Re: dialup-admin sql table creation error
rgreiner wrote: I was making some tests with the freeradius 2 install, and found that the creation schema for the badusers table for dialupadmin (in the /dialup_admin/sql/mysql folder) has 2 problems: [...] Fixed in CVS. Thanks for the report. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeBSD port for 2.0.0 (and a FreeRADIUS patch submission)
David Wood wrote: PATCH SUBMISSION - THREADING ISSUES [...] Firstly, for threading on FreeBSD you should just use -pthread (and not use -lpthread). There are different threading libraries available on FreeBSD; the OS does the correct thing if you just use -pthread. -pthread vs -lpthread is a long discussion. If the configure script says -lpthread is supported, I think we can use it in all cases. (including FreeBSD) I'm unsure there's a need to make one more special case in the mainstream FreeRADIUS tree. Moreover I note that -pthread has been removed from the pthread manpage. Secondly, it deals with the case where python is built with threads (as is now the default for python on FreeBSD). As I don't use rlm_python, I can't test whether it works after this patch, but rlm_python won't even build on FreeBSD without it. I believe this is a problem with the python library. The linker should report the dependencies of libpython2.4.so. I've asked a friend who is running 7.0-CURRENT and it looks OK for him: $ ldd /usr/local/lib/libpython2.4.so.1 /usr/local/lib/libpython2.4.so.1: libutil.so.6 = /lib/libutil.so.6 (0x800c24000) libm.so.4 = /lib/libm.so.4 (0x800d32000) libthr.so.2 = /lib/libthr.so.2 (0x800e4c000) libc.so.7 = /lib/libc.so.7 (0x800632000) I don't see why you would need to add -pthread to the linker command line. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rpm for suse
Norbert Wegener wrote: As I don't need everything, I modifyed the configure instruction in the spec-file and added: --without-rlm_sql_iodbc \ --without-rlm_sql_firebird \ --without-rlm_sql_db2 \ Instead of listing everything I'd suggest to just remove --enable-strict-dependencies from the configure flags. Nevertheless, later on I get: gmake[10]: Entering directory `/usr/src/packages/BUILD/freeradius-server-2.0.0/src/modules/rlm_sql/drivers/rlm_sql_freetds' gmake[10]: *** Keine Regel, um »all« zu erstellen. Schluss. Either delete the directory (it is empty anyway) or remove --with-experimental-modules from the configure flags. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sql_log. accounting and locking
Phil Mayers wrote: The rlm_sql_log module only logs a single query; unlike the main sql module which (for accounting) will do an update or insert if not found. How, if at all, are people merging the rows? Triggers? Post-processing? Indeed rlm_sql_log executes a single SQL statement. However you could use more complex statements than the config example. For example you have the INSERT ... ON DUPLICATE KEY UPDATE syntax since MySQL 4.1 or stored procedures since MySQL 5.0. Also, I doubt it will be an issue, but just wanted to check; is the flock() of the file likely to cause any contention issues? Is there an easy way of hashing the NAS-IP-Address to writing to 26 files named sql-log-[a-z] and asking radsqlrelay to replay them all? Don't worry too much about the lock. rlm_sql_log is locking the sql-relay file and radsqlrelay is locking sql-relay.work therefore the lock should never block. It's only there to catch a corner case where the file is renamed before rlm_sql_log finishes writing. I note rlm_sql_log and radsqlrelay are interacting exactly the same way as rlm_detail and radrelay do. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem compiling freeradius 1.1.7
Patrice Oliver wrote: Frank Winkler a écrit : On what platform are you compiling? Debian. I will try to build a packet. That's the preferred approach. See http://wiki.freeradius.org/Build#Building_Debian_packages -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius Clustering
Fred Zinsli wrote: I am wanting to know if Freeradius can be clustered? and if so can someone point me to some documentation on the subject. I'd suggest to use LVS (Linux Virtual Server) in a direct routing setup. See: http://www.linuxvirtualserver.org/VS-DRouting.html I am also wanting to know how the calculate the new specs for the new servers. Any ordinary PC will do fine. The number of req/s will likely be limited by the backend database. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LSB initscript compliance
Francesco Cristofori wrote: I'd like to integrate FR 1.1.7 installation with Heartbeat-2 but it seems that the initscript /etc/init.d/freeradius is not LSB compliant, so integration is not straightforward. Is there anybody working on this (very small) issue? I've written an initscript with the LSB functions for the Debian package. You may look at debian/freeradius.init in CVS head. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem installing RLM-Python - SOLVED
UriCALL Support wrote: Marc, here is how I got it running: 1. Grab the sources and unpack them (1.1.7 version) 2. After unpacking, run from within the source folder: ./configure --with-static-modules=python make Sorry, it seems the file doc/rlm_python is 5 years old and is really outdated. It doesn't make sense to use --with-static-modules=python with current version of Python. As posted to the list, the correct configure line is: $ ./configure --with-experimental-modules -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: healthcheck?
Kevin J wrote: We want to reject slb health checks immediately. What is the best way to do that? tried to add healthcheck Auth := Reject but it still go through all authorization/authentication modules. Is there anyway that we can immediately reject it so we can make it lighter? Please no HTML to the list. You might set Autz-Type in the users files to run different modules. See http://freeradius.org/radiusd/doc/Autz-Type -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL read_group patch - please apply!
Roy Walker wrote: Please apply the patch from http://readlist.com/lists/lists.freeradius.org/freeradius-users/2/10462. html, which was posted 3 and a half months ago! This is a coincidence, but the read_groups patch was checked in CVS earlier today. You can run a cvs update or dowload a new snapshot from the website tomorrow. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Logging failed authentications....
Ackbar Joolia wrote: I would like to be able to log failed authentications but I don't find it anywhere. And ideally I would like to put it into a MySQL table. Can anyone advice on this please? Please read section 6.3 of the FAQ: http://wiki.freeradius.org/FreeRADIUS_Wiki:FAQ#How_do_I_log_failed_login_attempts_in_a_SQL_database.3F -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radsqlrelay is rude
Stefan Winter wrote:
attempting to kill a running radsql with ^C doesn't do anything, and
kill'ing it with TERM doesn't impress it either on my system. I had to
send KILL to get rid of it. Is this intentional?
The radsqlrelay script doesn't exit immediately. It finishes the
pending queries in sql-relay.work before that. This prevents the
next run of radsqlrelay from inserting duplicate records.
Then, on startup I see it instantiated but only the post-auth query is
printed on startup with -X - leaving me with the question on whether the
other queries are actually properly read or not (see below). That's not
nice as well. I'm on 1.1.6.
Module: Loaded sql_log
sql_log: path = /var/log/radius/radacct/sql-relay-main
sql_log: Post-Auth = INSERT INTO radpostauth (id, user, pass, reply, date)
VALUES
('', '%{User-Name}', '%{RESTENA-Service-Type}', '%{reply:Packet-Type}', '%S')
sql_log: sql_user_name =
sql_log: safe-characters
= @abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /
Module: Instantiated sql_log (sql_relay_main)
(I'm very sure the config contains Start, Alive, Stop as well)
The accounting queries are handled differently. They aren't hard-coded
in the config, that's why you can't see them in the debug output of
the parser.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius 2.0 Debian Packages available yet ?
