Re: R: Re: R: rlm_ippool: No available ip addresses in pool
Tabacchiera Stefano wrote: the fact is: not always we receive the acct-stop message from the NAS. And, slowly but certainly, the pool ends to be filled of active entries that will never be released. You already said that. I just tried this simple test: a pool of 5 ip's with maximum_timeout=10. I start to radclient'ing the auth port, with a random generated nas port. When i reach the 6th client, radiusd -X says no available ip address. Even if maximum_timeout expired since long time. You already said that. There is no way to deallocate ip's, but sending acct-stop packets. You already said that. Let me know if I can provide some other useful details. My previous message told you what information to provide. Please read it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[no subject]
Hi. After installing Radius. i try to do some exemple.I d'ont know if it is correct because i'm new in it. I add on Users: sonia Auth-Type := Local, User-Password == salut Reply-Message = Hello, %u, Reply-Message = are you fine, %u And i add on Clients.conf: client 127.0.0.1 { secret = testing123 # notre clé partagée shortname = class nastype = other } when i do this command, i have: p...@pfe-laptop:~$ sudo radtest sonia salut 127.0.0.1:1812 1812 testing123 Sending Access-Request of id 11 to 127.0.0.1 port 1812 User-Name = sonia User-Password = salut NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=11, length=20 What is the problem please.is there someting messing in my test? Thank you _ Hotmail: Trusted email with powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re:
Am 04.05.2010 um 13:34 schrieb dorra aa: Hi. After installing Radius. i try to do some exemple.I d'ont know if it is correct because i'm new in it. I add on Users: sonia Auth-Type := Local, User-Password == salut This should read Cleartext-Password := salut instead of User-Password == salut In Freeradius, passwords are assigned ( := ) and not compared ( == ) Have a nice day! Reply-Message = Hello, %u, Reply-Message = are you fine, %u And i add on Clients.conf: client 127.0.0.1 { secret = testing123 # notre clé partagée shortname = class nastype = other } when i do this command, i have: p...@pfe-laptop:~$ sudo radtest sonia salut 127.0.0.1:1812 1812 testing123 Sending Access-Request of id 11 to 127.0.0.1 port 1812 User-Name = sonia User-Password = salut NAS-IP-Address = 127.0.1.1 NAS-Port ! = 1812 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=11, length=20 What is the problem please.is there someting messing in my test? Thank you Hotmail: Trusted email with powerful SPAM protection. Sign up now. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Nicolas Goutte extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Libtool / autoconf is evil
Aaron Turner wrote: It is annoying you need Cmake install to do a build, but I figure 95% of my users are installing pre-built packages and the other 5% are advanced enough to figure it out. 20 years ago when everyone was building everything from source rather then installing binary packages, it would of been a deal breaker for me too, but things have changed sufficiently that I'm willing to accept it. Good point. Honestly, if Auto* does what you need, then it's probably not worth moving to another system. I can't say I was happy with autoconf/automake but it worked and when I got bug reports from users I was able to fix them without too much effort. Pretty much. We're seeing more problems now with libtool libltdl. So those are the higher priority for removal. Luckily, that looks easy to do. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: your mail
Hi, After installing Radius. i try to do some exemple.I d'ont know if it is correct because i'm new in it. I add on Users: sonia Auth-Type := Local, User-Password == salut Reply-Message = Hello, %u, Reply-Message = are you fine, %u what version? with anything recent this should work sonia Cleartext-Password := salut Reply-Message = Hello, %u, Reply-Message += are you fine, %u p...@pfe-laptop:~$ sudo radtest sonia salut 127.0.0.1:1812 1812 testing123 Sending Access-Request of id 11 to 127.0.0.1 port 1812 User-Name = sonia User-Password = salut NAS-IP-Address = 127.0.1.1 NAS-Port ! = 1812 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=11, length=20 ..and this is just the client end - for real help, please post the output of radiusd -X alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: your mail
