Re: table contents
The minimum you need is 1 record for each user in the radcheck table. insert into radcheck (username, attribute, op, value) values ('testuser', 'User-Password', ':=', 'testpass'); --Regards, Thor SpruytE: [EMAIL PROTECTED]W: www.thor-spruyt.comM: +32 (0)475 67 22 65 - Original Message - From: listas To: [EMAIL PROTECTED] Sent: Friday, August 20, 2004 3:05 AM Subject: table contents Is there a .sql with some example values to feed radius database? I can´t authenticate on radius using mysql, I'm sure that I have to put something elseon the tables, but I´m a freeradius newbie, so if someone could help... TIA.
Re: PAP not working with ldap
Yes for me it works withe PAP and LDAP. But it doesn't work with MS-CHAP !! i ve the same problem like you but it concerns MS-CHAP !! It' funny no? - Original Message - From: kevin J [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 19, 2004 10:50 PM Subject: Re: PAP not working with ldap kevin J wrote: Alan DeKok wrote: kevin J [EMAIL PROTECTED] wrote: Is it true? So, PAP and some other module can't work with ldap-authorize??? No. CHAP worked but PAP did not work. What configuration should I check? RADIUS did not bring PAP but tried LDAP for authentication. Kevin I am still having this problem. Anybody who had worked for PAP with LDAP? Kevin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: debian packages for download
i commented out the line and removed the dependency entry for debhelper in debian/control, now i got the following error after running dpkg-buildpackage: -8- [snip] Making dynamic in rlm_sql_mysql... make[11]: Entering directory `/root/src/freeradius-1.0.0/src/modules/rlm_sql/drivers/rlm_sql_mysql' /usr/bin/libtool --mode=compile gcc -Wall -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -I../.. -I../../../../include -I'/usr/include/mysql' -c sql_mysql.c rm -f .libs/sql_mysql.lo gcc -Wall -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -I../.. -I../../../../include -I/usr/include/mysql -c sql_mysql.c -fPIC -DPIC -o .libs/sql_mysql.lo gcc -Wall -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -I../.. -I../../../../include -I/usr/include/mysql -c sql_mysql.c -o sql_mysql.o /dev/null 21 mv -f .libs/sql_mysql.lo sql_mysql.lo /usr/bin/libtool --mode=link gcc -release 1.0.0 \ -module -export-dynamic -Wall -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -I../.. -I../../../../include \ -I'/usr/include/mysql' -o rlm_sql_mysql.la -rpath /usr/lib/freeradius sql_mysql.lo -L'/usr/lib' -lmysqlclient -lz -lcrypt -lnsl -lm rm -fr .libs/rlm_sql_mysql.la .libs/rlm_sql_mysql.* .libs/rlm_sql_mysql-1.0.0.* gcc -shared sql_mysql.lo -L/usr/lib /usr/lib/libmysqlclient.so -lz -lcrypt -lnsl -lm -Wl,-soname -Wl,rlm_sql_mysql-1.0.0.so -o .libs/rlm_sql_mysql-1.0.0.so /usr/bin/ld: cannot find -lz collect2: ld returned 1 exit status make[11]: *** [rlm_sql_mysql.la] Error 1 -8- which lib is missing there? btw: i tried to update debhelper, but that led me to many other update demands, even libc should be updated. if i did that would that not prevent the package to run on a normal debian woody system? markus Zitat von Paul Hampson [EMAIL PROTECTED]: On Tue, Aug 17, 2004 at 09:24:58AM +0200, Michael Markstaller wrote: I have some freeradius (0.9.3 to 1.0.0-pre3) using MySQL running fine on woody (but without running ldap eap, AFAIK there're unmet dependencies). just build the package from the source (one line needs to be commented out, I posted this on 2004-05-11) --- cut --- debian/rules - line 137 dh_installpam --name=radiusd - this prevents buildding on woody as dh_installpam doesn't know the --name parameter --- cut --- You'll also need to remove the version from the debhelper dependancy or force-depends dpkg-buildpackage, since the versioned dependancy is there to make this line work. _Or_ you can install a newer debhelper version onto your Woody box. ^_^ -- Paul TBBle Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Markus Krause email: [EMAIL PROTECTED] Computing CenterTel.: 089 - 89 40 85 99 Group Lottspeich / Proteomics Fax.: 089 - 89 40 85 98 - This message was sent using https://webmail.biochem.mpg.de If you encounter any problems please report to [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Addition of Own Dictionary and use of VSA
Hi, I'm making a Radius Client for my NAS. RADIUS provides Vendor Spesific Attributes (26) in which any one can add his own set of attributes (as explained in RFC 2865). My question is how to let RADIUS know the meaning of my own set of attributes. One way of doing this is to add my own dictionary in the RADIUS, then how to do this. How RADIUS will start using the new dictionary file. How can I get my own Vendor ID. Your reply will be a gr8 help for me. Regards, Makarand Pawagi ([EMAIL PROTECTED]) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: 30Day Limit
Hi Chalie What you said below makes a lot of sense but considering i dont know where to start to get to produce a script like that. Do you have anything which does that if not can you give me some hints. Sarky On Tue, 17 Aug 2004 16:04:27 -0700, Charles J. Boening wrote: That would give a user 30 days total. They could take 6 months to use it right? If you're issuing a scratch type ticket I'm assuming it has a username and password on it. So you should already have those users in your database. If your accounting is working right, you could run a nightly query to see what accounts don't have an expiration and then if those accounts have ever logged in. If they've logged in and don't have an expiration, set the expiration for 30 days from the initial login. Charlie - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FW: FW: Creating Groups
