Re: NAS-IP(v6)-Address = Packet-Src-IP(v6)-Address
Alexander Clouter wrote: So, when NAS-IP(v6)-Address already exists, nothing happens, however if it does, then it an attribute with the contents of Packet-Src-IP(v6)-Address is added; obviously depending on the socket type the packet arrives over so I am guessing in practice you probably really only see this when communicating with IPv6 proxies? The problem is, I have not added this type of thing to my config. The preprocess module does this. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS exiting with Signal 11 on FreeBSD
Hugh Blandford wrote: I can see no pattern in my radius.log that is consistent for all of the exits. As this server is fairly quiet /var/log/messages is really quite empty: Watch the CPU and memory usage by the server. top is also similarly boring.at the present, I don't know what it looks like just after FreeRADIUS exits. I will investigate it next time it happens. If you can, monitor any signals being sent to the server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Do get in some other file?
Hi.. It seems that you all have the same teacher... last 15 days this list was in some kind of spam attack... Almost the same questions every day... Hi I am and I have FR 2.1.10 on Ubuntu. How to add MAC to file? On 12/14/2010 1:46 AM, Gilberto Uriostegui García wrote: hello my name is Gilberto Uriostegui, I'm new at this and am doing an internship in my teacher networks I have version 2.1.10. tar.gz freeradius I installed Ubuntu 9.10 freeradius first and unzipped and put into execution and let me open the port 1812, now I got into the user file to declare some users and declare some removing the # for comments that were no longer up there all very well. . but my question is: How I can add mac address on file? or Do get in some other file? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Do get in some other file?
On 2010/12/14 11:08 AM, Marinko Tarlac wrote: Hi.. It seems that you all have the same teacher... last 15 days this list was in some kind of spam attack... Almost the same questions every day... Hi I am and I have FR 2.1.10 on Ubuntu. How to add MAC to file? I think the answer is here: http://www.catb.org/~esr/faqs/smart-questions.html Especially here: http://www.catb.org/~esr/faqs/smart-questions.html#homework Maybe someone should tell us who the teacher is so we can ask him to add some mailing list etiquette to his course? Cheers, -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FR 2.1.6 add realm to User-Name before Proxy by listening port
Hello. Thank you Phil for the quick answer and these examples. Exactly what i was looking for. I will give this a go. Seems easy enough. Do you know where i could find some or all the possible values that I can use for this tweaking? Like: Packet-Dst-Port and so on.. I guess all of the RADIUS-Attributes could be used that are allowed in the Access-Request packet? Thanks again. Regards Mika -- View this message in context: http://freeradius.1045715.n5.nabble.com/FR-2-1-6-add-realm-to-User-Name-before-Proxy-by-listening-port-tp3303117p3304487.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FR 2.1.6 add realm to User-Name before Proxy by listening port
On 14/12/10 12:25, Mika wrote: Hello. Thank you Phil for the quick answer and these examples. Exactly what i was looking for. I will give this a go. Seems easy enough. Do you know where i could find some or all the possible values that I can use for this tweaking? Like: Packet-Dst-Port doc/variables.rst ...contains some info. and so on.. I guess all of the RADIUS-Attributes could be used that are allowed in the Access-Request packet? Yes. Some attributes are internal/virtual or added by FreeRadius when the packet is received, or by the preprocess module. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Failed remembering handle for proxy socket