the output of my radiusd -X is : Module: Linked to module rlm_pap Module: Instantiating pap pap { encryption_scheme = auto auto_header = no } Module: Linked to module rlm_chap Module: Instantiating chap Module: Linked to module rlm_mschap Module: Instantiating mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no } Module: Linked to module rlm_unix Module: Instantiating unix unix { radwtmp = /usr/local/var/log/radius/radwtmp } Module: Linked to module rlm_eap Module: Instantiating eap eap { default_eap_type = md5 timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 4096 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = Password: auth_type = PAP } Ignoring EAP-Type/tls because we do not have OpenSSL support. Ignoring EAP-Type/ttls because we do not have OpenSSL support. Ignoring EAP-Type/peap because we do not have OpenSSL support. Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_realm Module: Instantiating suffix realm suffix { format = suffix delimiter = @ ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating files files { usersfile = /usr/local/etc/raddb/users acctusersfile = /usr/local/etc/raddb/acct_users preproxy_usersfile = /usr/local/etc/raddb/preproxy_users compat = no } Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: Instantiating radutmp radutmp { filename = /usr/local/var/log/radius/radutmp username = %{User-Name} case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Linked to module rlm_attr_filter Module: Instantiating attr_filter.access_reject attr_filter attr_filter.access_reject { attrsfile = /usr/local/etc/raddb/attrs.access_reject key = %{User-Name} } } # modules } # server server { modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating preprocess preprocess { huntgroups = /usr/local/etc/raddb/huntgroups hints = /usr/local/etc/raddb/hints with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating acct_unique acct_unique { key = User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating detail detail { detailfile = /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d header = %t detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Instantiating attr_filter.accounting_response attr_filter attr_filter.accounting_response { attrsfile = /usr/local/etc/raddb/attrs.accounting_response key = %{User-Name} } Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server radiusd: Opening IP addresses and Ports listen { type = auth ipaddr = * port = 0 Failed binding to authentication address * port 1812: Address already in use /usr/local/etc/raddb/radiusd.conf[240]: Error binding to port for 0.0.0.0 port 1812 p...@pfe-laptop:~/freeradius-server-2.1.8$ killall radiusd radiusd(4956): Opération non permise radiusd: aucun processus tué p...@pfe-laptop:~/freeradius-server-2.1.8$ sudo killall radiusd p...@pfe-laptop:~/freeradius-server-2.1.8$ sudo radiusd -X FreeRADIUS Version 2.1.8, for host i686-pc-linux-gnu, built on May 3 2010 at 23:42:10 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf including
Re: your mail
On 05/04/2010 09:20 AM, dorra aa wrote: sonia Auth-Type := Local, User-Password == salut Don't set the Auth-Type, that's documented in many places, it's not in the example http://deployingradius.com/documents/configuration/pap.html User-Password == salut Is also incorrect, the documented attribute to use is Cleartext-Password and the documented operator is := not == -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Basic wifi config
Hi, I set up the following config, tried to follow the advices of freeradius website (don't touch anything you could break in the raddb directory ;-) ) The config (in french, sorry) i used : http://www.openbsd-edu.net/index.php/FreeRadius FreeRadius OS: OpenBSD 4.5 freeradius-2.1.3RADIUS server implementation 192.168.1.9 172.16.0.133 AP : Linksys WRT54G WPA Entreprise TKIP 192.168.1.1 Client WinXP; SP2 DHCP On the server : pkg_add -v http://ftp.arcane-networks.fr/pub/OpenBSD/$(uname -r)/packages/$(uname -m)/freeradius echo if [ -x /usr/local/sbin/radiusd ]; then install -d -o _freeradius /var/run/radiusd echo -n ' radiusd'; /usr/local/sbin/radiusd fi /etc/rc.local cp radius.pem /etc/raddb/certs/server.pem chmod 744 /etc/raddb/certs/server.pem cp ca.pem /etc/raddb/certs/ca.pem chmod 744 /etc/raddb/certs/ca.pem openssl verify -verbose -CApath /etc/raddb/certs/ -CAfile /etc/raddb/certs/ca.pem /etc/raddb/certs/server.pem = /etc/raddb/certs/server.pem: OK dd if=/dev/urandom of=/etc/raddb/certs/random bs=1024 count=100 openssl dhparam -out /etc/raddb/certs/dh 1024 echo usertest Cleartext-Password := \password\ /etc/raddb/users echo #Nagios client Nagios { secret = SECRETNAGIOS shortname = Nagios ipaddr = @IP NAgios } #Wifi AP3 client AP3 { secret = \SECRET_AP3\ shortname = AP3 ipaddr = @IP AP3 nastype = other } # En local client localhost { ipaddr = 127.0.0.1 secret = \SECRETLOCAL\ require_message_authenticator = no shortname = localhost nastype = other } /etc/raddb/clients.conf ifconfig em0 alias 192.168.1.9 netmask 255.255.255.0 ifconfig -a =em0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 =inet 172.16.0.223 netmask 0x broadcast 