If I may add my two cents worth: I have been struggling for some time now to get going with freeradius because the documentation out there is very hard to come by. IF someone could graciously take the time to document, it would mean less questions and less frustration to those who know AND understand. Thanks though to Alan, Thor and Kenneth who have given time to help me out. Keep up the good work, John Wry On Thursday, August 19, 2004, at 06:00 PM, new2freeradius radius wrote: How can you assume it sounds like you havent read the docs - and if YOU understood the question then why didnt you answer to alleviate Allans time? If people arent willing to pass their understanding on, then your right whats the point!. Lets all go out and buy a more robust, stable authentication device with professional support contracts. Id rather factor this cost into my solution than come up against the mails Ive seen recently Anyone can know -- the point is to understand Albert Einstein From: Cris Boisvert [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: FW: FW: Creating Groups Date: Thu, 19 Aug 2004 17:14:47 -0400 Alan is right!.. This list isn't for paying customers that pay for a support contract (NOTE THE NAME FREE RADIUS) . I been following the whole thread and you must not have read through the documentation.. and because you have not taken the time to read the information that was written for this purpose you are wasting people's time... If you don't understand after you have read it then thats something else... It sounds like you have not read the docs... then have received the appropriate direction and still refuse to learn... Thats unfortunate... Because of this you have wasted Alan's time and taken his information from the rest of the list that has questions .. that have taken the time to read the docs.. Alan... thanx for you hard work.. pay no attention to the unappreciative.. Cris --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.737 / Virus Database: 491 - Release Date: 8/11/2004 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup users
how do i configure portslave ?? I've downloaded it, but pppd is not working with radius On Thursday, August 19, 2004, at 04:40 PM, Amedzekor Kafui wrote: You have to configure your NAS (the machine you are dialing into) to use radius. I think the linux radius client is called Portslave Kafui Amedzekor. --- John Wry [EMAIL PROTECTED] wrote: How do I get my dialup users to use radius. I have radius working with mysql radtest mysqluser mysqlpassowrd localhost 0 testing123 but when I turn radiusd -X on and try to dial in, radius doesn't even kick in and I log in as I did before installing freeradius John - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: table contents
It is uncomment :) I even changed its position (as I saw in an example configuration in the net...) but no advance... On Fri, 2004-08-20 at 11:49, lista wrote: I is uncomment :) On Fri, 2004-08-20 at 10:49, Amedzekor Kafui wrote: uncomment sql in the authorize section of radiusd.conf - -- lista [EMAIL PROTECTED] wrote: well, why can't I authenticate? It seems to have a problem with the Auth-Type. ERROR: Unknown value specified for Auth-Type here are the records in mysql: (the encrypted one was added with freeradius web interface) teste1 User-Password := $1$lUrUQChU$TARPEZEQojso6S9ZlkujF0 teste3 User-Password := 201125 (just to be sure that the problem isn`t the passwd crypt) running radiusd -X and using radtest, I have this: rlm_sql (sql): Released sql socket id: 1 modcall[authorize]: module sql returns ok for request 3 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 3 users: Matched DEFAULT at 152 modcall[authorize]: module files returns ok for request 3 modcall: group authorize returns ok for request 3 rad_check_password: Found Auth-Type System auth: type System ERROR: Unknown value specified for Auth-Type. Cannot perform requested action. auth: Failed to validate the user. Delaying request 3 for 1 seconds Finished request 3 TIA, Joao Reis On Fri, 2004-08-20 at 04:02, Thor Spruyt wrote: The minimum you need is 1 record for each user in the radcheck table. insert into radcheck (username, attribute, op, value) values ('testuser', 'User-Password', ':=', 'testpass'); -- Regards, Thor Spruyt E: [EMAIL PROTECTED] W: www.thor-spruyt.com M: +32 (0)475 67 22 65 - Original Message - From: listas To: [EMAIL PROTECTED] Sent: Friday, August 20, 2004 3:05 AM Subject: table contents Is there a .sql with some example values to feed radius database? I cant authenticate on radius using mysql, I'm sure that I have to put something else on the tables, but Im a freeradius newbie, so if someone could help... TIA. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Do you Yahoo!? Yahoo! Mail Address AutoComplete - You start. We finish. http://promotions.yahoo.com/new_mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius Reply Different for different NAS
