Re: Need help authenticating local users on Apple server

2011-08-18 Thread Raymond Norton 



Since it's not marked as stable, it's not built by default. Try
rebuilding it, but this time using

./configure --with-experimental-modules | tee configure.log

... then look at configure.log, see what it says about rlm_opendirectory.

   


Thanks. I now have the opendirectory module working.

I am getting the following error now with radtest:

[opendirectory] The host 127.0.0.1 does not have an access group.
[opendirectory] no access control groups, all users allowed.
[opendirectory] Setting Auth-Type = opendirectory
++[opendirectory] returns ok
ERROR: No authenticate method (Auth-Type) found for the request: 
Rejecting the user


I was instructed to remove information under authentication, so not sure 
how to satisfy this error message.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Need help authenticating local users on Apple server

2011-08-18 Thread Fajar A. Nugraha 
On Thu, Aug 18, 2011 at 10:50 PM, Raymond Norton ad...@lctn.org wrote:

 Since it's not marked as stable, it's not built by default. Try
 rebuilding it, but this time using

 ./configure --with-experimental-modules | tee configure.log

 ... then look at configure.log, see what it says about rlm_opendirectory.



 Thanks. I now have the opendirectory module working.

 I am getting the following error now with radtest:

 [opendirectory] The host 127.0.0.1 does not have an access group.
 [opendirectory] no access control groups, all users allowed.
 [opendirectory] Setting Auth-Type = opendirectory
 ++[opendirectory] returns ok
 ERROR: No authenticate method (Auth-Type) found for the request: Rejecting
 the user

 I was instructed to remove information under authentication, so not sure how
 to satisfy this error message.

It doesn't hurt to try adding it again :)
I'm pretty sure it needs to be in both:
http://lists.cistron.nl/pipermail/freeradius-users/2011-July/msg00447.html

Your previous error might be because opendirectory module was not
available at that time.

-- 
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Need help authenticating local users on Apple server

2011-08-18 Thread Raymond Norton 



It doesn't hurt to try adding it again :)
I'm pretty sure it needs to be in both:
http://lists.cistron.nl/pipermail/freeradius-users/2011-July/msg00447.html


   


Yes, that worked. I am now able to authenticate local users with radtest.

Thanks
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Need help authenticating local users on Apple server

2011-08-16 Thread Raymond Norton 



   And then list it in the authorize section.




What is the proper syntax for adding the opendirectory module? I am 
getting errors when attempting to start radius:


/usr/local/etc/raddb/sites-enabled/inner-tunnel[195]: Entry is not a 
reference to a module
/usr/local/etc/raddb/sites-enabled/inner-tunnel[189]: Errors parsing 
authenticate section.



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Need help authenticating local users on Apple server

2011-08-16 Thread Johan Meiring 

On 2011/08/16 10:39 PM, Raymond Norton wrote:



And then list it in the authorize section.




What is the proper syntax for adding the opendirectory module? I am getting
errors when attempting to start radius:

/usr/local/etc/raddb/sites-enabled/inner-tunnel[195]: Entry is not a
reference to a module
/usr/local/etc/raddb/sites-enabled/inner-tunnel[189]: Errors parsing
authenticate section.



Read again.

list it in the authorize section
not the authenticate section

--


Johan Meiring
Cape PC Services CC
Tel: (021) 883-8271
Fax: (021) 886-7782


Before acting on this email or opening any attachments
you should read Cape PC Service's email disclaimer at:

http://www.pcservices.co.za/disclaimer.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Need help authenticating local users on Apple server

2011-08-16 Thread Raymond Norton 




Read again.

list it in the authorize section
not the authenticate section



My mistake. I thought the word And meant do both, based on my question.


Removed from authenticate and listed opendirectory under authorize 
of inner tunnel.


I now get the following error:

/usr/local/etc/raddb/modules/opendirectory[11]: Failed to link to module 
'rlm_opendirectory': dlopen(rlm_opendirectory.so, 9): image not found
/usr/local/etc/raddb/sites-enabled/default[150]: Failed to load module 
opendirectory.
/usr/local/etc/raddb/sites-enabled/default[62]: Errors parsing authorize 
section

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Need help authenticating local users on Apple server

2011-08-16 Thread Alan DeKok 
Raymond Norton wrote:
 What is the proper syntax for adding the opendirectory module?

