Re: FreeRadius Running Error
On Tue, Nov 27, 2012 at 1:55 PM, QASIM RAO qasim2...@hotmail.com wrote: Hi, i am facing problem in freeradius i m already using freeradius it was working fine now i re-install radius and now when i start radius with radiusd -X command it is giving following error please help me in this Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Do you compile from source manually? radiusd: entering modules setup Segmentation fault Segmentation fault is bad. The easy way is to just use prebuilt packages, which is usually tested for that particular environment. What OS/distro are you using? See http://wiki.freeradius.org/building/Packages Or, if you have the time and resource, you can help debug the problem (hint: use gdb) -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius Running Error
QASIM RAO wrote: Hi, i am facing problem in freeradius i m already using freeradius it was working fine now i re-install radius and now when i start radius with radiusd -X command it is giving following error please help me in this Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf You're running a version from 5-6 years ago. Upgrade. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: user's default login time
studyfordo wrote: Hi, all when I add user to file /etc/freeradius/files in the vpn authentication server. so I want to the folloing things about user. 1. how long will user automatic login off( which file can I check the time) You can send a Session-Timeout to limit the total session time. But the server doesn't track how long a user has been logged in. 2.how cant I teminat session by manual See the VPN server for documentation. This isn't a RADIUS issue. 3.when login with wrong password, the user can be locked out and can email to inform user It's possible, but you will need to write those policies yourself. 4.users default actived time I have no idea what that is. the above funtion need user mysq module? No. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius management (web management tool)
hi,all daloradius vs ara,which one is easy to use. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Detail file
Hi, I want to store accounting packet(s) for future processing. [radiusd@tdrad1 freeradius-server-2.2.0]$ cat /app_log/radius/ggsn-acct/radacct/127.0.0.1/pre-proxy-detail-20121127 Tue Nov 27 15:03:35 2012 Packet-Type = Accounting-Request NAS-Port-Type = Virtual X-Ascend-Dial-Number = U+0557\331\025 Acct-Session-Id = d597d91572f51ab3 Is there any way to change / simulate functionality of the detail module like this ? Timestamp= Tue Nov 27 15:03:35 2012[delimiter]Packet-Type = Accounting-Request[delimiter]NAS-Port-Type = Virtual[delimiter] NAS-Port-Type = Virtual[delimiter] [end of line] Thx Peter Balšianok - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Configuration check
I ran into an issue where proxy.conf was globally readable for some reason, freeradius wouldn't start because of this and this wasn't picked up by radiusd -C. Can this check be added? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Configuration check
* globally writable I mean On Tue, Nov 27, 2012 at 8:55 AM, James Devine fxmul...@gmail.com wrote: I ran into an issue where proxy.conf was globally readable for some reason, freeradius wouldn't start because of this and this wasn't picked up by radiusd -C. Can this check be added? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Configuration check
James Devine wrote: I ran into an issue where proxy.conf was globally readable for some reason, proxy.conf should NEVER be globally readable. freeradius wouldn't start because of this and this wasn't picked up by radiusd -C. Can this check be added? File permissions are enforced by the operating system, not by FreeRADIUS. If radiusd runs as user radiusd, but you do the check as root, there isn't much that the server can do. You need to do the check as the user running radius. e.g.: su radiusd radiusd -C instead of radiusd -C Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Configuration check