George Embrey wrote: Has anybody published any FreeRadius 2.0 Debian (.deb) Packages yet ? The wiki explains how to build a Debian package yourself from a FreeRADIUS tarball. http://wiki.freeradius.org/index.php?title=Build#Building_Debian_packages -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sql_log and sql.conf
Stefan Winter wrote: the accounting queries in sql.conf and the sample sql_log module in radiusd.conf are not identical. For consistency, I'd expect to find the same things there. Any specific reason, or can I just copy over the usual queries from sql.conf into that module and expect them to work? In short: you can copy your queries into sql_log and it'll work. The sample queries in rlm_sql_log are a little simpler than rlm_sql because there is no retry mechanism with alternative queries in rlm_sql_log. The alternative queries are not really needed anymore because since MySQL 4.1 you can write INSERT ... ON DUPLICATE KEY UPDATE ... in a single statement. However I have no idea if this syntax can work with other databases than MySQL. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.0-pre1 - cannot build on FreeBSD
David Wood wrote: It didn't take until tomorrow - this looks better, and is tested and apparently working with autoconf 2.61. Thanks for doing background research about the bug, and thanks for the patch. What do you think? Do you agree that that's a better solution than the patch in bug #454? I agree. It seems to be the underlying problem, so it's better to fix it like that. I've applied your patch to HEAD and branch 1.1. Meanwhile, I think I've fixed the packaging list for the FreeRADIUS 2 port on FreeBSD (and the script that generates it) - though this process did flag up one oddity. src/modules/rlm_eap/types/rlm_eap_psk is not built in 2.0.0-pre1. So far as I can tell, this is because Makefile.in is never turned into a Makefile. Is this intentional? I think this module is still experimental, therefore it's not surprising there is no Makefile and no configure script. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.0-pre1 - cannot build on FreeBSD
David Wood wrote: I've put in quite a bit of work today towards porting 2.0.0-pre1 to FreeBSD, with the intention of submitting a FreeRADIUS 2 port as soon as possible. Unfortunately, there's a problem which I don't have the autoconf skills to patch quickly. When checking (and later attempting to use) net/if.h, you need to #include sys/socket.h on FreeBSD to get the definition of struct sockaddr. Thanks for the report. I hope the following changes in CVS head will solve the problem. (you also need to run autoconf) Index: configure.in === RCS file: /source/radiusd/configure.in,v retrieving revision 1.240 retrieving revision 1.241 diff -u -r1.240 -r1.241 --- configure.in28 May 2007 10:28:06 - 1.240 +++ configure.in28 May 2007 10:46:54 - 1.241 @@ -559,7 +559,6 @@ sys/security.h \ fcntl.h \ sys/fcntl.h \ - net/if.h \ prot.h \ pwd.h \ grp.h \ @@ -567,6 +566,13 @@ siad.h ) +dnl FreeBSD requires sys/socket.h before net/if.h +AC_CHECK_HEADERS(net/if.h, [], [], +[#if HAVE_SYS_SOCKET_H +# include sys/socket.h +# endif +]) + REGEX=no AC_CHECK_HEADER(regex.h, AC_DEFINE(HAVE_REGEX_H, [], [define this if we have the regex.h header file])) if test x$ac_cv_header_regex_h = xyes; then Index: src/include/missing.h === RCS file: /source/radiusd/src/include/missing.h,v retrieving revision 1.35 retrieving revision 1.36 diff -u -r1.35 -r1.36 --- src/include/missing.h 25 May 2007 09:57:15 - 1.35 +++ src/include/missing.h 25 May 2007 09:58:26 - 1.36 @@ -50,6 +50,10 @@ #include sys/select.h #endif +#ifdef HAVE_SYS_SOCKET_H +#include sys/socket.h +#endif + #ifdef HAVE_UNISTD_H #include unistd.h #endif -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.0-pre1 - cannot build on FreeBSD
David Wood wrote: As an aside, FreeBSD 6.2-RELEASE-p4 i386, which is the OS on my development box, finishes up with #define GETHOSTBYNAMERSTYLE GNUSTYLE in confdefs.h - so there won't be a similar problem with redefining gethostbyname_r on FreeBSD - but there may be on other operating systems. This should be fixed in CVS, but unfortunately after the release of 2.0.0-pre1. I think the problem you describe is the same as bug #454 in the bugzilla. http://bugs.freeradius.org/show_bug.cgi?id=454 -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: libradius error
Roberto Greiner wrote: I've tried another way, setting 'LD_LIBRARY_PATH=/usr/lib/freeradius/', but now I'm getting a new error: ibatubi:/etc# radwho Wed Apr 25 09:58:08 2007 : Error: Unable to open file /usr/local/etc/raddb/radiusd.conf: No such file or directory radwho: Error reading radiusd.conf. This isn't the path set by dpkg-buildpackage during the build. Please run which radwho to double check you aren't running a binary from an older installation. I guess you have two binaries in /usr/bin/radwho and /usr/local/bin/radwho. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Howto compile 1.1.6 on Fedora 6
Jacob Jarick wrote: I personally hate rpms and will compile all apps so no, I try rpms as a last resort and Im not surprised when they fail with a big list of dependancies. You were not told to pick up a random RPM on the net. The wiki explains how to build yourself a RPM from sources. The resulting package should run without problem on the host where it was compiled. Moreover, building a package allows you to uninstall the files later, so you can cleanly upgrade the version of FreeRADIUS. Residual files from previous installation do weird things, like the problem of double free for example. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Xlat Broken in SQL reply items.
Arran Cudbard-Bell wrote:
Dynamic expansion of reply items in SQL is broken
in current cvs head.
Reply-Message = Welcome %{User-Name} At wherever
I'd suggest to try using back quotes in the table of reply items:
Reply-Message = `Welcome %{User-Name} At wherever`
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 1.1.6 crashes on fedora 6
Jacob Jarick wrote: *** glibc detected *** ./sbin/radiusd: double free or corruption (fasttop): 0x09f91ca8 *** === Backtrace: = /lib/libc.so.6[0xcbfefd] /lib/libc.so.6(cfree+0x90)[0xcc3550] /usr/local/lib/libltdl.so.3[0x3d55db] /usr/local/lib/libltdl.so.3(lt_dlopenext+0xbe)[0x3d5f6e] You could try to use the libltdl from Fedora instead of the one from the FreeRADIUS sources. $ ./configure --with-system-libtool You could also try to build a RPM package from sources, this will toggle the option for you. See the wiki for more details. http://wiki.freeradius.org/Build#Building_RedHat_packages -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialupadmin and php5 (was: FreeRADIUS 1.1.6 has been released)
Markus Krause wrote: I just downloaded the 1.1.6 release via ftp and tried to build debian packages on Etch and rpms on SLES10, here is the almost successful story: ;-) Thanks for the feedback. i am not sure, debian etch (released on 8. april) contains both php4 and php5 and i think there might be a lof users/admins which still use/prefer php4 on their systems. so what about something like - Package: freeradius-dialupadmin Architecture: all Depends: php4 | php4-cgi | php5 | php5-cgi I'm not using dialupadmin, so I'm not sure if it works cleanly with php5. I'd like to get report it is the case before editing the Depends line. I also note there is a related report on the Debian BTS. However the reporter didn't provide feedback whether dialupadmin works with php5 or not. http://bugs.debian.org/412701 -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: glibc double free or corruption still happening
Roberto Greiner wrote: I've installed FreeRadius 1.1.6 to my Debian Etch box, trying to solve the 'glibc double free or corruption', but the error is still happening. To make sure that no old library was causing the problem, I searched for any file and folder which could be from the old freeradius (using locate *radiu* and updatedb, it until no file was to be found). Then I recompiled everything and reinstalled. The problem persisted. Could I have missed some library with the locate I used? Is there a better way to uninstall everything for the upgrade? Any other Ideas? http://wiki.freeradius.org/Build#Building_Debian_packages -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeBSD FreeRADIUS port updated to 1.1.5, with various enhancements
David Wood wrote: The above patch is tested and working against 1.1.5. Passing --without-docdir to configure generates a warning and prevents the installation of any documentation. If, after any desired tidying up, this can be committed to the CVS for branch_1_1 and HEAD I would be grateful. Thanks for the feedback. I've added in CVS the support for ./configure --without-docdir. The change should be in 1.1.6. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeBSD FreeRADIUS port updated to 1.1.5, with various enhancements
David Wood wrote:
In message [EMAIL PROTECTED], Nicolas
Baradakis [EMAIL PROTECTED] writes
David Wood wrote:
There's two other things I'm currently modifying the source to achieve,
on which I'd appreciate comments.
patch-doc::Makefile surrounds the contents of the install target in
doc/Makefile with #ifndef NOPORTDOCS ... #endif. FreeBSD ports have to
respect this flag. Is a neater way to pass --with-docdir=/dev/null to
configure if NOPORTDOCS is defined (which I haven't tried) and abandon
the patch. Has anyone any other suggestions?
Every downstream distribution has its own mechanism to mark the
files as documentation.
--with-docdir=/dev/null results in
mkdir: /dev/null: File exists
It looks like the patch (or some other way of modifying doc/Makefile)
will have to stay. I will continue to modify the source in some suitable
way to achieve this.
Currently ./configure --without-docdir throws an error, but it's
possible to modify this option in CVS to cancel doc files installation.
I think it might be useful for the Suse package, too.
Please give a try to the following patch. If it solves the problem I'll
add it to the CVS.
