lists.freeradius.org
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain; charset=iso-8859-2
I installed FreeRadius on the Windows machine. I started JRadius as
well. I started the client. The JRadius sends back to the FreeRadius
the access accept packet, but Free Radius always sends to the client
the Access Reject packet. Only the Reply-Message is read correctly from
the returned packet.
What is the reason for such an error. Down is the log trace. With the
red color, the access accept packet is marked.
I hope that somebody will help me solving this issue.
rad_recv: Access-Request packet from host 127.0.0.1:1376, id=1, length=108
User-Name = testuser
User-Password = testpw
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
NAS-IP-Address = 127.0.0.1
X-Ascend-Send-Passwd = \000\000\000\001
Calling-Station-Id = 0982331361
Service-Type = Login-User
Message-Authenticator = 0x58c175d66fd2fd81043794526cc39783
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
rlm_jradius: Trying to (re)connect unconnected handle 5
rlm_jradius: Reserving JRadius socket id: 5
rlm_jradius: got socket 5 after skipping 0 unconnected handles, tried
to reconne ct 1 though
rlm_jradius: packing attribute User-Name (type: 1; len: 8)
rlm_jradius: packing attribute User-Password (type: 2; len: 6)
rlm_jradius: packing attribute NAS-Port-Type (type: 61; len: 4)
rlm_jradius: packing attribute NAS-Port (type: 5; len: 4)
rlm_jradius: packing attribute NAS-IP-Address (type: 4; len: 4)
rlm_jradius: packing attribute X-Ascend-Send-Passwd (type: 232; len:
4)
rlm_jradius: packing attribute Calling-Station-Id (type: 31; len: 10)
rlm_jradius: packing attribute Service-Type (type: 6; len: 4)
rlm_jradius: packing attribute Message-Authenticator (type: 80; len:
16)
rlm_jradius: packing packet with code: 1 (attr length: 168)
rlm_jradius: packing packet with code: 0 (attr length: 0)
rlm_jradius: sending 197 bytes to socket 5
rlm_jradius: return code 8; receiving 2 packets
rlm_jradius: reading packet: code=1 len=168
rlm_jradius: reading attribute: type=1; len=8
rlm_jradius: reading attribute: type=2; len=6
rlm_jradius: reading attribute: type=61; len=4
rlm_jradius: reading attribute: type=5; len=4
rlm_jradius: reading attribute: type=4; len=4
rlm_jradius: reading attribute: type=232; len=4
rlm_jradius: reading attribute: type=31; len=10
rlm_jradius: reading attribute: type=6; len=4
rlm_jradius: reading attribute: type=80; len=16
rlm_jradius: reading packet: code=0 len=0
rlm_jradius: reading request: config_item: len=57
rlm_jradius: reading attribute: type=1259012098; len=32
rlm_jradius: reading attribute: type=1259012097; len=1
rlm_jradius: Released JRadius socket id: 5
modcall[authorize]: module jradius returns updated for request 9
modcall: leaving group authorize (returns updated) for request 9
auth: No authenticate method (Auth-Type) configuration found for the
request: Re
jecting the user
auth: Failed to validate the user.
Login incorrect: [testuser/testpw] (from client localhost port 1 cli
0982331361)
Found Post-Auth-Type
Processing the post-auth section of radiusd.conf
modcall: entering group REJECT for request 9
Re: ippool management and cluster
Alexandre Chapellon wrote: Is it possible to use the same sqlippool database for different freeradius servers that belong to a cluster? Yes. Just create an SQL cluster, and point the servers at the cluster. Is there drawback, doing this? It will be slower, and database replication may not happen quickly. Is there any chance to acheive consistante ip allocation in a cluster of several freeradius using non sql ippool module? The servers will have to communicate with each other before handing out IP addresses. Or, split up the IP pool ranges so that each server has their own range that they prefer. i.e. server 1 allocates from pool 1, and then pool 2 if pool 1 is full. Server 2 allocates from pool 2, and then pool 1 if pool 2 is full. There are other, more complicated ways of doing the same thing. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Jradius con file!
I add the allow_codechange in jradius module in radiusd.conf file as you can
see:
# configure the rlm_jradius module
jradius {
name = example # The Requester name (a single
# JRadius server can have
# multiple applications)
primary = localhost # Uses default port 1814
secondary = localhost # Fail-over server
tertiary = localhost# Fail-over server on port 8002
timeout = 1 # Connect Timeout
onfail= NOOP # What to do if no JRadius
# Server is found. Options are:
# FAIL (default), OK, REJECT, NOOP
keepalive = yes # Keep connections to JRadius
pooled
connections = 8 # Number of pooled JRadius
connections
allow_codechange = yes
}
But, when I started FreeRAdius on the console output, you can see that the
allow_codechange is not read at all:
Module: Library search path is ../lib
Module: Loaded jradius
jradius: name = example
jradius: primary = localhost
jradius: secondary = localhost
jradius: tertiary = localhost
jradius: timeout = 1
jradius: onfail = NOOP
jradius: keepalive = yes
jradius: connections = 8
It seems that these parameters are not read at all because if I delete them
all, I get the same output.
From where these parameters are read from?
Sincerely,
Žagar Jelena
smime.p7s
Description: S/MIME cryptographic signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
2.1.1 has been released
Version 2.1.1 has been put on the web ftp sites. The focus of this release is stability. That being said, radmin has a whole raft of new features. It's approaching a complete administration interface for the server. We've also added more WiMAX support. It has been tested to be inter-operable with equipment from a number of WiMAX vendors. Thanks to the (un-named) sponsors for helping with this work. Feature improvements * Many more options and features in radmin. See man radmin and raddb/sites-available/control-socket * Many more commands available via the control socket. Connect via radmin, and type help for more information. * Added dictionary.networkphysics and dictionary.lancom. * Calculate WiMAX MIP keys, and added sample WiMAX SQL tables. Bug fixes * Fixed bug that made radmin not work * Fixed Suse Debian package scripts * Fixed issues with dynamic clients * Fixed configure checks for -lreadline * rlm_sqlippool no longer needs to be linked to rlm_sql. * Add statistics for detail file listeners. This closes bug #593. * Fixed printing of some WiMAX attributes. * Fix double free on exit() in rlm_attr_filter * Fixed build issues on Solaris. * Fixed fast session resumption for EAP-TLS - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: make certificate with make is only 1 month valid
A workaround for the Makefile would be to add: CA_DEF_DAYS = `grep default_days ca.cnf | sed 's/.*=//;s/^ *//' to the Makefile and change line 55: ca.key ca.pem: ca.cnf openssl req -new -x509 -keyout ca.key -out ca.pem -days $(CA_DEF_DAYS) -config ./ca.cnf This has worked for me. I've set default_days to 3650 and tested the Makefile: openssl x509 -in ca.pem -noout -dates notBefore=Sep 21 10:11:53 2008 GMT notAfter=Sep 19 10:11:53 2018 GMT -- View this message in context: http://www.nabble.com/make-certificate-with-make-is-only-1-month-valid-tp19607549p19666745.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Jradius FreeRadius problem!
