Re: Fwd: FreeRadius2MySQL
I'm using it since it was announced and it works perfectly... shark_l wrote: //I am planing to migrate from Aradial to FreeRadius2 //and i currently have 1 subscribers A piece of advice: DO NOT deploy Freeradius2 now! I am using FreeRadius 2.1.9 + Mysql 5.3 on FreeBSD 8.1, and the radiusd exits abnormally (although it says info: exiting normally by itself ) many times a day! I have been driven mad! and I decide to revert to freeradius 1.1.8. Believe me, or you can search exit normally but unexpectedly in maillist archive yourself. PS: deployment of freeradius is rather easy. Read its sample configuration files, and you will find them easy to understand. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re: Fwd: FreeRadius2MySQL
What's your OS? Maybe this problem is os-dependent. PS: Today I have transferred to freeradius 1.1.8. To be honest, its configuration is more troublesome than that of 2.x. But till now, it works smoothly. So i think it is worth it. I'm using it since it was announced and it works perfectly... shark_l wrote: //I am planing to migrate from Aradial to FreeRadius2 //and i currently have 1 subscribers A piece of advice: DO NOT deploy Freeradius2 now! I am using FreeRadius 2.1.9 + Mysql 5.3 on FreeBSD 8.1, and the radiusd exits abnormally (although it says info: exiting normally by itself ) many times a day! I have been driven mad! and I decide to revert to freeradius 1.1.8. Believe me, or you can search exit normally but unexpectedly in maillist archive yourself. PS: deployment of freeradius is rather easy. Read its sample configuration files, and you will find them easy to understand. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fwd: FreeRadius2MySQL
shark_l wrote: A piece of advice: DO NOT deploy Freeradius2 now! I am using FreeRadius 2.1.9 + Mysql 5.3 on FreeBSD 8.1, and the radiusd exits abnormally (although it says info: exiting normally by itself ) many times a day! I have been driven mad! and I decide to revert to freeradius 1.1.8. If you have issues with the server, ask questions on the list. DON'T wait weeks, and then recommend that other people use 1.1.x. Believe me, or you can search exit normally but unexpectedly in maillist archive yourself. The issue was reported on FreeBSD. The problem was tracked down by another list subscriber, and the fix is in the git v2.1.x branch. The fix will be in 2.1.10. PS: deployment of freeradius is rather easy. Read its sample configuration files, and you will find them easy to understand. I'm glad that the documentation is good. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fwd: FreeRadius2MySQL
Can you please provide me with the link of document you talk about , On 8/4/10, Johan Meiring jmeir...@pcservices.co.za wrote: On 2010/08/04 01:35 PM, Student University wrote: so can please guide me of how i can setup the freeradius 2 with MYSQL to be 100% ready for such production That's easy. All you need to do is read the documentation. -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius 2.1.9 stop working
Thanks Alan. But maybe you can update me with the out date of the RPM in
2.1.10?
I would like to upgrade from the RPM. I don't want to make a ./configure to
install the FreeRadius.
Thanks
Eric B.
-Original Message-
From:
freeradius-users-bounces+eric.belliere=mail.mobistar...@lists.freeradius.org
[mailto:freeradius-users-bounces+eric.belliere=mail.mobistar...@lists.freera
dius.org] On Behalf Of freeradius-users-requ...@lists.freeradius.org
Sent: Tuesday 3 August 2010 16:53
To: freeradius-users@lists.freeradius.org
Subject: Freeradius-Users Digest, Vol 64, Issue 10
Send Freeradius-Users mailing list submissions to
freeradius-users@lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
freeradius-users-requ...@lists.freeradius.org
You can reach the person managing the list at
freeradius-users-ow...@lists.freeradius.org
When replying, please edit your Subject line so it is more specific
than Re: Contents of Freeradius-Users digest...