James Devine wrote: * globally writable I mean It already checks that. $ chmod a+w raddb/proxy.con $ radiusd -XC ... Configuration file ./raddb//proxy.conf is globally writable. Refusing to start due to insecure configuration. Errors reading or parsing ./raddb//debug.conf If you don't see this, it's because you're running a very old version without that check, or raddb/proxy.conf isn't actually globally writable. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Git master branch Debian build
Hi, I am also trying to build Debian packages from git master. On Fri Nov 23 20:52:32 CET 2012, Olivier Beytrison wrote: I also noticed the following messages during package creation : dpkg-shlibdeps: warning: couldn't find library libfreeradius-eap.so needed by debian/freeradius/usr/lib/freeradius/rlm_eap_peap.so (ELF format: 'elf64-x86-64'; RPATH: '/usr/lib/ freeradius'). dpkg-shlibdeps: warning: couldn't find library libfreeradius-radius.so needed by debian/freeradius/usr/sbin/radmin (ELF format: 'elf64-x86-64'; RPATH: '/usr/lib/freeradius'). dpkg-shlibdeps: warning: couldn't find library libfreeradius-eap.so needed by debian/freeradius/usr/lib/freeradius/rlm_eap.so (ELF format: 'elf64-x86-64'; RPATH: '/usr/lib/freeradius'). dpkg-shlibdeps: warning: couldn't find library libfreeradius-eap.so needed by debian/freeradius/usr/lib/freeradius/rlm_eap_tls.so (ELF format: 'elf64-x86-64'; RPATH: '/usr/lib/freeradius'). dpkg-shlibdeps: warning: couldn't find library libfreeradius-radius.so needed by debian/freeradius/usr/sbin/freeradius (ELF format: 'elf64-x86-64'; RPATH: '/usr/lib/freeradius'). dpkg-shlibdeps: warning: couldn't find library libfreeradius-eap.so needed by debian/freeradius/usr/lib/freeradius/rlm_eap_ttls.so (ELF format: 'elf64-x86-64'; RPATH: '/usr/lib/freeradius'). dpkg-shlibdeps: warning: couldn't find library libfreeradius-radius.so needed by debian/freeradius-utils/usr/bin/radwho (ELF format: 'elf64-x86-64'; RPATH: '/usr/lib/freeradius'). dpkg-shlibdeps: warning: couldn't find library libfreeradius-radius.so needed by debian/freeradius-utils/usr/bin/smbencrypt (ELF format: 'elf64-x86-64'; RPATH: '/usr/lib/freeradius'). dpkg-shlibdeps: warning: couldn't find library libfreeradius-radius.so needed by debian/freeradius-utils/usr/bin/radclient (ELF format: 'elf64-x86-64'; RPATH: '/usr/lib/freeradius'). dpkg-shlibdeps: warning: couldn't find library libfreeradius-radius.so needed by debian/freeradius-utils/usr/bin/rlm_dbm_parser (ELF format: 'elf64-x86-64'; RPATH: '/usr/lib/freeradius'). dpkg-shlibdeps: warning: couldn't find library libfreeradius-radius.so needed by debian/freeradius-utils/usr/bin/radsniff (ELF format: 'elf64-x86-64'; RPATH: '/usr/lib/freeradius'). dpkg-shlibdeps: warning: couldn't find library libfreeradius-radius.so needed by debian/freeradius-utils/usr/bin/rlm_ippool_tool (ELF format: 'elf64-x86-64'; RPATH: '/usr/lib/freeradius'). The packages are built but I also see the warnings the OP noted above. The freeradius binary installed by this package does not run: /usr/sbin/freeradius: error while loading shared libraries: build/lib/.libs/rlm_acctlog.so: cannot open shared object file: No such file or directory # ldd /usr/sbin/freeradius linux-vdso.so.1 = (0x7fff85fff000) libfreeradius-radius.so = /usr/lib/freeradius/libfreeradius-radius.so (0x7faff937b000) build/lib/.libs/rlm_acctlog.so = not found build/lib/.libs/rlm_always.so = not found build/lib/.libs/rlm_attr_filter.so = not found build/lib/.libs/rlm_attr_rewrite.so = not found build/lib/.libs/rlm_cache.so = not found build/lib/.libs/rlm_chap.so = not found build/lib/.libs/rlm_checkval.so = not found build/lib/.libs/rlm_counter.so = not found build/lib/.libs/rlm_cram.so = not found build/lib/.libs/rlm_dbm.so = not found build/lib/.libs/rlm_detail.so = not found build/lib/.libs/rlm_dhcp.so = not found build/lib/.libs/rlm_digest.so = not found build/lib/.libs/rlm_dynamic_clients.so = not found build/lib/.libs/rlm_eap.so = not found build/lib/.libs/rlm_eap_gtc.so = not found build/lib/.libs/rlm_eap_leap.so = not found build/lib/.libs/rlm_eap_md5.so = not found build/lib/.libs/rlm_eap_mschapv2.so = not found build/lib/.libs/rlm_eap_peap.so = not found build/lib/.libs/rlm_eap_pwd.so = not found build/lib/.libs/rlm_eap_tls.so = not found build/lib/.libs/rlm_eap_ttls.so = not found build/lib/.libs/rlm_exec.so = not found build/lib/.libs/rlm_expiration.so = not found build/lib/.libs/rlm_expr.so = not found build/lib/.libs/rlm_fastusers.so = not found build/lib/.libs/rlm_files.so = not found build/lib/.libs/rlm_ippool.so = not found build/lib/.libs/rlm_jradius.so = not found build/lib/.libs/rlm_krb5.so = not found build/lib/.libs/rlm_ldap.so = not found build/lib/.libs/rlm_linelog.so = not found build/lib/.libs/rlm_logintime.so = not found build/lib/.libs/rlm_mschap.so = not found build/lib/.libs/rlm_otp.so = not found build/lib/.libs/rlm_pam.so = not found build/lib/.libs/rlm_pap.so = not found build/lib/.libs/rlm_passwd.so = not found build/lib/.libs/rlm_perl.so = not found build/lib/.libs/rlm_policy.so = not found build/lib/.libs/rlm_preprocess.so = not found build/lib/.libs/rlm_python.so = not found build/lib/.libs/rlm_radutmp.so = not found build/lib/.libs/rlm_realm.so = not found build/lib/.libs/rlm_replicate.so
matching entry in users file
Dear all, i ve got question about authentication : i want to set in users file, a user who can be authenticated by two ways : EAP-TLS (certificate) and EAP-TTLSP, PAP (login password). For a same and unique login, can i do this ? Or freeradius just check the first entry wich corresponds ? Cheers. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Git master branch Debian build
Zenon Mousmoulas wrote: I am also trying to build Debian packages from git master. Are you sure you're using the latest code from the master branch? I added fixes a few days ago which fixed those for me. $ ldd debian/tmp/usr/sbin/radiusd linux-vdso.so.1 = (0x7fff91fff000) libfreeradius-radius.so = /usr/lib/freeradius/libfreeradius-radius.so (0x7f73bfe53000) I didn't install it because it's my main build server. But the library links *are* correct. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AW: AW: EAP-TLS Failed in handler question
With first packet I meant first packet the radius server saw in some time ... the switch forces a reauthentification every 2h A re-auth is a fresh EAP session. So even on a re-auth, the first packet would not have a State attribute, absent software bugs. ok It *could* be that the client just got stuck and is responding (very) late. But I'm quite surprised the NAS didn't timeout the EAP auth before that. We're running Extreme Networks Switches with following timers set: configure netlogin dot1x timers quiet-period 30 configure netlogin dot1x timers reauth-period 7200 We run SummitX edge, and when I've tested dot1x netlogin in the past, I haven't seen this issue. We've never widely deployed it, however, so it's possible there's an XOS bug where a small percentage of re-auths erroneously re-use the State. You'd need to get a packet capture to be sure. ok ... will try to get one .. is not easy ... but reject means the switch sets the port to the guest vlan, and therefor the PC loses the connections ... is there a way to request a new full eap/tls handshake from the client? You're not understanding, or I'm not making myself clear. Suggestion: fire up wireshark, and take a careful look at a normal EAP authentication. You'll see that the first packet is an EAP-Identity without a State attribute, which the server responds to with an Access-Challenge containing the default eap type start payload, and a State attribute. Are you *absolutely sure* that these packets are really the first RADIUS packet in the auth/re-auth? will check again and get back to you If you're sure, your problem seems to be that the correct first packet isn't being sent; the switch is just jumping straight in with the EAP payload *and* a State attribute. I am curious to know where it's getting that State attribute. The server source code assumes that a State attribute will be valid. There's no setting to just accept it. Interestingly, I see the RADIUS RFC does actually allow clients to send a previous State if you send an Access-Accept with: Termination-Action = RADIUS-request You're not doing that, are you? no, I'm not No. As above, re-auths start new EAP sessions. You would only reject any EAP sessions that were in the *middle* of performing an auth, as the state would be lost across restarts. But this is a very narrow window. so I would be best to set iptables to drop requests for 1min than restart the radius und remove the iptables rules? or can I set freeradius in a mode where is does not accept new sessions? and after 2 minutes I restart it? So that the switch is forced onto the other switch. or what is the best practice to never have falls rejects? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: matching entry in users file