I installed FreeRadius on the Windows machine. Is freeradius.net up again? This looks like 1.1.x debug of seriously edited radiusd.conf. I would try adding jradius to the default configuration without deleting everything else. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.1.1 has been released
Hello, I downloaded the 2.1.1 just released and after few (name) changes to the package, I tried to produce the corresponding rpm on a system running Red Hat Enterprise Linux Server v., but the compilation stopped with the following lines. Thanks for any help Regards Dario /usr/bin/libtool --mode=link gcc -o radmin radmin.lo /usr/lib/libreadline.so /usr/lib64/libtermcap.so /usr/src/redhat/BUILD/freeradius-2.1.1/src/lib/libfreeradius-radius.la util.lo log.lo conffile.lo -lnsl -lresolv -lpthread -lreadline -ltermcap gcc -o .libs/radmin .libs/radmin.o /usr/lib/libreadline.so /usr/lib64/libtermcap.so .libs/util.o .libs/log.o .libs/conffile.o /usr/src/redhat/BUILD/freeradius-2.1.1/src/lib/.libs/libfreeradius-radius.so -lnsl -lresolv -lpthread -lreadline -ltermcap /usr/lib/libreadline.so: could not read symbols: File in wrong format collect2: ld returned 1 exit status gmake[4]: *** [radmin] Error 1 gmake[4]: Leaving directory `/usr/src/redhat/BUILD/freeradius-2.1.1/src/main' gmake[3]: *** [common] Error 2 gmake[3]: Leaving directory `/usr/src/redhat/BUILD/freeradius-2.1.1/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/usr/src/redhat/BUILD/freeradius-2.1.1/src' gmake[1]: *** [common] Error 2 gmake[1]: Leaving directory `/usr/src/redhat/BUILD/freeradius-2.1.1' make: *** [all] Error 2 error: Bad exit status from /var/tmp/rpm-tmp.40856 (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.40856 (%build) On Thursday 25 September 2008 11:05:02 Alan DeKok wrote: Version 2.1.1 has been put on the web ftp sites. The focus of this release is stability. That being said, radmin has a whole raft of new features. It's approaching a complete administration interface for the server. We've also added more WiMAX support. It has been tested to be inter-operable with equipment from a number of WiMAX vendors. Thanks to the (un-named) sponsors for helping with this work. Feature improvements * Many more options and features in radmin. See man radmin and raddb/sites-available/control-socket * Many more commands available via the control socket. Connect via radmin, and type help for more information. * Added dictionary.networkphysics and dictionary.lancom. * Calculate WiMAX MIP keys, and added sample WiMAX SQL tables. Bug fixes * Fixed bug that made radmin not work * Fixed Suse Debian package scripts * Fixed issues with dynamic clients * Fixed configure checks for -lreadline * rlm_sqlippool no longer needs to be linked to rlm_sql. * Add statistics for detail file listeners. This closes bug #593. * Fixed printing of some WiMAX attributes. * Fix double free on exit() in rlm_attr_filter * Fixed build issues on Solaris. * Fixed fast session resumption for EAP-TLS - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- __ Dario Palmisano ICGEB Computer System Network Administrator Tel: +39 040 3757330 Fax: +39 040 226555 E-Mail: [EMAIL PROTECTED] International Centre for Genetic Engineering and Biotechnology Area Science Park, Padriciano 99, I-34012 Trieste, ITALY __ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.1.1 has been released
Dario Palmisano wrote: I downloaded the 2.1.1 just released and after few (name) changes to the package, I tried to produce the corresponding rpm on a system running Red Hat Enterprise Linux Server v., but the compilation stopped with the following lines. You're building it on a system that has *both* 32-bit and 64-bit libraries. You will need to find out how to make your system link to the appropriate libraries. Or, just delete the references to readline from Make.inc src/include/autoconf.h. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Jradius con file!
It's not very likely that allow_codechange was supported in that
freeradius version then. If you change number of connections - that does
change?
Ivan Kalik
Kalik Informatika ISP
Dana 25/9/2008, Jelena Žagar [EMAIL PROTECTED] piše:
I add the allow_codechange in jradius module in radiusd.conf file as you can
see:
# configure the rlm_jradius module
jradius {
name = example # The Requester name (a single
# JRadius server can have
# multiple applications)
primary = localhost # Uses default port 1814
secondary = localhost # Fail-over server
tertiary = localhost# Fail-over server on port 8002
timeout = 1 # Connect Timeout
onfail= NOOP # What to do if no JRadius
# Server is found. Options are:
# FAIL (default), OK, REJECT, NOOP
keepalive = yes # Keep connections to JRadius
pooled
connections = 8 # Number of pooled JRadius
connections
allow_codechange = yes
}
But, when I started FreeRAdius on the console output, you can see that the
allow_codechange is not read at all:
Module: Library search path is ../lib
Module: Loaded jradius
jradius: name = example
jradius: primary = localhost
jradius: secondary = localhost
jradius: tertiary = localhost
jradius: timeout = 1
jradius: onfail = NOOP
jradius: keepalive = yes
jradius: connections = 8
It seems that these parameters are not read at all because if I delete them
all, I get the same output.
From where these parameters are read from?
Sincerely,
Žagar Jelena
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Jradius con file!
Yes, all parameters except allow_codechange and allow_idchange are
recognised.
What to do?
Sincerelly,
Žagar Jelena
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, September 25, 2008 1:59 PM
To: FreeRadius users mailing list
Subject: Re: Jradius con file!
It's not very likely that allow_codechange was supported in that freeradius
version then. If you change number of connections - that does change?