Is their a way to have Freeradius reply differently based on what NAS Server sent the request? Yep. Example. [EMAIL PROTECTED] will connect throught our national dialup and get X-Ascend-Data-Filter == ip in forward tcp est, X-Ascend-Data-Filter == ip in forward dstip 1.2.3.4/24, X-Ascend-Data-Filter == ip in drop tcp dstport = 25, X-Ascend-Data-Filter == ip in forward, Then the same user authenticates though our news service from another Nas server and requires only username and pass. Or through our wireless service from another NAS Device that requires a totally different set of values? in huntgroups file group1 NAS-IP-Address == x.x.x.x group2 NAS-IP-Address == y.y.y.y group2 NAS-IP-Address == z.z.z.z in users file DEFAULT Huntgroup-Name = group1 Reply 1 Reply 2 DEFAULT Huntgroup-Name = group2 Different Reply1 Different Reply2 Hope that helps. -Dusty Doris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FW: FW: Creating Groups
(off-list) If people arent willing to pass their understanding on, then your right whats the point!. I think you are missing the point of my response. I responded to the original question. I responded politely, and pointed out what he had done wrong. What he claimed he was trying to do was the opposite of the examples he posted. The example he posted indicated that he hadn't read the FAQ, hadn't read radiusd.conf, and hadn't read the documentation for the users file, which says that == is a COMPARISON, not a CREATION operator. After I pointed out what he had done wrong, he got angry at me, accused me of being rude, and got unnecessarily personal. He wanted ME to do ALL the work of thinking for him, as he was too lazy or too stupid to read the documentation. And to make it worse, he wanted me to kiss his ass during that process. Hell will freeze over before that happens. If his ego is too delicate to handle someone telling him he did something wrong, he can go to hell, too. Lets all go out and buy a more robust, stable authentication device with professional support contracts. Id rather factor this cost into my solution than come up against the mails Ive seen recently I offer professional support contracts, as do others. See the servers web page. As for the list, it's *free* support. If you don't like free support, then pay someone to be nice to you. My conclusion in all of these situations is that the people who don't like honest, free, support are the kind of people who are unwilling to pay for support, and don't, in fact, want their problems solved. They want people to be nice to them, even if it means that their problems won't get solved. I hate it when self-righteous blow-hards tell me how to live my life. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Addition of Own Dictionary and use of VSA
makarand pawagi [EMAIL PROTECTED] wrote: My question is how to let RADIUS know the meaning of my own set of attributes. One way of doing this is to add my own dictionary in the RADIUS, then how to do this. man dictionary How RADIUS will start using the new dictionary file. man dictionary, and read /etc/raddb/dictionary. How can I get my own Vendor ID. http://www.iana.org See Private Enterprise Codes Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Autz-Type not working as expected
Thanks Alan DeKok for pointing out the obvious that the Autz-Type directive is meaningless until the authorize section has had a hit at 'files'. You got me over that hurdle. However, I am now experiencing a problem that I saw Kostas Kalevras and Ron Wahler discussing back in April. I couldn't find their resolution in the archive. As I mentioned earlier, my ultimate goal is use rlm_ldap to authenticate the user without the initial search for the user.You say... Then don't list ldap in the authorize section. Well, now I have... DEFAULT Ldap-UserDN := `cn=%{User-Name},dc=richmond,dc=edu`, Auth-Type = ldap authorize { files } authenticate { Auth-Type ldap { ldap1 } } ...and the whole thing works, except it's still doing the initial bind-and-search... rlm_ldap: (re)connect to localhost:389, authentication 0 rlm_ldap: bind as cn=admin,dc=richmond,dc=edu/xxx to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in dc=richmond,dc=edu, with filter (cn=ccarter) rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: user DN: cn=ccarter,dc=richmond,dc=edu rlm_ldap: (re)connect to localhost:389, authentication 1 rlm_ldap: bind as cn=ccarter,dc=richmond,dc=edu/ to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: user ccarter authenticated succesfully This happens contrary to the last bit of advice in doc//freeradius-1.0.0/rlm_ldap. Any suggestions? Thanks, Coates On Aug 20, 2004, at 2:55 PM, Alan DeKok wrote: Coates Carter [EMAIL PROTECTED] wrote: The Autz-Type directive doesn't seem to behave the way I would expect, based upon what I read in doc/freeradius-1.0.0/Autz-Type . Autz-Type is applied after the authorize section has been processed. In raddb/users... DEFAULT Ldap-UserDN := `uid=%{User-Name},,dc=richmond,dc=edu`, Auth-Type = ldap, Autz-Type = ldap If raddb/radiusd.conf has... ... authorize { Autz-Type ldap { ldap1 } #ldap1 } You haven't listed files, so the users file will never be used, and the Autz-Type will never be set. However if I change raddb/radiusd.conf so that... authorize { #Autz-Type ldap { # ldap1 #} ldap1 } ... Then radiusd flows successfully through authorize and authenticate. Because the ldap module sets Auth-Type := LDAP, if it wasn't already set. Ultimately, I want to prevent rlm_ldap from to doing the initial ldap search for the user, as described in doc/freeradius-1.0.0/rlm_ldap and just move on through to the authentication part--- where rlm_ldap binds as the user. Then don't list ldap in the authorize section. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
any Scripters on here?