172.16.255.255 =inet 192.168.1.9 netmask 0xff00 broadcast 192.168.1.255 /usr/local/sbin/radiusd -X radtest local radtest remote are OK for the local and Nagios clients. Let's go to the XP... When i try to use the Wifi, the radiusd -X tells : ...I paste the logs to http://networkradius.com/freeradius.html and only copied the neither white nor blue parts : WARNING: You set Proxy-To-Realm = LOCAL, but the realm does not exist! Cancelling invalid proxy request. No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. grep roxy * |grep -v # attrs.access_reject:Proxy-State =* ANY attrs.accounting_response: Proxy-State =* ANY experimental.conf: mod_preproxy = radiusd_test experimental.conf: func_preproxy = preproxy experimental.conf: mod_postproxy = radiusd_test experimental.conf: func_postproxy = postproxy proxy.conf:proxy server { radiusd.conf:proxy_requests = no What is the missing magic command which could help me ?? Thanks. Best regards. -- Lycée polyvalent Alfred Nobel, Clichy sous Bois http://www.lyceenobel.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
R: Re: R: Re: R: rlm_ippool: No available ip addresses in pool
Alan, here's the content of gdbm db: rlm_ippool_tool -v db.ippool db.ipindex KEY: '9067fe4e396704b709d9cb2a592485fa' - ipaddr:192.168.1.5 active:1 cli:0 num:1 KEY: '3502b76273775d9a81147f003ee0c913' - ipaddr:192.168.1.3 active:1 cli:0 num:1 KEY: '7dfab3787e18fa9ac9aa1d29a364259b' - ipaddr:192.168.1.2 active:1 cli:0 num:1 KEY: '2e8e64b237e81be655e98029e4e746eb' - ipaddr:192.168.1.1 active:1 cli:0 num:1 KEY: '959f1236c1743765bd67472af2b043d4' - ipaddr:192.168.1.4 active:1 cli:0 num:1 And here's the output of radiusd -X: FreeRADIUS Version 2.1.8, for host x86_64-unknown-linux-gnu, built on May 3 2010 at 08:21:55 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /home/test/etc/raddb/radiusd.conf including configuration file /home/test/etc/raddb/clients.conf including files in directory /home/test/etc/raddb/modules/ including configuration file /home/test/etc/raddb/modules/attr_filter including configuration file /home/test/etc/raddb/modules/digest including configuration file /home/test/etc/raddb/modules/mac2ip including configuration file /home/test/etc/raddb/modules/preprocess including configuration file /home/test/etc/raddb/modules/logintime including configuration file /home/test/etc/raddb/modules/pap including configuration file /home/test/etc/raddb/modules/detail.log including configuration file /home/test/etc/raddb/modules/acct_unique including configuration file /home/test/etc/raddb/modules/counter including configuration file /home/test/etc/raddb/modules/expiration including configuration file /home/test/etc/raddb/modules/linelog including configuration file /home/test/etc/raddb/modules/realm including configuration file /home/test/etc/raddb/modules/sradutmp including configuration file /home/test/etc/raddb/modules/exec including configuration file /home/test/etc/raddb/modules/krb5 including configuration file /home/test/etc/raddb/modules/detail including configuration file /home/test/etc/raddb/modules/sqlcounter_expire_on_login including configuration file /home/test/etc/raddb/modules/radutmp including configuration file /home/test/etc/raddb/modules/mschap including configuration file /home/test/etc/raddb/modules/checkval including configuration file /home/test/etc/raddb/modules/passwd including configuration file /home/test/etc/raddb/modules/unix including configuration file /home/test/etc/raddb/modules/etc_group including configuration file /home/test/etc/raddb/modules/otp including configuration file /home/test/etc/raddb/modules/sql_log including configuration file /home/test/etc/raddb/modules/perl including configuration file /home/test/etc/raddb/modules/inner-eap including configuration file /home/test/etc/raddb/modules/policy including configuration file /home/test/etc/raddb/modules/pam including configuration file /home/test/etc/raddb/modules/files including configuration file /home/test/etc/raddb/modules/echo including configuration file /home/test/etc/raddb/modules/ippool including configuration file /home/test/etc/raddb/modules/mac2vlan including configuration file /home/test/etc/raddb/modules/cui including configuration file /home/test/etc/raddb/modules/wimax including configuration file /home/test/etc/raddb/modules/always including configuration file /home/test/etc/raddb/modules/chap including configuration file /home/test/etc/raddb/modules/ldap including configuration file /home/test/etc/raddb/modules/detail.example.com including configuration file /home/test/etc/raddb/modules/attr_rewrite including configuration file /home/test/etc/raddb/modules/ntlm_auth including configuration file /home/test/etc/raddb/modules/smbpasswd including configuration file /home/test/etc/raddb/modules/expr