Ivan Kalik
Kalik Informatika ISP
Dana 25/9/2008, Jelena Žagar [EMAIL PROTECTED] piše:
I add the allow_codechange in jradius module in radiusd.conf file as
you can
see:
# configure the rlm_jradius module
jradius {
name = example # The Requester name (a single
# JRadius server can have
# multiple applications)
primary = localhost # Uses default port 1814
secondary = localhost # Fail-over server
tertiary = localhost# Fail-over server on port 8002
timeout = 1 # Connect Timeout
onfail= NOOP # What to do if no JRadius
# Server is found. Options are:
# FAIL (default), OK, REJECT,
NOOP
keepalive = yes # Keep connections to JRadius
pooled
connections = 8 # Number of pooled JRadius
connections
allow_codechange = yes
}
But, when I started FreeRAdius on the console output, you can see that
the allow_codechange is not read at all:
Module: Library search path is ../lib
Module: Loaded jradius
jradius: name = example
jradius: primary = localhost
jradius: secondary = localhost
jradius: tertiary = localhost
jradius: timeout = 1
jradius: onfail = NOOP
jradius: keepalive = yes
jradius: connections = 8
It seems that these parameters are not read at all because if I delete
them all, I get the same output.
From where these parameters are read from?
Sincerely,
Žagar Jelena
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
smime.p7s
Description: S/MIME cryptographic signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Suse 10.3 build problem with 2.1.1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Building Suse rpms on 10.3 I get the following error: rpmbuild -ba freeradius.spec Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.73764 + umask 022 + cd /usr/src/packages/BUILD + cd /usr/src/packages/BUILD + rm -rf freeradius-server-2.1.1 + tar -xf - + /usr/bin/bzip2 -dc /usr/src/packages/SOURCES/freeradius-server-2.1.1.tar.bz2 + STATUS=0 + '[' 0 -ne 0 ']' + cd freeradius-server-2.1.1 ++ /usr/bin/id -u + '[' 0 = 0 ']' + /bin/chown -Rhf root . ++ /usr/bin/id -u + '[' 0 = 0 ']' + /bin/chgrp -Rhf root . + /bin/chmod -Rf a+rX,u+w,g-w,o-w . ++ find . -name CVS + rm -rf + exit 0 Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.28328 + umask 022 + cd /usr/src/packages/BUILD + /bin/rm -rf /var/tmp/freeradius-server-2.1.1-build ++ dirname /var/tmp/freeradius-server-2.1.1-build + /bin/mkdir -p /var/tmp + /bin/mkdir /var/tmp/freeradius-server-2.1.1-build + cd freeradius-server-2.1.1 + export 'CFLAGS=-O2 -g -m32 -march=i586 -mtune=i686 -fmessage-length=0 - -D_FORTIFY_SOURCE=2 -fno-strict-aliasing -DLDAP_DEPRECATED -fPIC -DPIC' + CFLAGS='-O2 -g -m32 -march=i586 -mtune=i686 -fmessage-length=0 - -D_FORTIFY_SOURCE=2 -fno-strict-aliasing -DLDAP_DEPRECATED -fPIC -DPIC' + autoreconf configure.in:1140: warning: AC_CONFIG_SUBDIRS: you should use literals ../../lib/autoconf/status.m4:919: AC_CONFIG_SUBDIRS is expanded from... configure.in:1140: the top level configure.in:1140: warning: AC_CONFIG_SUBDIRS: you should use literals ../../lib/autoconf/status.m4:919: AC_CONFIG_SUBDIRS is expanded from... configure.in:1140: the top level configure.in:1140: warning: AC_CONFIG_SUBDIRS: you should use literals ../../lib/autoconf/status.m4:919: AC_CONFIG_SUBDIRS is expanded from... configure.in:1140: the top level configure.in:547: error: possibly undefined macro: AC_LIB_READLINE If this token and others are legitimate, please use m4_pattern_allow. See the Autoconf documentation. autoreconf: /usr/bin/autoconf failed with exit status: 1 error: Bad exit status from /var/tmp/rpm-tmp.28328 (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.28328 (%build) I have build former version of freeradius on that machine. This error did not occure before. Norbert Wegener -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI24Myh6K5ZY70OM8RArcpAJ9KRBJTQ6VH/A02Zr7/ntHriWQtHwCcC0g8 iMs8brHbOVyu5oCHzP/odb8= =n8jE -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Backtrace found in debug: FreeRadius 2.0.5 version
