Re: eap sim authorization problem
Call suffix before sim_files. The rlm_sim_files module uses canonical username as a key for searching authentication vectors. Initially canonical username points to User-Name attribute. rlm_realm module (suffix is an instance of this module) split User-Name to Stripped-User-Name and Realm and set canonical username to point to Stripped-User-Name. Or you can put full username 1IMSI@wlan.mnc001.mcc510.3gppnetwork.org into simtriplets.dat. This will work without calling suffix. On 30.05.2013 19:26, raptor raptor wrote: Hi, i have added simtriplets.dat and create file sim_files in /freeradius/modules and also i configure sim_files in authorize{} in /sites-enabled/default but i dont use suffix module so my concern is how to solve this message : rlm_sim_files: insufficient number of challenges for imsi i...@wlan.mnc001.mcc510.3gppnetwork.org mailto:i...@wlan.mnc001.mcc510.3gppnetwork.org : 0 [sim_files] returnnot found - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radperf - unavailable
Hi, I was searching for the tool which can help me to test radius server performance. Found radperf, but it seems unavailable to download. Any thoughts? -- Thanks Regards, Prashant Abhang - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Updating the n'th occurance of an attribute
Hello everyone I have a quick queston. I noticed in the man page of unlang that we can reference attributes using the syntax: %{Attribute-Name[index]} This is a very useful feature :-) However, I just wanted to check whether we can update attributes in the same way? I mean something like this: update reply { Attribute-Name[index] := new_value } Thanks Ben - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
talloc.h not found but libtalloc-dev is installed
Hello everyone I am trying to build the latest code from git master but ./configure fails with this error: checking for talloc.h in /usr/include... no checking for talloc.h... no checking for talloc.h in /usr/local/include... no checking for talloc.h in /opt/include... no configure: WARNING: talloc headers not found. Use --with-talloc-include-dir=path. configure: error: FreeRADIUS requires libtalloc This is on debian squeeze and I have libtalloc-dev installed. I also tried adding --with-talloc-include-dir=/usr/include but this did not help. Any advice would be appreciated. Thanks Ben * * - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: talloc.h not found but libtalloc-dev is installed
Hi, This is on debian squeeze and I have libtalloc-dev installed. I also tried adding --with-talloc-include-dir=/usr/include but this did not help. what version of talloc does debian ship? I've no problems with talloc on CentOS or SUSE alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: talloc.h not found but libtalloc-dev is installed
I have tried the packages from squeeze (2.0.1) and wheezy (2.0.7+git20120207). 2013/5/31 a.l.m.bu...@lboro.ac.uk Hi, This is on debian squeeze and I have libtalloc-dev installed. I also tried adding --with-talloc-include-dir=/usr/include but this did not help. what version of talloc does debian ship? I've no problems with talloc on CentOS or SUSE alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: talloc.h not found but libtalloc-dev is installed
On 31/05/13 11:38, Бен Томпсон wrote: I have tried the packages from squeeze (2.0.1) and wheezy (2.0.7+git20120207). Maybe have a look in config.log and related, see what the gcc command line(s) that fail are and try to run them manually. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: talloc.h not found but libtalloc-dev is installed
Thanks Phil, and Alan Here is a snippet from config.log :- configure:7744: checking for talloc.h configure:7758: gcc -c -g3 -Wall -D_GNU_SOURCE -Qunused-arguments -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wdocumentation -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissi ng-prototypes -Wmissing-declarations -Wnested-externs -W -Wredundant-decls -Wundef -Wformat-y2k -Wno-format-extra-args -Wno-format-zero-length -Wno-cast-align -Wformat-nonliteral -Wformat-security -Wformat=2 -DWITH_ VERIFY_PTR=1 conftest.c 5 gcc: unrecognized option '-Qunused-arguments' cc1: error: unrecognized command line option -Wdocumentation 2013/5/31 Phil Mayers p.may...@imperial.ac.uk On 31/05/13 11:38, Бен Томпсон wrote: I have tried the packages from squeeze (2.0.1) and wheezy (2.0.7+git20120207). Maybe have a look in config.log and related, see what the gcc command line(s) that fail are and try to run them manually. - List info/subscribe/unsubscribe? See http://www.freeradius.org/** list/users.html http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: talloc.h not found but libtalloc-dev is installed
On 31/05/13 12:31, Бен Томпсон wrote: Thanks Phil, and Alan Here is a snippet from config.log :- configure:7744: checking for talloc.h configure:7758: gcc -c -g3 -Wall -D_GNU_SOURCE -Qunused-arguments -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wdocumentation -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissi ng-prototypes -Wmissing-declarations -Wnested-externs -W -Wredundant-decls -Wundef -Wformat-y2k -Wno-format-extra-args -Wno-format-zero-length -Wno-cast-align -Wformat-nonliteral -Wformat-security -Wformat=2 -DWITH_ VERIFY_PTR=1 conftest.c 5 gcc: unrecognized option '-Qunused-arguments' cc1: error: unrecognized command line option -Wdocumentation Looks like it's trying to use a clang argument with gcc. Probably related to commit 4cbe9552c - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: talloc.h not found but libtalloc-dev is installed