Index: configure.in
===
RCS file: /source/radiusd/configure.in,v
retrieving revision 1.198.2.15.2.13
diff -u -r1.198.2.15.2.13 configure.in
--- configure.in26 Mar 2007 12:58:16 - 1.198.2.15.2.13
+++ configure.in1 Apr 2007 15:16:32 -
@@ -115,7 +115,7 @@
[ --with-docdir=DIR Directory for documentation
[DATADIR/doc/freeradius] ],
[ case $withval in
no)
- AC_MSG_ERROR(Need docdir)
+ docdir=no
;;
yes)
;;
@@ -129,6 +129,9 @@
)
AC_SUBST(docdir)
AC_MSG_RESULT($docdir)
+if test x$docdir = xno; then
+ AC_MSG_WARN(Documentation files will NOT be installed.)
+fi
dnl extra argument: --with-logdir
logdir='${localstatedir}/log/radius'
Index: doc/Makefile
===
RCS file: /source/radiusd/doc/Makefile,v
retrieving revision 1.4.4.2.2.3
diff -u -4 -r1.4.4.2.2.3 Makefile
--- doc/Makefile15 Jul 2006 17:16:51 - 1.4.4.2.2.3
+++ doc/Makefile1 Apr 2007 15:16:44 -
@@ -15,16 +15,21 @@
clean:
@$(MAKE) $(MFLAGS) WHAT_TO_MAKE=$@ common
@rm -f *~
+ifeq ($(docdir),no)
+install:
+ @echo 'Documentation files will NOT be installed.'
+else
install:
$(INSTALL) -d -m 755 $(R)$(docdir)
for file in *[!~]; do \
if [ -f $$file -a $$file != Makefile ]; then \
$(INSTALL) -m 644 $$file $(R)$(docdir); \
fi; \
done
@$(MAKE) $(MFLAGS) WHAT_TO_MAKE=$@ common
+endif
common: $(SUBDIRS)
$(SUBDIRS):
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeBSD FreeRADIUS port updated to 1.1.5, with various enhancements
David Wood wrote: The second group of patches that remain I'm going to post below - because I think they might be candidates for committing to FreeRADIUS itself. It was clearly felt by previous contributors to the port that the Makefiles don't always contain $(CFLAGS) when they would be expected to. It might be that these patches are also unnecessary with the build system used from 1.1.3 onwards - if so, will someone explain why and I'll remove these patches too. I believe they are still needed judging by the output of make, but I'm willing to be corrected (in Alan's gentle style if needs be!). [...] The patch adds $(CFLAGS) during the *link*. (not during compile) The linker doesn't need options such as -O3 or -I/path/to/include therefore I'd like to know the reasons why you believe this patch would be useful. There's one patch I wrote, which I think is a bug in a Makefile for 1.1.4 and 1.1.5 (hence the file name of patch-raddb-Makefile-1.1.4_bug): [...] otppasswd.sample seems to have disappeared from 1.1.4 onwards - is this a bug in that Makefile as I believe? If so, can that be fixed in CVS? Indeed it looks like a bug. I've fixed it in CVS. There's two other things I'm currently modifying the source to achieve, on which I'd appreciate comments. patch-doc::Makefile surrounds the contents of the install target in doc/Makefile with #ifndef NOPORTDOCS ... #endif. FreeBSD ports have to respect this flag. Is a neater way to pass --with-docdir=/dev/null to configure if NOPORTDOCS is defined (which I haven't tried) and abandon the patch. Has anyone any other suggestions? Every downstream distribution has its own mechanism to mark the files as documentation. To install the sample raddb files in the correct location, I'm running sed across all Makefile and Makefile.in files, replacing $(R)$(raddbdir) with the appropriate location. I'd rather do this via configure, but if I use --with-raddbdir, that changes the install location of the files *and* the default location the server looks for those files. The latter change isn't wanted. Every downstream distribution has its own mechanism to handle the config files. I don't know the opinion of the others, but I'm unsure about a configure option that's useful for the FreeBSD port only. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with compile
Rob Wright wrote: I'm trying to setup Freeradius 1.1.5 and I'm having a problem during 'make'. I'm using Debian Etch, with Perl 5.8.8. FreeRADIUS compilation on Debian is covered in the wiki. http://wiki.freeradius.org/Build#Building_Debian_packages -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Redundant SQL servers accounting problem, FreeRadius 1.1.4
Alexander V. Klepikov wrote:
I did not find any information about what is going on when database or SQL
server suddenly comes down, but it looks like pg_sock-conn is freed when
connection to DB became broken. And pg_sock-conn != NULL . That's why libpq
crashes when PQfinish(pg_sock-conn) in sql_close function is called.
It seems to me this is the real cause of the problem: pg_sock-conn becomes
an invalid pointer. The libpq manpage says the PGconn pointer should not be
used after PQfinish has been called.
Please try the following patch:
Index: src/modules/rlm_sql/drivers/rlm_sql_postgresql/sql_postgresql.c
===
RCS file:
/source/radiusd/src/modules/rlm_sql/drivers/rlm_sql_postgresql/sql_postgresql.c,v
retrieving revision 1.38.4.1
diff -u -r1.38.4.1 sql_postgresql.c
--- src/modules/rlm_sql/drivers/rlm_sql_postgresql/sql_postgresql.c 14 Dec
2005 18:32:03 - 1.38.4.1
+++ src/modules/rlm_sql/drivers/rlm_sql_postgresql/sql_postgresql.c 21 Mar
2007 11:28:17 -
@@ -61,6 +61,7 @@
/* Prototypes */
static int sql_store_result(SQLSOCK * sqlsocket, SQL_CONFIG *config);
static int sql_num_fields(SQLSOCK * sqlsocket, SQL_CONFIG *config);
+static int sql_close(SQLSOCK * sqlsocket, SQL_CONFIG *config);
/* Internal function. Return true if the postgresql status value
* indicates successful completion of the query. Return false otherwise
@@ -181,7 +182,7 @@
if (PQstatus(pg_sock-conn) == CONNECTION_BAD) {
radlog(L_ERR, rlm_sql_postgresql: Couldn't connect socket to
PostgreSQL server [EMAIL PROTECTED]:%s, config-sql_login, config-sql_server,
config-sql_db);
radlog(L_ERR, rlm_sql_postgresql: Postgresql error '%s',
PQerrorMessage(pg_sock-conn));
- PQfinish(pg_sock-conn);
+ sql_close(sqlsocket, config);
return SQL_DOWN;
}
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Building freeradius 1.1.5 packages on Debian
Nils Olav Brandstorp Bekken wrote: I tried building Debian packages on the latest 1.1.5 and ended up with packages named 1.1.3, is that the way its supposed to be? The version number apart, your binaries should be correct. Just replace 1.1.3 by 1.1.5 in the file debian/changelog to fix that. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS + LVS problem
Alan DeKok wrote: Peter Nixon wrote: On the other hand testing MySQL from another script is not a huge pain... Yup. If you want to know if an SQL server is up, there are existing tools to test that. Personally, I would test: a) RADIUS via Status-Server b) SQL via sql client c) test user via Access-Request If you just do (c), you have no idea if the problem is the RADIUS server or the SQL server. Not that it matters to a NAS, of course, but it matters to an administrator. That's completely true. I note the discussion started with a question about LVS, not a question about RADIUS supervision in general. From the LVS server point of view, I think the test (c) is the most useful, because there's no point to send traffic to a node if it fails to authorize a user, whatever the reason is. The tests (a) and (b) are useful to the administrators, but I don't think they're to be run by the load balancing server. They could be run by general purpose supervision tools like Nagios. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS + LVS problem
Alan DeKok wrote: Nicolas Baradakis wrote: Keepalived will monitor the FreeRADIUS proxies. The health check is configured with a MISC_CHECK stanza in keepalived.conf. You have to run radclient and test whether the server returns Access-Accept, that's all. This is what Status-Server should be used for. http://www.ietf.org/internet-drafts/draft-dekok-radius-status-server-00.txt I see one advantage to use Access-Request pings: I can test both the RADIUS server and the MySQL backend with a single check. A FreeRADIUS proxy uses real users to ping the RADIUS servers, and that's troublesome for the reasons outlined in your draft. Keepalived deals with the problem differently: you can setup a special account to run the monitor checks. Therefore you don't really care whether the statistics of the user [EMAIL PROTECTED] are wrong. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS + LVS problem
Alan DeKok wrote: Sam Schultz wrote: I was thinking there may be some way to coerce FR into thinking the load balancer is another radius server sending over proxied requests, or something like that. The simplest way to do that is (perhaps not surprisingly) to run FreeRADIUS as a proxy, doing RADIUS-aware load balancing. Since that machine won't be doing authentication (DB's are slow), there's no reason it can't handle proxying 5k RADIUS requests/s. I agree with Alan: if you want the features of a RADIUS proxy, just setup FreeRADIUS as a proxy. I note alike the LVS servers, you can have several RADIUS proxies in a pool and use Keepalived for failover. Keepalived will monitor the FreeRADIUS proxies. The health check is configured with a MISC_CHECK stanza in keepalived.conf. You have to run radclient and test whether the server returns Access-Accept, that's all. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS + LVS problem
Sam Schultz wrote: From what little information I could find on this, it looks like the freeradius thinks these are proxied requests due to ip mangling done by the LVS load balancer (Basically, it's a 1:1 NAT). Has anyone come across anything like this? Any pointers for work- arounds would definitely be appreciated. I'd suggest to use LVS in a direct routing setup. http://www.linuxvirtualserver.org/VS-DRouting.html -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Best practices for redundant servers
Graham Beneke wrote: Dennis Skinner wrote: For serious billable accounting you probably want to write to files and then import them into the db (there is a module to help with this). Radius will happily skip queries that take too long or if there are not enough mysql connections available on the accounting side. I remember reading about 'radsqlrelay' that does essentially this. It is also mentioned once in radiusd.conf but subsequent searching has brought up nothing worthwhile. Does anyone remember where there is doccumentation on this? radsqlrelay and rlm_sql_log have a manpage. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Building from CVS
King, Michael wrote: I unzipped it, and ran fakeroot dpkg-buildpackage -b -uc It failed with: checking how to run the C++ preprocessor... /lib/cpp configure: error: C++ preprocessor /lib/cpp fails sanity check See `config.log' for more details. make: *** [stamp-build] Error 1 apt-get install g++ -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Compile freeradius + debian + rlm_eap_tls
Rafal Kaminski wrote: I have freeradius on debian etch but without rlm_eap_tls. How i can compile new freeradius-1.1.4 witch rlm_eap_tls ? Sorry for easy question, but i'm new one in that. You should build the Debian packages from sources. See http://wiki.freeradius.org/Build#Building_Debian_packages -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Choosing The best replication system.
