Re: freeradius proxy question

2005-08-24 Thread Thor Spruyt
[EMAIL PROTECTED] wrote: People might be able to do more if they had configs and debug output (-X) -- Groeten, Regards, Salutations, Thor Spruyt M: +32 (0)475 67 22 65 E: [EMAIL PROTECTED] W: www.thor-spruyt.com www.salesguide.be www.telenethotspot.be - List info/subscribe/unsubscribe? See h

Re: not to return reply-attributes in reject?

2005-08-24 Thread Thor Spruyt
kevin wrote: > How can I return Reject-Packet without default attributes? > It seems that the default attributes in the users file are returned > regardless of Accept or Reject. > I don't want to give a hint to hacker who can try a lot of rejects. > Is there a way? Somebody suggested Exec-Program-

Re: freeradius proxy question

2005-08-24 Thread freeradius
> > >> [EMAIL PROTECTED] wrote: >>> Greetings. I am using freeradius and want to do the following: >>> 1. proxy authentication to a secondary server for two-factor >>> authentication >>> 2. if the user is authenticated via the home server, add attributes >>> via >>> definitions from the local fr

Re: FreeRADIUS 1.0.4: SEGMENTATION FAULT

2005-08-24 Thread Alan DeKok
Richard Cotrina <[EMAIL PROTECTED]> wrote: > (gdb) display mysql_sock > 1: mysql_sock = (rlm_sql_mysql_sock *) 0x5f6c7173 That's bad. That's very bad. It's the ASCII string "sql_", interpreted as a pointer on an x86 machine. No wonder it crashes. The short answer is that there appears to b

Re: FreeRADIUS 1.0.4: SEGMENTATION FAULT

2005-08-24 Thread Richard Cotrina
On Wed, 24 Aug 2005, Alan DeKok wrote: > > Program received signal SIGSEGV, Segmentation fault. > > 0x483b7a48 in sql_init_socket (sqlsocket=0x8092720, config=0x8096300) > > at sql_mysql.c:71 > > 71 memset(mysql_sock, 0, sizeof(*mysql_sock)); > > What is the value of mysql_sock

Re: eap/ttls - hangs after initializing gtc

2005-08-24 Thread Alan DeKok
"Lohfink, Chris N" <[EMAIL PROTECTED]> wrote: > The program just hangs there where im assuming its doing something > with tls' rsa keys? I don't think so. > before i used --disable-shared it went down in same spot while > looking for the tls shared libraries so im unsure if it has to do > with

not to return reply-attributes in reject?

2005-08-24 Thread kevin
How can I return Reject-Packet without default attributes? It seems that the default attributes in the users file are returned regardless of Accept or Reject. I don't want to give a hint to hacker who can try a lot of rejects. Is there a way? Somebody suggested Exec-Program-Wait = "reject.sh"

Re: MySQL radacct not updated

2005-08-24 Thread Thor Spruyt
sean wrote: > I'm sorry but I don't understand your answer. Can you explain the > debug of an accounting packet? Found a nice explanation here: http://support.intel.com/support/si/library/bi0409.htm In addition to the authentication and authorization process, an extension of the RADIUS protocol

Re: FreeRADIUS 1.0.4: SEGMENTATION FAULT

2005-08-24 Thread Alan DeKok
"Richard Cotrina" <[EMAIL PROTECTED]> wrote: > Program received signal SIGSEGV, Segmentation fault. > 0x483b7a48 in sql_init_socket (sqlsocket=0x8092720, config=0x8096300) > at sql_mysql.c:71 > 71 memset(mysql_sock, 0, sizeof(*mysql_sock)); What is the value of mysql_sock? Is

Re: FreeRADIUS 1.0.4: SEGMENTATION FAULT

2005-08-24 Thread Richard Cotrina
> You've included everything but the information requested in doc/bugs. > > My bet is that this is bug #98 > > http://bugs.freeradius.org/show_bug.cgi?id=98 > > Alan DeKok. Alan : What I have found when using rlm_sql_mysql in FreeBSD ( and probably other OS ) is that radiusd segfault happen

Re: MySQL radacct not updated

2005-08-24 Thread sean
Hi Thor, Once again thanks for your help. I'm sorry but I don't understand your answer. Can you explain the debug of an accounting packet? Do you mean something like an Ethereal trace? How do I do a tcp dump on the Radius server. Regards, Sean - List info/subscribe/unsubscribe? See http://ww