Today's Topics:
1. Re: Freeradius 2.1.9 digest authentication problem (Alan Buxey)
2. Re: Tag and Untag a port in several VLAN (fcombern...@kezia.com)
3. Re: Freeradius 2.1.9 stop working (Alan DeKok)
4. Re: Freeradius 2.1.9 digest authentication problem
(Nicolas Goutte)
5. Re: Freeradius 2.1.9 digest authentication problem (Alan Buxey)
6. Re: Freeradius 2.1.9 digest authentication problem
(al...@arctel.ru)
7. Re: Freeradius 2.1.9 digest authentication problem (Alan DeKok)
8. Re: Tag and Untag a port in several VLAN (Fabien COMBERNOUS)
9. Re: Freeradius 2.1.9 digest authentication problem
(Nicolas Goutte)
--
Message: 1
Date: Tue, 3 Aug 2010 13:26:27 +0100
From: Alan Buxey a.l.m.bu...@lboro.ac.uk
Subject: Re: Freeradius 2.1.9 digest authentication problem
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Message-ID: 20100803122627.gd16...@lboro.ac.uk
Content-Type: text/plain; charset=us-ascii
Hi,
Tried Cleartext-Password := test, Cleartext-Password == test,
Cleartext-Password = test, result is the same.
and remember - if you are changing the users file and not doing anything
funky, you will have to restart the server!
alan
--
Message: 2
Date: Tue, 3 Aug 2010 14:34:47 +0200 (CEST)
From: fcombern...@kezia.com
Subject: Re: Tag and Untag a port in several VLAN
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Message-ID: e90578a477a443c9f260c2f6b6fc8b28.squir...@kezia.com
Content-Type: text/plain;charset=iso-8859-1
On 2010/08/03 01:51 PM, Fabien COMBERNOUS wrote:
Thank you for your answer.
I can't change FreeRadius version. So i need to use decimal number.
Can you give me an exemple about to untag a port in vlan 7 ?
Just convert 0x320007 to decimal??
No. Just a correct example in hexa to untag in vlan 7.
I'll translate in decimal.
Thank you for your help.
--
Message: 3
Date: Tue, 03 Aug 2010 14:35:34 +0200
From: Alan DeKok al...@deployingradius.com
Subject: Re: Freeradius 2.1.9 stop working
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Message-ID: 4c580d16.6000...@deployingradius.com
Content-Type: text/plain; charset=ISO-8859-1
BELLIERE Eric wrote:
Then if it is a bug I will have to upgrade? or do you have a patch?
you send me the link for GIT.freeradius.org but what must I do to correct
this problem?
Try using the v2.1.x branch from http://git.freeradius.org.
i.e. download it and install it.
The instructions are on that web page. Go read them.
For the log rotate I will add kill -HUP `cat /var/run/radiusd/radiusd.pid`
in postrotate.
Like this :
/var/log/radius/radius.log {
daily
rotate 4
create
missingok
postrotate
kill -HUP `cat /var/run/radiusd/radiusd.pid`
compress
}
Must I put this KILL -HUP for each log to rotate?
(/var/log/radius/radacct/*/detail, /var/log/radius/checkrad.log, ...) or
only for radius.log ?
Only for radius.log.
Alan DeKok.
--
Message: 4
Date: Tue, 3 Aug 2010 14:42:44 +0200
From: Nicolas Goutte nicolas.gou...@extragroup.de
Subject: Re: Freeradius 2.1.9 digest authentication problem
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Message-ID: b32493c2-246d-4fed-b43e-c163af858...@extragroup.de
Content-Type: text/plain; charset=ISO-8859-1; format=flowed; delsp=yes
Am 03.08.2010 um 14:25 schrieb Alan Buxey:
Hi,
Tried Cleartext-Password := test, Cleartext-Password == test,
Cleartext-Password = test, result is the same.
why? why did you do that?