Sarkis Gabriel wrote: At the moment i have 4 pops around the country and all are feeding from a satellite links, as the company is growing it is becoming very hard to maintain and we are looking to have a central MySQL DB in the UK which feeds the slave machines with the updated info. I'd suggest to have two distinct mechanisms for authorization (using a read-only database) and accounting (using a write-only database). The authorization database could be replicated on each RADIUS server host using MySQL replication. (because FreeRADIUS will do only read-only requests on the local slave) The accounting data could be saved in text files on the local disk using rlm_sql_log. The data can be pushed later in the central accounting database using radsqlrelay. One thing I must mention there is a lot of LAG on satellite connection looking at approx 650ms and because of BW cost we do rely on proxies which makes BW usage during the day very expensive, so i would like to be able to replicate maybe once a night lets say at midnight being less busy and cheaper. You could try to use radsqlrelay in one-shot mode. (see the manpage) Just run radsqlrelay in a daily cron job to push all the accounting data at a fixed hour. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Failed to link EAP type EAP/TLS
Chad Best wrote: OpenSSL and Freeradius have both been installed with the Synaptic package manager. Is there anything else I can do? Any help would be greatly appreciated. You could build a Debian package from sources. The wiki explains how to do that. http://wiki.freeradius.org/Build -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Best practices for redundant servers
Aaron Paetznick wrote: I've been struggling with this problem for a couple of weeks, and I thought I'd pass it along to the mailing list. Basically I'm trying to answer the following question. Given multiple identical dedicated servers each running Linux and MySQL, how can I configure FreeRADIUS for maximum stability, reliability, and performance? The question, it seems, is not as easy as is sounds. I've already setup FreeRADIUS on multiple redundant servers, but never had the time to write a HOWTO. The main guideline is: 1. Use LVS in a direct routing setup to dispatch the RADIUS requests. http://www.linuxvirtualserver.org/VS-DRouting.html 2. Use MySQL replication for the authorize database, so each FreeRADIUS server connects to a local, read only database. http://dev.mysql.com/doc/refman/5.1/en/replication.html 3. Use radsqlrelay for the accounting database, so the accounting data is written to a central database without slowing down the RADIUS servers. radsqlrelay is to be found in the FreeRADIUS source tarball, you could read the rlm_sql_log and radsqlrelay manpages for more details. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: module for deleting attributes
Lars Ricken wrote: How can I understand you developed module for deleting attributes from incoming radius requests. Can You send it to me via email or give a link where I can download it.It's very important for me. I don't think there's any point in deleting attributes in the incoming request. Just don't check those attributes in authorize, that's all. If you've configured FreeRADIUS as a proxy, you want to delete the undesired attributes from the proxy request, not the incoming request. In this case you could use the attr_filter module in the pre-proxy section. See the rlm_attr_filter(5) manpage. PS: Please don't reply to freeradius-devel, this is a question for the freeradius-users mailing list. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Source IP address for proxy requests
Peter Nixon wrote: On Mon 25 Sep 2006 19:05, Nicolas Baradakis wrote: That has nothing to do with FreeRADIUS. The source address of an outgoing UDP packet is chosen by the kernel according to the local network configuration. I had this problem previously with FreeRADIUS where radius had to reply from the inside interface of a multihomed server else the packets would not match the IPSec tunnel ACLs bound to the external interface (A common config) I solved it by telling freeradius to only bind to one IP. Does this config no longer work?? This example is different from the one we're discussing. FreeRADIUS replies indeed to the NAS from the same address as the request arrived at. However, a proxy request is different, because it's a new outgoing packet. In this case, we don't force the source IP in FreeRADIUS and we shouldn't do so because the NAS and the realm server are possibly on a different network. (it depends on the local network configuration) The network configuration of the host is outside the scope of FreeRADIUS. The correct way to solve the problem is to fix the network routes on the host, so the outgoing requests have the desired source IP. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Source IP address for proxy requests
Peter Nixon wrote: On Tue 26 Sep 2006 11:55, Nicolas Baradakis wrote: However, a proxy request is different, because it's a new outgoing packet. In this case, we don't force the source IP in FreeRADIUS and we shouldn't do so because the NAS and the realm server are possibly on a different network. (it depends on the local network configuration) The network configuration of the host is outside the scope of FreeRADIUS. The correct way to solve the problem is to fix the network routes on the host, so the outgoing requests have the desired source IP. Yes you are correct. Abviously I didn't read the thread in enough depth. It does bring up the issue that we maybe should have an optional proxy_source_ip config option.. I don't think it's a good idea, because all the realm servers may not be on the same network. IMHO FreeRADIUS doesn't have to cope with the network configuration of the host: it only has to set the destination IP, and the rest is handled by the kernel. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Source IP address for proxy requests
Angel L. Mateo wrote: Freeradius is working fine with this configuration, except the proxy module. The problema I have is that proxy requests are originated with the IP address of the member, not the IP of the cluster. And I haven't found any configuration option to configure this. Is there any way to do it? Why is this a problem? I note RADIUS packets are using UDP, which means they're connectionless. I think you don't want a machine from the cluster send a proxy request, and a different machine get the proxy reply. This wouldn't work. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Source IP address for proxy requests
Angel L. Mateo wrote: El lun, 25-09-2006 a las 14:46 +0200, Nicolas Baradakis escribió: Angel L. Mateo wrote: Freeradius is working fine with this configuration, except the proxy module. The problema I have is that proxy requests are originated with the IP address of the member, not the IP of the cluster. And I haven't found any configuration option to configure this. Is there any way to do it? Why is this a problem? This is a problem for the next reasons: * I have to configure my firewall to accept radius conections to different addresses, not just the clustered IP. You could accept a small IP range like 192.168.1.0/30 on the firewall. * The radius that receives the request has to define two different clients (to accept my request) and also my clustered radius (to send requests to me). I think a realm server would reply to the same IP which it received the packet from. I now it can be solved with configuration but I think this is not a elegant solution to the problem. If I have configured freeradius to listen in just one interface of the server, why it has to use another different interface? That has nothing to do with FreeRADIUS. The source address of an outgoing UDP packet is chosen by the kernel according to the local network configuration. I'd suggest to look at the network routes on the host like suggested in an other reply to your mail. I note RADIUS packets are using UDP, which means they're connectionless. I think you don't want a machine from the cluster send a proxy request, and a different machine get the proxy reply. This wouldn't work. This is an impossible situation, because I have an active/standby configuration of the cluster. Just one node is running the IP and the server. The other node is just a backup one (in a normal environment). I was confused because you didn't mention it was an active/backup setup. However, I note a virtual IP is usually used for incoming traffic, not the requests originated from a node of the cluser. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to get FreeRadius 2.0.0 pre version???