$ man unlang

  Or, read the dozens of examples in the configuration file you edited.

 I am
 getting errors when attempting to start radius:
 
 /usr/local/etc/raddb/sites-enabled/inner-tunnel[195]: Entry is not a
 reference to a module
 /usr/local/etc/raddb/sites-enabled/inner-tunnel[189]: Errors parsing
 authenticate section.

  OK... you made a change to the file which created that error.  Is it a
secret?  Or did you think we could guess what you did wrong?

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Need help authenticating local users on Apple server

2011-08-16 Thread Raymond Norton 



   OK... you made a change to the file which created that error.  Is it a
secret?  Or did you think we could guess what you did wrong?


   


Johan informed me I misunderstood your original instructions and I was 
not to put anything under Authenticate of the inner-tunnel. I removed 
what I had there. My entry under Authorize is only this:


authorize {
opendirectory
#



And this is the error I now get with radiusd _X:


 Module: Checking authenticate {...} for more modules to load
 Module: Checking authorize {...} for more modules to load
/usr/local/etc/raddb/modules/opendirectory[11]: Failed to link to module 
'rlm_opendirectory': dlopen(rlm_opendirectory.so, 9): image not found
/usr/local/etc/raddb/sites-enabled/inner-tunnel[48]: Failed to load 
module opendirectory.
/usr/local/etc/raddb/sites-enabled/inner-tunnel[47]: Errors parsing 
authorize section.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Need help authenticating local users on Apple server

2011-08-16 Thread Fajar A. Nugraha 
On Wed, Aug 17, 2011 at 7:51 AM, Raymond Norton ad...@lctn.org wrote:
 And this is the error I now get with radiusd _X:


  Module: Checking authenticate {...} for more modules to load
  Module: Checking authorize {...} for more modules to load
 /usr/local/etc/raddb/modules/opendirectory[11]: Failed to link to module
 'rlm_opendirectory': dlopen(rlm_opendirectory.so, 9): image not found

Is your freeradius installation built with opendirectory support?

Since it's not marked as stable, it's not built by default. Try
rebuilding it, but this time using

./configure --with-experimental-modules | tee configure.log

... then look at configure.log, see what it says about rlm_opendirectory.

-- 
Fajar

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Need help authenticating local users on Apple server

2011-08-15 Thread Raymond Norton 
Just installed v 2.1.11 on a mac (OSX 6.3) . Freeradius is working with 
clear text passwords and radtest. According to the wiki, I should be 
able to authenticate local users accounts without changing anything on 
the config. That's the way I understood it anyway.  However, I am 
getting Access-Reject errors when using local credentials. What 
documentation specifically addresses authenticating local users?


Raymond
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Need help authenticating local users on Apple server

2011-08-15 Thread Alan DeKok 
Raymond Norton wrote:
 Just installed v 2.1.11 on a mac (OSX 6.3) . Freeradius is working with
 clear text passwords and radtest. According to the wiki, I should be
 able to authenticate local users accounts without changing anything on
 the config.

  No, it doesn't do that any more.

 That's the way I understood it anyway.  However, I am
 getting Access-Reject errors when using local credentials. What
 documentation specifically addresses authenticating local users?

  On Mac OS X Server, configure the opendirectory module.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Need help authenticating local users on Apple server

2011-08-15 Thread Raymond Norton 



   On Mac OS X Server, configure the opendirectory module.


   


Do you mean just enable the module? The module itself says:

#  This module is only used when the server is running on the same
#  system as OpenDirectory.  The configuration of the module is hard-coded
#  by Apple, and cannot be changed here.
#
#  There are no configuration entries for this module.
#
opendirectory {

}

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Need help authenticating local users on Apple server

2011-08-15 Thread Alan DeKok 
Raymond Norton wrote:
 Do you mean just enable the module? The module itself says:

  And then list it in the authorize section.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html