including configuration file /home/test/etc/raddb/modules/smsotp including configuration file /home/test/etc/raddb/policy.conf including files in directory /home/test/etc/raddb/sites-enabled/ including configuration file /home/test/etc/raddb/sites-enabled/control-socket including configuration file /home/test/etc/raddb/sites-enabled/default including dictionary file /home/test/etc/raddb/dictionary main { prefix = /home/test localstatedir = /home/test/var logdir = /home/test/var/log/radius libdir = /home/test/lib radacctdir = /home/test/var/log/radius/radacct hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = /home/test/var/run/radiusd/radiusd.pid checkrad = /home/test/sbin/checkrad debug_level = 0 proxy_requests = no log { stripped_names = no auth = yes auth_badpass = yes auth_goodpass = yes } security { max_attributes = 200
srpm build error
I am trying to build freeradius rpm by following the instructions at http://wiki.freeradius.org/Red_Hat_FAQ#How_to_build_an_SRPM I however get the follwing errors at the fist step # rpm -ivh freeradius-2.1.7-7.fc12.src.rpm 1:freeradius warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root ### [100%] error: unpacking of archive failed on file /usr/src/redhat/SOURCES/freeradius-logrotate;4be01a23: cpio: MD5 sum mismatch I did a rpm -K which shows # rpm -K freeradius-2.1.7-7.fc12.src.rpm freeradius-2.1.7-7.fc12.src.rpm: sha1 md5 OK I installed all the rpm-build packages before hand so do not know why this is happening. I am using Centos 5.4 --Athiq - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: srpm build error
On Tue, May 04, 2010 at 02:46:04PM +0100, Athiqur Rahman wrote: I am trying to build freeradius rpm by following the instructions at http://wiki.freeradius.org/Red_Hat_FAQ#How_to_build_an_SRPM I however get the follwing errors at the fist step # rpm -ivh freeradius-2.1.7-7.fc12.src.rpm 1:freeradius warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root ### [100%] error: unpacking of archive failed on file /usr/src/redhat/SOURCES/freeradius-logrotate;4be01a23: cpio: MD5 sum mismatch I did a rpm -K which shows # rpm -K freeradius-2.1.7-7.fc12.src.rpm freeradius-2.1.7-7.fc12.src.rpm: sha1 md5 OK I installed all the rpm-build packages before hand so do not know why this is happening. I am using Centos 5.4 I think this is related to the changes for RPM since F11. You can not unpack F11/F12 RPMs on F 11 and RHEL/CentOS 6. If this is the case, unpack the src.rpm with rpm2cpio on a F11+ system and copy the files to the appropriates places (SOURCES and SPECS) on your CentOS system. -- --Jos Vos j...@xos.nl --X/OS Experts in Open Systems BV | Phone: +31 20 6938364 --Amsterdam, The Netherlands| Fax: +31 20 6948204 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius freeze
Hi everyone, I'm using FreeRADIUS Version 1.1.7 with Mysql. I use for Hotspot system. All works fine, but after around one day without activity, the radius server don't answer. Therefore, if I restart (/etc/init.d/freeradius restart), all works ok!! I monitor with the command ps and just restart result: # ps ax | grep freeradius 26118 ?Ssl0:00 /usr/sbin/freeradius Immediately after the connection of a hotspot's user: # ps ax | grep freeradius 26118 ?Ssl0:00 /usr/sbin/freeradius 26158 ?Z 0:00 [freeradius] defunct What does this mean *_/[freeradius] defunct/_*? If hotspot's user disconnect, nothing changes!! Could you help me?? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: srpm build error
Jos Vos wrote: On Tue, May 04, 2010 at 02:46:04PM +0100, Athiqur Rahman wrote: I am trying to build freeradius rpm by following the instructions at http://wiki.freeradius.org/Red_Hat_FAQ#How_to_build_an_SRPM I however get the follwing errors at the fist step # rpm -ivh freeradius-2.1.7-7.fc12.src.rpm 1:freeradius warning: user mockbuild does not exist - using root warning: group mockbuild does not exist - using root ### [100%] error: unpacking of archive failed on file /usr/src/redhat/SOURCES/freeradius-logrotate;4be01a23: cpio: MD5 sum mismatch I did a rpm -K which shows # rpm -K freeradius-2.1.7-7.fc12.src.rpm freeradius-2.1.7-7.fc12.src.rpm: sha1 md5 OK I installed all the rpm-build packages before hand so do not know why this is happening. I am using Centos 5.4 I think this is related to the changes for RPM since F11. You can not unpack F11/F12 RPMs on F 11 and RHEL/CentOS 6. If this is the case, unpack the src.rpm with rpm2cpio on a F11+ system and copy the files to the appropriates places (SOURCES and SPECS) on your CentOS system. Thanks. You are right about about using old versions of Fedora. I didn't have old fedora machine so used the the following command rpm --nomd5 -ivh freeradius-2.1.7-7.fc12.src.rpm After that I followed the instructions as normal and ended up with the required RPMs. All except for freeradius-libs freeradius-devel Are these 2 RPMs essential to the core running of freeradius? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius freeze