Trymp wrote: I want to get FreeRadius 2.0.0 pre version. $ cvs -d :pserver:[EMAIL PROTECTED]:/source checkout module-name what is module-name?? Please no HTML to the list. The module name is radiusd. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl link error
Alexander Serkin wrote: i'm getting the following error while building rlm_perl module: [...] gcc -shared -Wl,-h -Wl,rlm_perl-1.1.3.so -o .libs/rlm_perl-1.1.3.so .libs/rlm_perl.o -R/opt/fr/src/freeradius-1.1.3/src/lib/.libs -R/opt/fr/lib /opt/fr/src/freeradius-1.1.3/src/lib/.libs/libradius.so -L/usr/local/lib /usr/local/lib/perl5/5.8.6/sun4-solaris/auto/DynaLoader/DynaLoader.a -L/usr/local/lib/perl5/5.8.6/sun4-solaris/CORE -lperl -ldl -lm -lc -lnsl -lresolv -lsocket -lposix4 -lpthread -lc Text relocation remains referenced against symbol offset in file unknown 0x2628 /usr/local/lib/perl5/5.8.6/sun4-solaris/CORE/libperl.a(perl.o) ... These are the same errors as this bug report: http://bugs.freeradius.org/show_bug.cgi?id=388 does it mean that perl is compiled incorrectly on the machine? It seem to be installed from SMCperl binary package for SunOS 5.8 I'm not sure exactly what's happening, but it seems the libperl.a library on the host contains non-PIC code, and the Solaris linker refuses to make a shared library for this reason. If you don't need the perl module, I'd suggest to build FreeRADIUS using ./configure --without-rlm_perl -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: HOW-TO for Linux radius client
J. C. Desai wrote: I am looking for a Linux client side HOW-TO for radius authentication without requiring presence of the login id on client side locally. Please no HTML to the list. I already tried to implement a similar setup but never found all the pieces of the puzzle. 5) The problem I am facing is that the login id has also to be defined locally on client Linux machines --- otherwise, for example, the su command fails indicating that the id does not exist (if I create the login id on client locally, then it queries freeRadius server) Indeed, the missing piece is the libnss-radius. I think you'll have to write your own. I've already looked at it and it's not very hard to do. My tests indicate that you need to implement only 2 functions to get login, xdm, ssh, etc. working on the client machines. enum nss_status _nss_radius_getpwnam_r(const char *name, struct passwd *result, char *buffer, size_t buflen); enum nss_status _nss_radius_getpwuid_r(uid_t uid, struct passwd *result, char *buffer, size_t buflen); More info in the glibc manual: http://www.gnu.org/software/libc/manual/html_node/Name-Service-Switch.html -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: no Client-IP-Address in packet
Mitaine Yoann wrote: the only problem is that preprocess is present in the authorize section in the radiusd.conf file of the radius server A You should check also the config of the radius server B. And please stop posting with HTML to the mailing list. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Reply VSA-s in Access-Reject
Yervand Petrosyan wrote: In 1.1.3 version Access-Reject doesn't return in reply VSA attributes but it is works well in 1.0.1. Something was changed? Yes, because it was considered as a bug. See http://bugs.freeradius.org/show_bug.cgi?id=207 I also note Vendor-Specific attributes aren't allow in Access-Reject packets per RFC 2865. (section 5.44) See http://www.ietf.org/rfc/rfc2865.txt -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cannot compile and run on Mac OS X 10.4.7
Michael Check wrote: On 8/22/06, Michael Check [EMAIL PROTECTED] wrote: We tried googling around and we're happy to hear that freeradius will be a part of 10.5, but we'd like to get it running now... There really is no other docs we've found on getting it compiled (after difficulty like the above) and installed. Certainly nothing recent anyway. Is it true that it _should_ just work? :) Thanks in advance for any assistance, This is issue is not really solved, I didn't get it to compile, but I thought those of you that are looking for a solution to run freeRADIUS on OSX should look to the package installer that I found. It is quite recent (version 1.1.0pre0) and runs great. I don't own an Apple machine, so I'm not able to test it myself. However from what I read on the mailing lists, it should be possible to build version 1.1.3 of FreeRADIUS on Mac OS 10.4.7 with the following commands: $ configure --enable-developer $ make $ su - # make install -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: public key for source signature
Jonathan Casiot wrote: I've downloaded the most recent source, freeradius-1.1.3.tar.gz, and I'd like to verify the file against the PGP signature but I can't find the public key anywhere. Can someone point me to it's location? http://freeradius.org/pgp/[EMAIL PROTECTED] -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Reply VSA-s in Access-Reject
Yervand Petrosyan wrote: Really, it would be reasonably to have this option configurable. As always, patches are welcome. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cannot compile and run on Mac OS X 10.4.7
Michael Check wrote: There really is no other docs we've found on getting it compiled (after difficulty like the above) and installed. Certainly nothing recent anyway. Is it true that it _should_ just work? :) Please try version 1.1.3, available on www.freeradius.org. The build tools (autoconf, libtool, libltld) have been upgraded to a recent version. It was reported to work out of the box on Mac OS 10.4.7 (ie ./configure make and make install) http://lists.freeradius.org/pipermail/freeradius-devel/2006-August/010131.html -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: BUG! Variables and MySQL queries
Chris Knipe wrote: The mySQL variables %H:%i:%S is over written by FreeRadius' variables... I have filed in BugZilla as well. Any possibility to get this fixed??? This is not a bug. FreeRADIUS expands the variables in the query strings as documented here: http://freeradius.org/radiusd/doc/variables.txt If you want to pass the characters % to MySQL, you must use the following syntax: %%H:%%i:%%S -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Oracle is not supported by radsqlrelay?
Alexander Serkin wrote:
Nicolas Baradakis wrote:
Please create a patch with diff -u radsqlrelay.orig radsqlrelay
and post it to the list. I'll add it in version 1.1.3.
Here it is:
--- radsqlrelay.orig2006-08-16 15:40:58.220277000 +0400
+++ radsqlrelay 2006-08-16 17:53:20.151452000 +0400
@@ -156,6 +156,8 @@
$data_source = DBI:mysql:database=$args{b};host=$args{h};
} elsif (lc($args{d}) eq 'pg') {
$data_source = DBI:Pg:dbname=$args{b};host=$args{h};
+} elsif (lc($args{d}) eq 'oracle') {
+$data_source = DBI:Oracle:$args{b};
} else {
print STDERR error: SQL driver not supported yet: $args{d}\n;
exit 1;
Added, thanks.
whith -b db.domain.tld i give the database description stored in
$TNS_ADMIN/tnsnames.ora:
db.domain.tld =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = db.domain.tld)(PORT = 1521))
)
(CONNECT_DATA =
(SERVICE_NAME = DB SID)
)
)
I've added this to the radsqlrelay(8) manpage, too.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sql segmentaiton fault
YvesDM wrote: Created my own debs of freeradius 1.0.5 Please upgrade to 1.1.2. Everything works, but when i try to use mysql i get a segmentation fault running radiusd -X See http://freeradius.org/radiusd/doc/bugs I used the rules file in the debian dir of the tar.gz, but added --with-experimental modules as a configure option in it cause i need the sqlcounter. sqlcounter is in the stable modules list in versions = 1.1.0. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FR-1.1.2 dies with error
Alexander Serkin wrote: And i feel that Oracle is not good production server for radius accounting. Or the DB structure is not optimal for our application. Does anybody in the list use the FROracle for the systems serving about 4500 simultaneous connections? It's really not much, but... Will the accounting table partitioning help? Maybe you could use radsqlrelay for accounting data, so FreeRADIUS doesn't interact with the database anymore. See the manpages for rlm_sql_log(5) and radsqlrelay(8) for more details. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Oracle is not supported by radsqlrelay?
Alexander Serkin wrote: Nicolas Baradakis wrote: Maybe you could use radsqlrelay for accounting data, so FreeRADIUS doesn't interact with the database anymore. See the manpages for rlm_sql_log(5) and radsqlrelay(8) for more details. didn't think about this yet. Is it possible to run radsqlrelay similar to radrelay - when it feeds the sql log to db while the log is being written by radiusd? You'll find an answer in the manpages mentioned earlier. Oracle is not supported by radsqlrelay? # radsqlrelay -b CDMA -d oracle -h host -P 1521 -p pass -u user -x ./tst-sql error: SQL driver not supported yet: oracle There is no Oracle support yet, because I couldn't test it when I wrote radsqlrelay. As Perl DBI includes an Oracle driver, it should be trivial to add. It's just a 2 lines patch in script/radsqlrelay. This is very strange because i remeber that i used it once after some maintenance operations with our oracle DB. May be with freeradius-1.1.1. Something changed? radsqlrelay was added in version 1.1.0 and since then it was never changed. (you can check the CVS log if you want) -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Oracle is not supported by radsqlrelay?