vazoumana fofana wrote: i ve got question about authentication : i want to set in users file, a user who can be authenticated by two ways : EAP-TLS (certificate) and EAP-TTLSP, PAP (login password). EAP-TLS doesn't really use the users file. For a same and unique login, can i do this ? Or freeradius just check the first entry wich corresponds ? FreeRADIUS authenticates the user with the information it has. If the user has a valid certificate, he's authenticated. If the user has a valid password, he's authenticated. This is the same as a user trying PAP, CHAP, or MS-CHAP. They all work. They can all be used by the same user. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Git master branch Debian build
On Tue, 27 Nov 2012 11:30:26 -0500, Alan DeKok al...@deployingradius.com wrote: Zenon Mousmoulas wrote: I am also trying to build Debian packages from git master. Are you sure you're using the latest code from the master branch? I added fixes a few days ago which fixed those for me. Yes, I am tracking the master branch, pulled shortly before my previous post: * master 996ac3c [origin/master] More dependencies remotes/origin/HEAD - origin/master remotes/origin/master 996ac3c More dependencies $ ldd debian/tmp/usr/sbin/radiusd linux-vdso.so.1 = (0x7fff91fff000) libfreeradius-radius.so = /usr/lib/freeradius/libfreeradius-radius.so (0x7f73bfe53000) I didn't install it because it's my main build server. But the library links *are* correct. # ldd debian/tmp/usr/sbin/freeradius linux-vdso.so.1 = (0x7fff22575000) libfreeradius-radius.so = not found build/lib/.libs/rlm_acctlog.so (0x7f5fd36d4000) build/lib/.libs/rlm_always.so (0x7f5fd34d1000) build/lib/.libs/rlm_attr_filter.so (0x7f5fd32cf000) build/lib/.libs/rlm_attr_rewrite.so (0x7f5fd30cb000) build/lib/.libs/rlm_cache.so (0x7f5fd2ec7000) build/lib/.libs/rlm_chap.so (0x7f5fd2cc5000) build/lib/.libs/rlm_checkval.so (0x7f5fd2ac2000) build/lib/.libs/rlm_counter.so (0x7f5fd28bd000) build/lib/.libs/rlm_cram.so (0x7f5fd26ba000) build/lib/.libs/rlm_dbm.so (0x7f5fd24b7000) build/lib/.libs/rlm_detail.so (0x7f5fd22b3000) build/lib/.libs/rlm_dhcp.so (0x7f5fd20b) build/lib/.libs/rlm_digest.so (0x7f5fd1ead000) build/lib/.libs/rlm_dynamic_clients.so (0x7f5fd1caa000) build/lib/.libs/rlm_eap.so (0x7f5fd1aa1000) build/lib/.libs/rlm_eap_gtc.so (0x7f5fd189f000) build/lib/.libs/rlm_eap_leap.so (0x7f5fd1699000) build/lib/.libs/rlm_eap_md5.so (0x7f5fd1496000) build/lib/.libs/rlm_eap_mschapv2.so (0x7f5fd1291000) build/lib/.libs/rlm_eap_peap.so (0x7f5fd108a000) build/lib/.libs/rlm_eap_pwd.so (0x7f5fd0e83000) build/lib/.libs/rlm_eap_tls.so (0x7f5fd0c7f000) build/lib/.libs/rlm_eap_ttls.so (0x7f5fd0a79000) build/lib/.libs/rlm_exec.so (0x7f5fd0875000) build/lib/.libs/rlm_expiration.so (0x7f5fd0673000) build/lib/.libs/rlm_expr.so (0x7f5fd046f000) build/lib/.libs/rlm_fastusers.so (0x7f5fd026b000) build/lib/.libs/rlm_files.so (0x7f5fd0068000) build/lib/.libs/rlm_ippool.so (0x7f5fcfe63000) build/lib/.libs/rlm_jradius.so (0x7f5fcfc5e000) build/lib/.libs/rlm_krb5.so (0x7f5fcfa5b000) build/lib/.libs/rlm_ldap.so (0x7f5fcf851000) build/lib/.libs/rlm_linelog.so (0x7f5fcf64e000) build/lib/.libs/rlm_logintime.so (0x7f5fcf44a000) build/lib/.libs/rlm_mschap.so (0x7f5fcf241000) build/lib/.libs/rlm_otp.so (0x7f5fcf039000) build/lib/.libs/rlm_pam.so (0x7f5fcee36000) build/lib/.libs/rlm_pap.so (0x7f5fcec31000) build/lib/.libs/rlm_passwd.so (0x7f5fcea2d000) build/lib/.libs/rlm_perl.so (0x7f5fce826000) build/lib/.libs/rlm_policy.so (0x7f5fce61c000) build/lib/.libs/rlm_preprocess.so (0x7f5fce418000) build/lib/.libs/rlm_python.so (0x7f5fce214000) build/lib/.libs/rlm_radutmp.so (0x7f5fce01) build/lib/.libs/rlm_realm.so (0x7f5fcde0d000) build/lib/.libs/rlm_replicate.so (0x7f5fcdc0b000) build/lib/.libs/rlm_sim_files.so (0x7f5fcda08000) build/lib/.libs/rlm_soh.so (0x7f5fcd806000) build/lib/.libs/rlm_sometimes.so (0x7f5fcd603000) build/lib/.libs/rlm_sql.so (0x7f5fcd3fa000) build/lib/.libs/rlm_sql_iodbc.so (0x7f5fcd1f8000) build/lib/.libs/rlm_sql_mysql.so (0x7f5fccff4000) build/lib/.libs/rlm_sql_null.so (0x7f5fccdf2000) build/lib/.libs/rlm_sql_postgresql.so (0x7f5fccbea000) build/lib/.libs/rlm_sqlcounter.so (0x7f5fcc9e6000) build/lib/.libs/rlm_sqlippool.so (0x7f5fcc7e2000) build/lib/.libs/rlm_unix.so (0x7f5fcc5de000) build/lib/.libs/rlm_utf8.so (0x7f5fcc3dd000) build/lib/.libs/rlm_wimax.so (0x7f5fcc1d9000) libfreeradius-eap.so = not found libnsl.so.1 = /lib/libnsl.so.1 (0x7f5fcbfc1000) libresolv.so.2 = /lib/libresolv.so.2 (0x7f5fcbdab000) libdl.so.2 = /lib/libdl.so.2 (0x7f5fcbba6000) libpthread.so.0 = /lib/libpthread.so.0 (0x7f5fcb98a000) libreadline.so.6 = /lib/libreadline.so.6 (0x7f5fcb746000) libcrypt.so.1 = /lib/libcrypt.so.1 (0x7f5fcb50e000) libcrypto.so.0.9.8 = /usr/lib/libcrypto.so.0.9.8 (0x7f5fcb16d000)
RE: matching entry in users file
Date: Tue, 27 Nov 2012 11:48:58 -0500 From: al...@deployingradius.com To: freeradius-users@lists.freeradius.org Subject: Re: matching entry in users file vazoumana fofana wrote: i ve got question about authentication : i want to set in users file, a user who can be authenticated by two ways : EAP-TLS (certificate) and EAP-TTLSP, PAP (login password). EAP-TLS doesn't really use the users file. i wanted to say if a user is not on users file, it can't be authenticated with any protocole (EAP-TLS and others) For a same and unique login, can i do this ? Or freeradius just check the first entry wich corresponds ? FreeRADIUS authenticates the user with the information it has. If the user has a valid certificate, he's authenticated. If the user has a valid password, he's authenticated. I try to do this : napoleon SMD5-Password :=yyy napoleon : NT-Password := xx When i try to authenticate with nt-password, it fails. But when i delete SMD5 entry, it works. In twice, freeradius has the right information. This is the same as a user trying PAP, CHAP, or MS-CHAP. They all work. They can all be used by the same user. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: matching entry in users file
On 27/11/12 17:42, vazoumana fofana wrote: napoleon SMD5-Password :=yyy napoleon : NT-Password := xx This is wrong. Read the man users page for info on the correct syntax. Either of the following two works: napoleonSMD5-Password := xx, NT-Password := yy ...or: napoleonSMD5-Password := xx Fall-Through = yes napoleonNT-Password := yy Note: Fall-through - this tells FreeRADIUS to keep going. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Configuration check
radiusd -XC seems to produce what I was looking for, thanks. On Tue, Nov 27, 2012 at 9:10 AM, Alan DeKok al...@deployingradius.comwrote: James Devine wrote: * globally writable I mean It already checks that. $ chmod a+w raddb/proxy.con $ radiusd -XC ... Configuration file ./raddb//proxy.conf is globally writable. Refusing to start due to insecure configuration. Errors reading or parsing ./raddb//debug.conf If you don't see this, it's because you're running a very old version without that check, or raddb/proxy.conf isn't actually globally writable. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Git master branch Debian build
Zenon Mousmoulas wrote: Yes, I am tracking the master branch, pulled shortly before my previous post: * master 996ac3c [origin/master] More dependencies remotes/origin/HEAD - origin/master remotes/origin/master 996ac3c More dependencies Well, that should be OK. Is this from a fresh checkout? I just don't see that on my debian machine. # ldd debian/tmp/usr/sbin/freeradius Please don't post dozens of lines of crap. It's good enough just to post one or two lines, to get the idea. I don't know what I am missing here. Neither do I. But shouldn't the libraries carry a version number, like libfreeradius-radius-3.0.0.so? No. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
failed to find eap in the modules section
Hello,
I have just installed 2.2.1 from git on RHEL6.
