Re: freeradius-1.0.4 and MAC address authentication w/ win xp supplicant

[Phil Mayers]

On Wed, 2007-08-29 at 11:41 -0500, John C. Koen wrote:
> I am running freeradius-1.0.4 on SLES10, XP supplicant and Cisco Aironet 1200 
> AP.
> 
> My goal is to authenticate against the "users" file and use WEP with eap-tls.
> I am trying to support Windows CE, and PEAP is not an option.

There's so much wrong I don't know where to begin.

> 
> 
> users:
> 0213dec2114a  Auth-Type:=Accept
> Service-Type = Framed-User,
> Tunnel-Private-Group-ID := 116,
> Tunnel-Medium-Type := IEEE-802

This looks like a mac-address-based authentication, not EAP.

You can't force Auth-Type to Accept for EAP. EAP is a challenge-response
protocol, and the server needs to do it's thing for the client to
function.

Remove the Auth-Type if you're trying to do EAP.

Please also be aware that most NASes will require the "Tunnel-Type =
VLAN" reply attribute for VLAN assignment.


> 
> eap.conf:
> eap {
> default_eap_type = tls
>tls {
> private_key_password = secret
> private_key_file = 
> ${raddbdir}/certs/private/radius.key
> certificate_file = /etc/raddb/certs/radius.crt
> 
> #  Trusted Root CA list
> CA_file = /etc/raddb/certs/CA.crt
> 
> dh_file = ${raddbdir}/certs/dh
> random_file = /etc/raddb/certs/random
>fragment_size = 1024
> include_length = yes
> }   
> }
> 
> 
> radiusd.conf:
> authorize {
> auth_log
> files
> eap
> }
> 
> authenticate {
> eap
> }
> 
> I have uploaded both the CA andd certificate file to the supplicant, as
> trusted certificates.  For some reason, I continue to see the balloon from
> windows indicating that a valid certificate could not be found for comparison.
> I have followed the PDF instructions found in EAPTLS.pdf.
> 
> Here is a sample of my radiusd -X -s logs:
> 
> rad_recv: Access-Request packet from host 192.168.214.99:1645, id=39, 
> length=115
> User-Name = "0213dec2114a"
> User-Password = "Qp\203e\206%\010`\256\243\203u;\362\321\017"
> Called-Station-Id = "0014.6a73.6110"
> Calling-Station-Id = "0213.dec2.114a"
> Service-Type = Login-User
> NAS-Port-Type = Wireless-802.11
> NAS-Port = 551
> NAS-IP-Address = 192.168.214.99
> NAS-Identifier = "AP-99"

This is not an EAP authentication; your NAS (wireless AP) is not doing
EAP. Make it do EAP if you want to do EAP.


> rad_rmspace_pair:  User-Password now 'Qp?d?%?`?u;?'
>   Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 2
> radius_xlat:  '/var/log/radius/radius-MAC/radacct/auth-detail-20070829'
> rlm_detail: 
> /var/log/radius/radius-MAC/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 
> expands to /var/log/radius/radius-MAC/radacct//auth-detail-20070829
>   modcall[authorize]: module "auth_log" returns ok for request 2
> users: Matched entry 0213dec2114a at line 38
>   modcall[authorize]: module "files" returns ok for request 2
>   rlm_eap: No EAP-Message, not doing EAP
>   modcall[authorize]: module "eap" returns noop for request 2
> modcall: group authorize returns ok for request 2
>   rad_check_password:  Found Auth-Type Accept
>   rad_check_password: Auth-Type = Accept, accepting the user
>   Processing the post-auth section of radiusd.conf
> modcall: entering group post-auth for request 2
> radius_xlat:  '/var/log/radius/radius-MAC/radacct/reply-detail-20070829'
> rlm_detail: 
> /var/log/radius/radius-MAC/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d 
> expands to /var/log/radius/radius-MAC/radacct/reply-detail-20070829
>   modcall[post-auth]: module "reply_log" returns ok for request 2
> modcall: group post-auth returns ok for request 2
> Sending Access-Accept of id 39 to 192.168.214.99:1645
> Service-Type = Framed-User
> Tunnel-Private-Group-Id:0 := "116"
> Tunnel-Medium-Type:0 := IEEE-802
> Finished request 2
> Going to the next request
> --- Walking the entire request list ---
> 
> ...this transaction is repeated over and over and over again.
> 
> I have also tried commenting out all instances of "eap" from radiusd.conf, 
> hoping
> to do non-wep mac address authentication, as a list effort.  I then remove
> WEP support from the supplicant and Cisco AP.  While freeradius reports 
> "access-accept", the supplicant hangs on obtaining an ip address (with no 
> related 
> logs shown on my dhcp server) and the cisco AP reports "GMT: 
> %DOT11-7-AUTH_FAILED: 
> Station 0213.dec2.114a Authentication failed"
> 
> --johnk
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

freeradius-1.0.4 and MAC address authentication w/ win xp supplicant

[John C. Koen]

I am running freeradius-1.0.4 on SLES10, XP supplicant and Cisco Aironet 1200 
AP.

My goal is to authenticate against the "users" file and use WEP with eap-tls.
I am trying to support Windows CE, and PEAP is not an option.


users:
0213dec2114a  Auth-Type:=Accept
Service-Type = Framed-User,
Tunnel-Private-Group-ID := 116,
Tunnel-Medium-Type := IEEE-802


eap.conf:
eap {
default_eap_type = tls
   tls {
private_key_password = secret
private_key_file = ${raddbdir}/certs/private/radius.key
certificate_file = /etc/raddb/certs/radius.crt

#  Trusted Root CA list
CA_file = /etc/raddb/certs/CA.crt

dh_file = ${raddbdir}/certs/dh
random_file = /etc/raddb/certs/random
   fragment_size = 1024
include_length = yes
}   
}


radiusd.conf:
authorize {
auth_log
files
eap
}

authenticate {
eap
}

I have uploaded both the CA andd certificate file to the supplicant, as
trusted certificates.  For some reason, I continue to see the balloon from
windows indicating that a valid certificate could not be found for comparison.
I have followed the PDF instructions found in EAPTLS.pdf.

Here is a sample of my radiusd -X -s logs:

rad_recv: Access-Request packet from host 192.168.214.99:1645, id=39, length=115
User-Name = "0213dec2114a"
User-Password = "Qp\203e\206%\010`\256\243\203u;\362\321\017"
Called-Station-Id = "0014.6a73.6110"
Calling-Station-Id = "0213.dec2.114a"
Service-Type = Login-User
NAS-Port-Type = Wireless-802.11
NAS-Port = 551
NAS-IP-Address = 192.168.214.99
NAS-Identifier = "AP-99"
rad_rmspace_pair:  User-Password now 'Qp?d?%?`?u;?'
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
radius_xlat:  '/var/log/radius/radius-MAC/radacct/auth-detail-20070829'
rlm_detail: 
/var/log/radius/radius-MAC/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 
expands to /var/log/radius/radius-MAC/radacct//auth-detail-20070829
  modcall[authorize]: module "auth_log" returns ok for request 2
users: Matched entry 0213dec2114a at line 38
  modcall[authorize]: module "files" returns ok for request 2
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 2
modcall: group authorize returns ok for request 2
  rad_check_password:  Found Auth-Type Accept
  rad_check_password: Auth-Type = Accept, accepting the user
  Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 2
radius_xlat:  '/var/log/radius/radius-MAC/radacct/reply-detail-20070829'
rlm_detail: 
/var/log/radius/radius-MAC/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d 
expands to /var/log/radius/radius-MAC/radacct/reply-detail-20070829
  modcall[post-auth]: module "reply_log" returns ok for request 2
modcall: group post-auth returns ok for request 2
Sending Access-Accept of id 39 to 192.168.214.99:1645
Service-Type = Framed-User
Tunnel-Private-Group-Id:0 := "116"
Tunnel-Medium-Type:0 := IEEE-802
Finished request 2
Going to the next request
--- Walking the entire request list ---

...this transaction is repeated over and over and over again.

I have also tried commenting out all instances of "eap" from radiusd.conf, 
hoping
to do non-wep mac address authentication, as a list effort.  I then remove
WEP support from the supplicant and Cisco AP.  While freeradius reports 
"access-accept", the supplicant hangs on obtaining an ip address (with no 
related 
logs shown on my dhcp server) and the cisco AP reports "GMT: 
%DOT11-7-AUTH_FAILED: 
Station 0213.dec2.114a Authentication failed"

--johnk
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Migrating from freeradius 1.0.4 to 1.1.3 - Configuration issues

[Alan DeKok]

Ian Savoy wrote:
> I am currently migrating two radius servers from 1.0.4 to 1.1.3.  I've
> managed to get most of my kinks out, however I'm still having issues with
> the accounts already setup in the users file.  My issue is this - my ISDN
> users were originally setup with the Framed-Protocol attribute's value set
> for MPP.  Apparently this is no longer recognized as a valid value.  It
> appears that only PPP, SLIP, and CSLIP are supported protocols.  Is this
> correct?

  Yes.  MPP was there for historical purposes, and wasn't a standard.
i.e. it might not have worked at all...

  If you have Ascend equipment, try using the value "Ascend-MPP" rather
than "MPP".  Ascend has defined it for their equipment.

 If you're not using Ascend equipment, please read the documentation for
your NAS to see what value it needs for MPP.  Then, tell us, so we can
include it in the next release.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Migrating from freeradius 1.0.4 to 1.1.3 - Configuration issues

[Ian Savoy]

Hello all,

I am currently migrating two radius servers from 1.0.4 to 1.1.3.  I've
managed to get most of my kinks out, however I'm still having issues with
the accounts already setup in the users file.  My issue is this - my ISDN
users were originally setup with the Framed-Protocol attribute's value set
for MPP.  Apparently this is no longer recognized as a valid value.  It
appears that only PPP, SLIP, and CSLIP are supported protocols.  Is this
correct?  Should I just set them up for PPP, since MPP is just a fancy PPP
connection?  Below is the error message I receive.  I've hunted for articles
related to this issue, but no luck so far.  Any help would be greatly
appreciated.  Thank you SO much!

/path-to-raddb/users[1947]: Parse error (reply) for entry ISDNuser: Unknown
value MPP for attribute Framed-Protocol

-Ian Savoy

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius 1.0.4 + mysql cannot authincate

[Dennis Skinner]

Jonathan Carpenter wrote:
> Here is the entry from my radius.conf
> 
> authenticate {
> Auth-Type PAP {
> pap
> }
> Auth-Type CHAP {
> chap
> }
> }

Read what I wrote below.  It says "authorize" section.  That is the 1
section you did not show us.  As Alan said, you are either missing it or
making it hard for ppl to help you.

>> Hint: look at the authorize section towards the bottom of your
>> radius.conf.  There should be a line like:
>> 
>> # sql
>> 
>> Uncomment it.

-- 
Dennis Skinner
Systems Administrator
BlueFrog Internet
http://www.bluefrog.com
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius 1.0.4 + mysql cannot authincate

[Alan DeKok]

Jonathan Carpenter <[EMAIL PROTECTED]> wrote:
> I have the authorize section in my radius.conf, what other authorize section
> do I need?

  It wasn't included in the debug output, or in the snippets from
radiusd.conf.  So one of two situations exist:

  a) it wasn't in radiusd.conf
  b) you edited the debug output & radiusd.conf to remove it

  If (a), then it explains why the server doesn't do what you want.
If (b), then you've gone out of your way to remove information that is
needed to help you solve the problem.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius 1.0.4 + mysql cannot authincate

[Jonathan Carpenter]

I have the authorize section in my radius.conf, what other authorize section do I need?On 1/10/06, Alan DeKok <[EMAIL PROTECTED]
> wrote:Jonathan Carpenter <[EMAIL PROTECTED]
> wrote:> Here is the entry from my radius.conf...  And no "authorize" section.  From the debug log you posted, it lookslike you deleted it completely.  Don't do that.
  Alan DeKok.-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html-- Jonathan Carpenter
Linux System AdministratorWindows System Administrator
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius 1.0.4 + mysql cannot authincate

[Alan DeKok]

Jonathan Carpenter <[EMAIL PROTECTED]> wrote:
> Here is the entry from my radius.conf
...

  And no "authorize" section.  From the debug log you posted, it looks
like you deleted it completely.

  Don't do that.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius 1.0.4 + mysql cannot authincate

[Lewis Bergman]

Jonathan Carpenter wrote:

auth: No authenticate method (Auth-Type) configuration found for the 
request: Rejecting the user

auth: Failed to validate the user.

This doesn't look promising.

--
Lewis Bergman
Texas Communications
4309 Maple St.
Abilene, TX 79602-8044
Off. 325-691-1301
Cell 325-439-0533
fax  325-695-6841
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius 1.0.4 + mysql cannot authincate

[Jonathan Carpenter]

Here is the entry from my radius.conf

authenticate {
    Auth-Type PAP {
        pap
    }
    Auth-Type CHAP {
        chap
    }
}


#
#  Pre-accounting.  Decide which accounting type to use.
#
preacct {
    preprocess
    acct_unique
    suffix
    #files
}

#
#  Accounting.  Log the accounting data.
#
accounting {
    acct_unique
    detail
    unix
    sql
    radutmp
    sql
}


#  Session database, used for checking Simultaneous-Use. Either the radutmp 
#  or rlm_sql module can handle this.
#  The rlm_sql module is *much* faster
session {
    radutmp
    sql
}


#  Post-Authentication
#  Once we KNOW that the user has been authenticated, there are
#  additional steps we can take.
post-auth {
    sql
}
}
Do I just add sql to the authincate like so?
authenticate {

    Auth-Type PAP {

        pap

    }

    Auth-Type CHAP {

        chap

    }
   
sql <---
}

   Thanks,
On 1/10/06, Dennis Skinner <[EMAIL PROTECTED]> wrote:
Jonathan Carpenter wrote:> Config:   including file: /etc/raddb/sql.confThat's good.> rad_recv: Access-Request packet from host 127.0.0.1:32784> <
http://127.0.0.1:32784>, id=125, length=58> User-Name = "scooby"> User-Password = "scooby"> NAS-IP-Address = 255.255.255.255
 > NAS-Port = 10> rad_lowerpair:  User-Name now 'scooby'> rad_rmspace_pair:  User-Name now 'scooby'> rad_rmspace_pair:  User-Password now 'scooby'
> auth: No authenticate method (Auth-Type) configuration found for the> request: Rejecting the user> auth: Failed to validate the user.> Login incorrect: [scooby/scooby] (from client localhost port 10)
So, looks like it has all that info about how to login to your MySQLserver and what queries to use, but you never told it to actually use it.Hint: look at the authorize section towards the bottom of your
radius.conf.  There should be a line like:# sqlUncomment it.--Dennis SkinnerSystems AdministratorBlueFrog Internethttp://www.bluefrog.com
-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html-- Jonathan CarpenterLinux System Administrator
Windows System Administrator
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius 1.0.4 + mysql cannot authincate

[Dennis Skinner]

Jonathan Carpenter wrote:
> Config:   including file: /etc/raddb/sql.conf

That's good.

> rad_recv: Access-Request packet from host 127.0.0.1:32784
> , id=125, length=58
> User-Name = "scooby"
> User-Password = "scooby"
> NAS-IP-Address = 255.255.255.255 
> NAS-Port = 10
> rad_lowerpair:  User-Name now 'scooby'
> rad_rmspace_pair:  User-Name now 'scooby'
> rad_rmspace_pair:  User-Password now 'scooby'
> auth: No authenticate method (Auth-Type) configuration found for the
> request: Rejecting the user
> auth: Failed to validate the user.
> Login incorrect: [scooby/scooby] (from client localhost port 10)

So, looks like it has all that info about how to login to your MySQL
server and what queries to use, but you never told it to actually use it.

Hint: look at the authorize section towards the bottom of your
radius.conf.  There should be a line like:

# sql

Uncomment it.