Yes Alan I have done a big mistake, I have updated to 2.0.6 with the same binaries of 2.0.5. And now again I am getting backtraces. Anow in /etc/raddb dir I have another module radiusd which was not present in 2.0.5.and version file shows 2.0.6 using CVS , I have done source checkout radiusd module . I have not Installed Updated version from git.freeradius.org. How can I able to revert back to my earlier FreeRadius Version 2.0.5 to come out of this backtrace problem ? Please help me in this regard. SYED This is another backtrace I got today. *** glibc detected *** radiusd: double free or corruption (!prev): 0x0817e3e0 *** === Backtrace: = /lib/libc.so.6[0xb7d81961] /lib/libc.so.6(__libc_free+0x84)[0xb7d83404] /usr/local/lib/libfreeradius-radius-2.0.5.so(pairbasicfree+0x3a)[0xb7ed8d6a] /usr/local/lib/libfreeradius-radius-2.0.5.so(pairfree+0x2c)[0xb7ed907c] radiusd[0x8061b73] radiusd(radius_handle_request+0x5b)[0x806249b] radiusd(thread_pool_addrequest+0x3c)[0x805bbec] radiusd[0x8060232] /usr/local/lib/libfreeradius-radius-2.0.5.so (fr_event_loop+0x236)[0xb7edc8c6] radiusd(radius_event_process+0x30)[0x8060b70] radiusd(main+0x5dc)[0x805acac] /lib/libc.so.6(__libc_start_main+0xdc)[0xb7d338ac] radiusd[0x804d221] === Memory map: 08048000-08076000 r-xp 08:06 259362 /usr/local/sbin/radiusd 08076000-08078000 rw-p 0002e000 08:06 259362 /usr/local/sbin/radiusd 08078000-0818b000 rw-p 08078000 00:00 0 [heap] b780-b7821000 rw-p b780 00:00 0 b7821000-b790 ---p b7821000 00:00 0 b7927000-b7931000 r-xp 08:03 340094 /lib/libgcc_s.so.1 b7931000-b7932000 rw-p 9000 08:03 340094 /lib/libgcc_s.so.1 b794c000-b794d000 rw-p b794c000 00:00 0 b794d000-b7982000 r--s 08:05 77490 /var/run/nscd/dbRVYXV9 (deleted) b7982000-b79a4000 r-xp 08:06 893307 /usr/lib/libk5crypto.so.3.0 b79a4000-b79a5000 rw-p 00022000 08:06 893307 /usr/lib/libk5crypto.so.3.0 b79a5000-b79bb000 r-xp 08:06 893303 /usr/lib/libgssapi_krb5.so.2.2 b79bb000-b79bc000 rw-p 00015000 08:06 893303 /usr/lib/libgssapi_krb5.so.2.2 b79bc000-b7a24000 r-xp 08:06 893317 /usr/lib/libkrb5.so.3.2 b7a24000-b7a26000 rw-p 00068000 08:06 893317 /usr/lib/libkrb5.so.3.2 b7a26000-b7a5c000 r-xp 08:06 893641 /usr/lib/libldap-2.3.so.0.2.20 b7a5c000-b7a5d000 rw-p 00036000 08:06 893641 /usr/lib/libldap-2.3.so.0.2.20 b7a5d000-b7a7 r-xp 08:03 340335 /lib/libnss_ldap.so.2 b7a7-b7a71000 rw-p 00012000 08:03 340335 /lib/libnss_ldap.so.2 b7a71000-b7a7c000 rw-p b7a71000 00:00 0 b7a96000-b7ba6000 r-xp 08:06 893546 /usr/lib/libcrypto.so.0.9.8 b7ba6000-b7bba000 rw-p 0010f000 08:06 893546 /usr/lib/libcrypto.so.0.9.8 b7bba000-b7bbe000 rw-p b7bba000 00:00 0 b7bbe000-b7bf7000 r-xp 08:06 893547 /usr/lib/libssl.so.0.9.8 b7bf7000-b7bfb000 rw-p 00038000 08:06 893547 /usr/lib/libssl.so.0.9.8 b7bfb000-b7c1 r-xp 08:06 893294 /usr/lib/libsasl2.so.2.0.21 On Fri, Sep 19, 2008 at 2:39 PM, Alan DeKok [EMAIL PROTECTED]wrote: Syed Anwarul Hasan wrote: I have updated my FreeRadius version 2.0.5 Installed on SLES 10 SP2 through CVS. Huh? Do I need to Install latest version of FreeRadius to be compatible with the CVS update for my current version. Do not mix and match versions. If you install a version from git.freeradius.org, then the binaries will NOT be compatible with 2.0.5. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Jradius con file!
You can build a new version of freeradius under cygwin if you know how
to. Or wait until people from freeradius.net do that for you.
Ivan Kalik
Kalik Informatika ISP
Dana 25/9/2008, Jelena Žagar [EMAIL PROTECTED] piše:
Yes, all parameters except allow_codechange and allow_idchange are
recognised.
What to do?
Sincerelly,
Žagar Jelena
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, September 25, 2008 1:59 PM
To: FreeRadius users mailing list
Subject: Re: Jradius con file!
It's not very likely that allow_codechange was supported in that freeradius
version then. If you change number of connections - that does change?
Ivan Kalik
Kalik Informatika ISP
Dana 25/9/2008, Jelena Žagar [EMAIL PROTECTED] piše:
I add the allow_codechange in jradius module in radiusd.conf file as
you can
see:
# configure the rlm_jradius module
jradius {
name = example # The Requester name (a single
# JRadius server can have
# multiple applications)
primary = localhost # Uses default port 1814
secondary = localhost # Fail-over server
tertiary = localhost# Fail-over server on port 8002
timeout = 1 # Connect Timeout
onfail= NOOP # What to do if no JRadius
# Server is found. Options are:
# FAIL (default), OK, REJECT,
NOOP
keepalive = yes # Keep connections to JRadius
pooled
connections = 8 # Number of pooled JRadius
connections
allow_codechange = yes
}
But, when I started FreeRAdius on the console output, you can see that
the allow_codechange is not read at all:
Module: Library search path is ../lib
Module: Loaded jradius
jradius: name = example
jradius: primary = localhost
jradius: secondary = localhost
jradius: tertiary = localhost
jradius: timeout = 1
jradius: onfail = NOOP
jradius: keepalive = yes
jradius: connections = 8
It seems that these parameters are not read at all because if I delete
them all, I get the same output.
From where these parameters are read from?