Without making any changes to the configuration, the server fails to start
because eap is missing in /etc/raddb/modules.
radiusd: FreeRADIUS Version 2.2.1, for host x86_64-unknown-linux-gnu, built on
Nov 26 2012 at 15:22:43
Copyright (C) 1999-2012 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
For more information about these matters, see the file named COPYRIGHT.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/linelog
including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/soh
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/cache
including configuration file /etc/raddb/modules/inner-eap
including configuration file /etc/raddb/modules/ntlm_auth
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/detail.log
including configuration file /etc/raddb/modules/dhcp_sqlippool
including configuration file /etc/raddb/sql/mysql/ippool-dhcp.conf
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/redis
including configuration file /etc/raddb/modules/radutmp
including configuration file /etc/raddb/modules/attr_filter
including configuration file /etc/raddb/modules/rediswho
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/dynamic_clients
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/radrelay
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/opendirectory
including configuration file /etc/raddb/modules/replicate
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/perl
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/krb5
including configuration file /etc/raddb/modules/ldap
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/modules/cui
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/modules/smsotp
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/otp
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/policy.conf
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/default
including configuration file /etc/raddb/sites-enabled/control-socket
including configuration file /etc/raddb/sites-enabled/inner-tunnel
main {
user = radiusd
group = radiusd
allow_core_dumps = no
}
including dictionary file /etc/raddb/dictionary
main {
name = radiusd
prefix = /usr
localstatedir = /var
sbindir = /usr/sbin
logdir = /var/log/radius
run_dir = /var/run/radiusd
libdir = /usr/lib64/freeradius
radacctdir = /var/log/radius/radacct
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = /var/run/radiusd/radiusd.pid
checkrad = /usr/sbin/checkrad
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
nas config in sql table
Hello, I saw in many messages that with the module sql it is possible to do authentication against sql table and also to have the NAS definition in another table. Is it possible to have only the configuration of NAS in a sql table? The authorization and authentication are done with other modules (perl scriptings). Regards, Laurent - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: failed to find eap in the modules section
David Aldwinckle wrote: Hello, I have just installed 2.2.1 from git on RHEL6. Without making any changes to the configuration, the server fails to start because eap is missing in /etc/raddb/modules. No. Please READ the debug output. rlm_eap: SSL error error::lib(0):func(0):reason(0) rlm_eap_tls: Error loading randomness See? That's the real error. rlm_eap: Failed to initialize type tls /etc/raddb/eap.conf[17]: Instantiation failed for module eap /etc/raddb/sites-enabled/default[310]: Failed to find eap in the modules section. /etc/raddb/sites-enabled/default[252]: Errors parsing authenticate section. Or you could read the last line, and claim there's a parse error. Instead, you ignored the last line, ignored the earlier lines, and picked a random line out of the middle. Go to raddb/certs and run the bootstrap script. It initializes all of the SSL data for EAP. Alan Dekok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: nas config in sql table