-- 
Dennis Skinner
Systems Administrator
BlueFrog Internet
http://www.bluefrog.com
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

freeradius 1.0.4 + mysql cannot authincate

[Jonathan Carpenter]

I am running freeradius 1.0.4 + mysql 4.1.16. I have use the mysql
database schema from the freeradius tar ball. Everything seems to be
setup correctly I can authenticate from flat text files but not from
any database usernames. Here is the output from my /usr/sbin/radiusd -X:

Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /etc/raddb/clients.conf
Config:   including file: /etc/raddb/snmp.conf
Config:   including file: /etc/raddb/eap.conf
Config:   including file: /etc/raddb/sql.conf
 main: prefix = "/usr"
 main: localstatedir = "/var"
 main: logdir = "/var/log/radius"
 main: libdir = "/usr/lib"
 main: radacctdir = "/var/log/radius/radacct"
 main: hostname_lookups = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 1645
 main: allow_core_dumps = no
 main: log_stripped_names = yes
 main: log_file = "/var/log/radius/radius.log"
 main: log_auth = yes
 main: log_auth_badpass = yes
 main: log_auth_goodpass = yes
 main: pidfile = "/var/run/radiusd/radiusd.pid"
 main: user = "radiusd"
 main: group = "radiusd"
 main: usercollide = no
 main: lower_user = "before"
 main: lower_pass = "no"
 main: nospace_user = "before"
 main: nospace_pass = "before"
 main: checkrad = "/usr/sbin/checkrad"
 main: proxy_requests = no
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
Using deprecated naslist file.  Support for this will go away soon.
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/lib
Listening on authentication *:1645
Listening on accounting *:1646
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:32784, id=125, length=58
    User-Name = "scooby"
    User-Password = "scooby"
    NAS-IP-Address = 255.255.255.255
    NAS-Port = 10
rad_lowerpair:  User-Name now 'scooby'
rad_rmspace_pair:  User-Name now 'scooby'
rad_rmspace_pair:  User-Password now 'scooby'
auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
auth: Failed to validate the user.
Login incorrect: [scooby/scooby] (from client localhost port 10)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 125 to 127.0.0.1:32784
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 125 with timestamp 43c3dc9c
Nothing to do.  Sleeping until we see a request.

Here is my syntax for radtest:
radtest scooby scooby localhost:1645 10 secret

My entries in the mysql table radcheck:
mysql> select * from radcheck;
++--+---++--+
| id | UserName | Attribute | op | Value    |
++--+---++--+
|  1 | scooby   | User-Password | := | scooby   |
++--+---++--+
Do I have my information specified wrong in my database or not enough
information in my database? I can not figure out why I get
authentications errors when running radtest. I am not sure where I
should specify the auth-type. Any help would be appreciated.

 
Thanks,
-- Jonathan CarpenterLinux System AdministratorWindows System Administrator
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Crashes with 1.0.4/1.0.5, perhaps connected with slow LDAP backend?

[Martin Pauly]

Alan,
> > Thu Sep 29 20:33:19 2005 : Error: Assertion failed in modcall.c, line 68
>   If you can get a core dump, and do 'bt' in gdb, and also do 'print
> *p' at the point of the assertion, that would help a lot.
> 
>   But my main suspect right now is bad memory.  The code hasn't
> changed in a long time, and I doubt you're doing anything really weird
> to the server.
well, I'm trying hard not to confuse my dear servers :-)

Funny enough, following an advice from our LDAP admin
I changed the ldap query directive sequence in radiusd.conf 
on one machine from 
Auth-Type LDAP {
redundant {
  ldap1
  ldap2
  ldap3
}
}
to 
Auth-Type LDAP {
redundant {
  ldap3
  ldap1
}
I.e. I avoided our most loaded LDAP server.
I also enabled coredumps and ran in full debug mode all Friday.
Guess what? No crashes over the long weekend (we had a holiday on monday)
Given the erratic behavior, I will indeed give the hardware a closer look.

Thanks so far
Martin
-- 
  Dr. Martin Pauly Fax:49-6421-28-26994
  HRZ Univ. MarburgPhone:  49-6421-28-23527
  Hans-Meerwein-Str.   E-Mail: [EMAIL PROTECTED]  
  D-35032 Marburg   
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Crashes with 1.0.4/1.0.5, perhaps connected with slow LDAP backend?

[Alan DeKok]

"Dr. Martin Pauly" <[EMAIL PROTECTED]> wrote:
> we are crashing every couple of hours or so now, but at least this time
> got something in the log:
> 
> Thu Sep 29 20:33:19 2005 : Error: Assertion failed in modcall.c, line 68
> 
> Looks like there might be some more bug-squashing ahead? :-))
> I will try to run in debug mode tomorrow so we can get some more
> information on the problems (at least, they seem fairly reproducible).

  If you can get a core dump, and do 'bt' in gdb, and also do 'print
*p' at the point of the assertion, that would help a lot.

  But my main suspect right now is bad memory.  The code hasn't
changed in a long time, and I doubt you're doing anything really weird
to the server.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Crashes with 1.0.4/1.0.5, perhaps connected with slow LDAP backend?

[Dr. Martin Pauly]

hi,

we are crashing every couple of hours or so now, but at least this time
got something in the log:

Thu Sep 29 20:33:19 2005 : Error: Assertion failed in modcall.c, line 68

Looks like there might be some more bug-squashing ahead? :-))
I will try to run in debug mode tomorrow so we can get some more
information on the problems (at least, they seem fairly reproducible).

Martin

--
  Dr. Martin Pauly Fax:49-6421-28-26994
  HRZ Univ. MarburgPhone:  49-6421-28-23527
  Hans-Meerwein-Str.   E-Mail: [EMAIL PROTECTED]
  D-35032 Marburg


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Crashes with 1.0.4/1.0.5, perhaps connected with slow LDAP backend?

[Alan DeKok]

Martin Pauly <[EMAIL PROTECTED]> wrote:
> What about max_request_time and delete_blocked_requests -- isn't this
> exactly what is needed to protect the server from being blocked?

  Yes, but the server doesn't deal well with blocked threads.  The
"delete_blocked_requests" doesn't really work.

  We hope to fix this in the next major version of the server.

  Alan DeKok.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Crashes with 1.0.4/1.0.5, perhaps connected with slow LDAP backend?

[Martin Pauly]

>   Yes.  If all of the threads are blocked forever, waiting for the DB
> to return data, then the queue of requests grows without bounds.  At
> some point, the server says "I'm not making progress, and I can't
> recover from this", and kills itself.
hm, I thought the timeout values were for this, but I now understand
that an LDAP communication might get stuck halfway, thus _not_ 
triggering a timeout event.

>   Since the server is *already* effectively dead at that point, it
> makes no difference to your network.
>
>   The solution is to fix the database so that it doesn't kill the
> server.
well, we should perhaps be able to wait for a database going and
come back again after a minute without crashing the daemon.

Anyway, I'm now going with an increased ldap_connections_number (100 instead of 
5),
and increased LDAP timeouts as well. 
What about max_request_time and delete_blocked_requests -- isn't this
exactly what is needed to protect the server from being blocked?

Cheers, Martin

-- 
  Dr. Martin Pauly Fax:49-6421-28-26994
  HRZ Univ. MarburgPhone:  49-6421-28-23527
  Hans-Meerwein-Str.   E-Mail: [EMAIL PROTECTED]  
  D-35032 Marburg   
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Crashes with 1.0.4/1.0.5, perhaps connected with slow LDAP backend?

[Alan DeKok]

Martin Pauly <[EMAIL PROTECTED]> wrote:
> We do have perfomance problems with our LDAP backend,
> so this sound reasonable, but could this cause the server to crash?

  Yes.  If all of the threads are blocked forever, waiting for the DB
to return data, then the queue of requests grows without bounds.  At
some point, the server says "I'm not making progress, and I can't
recover from this", and kills itself.

  Since the server is *already* effectively dead at that point, it
makes no difference to your network.

  The solution is to fix the database so that it doesn't kill the
server.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Crashes with 1.0.4/1.0.5, perhaps connected with slow LDAP backend?

[Martin Pauly]

Hi,

we seem to have a stability issue with freeradius 1.0.4/1.0.5:
1.0.4 crashed in short sequence on both of my redundant servers
during my vacation -- not much of a trace in the logfiles.

On Monday, I upgraded to 1.0.5 with everything looking fine for
almost 2 days. Yesterday, we started polling the servers regularly 
from a NAGIOS system, using the check_rad NAGIOS plugin.

On server (the one processing the highest number of requests) 
crashed twice yesterday; this time it complained about 
"Unresponsive child" processes in close temporal correlation.

We do have perfomance problems with our LDAP backend,
so this sound reasonable, but could this cause the server to crash?

During testing, I also encountered a situation where the freeradius 
process lived on, but became comletely unresponsive; I had to to kill -9

What should I do to track down these issues? Does running in full debug
mode for days make sense?

Thanks, Martin

-- 
  Dr. Martin Pauly Fax:49-6421-28-26994
  HRZ Univ. MarburgPhone:  49-6421-28-23527
  Hans-Meerwein-Str.   E-Mail: [EMAIL PROTECTED]  
  D-35032 Marburg   
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: EAP/TTLS with Windows SecureW2 -> symbol lookup error: rlm_eap_ttls-1.0.4.so:

[Alan DeKok]

Achim Friedland <[EMAIL PROTECTED]> wrote:
> undefined symbol: eaptls_process

  configure --disable-shared
  make
  make install

  Alan DeKok.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius 1.0.4 segmentation fault

[Nicolas Baradakis]

Konstantin Kubatkin wrote:

> With the given correction works normally

Thanks for the patch, it has been added to the CVS.

-- 
Nicolas Baradakis

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius 1.0.4 segmentation fault

[Konstantin Kubatkin]

With the given correction works normally

--- crypt.c.orig2005-03-18 17:06:37.0 +0200
+++ crypt.c 2005-09-13 15:32:33.0 +0300
@@ -20,7 +20,11 @@

 #include "libradius.h"
 #include 
+#ifdef HAVE_CRYPT_H
+#include 
+#else
 #include 
+#endif
 #include 

 #ifdef HAVE_PTHREAD_H


--
Konstantin Kubatkin [KUB-RIPE] [KUB-UANIC]
Kherson, TriLogiC Group
Fido: 2:468/[EMAIL PROTECTED]
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius 1.0.4 segmentation fault

[Konstantin Kubatkin]

I'm use Debian/Sarge AND64 and Debian/Sarge I386

If it is used Crypt-Password that freeradius finishes work with
segmentation fault



Please get version 1.0.5 and build the Debian package with this
command line:
$ DEB_BUILD_OPTIONS="noopt nostrip" fakeroot dpkg-buildpackage -b -uc

Install the new package, and enable core dumps:
$ ulimit -c unlimited

When freeradius core dumps, do:

$ gdb /path/to/executable /path/to/core/file

And then in 'gdb', do:

(gdb) bt

Copy the output, and mail it to the list.


(gdb) bt
#0  0x2b8f58f2 in strcmp () from /lib/libc.so.6
#1  0x2b04b2df in lrad_crypt_check (key=0xa10a7c "dp4e9xEe", crypted=0xa122ac 
"nn4y7h7sgcUNA") at crypt.c:68
#2  0x0040d880 in rad_check_password (request=0xa10780) at auth.c:289
#3  0x0040e032 in rad_authenticate (request=0xa10780) at auth.c:658
#4  0x00407bc6 in rad_respond (request=0xa10780, fun=0x40dc5a 
) at radiusd.c:1642
#5  0x004077f9 in main (argc=2, argv=0x7f82f378) at radiusd.c:1427


--
Konstantin Kubatkin [KUB-RIPE] [KUB-UANIC]
Kherson, TriLogiC Group
Fido: 2:468/[EMAIL PROTECTED]
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius 1.0.4 segmentation fault

[Nicolas Baradakis]

Konstantin Kubatkin wrote:

> I'm use Debian/Sarge AND64 and Debian/Sarge I386
>
> If it is used Crypt-Password that freeradius finishes work with
> segmentation fault

Please get version 1.0.5 and build the Debian package with this
command line:
$ DEB_BUILD_OPTIONS="noopt nostrip" fakeroot dpkg-buildpackage -b -uc

Install the new package, and enable core dumps:
$ ulimit -c unlimited

When freeradius core dumps, do:

$ gdb /path/to/executable /path/to/core/file

And then in 'gdb', do:

(gdb) bt

Copy the output, and mail it to the list.

-- 
Nicolas Baradakis

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

EAP/TTLS with Windows SecureW2 -> symbol lookup error: rlm_eap_ttls-1.0.4.so:

[Achim Friedland]

Hello,


I have a strange error with freeradius eap/ttls...

I'm using CISCO AP1200 with a central WDS box. The main authentication 
is done by freeradius. Authentication for special users is by by another 
freeradius using the realm "zki"...


Using Secure W2 for authentication fails when the outer identity is set 
to default (== anonymous). SecureW2 seem to send "[EMAIL PROTECTED]" instead 
of the plain "anonymous". freeradius 1.0.4 will crash when receiving 
"[EMAIL PROTECTED]" as outer identity, complaining about: "radiusd: symbol 
lookup error: /usr/local/lib/rlm_eap_ttls-1.0.4.so:"


Setting the Outer Identity to "anonymous" by hand and everything seems 
to work fine... Using Mac OS X 10.4.x is also working fine...


Is this a freeradius bug or is this an configuration mistake?



thx...
achim




WindowsXP SecureW2 with Outer Identity default:
 "Use anonymous outer identity"
---

rad_recv: Access-Request packet from host 141.24.X.153:1814, id=2,
length=196
User-Name = "[EMAIL PROTECTED]"
Framed-MTU = 1400
Called-Station-Id = "0012.d91d.8506"
Calling-Station-Id = "0040.96a6.f325"
Cisco-AVPair = "ssid=802.1X_A"
Service-Type = Login-User
Message-Authenticator = 0x5335216cd649ea7293d33d345ccaf001
EAP-Message = 0x0203001201616e6f6e796d6f7573407a6b69
NAS-Port-Type = Wireless-802.11
Cisco-NAS-Port = "11152"
NAS-Port = 11152
State = 0xf32cdefb67a6c958841160d79940483d
NAS-IP-Address = 141.24.Y.197
NAS-Identifier = "wds"
Proxy-State = 0x3130
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
rlm_realm: Looking up realm "zki" for User-Name = "[EMAIL PROTECTED]"
rlm_realm: Found realm "zki"
rlm_realm: Adding Stripped-User-Name = "anonymous"
rlm_realm: Proxying request from user anonymous to realm zki
rlm_realm: Adding Realm = "zki"
rlm_realm: Authentication realm is LOCAL.
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: EAP packet type response id 3 length 18
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 0
  modcall[authorize]: module "files" returns notfound for request 0
radius_xlat:  'anonymous'
rlm_sql (sql): sql_set_user escaped user --> 'anonymous'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'anonymous' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): User anonymous not found in radcheck
radius_xlat:  'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'anonymous' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'anonymous' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): User anonymous not found in radgroupcheck
rlm_sql (sql): User not found
rlm_sql (sql): Released sql socket id: 4
  modcall[authorize]: module "sql" returns notfound for request 0
modcall: group authorize returns updated for request 0
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  rlm_eap: EAP Identity
  rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
  modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 2 to 141.24.X.153:1814
EAP-Message = 0x01040016041077a0fb8bd58d97d0b17ac1df9de98f47
Message-Authenticator = 0x
State = 0x36f0b37fa9b38cb7bbb80bdf4fe46ed3
Proxy-State = 0x3130
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 141.24.X.153:1814, id=3,
length=184
User-Name = "[EMAIL PROTECTED]"
Framed-MTU = 1400
Called-Station-Id = "0012.d91d.8506"
Calling-Station-Id = "0040.96a6.f325"
Cisco-AVPair = "ssid=802.1X_A"
Service-Ty

freeradius 1.0.4 segmentation fault

[Konstantin Kubatkin]

I'm use Debian/Sarge AND64 and Debian/Sarge I386

If it is used Crypt-Password that freeradius finishes work with segmentation 
fault

1)
[EMAIL PROTECTED]:/var/log/freeradius# ./start.sh
./start.sh: line 5: 25190 Segmentation fault  freeradius -X > 
/var/log/freeradius/debug.log
Press any key to continue...

2)
[EMAIL PROTECTED]:/usr/sbin# ldd freeradius
libnsl.so.1 => /lib/libnsl.so.1 (0x2abc1000)
libresolv.so.2 => /lib/libresolv.so.2 (0x2acd8000)
libpthread.so.0 => /lib/libpthread.so.0 (0x2adec000)
libssl.so.0.9.7 => /usr/lib/libssl.so.0.9.7 (0x2af0)
    libradius-1.0.4.so => /usr/lib/freeradius/libradius-1.0.4.so 
(0x2b038000)
libsnmp.so.5 => /usr/lib/libsnmp.so.5 (0x2b14e000)
libcrypto.so.0.9.7 => /usr/lib/libcrypto.so.0.9.7 (0x2b2fa000)
libltdl.so.3 => /usr/lib/libltdl.so.3 (0x2b536000)
libdl.so.2 => /lib/libdl.so.2 (0x2b63d000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x2b74)
libc.so.6 => /lib/libc.so.6 (0x2b874000)
/lib64/ld-linux-x86-64.so.2 => /lib64/ld-linux-x86-64.so.2 
(0x2aaab000)
Press any key to continue...