Cleartext-Password := test
is the only correct way. you just
Re: Fwd: FreeRadius2MySQL
Hi, Can you please provide me with the link of document you talk about , http://wiki.freeradius.org/SQL_HOWTO alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2.1.9 stop working
Hi, Thanks Alan. But maybe you can update me with the out date of the RPM in 2.1.10? 2.1.10 isnt out yet. but when it is, then your package maintainers should ensure a new RPM is available. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2.1.9 stop working
On 2010/08/05 11:04 AM, Alan Buxey wrote: 2.1.10 isnt out yet. but when it is, then your package maintainers should ensure a new RPM is available. This page might tell you how to build an RPM from source. http://wiki.freeradius.org/Red_Hat_FAQ Use git as the source. -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius2 + OpenLDAP for Wifi Authentication
I configured a freeradius2 server and an openldap server on the same machine, actually a virtual machine. I would like to ask why does it only works locally? If I try to connect to the wireless network, it gives me a No Authentication Method Found in the debug mode. I really need help for this matter. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius 2.1.9 stop working
Thanks. I saw on http://koji.fedoraproject.org/koji/buildinfo?buildID=187278 that there is a new RPM freeradius-2.1.9-3.fc15.src.rpm and in the changelog I can see Work-around for bug #35 So I will upgrade with this RPM. Maybe someone can confirm that the problem is well corrected with this RPM? Thanks Eric Bellière -Original Message- From: freeradius-users-bounces+eric.belliere=mail.mobistar...@lists.freeradius.org [mailto:freeradius-users-bounces+eric.belliere=mail.mobistar...@lists.freera dius.org] On Behalf Of freeradius-users-requ...@lists.freeradius.org Sent: Thursday 5 August 2010 12:00 To: freeradius-users@lists.freeradius.org Subject: Freeradius-Users Digest, Vol 64, Issue 18 Send Freeradius-Users mailing list submissions to freeradius-users@lists.freeradius.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help' to freeradius-users-requ...@lists.freeradius.org You can reach the person managing the list at freeradius-users-ow...@lists.freeradius.org When replying, please edit your Subject line so it is more specific than Re: Contents of Freeradius-Users digest... Today's Topics: 1. Re: Fwd: FreeRadius2MySQL (Alan Buxey) 2. Re: Freeradius 2.1.9 stop working (Alan Buxey) 3. Re: Freeradius 2.1.9 stop working (Johan Meiring) -- Message: 1 Date: Thu, 5 Aug 2010 10:02:53 +0100 From: Alan Buxey a.l.m.bu...@lboro.ac.uk Subject: Re: Fwd: FreeRadius2MySQL To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Message-ID: 20100805090253.ga20...@lboro.ac.uk Content-Type: text/plain; charset=us-ascii Hi, Can you please provide me with the link of document you talk about , http://wiki.freeradius.org/SQL_HOWTO alan -- Message: 2 Date: Thu, 5 Aug 2010 10:04:38 +0100 From: Alan Buxey a.l.m.bu...@lboro.ac.uk Subject: Re: Freeradius 2.1.9 stop working To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Cc: ROUSSEAU David david.rouss...@mail.mobistar.be Message-ID: 20100805090438.gb20...@lboro.ac.uk Content-Type: text/plain; charset=us-ascii Hi, Thanks Alan. But maybe you can update me with the out date of the RPM in 2.1.10? 2.1.10 isnt out yet. but when it is, then your package maintainers should ensure a new RPM is available. alan -- Message: 3 Date: Thu, 05 Aug 2010 11:19:48 +0200 From: Johan Meiring jmeir...@pcservices.co.za Subject: Re: Freeradius 2.1.9 stop working To: freeradius-users@lists.freeradius.org Message-ID: 4c5a8234.1040...@pcservices.co.za Content-Type: text/plain; charset=ISO-8859-1; format=flowed On 2010/08/05 11:04 AM, Alan Buxey wrote: 2.1.10 isnt out yet. but when it is, then your package maintainers should ensure a new RPM is available. This page might tell you how to build an RPM from source. http://wiki.freeradius.org/Red_Hat_FAQ Use git as the source. -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html End of Freeradius-Users Digest, Vol 64, Issue 18 smime.p7s Description: S/MIME cryptographic signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2.1.9 stop working
BELLIERE Eric wrote: Thanks. I saw on http://koji.fedoraproject.org/koji/buildinfo?buildID=187278 that there is a new RPM freeradius-2.1.9-3.fc15.src.rpm and in the changelog I can see Work-around for bug #35 So I will upgrade with this RPM. Maybe someone can confirm that the problem is well corrected with this RPM? It's just a build of 2.1.9. For the real fix, follow the previous instructions on this list. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re: Fwd: FreeRadius2MySQL