Alexander Serkin wrote: Finally radsqlrelay works for me with oracle too after patching 2 strings as you said. Please create a patch with diff -u radsqlrelay.orig radsqlrelay and post it to the list. I'll add it in version 1.1.3. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Free Radius 1.1.2, Fedora 5 invalid ELF header
Bill wrote: This is the error from /var/log/radacct/radius.log Error: radiusd.conf[1565] Failed to link to module 'rlm_exec': /usr/local/lib/rlm_exec.a: invalid ELF header Please try the version in the stable branch of the CVS. It uses a newer libtool, therefore it should correctly build the FreeRADIUS modules. $ cvs -d :pserver:[EMAIL PROTECTED]:/source login CVS password: anoncvs $ cvs -d :pserver:[EMAIL PROTECTED]:/source checkout -r branch_1_1 radiusd -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP and mySQL
Bubuk Gabrok wrote: I have came thru a number of references which states that LDAP are specialised database and optimized for read. You should setup the system you're the most familiar with. Unless you've *huge* RADIUS traffic on your site (more than 500 req/s) you won't notice the performance differences. Would that make it a good idea to authenticate thru LDAP *but* the accounting is handled thru mySQL ? Anybody have done this or am I talking nonsense here? This is common to use OpenLDAP for auth and MySQL for acct. http://freeradius.org/radiusd/doc/ldap_howto.txt -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_eap_tls.so won't build.
Lyle Tollefsen wrote: I'm new to freeradius and open source in general, so please bear with me. I'm having a problem with the rlm_eap_tls.so module not compiling, or installing, depending on whether I'm compiling from source, or apt-geting the package. The complaint is that Openssl is missing, however I have installed openssl and libssl0.9.6 and libssl-dev. All to no avail. As you can see, I'm using freeradius 1.1.2. Any help much appreciated. The instructions to build a Debian package from sources are in the FAQ. http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql libraries are there BUT not found
Roger Thomas wrote: In /usr/local/mysql/lib/mysql I have: -rw-r--r--1 root mysql 11866 May 15 10:56 libdbug.a -rw-r--r--1 root mysql 40304 May 15 10:56 libheap.a -rw-r--r--1 root mysql 13536 May 15 10:56 libmerge.a -rw-r--r--1 root mysql 313312 May 15 10:56 libmyisam.a -rw-r--r--1 root mysql 24982 May 15 10:56 libmyisammrg.a -rw-r--r--1 root mysql 480038 May 15 10:57 libmysqlclient.a -rwxr-xr-x1 root mysql 879 May 15 10:57 libmysqlclient.la lrwxrwxrwx1 root mysql 24 May 15 10:57 libmysqlclient.so - libmysqlclient.so.14.0.0 lrwxrwxrwx1 root mysql 24 May 15 10:57 libmysqlclient.so.14 - libmysqlclient.so.14.0.0 -rwxr-xr-x1 root mysql 409020 May 15 10:57 libmysqlclient.so.14.0.0 -rw-r--r--1 root mysql 240636 May 15 10:56 libmystrings.a -rw-r--r--1 root mysql 256614 May 15 10:56 libmysys.a -rw-r--r--1 root mysql 97536 May 15 10:56 libnisam.a -rw-r--r--1 root mysql5576 May 15 10:56 libvio.a What I have done wrong? Please advise. It looks like you don't have libmysqlclient_r.so, the thread safe version of the client library. Either configure MySQL with --enable-thread-safe-client, or configure FreeRADIUS with --without-threads. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Debian TLS support
Scott Hughes wrote: rlm_eap: Failed to link EAP-Type/tls: rlm_eap_tls.so: cannot open shared object file: No such file or directory radiusd.conf[9]: eap: Module instantiation failed Get a source tarball from www.freeradius.org and manually build a Debian package as explained in the FAQ. http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Parse error freeradius-1.1.1
Lin Richardson wrote: You are welcome to send me testing needs and I'll accommodate as I can. May not be same day service, but I'd be happy to do it. Thanks for the help. Could you try please the autotools upgrade in the CVS? $ cvs -d :pserver:[EMAIL PROTECTED]:/source login CVS password: anoncvs $ cvs -d :pserver:[EMAIL PROTECTED]:/source checkout -r branch_1_1 radiusd -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Parse error freeradius-1.1.1
Margit Meyer wrote: I try to compile freeradius-1.1.1 on a Suse Linux 8 Enterprise Server with gcc-3.2.2 and get the following error message: In file included from eap_peap.h:25, from rlm_eap_peap.c:24: ../../libeap/eap_tls.h:138: parse error before SSL ./../libeap/eap_tls.h:138: warning: no semicolon at end of struct or union ./../libeap/eap_tls.h:141: parse error before '*' token ... What could be wrong? There is a few problems in the autoconf tests in version 1.1.1. Please try 1.1.2. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_detail bug when locking = yes
Michael Chernyakhovsky wrote: we need close outfd right before return RLM_MODULE_FAIL; at line 236. ... or get the fixes from CVS head which solve many other problems in rlm_detail. (for example file renamed or unlinked by another program) Everyone will save a considerable amount of time if you could backport the changes from CVS to 1.1.2, run tests to check the new code, and send unified diff to the list. http://freeradius.org/radiusd/doc/DIFFS -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius rlm_sql dumps if database server hiccups
Matt wrote: There are no DB handles available instead of reconnecting... the only way I've found to reconnect, is to restart... Any comments or thoughts on this problem? Please upgrade FreeRADIUS to version 1.1.2. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql accounting
Seferovic Edvin wrote: I do NOT want to be rude, but sometimes searching the archives helps A LOT ! BELIEVE ME ! But for the lazy developers among you people - here is the part that describes the needed feature. Thanks to Jamal ( of course ). This is copy paste - so do NOT blame me ;) You're right, but unfortunately you didn't pick up the easiest method. This question has been asked so many many times on the mailing list that now it's in the FAQ. (but it appears people are too lazy to read the FAQ) http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ Nicolas Baradakis -- A: Yes. Q: Are you sure? A: Because it reverses the logical flow of conversation. Q: Why is top posting annoying in email? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radreply table / OP field length
Cliff Hayes wrote: The included db_mysql.sql which creates the MySQL schema required for FreeRADIUS created the radreply table with a two-character OP field (I assume for use with =, =, etc). It defaults to a single = and when I add a record, subsequent queries from a Microsoft SQL 2000 linked Database connection fail because it wants both characters filled (== maybe). FreeRADIUS provides SQL schemas for both MySQL and Microsoft SQL. I don't really understand why you're using the MySQL schema if you're going to run a different server later. We use Platypus as our billing system, which resides in the Microsoft SQL 2000 environment and talks to FreeRADIUS via the link mentioned above. Should I change the default to == or is there something else? The operator == isn't allowed in a reply item. Please look at this page for a description of the operators: http://freeradius.org/radiusd/doc/rlm_sql -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Locking realm access to a specific huntgroup
Jonathan De Graeve wrote: I have different NAS and each type of NAS is grouped together in a huntgroup. I need to make an addition to my radius setup to proxy requests with a certain realm to a specified server. Proxying is already working but I want to lock the users using that specific realm to a specific huntgroup so that its only possible for them to login on predefined NASgroup. You could try to manually set the Proxy-To-Realm variable in the users file instead of using the realm module. For example, test with something like that: DEFAULT User-Name =~ @foo\.net$, Huntgroup-Name == bar, Proxy-To-Realm := foo.net Using attr_filter isn't an option since this only filters replys. The attr_filter module can be used in both pre-proxy and post-proxy sections. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Locking realm access to a specific huntgroup
Jonathan De Graeve wrote: Using attr_filter isn't an option since this only filters replys. The attr_filter module can be used in both pre-proxy and post-proxy sections. Indeed but if I understand it right, you can't distinct between the 2 types? You can't. But you can have 2 module instances for each section :) Furthermore, this only changes/filters attributes while I needed to check the huntgroup to the local radius. You're right, and this is the reason why attr_filter isn't suitable in your case. Since the DEFAULT trick works, I'm happy :) Thx a lot ;) You're welcome :) -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sql_log outputs truncated sql-statements
Hans-Peter Fuchs wrote:
Configuration of sql_log:
[...]