--
Konstantin Kubatkin [KUB-RIPE] [KUB-UANIC]
Kherson, TriLogiC Group
Fido: 2:468/[EMAIL PROTECTED]
Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /etc/freeradius/clients.conf
Config:   including file: /etc/freeradius/postgresql.conf
 main: prefix = "/usr"
 main: localstatedir = "/var"
 main: logdir = "/var/log/freeradius"
 main: libdir = "/usr/lib/freeradius"
 main: radacctdir = "/var/log/freeradius/radacct"
 main: hostname_lookups = no
 main: snmp = no
 main: max_request_time = 30
 main: cleanup_delay = 2
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = yes
 main: log_stripped_names = no
 main: log_file = "/var/log/freeradius/radius.log"
 main: log_auth = yes
 main: log_auth_badpass = yes
 main: log_auth_goodpass = no
 main: pidfile = "/var/run/freeradius/freeradius.pid"
 main: user = "freerad"
 main: group = "freerad"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "before"
 main: nospace_pass = "before"
 main: checkrad = "/usr/sbin/checkrad"
 main: proxy_requests = no
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/lib/freeradius
Module: Loaded exec 
 exec: wait = yes
 exec: program = "(null)"
 exec: input_pairs = "request"
 exec: output_pairs = "(null)"
 exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec) 
Module: Loaded expr 
Module: Instantiated expr (expr) 
Module: Loaded PAP 
 pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap) 
Module: Loaded CHAP 
Module: Instantiated chap (chap) 
Module: Loaded MS-CHAP 
 mschap: use_mppe = yes
 mschap: require_encryption = no
 mschap: require_strong = no
 mschap: with_ntdomain_hack = yes
 mschap: passwd = "(null)"
 mschap: authtype = "MS-CHAP"
 mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap) 
Module: Loaded preprocess 
 preprocess: huntgroups = "/etc/freeradius/huntgroups"
 preprocess: hints = "/etc/freeradius/hints"
 preprocess: with_ascend_hack = no
 preprocess: ascend_channels_per_line = 23
 preprocess: with_ntdomain_hack = yes
 preprocess: with_specialix_jetstream_hack = no
 preprocess: with_cisco_vsa_hack = yes
Module: Instantiated preprocess (preprocess) 
Module: Loaded detail 
 detail: detailfile = 
"/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
 detail: detailperm = 384
 detail: dirperm = 493
 detail: locking = no
Module: Instantiated detail (auth_log) 
Module: Loaded SQL 
 sql: driver = "rlm_sql_postgresql"
 sql: server = ""
 sql: port = ""
 sql: login = "postgres"
 sql: password = ""
 sql: radius_db = "radius"
 sql: acct_table = "radacct"
 sql: acct_table2 = "radacct"
 sql: authcheck_table = "radcheck"
 sql: authreply_table = "radreply"
 sql: groupcheck_table = "radgroupcheck"
 sql: groupreply_table = "radgroupreply"
 sql: usergroup_table = "usergroup"
 sql: nas_table = "nas"
 sql: dict_table = "dictionary"
 sql:

upgraded to 1.0.4 lots of problems.

[Drew Weaver]

    I’ve sorted through most of my issues
going from 1.0.1 to 1.0.4 but one thing I cant figure out is this:

 

I have this line in my /etc/raddb/users file: DEFAULT
Auth-Type = System

 

  rad_check_password:  Found Auth-Type System

auth: type "System"

  ERROR: Unknown value specified for Auth-Type.  Cannot
perform requested action.

auth: Failed to validate the user.

Login incorrect: [aweaver/12345] (from client
dhcp111.cmh.ee.net port 0)

 

I copied all of the config files from the old server to the
new server, only thing that has changed was the version of freeradius.

 

I still have both servers, the old 1.0.1 and the 1.0.4, and
the old one accepts “system” as a valid auth type, does anyone know
if something changed or what/not?

 

Thanks,

-Drew






- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Regarding FreeRadius-1.0.4 support for linux log in

[Alan DeKok]

Nisha P Kurur <[EMAIL PROTECTED]> wrote:
> I have a linux box whose user profiles are maintained by the RADIUS 
> server. When I use ssh/rlogin/telnet etc it should give me the prompt, 
> get the user name and password from the prompt and authorise it with 
> the RADIUS server. If authorized, then a shell prompt should be provided 
> else should give a login incorrect message.

  See the PAM module on www.freeradius.org

  Alan DeKok.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Regarding FreeRadius-1.0.4 support for linux log in

[Nisha P Kurur]

Greetings!!!

I'm new to freeradius. I have installed freeradius-1.0.4 on my machine and 
it responds back for the packets sent through radclient.


Now my requirement is:

I have a linux box whose user profiles are maintained by the RADIUS 
server. When I use ssh/rlogin/telnet etc it should give me the prompt, 
get the user name and password from the prompt and authorise it with 
the RADIUS server. If authorized, then a shell prompt should be provided 
else should give a login incorrect message.



How can this be done I would also like to know about how can i include 
my own protocol instead of ssh/rlogin/telnet for logging in???



Thanks In Advance
Nisha P Kurur

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius 1.0.4 (rlm_perl enabled) and Debian 3.1 (stable - Sarge) (solution)

[Roman Medina-Heigl Hernandez]

Roman Medina-Heigl Hernandez wrote:
> One of the simmilar threads I've found is:
> http://lists.cistron.nl/pipermail/freeradius-users/2005-April/042978.html
> 
> But I don't see the solution there.

So I wrote privately to Emil Wilmanski. He kindly provided me with the
following workaround/response:

"there is a problem with libperl... I don't know why is the problem
becouse only on debian it is.
the resolve is to set variable LD_PRELOAD
export LD_PRELOAD=/usr/lib/libperl.so.5.8
or other perl lib. and next run freeradius. "

I tested it and it works :)

I also had a look to rc.radiusd included in FR .tgz. You can find the
following lines:

#
#  If you have issues with OpenSSL, uncomment these next lines.
#
#  Something similar may work for MySQL, and you may also
#  have to LD_PRELOAD libz.so
#
#LD_LIBRARY_PATH=
#LD_RUN_PATH=:
#LD_PRELOAD=libcrypto.so

export LD_LIBRARY_PATH LD_RUN_PATH LD_PRELOAD


So it seems there are some related&known problems with freeradius/shared
libs and it's not Debian's fault. I only had to replace the LD_PRELOAD
line with:
LD_PRELOAD=libperl.so

You'll also need the following Debian packages installed:
ii  libperl-dev5.8.4-8Perl library: development files
ii  libperl5.8 5.8.4-8Shared Perl library

Thread closed :)

Cheers,
-Roman
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS 1.0.4: SEGMENTATION FAULT

[Alan DeKok]

"Richard Cotrina" <[EMAIL PROTECTED]> wrote:
> > Can you print out the contents of "sqlsocket", too?  Both the
> > structure contents, and the *hex* contents of that area of memory.
> 
> These values are what I've got :
> 
> (gdb) display sqlsocket
> 1: sqlsocket = (SQLSOCK *) 0x8092720
>
> (gdb) x 0x8092720
> 0x8092720:  0x0001

  And the *rest* of the data?

  It may be easier to give me an account on the machine.  Email me
privately, and I'll get you a copy of my SSH key.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS 1.0.4: SEGMENTATION FAULT

[Richard Cotrina]

> > (gdb) display mysql_sock
> > 1: mysql_sock = (rlm_sql_mysql_sock *) 0x5f6c7173
>
>   That's bad.  That's very bad.  It's the ASCII string "sql_",
> interpreted as a pointer on an x86 machine.  No wonder it crashes.
>
>   The short answer is that there appears to be some memory corruption.
> Can you print out the contents of "sqlsocket", too?  Both the
> structure contents, and the *hex* contents of that area of memory.

These values are what I've got :

(gdb) display sqlsocket
1: sqlsocket = (SQLSOCK *) 0x8092720

(gdb) x 0x8092720
0x8092720:  0x0001

(gdb) info stack 0x8092720
#0  0x483b7a48 in sql_init_socket (sqlsocket=0x8092720, config=0x8096300)
at sql_mysql.c:71
#1  0x483660b5 in connect_single_socket (sqlsocket=0x8092720,
inst=0x8092680)
at sql.c:70
#2  0x4836621f in sql_init_socketpool (inst=0x8092680) at sql.c:130
#3  0x48364905 in rlm_sql_instantiate (conf=0x8093840, instance=0x815e508)
at rlm_sql.c:707
#4  0x80544ad in find_module_instance (instname=0x80946e0 "sql") at
modules.c:358
#5  0x80556fa in do_compile_modsingle (component=1, ci=0x80977e0,
filename=0x805e6c7 "radiusd.conf", grouptype=0, modname=0xbfbfeacc)
at modcall.c:814
#6  0x805576a in compile_modsingle (component=1, ci=0x80977e0,
filename=0x805e6c7 "radiusd.conf", modname=0xbfbfeacc) at modcall.c:829
#7  0x80548be in load_component_section (cs=0x8097720, comp=1,
filename=0x805e6c7 "radiusd.conf") at modules.c:568
#8  0x8054d3e in setup_modules () at modules.c:858
#9  0x804c87c in main (argc=2, argv=0xbfbffc20) at radiusd.c:960

(gdb) f
#0  0x483b7a48 in sql_init_socket (sqlsocket=0x8092720, config=0x8096300)
at sql_mysql.c:71
71  memset(mysql_sock, 0, sizeof(*mysql_sock));

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS 1.0.4: SEGMENTATION FAULT

[Nicolas Baradakis]

Alan DeKok wrote:

> Richard Cotrina <[EMAIL PROTECTED]> wrote:
> > (gdb) display mysql_sock
> > 1: mysql_sock = (rlm_sql_mysql_sock *) 0x5f6c7173
>
>   That's bad.  That's very bad.  It's the ASCII string "sql_",
> interpreted as a pointer on an x86 machine.  No wonder it crashes.
>
>   The short answer is that there appears to be some memory corruption.
> Can you print out the contents of "sqlsocket", too?  Both the
> structure contents, and the *hex* contents of that area of memory.
>
>   It looks like the sqlsocket pointer that's being passed is bad.

The infringing pointer "mysql_sock" contains the return value of
a "malloc" three lines above.

Perhaps something messed up the memory so badly that malloc returns
garbage. It's not easy to find out where the problem is : on my system
(Debian), I can run radiusd in valgrind with num_sql_socks = 20 and I
get no errors from valgrind.

-- 
Nicolas Baradakis

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Fw: FreeRadius 1.0.4

[Madhvi Gokool]

- Original Message - 
From: "Madhvi Gokool" <[EMAIL PROTECTED]>

To: 
Sent: Thursday, August 25, 2005 10:37 AM
Subject: FreeRadius 1.0.4



Hello
We have planned to replace our cistron radius servers with Freeradius.
We have the following setup :-
1. Users dial in to access their mail and internet or work on an 
application server

2. Users dial in to access a specific server and nothing else.
After they are authenticated , users get a static IP address .
We populate the users file manually and do not create unix users?? Can we 
use huntgroups to group say mail users, internet users, if they are not 
unix users?
What attribute(s) should I use  to allow the users in Scenario 2 access to 
their server?


The NAS will either be a 3Com TCM or a Cisco access server

On the access server, we can implement access-lists to allow/deny access 
based on the assigned Ip addresses, but we'd prefer using RADIUS 
attributes to do so.


Tank you in advance for your help.
Madhvi 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS 1.0.4: SEGMENTATION FAULT

[Alan DeKok]

Richard Cotrina <[EMAIL PROTECTED]> wrote:
> (gdb) display mysql_sock
> 1: mysql_sock = (rlm_sql_mysql_sock *) 0x5f6c7173

  That's bad.  That's very bad.  It's the ASCII string "sql_",
interpreted as a pointer on an x86 machine.  No wonder it crashes.

  The short answer is that there appears to be some memory corruption.
Can you print out the contents of "sqlsocket", too?  Both the
structure contents, and the *hex* contents of that area of memory.

  It looks like the sqlsocket pointer that's being passed is bad.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS 1.0.4: SEGMENTATION FAULT

[Richard Cotrina]

On Wed, 24 Aug 2005, Alan DeKok wrote:

> > Program received signal SIGSEGV, Segmentation fault.
> > 0x483b7a48 in sql_init_socket (sqlsocket=0x8092720, config=0x8096300)
> > at sql_mysql.c:71
> > 71  memset(mysql_sock, 0, sizeof(*mysql_sock));
>
>   What is the value of mysql_sock?

The value used for num_sql_sock is 5. That's the default value in
sql.conf.

The value of mysql_sock shown by gdb is :

(gdb) display mysql_sock
1: mysql_sock = (rlm_sql_mysql_sock *) 0x5f6c7173

I added more info at :

http://bugs.freeradius.org/show_bug.cgi?id=271

Richard Cotrina
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS 1.0.4: SEGMENTATION FAULT

[Alan DeKok]

"Richard Cotrina" <[EMAIL PROTECTED]> wrote:
> Program received signal SIGSEGV, Segmentation fault.
> 0x483b7a48 in sql_init_socket (sqlsocket=0x8092720, config=0x8096300)
> at sql_mysql.c:71
> 71  memset(mysql_sock, 0, sizeof(*mysql_sock));

  What is the value of mysql_sock?

  Is the data it's pointing to of the right size?

  From reading the code, I'm not sure how the memset would die...

  Alan DeKok.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS 1.0.4: SEGMENTATION FAULT

[Richard Cotrina]

>   You've included everything but the information requested in doc/bugs.
>
>   My bet is that this is bug #98
>
> http://bugs.freeradius.org/show_bug.cgi?id=98
>
>   Alan DeKok.

Alan :

What I have found when using rlm_sql_mysql in FreeBSD ( and probably other
OS ) is that radiusd segfault happens if num_sql_socks is set to > 1.  I got
the same results even when disabling shared libs.

Take a look at the debug output of gdb :


[snip]
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1

Program received signal SIGSEGV, Segmentation fault.
0x483b7a48 in sql_init_socket (sqlsocket=0x8092720, config=0x8096300)
at sql_mysql.c:71
71  memset(mysql_sock, 0, sizeof(*mysql_sock));
(gdb)



Regards

Richard Cotrina


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius 1.0.4 (rlm_perl enabled) and Debian 3.1 (stable - Sarge)

[Roman Medina-Heigl Hernandez]

More info. I've tried to see different between Debian 3.0 (where
freeradius is working) and Debian 3.1. Excerpt from "perl -V" on 3.0,
where FR *works*:

  Linker and Libraries:
ld='gcc', ldflags =' -L/usr/local/lib'
libpth=/usr/local/lib /lib /usr/lib
libs=-lnsl -lndbm -ldb -ldl -lm -lc -lposix -lcrypt -lutil
perllibs=-lnsl -ldl -lm -lc -lposix -lcrypt -lutil
libc=/lib/libc-2.1.3.so, so=so, useshrplib=false, libperl=libperl.a

So it's static (libperl.a). Perhaps that's the cause why FR has no
problems here :?

Nevertheless, in Debian 3.1 (where FR is giving problems), it's using
libperl.so (or the correspondant link in /usr/lib).

One of the simmilar threads I've found is:
http://lists.cistron.nl/pipermail/freeradius-users/2005-April/042978.html

But I don't see the solution there.