laurent.fe...@free.fr wrote: Hello, I saw in many messages that with the module sql it is possible to do authentication against sql table No, it's not possible to do that. SQL is a *database*. Databases store data. They don't do authentication. SQL is used to store known good passwords. See the documentation and the Wiki for examples of how to store these passwords in SQL. and also to have the NAS definition in another table. Is it possible to have only the configuration of NAS in a sql table? The authorization and authentication are done with other modules (perl scriptings). Yes. There is no requirement to do everything in SQL. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Detail file
BALSIANOK, Peter wrote: Is there any way to change / simulate functionality of the detail module like this ? Timestamp=“ Tue Nov 27 15:03:35 2012“[delimiter]Packet-Type = Accounting-Request[delimiter]NAS-Port-Type = Virtual[delimiter] NAS-Port-Type = Virtual[delimiter] [end of line] See the linelog module. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Git master branch Debian build
On 27 Nov 2012, at 19:23, Alan DeKok al...@deployingradius.com wrote: Zenon Mousmoulas wrote: Yes, I am tracking the master branch, pulled shortly before my previous post: * master 996ac3c [origin/master] More dependencies remotes/origin/HEAD - origin/master remotes/origin/master 996ac3c More dependencies Well, that should be OK. Is this from a fresh checkout? I just don't see that on my debian machine. # ldd debian/tmp/usr/sbin/freeradius Please don't post dozens of lines of crap. It's good enough just to post one or two lines, to get the idea. I just did build on fresh ubuntu 12.10 VM and it looks fine to me root@shinyhead-ldap:~/build/freeradius-server# ldd debian/tmp/usr/sbin/freeradius linux-vdso.so.1 = (0x7fffae945000) libfreeradius-radius.so = /usr/lib/freeradius/libfreeradius-radius.so (0x7fddc5958000) libdl.so.2 = /lib/x86_64-linux-gnu/libdl.so.2 (0x7fddc574d000) libpthread.so.0 = /lib/x86_64-linux-gnu/libpthread.so.0 (0x7fddc552f000) libcrypt.so.1 = /lib/x86_64-linux-gnu/libcrypt.so.1 (0x7fddc52f6000) libcrypto.so.1.0.0 = /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x7fddc4f2f000) libssl.so.1.0.0 = /lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x7fddc4cd2000) libc.so.6 = /lib/x86_64-linux-gnu/libc.so.6 (0x7fddc4913000) /lib64/ld-linux-x86-64.so.2 (0x7fddc5b96000) libz.so.1 = /lib/x86_64-linux-gnu/libz.so.1 (0x7fddc46fc000) -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Git master branch Debian build
On 27 Nov 2012, at 23:01, Arran Cudbard-Bell a.cudba...@freeradius.org wrote: On 27 Nov 2012, at 19:23, Alan DeKok al...@deployingradius.com wrote: Zenon Mousmoulas wrote: Yes, I am tracking the master branch, pulled shortly before my previous post: * master 996ac3c [origin/master] More dependencies remotes/origin/HEAD - origin/master remotes/origin/master 996ac3c More dependencies Well, that should be OK. Is this from a fresh checkout? I just don't see that on my debian machine. # ldd debian/tmp/usr/sbin/freeradius Please don't post dozens of lines of crap. It's good enough just to post one or two lines, to get the idea. I just did build on fresh ubuntu 12.10 VM and it looks fine to me root@shinyhead-ldap:~/build/freeradius-server# ldd debian/tmp/usr/sbin/freeradius linux-vdso.so.1 = (0x7fffae945000) libfreeradius-radius.so = /usr/lib/freeradius/libfreeradius-radius.so (0x7fddc5958000) libdl.so.2 = /lib/x86_64-linux-gnu/libdl.so.2 (0x7fddc574d000) libpthread.so.0 = /lib/x86_64-linux-gnu/libpthread.so.0 (0x7fddc552f000) libcrypt.so.1 = /lib/x86_64-linux-gnu/libcrypt.so.1 (0x7fddc52f6000) libcrypto.so.1.0.0 = /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x7fddc4f2f000) libssl.so.1.0.0 = /lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x7fddc4cd2000) libc.so.6 = /lib/x86_64-linux-gnu/libc.so.6 (0x7fddc4913000) /lib64/ld-linux-x86-64.so.2 (0x7fddc5b96000) libz.so.1 = /lib/x86_64-linux-gnu/libz.so.1 (0x7fddc46fc000) -Arran Just installed the packages and the server started first time. -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius several segfaults at heavy load and startup ?