Sincerely,
Žagar Jelena
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Suse 10.3 build problem with 2.1.1
Norbert Wegener wrote: Building Suse rpms on 10.3 I get the following error: Err... the spec file is re-building the configure script? Why? + autoreconf ... configure.in:547: error: possibly undefined macro: AC_LIB_READLINE If this token and others are legitimate, please use m4_pattern_allow. See the Autoconf documentation. It's defined in aclocal.m4. Autoconf *should* be picking it up automatically. I have build former version of freeradius on that machine. This error did not occure before. But the autoconf process on suse picks up *other* definitions in aclocal.m4. Why doesn't it pick up this one? Arg. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Backtrace found in debug: FreeRadius 2.0.5 version
Syed Anwarul Hasan wrote: Yes Alan I have done a big mistake, I have updated to 2.0.6 with the same binaries of 2.0.5. And now again I am getting backtraces. Anow in /etc/raddb dir I have another module radiusd which was not present in 2.0.5. and version file shows 2.0.6 There is no version 2.0.6. Try deleting ALL of the various builds you've done, and starting again with 2.1.1. How can I able to revert back to my earlier FreeRadius Version 2.0.5 to come out of this backtrace problem ? Delete all of the builds, including all files that were installed, and start over. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.1.1 has been released
tried to install the 2.1.1 on debian etch changing/without changing the debian/patches/01-radiusd-to-freeradius.dpatch -#user = nobody -#group = nobody to -#user = radius -#group = radius and then fakeroot dpkg-buildpackage -b -uc but still the error occur Error applying patch 01-radiusd-to-freeradius to ./ ... failed. make: *** [patch-stamp] Error 1 2008/9/25 Alan DeKok [EMAIL PROTECTED]: Dario Palmisano wrote: I downloaded the 2.1.1 just released and after few (name) changes to the package, I tried to produce the corresponding rpm on a system running Red Hat Enterprise Linux Server v., but the compilation stopped with the following lines. You're building it on a system that has *both* 32-bit and 64-bit libraries. You will need to find out how to make your system link to the appropriate libraries. Or, just delete the references to readline from Make.inc src/include/autoconf.h. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Backtrace found in debug: FreeRadius 2.0.5 version
Thanks Alan, I will delete all files and Install 2.1.1. SYED On Thu, Sep 25, 2008 at 3:01 PM, Alan DeKok [EMAIL PROTECTED]wrote: Syed Anwarul Hasan wrote: Yes Alan I have done a big mistake, I have updated to 2.0.6 with the same binaries of 2.0.5. And now again I am getting backtraces. Anow in /etc/raddb dir I have another module radiusd which was not present in 2.0.5. and version file shows 2.0.6 There is no version 2.0.6. Try deleting ALL of the various builds you've done, and starting again with 2.1.1. How can I able to revert back to my earlier FreeRadius Version 2.0.5 to come out of this backtrace problem ? Delete all of the builds, including all files that were installed, and start over. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.1.1 has been released
orion wrote: and then fakeroot dpkg-buildpackage -b -uc but still the error occur Then delete the patch. Or, wait for an official debian release. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.1.1 has been released
isnt there a way to fix it ? :) 2008/9/25 Alan DeKok [EMAIL PROTECTED]: orion wrote: and then fakeroot dpkg-buildpackage -b -uc but still the error occur Then delete the patch. Or, wait for an official debian release. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.1.1 has been released
about the official debian release they are far behind ( security , testing proccess ) 2008/9/25 orion [EMAIL PROTECTED]: isnt there a way to fix it ? :) 2008/9/25 Alan DeKok [EMAIL PROTECTED]: orion wrote: and then fakeroot dpkg-buildpackage -b -uc but still the error occur Then delete the patch. Or, wait for an official debian release. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Backtrace found in debug: FreeRadius 2.0.5 version
Hi, How can I able to revert back to my earlier FreeRadius Version 2.0.5 to come out of this backtrace problem ? download 2.0.5 tarball from freeradius.org, extract it, build it, then install it. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.1.1 has been released
orion wrote: isnt there a way to fix it ? :) Find someone who understands debian supply a patch. I run a debian system locally, but I've never managed to create a .deb file for the server. There's always some magic dependency that makes me walk away from it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Suse 10.3 build problem with 2.1.1
Alan DeKok schrieb: Norbert Wegener wrote: Building Suse rpms on 10.3 I get the following error: Err... the spec file is re-building the configure script? Why? + autoreconf okay, after commenting autoreconf out in the specfile everything builds as expected. Thanks Norbert Wegener - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The client does not connect _*_*_*_
Good morning! I am with a new problem, I feel like I'm close. My problem now is that set in a notebook the connection to authenticate with tls but not connecting, I am not showing any error, just does not connect, you run into the radius with -x and is waiting for requests. Why is this wrong? Do you ever step on someone? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The client does not connect _*_*_*_
any firewall ? try with ntradping ( free tool to test radius ) 2008/9/25 Martin Silvero [EMAIL PROTECTED]: Good morning! I am with a new problem, I feel like I'm close. My problem now is that set in a notebook the connection to authenticate with tls but not connecting, I am not showing any error, just does not connect, you run into the radius with -x and is waiting for requests. Why is this wrong? Do you ever step on someone? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The client does not connect _*_*_*_
The firewall is disabled, and probe with the tool NTRadPing and the result in the radius is as follows: Thu Sep 25 12:49:16 2008 : Debug: Ignoring request to authentication address * port 1812 from unknown client 10.0.42.250 port 1083 Thu Sep 25 12:49:16 2008 : Debug: Ready to process requests. Thu Sep 25 12:49:20 2008 : Debug: Ignoring request to authentication address * port 1812 from unknown client 10.0.42.250 port 1083 Thu Sep 25 12:49:20 2008 : Debug: Ready to process requests. Thu Sep 25 12:49:23 2008 : Debug: Ignoring request to authentication address * port 1812 from unknown client 10.0.42.250 port 1083 Thu Sep 25 12:49:23 2008 : Debug: Ready to process requests. Thu Sep 25 12:49:27 2008 : Debug: Ignoring request to authentication address * port 1812 from unknown client 10.0.42.250 port 1083 Thu Sep 25 12:49:27 2008 : Debug: Ready to process requests. Thu Sep 25 12:49:30 2008 : Debug: Ignoring request to authentication address * port 1812 from unknown client 10.0.42.250 port 1083 Thu Sep 25 12:49:30 2008 : Debug: Ready to process requests. Thu Sep 25 12:49:34 2008 : Debug: Ignoring request to authentication address * port 1812 from unknown client 10.0.42.250 port 1083 Thu Sep 25 12:49:34 2008 : Debug: Ready to process requests. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.1.1 has been released
Awesome, can you tell where to find the freeradius-utils-2.1.1? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The client does not connect _*_*_*_
Martin Silvero wrote: Thu Sep 25 12:49:16 2008 : Debug: Ignoring request to authentication address * port 1812 from unknown client 10.0.42.250 Well... did you add that IP as a client in raddb/clients.conf? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.1.1 has been released
Charlie B wrote: Awesome, can you tell where to find the freeradius-utils-2.1.1? What's that? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The client does not connect _*_*_*_
in fact this IP (10.0.42.250) is another network which is connected to the notebook, which I have done now is to disconnect from the network and try to connect to the radius of the outcome this time is that in the radius server does not There is movement and the tool NTRadPing I get: no response from server (time out), new attemp - could not receive a response from the server the IP i add to raddb/clients.conf is the access point client = 10.0.31.40 the IP 10.0.42.250 as other networks but i disconect thanks! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.1.1 has been released
Hi, Charlie B wrote: Awesome, can you tell where to find the freeradius-utils-2.1.1? I'm guessing that the debian folk have split FreeRADIUS up into 3 packages or somesuch - so the utils would contain radtest etc ? in this case, 2.1.1 utils would probably contain radmin. its very sick. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.1.1 has been released
Actually for Fedora/Redhat and yes it would contain radtest and now upgraded to radmin but I'm looking for the package, I looked to build the rpm from freeradius-server-2.1.1.tar.gz but was unable to for the utils, so thought I would ask to see were I could grab them I'm guessing that the debian folk have split FreeRADIUS up into 3 packages or somesuch - so the utils would contain radtest etc ? in this case, 2.1.1 utils would probably contain radmin. its very sick. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ..::Errors initializing modules::..