I checked that rlm_perl.so is linked against:
libperl.so.5.8 => /usr/lib/libperl.so.5.8 (0x40012000)

while "perl -V" says "libc=/lib/libc-2.3.2.so, so=so, useshrplib=true,
libperl=libperl.so.5.8.4"

Although they're the same file:

raclde01:~# ls -l /usr/lib/libperl*
-rw-r--r--  1 root root 1400854 Mar  8 11:15 /usr/lib/libperl.a
lrwxrwxrwx  1 root root  14 Aug 23 16:57 /usr/lib/libperl.so ->
libperl.so.5.8
lrwxrwxrwx  1 root root  16 Aug 23 15:56 /usr/lib/libperl.so.5.8 ->
libperl.so.5.8.4
-rw-r--r--  1 root root 1150824 Mar  8 11:15 /usr/lib/libperl.so.5.8.4
raclde01:~#

Any ideas, please? :-(

Cheers,
-Román


Roman Medina-Heigl Hernandez wrote:
> Hi,
> 
> I'm trying to get FR 1.0.4 to work with new Debian stable distro (3.1).
> I need rlm_perl so I run ./configure with --with-experimental-modules
> and compiled it from source (latest .tgz downloaded from freeradius.org):
> 
> # tar zxvf freeradius-1.0.4.tar.gz
> # chown -R root. freeradius-1.0.4
> # cd freeradius-1.0.4
> # ./configure --with-experimental-modules --prefix=/usr/local/freeradius
> # make
> # make install
> 
> Compile/build process is ok. Then I configured it to use a perl script
> and that's what I get when trying to start radiusd:
> 
> raclde01:/usr/local/freeradius/sbin# ./radiusd -X
> Starting - reading configuration files ...
> reread_config:  reading radiusd.conf
> Config:   including file: /etc/freeradius/proxy.conf
> Config:   including file: /etc/freeradius/clients.conf
> Config:   including file: /etc/freeradius/snmp.conf
> Config:   including file: /etc/freeradius/eap.conf
> Config:   including file: /etc/freeradius/sql.conf
>  main: prefix = "/usr"
>  main: localstatedir = "/var"
>  main: logdir = "/var/log/freeradius"
>  main: libdir = "/usr/lib/freeradius"
>  main: radacctdir = "/var/log/freeradius/radacct"
>  main: hostname_lookups = no
>  main: max_request_time = 30
>  main: cleanup_delay = 5
>  main: max_requests = 1024
>  main: delete_blocked_requests = 0
>  main: port = 0
>  main: allow_core_dumps = no
>  main: log_stripped_names = no
>  main: log_file = "/var/log/freeradius/radius.log"
>  main: log_auth = no
>  main: log_auth_badpass = no
>  main: log_auth_goodpass = no
>  main: pidfile = "/var/run/freeradius/freeradius.pid"
>  main: user = "freerad"
>  main: group = "freerad"
>  main: usercollide = no
>  main: lower_user = "no"
>  main: lower_pass = "no"
>  main: nospace_user = "no"
>  main: nospace_pass = "no"
>  main: checkrad = "/usr/sbin/checkrad"
>  main: proxy_requests = yes
>  proxy: retry_delay = 5
>  proxy: retry_count = 3
>  proxy: synchronous = no
>  proxy: default_fallback = yes
>  proxy: dead_time = 120
>  proxy: post_proxy_authorize = yes
>  proxy: wake_all_if_all_dead = no
>  security: max_attributes = 200
>  security: reject_delay = 1
>  security: status_server = no
>  main: debug_level = 0
> read_config_files:  reading dictionary
> read_config_files:  reading naslist
> Using deprecated naslist file.  Support for this will go away soon.
> read_config_files:  reading clients
> read_config_files:  reading realms
> radiusd:  entering modules setup
> Module: Library search path is /usr/lib/freeradius
> Module: Loaded exec
>  exec: wait = yes
>  exec: program = "(null)"
>  exec: input_pairs = "request"
>  exec: output_pairs = "(null)"
>  exec: packet_type = "(null)"
> rlm_exec: Wait=yes but no output defined. Did you mean output=none?
> Module: Instantiated exec (exec)
> Module: Loaded expr
> Module: Instantiated expr (expr)
> Module: Loaded perl
>  perl: module = "/usr/local/usr/local/freeradius/bin/freeradius_test.pl"
>  perl: func_authorize = "authorize"

Re: FreeRADIUS 1.0.4: SEGMENTATION FAULT

[Nicolas Baradakis]

BugBuster wrote:

> I compiled  with  '--disable-shared' but  on Debian Linux
> FreeRADIUS does not work with MySQL.

On Debian, compile FreeRADIUS with the command dpkg-buildpackage.
This will prior check whether all the necessary packages are installed
on your system.

$ cd freeradius-1.0.4
$ fakeroot dpkg-buildpackage -b
$ sudo dpkg -i ../freeradius_1.0.4-0_i386.deb

-- 
Nicolas Baradakis

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS 1.0.4: SEGMENTATION FAULT

[BugBuster]

Hi Alan.

I compiled  with  '--disable-shared' but  on Debian Linux
FreeRADIUS does not work with MySQL.

So I recompiled  on Red Hat Enterprise 3 using the same
configuration command:

./configure --prefix=/usr/local/freeradius \  
         --with-logdir=/usr/local/freeradius/logs\ 
        --with-radacctdir=/usr/local/freeradius/logs\ 
        --with-raddbdir=/usr/local/freeradius/raddb  
--with-threads\ 
        --with-ascend-binary \

        --disable-shared \

        --enable-developer

This time radiusd starts and listens for requests.

Unfortunately this does not solve my problem.

Any ideas ?
Thank you.
Davide

On Tuesday 23 August 2005 19:02, Alan DeKok wrote:
> BugBuster <[EMAIL PROTECTED]> wrote:
> > Running FreeRADIUS in debug mode (radiusd -sfxxyz -l stdout)
> > I get the "Segmentation fault" message (more details is in .txt
> > attachment).
>
>   You've included everything but the information requested in doc/bugs.
>
>   My bet is that this is bug #98
>
> http://bugs.freeradius.org/show_bug.cgi?id=98
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Freeradius 1.0.4 (rlm_perl enabled) and Debian 3.1 (stable - Sarge)

[Roman Medina-Heigl Hernandez]

Hi,

I'm trying to get FR 1.0.4 to work with new Debian stable distro (3.1).
I need rlm_perl so I run ./configure with --with-experimental-modules
and compiled it from source (latest .tgz downloaded from freeradius.org):

# tar zxvf freeradius-1.0.4.tar.gz
# chown -R root. freeradius-1.0.4
# cd freeradius-1.0.4
# ./configure --with-experimental-modules --prefix=/usr/local/freeradius
# make
# make install

Compile/build process is ok. Then I configured it to use a perl script
and that's what I get when trying to start radiusd:

raclde01:/usr/local/freeradius/sbin# ./radiusd -X
Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /etc/freeradius/proxy.conf
Config:   including file: /etc/freeradius/clients.conf
Config:   including file: /etc/freeradius/snmp.conf
Config:   including file: /etc/freeradius/eap.conf
Config:   including file: /etc/freeradius/sql.conf
 main: prefix = "/usr"
 main: localstatedir = "/var"
 main: logdir = "/var/log/freeradius"
 main: libdir = "/usr/lib/freeradius"
 main: radacctdir = "/var/log/freeradius/radacct"
 main: hostname_lookups = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_file = "/var/log/freeradius/radius.log"
 main: log_auth = no
 main: log_auth_badpass = no
 main: log_auth_goodpass = no
 main: pidfile = "/var/run/freeradius/freeradius.pid"
 main: user = "freerad"
 main: group = "freerad"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"
 main: checkrad = "/usr/sbin/checkrad"
 main: proxy_requests = yes
 proxy: retry_delay = 5
 proxy: retry_count = 3
 proxy: synchronous = no
 proxy: default_fallback = yes
 proxy: dead_time = 120
 proxy: post_proxy_authorize = yes
 proxy: wake_all_if_all_dead = no
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
Using deprecated naslist file.  Support for this will go away soon.
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/lib/freeradius
Module: Loaded exec
 exec: wait = yes
 exec: program = "(null)"
 exec: input_pairs = "request"
 exec: output_pairs = "(null)"
 exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded perl
 perl: module = "/usr/local/usr/local/freeradius/bin/freeradius_test.pl"
 perl: func_authorize = "authorize"
 perl: func_authenticate = "authenticate"
 perl: func_accounting = "accounting"
 perl: func_preacct = "preacct"
 perl: func_checksimul = "checksimul"
 perl: func_detach = "detach"
 perl: func_xlat = "xlat"
 perl: perl_flags = "(null)"
 perl: func_start_accounting = "start_accounting"
 perl: func_stop_accounting = "stop_accounting"
./radiusd: relocation error: /usr/lib/perl/5.8/auto/IO/IO.so: undefined
symbol: Perl_Tstack_sp_ptr
raclde01:/usr/local/freeradius/sbin#


It's strange because I followed the same process with FR 1.0.2 on Debian
3.0 (oldstable - Woody) 1 or 2 months ago and I got success (no problems
at all). So I don't know whether I have a problem with Perl / Debian or
it is freeradius related. Perhaps am I missing some perl package in my
Debian sarge?

Has somebody tested FR + rlm_perl on Debian Sarge? Any idea on what's
happening? If you need more info, I could provide it.

For instance:
raclde01:/usr/local/freeradius/sbin# dpkg -l | grep perl
ii  libdbi-perl1.46-6 Perl5 database interface by Tim Bunce
ii  libdigest-perl 1.10-1 generic interface to message digest
modules
rc  libnet-perl1.09.01-1  Implementation of Internet protocols
for Per
ii  libnet-server- 0.87-3 An extensible, general perl server engine
ii  libnetserver-g 1.03-7 A perl module for developing internet
server
ii  libperl-dev5.8.4-8Perl library: development files
ii  libperl5.8 5.8.4-8Shared Perl library
ii  libperlio-via- 0.11-1 dynamic PerlIO layers
ii  libplrpc-perl  0.2017-1   Perl extensions for writing PlRPC
servers an
ii  liburi-perl1.35-1 Manipulates and accesses URI strings
ii  libwww-perl5.803-4WWW client/server library for Perl
(aka LWP)
ii  perl   5.8.4-8Larry Wall's Practical Extraction and
Report
ii  perl-base  5.8.4-8

Re: FreeRADIUS 1.0.4: SEGMENTATION FAULT

[Alan DeKok]

BugBuster <[EMAIL PROTECTED]> wrote:
> Running FreeRADIUS in debug mode (radiusd -sfxxyz -l stdout)
> I get the "Segmentation fault" message (more details is in .txt attachment).

  You've included everything but the information requested in doc/bugs.

  My bet is that this is bug #98

http://bugs.freeradius.org/show_bug.cgi?id=98

  Alan DeKok.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius 1.0.4 and Cisco WLSE

[Pedro Ribeiro]

Hello M.McNeil,

I've tried it also, but after upgrade of WLSE to a new version it
stopped working. Then I've configured the same AP (AP1231G) that I'm
using as WDS "master" with the local RADIUS server for LEAP
authentication and configured FreeRADIUS to proxy all the requests of
WDS/WLSE authentication to that AP ...

Friday, August 19, 2005, 6:42:16 PM, you wrote:

> Hello,

> I am having an issue getting Cisco's WLSE 2.11 to successfully 
> authenticate with FreeRadius 1.0.4.  I read where Alan DeKok stated that
> the "supplicant" is broken, and was wondering if this is something Cisco
> has to fix with the WLSE? or is there a way for me to fix the 
> supplicant?  Finally, I read where there were some freeradius patches
> that would remedy this problem.  Can someone provide me with a copy of
> those patches ?  The ones posted on this site have errors in them and
> the LEAP patch fails consistently at line 147 of  
> rlm_eap/types/rlm_leap/rlm_eap_leap.c  Any help would be greatly 
> appreciated.

> Best Regards,

> Mike McNeil
> Sr. Network Engineer
> University of California Berkeley
> - 
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html



-- 
Best regards,
 Pedromailto:[EMAIL PROTECTED]

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

freeradius 1.0.4 and Cisco WLSE

[M.McNeil]

Hello,

I am having an issue getting Cisco's WLSE 2.11 to successfully 
authenticate with FreeRadius 1.0.4.  I read where Alan DeKok stated that 
the "supplicant" is broken, and was wondering if this is something Cisco 
has to fix with the WLSE? or is there a way for me to fix the 
supplicant?  Finally, I read where there were some freeradius patches 
that would remedy this problem.  Can someone provide me with a copy of 
those patches ?  The ones posted on this site have errors in them and 
the LEAP patch fails consistently at line 147 of  
rlm_eap/types/rlm_leap/rlm_eap_leap.c  Any help would be greatly 
appreciated.


Best Regards,

Mike McNeil
Sr. Network Engineer
University of California Berkeley
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius 1.0.4 and Cisco WLSE

[Alan DeKok]

[EMAIL PROTECTED] wrote:
> I am stuck using WLSE.  Are there plans on an "official" fix in Freeradius,
> to work with whatever is broken in WLSE?

  As I said:

> > it's changing the EAP ID in a broken way, which means that the AP
> > doesn't add the State attribute from the previous challenge.

  Fixing FreeRADIUS won't help.  The AP just isn't sending the
information FreeRADIUS needs.  And the ONLY way to make the AP send
the correct information is to fix the supplicant.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius 1.0.4 and Cisco WLSE

[jck-freeradius]

On Thu, Aug 11, 2005 at 07:02:19PM -0400, Alan DeKok wrote:
> [EMAIL PROTECTED] wrote:
> > I am trying to speak between my Freeradius server and a Cisco WLSE.
> > I am seeing EAP timeouts while WLSE is trying to authenticate
> > through Freeradius.
> 
>   Short summary: the supplicant is broken.
> 
> > Sending Access-Challenge of id 3 to 192.168.254.10:32815
> > EAP-Message = 
> > 0x010100221a0101001d10b063da2c8f5c52273cd537b0c09d69e5776c736561636374
> > Message-Authenticator = 0x
> > State = 0x8c90735921dd51b22bc8ef97379845b8
> ...
> > rad_recv: Access-Request packet from host 192.168.254.10:32815, id=3, 
> > length=125
> > User-Name = "wlseacct"
> > NAS-IP-Address = 192.168.254.10
> > Called-Station-Id = "ABBAABBAABBA"
> > Calling-Station-Id = "ABBAABBAABBA"
> > NAS-Identifier = "Cisco Secure II"
> > NAS-Port = 29
> > Framed-MTU = 1400
> > NAS-Port-Type = Wireless-802.11
> > EAP-Message = 0x020300060311
> > Message-Authenticator = 0x070f8a208866000f797e64be5bd48f48
> 
>   The client is sending a NACK, and asking for another EAP type.  But
> it's changing the EAP ID in a broken way, which means that the AP
> doesn't add the State attribute from the previous challenge.
> 
>   In the last packet, FreeRADIUS is seeing the middle of a
> conversation, without any way to know what the conversation was about.
> 
>   The supplicant is broken.  Use another one.

I am stuck using WLSE.  Are there plans on an "official" fix in Freeradius,
to work with whatever is broken in WLSE?  Cisco APs are only good if you have
decent management.

--johnk
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius 1.0.4 crashing when getting Request

[Jan Luehr]

Greetings,

Am Mittwoch, 17. August 2005 12:21 schrieb Sebastian Mauer:
> Hello there,
>
> I have a little problem with setting up FreeRADIUS with MySQL Support
> properly. My Linux Distro is Debian Sarge 3.1. I installed all necessary
> libraries and compiled FreeRadius with MySQL enabled. Then I installed all
> necessary MySQL tables and configured FreeRadius to do EAP-TLS with MySQL
> as backend. All seems to work nice until the server finally recieves a
> first request. The server segfaults and that's the end.

Did you use strace?
Have you verified, that the mysql-connection is actually working as setted up?

Keep smiling
yanosz
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius 1.0.4 crashing when getting Request

[Nicolas Baradakis]

Sebastian Mauer wrote:

> I have a little problem with setting up FreeRADIUS with MySQL Support
> properly. My Linux Distro is Debian Sarge 3.1. I installed all necessary
> libraries and compiled FreeRadius with MySQL enabled. Then I installed all
> necessary MySQL tables and configured FreeRadius to do EAP-TLS with MySQL as
> backend. All seems to work nice until the server finally recieves a first
> request. The server segfaults and that's the end.
>
> I have no idea what could have gone wrong
> Does someone of you have an idea what to do?

Please post the gdb output. Follow the instructions at:
http://www.freeradius.org/radiusd/doc/bugs

-- 
Nicolas Baradakis

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

FreeRadius 1.0.4 crashing when getting Request

[Sebastian Mauer]

Hello there,

I have a little problem with setting up FreeRADIUS with MySQL Support
properly. My Linux Distro is Debian Sarge 3.1. I installed all necessary
libraries and compiled FreeRadius with MySQL enabled. Then I installed all
necessary MySQL tables and configured FreeRadius to do EAP-TLS with MySQL as
backend. All seems to work nice until the server finally recieves a first
request. The server segfaults and that's the end. 

I have no idea what could have gone wrong
Does someone of you have an idea what to do?

Sincerely,
Sebastian Mauer
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS 1.0.4 can't compile on Solaris 10

[Alan DeKok]

Wei Chiang <[EMAIL PROTECTED]> wrote:
> ltdl.lo  -ldl -lnsl -lresolv -lsocket -lposix4 -lpthread -lcrypto -lssl -lc
> ld: fatal: library -lcrypto: not found
> ld: fatal: library -lssl: not found

  Install OpenSSL in a place where your dynamic linker can find it.

  Alan DeKok.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

FreeRADIUS 1.0.4 can't compile on Solaris 10

[Wei Chiang]

Greetings everybody.