Phil Mayers wrote: Looks like it's trying to use a clang argument with gcc. Probably related to commit 4cbe9552c Yeah. Clang shows up as GCC on configure's tests. Arran didn't check to see if that really was clang. I'll see if I can come up with a fix. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: talloc.h not found but libtalloc-dev is installed
Alan DeKok wrote: I'll see if I can come up with a fix. I've pushed a fix. configure should now work again. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: talloc.h not found but libtalloc-dev is installed
On 31 May 2013, at 09:36, Alan DeKok al...@deployingradius.com wrote: Alan DeKok wrote: I'll see if I can come up with a fix. I've pushed a fix. configure should now work again. The point of the checks was to determine if ANY compiler supported the flags. It works fine with the versions of GCC I have (4.2.1, 4.7, 4.8). I think the lesson to take away from this, is that GCC is a steaming pile of shit. Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Updating the n'th occurance of an attribute
On 31 May 2013, at 03:23, Бен Томпсон b.thomp...@latera.ru wrote: Hello everyone I have a quick queston. I noticed in the man page of unlang that we can reference attributes using the syntax: %{Attribute-Name[index]} This is a very useful feature :-) However, I just wanted to check whether we can update attributes in the same way? I mean something like this: update reply { Attribute-Name[index] := new_value } It's planned for a future version as part of the nested attribute syntax. Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Free Radius SNMP support
On 31 May 2013, at 01:46, manjunath uthappa ponnachana pu_manjun...@rediffmail.com wrote: Hi, As per freeradius website freeradius.org, Native SNMP support in FreeRADIUS version 2 and later is broken. I wanted to know whether in newer/latest versions of free radius SNMP support will be there. Also wanted to know whether using free Radius traps can be send to NMS. If possible what are the options available. Someone contributed a perl script that used status-server messages to query the state of various counters in the server. The events system in 3.0 can be used to send traps. Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: talloc.h not found but libtalloc-dev is installed
On 31 May 2013, at 09:03, Alan DeKok al...@deployingradius.com wrote: Phil Mayers wrote: Looks like it's trying to use a clang argument with gcc. Probably related to commit 4cbe9552c Yeah. Clang shows up as GCC on configure's tests. Arran didn't check to see if that really was clang. Because you shouldn't need to, it was intentional. With -Werror GCC should warn (and therefore fail) if the argument isn't supported. Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SSL error
I just compiled the master git branch and am getting this error: rlm_eap_tls: Failed initializing SSL context rlm_eap (EAP): Failed to initialise rlm_eap_tls /usr/local/etc/raddb/mods-enabled/eap[17]: Instantiation failed for module eap Do you have to manually generate certs for this branch? David - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SSL error
Compiled without required ssl environment being present? The debug output will have printed or more information regarding the error alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
about radlast
Hello everyone, we had issues with radlast on freeBSD and linux. It seems that the format for the utmp and wtmp that last reads isnt consistent, on freeBSD its not even the same file... So we wrote the attached file to read the file radutmp written by freeRadius. If its useful to anyone, you can have it under any license you want. You will probably want to change a couple of things: - the path on line 32. - #include the struct instead of declaring it. If you want me to do it, just ask. If im on the wrong list for this, sorry. If you want me to read your reply, cc me. I will unsubscribe soon. Version 2.2.0 Tested on debian and freeBSD. both 64 bit. Have a great weekend. /* * spoofedRadLast.c * * Created on: May 30, 2013 * Author: sharondvir * license: do whatever you want. */ #include stdio.h #include stdlib.h #include time.h struct radutmp { char login[32]; /* Loginname */ /* FIXME: extend to 48 or 64 bytes */ unsigned int nas_port; /* Port on the terminal server (32 bits). */ char session_id[8]; /* Radius session ID (first 8 bytes at least)*/ /* FIXME: extend to 16 or 32 bytes */ unsigned int nas_address; /* IP of portmaster. */ unsigned int framed_address; /* SLIP/PPP address or login-host. */ int proto; /* Protocol. */ time_t time; /* Time entry was last updated. */ time_t delay; /* Delay time of request */ int type; /* Type of entry (login/logout) */ char porttype; /* Porttype (I=ISDN A=Async T=Async-ISDN */ char res1,res2,res3; /* Fills up to one int */ char caller_id[16]; /* Calling-Station-ID */ char reserved[12]; /* 3 ints reserved */ }; int main() { struct radutmp st; char path[]=/var/log/radutmp; FILE *fp = fopen(path, rb); if (fp==NULL) { printf(cant open %s\n,path); return -1; } while(fread(st,sizeof(struct radutmp),1,fp)==1) { printf(%s %s %u %u ,st.login,st.type==0?connect:disconnect,st.nas_address,st.nas_port); int i=0; for (i=0;isizeof(st.session_id);i++) { printf(%c,st.session_id[i]); } printf( %s,ctime(st.time)); } printf(reminder - output format is:\nlogin connect/disconnect nas_addr nas_port session_id time\n); return 0; } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: talloc.h not found but libtalloc-dev is installed