Hi Alan and list, First of all I want to apologize for that mistake, now everything is working if I use the text file. The thing is that I'm trying to use mysql and according to the web page (http://wiki.freeradius.org/SQL_HOWTO) I should see the sql module loading: Module: Loaded SQL rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 But I can't see that on the radiusd -X output, I've double checked everything with no luck. Even if I'm trying the radtest with a user that is on mysql the radius send a reject packet. I can see on the output that the password doesn't match but I tried with a new one getting the same message, I think that it is not reading mysql because it is not initializing the module right?. Any ideas? This is the first time I use freeradius as you can see, thanks for your time and help. Regards, Alfonso. Message: 2 Date: Wed, 24 Sep 2008 08:32:00 +0200 From: Alan DeKok [EMAIL PROTECTED] Subject: Re: ..::Errors initializing modules::.. To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1 Ing. Alfonso Reyes wrote: I'm having some issues with the configuration of the radius server, I'm getting the following: Error Initializing Modules. The thing is that my radius server has no issues with the configuration (eap.conf), and the instalation was succesful with mysql. I don't know what you mean by that. Attached configuration files and error. Please don't post the configuration files. They don't help. eap.txt correspond to the conf file found on the /etc/raddb/eap.conf Eap2.txt correspond to the conf file found on the /usr/local/etc/raddb/eap.conf Any ideas? Stop trying to use two different installations at the same time. READ the debug output: rlm_eap: SSL error error:02001002:system library:fopen:No such file or directory rlm_eap_tls: Error reading certificate file /usr/local/etc/raddb/certs/cert-srv.pem What is unclear about that message? Alan DeKok. -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.1.1 has been released
Hi, Actually for Fedora/Redhat and yes it would contain radtest and now upgraded to radmin but I'm looking for the package, I looked to build the rpm from freeradius-server-2.1.1.tar.gz but was unable to for the utils, so thought I would ask to see were I could grab them FreeRADIUS has only ever been available direct from its true source as a single tarball. its never been split into small fragments like Debian seem to supply it as. if there is a package descriptor/build for it, you should be able to run that from the sourceball as normal. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.1.1 has been released
i deleted the patch 01 line from the 00 file. but freeradius doesnt starts in normal mode.no errors,no open UDP,TCP port ( netstat -ntlp and netstat -nulp dont show nothing like 1812 ,1813 ) , but in debug mode it`s ok. 2008/9/25 Alan DeKok [EMAIL PROTECTED]: orion wrote: and then fakeroot dpkg-buildpackage -b -uc but still the error occur Then delete the patch. Or, wait for an official debian release. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ..::Errors initializing modules::..
Hi, But I can't see that on the radiusd -X output, I've double checked everything with no luck. Even if I'm trying the radtest with a user that is on mysql the radius send a reject packet. I can see on the output that the password doesn't match but I tried with a new one getting the same message, I think that it is not reading mysql because it is not initializing the module right?. you built the server yourself? check the output from the ./configure stage - it probably didnt build the SQL stuff because eg you didnt have the required MySQL development libraries installed at the time alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.1.1 has been released
Hi, i deleted the patch 01 line from the 00 file. but freeradius doesnt starts in normal mode.no errors,no open UDP,TCP port ( netstat -ntlp and netstat -nulp dont show nothing like 1812 ,1813 ) , but in debug mode it`s ok. its unable to read config files or unable to write to the logfile or write the PID file etc. what does radiusd -x (small x, partial debug) say? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.1.1 has been released
i`ve tried in a test environment with root uid/gid and no probs with read/write conf/log files. so it works ok in debug mode ( tested from another pc with ntradping ) . 2008/9/25 [EMAIL PROTECTED]: Hi, i deleted the patch 01 line from the 00 file. but freeradius doesnt starts in normal mode.no errors,no open UDP,TCP port ( netstat -ntlp and netstat -nulp dont show nothing like 1812 ,1813 ) , but in debug mode it`s ok. its unable to read config files or unable to write to the logfile or write the PID file etc. what does radiusd -x (small x, partial debug) say? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ippool management and cluster
Alan DeKok a écrit : Alexandre Chapellon wrote: Is it possible to use the same sqlippool database for different freeradius servers that belong to a cluster? Yes. Just create an SQL cluster, and point the servers at the cluster. Is there drawback, doing this? It will be slower, and database replication may not happen quickly. Is there any chance to acheive consistante ip allocation in a cluster of several freeradius using non sql ippool module? The servers will have to communicate with each other before handing out IP addresses. Is it a featured in freeradius? How does it work? Or, split up the IP pool ranges so that each server has their own range that they prefer. i.e. server 1 allocates from pool 1, and then pool 2 if pool 1 is full. Server 2 allocates from pool 2, and then pool 1 if pool 2 is full. I thought about it but not managing a huge number of ippool (for different type of users, differents huntgroups, and differents radius servers) would be a great advantage of freeradius among other radius server (I am comapring it with juniper SBR at the moment). There are other, more complicated ways of doing the same thing. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.1.1 has been released
You don't have to delete the debian patch.
Changing the user seems to have been corrected and so it's now
unnecessary, but a new bug appeared in the patch as radiusd.conf
seems to have been modified.
here is a little diff showing what to change in the patch so it works
(well works for me anyway):
--- 01-radiusd-to-freeradius.dpatch2008-09-25 09:23:19.0 -1000
+++ 01-radiusd-to-freeradius.dpatch.new2008-09-25 09:24:00.0
-1000
@@ -35,7 +35,7 @@
-# e.g.: kill -HUP `cat /var/run/radiusd/radiusd.pid`
+# e.g.: kill -HUP `cat /var/run/freeradius/freeradius.pid`
#
--pidfile = ${run_dir}/${name}.pid
+-pidfile = ${run_dir}/radiusd.pid
+pidfile = ${run_dir}/freeradius.pid
orion a écrit :
i`ve tried in a test environment with root uid/gid and no probs with
read/write conf/log files.
so it works ok in debug mode ( tested from another pc with ntradping ) .