Any scripters on here for hire, I want to do a script please contact me offlist at [EMAIL PROTECTED] Thank you Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco VoIP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You may want to look at the EAP - related modules. This is really the purpose of this 'Extensible' protocol. This, of course, would require configuration on the Cisco side of the network, which is beyond the scope of this list. Hope this helps. Michael On Wed, 18 Aug 2004 09:01:13 -0700 Gregory D. Burns [EMAIL PROTECTED] wrote: Group, I have used freeradius for to collect CDR's from Cisco before. But I want to learn how much can really be done, and also wanted to allow my customers to do some config changes (like adding new gateways) from an web interface. At this point I'm doing a lot of reading and testing, but I notice a lot of what I'm reading does not apply to using it for Cisco voip CDRS. So my question is does anyone know of a good web page, news group, IRC, or what every; that talks about using freeradius on VOIP gateways? -Greg -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBJsiHyEfMczxaHdsRAtYSAJ4vAXRr4WNzr1qunh5UU3tp/CjeGgCeKNRA vgYiO3xVUSQOUgX3hOSiN6w= =CHaT -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco VoIP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Maybe I was mistaken, you were talking about accounting, while I spoke of authentication. My apologies. On Fri, 20 Aug 2004 20:59:03 -0700 Michael Brown [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You may want to look at the EAP - related modules. This is really the purpose of this 'Extensible' protocol. This, of course, would require configuration on the Cisco side of the network, which is beyond the scope of this list. Hope this helps. Michael On Wed, 18 Aug 2004 09:01:13 -0700 Gregory D. Burns [EMAIL PROTECTED] wrote: Group, I have used freeradius for to collect CDR's from Cisco before. But I want to learn how much can really be done, and also wanted to allow my customers to do some config changes (like adding new gateways) from an web interface. At this point I'm doing a lot of reading and testing, but I notice a lot of what I'm reading does not apply to using it for Cisco voip CDRS. So my question is does anyone know of a good web page, news group, IRC, or what every; that talks about using freeradius on VOIP gateways? -Greg -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBJsiHyEfMczxaHdsRAtYSAJ4vAXRr4WNzr1qunh5UU3tp/CjeGgCeKNRA vgYiO3xVUSQOUgX3hOSiN6w= =CHaT -END PGP SIGNATURE- -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBJslTyEfMczxaHdsRAiV+AJoD3Lon1SqjKHZBYKMg4lkriUO97QCeMEs5 5hEeMC5RgtQTb9Q2e5Rb+lg= =UvJD -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: debian packages for download
On Fri, Aug 20, 2004 at 09:32:06AM +0200, Markus Krause wrote: i commented out the line and removed the dependency entry for debhelper in debian/control, now i got the following error after running dpkg-buildpackage: -8- [snip] [snip] /usr/bin/ld: cannot find -lz which lib is missing there? zlib1g-dev libmysqlclient-dev ought to have pulled that in... But it doesn't in woody. It's fixed in sid and sarge though... You'll have to add that to Build-Depends for FreeRADIUS, I guess. btw: i tried to update debhelper, but that led me to many other update demands, even libc should be updated. if i did that would that not prevent the package to run on a normal debian woody system? OK, don't do that then... I must have misremembered how easy it is to update to debhelper... Sorry. _ -- Paul TBBle Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html