Alive = UPDATE ${acct_table} \
SET FramedIPAddress = '%{Framed-IP-Address}', \
AcctSessionTime = '%{Acct-Session-Time}', \
AcctInputOctets = '%{Acct-Input-Octets}',
AcctOutputOctets = '%{Acct-Output-Octets}' \
WHERE AcctSessionId = '%{Acct-Session-Id}' \
AND UserName = '%{User-Name}' \
AND NASIPAddress= '%{NAS-IP-Address}';
You're missing a '\' at the end of the 4th line.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segmentation Fault
Ross Hosman wrote: Just thought I'd let you know your email goes into my yahoo spam folder... And please no HTML to the list. http://freeradius.org/list/users.html -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with Freeradius 1.1.2 OpenLDAP 2.3.20
En réponse à Nicolas Martin : checking for ldap_init in -lldap_r ... no checking for ldap.h ... no configure: warning : silently not building rlm_ldap configure: warning : FAILURE : rlm_ldap requires libldap_r ldap.h I am sure my paths are correct, I am sure I have the file ldap.h in my OpenLDAP/include dir and I have a libldap_r directory in my OpenLDAP/libraries dir. Any idea of what is wrong ? Is it a version problem and so, should I try with older versions ? Did I miss something important ? Please look for error messages in src/modules/rlm_ldap/config.log -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlippool - try sql if not try sql1
RobertB wrote: At present it is not possible to do something like: try sql, if not available try sql1. Did you try to put the module in a redundant or a group stanza? http://freeradius.org/radiusd/doc/configurable_failover -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: getting Freeradius to recorde login failure, etc
Christopher Carver wrote: If someone can point me to the right direction, I would be very appreciative. Perhaps I could even explore it to its fullest and submit some documentation to the developers to include with the software to make things a bit more clear. What exactly is unclear in the documentation? There is already an entry How do I log failed login attempts in a SQL database? in the FAQ. http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Trying to configure with --prefix causes install to fail
Glenn Swonk wrote: When I configure with the following: ./configure --prefix=/Radius make all make install the 'make install' fails. Any ideas? It's a known bug, and it'll be fixed in 1.1.2. http://bugs.freeradius.org/show_bug.cgi?id=354 -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: getting Freeradius to recorde login failure, etc
Jeremy ohara wrote: is there a way to get Freeradius 1.0.5 with Mysql to record login-failure, incorrect password or incorrect username into the mysql table? Please read the FAQ, and look for: How do I log failed login attempts in a SQL database? http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segmentation fault when launching freeradius 1.1.1 with sql authorization on debian 1:3.3.5-13
En réponse à Antoine Cavalié : radiusd doesn't want to start when I uncomment sql form radiusd.conf authorize section. What I did is : download and freeradius 1.1.1 ./configure make make install Please read the FAQ, and look for: How do I build a Debian package from sources? http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sql Segmentation Fault
Shawn Hamman wrote: (gdb) bt #0 0x00d789c9 in lt_dlsym (handle=0x88de758, symbol=0x88dd158 rlm_sql_mysql) at ltdl.c:3330 #1 0x00fb65fa in rlm_sql_instantiate (conf=0x88307e0, instance=0x88dcb40) at rlm_sql.c:696 #2 0x0805303b in find_module_instance (instname=0x88339c8 sql) at modules.c:358 #3 0x08053e1a in do_compile_modsingle (component=0, ci=0x88339a8, filename=0x805e931 radiusd.conf, grouptype=0, modname=0xbf835314) at modcall.c:1005 #4 0x080536f3 in setup_modules () at modules.c:570 #5 0x080566db in main (argc=2, argv=0xbf8365a4) at radiusd.c:960 Does anybody out there have any ideas? It looks like bug #98. http://bugs.freeradius.org/show_bug.cgi?id=98 -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Changes to get tls working at debian
Krämer Armin wrote: Hi, i downloaded the source of freeradius 1.1.1 and compiled it with default setting which does not include eap-tls support. When compiling from mainstream sources, the default settings *do* include eap-tls support. What do I have to change to get tls-support fpr freeradius on my debian system? Use dpkg-buildpackage, as explained in the FAQ. http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RPM for Mandrake 10.1 - error
Paul Seaman wrote: I'm trying to compile a Mandrake 10.1 RPM for Freeradius-1.1.1 using the redhat .specfile, and it gets all the way to the end and then spits out: ln: creating symbolic link `/tmp/freeradius-root/usr/lib/libradius-1.1.1.la' to `libradius.la': No such file or directory It's a known problem, and it'll be fixed in 1.1.2. Just add this in src/lib/Makefile: install: $(INSTALL) -d -m 755 $(R)$(libdir) ... -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius, deb (sid)
Gabor Szelei wrote: I'd like to use freeradius with PEAP. [...] rlm_eap_tls.so seems to be missing. Does anyone know some debian source to get it with it? Debian doesn't distribute a binary version of the rlm_eap_tls module because the OpenSSL license is incompatible with the GPL. http://www.gnu.org/licenses/license-list.html#GPLIncompatibleLicenses http://marc.theaimsgroup.com/?l=openssl-usersm=114460613316150w=2 Is there some guide about how to build it and what dependencied are needed for that? You might download FreeRADIUS 1.1.1 and build a Debian package from sources. http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Changes to dialupadmin
Jonathan De Graeve wrote: I want to publish my enhancements to dialupadmin to the freeradius devels. How can I do this? Please post your patches to the bugzilla. http://bugs.freeradius.org/ -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Acct-Type and MySQL
Luca Corti wrote:
On Tue, 2006-04-11 at 18:46 +0200, Nicolas Baradakis wrote:
You need to specify Acct-Type during preacct. It's doable if you
can write an acct_users file to set the Acct-Type.
Did you try to write an acct_users file? Try to distinguish your
group with the value of one or several attributes present in the
Accounting-Request.
Here is an example:
DEFAULT Some-Attribute == some value, Acct-Type := DIALUP
Here is the documentation:
http://freeradius.org/radiusd/doc/Acct-Type
If you need to do it with MySQL, I've seen a patch on the bugzilla.
http://bugs.freeradius.org/show_bug.cgi?id=264
Thanks a lot for the pointer. I've patched and installed FR 1.1.1.
Please try the first method. The second one is a last ressort
solution, since this patch is not part of FreeRADIUS.
Now I have set preaccounting query in my sql.conf file to
sql sql_generic {
...
preaccounting_query = SELECT Value FROM ${groupcheck_table} WHERE
Attribute = 'Acct-Type' LIMIT 1
}
I think the select statement should return 5 columns like the
authorize queries.
is this supposed to be correct? Unfortunately I get a segfault.