On Tue, May 04, 2010 at 04:56:46PM +0200, Tokie wrote: Hi everyone, I'm using FreeRADIUS Version 1.1.7 with Mysql. I use for Hotspot system. All works fine, but after around one day without activity, the radius server don't answer. Therefore, if I restart (/etc/init.d/freeradius restart), all works ok!! I monitor with the command ps and just restart result: # ps ax | grep freeradius 26118 ?Ssl0:00 /usr/sbin/freeradius Immediately after the connection of a hotspot's user: # ps ax | grep freeradius 26118 ?Ssl0:00 /usr/sbin/freeradius 26158 ?Z 0:00 [freeradius] defunct What does this mean *_/[freeradius] defunct/_*? If hotspot's user disconnect, nothing changes!! Could you help me?? Retarting the server is the appropriate measure to use to address this problem. The better solution would be to upgrade to version 2.1.8 which fixes so many bugs... Cheers, Ken - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: srpm build error
On 05/04/2010 11:01 AM, Athiqur Rahman wrote: After that I followed the instructions as normal and ended up with the required RPMs. All except for freeradius-libs freeradius-devel Are these 2 RPMs essential to the core running of freeradius? No, they've been deprecated. BTW, you should probably use the latest 2.1.8 SRPM's, they are more current. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Basic wifi config
Philippe Schwarz wrote: I set up the following config, tried to follow the advices of freeradius website (don't touch anything you could break in the raddb directory ;-) ) That's good. The config (in french, sorry) i used : http://www.openbsd-edu.net/index.php/FreeRadius Hmm.. that doesn't look all correct. The certificate stuff isn't necessary in 2.1.3. When i try to use the Wifi, the radiusd -X tells : ...I paste the logs to http://networkradius.com/freeradius.html and only copied the neither white nor blue parts : WARNING: You set Proxy-To-Realm = LOCAL, but the realm does not exist! Cancelling invalid proxy request. No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. You didn't specify a password for the user. What is the missing magic command which could help me ?? Specify a password, as suggested in: Les fichiers importants users on the OpenBSD page you used. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: R: Re: R: Re: R: rlm_ippool: No available ip addresses in pool
Tabacchiera Stefano wrote: Alan, here's the content of gdbm db: Ah... it's the DBM pools. Well.. use rlm_ippool_tool to manage the pool. Or, get your NAS to send accounting stop packets. It's *supposed* to send stop packets when a user session is cleared. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
openssl
hi I'm starting with linux and freeradius with peap configuration. I'm using debian lenny 2.6.26-2-686, when runnig freeradius -X (FreeRADIUS Version 2.0.4, for host i486-pc-linux-gnu, built on Sep 7 2008 at 23:35:34) i'm getting those errors Module: Instantiating eap eap { default_eap_type = peap timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5* rlm_eap: Ignoring EAP-Type/tls because we do not have OpenSSL support. rlm_eap: Ignoring EAP-Type/peap because we do not have OpenSSL support. rlm_eap: Ignoring EAP-Type/ttls because we do not have OpenSSL support.* Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no } *rlm_eap: No such sub-type for default EAP type peap* /etc/freeradius/eap.conf[1]: Instantiation failed for module eap /etc/freeradius/sites-enabled/inner-tunnel[223]: Failed to find module eap. /etc/freeradius/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section. } } *Errors initializing modules* how should i install openssl ?? only compilation by hand will work here ?? Can anybody give needed advice please? Thanks a lot for help! :) Kornel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: openssl
Le mardi 04 mai 2010 à 19:51 +0200, ds14.kornel a écrit : hi I'm starting with linux and freeradius with peap configuration. I'm using debian lenny 2.6.26-2-686, when runnig freeradius -X (FreeRADIUS Version 2.0.4, for host i486-pc-linux-gnu, built on Sep 7 2008 at 23:35:34) i'm getting those errors Module: Instantiating eap eap { default_eap_type = peap timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 rlm_eap: Ignoring EAP-Type/tls because we do not have OpenSSL support. rlm_eap: Ignoring EAP-Type/peap because we do not have OpenSSL support. rlm_eap: Ignoring EAP-Type/ttls because we do not have OpenSSL support. Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no } rlm_eap: No such sub-type for default EAP type peap /etc/freeradius/eap.conf[1]: Instantiation failed for module eap /etc/freeradius/sites-enabled/inner-tunnel[223]: Failed to find module eap. /etc/freeradius/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section. } } Errors initializing modules how should i install openssl ?? only compilation by hand will work here ?? Can anybody give needed advice please? Thanks a lot for help! :) I would say you will have to install openssl developement headers and recompile freeradius with the corrects switches to enable eap module. sudo apt-get install libssl-dev and then recompile with --with-rlm-eap This is just a guess. Kornel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Alexandre Chapellon alexandre.chapel...@mana.pf Mana SAS - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: openssl