On 31 May 2013, at 10:05, Arran Cudbard-Bell a.cudba...@freeradius.org wrote: On 31 May 2013, at 09:03, Alan DeKok al...@deployingradius.com wrote: Phil Mayers wrote: Looks like it's trying to use a clang argument with gcc. Probably related to commit 4cbe9552c Yeah. Clang shows up as GCC on configure's tests. Arran didn't check to see if that really was clang. Because you shouldn't need to, it was intentional. With -Werror GCC should warn (and therefore fail) if the argument isn't supported. Ok pushed a better fix. The issue is -Q has a different meaning in GCC. -Q Makes the compiler print out each function name as it is compiled, and print somestatistics about each pass when it finishes. Note that Q does not take additional parameters, yet GCC does not complain (in some versions) when we pass: -Qunused-arguments The fix is: -Werror -Qunused-arguments -foobar If -Qunused-arguments has the desired effect, -foobar won't generate a warning. Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP error
I am getting this error: TLS Alert read:fatal:unknown CA TLS_accept: failed in SSLv3 read client certificate A SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca SSL: SSL_read failed inside of TLS (-1), TLS session fails. TLS receive handshake failed during operation How do I add the unknown CA to the configuration? David - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radperf unavailable
Hi all, Is there any tool to test radius server performance. Radperf seems to be unavailable. Thanks, Prashant - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP error
Looks like a client with incorrect settings. Why would you want to add that ca to your server? Your radius server isn't signed by it. alan This smartphone uses eduroam for free WiFi access around the world. Now that's what I call smart. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Free Radius SNMP support
manjunath uthappa ponnachana wrote: As per freeradius website freeradius.org Native SNMP support in FreeRADIUS version 2 and later is broken. Version 2 does support SNMP via a Perl script. It's not perfect, but it works. I wanted to know whether in newer/latest versions of free radius SNMP support will be there. If someone supplies a patch, sure. Also wanted to know whether using free Radius traps can be send to NMS. If possible what are the options available. See raddb/trigger.conf in the git master branch. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Updating the n'th occurance of an attribute
Бен Томпсон wrote: However, I just wanted to check whether we can update attributes in the same way? I mean something like this: update reply { Attribute-Name[index] := new_value } It may be possible to add for v3. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: eap sim authorization problem
i have added Stripped-User-Name in sites-enabled/default and also i disabled suffix module but, i found like fatal mistake could someone tell me what i should do to fix this this is my log Ready to process requests. rad_recv: Access-Request packet from host 192.168.1.1 port 2048, id=0, length=215 User-Name = 15100...@wlan.mnc001.mcc510.3gppnetwork.org NAS-IP-Address = 192.168.1.1 Called-Station-Id = 48f8b315461a Calling-Station-Id = 1814563e5189 NAS-Identifier = 48f8b315461a NAS-Port = 38 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0238013135313030313937363038303633393140776c616e2e6d6e633030312e6d63633531302e336770706e6574776f726b2e6f7267 Message-Authenticator = 0xe0a42673f8bb72f47e48dcb350887961 +- entering group authorize {...} ++[preprocess] returns ok ++? if (User-Name =~ /^(.*)@(.+)$/) ? Evaluating (User-Name =~ /^(.*)@(.+)$/) - TRUE ++? if (User-Name =~ /^(.*)@(.+)$/) - TRUE ++- entering if (User-Name =~ /^(.*)@(.+)$/) {...} expand: %{1} - 15100xx expand: %{2} - wlan.mnc001.mcc510.3gppnetwork.org +++[request] returns ok ++- if (User-Name =~ /^(.*)@(.+)$/) returns ok ASSERT FAILED rlm_sim_files.c[212]: k != NULL Aborted best regard On Fri, May 31, 2013 at 12:59 PM, Iliya Peregoudov iperegu...@cboss.ruwrote: Call suffix before sim_files. The rlm_sim_files module uses canonical username as a key for searching authentication vectors. Initially canonical username points to User-Name attribute. rlm_realm module (suffix is an instance of this module) split User-Name to Stripped-User-Name and Realm and set canonical username to point to Stripped-User-Name. Or you can put full username 1IMSI@wlan.mnc001.mcc510.**3gppnetwork.orghttp://wlan.mnc001.mcc510.3gppnetwork.orginto simtriplets.dat. This will work without calling suffix. On 30.05.2013 19:26, raptor raptor wrote: Hi, i have added simtriplets.dat and create file sim_files in /freeradius/modules and also i configure sim_files in authorize{} in /sites-enabled/default but i dont use suffix module so my concern is how to solve this message : rlm_sim_files: insufficient number of challenges for imsi imsi@wlan.mnc001.mcc510.**3gppnetwork.orgi...@wlan.mnc001.mcc510.3gppnetwork.org mailto:imsi@wlan.mnc001.**mcc510.3gppnetwork.orgi...@wlan.mnc001.mcc510.3gppnetwork.org : 0 [sim_files] returnnot found - List info/subscribe/unsubscribe? See http://www.freeradius.org/** list/users.html http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html