modcall[preacct]: module acct_unique returns ok for request 0
rlm_realm: No '@' in User-Name = gi-na-napoli-a, looking up realm
NULL
rlm_realm: No such realm NULL
modcall[preacct]: module suffix returns noop for request 0
radius_xlat: 'SELECT Value FROM radgroupcheck WHERE Attribute =
'Acct-Type' LIMIT 1'
rlm_sql (sql_generic): Reserving sql socket id: 3
Segmentation fault
I'd suggest to post your problems at the end of bug #224. You're using a
patch which isn't part of FreeRADIUS, so I can't help much.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Acct-Type and MySQL
Luca Corti wrote: Now I'd like to specify Acct-Type := DIALUP in MySQL for a particular group of users so that accounting for that group uses sql_dialup. Is this doable? Do I need to specify Acct-Type as a reply or check item? You need to specify Acct-Type during preacct. It's doable if you can write an acct_users file to set the Acct-Type. If you need to do it with MySQL, I've seen a patch on the bugzilla. http://bugs.freeradius.org/show_bug.cgi?id=264 -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Allow linking against OpenSSL? (Was Re: [GENERAL] Debian package for freeradius_postgresql module)
Tyler MacDonald wrote: It's rediculous that this is so simple to achieve technically, and all products involved are being provided for free, yet there's still all this beaurocratic red tape involved in getting them to play nice together... I understand very well, and I'd like to help Debian to achieve world domination, too. But I'm really wary of a license change. Alternatively, is it possible to leave the LICENSE file intact, and to write an OpenSSL exception as a side note in a different file? I think I'll have to do some research whether this is valid or not. (if someone knows of such an example, it'd help) -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Allow linking against OpenSSL? (Was Re: [GENERAL] Debian package for freeradius_postgresql module)
Tyler MacDonald wrote: It appears that several other GPL apps have added a special clause to their license that allows them to be linked against OpenSSL. Could this be done for freeradius/freeradius-postgresql as well? Personally I really dislike the idea: FreeRADIUS code is released under the GPL and there is nothing wrong with that. I note there are many other ways to get a freeradius-postgresql package in Debian. - Ask Debian to provide a SSL-free package of the PostgreSQL libraries, so our freeradius-postgresql package can depend on that. - Add GnuTLS support to PostgreSQL (someone suggested to work on that in the pgsql-general mailing list) http://archives.postgresql.org/pgsql-general/2006-04/msg00367.php - Ask OpenSSL to remove the advertising clause from their license. I also note the current situation is really a minor problem for our users, because we're maintaining the necessary files to build the Debian packages in our CVS. Anybody can easily build a Debian package of the freeradius-postgresql module from a sources tarball with a single command line. (dpkg-buildpackage) -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Allow linking against OpenSSL? (Was Re: [GENERAL] Debian package for freeradius_postgresql module)
Tyler MacDonald wrote: This can have security implications too, since the end user will have to manually keep an eye out for security updates instead of just upgrading against security.debian.org. In theory, you're right. In reality, FreeRADIUS has disclosed a security problem on 20 March and there's still no official Debian package available yet :( So finally if you really care about security you'd better build packages from sources anyway. So you provide a way of debianizing freeradius packages easily, even ones that aren't included with debian. Given that, another alternative (admittedly with it's own set of problems) would be an official freeradius apt repository. This doesn't solve anything. The problem is that such packages aren't distributable in binary form. If someone provides a repository, he becomes an outlaw. (exaggeratedly) -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Allow linking against OpenSSL? (Was Re: [GENERAL] Debian package for freeradius_postgresql module)
Tyler MacDonald wrote: Personally I really dislike the idea: FreeRADIUS code is released under the GPL and there is nothing wrong with that. You are right, there is nothing wrong with that. But is there anything wrong with the FreeRADIUS code released under the GPL with an additional clause allowing linking against OpenSSL, even as a temporary measure until either OpenSSL fixes it's license or PostgreSQL supports gnu TLS? Well, I'm not in position to decide for a FreeRADIUS license change or not, I'm just manifesting my personal opinion. If the other developpers agree, I won't go against them, of course. However I believe it's better for FreeRADIUS to keep a plain GPL license (without any modification) because it simplifies any legal issue: - license violation with our code in another non-GPL software (it has already happened in the past) - adding contribution from an external company (they have questions concerning the license of the submitted material) Even if it's based on the GPL, a FreeRADIUS license is more confusing. I can't think of anybody or anything that would hurt, and it would have the immediate practical benefit of allowing the freeradius-postgresql package into the official debian repo. Altering the FreeRADIUS license will make only *one* package enter in the Debian repository. I'm not inclined to choose this solution while other solutions could solve the problem for *all* GPL programs depending on the PostgreSQL libraries. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Allow linking against OpenSSL? (Was Re: [GENERAL] Debian package for freeradius_postgresql module)
Jorgen Rosink wrote: Beside the postgresql support, this also opens the door to peap/eap-tls enabled Debian FreeRadius packages. All those 802.1x Debian users currently have to build their own packages for this support (although that's really easy with Debian ready upstream source, as Nicolas mentioned earlier) Indeed, these modules are a problem in Debian as well, for legal and technical reasons too: until version 1.1.1 I didn't manage to build rlm_eap_peap and rlm_eap_ttls properly. After the technical problems have been solved, we discussed the legal issues on the developpement mailing list a few weeks ago, and we planed to add support for GnuTLS, which is released under the LGPL. It will take more time to write source code than to edit the license, but I believe it's a better solution in the long term. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql replication vs. radrelay
Olaf Schäfer wrote: I'm not sure which is the best way to replicate the accounting information: using radrelay or mysql-replication, too? To replicate accounting records to one (central) database, I'd suggest to use radsqlrelay and the rlm_sql_log module. I'm using this mechanism in production environment for more than a year and never had any problem, even under heavy load. (unlike radrelay) In version 1.1.x there are manpages for radsqlrelay and rlm_sql_log. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius cannot find rlm_sql_postgresql driver!
lmyho wrote: I am trying to test the freeradius to work with postgresql database. Just installed freeradius 1.1.0 on debian system via 'aptitude install' command of debian. [...] Error: rlm_sql (sql): Could not link driver rlm_sql_postgresql: rlm_sql_postgresql.so: cannot open shared object file: No such file or directory The licenses of PostgreSQL and FreeRADIUS are incompatible, therefore Debian doesn't distribute a binary version of the PostgreSQL module. You could build a Debian package from source with the tarball of FreeRADIUS 1.1.1 from www.freeradius.org. The FAQ explains how to do this: http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Compiling freeradius 1.1.1 in FreeBSD 6.0 with mysql support
Mark Hennessy wrote: checking for mysql_init in -lmysqlclient_r (using mysql_config)... no checking for mysql_init in -lmysqlclient_r... no FreeRADIUS requires the thread-safe version of the MySQL client library, unless you configure it with the option --without-threads. It's not seeing mysql libraries, but they do indeed exist: # ls -al /usr/local/mysql/lib/mysql total 1974 drwxr-xr-x 2 root wheel 512 Apr 5 10:39 . drwxr-xr-x 3 root wheel 512 Apr 5 10:39 .. -rw-r--r-- 1 root wheel 14446 Apr 5 10:39 libdbug.a -rw-r--r-- 1 root wheel 41928 Apr 5 10:39 libheap.a -rw-r--r-- 1 root wheel 13640 Apr 5 10:39 libmerge.a -rw-r--r-- 1 root wheel 331488 Apr 5 10:39 libmyisam.a -rw-r--r-- 1 root wheel 24934 Apr 5 10:39 libmyisammrg.a -rw-r--r-- 1 root wheel 472466 Apr 5 10:39 libmysqlclient.a -rwxr-xr-x 1 root wheel 871 Apr 5 10:39 libmysqlclient.la lrwxr-xr-x 1 root wheel 20 Apr 5 10:39 libmysqlclient.so - libmysqlclient.so.14 -rwxr-xr-x 1 root wheel 387482 Apr 5 10:39 libmysqlclient.so.14 -rw-r--r-- 1 root wheel 237570 Apr 5 10:39 libmystrings.a -rw-r--r-- 1 root wheel 253852 Apr 5 10:39 libmysys.a -rw-r--r-- 1 root wheel 105640 Apr 5 10:39 libnisam.a -rw-r--r-- 1 root wheel5472 Apr 5 10:39 libvio.a I don't see the file libmysqlclient_r.so in your setup. Re-install MySQL with thread support, or configure FreeRADIUS without thread support. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius cannot find rlm_sql_postgresql driver!
Peter Nixon wrote: The licenses of PostgreSQL and FreeRADIUS are incompatible, therefore Debian doesn't distribute a binary version of the PostgreSQL module. Since when is the BSD license incompatible with the GPL?? The old / original BSD license is not compatible. http://www.gnu.org/licenses/license-list.html#GPLIncompatibleLicenses -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql-devel??
Pelusa Vali wrote: i use debian etch and cann't find such package, may be it's not necessary for debian or new mysql versions don't use it any more?? In Debian etch the MySQL client headers are in package libmysqlclient15-dev. However as Peter said you should just install a binary version from Debian with apt-get. # apt-get install freeradius-mysql freeradius-dialupadmin If you really want to recompile FreeRADIUS yourself, search in the FAQ how to build a Debian package from sources. and, by the way, how may i uninstall freeradius?? Like any other Debian package: # apt-get remove freeradius -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error on compile with eap_peap_tls
Franck wrote: I have the error with the version 1.1.1, and the snapshot-20060604. I have the log available for people who want to have a look. Please copy the log on some website, and post the URL to the list. You should also tell us the operating system you're using. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error on compile with eap_peap_tls
Franck wrote: here it is: http://acmdb.free.fr/freeradius and I'm using mandriva 2006 (updated) Remarque: I was just able to compile the version 1.1.1, but I haven't any idea why it works now, but the snapshot doesn't compile! There is indeed a typo in rlm_eap_tls.c. Do a cvs update or download a new snapshot tomorrow. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Tipical LDAP Schema
Luca wrote: What i need is a tipical ldap account ldif layout, 'cause this is the first time i work with ldap and i hope to do my best. There're LDAP schema examples in the version 1.1.1 tarball under the doc/examples directory. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