If you have issues with the server, ask questions on the list. DON'T wait weeks, and then recommend that other people use 1.1.x. The issue was reported on FreeBSD. The problem was tracked down by another list subscriber, and the fix is in the git v2.1.x branch. The fix will be in 2.1.10. I have searched the maillist archive many times for a solution, but find nothing. When will the 2.1.10 be released? I am looking forward to it. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fwd: FreeRadius2MySQL
shark_l wrote: I have searched the maillist archive many times for a solution, but find nothing. When will the 2.1.10 be released? I am looking forward to it. 2.1.10 should be out in a few weeks. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius2 + OpenLDAP for Wifi Authentication
rrpe...@apc.edu.ph wrote: I configured a freeradius2 server and an openldap server on the same machine, actually a virtual machine. I would like to ask why does it only works locally? If I try to connect to the wireless network, it gives me a No Authentication Method Found in the debug mode. I really need help for this matter. Post the FULL debugging mode as suggested in the FAQ, README, etc. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Trouble migrating EAP TLS authentication from Free Radius 1.1.8 to 2.1.9
SEELEMANN, Sven wrote: I've been trying to migrate the FreeRadius server from 1.1.8 to the latest (stable) release (2.1.9 at the last try, 2.1.8 before that). The configurations should be largely similar. i.e. minimal changes should be required. I'm using EAP TLS to authenticate modem connection to our DSLAM (using 2 way authentication). The 1.1.8 server has no trouble performing the task, however, the 2.1.x server doesn't ever complete the authentication process. From what I can tell, once the 1.1.8 server gets the final TLS ACK it allows the connection, but the 2.1.x server is looking for something else. No. The server sends a challenge, and the supplicant (PC) fails to continue the EAP conversation. Is this a FreeRadius issue or a DSLAM problem? If DSLAM, where is the best place to start looking for description of what should be happening? Check that the certificates, etc. are the same between the two configurations. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
problems to buid freeRadius v2.1.9 on Solaris 10 (x86)
hi... :) I have some problems to build freeRadius v2.1.9 on Solaris (x86). I install libCap, GDBM, libTool, openLDAP and openSSL to resolve some dependences and i can generate make without problems. But, when i try to compile them (using gmake) i have the following issue: # gmake : : feof0x48d /usr/local/ssl/lib/libcrypto.a(bss_file.o) feof0x323 /usr/local/ssl/lib/libcrypto.a(ui_openssl.o) fseek 0x49b /usr/local/ssl/lib/libcrypto.a(bss_file.o) __udivdi3 0xce /usr/local/ssl/lib/libcrypto.a(b_print.o) __udivdi3 0x4a6 /usr/local/ssl/lib/libcrypto.a(b_print.o) ld: fatal: relocations remain against allocatable but non-writable sections collect2: ld returned 1 exit status gmake[9]: *** [rlm_eap_tls.la] Error 1 gmake[9]: Leaving directory `/Desktop/freeRadius/tmp/freeradius-server-2.1.9/src/modules/rlm_eap/types/rlm_eap_tls' gmake[8]: *** [rlm_eap_tls] Error 2 gmake[8]: Leaving directory `/Desktop/freeRadius/tmp/freeradius-server-2.1.9/src/modules/rlm_eap/types' gmake[7]: *** [all] Error 2 gmake[7]: Leaving directory `/Desktop/freeRadius/tmp/freeradius-server-2.1.9/src/modules/rlm_eap/types' gmake[6]: *** [types] Error 2 gmake[6]: Leaving directory `/Desktop/freeRadius/tmp/freeradius-server-2.1.9/src/modules/rlm_eap' gmake[5]: *** [rlm_eap] Error 2 gmake[5]: Leaving directory `/Desktop/freeRadius/tmp/freeradius-server-2.1.9/src/modules' gmake[4]: *** [all] Error 2 gmake[4]: Leaving directory `/Desktop/freeRadius/tmp/freeradius-server-2.1.9/src/modules' gmake[3]: *** [modules] Error 2 gmake[3]: Leaving directory `/Desktop/freeRadius/tmp/freeradius-server-2.1.9/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/Desktop/freeRadius/tmp/freeradius-server-2.1.9/src' gmake[1]: *** [src] Error 2 gmake[1]: Leaving directory `/Desktop/freeRadius/tmp/freeradius-server-2.1.9' gmake: *** [all] Error 2 I try to fix them setting some parameters when i build make script , search in www but i can find nothing that help me fix them... :( Any idea? Thanks in advance! :) -- *Salu2 ;)* - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problems to buid freeRadius v2.1.9 on Solaris 10 (x86)