Hi, } rlm_eap: No such sub-type for default EAP type peap /etc/freeradius/eap.conf[1]: Instantiation failed for module eap /etc/freeradius/sites-enabled/inner-tunnel[223]: Failed to find module eap. /etc/freeradius/sites-enabled/inner-tunnel[176]: Errors parsing authenticate section. } } Errors initializing modules yep - the default debian install doesnt have OpenSSL support. http://wiki.freeradius.org/Build#Building_Debian_packages alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius 2.1.6: Store Cisco device enable password in Postgresql DB
Hey guys, This should be a quick one. When I enable on a Cisco device, it sends a request with username $enab15$. rad_recv: Access-Request packet from host 172.17.254.100 port 1645, id=92, length=84 NAS-IP-Address = 172.17.254.100 NAS-Port = 1 NAS-Port-Type = Virtual User-Name = $enab15$ Calling-Station-Id = 172.17.1.1 User-Password = password Service-Type = Administrative-User I used to store the username and password in the users file and it was working fine: $enab15$ Cleartext-Password := password Now I am trying to move this user from the file to the postgresql DB and my radcheck table looks like: radius=# select * from radcheck; id | username | attribute | op | value +--+++--- 1 | $enab15$ | Cleartext-Password | := | password And it doesn't work. Then I am checking the debug and I found that the $ in the username was interpreted to something like =24: [sql] expand: SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id - SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '=24enab15=24' ORDER BY id Then I changed the username to this =24enab15=24 and now it works. I am just curious how freeradius or %{SQL-User-Name} treats special characters in username... Is there a way to treat them AS-IS? Thank you! Difan Zhao, M.Eng Network Engineer Guest-Tek Interactive Entertainment Inc. www.guest-tek.com Email: difan.z...@guest-tek.com Office: +1 (403) 509 1010 ext 3048 Cell: +1 (403) 689 7514 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sqlcounter and ldap backend
Hello I have installed freeradius + LDAP backend. I need to limit the connection time per user. I found sqlcounter as a solution but I have two problems: 1 - I need to take the values: Max-Daily-Session and Max-Monthly-Session from LDAP and not from mysql DB. 2 - I need to terminate the connection when it meets the maximum connection time. Best regards, Carlos A. Sorry my English, I speak Spanish. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: R: Re: R: Re: R: rlm_ippool: No available ip addresses in pool
Tabacchiera Stefano wrote: Alan, here's the content of gdbm db: Ah... it's the DBM pools. I already stated that in the subject of my mail (did you notice the module name?). Well.. use rlm_ippool_tool to manage the pool. Great idea! Too bad that tool allow only to cleal *all* the entries in the DBM pool. Or am I just missing something? Or, get your NAS to send accounting stop packets. It's *supposed* to send stop packets when a user session is cleared. As I already said, I know the NAS sometimes doesn't send acct-stop pkts, but it's out of my control. My questions (still unanswered, let me say) are: 1) is maximum_timeout useless? 2) Is there a way to keep my dbm pool safe and updated (I mean no expired addresses), even in the case some acct-stop pkt are loss? 3) Should I switch to sql pool, 'cause dbm it's actually unreliable? Thanks again. ST __ La presente comunicazione ed i suoi allegati e' destinata esclusivamente ai destinatari. Qualsiasi suo utilizzo, comunicazione o diffusione non autorizzata e' proibita. Se ha ricevuto questa comunicazione per errore, la preghiamo di darne immediata comunicazione al mittente e di cancellare tutte le informazioni erroneamente acquisite. (Rif. D.Lgs. 196/2003). Grazie This message and its attachments are intended only for use by the addressees. Any use, re-transmission or dissemination not authorized of it is prohibited. If you received this e-mail in error, please inform the sender immediately and delete all the material. (Rif. D.Lgs. 196/2003). Thank you. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: R: Re: R: Re: R: rlm_ippool: No available ip addresses in pool