There's this problem that has me completely stumped despite several late
night attempts to solve it, so any help would be gratefully appreciated. ;-)

I'm trying to compile FreeRADIUS 1.0.4 on a Solaris 10 machine. The
initial "./configure" seems to have completed without too much fuss. The
problem is that when I try "make all" the following error message is 
given after it tries to compile:


* snip 
gmake[1]: Entering directory `/export/home/tmp/freeradius-1.0.4'
Making all in libltdl...
gmake[2]: Entering directory `/export/home/tmp/freeradius-1.0.4/libltdl'
/bin/sh ./libtool --mode=link gcc  -g -O2 -D_REENTRANT 
-D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5   -Wall -D_GNU_SOURCE 
-DNDEBUG  -o libltdl.la -rpath /usr/local/lib -no-undefined 
-version-info 4:0:1 ltdl.lo -ldl -lnsl -lresolv -lsocket -lposix4 
-lpthread -lcrypto -lssl

rm -fr .libs/libltdl.la .libs/libltdl.* .libs/libltdl.*
/usr/ccs/bin/ld -G -z defs -h libltdl.so.3 -o .libs/libltdl.so.3.1.0 
ltdl.lo  -ldl -lnsl -lresolv -lsocket -lposix4 -lpthread -lcrypto -lssl -lc

ld: fatal: library -lcrypto: not found
ld: fatal: library -lssl: not found
ld: fatal: File processing errors. No output written to 
.libs/libltdl.so.3.1.0

gmake[2]: *** [libltdl.la] Error 1
gmake[2]: Leaving directory `/export/home/tmp/freeradius-1.0.4/libltdl'
gmake[1]: *** [common] Error 2
gmake[1]: Leaving directory `/export/home/tmp/freeradius-1.0.4'
*** Error code 2
The following command caused the error:
/usr/sfw/bin/gmake  WHAT_TO_MAKE=all common
make: Fatal error: Command failed for target `all'
* snip 


The really strange part is that "./configure" seems to actually find the 
libcrypto and libssl libraries:


* snip 
checking for openssl/ssl.h... yes
checking for DH_new in -lcrypto... yes
checking for SSL_new in -lssl... yes
* snip 


I did the following command line tests and got the following results:
#ld -lcrypto
ld: fatal: library -lcrypto: not found
ld: fatal: File processing errors. No output written to a.out

#ld -lssl
ld: fatal: library -lssl: not found
ld: fatal: File processing errors. No output written to a.out


I think the libraries are already in the correct path:
#crle
Configuration file [version 4]: /var/ld/ld.config
  Default Library Path (ELF):   /lib:/usr/lib:/usr/local/lib:/usr/sfw/lib
  Trusted Directories (ELF):/lib/secure:/usr/lib/secure  (system 
default)


Command line:
  crle -c /var/ld/ld.config -l /lib:/usr/lib:/usr/local/lib:/usr/sfw/lib


Does anyone know how to solve this problem? Let me know if I've left out 
any information. Thanks again!


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius 1.0.4 and Cisco WLSE

[Alan DeKok]

[EMAIL PROTECTED] wrote:
> I am trying to speak between my Freeradius server and a Cisco WLSE.
> I am seeing EAP timeouts while WLSE is trying to authenticate
> through Freeradius.

  Short summary: the supplicant is broken.

> Sending Access-Challenge of id 3 to 192.168.254.10:32815
> EAP-Message = 
> 0x010100221a0101001d10b063da2c8f5c52273cd537b0c09d69e5776c736561636374
> Message-Authenticator = 0x
> State = 0x8c90735921dd51b22bc8ef97379845b8
...
> rad_recv: Access-Request packet from host 192.168.254.10:32815, id=3, 
> length=125
> User-Name = "wlseacct"
> NAS-IP-Address = 192.168.254.10
> Called-Station-Id = "ABBAABBAABBA"
> Calling-Station-Id = "ABBAABBAABBA"
> NAS-Identifier = "Cisco Secure II"
> NAS-Port = 29
> Framed-MTU = 1400
> NAS-Port-Type = Wireless-802.11
> EAP-Message = 0x020300060311
> Message-Authenticator = 0x070f8a208866000f797e64be5bd48f48

  The client is sending a NACK, and asking for another EAP type.  But
it's changing the EAP ID in a broken way, which means that the AP
doesn't add the State attribute from the previous challenge.

  In the last packet, FreeRADIUS is seeing the middle of a
conversation, without any way to know what the conversation was about.

  The supplicant is broken.  Use another one.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

freeradius 1.0.4 and Cisco WLSE

[jck-freeradius]

I am trying to speak between my Freeradius server and a Cisco WLSE.  I am seeing
EAP timeouts while WLSE is trying to authenticate through Freeradius.

I have setup the AAA details (server,port,username,password,eap protocol) in
the WLSE, and enabled fault tracking, so that polling is able to take place.

The WDS Master router has no problems authenticating, it is the WLSE that
I am having problems getting authenticated.

AP-70#show wlccp wnm status
WNM IP Address : 192.168.254.5 Status : NOT AUTHENTICATED
AP-70#show wlccp wds 
  MAC: 0014.6a77.1604, IP-ADDR: 192.168.254.70 , Priority: 254
  Interface BVI1, State: Administratively StandAlone - ACTIVE
  AP Count: 43  , MN Count: 9   


==
The WLSE is speaking with freeradius:
(output from tcpdump)

17:40:36.415982 IP wlse.southwestern.edu.32815 > 
radius.southwestern.edu.radius:  rad-access-req 132 [id 3] Attr[  
User{wlseacct} NAS_ipaddr{wlse.southwestern.edu} Called_station{ABBAABBAABBA} 
[|radius]
17:40:36.422513 IP radius.southwestern.edu.radius > 
wlse.southwestern.edu.32815:  rad-access-cha 92 [id 3] Attr[  [|radius]
17:40:36.423393 IP wlse.southwestern.edu.32815 > 
radius.southwestern.edu.radius:  rad-access-req 125 [id 3] Attr[  
User{wlseacct} NAS_ipaddr{wlse.southwestern.edu} Called_station{ABBAABBAABBA} 
[|radius]
17:40:42.433507 IP radius.southwestern.edu.radius > 
wlse.southwestern.edu.32815:  rad-access-reject 20 [id 3]
==

== 
...and the output from Freeradius

rad_recv: Access-Request packet from host 192.168.254.10:32815, id=3, length=132
User-Name = "wlseacct"
NAS-IP-Address = 192.168.254.10
Called-Station-Id = "ABBAABBAABBA"
Calling-Station-Id = "ABBAABBAABBA"
NAS-Identifier = "Cisco Secure II"
NAS-Port = 29
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020d01776c736561636374
Message-Authenticator = 0x586aa1b877caeafd3956095cf718be31
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 180
  rlm_eap: EAP packet type response id 0 length 13
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 180
radius_xlat:  'wlseacct'
rlm_sql (sql): sql_set_user escaped user --> 'wlseacct'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE 
Username = 'wlseacct' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 0
radius_xlat:  'SELECT 
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
  FROM radgroupcheck,usergroup WHERE usergroup.Username = 'wlseacct' AND 
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE 
Username = 'wlseacct' ORDER BY id'
radius_xlat:  'SELECT 
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
  FROM radgroupreply,usergroup WHERE usergroup.Username = 'wlseacct' AND 
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 0
  modcall[authorize]: module "sql" returns ok for request 180
modcall: group authorize returns updated for request 180
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 180
  rlm_eap: EAP Identity
  rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
  modcall[authenticate]: module "eap" returns handled for request 180
modcall: group authenticate returns handled for request 180
Sending Access-Challenge of id 3 to 192.168.254.10:32815
EAP-Message = 
0x010100221a0101001d10b063da2c8f5c52273cd537b0c09d69e5776c736561636374
Message-Authenticator = 0x
State = 0x8c90735921dd51b22bc8ef97379845b8
Finished request 180
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.254.10:32815, id=3, length=125
User-Name = "wlseacct"
NAS-IP-Address = 192.168.254.10
Called-Station-Id = "ABBAABBAABBA"
Calling-Station-Id = "ABBAABBAABBA"
NAS-Identifier = "Cisco Secure II"
NAS-Port = 29
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020300060311
Message-Authenticator = 0x070f8a208866000f797e64be5bd48f48
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 181
  rlm_eap: EAP packet type response id 3 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 181
radius_xlat:  'wlseacct'
rlm_sql (sql): sql_set_user escaped user --> 'wlseacct'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE 
Username = 'wlseacct' ORDER 

Re: Problem with RadZap in version 1.0.4

[Alan DeKok]

Sarkis Gabriel <[EMAIL PROTECTED]> wrote:
> Thanks alan for the reply just wondering if there is any workaround
> to kill those connections?

  Grab the CVS version of the 1.0 branch.

> if there is no workaround are all Freeradius > 1.0.0 have that bug in 
> radwho?

  I said it would be fixed in 1.0.5, didn't I?

  Alan DeKok.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problem with RadZap in version 1.0.4

[Sarkis Gabriel]

Thanks alan for the reply just wondering if there is any workaround
to kill those connections?
if there is no workaround are all Freeradius > 1.0.0 have that bug in 
radwho?


Thanks again

Sarky

Alan DeKok wrote:

Sarkis Gabriel <[EMAIL PROTECTED]> wrote:


johny,johny,shell,S-2140143609,Tue 09:47,192.116.123.117,10.10.11.251

Any idea why it is giving a negative number?



  It looks like a bug in radwho.  It will be fixed in 1.0.5 (if and
when it gets released)

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problem with RadZap in version 1.0.4

[Alan DeKok]

Sarkis Gabriel <[EMAIL PROTECTED]> wrote:
> johny,johny,shell,S-2140143609,Tue 09:47,192.116.123.117,10.10.11.251
> 
> Any idea why it is giving a negative number?

  It looks like a bug in radwho.  It will be fixed in 1.0.5 (if and
when it gets released)

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problem with RadZap in version 1.0.4

[Sarkis Gabriel]

Hi Alan

I do not know what to do with it, it is coming as a negative number the 
Nas Type is a Mikrotik and when radwho -r is issued i get this.


johny,johny,shell,S-2140143609,Tue 09:47,192.116.123.117,10.10.11.251

Any idea why it is giving a negative number?

Thanks

sarky

Alan DeKok wrote:

Sarkis Gabriel <[EMAIL PROTECTED]> wrote:

radzap -N 192.116.123.117 -P -2140143609 -u johny -x 



  A negative number for the port?  That isn't nice.

  Hmm... The numbers should be printed as unsigned int's, and the
input to radzap should be unsigned int's.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problem with RadZap in version 1.0.4

[Alan DeKok]

Sarkis Gabriel <[EMAIL PROTECTED]> wrote:
> radzap -N 192.116.123.117 -P -2140143609 -u johny -x 

  A negative number for the port?  That isn't nice.

  Hmm... The numbers should be printed as unsigned int's, and the
input to radzap should be unsigned int's.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Problem with RadZap in version 1.0.4

[Sarkis Gabriel]

Hi all

I am trying to zap users but for some reason it is giving an error Port 
not found, i will paste all the necessary details below.




johny,johny,shell,S-2140143609,Tue 09:47,192.116.123.117,10.10.11.251
henry,henry,shell,S-2140143606,Tue 12:23,192.116.123.117,10.10.11.254




radzap -N 192.116.123.117 -P -2140143609 -u johny -x 
192.116.123.115:1813 password

Sending Accounting-Request of id 113 to 192.116.123.115:1813
User-Name = "johny"
Acct-Session-Id = "8077"
Acct-Status-Type = Stop
NAS-IP-Address = 192.116.123.117
rad_recv: Accounting-Response packet from host 192.116.123.115:1813, 
id=113, length=20





Ready to process requests.
rad_recv: Accounting-Request packet from host 192.116.123.115:32813, 
id=113, length=49

User-Name = "johny"
Acct-Session-Id = "8077"
Acct-Status-Type = Stop
NAS-IP-Address = 192.116.123.117
  Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 0
  modcall[preacct]: module "preprocess" returns noop for request 0
rlm_acct_unique: WARNING: Attribute NAS-Port was not found in request, 
unique ID MAY be inconsistent
rlm_acct_unique: Hashing ',Client-IP-Address = 
192.116.123.115,NAS-IP-Address = 192.116.123.117,Acct-Session-Id = 
"8077",User-Name = "johny"'

rlm_acct_unique: Acct-Unique-Session-ID = "40280b49c7d3093a".
  modcall[preacct]: module "acct_unique" returns ok for request 0
rlm_realm: No '@' in User-Name = "johny", looking up realm NULL
rlm_realm: No such realm "NULL"
  modcall[preacct]: module "suffix" returns noop for request 0
  modcall[preacct]: module "files" returns noop for request 0
modcall: group preacct returns ok for request 0
  Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 0
radius_xlat:  '/var/log/radius/radacct/192.116.123.115/detail-20050726'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d 
expands to /var/log/radius/radacct/192.116.123.115/detail-20050726

  modcall[accounting]: module "detail" returns ok for request 0
  modcall[accounting]: module "unix" returns noop for request 0
radius_xlat:  '/var/log/radius/radutmp'
radius_xlat:  'johny'
  rlm_radutmp: No NAS-Port seen.  Cannot do anything.
  rlm_radumtp: WARNING: checkrad will probably not work!
  modcall[accounting]: module "radutmp" returns noop for request 0
radius_xlat:  'johny'
rlm_sql (sql): sql_set_user escaped user --> 'johny'
radius_xlat:  'UPDATE radacct SET AcctStopTime = '2005-07-26 12:32:23', 
AcctSessionTime = '', AcctInputOctets = '', AcctOutputOctets = '', 
AcctTerminateCause = '', AcctStopDelay = '', ConnectInfo_stop = '' WHERE 
AcctSessionId = '8077' AND UserName = 'johny' AND NASIPAddress = 
'192.116.123.117''

rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): Released sql socket id: 4
  modcall[accounting]: module "sql" returns ok for request 0
modcall: group accounting returns ok for request 0
Sending Accounting-Response of id 113 to 192.116.123.115:32813
Finished request 0
Going to the next request
--- Walking the entire request list ---
Cleaning up request 0 ID 113 with timestamp 42e61f47
Nothing to do.  Sleeping until we see a request.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius 1.0.4 - FreeBSD - Syslog not working

[Dusty Doris]

>
> [EMAIL PROTECTED] radiusd -l syslog
>

Didn't know freeradius did syslog, cool.  Anyway, just tried it out on
freebsd 5.4.  In man radiusd, it shows that when using -l syslog, there is
also -g to specify the facility, where it also shows the default is
daemon.

You will need to edit /etc/syslog.conf and add

daemon.*/var/log/whateverfileyouwant

Touch /var/log/whateverfileyouwant and then restart syslogd and then
restart freeradius with at least -l syslog.  You could also use -g and
specify a different facility such as local[0-7].

Make sure to touch the file first before restarting syslogd.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius 1.0.4 - FreeBSD - Syslog not working

[Alan DeKok]

"Daniel Richardson" <[EMAIL PROTECTED]> wrote:
> I've succesfully installed (from the ports collection) FreeRadius
> (1.0.4) using Secure LDAP to Active Directory (horray!) - however, I
> can't seem to get it to log authentication attempts (much less anything)
> to syslog, this is my final stumbling block, and I really need some help
> here.

  1.0.4 doesn't really support syslog.  There are bugs that prevented
it from working, but are fixed in the latest CVS snapshots.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

FreeRadius 1.0.4 - FreeBSD - Syslog not working

[Daniel Richardson]

Hi 
there,
 
I've succesfully 
installed (from the ports collection) FreeRadius (1.0.4) using Secure LDAP to 
Active Directory (horray!) - however, I can't seem to get it to log 
authentication attempts (much less anything) to syslog, this is my final 
stumbling block, and I really need some help here.
 
I've spent hours 
scouring the mailing lists seeing many people with similar problems, and I've 
tried many of the supposed solutions without success. There seems to be some 
mention that information was included in the documentation at some point, 
however I've download the latest source code and grep'ed the documentation for 
anything containing 'syslog' and turned up empty (even browsed seemingly 
relevant docs manually).
 
My syslogging is 
syslog-ng and works fine logging for several network devices. Syslog 
is installed on the same machine as freeradius. The source code seem to indicate 
syslogging is compiled / enabled by default - so presumably the port includes 
this as I see no options 'disabling' it.
 
Things I've tried, 
with no success include:
 
* >From the radiusd 
help, I've included command line options.
 
  -l 
log_dir  Log messages to 'log_dir'.  Special 
values 
are:  
stdout == log all messages to standard 
output.  
syslog == log all messages to the system logger.
 
[EMAIL PROTECTED] radiusd -l 
syslog
 
* Edit the 
radiusd.conf file to include:
 
log_destination = 
sysloglog {    syslog_facility = 
daemon}
* Edit the 
radiusd.conf file to include (which results in radiusd: Couldn't open 
syslog/radius.log for logging: No such file or directory - fairly obvious its 
not doing interpretting this differently)
 
logdir = 
syslog
 
 
Has anyone got 
this working succesfully? With this version of FreeRadius? How did you do it? 
Does anyone know troubleshooting methods I can use (radiusd -X will not log to 
syslog since its redirecting to stdout).
 
Any answers 
or suggestions would be much appreciated!
 
Thanks,
Dan
 
 
 
 
 
 
 
 
 
 
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_sql_mysql make error for 1.0.4 and snapshot-20050718

[Thor Spruyt]

Paul Hampson wrote:
> On Mon, Jul 18, 2005 at 05:22:51PM +0200, Thor Spruyt wrote:
>> Hi,
>> `/home/thor/freeradius-1.0.4/src/modules/rlm_sql/drivers/rlm_sql_mysql'
>> gcc  -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS
>> -DOPENSSL_NO_KRB5   -Wal l -D_GNU_SOURCE -DNDEBUG  -I../..
>> -I../../../../include -I'/usr/include/mysq l'
>> -I/home/thor/freeradius-1.0.4/libltdl -c sql_mysql.c -o sql_mysql.o
>> sql_mysql.c:39:20: errmsg.h: No such file or directory
>> sql_mysql.c:40:19: mysql.h: No such file or directory
>
> The build process didn't find your mySQL headers.