maximatt wrote: I have some problems to build freeRadius v2.1.9 on Solaris (x86). I install libCap, GDBM, libTool, openLDAP and openSSL to resolve some dependences and i can generate make without problems. But, when i try to compile them (using gmake) i have the following issue: ... ld: fatal: relocations remain against allocatable but non-writable sections It's a Solaris issue, not a FreeRADIUS one. Type that error message into google, and see what it comes up with. I've built many versions of FreeRADIUS on *many* Solaris systems, and have *never* seen this message. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problems to buid freeRadius v2.1.9 on Solaris 10 (x86)
Recomendations about these (i prefer not apply non-official patchs): http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg51011.html Thanks :) 2010/8/5 Alan DeKok al...@deployingradius.com maximatt wrote: I have some problems to build freeRadius v2.1.9 on Solaris (x86). I install libCap, GDBM, libTool, openLDAP and openSSL to resolve some dependences and i can generate make without problems. But, when i try to compile them (using gmake) i have the following issue: ... ld: fatal: relocations remain against allocatable but non-writable sections It's a Solaris issue, not a FreeRADIUS one. Type that error message into google, and see what it comes up with. I've built many versions of FreeRADIUS on *many* Solaris systems, and have *never* seen this message. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- *Salu2 ;)* - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problems to buid freeRadius v2.1.9 on Solaris 10 (x86)
maximatt wrote: Recomendations about these (i prefer not apply non-official patchs): http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg51011.html http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg51015.html Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problems to buid freeRadius v2.1.9 on Solaris 10 (x86)
ok.. Thanks again for your time and patience. 2010/8/5 Alan DeKok al...@deployingradius.com maximatt wrote: Recomendations about these (i prefer not apply non-official patchs): http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg51011.html http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg51015.html Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- *Salu2 ;)* - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius sql modul faild to load
Hello. I have freeradius 2.1.9 on Fedora 13. I also have mysql-server installed and freeradius-mysql package. I created database with Daloradius sql script and everything works, but when i uncomment sql in /raddb/sites-enabled/default file, freeradius gives error, failed to load sql modules. what can i do? please help me. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius sql modul faild to load
On 08/05/2010 12:48 PM, ziko wrote: Hello. I have freeradius 2.1.9 on Fedora 13. I also have mysql-server installed and freeradius-mysql package. I created database with Daloradius sql script and everything works, but when i uncomment sql in /raddb/sites-enabled/default file, freeradius gives error, failed to load sql modules. what can i do? please help me. Please provide the output of /usr/sbin/radiusd -X (note you must stop any running instances via /sbin/service radiusd stop). -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RADIUS Certificate question
I am about to generate a CSR for my FreeRADIUS Server. The vast majority of my clients are Vista and Win 7 with a few MACs, with this in mind would I be better off going with a 1024 bit cert or would a 2048 bit cert be better? I know both are quite secure, but for platform interoperability and future proofing, does anyone have any thoughts on which one is better? Jake Sallee Godfather Of Bandwidth Network Engineer Fone: 254-295-4658 Phax: 254-295-4221 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Setting up pam_radius_auth