2008/9/25 [EMAIL PROTECTED]:
Hi,
i deleted the patch 01 line from the 00 file. but freeradius doesnt
starts in normal mode.no errors,no open UDP,TCP port
( netstat -ntlp and netstat -nulp dont show nothing like 1812 ,1813 )
, but in debug mode it`s ok.
its unable to read config files or unable to write to the
logfile or write the PID file etc. what does
radiusd -x (small x, partial debug) say?
alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.1.1 has been released
Sorry i made a mistake with my patch:
--- 01-radiusd-to-freeradius.dpatch2008-09-24 22:41:26.0 -1000
+++ 01-radiusd-to-freeradius.dpatch.new2008-09-25 09:41:05.0
-1000
@@ -35,7 +35,7 @@
-# e.g.: kill -HUP `cat /var/run/radiusd/radiusd.pid`
+# e.g.: kill -HUP `cat /var/run/freeradius/freeradius.pid`
#
--pidfile = ${run_dir}/radiusd.pid
+-pidfile = ${run_dir}/${name}.pid
+pidfile = ${run_dir}/freeradius.pid
is better.
Alexandre Chapellon a écrit :
You don't have to delete the debian patch.
Changing the user seems to have been corrected and so it's now
unnecessary, but a new bug appeared in the patch as radiusd.conf
seems to have been modified.
here is a little diff showing what to change in the patch so it works
(well works for me anyway):
--- 01-radiusd-to-freeradius.dpatch2008-09-25 09:23:19.0 -1000
+++ 01-radiusd-to-freeradius.dpatch.new2008-09-25
09:24:00.0 -1000
@@ -35,7 +35,7 @@
-# e.g.: kill -HUP `cat /var/run/radiusd/radiusd.pid`
+# e.g.: kill -HUP `cat /var/run/freeradius/freeradius.pid`
#
--pidfile = ${run_dir}/${name}.pid
+-pidfile = ${run_dir}/radiusd.pid
+pidfile = ${run_dir}/freeradius.pid
orion a écrit :
i`ve tried in a test environment with root uid/gid and no probs with
read/write conf/log files.
so it works ok in debug mode ( tested from another pc with ntradping ) .
2008/9/25 [EMAIL PROTECTED]:
Hi,
i deleted the patch 01 line from the 00 file. but freeradius doesnt
starts in normal mode.no errors,no open UDP,TCP port
( netstat -ntlp and netstat -nulp dont show nothing like 1812 ,1813 )
, but in debug mode it`s ok.
its unable to read config files or unable to write to the
logfile or write the PID file etc. what does
radiusd -x (small x, partial debug) say?
alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ..::Errors initializing modules::..
Message: 3 Date: Thu, 25 Sep 2008 19:56:36 +0100 From: [EMAIL PROTECTED] Subject: Re: ..::Errors initializing modules::.. To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii Hi, But I can't see that on the radiusd -X output, I've double checked everything with no luck. Even if I'm trying the radtest with a user that is on mysql the radius send a reject packet. I can see on the output that the password doesn't match but I tried with a new one getting the same message, I think that it is not reading mysql because it is not initializing the module right?. you built the server yourself? check the output from the ./configure stage - it probably didnt build the SQL stuff because eg you didnt have the required MySQL development libraries installed at the time alan Thanks for your help Alan, but the radius server was built with the --with-mysql variable with no luck. Any other idea? Regards. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ..::Errors initializing modules::..
Hi, Thanks for your help Alan, but the radius server was built with the --with-mysql variable with no luck. err, it builds by default with MySQL - no need for that configure flag. once again, I will ask you, read the output when you run the ./configure - dump it to a file if you cannot scrollback through the whole log. SEE what configure says when it tries checking for or doing MySQL stuff. the flags you give configure mean nothing if your system doesnt have the relevant includes, libraries etc. more bluntly - what OS are you using? if redhat, fedora or Centos, do you have mysql-devel RPM installed? if debian/ubuntu etc, do you have libmysqlclient package installed? etc alan Any other idea? Regards. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.1.1 has been released
Hi, i`ve tried in a test environment with root uid/gid and no probs with read/write conf/log files. so it works ok in debug mode ( tested from another pc with ntradping ) . yes, i dont care about successful test with root in a test environment - what fails in the real environment? eg what UID/GID do you usually use? once again, what happens when you run 'radiusd -x' of 'radiusd -f' ? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.1.1 has been released
Ok,
that made it work here.
Tks.
Roberto
Alexandre Chapellon wrote:
Sorry i made a mistake with my patch:
--- 01-radiusd-to-freeradius.dpatch2008-09-24 22:41:26.0 -1000
+++ 01-radiusd-to-freeradius.dpatch.new2008-09-25
09:41:05.0 -1000
@@ -35,7 +35,7 @@
-# e.g.: kill -HUP `cat /var/run/radiusd/radiusd.pid`
+# e.g.: kill -HUP `cat /var/run/freeradius/freeradius.pid`
#
--pidfile = ${run_dir}/radiusd.pid
+-pidfile = ${run_dir}/${name}.pid
+pidfile = ${run_dir}/freeradius.pid
is better.
Alexandre Chapellon a écrit :
You don't have to delete the debian patch.
Changing the user seems to have been corrected and so it's now
unnecessary, but a new bug appeared in the patch as radiusd.conf
seems to have been modified.
here is a little diff showing what to change in the patch so it works
(well works for me anyway):
--- 01-radiusd-to-freeradius.dpatch2008-09-25 09:23:19.0
-1000
+++ 01-radiusd-to-freeradius.dpatch.new2008-09-25
09:24:00.0 -1000
@@ -35,7 +35,7 @@
-# e.g.: kill -HUP `cat /var/run/radiusd/radiusd.pid`
+# e.g.: kill -HUP `cat /var/run/freeradius/freeradius.pid`
#
--pidfile = ${run_dir}/${name}.pid
+-pidfile = ${run_dir}/radiusd.pid
+pidfile = ${run_dir}/freeradius.pid
orion a écrit :
i`ve tried in a test environment with root uid/gid and no probs with
read/write conf/log files.
so it works ok in debug mode ( tested from another pc with ntradping ) .