Hello. I am running FreeRadius 2.1.6 and testing a huge configuration in the way that i am trying to open ~400 virtual servers on different ports. Have a file in /etc/raddb/sites-enabled with all the configuration (listen and virtual_server configs..) radiusd -X stops with the below error: snip... Listening on authentication address 192.168.199.9 port 22062 as server SERVER-22062 Listening on authentication address 192.168.199.9 port 22063 as server SERVER-22063 Listening on authentication address 192.168.199.9 port 22064 as server SERVER-22064 Listening on authentication address 192.168.199.9 port 22065 as server SERVER-22065 Listening on authentication address 192.168.199.9 port 22066 as server SERVER-22066 Listening on authentication address 192.168.199.9 port 22067 as server SERVER-22067 Failed remembering handle for proxy socket! Is this a limitation of my labsystem hardware, the operating system Centos 5.3, FreeRadius 2.1.6 or just not meant to work by design? If i lower the limit of virtual servers to approx. 200 the configuration works. Has anyone seen this error before? Thanks in advance Regards Mika -- View this message in context: http://freeradius.1045715.n5.nabble.com/Failed-remembering-handle-for-proxy-socket-tp3304502p3304502.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Failed remembering handle for proxy socket
Mika wrote I am running FreeRadius 2.1.6 and testing a huge configuration in the way that i am trying to open ~400 virtual servers on different ports. Have a file in /etc/raddb/sites-enabled with all the configuration (listen and virtual_server configs..) ... Failed remembering handle for proxy socket! Upgrade to 2.1.10. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Failed remembering handle for proxy socket
Alan DeKok-2 wrote: Upgrade to 2.1.10. Alan DeKok. - OK. Will upgrade to 2.1.10. Thanks -- View this message in context: http://freeradius.1045715.n5.nabble.com/Failed-remembering-handle-for-proxy-socket-tp3304502p3304524.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alvarion BS Service Provision
I cannot get our Alvarion BS to assign service profiles to a MS. I have
read the forums and tried to use that information to help, but I cannot
get a service profile to be assigned. Our setup is as follows:
FreeRADIUS AAA with MySQL database.
The radgroupreply is:
8 | MLB_MS| Filter-ID | = |
n=sp1:v=VLAN_200:h=OFF:a=ON,VLAN_200:c=ON
The radusergroup is:
mlb_lab_...@wimax.com| MLB_MS|1 |
a sample from radiusd -x
Access-Request:
Access-Request packet from host 192.168.254.253 port 49154, id=109,
length=258
User-Name = {am=1}6ced97d91a6fcef3419e70f9c7ff3...@wimax.com
NAS-IP-Address = 192.168.254.253
NAS-Port-Type = 27
NAS-Port = 3
Calling-Station-Id = \000\020\347A\\d
NAS-Identifier = 00200200265002
WiMAX-GMT-Timezone-offset = 18000
Framed-MTU = 1490
Service-Type = Framed-User
WiMAX-Release = 1.0
WiMAX-Accounting-Capabilities = IP-Session-Based
WiMAX-BS-Id = 0x303032303032303032303030303635303032
EAP-Message =
0x02010035017b616d3d317d36636564393764393161336566333431396537306639
6337333463314057694d61782e636f6d
Message-Authenticator = 0x4277326335201e6d8fa3f8a26a9311d7
Access-Accept:
Sending Access-Accept of id 108 to 192.168.254.253 port 49154
Filter-Id = n=sp1:v=VLAN_200:h=OFF:a=ON,VLAN_200:c=OFF
WiMAX-FA-RK-Key = 0x00
WiMAX-MSK = 0x
TTLS Reply:
[ttls] Got tunneled reply code 2
Filter-Id = n=sp1:v=VLAN_200:h=OFF:a=ON,VLAN_200:c=ON
MS-CHAP2-Success =
0x98533d4133464334443937354642413645433943313532394132364331384437343743
4542313443453330
MS-MPPE-Recv-Key = 0x095bfcafbd7e6970eb5762a77b159f59
MS-MPPE-Send-Key = 0x4d060be03b8d2c8939627ade2f95c539
MS-MPPE-Encryption-Policy = 0x0001
MS-MPPE-Encryption-Types = 0x0006
The most helpful information would be a guide on how to configure
FreeRADIUS and the associated MySQL server to apply a service profile to
a MS.
Thanks for the help.