On Tue, Jul 27, 2010 at 1:22 AM, Alan DeKok al...@deployingradius.comwrote: Mike J wrote: It is a PPC module. However, since I was having problems with it I decided to install the PAM module for my x86 workstation (from the Ubuntu Hardy repository). I'm getting the same results. The client/server talk to each other but the password doesn't seem to be decrypted when the auth request gets to the server. Then the shared secret is wrong. The debug log shows this. Go fix the shared secret. I've already checked the shared secret. Even though the log message says the shared secret is probably wrong, it isn't. I've fixed the x86 module (was using a wrong client config file). So I have x86 working but don't have the ppc module working. I've also double checked how I was building the PPC PAM module. I'm using the provided makefile and setting up the compiler and linker to use the proper ppc build tools. Any ideas of where I could be going wrong when compiling it? Endian issues. It's buried in the source... Is this likely the cause of my issue? By the way, this is the entry in the top of my users file on my RADIUS server: testing Cleartext-Password := password Is the Cleartext-Password option okay with for authenticating PAM clients? Yes. The RADIUS server looks at the contents of the packet, *not* the source code of the client. Thanks for clarifying that. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: suffix configuration
Does anyone have any input on this? It is kind of a problem for me and I could really use some help : ) Jake Sallee Godfather Of Bandwidth Network Engineer Fone: 254-295-4658 Phax: 254-295-4221 -Original Message- From: freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org [mailto:freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.o rg] On Behalf Of Sallee, Stephen (Jake) Sent: Tuesday, August 03, 2010 3:11 PM To: freeradius-users@lists.freeradius.org Subject: suffix configuration One last problem and I think I am ready for production, wohoo! When my users try to login with the convention usern...@domain the login fails because I do not think I have FreeRADIUS correctly configured to parse out the domain, however if they login with the convention domain\username it works fine. Where do I configure the behavior of suffix to act the same as prefix? Jake Sallee Godfather Of Bandwidth Network Engineer Fone: 254-295-4658 Phax: 254-295-4221 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: suffix configuration
On 2010/08/05 08:17 PM, Sallee, Stephen (Jake) wrote: Does anyone have any input on this? It is kind of a problem for me and I could really use some help : ) realms -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: suffix configuration
realms ... thank you. Whilst I do appreciate brevity, a single monosyllabic response seems as though it may be a bit too brief : ) Can you elaborate? I am not asking for anyone so solve my problem for me but rather to be pointed in the correct direction. Thanks! Jake Sallee Godfather Of Bandwidth Network Engineer Fone: 254-295-4658 Phax: 254-295-4221 -Original Message- From: freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org [mailto:freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.o rg] On Behalf Of Johan Meiring Sent: Thursday, August 05, 2010 1:29 PM To: freeradius-users@lists.freeradius.org Subject: Re: suffix configuration On 2010/08/05 08:17 PM, Sallee, Stephen (Jake) wrote: Does anyone have any input on this? It is kind of a problem for me and I could really use some help : ) realms -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: suffix configuration
On 2010/08/05 08:37 PM, Sallee, Stephen (Jake) wrote: realms ... thank you. Whilst I do appreciate brevity, a single monosyllabic response seems as though it may be a bit too brief : ) Can you elaborate? I am not asking for anyone so solve my problem for me but rather to be pointed in the correct direction. Was hoping you had read all the files in /etc/radiusd (or /etc/freeradius) already. Look at modules/realm This is how you split off domain\user or u...@domain. -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mac-auth-bypass
Where can I find a good document on using freeRADIUS for mac-auth-bypass? ___ Brett - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mac-auth-bypass
I got basic mab working with freeradius with following configuration in users file 01000701 Cleartext-Password := 01000701 Tunnel-Medium-Type = 6, Tunnel-Type = VLAN, Tunnel-Private-Group-Id = 4093, User-Priority-Table = 01234567 Thanks, Ashish On Thu, Aug 5, 2010 at 1:58 PM, Brett A. Karns ba...@psu.edu wrote: Where can I find a good document on using freeRADIUS for mac-auth-bypass? *___* *Brett** * - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Moving to Virtual Servers
Greetings,
I've been using the documentation here:
http://wiki.freeradius.org/Virtual_server attempting to create 2 virtual
servers on the same socket each associated with a client.
I have already configured the ldap module, as well as added some lines
to the users file. Before virtualizing I am able to authenticate my
ldap users via radtest.