Hello, Wondered if anyone have any idea about below. If started with flag -X everything starts up ok but without -X then it crashes with these messages in the log.(atleast most of the time if one is persistent then it may well start up properly sometimes without the -X flag) As soon as it starts ok then there seems to be no problem whatsoever. It runs perfectly with the same config and perl hooks at a lab machine where there are no traffic. Searching through the web doesn't give much info? Any ideas would be appreciated. Thank you. Alex root@itop0-db0:/scripts# LD_PRELOAD=/usr/lib/libperl.so.5.10 /usr/sbin/freeradius root@itop0-db0:/scripts# ps -ef | grep freeradius root 30086 29914 0 08:10 pts/100:00:00 grep freeradius root@itop0-db0:/scripts#dmesg . .. ... [2233283.445884] freeradius[617]: segfault at 212 ip f72238d4 sp ffb85050 error 4 in rlm_perl-2.1.10.so[f7221000+5000] [2233430.045210] freeradius[2673]: segfault at 212 ip f72328d4 sp 4e50 error 4 in rlm_perl-2.1.10.so[f723+5000] [2233671.048040] freeradius[2730]: segfault at 212 ip f72928d4 sp fffe4370 error 4 in rlm_perl-2.1.10.so[f729+5000] [2233840.528299] freeradius[2776]: segfault at 212 ip f72248d4 sp ffb06020 error 4 in rlm_perl-2.1.10.so[f7222000+5000] [5223187.548213] freeradius[2380]: segfault at 1002 ip f71e88d4 sp ffe0dfc0 error 4 in rlm_perl-2.1.10.so[f71e6000+5000] [5887868.065533] freeradius[31931]: segfault at 1002 ip f71bb8d4 sp ffb46d50 error 4 in rlm_perl-2.1.10.so[f71b9000+5000] [5946015.698283] freeradius[1746]: segfault at 88 ip f6ed29d1 sp e2df5810 error 4 in libmysqlclient_r.so.16.0.0[f6e53000+1af000] [5951643.541290] freeradius[11237]: segfault at 15 ip f76aac1a sp f56287a0 error 4 in libperl.so.5.10.1[f761+14a000] [5951657.770507] freeradius[11386]: segfault at c ip f76d3a17 sp f66a98d0 error 4 in libperl.so.5.10.1[f768f000+14a000] [6026380.012188] freeradius[11693]: segfault at 4 ip f6f1252e sp f0ff77d0 error 6 in libmysqlclient_r.so.16.0.0[f6e94000+1af000] [6026442.934483] freeradius[5466]: segfault at 8 ip f767a611 sp f5e4c930 error 4 in libperl.so.5.10.1[f7633000+14a000] [6026462.851031] freeradius[5547]: segfault at 8 ip f75ec611 sp f5dbe930 error 4 in libperl.so.5.10.1[f75a5000+14a000] [6544711.773094] freeradius[29963]: segfault at 8 ip f7616611 sp f6e0e930 error 4 in libperl.so.5.10.1[f75cf000+14a000] [6544722.667507] freeradius[29984]: segfault at 8 ip f75e1611 sp f4db1930 error 4 in libperl.so.5.10.1[f759a000+14a000] [6544822.799431] freeradius[30080]: segfault at 8d160fc ip f76a81b1 sp f32fc540 error 4 in libperl.so.5.10.1[f75e6000+14a000] [6544885.122348] freeradius[30118]: segfault at 8 ip f75f7611 sp f5dc9930 error 4 in libperl.so.5.10.1[f75b+14a000] [6544895.128894] freeradius[30137]: segfault at 8 ip f76bc611 sp f6eb4930 error 4 in libperl.so.5.10.1[f7675000+14a000] [6544905.352401] freeradius[30152]: segfault at 8 ip f766d611 sp f6640930 error 4 in libperl.so.5.10.1[f7626000+14a000] [6544946.136776] freeradius[30196]: segfault at 8 ip f76a5611 sp f4e75930 error 4 in libperl.so.5.10.1[f765e000+14a000] [6544966.088368] freeradius[30212]: segfault at c ip f764aa17 sp f66208d0 error 4 in libperl.so.5.10.1[f7606000+14a000] * DISCLAIMER * This message and any attachment are confidential and may be privileged or otherwise protected from disclosure and may include proprietary information. If you are not the intended recipient, please telephone or email the sender and delete this message and any attachment from your system. If you are not the intended recipient you must not copy this message or attachment or disclose the contents to any other person - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