Stuart Wilson
Email: swils...@harris.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Failed remembering handle for proxy socket
hi, its an interesting testwhy are you not using the latest release of FreeRADIUS (2.1.10 ?) for this work...you seem to be comfortable with the technology... is there a reason why you want so many virtual servers listening on the same IP address? It seems a strange design - surely policies and unlang within the server could operate the same scheme more efficiently? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Failed remembering handle for proxy socket
Alan Buxey wrote: its an interesting testwhy are you not using the latest release of FreeRADIUS (2.1.10 ?) 2.1.6 has worked fine for us, until now when we need some new functionality. Alan Buxey wrote: is there a reason why you want so many virtual servers listening on the same IP address? It seems a strange design - surely policies and unlang within the server could operate the same scheme more efficiently? I believe you might be right Alan. It is not really the same IP-address that is necessary. We need a policy per port. If you saw my earlier post with user-name conversion titled FR 2.1.6 add realm to User-Name before Proxy by listening port. This is what i am trying to accomplish. a port per customer where user-name conversion is done before proxy.. My unlang skills are not that good i am afraid. But if you can point me towards a simpler solution i would more than happy. Thanks and regards Mika -- View this message in context: http://freeradius.1045715.n5.nabble.com/Failed-remembering-handle-for-proxy-socket-tp3304502p3304555.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PEAP/EAP-GTC proxy?
Hello, I've been trying to configure a new freeradius server (ver. 2.1.7) to proxy a OTP passcode to an existing (production) freeradius server (ver. 1.0.1) that is already setup to accept and authenticate the OTP passcodes for our remote access NAS devices (VPN, etc). I would like to use PEAP/EAP-GTC for wired 802.1x on our Cisco edge switches and terminate the PEAP tunnel on the new radius server, sending the passcode on to the existing radius server for authentication by proxy. I've been able to accomplish this using Cisco ACS but would like to use freeradius instead so that some other things can be done easier which ACS is not well suited for. From what I've read, proxy auth is possible and done quite a bit but mainly using mschapv2 as the inner auth method instead of gtc. I've been beating on this for days now and starting to feel I may never get this accomplished w/o help. I get to the point where either the PEAP tunnel is terminated on the new server and the gtc passcode is not proxied to the other server or the authentication is proxied to the other server but as EAP instead of just the cleartext OTP passcode. Following is the output of starting freeradius in debug mode, followed by the dubug results during anauthentication attempt. I assume all the needed info will be in this output. Sorry in advance if I have not provided enough info or too much. ANy help or suggestions would be appreciated. I have read a lot of the documentation and forum info but I havent found any obvious solution to my problem yet. Thanks, Mark Debug output: [r...@mackeral-dev raddb]# /usr/sbin/radiusd -X FreeRADIUS Version 2.1.7, for host x86_64-redhat-linux-gnu, built on Dec 30 2009 at 13:46:28 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/raddb/radiusd.conf including configuration file /etc/raddb/proxy.conf including configuration file /etc/raddb/clients.conf including files in directory /etc/raddb/modules/ including configuration file /etc/raddb/modules/digest including configuration file /etc/raddb/modules/ippool including configuration file /etc/raddb/modules/echo including configuration file /etc/raddb/modules/detail.example.com including configuration file /etc/raddb/modules/passwd including configuration file /etc/raddb/modules/pap including configuration file /etc/raddb/modules/exec including configuration file /etc/raddb/modules/logintime including configuration file /etc/raddb/modules/mac2ip including configuration file /etc/raddb/modules/counter including configuration file /etc/raddb/modules/always including configuration file /etc/raddb/modules/mac2vlan including configuration file /etc/raddb/modules/attr_filter including configuration file /etc/raddb/modules/pam including configuration file /etc/raddb/modules/attr_rewrite including configuration file /etc/raddb/modules/sqlcounter_expire_on_login including configuration file /etc/raddb/modules/cui including configuration file /etc/raddb/modules/sql_log including configuration file /etc/raddb/modules/inner-eap including configuration file /etc/raddb/modules/sradutmp including configuration file /etc/raddb/modules/mschap including configuration file /etc/raddb/modules/perl including configuration file /etc/raddb/modules/expr including configuration file /etc/raddb/modules/files including configuration file /etc/raddb/modules/chap including configuration file /etc/raddb/modules/radutmp including configuration file /etc/raddb/modules/etc_group including configuration file /etc/raddb/modules/realm including configuration file /etc/raddb/modules/smsotp including configuration file /etc/raddb/modules/preprocess including configuration file /etc/raddb/modules/expiration including configuration file /etc/raddb/modules/checkval including