I installed mysql-devel rpm and it works now.
Strange... for other modules when the devel is not there, they're skipped...
for mysql an error is the result.
Anyway... I have now successfully compiled 1.0.4 with support for postgresql
(which I will use) and mysql (which I won't use).

--
Groeten, Regards, Salutations,

Thor Spruyt
M: +32 (0)475 67 22 65
E: [EMAIL PROTECTED]
W: www.thor-spruyt.com

www.salesguide.be
www.telenethotspot.be

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_sql_mysql make error for 1.0.4 and snapshot-20050718

[Paul Hampson]

On Mon, Jul 18, 2005 at 05:22:51PM +0200, Thor Spruyt wrote:
> Hi,
> `/home/thor/freeradius-1.0.4/src/modules/rlm_sql/drivers/rlm_sql_mysql'
> gcc  -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5   -Wal
> l -D_GNU_SOURCE -DNDEBUG  -I../.. -I../../../../include -I'/usr/include/mysq
> l' -I/home/thor/freeradius-1.0.4/libltdl -c sql_mysql.c -o sql_mysql.o
> sql_mysql.c:39:20: errmsg.h: No such file or directory
> sql_mysql.c:40:19: mysql.h: No such file or directory

The build process didn't find your mySQL headers.

-- 
Paul "TBBle" Hampson, on an alternate email client.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

rlm_sql_mysql make error for 1.0.4 and snapshot-20050718

[Thor Spruyt]

Hi,

I tried to compile 1.0.4 with support for mysql and postgresql, but
compilation failed for rlm_sql
I then tried with snapshot-20050718 but with the same result.

Platform is i386, OS is CentOS 3.4

Below the make output of both attempts.
Anybody any ideas?


freeradius-1.0.4:
Making static dynamic in rlm_sql...
gmake[6]: Entering directory
`/home/thor/freeradius-1.0.4/src/modules/rlm_sql'
gcc  -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5   -Wal
l -D_GNU_SOURCE -DNDEBUG  -I../../include -I/home/thor/freeradius-1.0.4/libl
tdl -c rlm_sql.c -o rlm_sql.o
rlm_sql.c: In function `rlm_sql_detach':
rlm_sql.c:587: warning: passing arg 2 of `xlat_unregister' from incompatible
pointer type
rlm_sql.c: In function `rlm_sql_instantiate':
rlm_sql.c:659: warning: passing arg 2 of `xlat_register' from incompatible
pointer type
gcc  -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5   -Wal
l -D_GNU_SOURCE -DNDEBUG  -I../../include -I/home/thor/freeradius-1.0.4/libl
tdl -c sql.c -o sql.o
/home/thor/freeradius-1.0.4/libtool --mode=link ld \
-module -static  -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO
_KRB5   -Wall -D_GNU_SOURCE -DNDEBUG  -I../../include -I/home/thor/freeradiu
s-1.0.4/libltdl rlm_sql.o sql.o -o rlm_sql.a
mkdir .libs
ar cru rlm_sql.a rlm_sql.o sql.o
ranlib rlm_sql.a
gmake[7]: Entering directory
`/home/thor/freeradius-1.0.4/src/modules/rlm_sql'
Making static in drivers...
gmake[8]: Entering directory
`/home/thor/freeradius-1.0.4/src/modules/rlm_sql/drivers'
/usr/bin/gmake -w WHAT_TO_MAKE=static common
gmake[9]: Entering directory
`/home/thor/freeradius-1.0.4/src/modules/rlm_sql/drivers'
Making static in rlm_sql_db2...
gmake[10]: Entering directory
`/home/thor/freeradius-1.0.4/src/modules/rlm_sql/drivers/rlm_sql_db2'
gmake[10]: Nothing to be done for `static'.
gmake[10]: Leaving directory
`/home/thor/freeradius-1.0.4/src/modules/rlm_sql/drivers/rlm_sql_db2'
Making static in rlm_sql_freetds...
gmake[10]: Entering directory
`/home/thor/freeradius-1.0.4/src/modules/rlm_sql/drivers/rlm_sql_freetds'
gmake[10]: Nothing to be done for `static'.
gmake[10]: Leaving directory
`/home/thor/freeradius-1.0.4/src/modules/rlm_sql/drivers/rlm_sql_freetds'
Making static in rlm_sql_iodbc...
gmake[10]: Entering directory
`/home/thor/freeradius-1.0.4/src/modules/rlm_sql/drivers/rlm_sql_iodbc'
gmake[10]: Nothing to be done for `static'.
gmake[10]: Leaving directory
`/home/thor/freeradius-1.0.4/src/modules/rlm_sql/drivers/rlm_sql_iodbc'
Making static in rlm_sql_mysql...
gmake[10]: Entering directory
`/home/thor/freeradius-1.0.4/src/modules/rlm_sql/drivers/rlm_sql_mysql'
gcc  -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5   -Wal
l -D_GNU_SOURCE -DNDEBUG  -I../.. -I../../../../include -I'/usr/include/mysq
l' -I/home/thor/freeradius-1.0.4/libltdl -c sql_mysql.c -o sql_mysql.o
sql_mysql.c:39:20: errmsg.h: No such file or directory
sql_mysql.c:40:19: mysql.h: No such file or directory
sql_mysql.c:47: syntax error before "MYSQL"
sql_mysql.c:47: warning: no semicolon at end of struct or union
sql_mysql.c:48: warning: type defaults to `int' in declaration of `sock'
sql_mysql.c:48: warning: data definition has no type or storage class
sql_mysql.c:49: syntax error before '*' token
sql_mysql.c:49: warning: type defaults to `int' in declaration of `result'
sql_mysql.c:49: warning: data definition has no type or storage class
sql_mysql.c:51: syntax error before '}' token
sql_mysql.c:51: warning: type defaults to `int' in declaration of
`rlm_sql_mysql_sock'
sql_mysql.c:51: warning: data definition has no type or storage class
sql_mysql.c: In function `sql_init_socket':
sql_mysql.c:62: `mysql_sock' undeclared (first use in this function)
sql_mysql.c:62: (Each undeclared identifier is reported only once
sql_mysql.c:62: for each function it appears in.)
sql_mysql.c:65: syntax error before ')' token
sql_mysql.c:76: warning: implicit declaration of function `mysql_init'
sql_mysql.c:77: warning: implicit declaration of function
`mysql_real_connect'
sql_mysql.c:84: `CLIENT_FOUND_ROWS' undeclared (first use in this function)
sql_mysql.c:86: warning: implicit declaration of function `mysql_error'
sql_mysql.c:86: warning: format argument is not a pointer (arg 3)
sql_mysql.c: In function `sql_check_error':
sql_mysql.c:122: `CR_SERVER_GONE_ERROR' undeclared (first use in this
function)
sql_mysql.c:123: `CR_SERVER_LOST' undeclared (first use in this function)
sql_mysql.c:131: `CR_OUT_OF_MEMORY' undeclared (first use in this function)
sql_mysql.c:132: `CR_COMMANDS_OUT_OF_SYNC' undeclared (first use in this
function)
sql_mysql.c:133: `CR_UNKNOWN_ERROR' undeclared (first use in this function)
sql_mysql.c: In function `sql_query':
sql_mysql.c:151: `mysql

Re: Need help installing 1.0.4 on RHEL update 4

[Paul Hampson]

On Fri, Jul 08, 2005 at 11:36:33AM -0400, Ken George wrote:
> I am not a RHEL expert, but have installed the 1.0.1 RPM of freeradius.

> I am trying to get freeradius to authenticate against a Windows 2003
> Active Directory.

> Once I can get radtest to work on the server I'll configure the clients
> (Cisco VPN 3005 and console access for all my other Cisco rotuers,
> switches, etc).

> Since 1.0.1 is older I thought I'd try to get 1.0.4 in before banging
> out my .conf file problems.

> I get the following errors when I try to ./configure 1.0.4

> configure:7989: checking for ut_xtime in struct utmpx
> configure:8005: gcc -c -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS
> -DOPENSSL_NO_KRB5conftest.c 1>&5
> configure: In function `main':
> configure:8001: structure has no member named `ut_xtime'<-- the
> first problem
> configure: failed program was:
> #line 7993 "configure"
> #include "confdefs.h"
> 
> #include 
> #ifndef offsetof
> #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
> #endif
> 
> int main() {
>  int foo = offsetof(struct utmpx, ut_xtime) 
> ; return 0; }

There's no ut_xtime in struct utmpx. Why is this a problem?

> configure:8336: checking for asn1.h,snmp.h,snmp_impl.h
> configure:8364: gcc -c -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS
> -DOPENSSL_NO_KRB5   -Wall -D_GNU_SOURCE -DNDEBUG  conftest.c 1>&5
> In file included from configure:8356:
> /usr/include/ucd-snmp/asn1.h:7:2: #error "Please update your headers or
> configure using --enable-ucd-snmp-compatibility"  <-- (this error then
> occurs multiple times)

This is because you're using net-snmp in ucd-snmp compatibility
mode, and that is not supported in stock 1.0.4. You can try this
patch:
http://www.freeradius.org/cgi-bin/cvsweb.cgi/~checkout~/radiusd/debian/patches/Attic/01_NET-SNMP_build_support.dpatch?rev=1.1.2.2&content-type=text/plain&hideattic=0
although be warned that if your net-snmp is not configured exactly
the same as your FreeRADIUS, you _will_ get nasty nasty problems. I
believe these problems were first observed on a RedHat system, which
ships a net-snmp package which doesn't neccessarily match the defines
you need to build FreeRADIUS.

Your other choice is to upgrade to CVS HEAD, but that may not be in
working condition right now. (Someone mentioned a proxying problem
earlier...)

-- 
Paul "TBBle" Hampson, on an alternate email client.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Need help installing 1.0.4 on RHEL update 4

[Alan DeKok]

"Ken George" <[EMAIL PROTECTED]> wrote:
> I get the following errors when I try to ./configure 1.0.4

  100% of what you posted isn't errors, it's internal logs from
"configure", as it tries to figure out what's on your system.  Calling
them "errors" is a mistake, and misleading.  Posting the log file is
not very useful, either.

  Are there REAL errors you ran into?

  Alan DeKok.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Need help installing 1.0.4 on RHEL update 4

[Ken George]

I am not a RHEL expert, but have installed the 1.0.1 RPM of freeradius.

I am trying to get freeradius to authenticate against a Windows 2003
Active Directory.

Once I can get radtest to work on the server I'll configure the clients
(Cisco VPN 3005 and console access for all my other Cisco rotuers,
switches, etc).

Since 1.0.1 is older I thought I'd try to get 1.0.4 in before banging
out my .conf file problems.

I get the following errors when I try to ./configure 1.0.4

This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.

configure:748: checking for gcc
configure:861: checking whether the C compiler (gcc  ) works
configure:877: gcc -o conftestconftest.c  1>&5
configure:903: checking whether the C compiler (gcc  ) is a
cross-compiler
configure:908: checking whether we are using GNU C
configure:936: checking whether gcc accepts -g
configure:969: checking how to run the C preprocessor
configure:1049: checking for AIX
configure:1075: checking whether gcc needs -traditional
configure:1121: checking whether we are using SUNPro C
configure:1141: checking for ranlib
configure:1176: checking whether byte ordering is bigendian
configure:1269: checking for gmake
configure:1337: checking for gmake

(normal output suppressed)

configure:7793: checking for initgroups
configure:7857: checking whether crypt must be declared
configure:7857: checking whether strncasecmp must be declared
configure:7857: checking whether strcasecmp must be declared
configure:7857: checking whether inet_aton must be declared
configure:7857: checking whether gethostname must be declared
configure:7857: checking whether setlinebuf must be declared
configure:7857: checking whether getusershell must be declared
configure:7857: checking whether endusershell must be declared
configure:7944: checking return type of signal handlers
configure:7989: checking for ut_xtime in struct utmpx
configure:8005: gcc -c -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS
-DOPENSSL_NO_KRB5conftest.c 1>&5
configure: In function `main':
configure:8001: structure has no member named `ut_xtime'<-- the
first problem
configure: failed program was:
#line 7993 "configure"
#include "confdefs.h"

#include 
#ifndef offsetof
#define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
#endif

int main() {
 int foo = offsetof(struct utmpx, ut_xtime) 
; return 0; }
configure:8036: checking for ipi_addr in struct in_pktinfo
configure:8052: gcc -c -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS
-DOPENSSL_NO_KRB5conftest.c 1>&5
configure:8082: checking for working const
configure:8158: checking type of OS
configure:8173: checking for developer gcc flags
configure:8188: checking for crypt in -lcrypt
configure:8288: checking for setkey in -lcipher
configure:8336: checking for asn1.h,snmp.h,snmp_impl.h
configure:8364: gcc -c -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS
-DOPENSSL_NO_KRB5   -Wall -D_GNU_SOURCE -DNDEBUG  conftest.c 1>&5
In file included from configure:8356:
/usr/include/ucd-snmp/asn1.h:7:2: #error "Please update your headers or
configure using --enable-ucd-snmp-compatibility"  <-- (this error then
occurs multiple times)
In file included from configure:8357:
/usr/include/ucd-snmp/snmp.h:7:2: #error "Please update your headers or
configure using --enable-ucd-snmp-compatibility"
In file included from configure:8358:
/usr/include/ucd-snmp/snmp_impl.h:9:2: #error "Please update your
headers or configure using --enable-ucd-snmp-compatibility"
configure: In function `main':
configure:8360: warning: unused variable `a'
configure: failed program was:
#line 8339 "configure"
#include "confdefs.h"

#ifdef HAVE_SYS_TYPES_H
#include 
#endif
#ifdef HAVE_STDINT_H
#include 
#endif
#ifdef HAVE_STDIO_H
#include 
#endif
#ifdef HAVE_NETDB_H
#include 
#endif
#ifdef HAVE_UNISTD_H
#include 
#endif
#include 
#include 
#include 
int main() {
 int a = 1;
; return 0; }
configure:8405: gcc -c -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS
-DOPENSSL_NO_KRB5   -Wall -D_GNU_SOURCE -DNDEBUG -I/usr/include
conftest.c 1>&5
In file included from configure:8397:
/usr/include/ucd-snmp/asn1.h:7:2: #error "Please update your headers or
configure using --enable-ucd-snmp-compatibility"
In file included from configure:8398:
/usr/include/ucd-snmp/snmp.h:7:2: #error "Please update your headers or
configure using --enable-ucd-snmp-compatibility"
In file included from configure:8399:
/usr/include/ucd-snmp/snmp_impl.h:9:2: #error "Please update your
headers or configure using --enable-ucd-snmp-compatibility"
configure: In function `main':
configure:8401: warning: unused variable `a'
configure: failed program was:
#line 8380 "configure"
#include "confdefs.h"

#ifdef HAVE_SYS_TYPES_H
#include 
#endif
#ifdef HAVE_STDINT_H
#include 

Re: freeradius 1.0.4 ldap compilation

[Alan DeKok]

Marc-Henri Boisis-Delavaud <[EMAIL PROTECTED]> wrote:
> And what is the version of openldap recomended by freeradius ?

  Most versions should work.  My guess is that the LDAP libraries are
in a non-standard place, where your linker can't find them.

  Alan DeKok.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius 1.0.4 ldap compilation

[Marc-Henri Boisis-delavaud]

Le 4 juil. 05 à 17:54, Alan DeKok a écrit :

Marc-Henri Boisis-delavaud <[EMAIL PROTECTED]>  
wrote:



/opt/freeradius/distrib.freeradius-1.0.4/src/modules/rlm_ldap/
rlm_ldap.c:2181: undefined reference to `ldap_unbind_s'



  Hmm... it looks like your version of OpenLDAP doesn't have the
functions needed by FreeRADIUS.  Or, the LDAP libraries aren't being
found at compile-time.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ 
users.html




Do you preconise openldap 2.2.26 or 2.3.4 and with what options ?

Marc


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: ALL FIXED - THANKS ********* Freeradius 1.0.4 Update - No Chap logins

[Radius]

Radius wrote:


I should note that it's with mysql. Not in the users file.

I'm still looking but I recall something about Freeradius needing to 
know to look in mysql

for chap authentication?

Radius wrote:


I did not see this one hit the list.

No chap logins are working since the 1.0.4 installation

Here is what is showing when I run radius -x

This is only happening with those that are logging in through our 
wholesale service.


Anyone logs in locally with the realm does fine.

Some log errors. It's not accepting chap log ins. Any help where to 
look.


rlm_unix: Attribute "User-Password" is required for authentication.  
Cannot use "CHAP-Password".
Login incorrect: [rniclh/] (from client usa1 port 228 
cli 5208778389)
rad_recv: Access-Request packet from host 216.127.146.29:52982, 
id=50, length=213

 User-Name = "[EMAIL PROTECTED]"
>>>>CHAP-Password = 0x014d582cee62362d9063da8b99c2f83c94
Why is it coming through like this?