2008/9/25 [EMAIL PROTECTED]:
Hi,
i deleted the patch 01 line from the 00 file. but freeradius doesnt
starts in normal mode.no errors,no open UDP,TCP port
( netstat -ntlp and netstat -nulp dont show nothing like 1812 ,1813 )
, but in debug mode it`s ok.
its unable to read config files or unable to write to the
logfile or write the PID file etc. what does
radiusd -x (small x, partial debug) say?
alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
-
Marcos Roberto Greiner
Os otimistas acham que estamos no melhor dos mundos
Os pessimistas tem medo de que isto seja verdade
Murphy
-
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_eap: SSL error error:0906D06C:PEM routines:PEM_read_bio:no start line
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Venkat, Sorry for the response lag; I just noticed your post when searching for the same issue before realizing the problem. Was your server.key really created with the password whatever? (Check your .../raddb/certs/server.cnf file for the input_password and output_password settings. The private_key_password setting in your eap.conf file needs to match the password on the server.key (and, therefore, the PRIVATE KEY portion of server.pem). Otherwise, radiusd can't decrypt the key it needs to build TLS transactions. Cheers, - -sth sam hooker|http://www.noiseplant.com|i am between the internet -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjb8iMACgkQX8KByLv3aQ1zrgCgh8pVFVLywED6HdME310fnbSZ cSkAmwWaRSa+fSOz9leiunhkMiKNXU7m =x4eL -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The client does not connect _*_*_*_
Can you ping the radius server from the access point. This is a networking issue - nothing to do with radius. Ivan Kalik Kalik Informatika ISP Dana 25/9/2008, Martin Silvero [EMAIL PROTECTED] piše: in fact this IP (10.0.42.250) is another network which is connected to the notebook, which I have done now is to disconnect from the network and try to connect to the radius of the outcome this time is that in the radius server does not There is movement and the tool NTRadPing I get: no response from server (time out), new attemp - could not receive a response from the server the IP i add to raddb/clients.conf is the access point client = 10.0.31.40 the IP 10.0.42.250 as other networks but i disconect thanks! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ..::Errors initializing modules::..
Have you uncommented sql anywhere (authorize etc)? Ivan Kalik Kalik Informatika ISP Dana 25/9/2008, Ing. Alfonso Reyes [EMAIL PROTECTED] piše: Message: 3 Date: Thu, 25 Sep 2008 19:56:36 +0100 From: [EMAIL PROTECTED] Subject: Re: ..::Errors initializing modules::.. To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii Hi, But I can't see that on the radiusd -X output, I've double checked everything with no luck. Even if I'm trying the radtest with a user that is on mysql the radius send a reject packet. I can see on the output that the password doesn't match but I tried with a new one getting the same message, I think that it is not reading mysql because it is not initializing the module right?. you built the server yourself? check the output from the ./configure stage - it probably didnt build the SQL stuff because eg you didnt have the required MySQL development libraries installed at the time alan Thanks for your help Alan, but the radius server was built with the --with-mysql variable with no luck. Any other idea? Regards. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The client does not connect _*_*_*_
Yes, tried to ping and responds quickly and without losses. Also I did from the server and also responds. What could be the problem? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.1.1 has been released
the patch that rgreiner supplied worked , so i dont have that installation anymore and cannot test for the -x. 2008/9/25 [EMAIL PROTECTED]: Hi, i`ve tried in a test environment with root uid/gid and no probs with read/write conf/log files. so it works ok in debug mode ( tested from another pc with ntradping ) . yes, i dont care about successful test with root in a test environment - what fails in the real environment? eg what UID/GID do you usually use? once again, what happens when you run 'radiusd -x' of 'radiusd -f' ? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The client does not connect _*_*_*_
maybe its a hotspot issue , i had one with some Mikrotik Hotspot and had to do an IP - Hotspot - IP Binding. theorically its a NAT issue 2008/9/25 [EMAIL PROTECTED]: Can you ping the radius server from the access point. This is a networking issue - nothing to do with radius. Ivan Kalik Kalik Informatika ISP Dana 25/9/2008, Martin Silvero [EMAIL PROTECTED] piše: in fact this IP (10.0.42.250) is another network which is connected to the notebook, which I have done now is to disconnect from the network and try to connect to the radius of the outcome this time is that in the radius server does not There is movement and the tool NTRadPing I get: no response from server (time out), new attemp - could not receive a response from the server the IP i add to raddb/clients.conf is the access point client = 10.0.31.40 the IP 10.0.42.250 as other networks but i disconect thanks! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The client does not connect _*_*_*_
Then try to telnet (port 1812) from access point to server. If you can't - problem is firewall. If you can - you haven't configured radius on AP properly. Ivan Kalik Kalik Informatika ISP Dana 25/9/2008, Martin Silvero [EMAIL PROTECTED] piše: Yes, tried to ping and responds quickly and without losses. Also I did from the server and also responds. What could be the problem? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The client does not connect _*_*_*_
Hi All, Please don't forget that radius is UDP, and telnet TCP - firewall might be protocol specific and the fact that you can't telnet to port 1812 doesn't mean you can't use radius. kind regards Pshem - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.1.1 has been released
Charlie B wrote: Actually for Fedora/Redhat and yes it would contain radtest and now upgraded to radmin but I'm looking for the package, I looked to build the rpm from freeradius-server-2.1.1.tar.gz but was unable to for the utils, so thought I would ask to see were I could grab them Fedora has built and released the new 2.1.1 version of FreeRADIUS (available the same day it was released by the FreeRADIUS project). It is available in the development (aka rawhide) repository or it may be downloaded via the Koji build system, http://koji.fedoraproject.org (enter freeradius in the packages search box to locate all builds) With regard to the new radmin utility, it is in the main freeradius package, not freeradius-utils. The new 2.1.1 has had only very cursory testing in Fedora, I encourage Fedora users to exercise the package and report any Fedora specific problems at https://bugzilla.redhat.com/enter_bug.cgi?product=Fedoracomponent=freeradius Alan Buxey: The reason why freeradius is split into sub-packages is to accommodate users who want a minimal install which does not pull in other packages to satisfy dependencies. The installer automatically detects the dependencies of any rpm it installs and recursively installs every dependency. For example we build FreeRADIUS with support for mysql, postgresql and ldap but as a user you might not use any of these backends. In this case where a user just wants to install freeradius they will get cranky if it requires them to install large database packages they never intend to use. Thus by having fine grained subpackages you can electively install the freeradius-mysql subpackage if you want to use freeradius with MySQL and the only database server the installer will add is mysql, you won't be forced to install postgress or ldap, etc. Think of this as the equivalent of the configure script with-* command line options used during building, but applied at installation time. -- John Dennis [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