Here's the config that works against LDAP, before trying to add to a
virtual server:
prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = /var/log/freeradius
raddbdir = /etc/freeradius
radacctdir = ${logdir}/radacct
name = freeradius
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/${name}
db_dir = ${raddbdir}
libdir = /usr/lib/freeradius
pidfile = ${run_dir}/${name}.pid
user = freerad
group = freerad
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
listen {
type = auth
ipaddr = *
port = 1812
}
listen {
ipaddr = *
port = 1813
type = acct
}
client 192.168.1.0/24 {
secret = testing123
}
hostname_lookups = no
allow_core_dumps = no
regular_expressions= yes
extended_expressions= yes
log {
destination = files
file = ${logdir}/radius.log
syslog_facility = daemon
stripped_names = yes
auth = yes
auth_badpass = yes
auth_goodpass = no
msg_goodpass = Great Success!
msg_badpass = I'm sorry but you appear to have entered a incorrect
password or you may not be authorized to access this equipment
}
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
proxy_requests = yes
$INCLUDE proxy.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
$INCLUDE ${confdir}/modules/
$INCLUDE eap.conf
}
instantiate {
exec
expr
expiration
logintime
}
$INCLUDE policy.conf
$INCLUDE sites-enabled/
...And the output from a test in debug mode (edited out passwords and
password hashes):
[ldap] Entering ldap_groupcmp()
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] ldap_release_conn: Release Id: 0
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
rlm_ldap::ldap_groupcmp: User found in group NOC
[ldap] ldap_release_conn: Release Id: 0
[ldap] performing user authorization for cjohnson
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] sambaNtPassword - NT-Password ==
0xXX
[ldap] sambaLmPassword - LM-Password ==
0xXX
[ldap] looking for reply items in directory...
[ldap] Setting Auth-Type = LDAP
[ldap] user cjohnson authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
[ldap] login attempt by cjohnson with password s3cret
[ldap] user DN: uid=cjohnson,ou=Users,dc=corp,dc=example,dc=com
[ldap] (re)connect to 192.168.1.99:389, authentication 1
[ldap] bind as uid=cjohnson,ou=Users,dc=corp,dc=example,dc=com/s3cret
to 192.168.1.99:389
[ldap] waiting for bind result ...
[ldap] Bind was successful
[ldap] user cjohnson authenticated succesfully
Login OK: [cjohnson] (from client 192.168.1.0/24 port 0) Great Success!
Waking up in 4.0 seconds.
Here's the changes I made to the config, attempting to add current setup
to virtual server server_one:
...
listen {
type = auth
ipaddr = *
port = 1812
}
listen {
ipaddr = *
port = 1813
type = acct
}
client 192.168.1.0/24 {
virtual_server = server_one
secret = testing123
}
server server_one {
}
...
The rest of the config is the same. The server will start, but now I
can't see my LDAP users, heres the log entry:
server server_one {
Login incorrect: [cjohnson/s3cret] (from client 192.168.1.0/24 port 0)
I'm sorry but you appear to have entered a incorrect password or you may
not be authorized to access this equipment
} # server server_one
Is there something I need to put within server section? It's as if the
ldap module and the users file aren't being referenced anymore.
Any tips or references to complete examples where virtual servers are
set up in this way? If someone could take a moment to point me in the
right direction I would certainly appreciate it.
Cory J
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: suffix configuration
Look at modules/realm
This is how you split off domain\user or u...@domain.
I did look at that file before I posted, but I don't know what I could
change in it that would help me. It looks like the only think that is
set in that file is the delimiter.
The suffix delimiter is correct, but I still cannot get authenticated
with the usern...@domain convention.
I tried adding the following to my realms file but it does nothing
--
realm umhb.edu {
format = suffix
delimiter = @
}
realm cru {
format = suffix
delimiter = @
}
--
Jake Sallee
Godfather Of Bandwidth
Network Engineer
Fone: 254-295-4658
Phax: 254-295-4221
-Original Message-
From: freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org
[mailto:freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.o
rg] On Behalf Of Johan Meiring
Sent: Thursday, August 05, 2010 2:03 PM
To: freeradius-users@lists.freeradius.org
Subject: Re: suffix configuration
On 2010/08/05 08:37 PM, Sallee, Stephen (Jake) wrote:
realms
... thank you. Whilst I do appreciate brevity, a single monosyllabic
response seems as though it may be a bit too brief : )
Can you elaborate? I am not asking for anyone so solve my problem for
me but rather to be pointed in the correct direction.
Was hoping you had read all the files in /etc/radiusd (or
/etc/freeradius) already.
Look at modules/realm
This is how you split off domain\user or u...@domain.
--
Johan Meiring
Cape PC Services CC
Tel: (021) 883-8271
Fax: (021) 886-7782
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