configuration file /etc/raddb/modules/detail.log including configuration file /etc/raddb/modules/linelog including configuration file /etc/raddb/modules/smbpasswd including configuration file /etc/raddb/modules/unix including configuration file /etc/raddb/modules/detail including configuration file /etc/raddb/modules/wimax including configuration file /etc/raddb/modules/otp including configuration file /etc/raddb/modules/acct_unique including configuration file /etc/raddb/modules/policy including configuration file /etc/raddb/eap.conf including configuration file /etc/raddb/policy.conf including files in directory /etc/raddb/sites-enabled/ including configuration file /etc/raddb/sites-enabled/control-socket including configuration file /etc/raddb/sites-enabled/default including configuration file /etc/raddb/sites-enabled/inner-tunnel including configuration file /etc/raddb/sites-enabled/proxy-inner-tunnel group = radiusd user =
Re: syntax to discharge my mac Address
the problem is we can not enlist the mac addresses for users toaccess computers right through an access point with the mac address without entering password only with the mac address ofeach computer and have unique access to these computers do notknow how to do it and have found as we do on the Internet or anywebsite - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: One virtual server for MS-chapv2 against AD w/ ntlm_auth, the other one against ldap ntpasswd hash possible?
Got the whole setup working. So basically if users sign on with
usern...@foo.edu with eap, they will be sent to ldap w/ ntpassword
authorization. If users sign on with username only with eap, they will
be sent to active directory w/ ntlm authentication.
configuration changes are the following:
etc/raddb/proxy.conf add
realm foo.edu {
}
realm NULL {
}
/etc/raddb/site-enabled/inner-tunnel at the ldap line in authorize section add
switch %{Realm} {
case foo.edu {
ldap
#see /etc/raddb/module/mschap if ntpassword available,
then do not use
#NTLM_auth
update control {
MS-CHAP-Use-NTLM-Auth := NO
}
case NULL {
mschap
}
}
etc/raddb/module/mschap, etc/raddb/module/ntlm are all from integrate
with Active Directory howto.
Thanks for the great software, and can not wait to see the finish of
the book. There are so many internals to be understood.
Schilling
On Wed, Dec 8, 2010 at 2:12 AM, Alan DeKok al...@deployingradius.com wrote:
schilling wrote:
Just to be sure. Both user(username and usern...@foo.edu) will use
eap, mschapv2 to authenticate. But there is only one mschap module in
etc/raddb/modules/?
So... configure another mschap module.
See raddb/modules/files for examples of configuring two instances of
the same module.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Failed remembering handle for proxy socket
Upgrade to 2.1.10 did not solve the problem.
I also tried increasing physical memory to 1,5 GB, but i still get the same
error.
Would be good to know where the limitation is..
I guess the configuration is not meant to be this way. Need to add more
logic to the config i think.
Debug output:
[r...@centos sites-enabled]# radiusd -X
FreeRADIUS Version 2.1.10, for host i686-redhat-linux-gnu, built on Dec 11
2010 at 13:25:55
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/attr_filter
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/radutmp
including configuration file /etc/raddb/modules/opendirectory
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/ntlm_auth
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/otp
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/inner-eap
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/smsotp
including configuration file /etc/raddb/modules/cui
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/modules/dynamic_clients
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/perl
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/linelog
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/detail.log
including configuration file /etc/raddb/sql.conf
including configuration file /etc/raddb/sql/mysql/dialup.conf
including configuration file /etc/raddb/policy.conf
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/output
including configuration file /etc/raddb/sites-enabled/inner-tunnel
including configuration file /etc/raddb/sites-enabled/default
including configuration file /etc/raddb/sites-enabled/control-socket
main {
user = radiusd
group = radiusd
allow_core_dumps = no
}
including dictionary file /etc/raddb/dictionary
main {
prefix = /usr
localstatedir = /var
logdir = /var/log/radius
libdir = /usr/lib/freeradius
radacctdir = /var/log/radius/radacct
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = /var/run/radiusd/radiusd.pid
checkrad = /usr/sbin/checkrad
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
}
radiusd: Loading Realms and Home Servers
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = auth
secret =
Re: syntax to discharge my mac Address
luis ramiro ochoa torres wrote: the problem is we can not enlist the mac addresses for users toaccess computers right through an access point with the mac address without entering password only with the mac address ofeach computer and have unique access to these computers do notknow how to do it and have found as we do on the Internet or anywebsite There is no web site describing exactly how to solve this problem. You *must* think for yourself. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP/EAP-GTC proxy?