 NAS-IP-Address = 63.215.26.191
 NAS-Port = 228
 Service-Type = Framed-User
 Framed-Protocol = PPP
 Ascend-Data-Rate = 31200
 Ascend-Calling-Id-Type-Of-Num = Unknown
 Ascend-Calling-Id-Number-Plan = Unknown
 Ascend-Xmit-Rate = 46667
 Called-Station-Id = "5208294055"
 Calling-Station-Id = "5208778389"
 NAS-Identifier = "nas8.tcs1.Level3.net"
 Acct-Session-Id = "436987031"
 NAS-Port-Type = Async
 Ascend-NAS-Port-Format = 2_4_5_5
 Attr-102 = 0x6c33
rlm_chap: Setting 'Auth-Type := CHAP'

>>>>> Warning:  Found 2 auth-types on request for user 'rniclh'

But when I do it from another system and radtest it seems to work.

rad_recv: Access-Request packet from host 64.240.77.3:33574, id=228, 
length=73

 User-Name = "[EMAIL PROTECTED]"
 User-Password = "deleted"
 NAS-IP-Address = 255.255.255.255
 NAS-Port = 500
rlm_sql (sql): Reserving sql socket id: 4

- List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html





- List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html





- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius 1.0.4 Update - No Chap logins

[Radius]

I should note that it's with mysql. Not in the users file.

I'm still looking but I recall something about Freeradius needing to 
know to look in mysql

for chap authentication?

Radius wrote:


I did not see this one hit the list.

No chap logins are working since the 1.0.4 installation

Here is what is showing when I run radius -x

This is only happening with those that are logging in through our 
wholesale service.


Anyone logs in locally with the realm does fine.

Some log errors. It's not accepting chap log ins. Any help where to look.

rlm_unix: Attribute "User-Password" is required for authentication.  
Cannot use "CHAP-Password".
Login incorrect: [rniclh/] (from client usa1 port 228 
cli 5208778389)
rad_recv: Access-Request packet from host 216.127.146.29:52982, id=50, 
length=213

 User-Name = "[EMAIL PROTECTED]"
>>>>CHAP-Password = 0x014d582cee62362d9063da8b99c2f83c94
Why is it coming through like this?

 NAS-IP-Address = 63.215.26.191
 NAS-Port = 228
 Service-Type = Framed-User
 Framed-Protocol = PPP
 Ascend-Data-Rate = 31200
 Ascend-Calling-Id-Type-Of-Num = Unknown
 Ascend-Calling-Id-Number-Plan = Unknown
 Ascend-Xmit-Rate = 46667
 Called-Station-Id = "5208294055"
 Calling-Station-Id = "5208778389"
 NAS-Identifier = "nas8.tcs1.Level3.net"
 Acct-Session-Id = "436987031"
 NAS-Port-Type = Async
 Ascend-NAS-Port-Format = 2_4_5_5
 Attr-102 = 0x6c33
rlm_chap: Setting 'Auth-Type := CHAP'

>>>>> Warning:  Found 2 auth-types on request for user 'rniclh'

But when I do it from another system and radtest it seems to work.

rad_recv: Access-Request packet from host 64.240.77.3:33574, id=228, 
length=73

 User-Name = "[EMAIL PROTECTED]"
 User-Password = "deleted"
 NAS-IP-Address = 255.255.255.255
 NAS-Port = 500
rlm_sql (sql): Reserving sql socket id: 4

- List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html





- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Freeradius 1.0.4 Update - No Chap logins

[Radius]

I did not see this one hit the list.

No chap logins are working since the 1.0.4 installation

Here is what is showing when I run radius -x

This is only happening with those that are logging in through our 
wholesale service.


Anyone logs in locally with the realm does fine.

Some log errors. It's not accepting chap log ins. Any help where to look.

rlm_unix: Attribute "User-Password" is required for authentication.  
Cannot use "CHAP-Password".
Login incorrect: [rniclh/] (from client usa1 port 228 cli 
5208778389)
rad_recv: Access-Request packet from host 216.127.146.29:52982, id=50, 
length=213

 User-Name = "[EMAIL PROTECTED]"
>>>>CHAP-Password = 0x014d582cee62362d9063da8b99c2f83c94
Why is it coming through like this?

 NAS-IP-Address = 63.215.26.191
 NAS-Port = 228
 Service-Type = Framed-User
 Framed-Protocol = PPP
 Ascend-Data-Rate = 31200
 Ascend-Calling-Id-Type-Of-Num = Unknown
 Ascend-Calling-Id-Number-Plan = Unknown
 Ascend-Xmit-Rate = 46667
 Called-Station-Id = "5208294055"
 Calling-Station-Id = "5208778389"
 NAS-Identifier = "nas8.tcs1.Level3.net"
 Acct-Session-Id = "436987031"
 NAS-Port-Type = Async
 Ascend-NAS-Port-Format = 2_4_5_5
 Attr-102 = 0x6c33
rlm_chap: Setting 'Auth-Type := CHAP'

>>>>> Warning:  Found 2 auth-types on request for user 'rniclh'

But when I do it from another system and radtest it seems to work.

rad_recv: Access-Request packet from host 64.240.77.3:33574, id=228, 
length=73

 User-Name = "[EMAIL PROTECTED]"
 User-Password = "deleted"
 NAS-IP-Address = 255.255.255.255
 NAS-Port = 500
rlm_sql (sql): Reserving sql socket id: 4

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Freeradius 1.0.4 Update - No Chap logins

[Radius]

I have just found out no chap logins are working since the update to 1.0.4

Here is what they are showing in the radius -x

This is only happening with those that are logging in through our 
wholesale service.


Anyone logs in locally with the realm does fine.


Some log errors

>>>>Warning:  Found 2 auth-types on request for user 'rniclh'
Any idea what this is about?
I seem to be getting this on most of the logins. Even the ones that work.

rlm_unix: Attribute "User-Password" is required for authentication.  
Cannot use "CHAP-Password".
Login incorrect: [rniclh/] (from client usa1 port 228 cli 
5208778389)
rad_recv: Access-Request packet from host 216.127.146.29:52982, id=50, 
length=213

  User-Name = "[EMAIL PROTECTED]"
>>>>CHAP-Password = 0x014d582cee62362d9063da8b99c2f83c94
Why is it coming through like this?

  NAS-IP-Address = 63.215.26.191
  NAS-Port = 228
  Service-Type = Framed-User
  Framed-Protocol = PPP
  Ascend-Data-Rate = 31200
  Ascend-Calling-Id-Type-Of-Num = Unknown
  Ascend-Calling-Id-Number-Plan = Unknown
  Ascend-Xmit-Rate = 46667
  Called-Station-Id = "5208294055"
  Calling-Station-Id = "5208778389"
  NAS-Identifier = "nas8.tcs1.Level3.net"
  Acct-Session-Id = "436987031"
  NAS-Port-Type = Async
  Ascend-NAS-Port-Format = 2_4_5_5
  Attr-102 = 0x6c33
rlm_chap: Setting 'Auth-Type := CHAP'

>>>>> Warning:  Found 2 auth-types on request for user 'rniclh'

But when I do it from another system and radtest it seems to work.

rad_recv: Access-Request packet from host 64.240.77.3:33574, id=228, 
length=73

  User-Name = "[EMAIL PROTECTED]"
  User-Password = "deleted"
  NAS-IP-Address = 255.255.255.255
  NAS-Port = 500
rlm_sql (sql): Reserving sql socket id: 4

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius 1.0.4 ldap compilation

[Marc-Henri Boisis-Delavaud]

Alan DeKok wrote:

  Marc-Henri Boisis-delavaud <[EMAIL PROTECTED]> wrote:
  
  
/opt/freeradius/distrib.freeradius-1.0.4/src/modules/rlm_ldap/ 
rlm_ldap.c:2181: undefined reference to `ldap_unbind_s'

  
  
  Hmm... it looks like your version of OpenLDAP doesn't have the
functions needed by FreeRADIUS.  Or, the LDAP libraries aren't being
found at compile-time.

  Alan DeKok.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
  

And what is the version of openldap recomended by freeradius ?


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius 1.0.4 ldap compilation

[Alan DeKok]

Marc-Henri Boisis-delavaud <[EMAIL PROTECTED]> wrote:
> /opt/freeradius/distrib.freeradius-1.0.4/src/modules/rlm_ldap/ 
> rlm_ldap.c:2181: undefined reference to `ldap_unbind_s'

  Hmm... it looks like your version of OpenLDAP doesn't have the
functions needed by FreeRADIUS.  Or, the LDAP libraries aren't being
found at compile-time.

  Alan DeKok.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Unable to install FreeRadius 1.0.4 [HELP PLEASE]

[Alan DeKok]

TeemX <[EMAIL PROTECTED]> wrote:
> I am having problem on installing my FreeRadius Server Version 1.0.4.
> I am running at Linux RedHat 9.
> Errors message as below:
> gmake[10]: *** [sql_mysql.o] error 1
> gmake[10]: leaving directory 
> '/root/freeradius-1.0.4/src/modules/rim_sql/drivers/rlm_sql_mysql'

  In which, you have carefully removed all *meaningful* error messages.

  If you don't know what the problem is, you don't know enough to
delete "unnecessary" error messages.

  Alan DeKok.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

freeradius 1.0.4 ldap compilation

[Marc-Henri Boisis-delavaud]

This is my command to install freeradius from source on Suseinstallation de BerkeleyDB  4.3.28 NCcd build_unix    ../dist/configure --prefix=/opt/db --enable-static --disable-sharedmake PREFIX=/opt/db install                                       installation de openLDAP 2.2.26LD_LIBRARY_PATH=/opt/db/libexport LD_LIBRARY_PATHCPPFLAGS=-I/opt/db/includeexport CPPFLAGSLDFLAGS=-L/opt/db/libexport LDFLAGSLIBS="-lresolv"export LIBS ./configure --prefix=/opt/openldap --enable-static --disable-shared --enable-syslog --with-threads --enable-bdbmake depend make make installInstallation de freeradius 1.0.4 ./configure --disable-shared --enable-static --prefix=/opt/freeradius/radiusALL --with-rlm-ldap-lib-dir=/opt/openldap/lib --with-rlm-ldap-include-dir=/opt/openldap/include makebut here I have a problem this is an extract../modules/rlm_ldap/.libs/rlm_ldap.a(rlm_ldap.o)(.text+0x140): In function `ldap_detach':/opt/freeradius/distrib.freeradius-1.0.4/src/modules/rlm_ldap/rlm_ldap.c:2181: undefined reference to `ldap_unbind_s'../modules/rlm_ldap/.libs/rlm_ldap.a(rlm_ldap.o)(.text+0x368): In function `ldap_connect':/opt/freeradius/distrib.freeradius-1.0.4/src/modules/rlm_ldap/rlm_ldap.c:1922: undefined reference to `ldap_initialize'../modules/rlm_ldap/.libs/rlm_ldap.a(rlm_ldap.o)(.text+0x388):/opt/freeradius/distrib.freeradius-1.0.4/src/modules/rlm_ldap/rlm_ldap.c:1937: undefined reference to `ldap_set_option'../modules/rlm_ldap/.libs/rlm_ldap.a(rlm_ldap.o)(.text+0x3a3):/opt/freeradius/distrib.freeradius-1.0.4/src/modules/rlm_ldap/rlm_ldap.c:1940: undefined reference to `ldap_set_option'../modules/rlm_ldap/.libs/rlm_ldap.a(rlm_ldap.o)(.text+0x3d7):/opt/freeradius/distrib.freeradius-1.0.4/src/modules/rlm_ldap/rlm_ldap.c:1947: undefined reference to `ldap_set_option'../modules/rlm_ldap/.libs/rlm_ldap.a(rlm_ldap.o)(.text+0x407):/opt/freeradius/distrib.freeradius-1.0.4/src/modules/rlm_ldap/rlm_ldap.c:1953: undefined reference to `ldap_set_option'Have you an idea ?  - 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Unable to install FreeRadius 1.0.4 [HELP PLEASE]

[Marcin Jessa]

Hi.

This error says very little. 
You need to paste in what happens just before that and check the config.log

On Mon, 4 Jul 2005 09:34:15 -0700
TeemX <[EMAIL PROTECTED]> wrote:

> Hi Guys & Gals,
> 
> I am having problem on installing my FreeRadius Server Version 1.0.4.
> I am running at Linux RedHat 9.
> Errors message as below:
> gmake[10]: *** [sql_mysql.o] error 1
> gmake[10]: leaving directory 
> '/root/freeradius-1.0.4/src/modules/rim_sql/drivers/rlm_sql_mysql'
> 
> all the way down to 
> 
> gmake[1]: *** [common] Error 1
> gmake[1]: Leaving director '/root/freeradius-1.0.4'
> make: *** [all] Error 2
> 
> Could anyone help me on this, I am totally new to FreeRadius.
> 
> Thanks.
> Jackie
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Unable to install FreeRadius 1.0.4 [HELP PLEASE]

[Ross Tsolakidis]

 I think you need the mysql-dev libraries/packages.


Regards,
--
Ross

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
TeemX
Sent: Tuesday, 5 July 2005 2:34 AM
To: freeradius-users@lists.freeradius.org
Subject: Unable to install FreeRadius 1.0.4 [HELP PLEASE]

Hi Guys & Gals,

I am having problem on installing my FreeRadius Server Version 1.0.4.
I am running at Linux RedHat 9.
Errors message as below:
gmake[10]: *** [sql_mysql.o] error 1
gmake[10]: leaving directory
'/root/freeradius-1.0.4/src/modules/rim_sql/drivers/rlm_sql_mysql'

all the way down to 

gmake[1]: *** [common] Error 1
gmake[1]: Leaving director '/root/freeradius-1.0.4'
make: *** [all] Error 2

Could anyone help me on this, I am totally new to FreeRadius.

Thanks.
Jackie

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Unable to install FreeRadius 1.0.4 [HELP PLEASE]

[TeemX]

Hi Guys & Gals,

I am having problem on installing my FreeRadius Server Version 1.0.4.
I am running at Linux RedHat 9.
Errors message as below:
gmake[10]: *** [sql_mysql.o] error 1
gmake[10]: leaving directory 
'/root/freeradius-1.0.4/src/modules/rim_sql/drivers/rlm_sql_mysql'

all the way down to 

gmake[1]: *** [common] Error 1
gmake[1]: Leaving director '/root/freeradius-1.0.4'
make: *** [all] Error 2

Could anyone help me on this, I am totally new to FreeRadius.

Thanks.
Jackie

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

external script goes in state in 1.0.4

[rashad]

This problem persists in ver 1.0.4 too.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Help: Installation of FreeRadius 1.0.4 on Solaris 10

[Jan Lühr]

Greetings,

Am Sonntag, 26. Juni 2005 03:12 schrieb Jaspreet Brar:
> /freeradius-1.0.4# make

> make: make not found *

Install make (gnumake) from the gnutools (cd / package or whatever it's called 
now) and make sure it is executed by calling make (perhaps you have to to 
link make -> gmake)

Keep smiling
yanosz
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Help: Installation of FreeRadius 1.0.4 on Solaris 10

[Jaspreet Brar]

Hi All,

I would really appriciate, if you would kindly help me
out.
 
I'm trying to install FreeRadius-1.0.4(downloaded from
freeradius.org) on Solaris OS 10 (SPARC) as below:

 
 
 /freeradius-1.0.4# ./configure
 /freeradius-1.0.4# make
 /freeradius-1.0.4# make install
 
 
But I'm getting errors while installing it. 

/freeradius-1.0.4# ./configure
...
...
config.h is unchanged*



/freeradius-1.0.4# make
make: make not found *



Please suggest me how to install it properly.