How is FreeRADIUS supposed to know when a user disconnects and frees up the IP address from the pool if the NAS doesn't tell it? Anything else is not exactly reliable. If you have a user with a long duration session that lasts longer than your timeout the IP could be put back into the pool when it is still in use. The best solution would be to fix the NAS to send the packets or fix the network to make sure they get delivered. Michael -- Michael J. Hartwick, VE3SLQ hartw...@hartwick.com Hartwick Communications Consulting (519) 396-7719 Kincardine, ON, CA http://www.hartwick.com -- From: freeradius-users-bounces+hartwick=hartwick@lists.freeradius.org [mailto:freeradius-users-bounces+hartwick=hartwick@lists.freeradius.org] On Behalf Of Tabacchiera Stefano Sent: Tuesday, May 04, 2010 15:39 To: freeradius-users@lists.freeradius.org Subject: Re: R: Re: R: Re: R: rlm_ippool: No available ip addresses in pool Tabacchiera Stefano wrote: Alan, here's the content of gdbm db: Ah... it's the DBM pools. I already stated that in the subject of my mail (did you notice the module name?). Well.. use rlm_ippool_tool to manage the pool. Great idea! Too bad that tool allow only to cleal *all* the entries in the DBM pool. Or am I just missing something? Or, get your NAS to send accounting stop packets. It's *supposed* to send stop packets when a user session is cleared. As I already said, I know the NAS sometimes doesn't send acct-stop pkts, but it's out of my control. My questions (still unanswered, let me say) are: 1) is maximum_timeout useless? 2) Is there a way to keep my dbm pool safe and updated (I mean no expired addresses), even in the case some acct-stop pkt are loss? 3) Should I switch to sql pool, 'cause dbm it's actually unreliable? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: openssl
On Tue, May 04, 2010 at 07:58:03PM +0100, Alan Buxey wrote: rlm_eap: No such sub-type for default EAP type peap yep - the default debian install doesnt have OpenSSL support. http://wiki.freeradius.org/Build#Building_Debian_packages No, only the default build of 2.1.8 from original source on Debian lacks the libssl-dev build-dependency. The pre-built packages are fine, and that's what everyone, ESPECIALLY NEWBIES, should be using. Let me repeat the simple guide once again: 1.) Add Debian lenny-backports repository to your sources.list, for example: deb http://backports.org/debian lenny-backports main 2.) Update the package list, for example with: apt-get update 3.) Install the the main FreeRADIUS package from there, for example with: apt-get install -t lenny-backports freeradius -- 2. That which causes joy or happiness. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: openssl
Hi, yep - the default debian install doesnt have OpenSSL support. No, only the default build of 2.1.8 from original source on Debian lacks the libssl-dev build-dependency. The pre-built packages are fine, and that's yes, thats what I said...look above. 3.) Install the the main FreeRADIUS package from there, for example with: apt-get install -t lenny-backports freeradius alternatively, grab the source and build it yourself. the choice is yours. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: R: Re: R: Re: R: rlm_ippool: No available ip addresses in pool
Tabacchiera Stefano wrote: Great idea! Too bad that tool allow only to cleal *all* the entries in the DBM pool. Or am I just missing something? shrug Then write a Perl script to manage the pool. It's just a DBM file. Or, get your NAS to send accounting stop packets. It's *supposed* to send stop packets when a user session is cleared. As I already said, I know the NAS sometimes doesn't send acct-stop pkts, but it's out of my control. Well... your NAS is broken. There's little we can do to fix that. My questions (still unanswered, let me say) are: 1) is maximum_timeout useless? No idea. I don't use that module. 2) Is there a way to keep my dbm pool safe and updated (I mean no expired addresses), even in the case some acct-stop pkt are loss? No. 3) Should I switch to sql pool, 'cause dbm it's actually unreliable? You should switch to the sqlippool module. It uses SQL features to automatically clear old entries, even if the NAS is broken. This isn't about an unreliable DBM file. The DBM file is reliable. It's your *NAS* that is broken. The additional features of SQL (which are missing in DBM) makes it easier for FreeRADIUS to work around a broken NAS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: openssl