mgmitch wrote: ERROR: Failed to create a new socket for proxying requests. Upgrade to 2.1.10. This was *exactly* the same message posted only a day or so ago. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Failed remembering handle for proxy socket
Mika wrote: Upgrade to 2.1.10 did not solve the problem. I also tried increasing physical memory to 1,5 GB, but i still get the same error. It is not an out of memory error. Would be good to know where the limitation is.. I guess the configuration is not meant to be this way. Need to add more logic to the config i think. ... Failed remembering handle for proxy socket! You are probably opening *way* too many sockets. I'm a little surprised at your configuration. It's rarely necessary to have the server listen on dozens of ports. Instead, select the virtual server by *client*. It's much simpler, and it scales to 500K clients. (Yes, this has been done) Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: wifi ip allocation
Hello all, I'm also trying to assign pools of IPs based on LDAP group membership. Since your conversation is very technical and not easy to put in place by someone who just started with RADIUS, I was looking for a descriptive way to get to that end. And I found the following : http://www.anthonymendoza.com/index2.php?option=com_contentdo_pdf=1id=58 http://www.anthonymendoza.com/index2.php?option=com_contentdo_pdf=1id=58 With a brief overview, can you please valid the pdf way can work? Or could you point me to a ressource with which I could do it your way? Thank you! -- View this message in context: http://freeradius.1045715.n5.nabble.com/wifi-ip-allocation-tp3286614p3305394.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: syntax to discharge my mac Address
okay I'll keep trying thanks... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: wifi ip allocation
Le mardi 14 décembre 2010 à 14:25 -0800, pauvre a écrit : Hello all, I'm also trying to assign pools of IPs based on LDAP group membership. Since your conversation is very technical and not easy to put in place by someone who just started with RADIUS, I was looking for a descriptive way to get to that end. And I found the following : http://www.anthonymendoza.com/index2.php?option=com_contentdo_pdf=1id=58 http://www.anthonymendoza.com/index2.php?option=com_contentdo_pdf=1id=58 With a brief overview, can you please valid the pdf way can work? I can't judge the cisco part but the radius part should work if you do not want to use dhcp Note that the initial talk we had was about assigning addresss to non-ppp interface. If what you want to do has to done on ethernet like network (wifi or wired ethernet) it wont work. regards Or could you point me to a ressource with which I could do it your way? Thank you! -- Follow us on: twitter https://www.twitter.com/manainternet - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius/Oracle compilation
Hello I didn't have even a comment about this.
Is there something stupid in the proposed patch?
regards.
Le samedi 11 décembre 2010 à 18:43 -1000, alexandre.chapel...@mana.pf a
écrit :
Unless I missunderstood the compil process it seems to me that todays source
tree is stuck to Oracle 10g. Indeed the configure.in file for the
rlm_sql_oracle module has a library name harcoded: libnnz10.
If you run Oracle instantclient 11g (I guess it's the same with a full
installation of Oracle 11g) the library is named libnnz11. As a result,
oracle linking test wiil always fail even with a correct
--with-oracle-lib-dir set.
To be able to compile with both version of Oracle (10g and 11g)
I suggest a new option can be set that would define the version during
./configure.
If it sounds ok for everyone and can be tested by more people (I only tested
it on Debian with instantclient_11.1), here is works for me patch that
introduce the --with-oracle-version switch.