Below is what i captured in configure.log file 


This file contains any messages produced by compilers
while
running configure, to aid debugging if configure makes
a mistake.

configure:748: checking for gcc
configure:861: checking whether the C compiler (gcc  )
works
configure:877: gcc -o conftestconftest.c  1>&5
configure:903: checking whether the C compiler (gcc  )
is a 
cross-compiler
configure:908: checking whether we are using GNU C
configure:917: gcc -E conftest.c
configure:936: checking whether gcc accepts -g
configure:969: checking how to run the C preprocessor
configure:990: gcc -E  conftest.c >/dev/null
2>conftest.out
configure:1049: checking for AIX
configure:1075: checking whether gcc needs
-traditional
configure:1121: checking whether we are using SUNPro C
configure:1130: gcc -E conftest.c
configure:1141: checking for ranlib
configure:1176: checking whether byte ordering is
bigendian
configure:1194: gcc -c -g -O2  conftest.c 1>&5
configure: In function `main':
configure:1189: error: `bogus' undeclared (first use
in this function)
configure:1189: error: (Each undeclared identifier is
reported only 
once
configure:1189: error: for each function it appears
in.)
configure:1189: error: syntax error before "endian"
configure: failed program was:
#line 1183 "configure"
#include "confdefs.h"
#include 
#include 
int main() {

#if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN
 bogus endian macros
#endif
; return 0; }
configure:1242: gcc -o conftest -g -O2   conftest.c 
1>&5
configure: failed program was:
#line 1229 "configure"
#include "confdefs.h"
main () {
  /* Are we little or big endian?  From
Harbison&Steele.  */
  union
  {
long l;
char c[sizeof (long)];
  } u;
  u.l = 1;
  exit (u.c[sizeof (long) - 1] == 1);
}
configure:1269: checking for gmake
configure:1337: checking for gmake
configure:1420: checking for lt_dlinit in -lltdl
configure:1439: gcc -o conftest -g -O2   conftest.c
-lltdl   1>&5
ld: fatal: library -lltdl: not found
ld: fatal: File processing errors. No output written
to conftest
collect2: ld returned 1 exit status
configure: failed program was:
#line 1428 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an
error.  */
/* We use char because int might match the return type
of a gcc2
builtin and then its argument prototype would
still apply.  */
char lt_dlinit();

int main() {
lt_dlinit()
; return 0; }
configure:1544: checking for Cygwin environment
configure:1560: gcc -c -g -O2  conftest.c 1>&5
configure: In function `main':
configure:1556: error: `__CYGWIN32__' undeclared
(first use in this 
function)
configure:1556: error: (Each undeclared identifier is
reported only 
once
configure:1556: error: for each function it appears
in.)
configure: failed program was:
#line 1549 "configure"
#include "confdefs.h"

int main() {

#ifndef __CYGWIN__
#define __CYGWIN__ __CYGWIN32__
#endif
return __CYGWIN__;
; return 0; }
configure:1577: checking for mingw32 environment
configure:1589: gcc -c -g -O2  conftest.c 1>&5
configure: In function `main':
configure:1585: error: `__MINGW32__' undeclared (first
use in this 
function)
configure:1585: error: (Each undeclared identifier is
reported only 
once
configure:1585: error: for each function it appears
in.)
configure: failed program was:
#line 1582 "configure"
#include "confdefs.h"

int main() {
return __MINGW32__;
; return 0; }
configure:1681: checking host system type
configure:1702: checking build system type
configure:1731: checking for ld used by GCC
configure:1799: checking if the linker
(/usr/ccs/bin/ld) is GNU ld
configure:1816: checking for /usr/ccs/bin/ld option to
reload object 
files
configure:1828: checking for BSD-compatible nm
configure:1866: checking whether ln -s works
configure:1887: checking how to recognise dependant
libraries
configure:2070: checking for object suffix
configure:2076: gcc -c -g -O2  conftest.c 1>&5
configure:2096: checking for executable suffix
configure:2106: gcc -o conftest -g -O2   conftest.c 
1>&5
configure:2137: checking command to parse
/usr/ccs/bin/nm -p output
configure:2217: gcc -c -g -O2  conftest.c 1>&5
configure:2220: /usr/ccs/bin/nm -p conftest.o | sed -n
-e 's/^.*[ 
]\([BDT][BDT]*\)[ ][
]*\(\)\([_A-Za-z][_A-Za-z0-9]*\)$/\1 \2\3 \3/p' > 
confte

Re: Help: Installation of FreeRadius 1.0.4 on Solaris 10

[Michael Mitchell]

 #make
 
 I get the following error:
 
 ***Error Code 2

 The following command caused the error:
 /usr/sfw/bin/gmake WHAT_TO_MAKE=all common
 make: Fatal error: Command failed for target 'all'
 


You'll need to supply a bit more information, like where the error 
actually occurred...


Mike

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Help: Installation of FreeRadius 1.0.4 on Solaris 10

[Jaspreet Brar]

Hi All,

I would really appriciate, if you would kindly help me
out.
 
I'm trying to install FreeRadius-1.0.4(downloaded from
freeradius.org) on Solaris OS 10 (SPARC) as below:
 
 
 /usr/local/src/freeradius-1.0.4# ./configure
 /usr/local/src/freeradius-1.0.4# make
 /usr/local/src/freeradius-1.0.4# make install
 
 
 But I'm getting errors while installing it:

 #./configure
 
 No error while running configure.
 
 
 #make
 
 I get the following error:
 
 ***Error Code 2
 The following command caused the error:
 /usr/sfw/bin/gmake WHAT_TO_MAKE=all common
 make: Fatal error: Command failed for target 'all'
 
 
 #make install
 
 ***Error Code 2
 The following command caused the error:
 /usr/sfw/bin/gmake WHAT_TO_MAKE=install common
 make: Fatal error: Command failed for target
'install'
  
 
Thanks,
Jas



 
Yahoo! Sports 
Rekindle the Rivalries. Sign up for Fantasy Football 
http://football.fantasysports.yahoo.com
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Version 1.0.4 Upgrading

[Abdul Lateef]

Hello,

Thanx guys for good advise, Now i will start to
upgrade from 1.0.2 to 1.0.4.

Thank You
Abdul Lateef
Tel : 974-5405022
YM! abdul_zu



 
Yahoo! Sports 
Rekindle the Rivalries. Sign up for Fantasy Football 
http://football.fantasysports.yahoo.com
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Version 1.0.4 Upgrading

[Alan DeKok]

=?ISO-8859-1?Q?Carlos_Mart=EDnez-Troncoso_Cera?= <[EMAIL PROTECTED]> wrote:
> I just upgrade in Red Hat Enterprise 3.0 from 1.0.2 to 1.0.4 without 
> problems, my conf files didn´t change.

  That is *very* intentional, and as you've seen, a Good Thing.

  I *hate* packages that mess with configuration files when they
install.  It makes it that much harder to get the new package running.

  And for upgrading 1.0.2 to 1.0.4, the configuration files will work
unchanged, so there is *no* reason to over-write them.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Version 1.0.4 Upgrading

[Carlos Martínez-Troncoso Cera]

I just upgrade in Red Hat Enterprise 3.0 from 1.0.2 to 1.0.4 without 
problems, my conf files didn´t change. I suggest you to make a copy from 
/etc/raddb to avoid problems.

Reggards,

Carlos Martínez-Troncoso Cera
Coordinador de Servicios Internet/Intranet
Universidad del Norte
Barranquilla, Colombia
Tel: 57 5 3509367



Abdul Lateef wrote:


Hello,

Currently i am using i have 1.0.2 version running on
my linux box.

I made plan to upgrade it with the letest  Version
1.0.4.

I have a small question about the 1.0.2 configuration
files. How i should upgrade it. Is configuration files
will be also upgraded or it will be not effected?

Thnak You

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Compilation errors in 1.0.4

[Nicolas Baradakis]

Oleg M. Golovanov wrote:

> gcc  -g -O2 -pthread -D_THREAD_SAFE -DOPENSSL_NO_KRB5   -Wall 
> -D_GNU_SOURCE -DNDEBUG  -I../../include  -c rlm_counter.c -o rlm_counter.o
> rlm_counter.c:38: gdbm.h: No such file or directory

It looks like the compiler didn't find the libgdbm headers on your
system. Did you install these headers? Depending on the distribution,
you need to install a package named gdbm-devel, libgdbm-dev, or
something like that.

-- 
Nicolas Baradakis
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Version 1.0.4 Upgrading

[Abdul Lateef]

Hello,

Currently i am using i have 1.0.2 version running on
my linux box.

I made plan to upgrade it with the letest  Version
1.0.4.

I have a small question about the 1.0.2 configuration
files. How i should upgrade it. Is configuration files
will be also upgraded or it will be not effected?

Thnak You

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Compilation errors in 1.0.4

[Oleg M. Golovanov]

I fixed the shown error but got the following.
I set CPPFLAGS in my configure script as follows
--
CPPFLAGS="-I/usr/local/include -I/usr/local/pgsql/include" 
LDFLAGS="-L/usr/local/lib -L/usr/local/pgsql/lib" ./configure 
--prefix=/usr/local/freeradius --with-raddbdir=/usr/local/freeradius/etc 
--with-logdir=/var/log/radius --with-radacctdir=/var/log/radacct 
--without-rlm-krb5 --without-rlm-sql-mysql --without-rlm-sql-oracle 
--with-iodbc-lib-dir=/usr/local/lib --without-rlm-sql-unixodbc 
--with-rlm-counter-include-dir=/usr/local/include 2>&1 > sci-freeradius.log

--
But it don't help to solve it.
--
gcc  -g -O2 -pthread -D_THREAD_SAFE -DOPENSSL_NO_KRB5   -Wall 
-D_GNU_SOURCE -DNDEBUG  -I../../include  -c rlm_counter.c -o rlm_counter.o

rlm_counter.c:38: gdbm.h: No such file or directory
gmake[5]: *** [rlm_counter.o] Error 1
gmake[5]: Leaving directory 
`/usr/home/olmi/com/freeradius-1.0.4/src/modules/rlm_counter'

gmake[4]: *** [common] Error 2
gmake[4]: Leaving directory 
`/usr/home/olmi/com/freeradius-1.0.4/src/modules'

gmake[3]: *** [all] Error 2
gmake[3]: Leaving directory 
`/usr/home/olmi/com/freeradius-1.0.4/src/modules'

gmake[2]: *** [common] Error 2
gmake[2]: Leaving directory `/usr/home/olmi/com/freeradius-1.0.4/src'
gmake[1]: *** [all] Error 2
gmake[1]: Leaving directory `/usr/home/olmi/com/freeradius-1.0.4/src'
gmake: *** [common] Error 2
*** Error code 2

Stop in /usr/home/olmi/com/freeradius-1.0.4
--

Respectively,

Oleg Golovanov
Krasnoyarsk city
Russia
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS 1.0.4 has been released.

[Mario Alberto Cruz Gartner]

OK! That solves the problem!
I'd compiled succesfully freeradius-1.0.4 on a FB 4.11 machine with
the indicated diff.

Thks a lot for the colaboration Andrew!

On 6/20/05, Andrew Thompson <[EMAIL PROTECTED]> wrote:
> On Mon, Jun 20, 2005 at 11:22:14AM -0400, Alan DeKok wrote:
> > Andrew Thompson <[EMAIL PROTECTED]> wrote:
> > > Are you using the port becuase that problem has been fixed. If not then
> > > you will want the patch in:
> > >
> > > net/freeradius/files/patch-src-modules-rlm_attr_rewrite-rlm_attr_rewrite.c
> >
> >   Is it something which can get pulled into FreeRADIUS?
> >
> 
> This problem only applies to FreeBSD 4.x and not the newer releases
> (>5.0). It requires  to be included before .
> 
> --- src/modules/rlm_attr_rewrite/rlm_attr_rewrite.c.origSat Jun 18 
> 14:29:43 2005
> +++ src/modules/rlm_attr_rewrite/rlm_attr_rewrite.c Sat Jun 18 14:31:48 
> 2005
> @@ -27,6 +27,7 @@
>  #include 
>  #include 
>  #include 
> +#include 
>  #ifdef HAVE_REGEX_H
>  #  include 
>  #endif
> 
> 
> Previously this was being pulled in from libradius.h, but that was
> removed 7 weeks ago. I am happy to keep this as a local patch as it is
> only a quirk of 4.x and the port properly patches it.
> 
> 
> Andrew
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS 1.0.4 has been released.

[Andrew Thompson]

On Mon, Jun 20, 2005 at 11:22:14AM -0400, Alan DeKok wrote:
> Andrew Thompson <[EMAIL PROTECTED]> wrote:
> > Are you using the port becuase that problem has been fixed. If not then
> > you will want the patch in:
> > 
> > net/freeradius/files/patch-src-modules-rlm_attr_rewrite-rlm_attr_rewrite.c
> 
>   Is it something which can get pulled into FreeRADIUS?
> 

This problem only applies to FreeBSD 4.x and not the newer releases
(>5.0). It requires  to be included before .

--- src/modules/rlm_attr_rewrite/rlm_attr_rewrite.c.origSat Jun 18 
14:29:43 2005
+++ src/modules/rlm_attr_rewrite/rlm_attr_rewrite.c Sat Jun 18 14:31:48 2005
@@ -27,6 +27,7 @@
 #include 
 #include 
 #include 
+#include 
 #ifdef HAVE_REGEX_H
 #  include 
 #endif


Previously this was being pulled in from libradius.h, but that was
removed 7 weeks ago. I am happy to keep this as a local patch as it is
only a quirk of 4.x and the port properly patches it.


Andrew
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS 1.0.4 has been released.

[Alan DeKok]

Andrew Thompson <[EMAIL PROTECTED]> wrote:
> Are you using the port becuase that problem has been fixed. If not then
> you will want the patch in:
> 
> net/freeradius/files/patch-src-modules-rlm_attr_rewrite-rlm_attr_rewrite.c

  Is it something which can get pulled into FreeRADIUS?

  Alan DeKok.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS 1.0.4 has been released.

[Rohaizam Abu Bakar]

not using ports...  I'll try the patch.. thanks..

--haizam

- Original Message - 
From: "Andrew Thompson" <[EMAIL PROTECTED]>

To: "FreeRadius users mailing list" 
Sent: Monday, June 20, 2005 11:30
Subject: Re: FreeRADIUS 1.0.4 has been released.



On Mon, Jun 20, 2005 at 11:20:19AM +0800, Rohaizam Abu Bakar wrote:
What is the function of rlm_attr_rewrite?? Becoz I'm havng the same 
problem

compiling 1.0.3/1.0.4 on my FB 4.11 machine..



Are you using the port becuase that problem has been fixed. If not then
you will want the patch in:

net/freeradius/files/patch-src-modules-rlm_attr_rewrite-rlm_attr_rewrite.c


Andrew
-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html





- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS 1.0.4 has been released.

[Andrew Thompson]

On Mon, Jun 20, 2005 at 11:20:19AM +0800, Rohaizam Abu Bakar wrote:
> What is the function of rlm_attr_rewrite?? Becoz I'm havng the same problem 
> compiling 1.0.3/1.0.4 on my FB 4.11 machine..
> 

Are you using the port becuase that problem has been fixed. If not then
you will want the patch in:

net/freeradius/files/patch-src-modules-rlm_attr_rewrite-rlm_attr_rewrite.c


Andrew
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS 1.0.4 has been released.

[Rohaizam Abu Bakar]

What is the function of rlm_attr_rewrite?? Becoz I'm havng the same problem 
compiling 1.0.3/1.0.4 on my FB 4.11 machine..


--haizam

- Original Message - 
From: "Alan DeKok" <[EMAIL PROTECTED]>

To: "FreeRadius users mailing list" 
Sent: Saturday, June 18, 2005 09:09
Subject: Re: FreeRADIUS 1.0.4 has been released.



"Stephen D. Bechard" <[EMAIL PROTECTED]> wrote:

I am still having diffuculty building the freeradius on all
of my FreeBSD Servers with the ports collection.


 Ok...


I know there was a bug in the older versions with shared libraries,
but I was hoping this version fixed it. Any insight would be greatly
appreciated...


 I don't recall specific problems with shared libraries.  Can you be
more specific?


Here are the errors I get when trying to build the port:

In file included from rlm_attr_rewrite.c:31:
/usr/include/regex.h:46: syntax error before `regoff_t'


 That has nothing to do with shared libraries.

 It looks like the regular expression header files on your system are
broken.  'regoff_t' is defined in regex.h on every other system.

 If you're not going to use rlm_attr_rewrite, just delete the
directory.

 I would have hoped that the FreeBSD ports maintainer verified that
the port worked before committing it to FreeBSD.  If so, ask the port
maintainer why it doesn't work on your system.  I don't run FreeBSD,
so I can't help you.

 Alan DeKok.

-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html





- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS 1.0.4 has been released.

[Stephen D. Bechard]

It appears that did the trick!

Thank you for your prompt attention to this matter.
It is greatly appreciated!

Enjoy,
Steve

- Original Message - 
From: "Andrew Thompson" <[EMAIL PROTECTED]>
To: "FreeRadius users mailing list" 
Sent: Friday, June 17, 2005 10:56 PM
Subject: Re: FreeRADIUS 1.0.4 has been released.


> On Fri, Jun 17, 2005 at 08:38:10PM -0400, Stephen D. Bechard wrote:
> > I am still having diffuculty building the freeradius on all
> > of my FreeBSD Servers with the ports collection.
> >
> > Here are the errors I get when trying to build the port:
> >
> > In file included from rlm_attr_rewrite.c:31:
> > /usr/include/regex.h:46: syntax error before `regoff_t'
> > /usr/include/regex.h:46: warning: type defaults to `int' in declaration
of
> > `regoff_t'
>
> This has been fixed Steve, please cvsup and try again. Sorry for the
> breakage.
>
>
> cheers,
>
> Andrew
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
>

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html