On Tue, May 04, 2010 at 09:39:30PM +0100, Alan Buxey wrote: 3.) Install the the main FreeRADIUS package from there, for example with: apt-get install -t lenny-backports freeradius alternatively, grab the source and build it yourself. the choice is yours. No, I think that is a false choice for these users. We should not be telling random newbies to take a route that has time and time again been demonstrated to be too complicated for them to handle, when they can easily use a more efficient method - install safe working binaries. That also has the benefit of keeping them in the loop for later updates from the same reliable channel. If they explicitly tell us that they already use Debian, then we can't have much reason to have them avoid these Debian-specific methods that accomplish our goals - to make these people happy users of FR. This is one fairly trivial bug, even if one knows very little about compiling source code - one just has to google, and/or read the official web site (wiki), and find that all they have to do is install that one package and restart the build process, and they're good - yet numerous users have sent an e-mail to the list saying it's been a showstopper for them. I do not see what is there to gain by telling these people to keep using a method they clearly do not understand enough to be able to solve a relatively easy problem with. Sure, they can apply this quick fix now, but will it help their FreeRADIUS experience, and in turn will it help FreeRADIUS? Isn't it better for all to get them past the installation phase as quickly as possible, and not have to rehash these tangential issues, when time could be better spent educating them about core issues such as FreeRADIUS configuration semantics, or RADIUS protocol issues? -- 2. That which causes joy or happiness. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Basic wifi config
Le 04/05/2010 19:05, Alan DeKok a écrit : Philippe Schwarz wrote: The config (in french, sorry) i used : http://www.openbsd-edu.net/index.php/FreeRadius Hmm.. that doesn't look all correct. The certificate stuff isn't necessary in 2.1.3. Ok, but it's useless only; i can keep it that way , right ? .. Failed to authenticate the user. You didn't specify a password for the user. Oh! I should have read more carefully.. I thought i 'd have a popup for login,pass later.. What is the missing magic command which could help me ?? Specify a password, as suggested in: Les fichiers importants users OK, but my users are stored in a LDAP/samba Backend; i'll give it a try soon. BTW, the password is one-way encrypted, and tried echo -n 'user::Password' | md5 and paste the md5 to the users file, and did not work.. Maybe the null realm is the problem. Thanks. -- Lycée polyvalent Alfred Nobel, Clichy sous Bois http://www.lyceenobel.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Allow unlimited simultanious users ?
Hi Everbdody, Right off the bat I will tell you that this is my first experience with FreeRadius. I have a customer that wants to do be able to connect their laptops to a private network where we are running Edirectory as the authentication directory. Elements include - FreeRadius 2.1.6, Edirectory 8.7.x, SLES 11, LDAP authentication, Windows XP sp3, Novell Client32 4.91 sp5 I have this working Windows XP sp3 workstation and the user is prompted for username and passowrd for network access. Import of root CA from FreeRadius Server to Windows XP (SLES 11) PEAP and MSCHAP2 configuration on Windows XP The workstations only login to Edir to authtenicate and sync their local passwords all the applications are in a Citrx farm running off a Portal and the user has to login an extra time to access the portal. (Which could be a different username / password) Actually the certificate + username and password are only giving the user an IP address, there are no rights involved. I was wondering if it is possible to get rid of the pop-up with username and password by using a predefined username and password for all the users ? This could mean (worst case) 200-300 simultanious users with same FreeRadius username-password. This shouldn't be a problem for Edirectory but I am unsure in regard to FreeRadius. I can change the passowrd on the workstation at intervals by way of software distribution. All the users will be connecting by way of 1 Cisco controller connected to the APs by way of a VPN. Any thoughts - Experience with this ? Jim - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Clark Wang has invited you to Dropbox
We're excited to let you know that Clark Wang has invited you to Dropbox! Clark Wang has been using Dropbox to sync and share files online and across computers, and thought you might want it too. Visit http://www.dropbox.com/link/20.Nk89gKs-aB/NjE2MzQ0ODgxNw to get started. - The Dropbox Team To stop receiving invites from Dropbox, please go to http://www.dropbox.com/bl/28952efc12b9/freeradius-users%40lists.freeradius.org- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html