---
freeradius-server-2.1.10.orig/src/modules/rlm_sql/drivers/rlm_sql_oracle/configure.in
2010-09-28 11:03:56.0 +
+++
freeradius-server-2.1.10/src/modules/rlm_sql/drivers/rlm_sql_oracle/configure.in
2010-12-12 03:58:02.0 +
@@ -22,6 +22,23 @@
dnl # Check for command line options
dnl
+ dnl extra argument: --with-oracle-version=VER
+ oracle_version=
+ AC_ARG_WITH(oracle-version,
+ [AS_HELP_STRING([--with-oracle-version=VER],
+ [Version of Oracle to search for. Should be 10 for
Oracle 10g and 11 for 11g])],
+ [case $withval in
+11)
+oracle_version=$withval
+;;
+10)
+oracle_version=$withval
+;;
+*)
+ AC_MSG_ERROR(Need oracle-version)
+;;
+esac])
+
dnl extra argument: --with-oracle-include-dir=DIR
oracle_include_dir=
AC_ARG_WITH(oracle-include-dir,
@@ -86,7 +103,12 @@
if test x$oracle_lib_dir != x ; then
ORACLE_LIBDIR_SWITCH=-L${oracle_lib_dir}
fi
- LIBS=$old_LIBS $ORACLE_LIBDIR_SWITCH -lclntsh -lnnz10
+if test x$oracle_version = x ; then
+AC_MSG_RESULT(no)
+AC_MSG_WARN([oracle version not found. Use
--with-oracle-version={10|11}.])
+fail=$fail Oracle version
+else
+ LIBS=$old_LIBS $ORACLE_LIBDIR_SWITCH -lclntsh
-lnnz${oracle_version}
AC_TRY_LINK([#include oci.h
static OCIEnv *p_env;
@@ -109,12 +131,13 @@
(void (*)(dvoid *, dvoid *)) 0 );
],
- ORACLE_LIBS=$ORACLE_LIBDIR_SWITCH -lclntsh -lnnz10,
+ ORACLE_LIBS=$ORACLE_LIBDIR_SWITCH -lclntsh
-lnnz${oracle_version},
ORACLE_LIBS=
)
LIBS=$old_LIBS
CFLAGS=$old_CFLAGS
+fi
fi
@@ -129,7 +152,7 @@
if test x$ORACLE_LIBS = x; then
AC_MSG_WARN([oracle libraries not found. Use
--with-oracle-lib-dir=path.])
- fail=$fail libclntsh libnnz10
+ fail=$fail libclntsh libnnz${oracle_version}
else
sql_oracle_ldflags=${sql_oracle_ldflags} $ORACLE_LIBS
AC_MSG_RESULT(yes)
As you can see the patch modify the configure.in file autogen.sh must be used
after patching.
P.S The patch do not include version of Oracle prior to 10 because the
instantclient archive is not available anymore on the Oracle website.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Follow us on: twitter https://www.twitter.com/manainternet
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: wifi ip allocation
pauvre wrote: I'm also trying to assign pools of IPs based on LDAP group membership. Since your conversation is very technical and not easy to put in place by someone who just started with RADIUS, RADIUS is a technical subject. You're not going to get very far if you have a hard time with technical conversatons. I was looking for a descriptive way to get to that end. And I found the following : http://www.anthonymendoza.com/index2.php?option=com_contentdo_pdf=1id=58 http://www.anthonymendoza.com/index2.php?option=com_contentdo_pdf=1id=58 With a brief overview, can you please valid the pdf way can work? For me, no. We supply documentation for how to use FreeRADIUS. If it's hard to understand, ask questions about it. If you have questions about someone else's documents, go ask them. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius/Oracle compilation
Alexandre Chapellon wrote: Hello I didn't have even a comment about this. Is there something stupid in the proposed patch? I've been busy. Off of the top of my head: - requiring a new option to configure isn't friendly. - the whole *point* of configure is to have the computer just figure it out - leave the old code there, it works for many people - add *new* code, which is run only if the old code doesn't find the libraries - don't force the user to choose an oracle version. - you can write a for loop which loops over the different versions, and stops when the check is successful - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