Re: Windows Client Authentification bevore Domain logon

2005-08-24 Thread Ben Walding
You may need to add some extra configuration to your hints file: # Wireless XP devices prefix the user name with host/ DEFAULT Prefix == "host/"     Hint = "Wireless-Workstation" As far as I understand it, that will chop the host/ off for certain types of processing.  I'm sure Alan w

Re: MySQL radacct not updated (Thor Spruyt)

2005-08-24 Thread Thor Spruyt
sean wrote: > The NAS is a Linksys WRT-54G running DD-WRT firmware. I have made no > changes to the NAS configuration and up to a while ago the radacct > file > was being updated. I suspect that the problem is either in > radiued.conf, > sql.conf or the MySQL access rights. I have noticed that by i

Re: MySQL radacct not updated (Thor Spruyt)

2005-08-24 Thread sean
Hi Thor, Thanks for the reply. The NAS is a Linksys WRT-54G running DD-WRT firmware. I have made no changes to the NAS configuration and up to a while ago the radacct file was being updated. I suspect that the problem is either in radiued.conf, sql.conf or the MySQL access rights. I have noticed

FreeRadius crashing

2005-08-24 Thread Paul Khavkine
Hi Guys. I have FreeRadius 1.0.4 all of a sudden crash end exit. I have enabled core dumps but cannot find the core file anywhere. Where's the core file supposed to be written ? Thanx Paul - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_exec and retriving RAD_REQUEST attribute values

2005-08-24 Thread Thor Spruyt
Matt morris wrote: > Hello list, > > This has probably been asked a lot times before, but I just couldn't > get the attributes values from accounting request packets with my > perl script. I am trying to do some database queries when I received > stop accounting request packets, here are the releva

Re: Replaying data with tcpdump/netcat

2005-08-24 Thread Thor Spruyt
Alan DeKok wrote: >> with "tcpdump -s 1500 -w raw.txt port 1813 and udp". "-s 0" instead of "-s 1500" would be better, radius packets are not restricted to 1500 bytes. -- Groeten, Regards, Salutations, Thor Spruyt M: +32 (0)475 67 22 65 E: [EMAIL PROTECTED] W: www.thor-spruyt.com www.salesguide

rlm_exec and retriving RAD_REQUEST attribute values

2005-08-24 Thread Matt morris
Hello list, This has probably been asked a lot times before, but I just couldn't get the attributes values from accounting request packets with my perl script. I am trying to do some database queries when I received stop accounting request packets, here are the relevant sections of my radiusd.

eap/ttls - hangs after initializing gtc

2005-08-24 Thread Lohfink, Chris N
Hello, Im tring to get eap/ttls working on ubuntu(5.04) but when i istalled from apt-get im missing the shared libraries so i just decided to try compiling myself. After some work i got it with ./configure --without-rlm_x99_token --disable-shared --sysconfdir=/etc/ && make && make install I

Re: Problem with PEAP and LDAP

2005-08-24 Thread Carlos Martínez-Troncoso Cera
Thanks Thor, I will see that option or to work with an Active Directory. Best reggards, Carlos Martínez-Troncoso Cera Coordinador de Servicios Internet/Intranet Universidad del Norte Barranquilla, Colombia Tel: 57 5 3509367 Thor Spruyt wrote: Carlos Martínez-Troncoso Cera wrote:

Re: Problem with PEAP and LDAP

2005-08-24 Thread Carlos Martínez-Troncoso Cera
Thanks for your answer Alan. An option could be to use an MS Active Directory instead Iplanet LDAP? Carlos Martínez-Troncoso Cera Coordinador de Servicios Internet/Intranet Universidad del Norte Barranquilla, Colombia Tel: 57 5 3509367 Alan DeKok wrote: =?ISO-8859-1?Q?Carlos_Mart=EDnez-Tro

Re: Replaying data with tcpdump/netcat

2005-08-24 Thread Alan DeKok
Wesley Spadola <[EMAIL PROTECTED]> wrote: > Because we do not want accounting data terribly out of sync, we are > shifting the accounting data over from our live machine to a test > machine in increments of a few minutes, and I'm logging such data with > "tcpdump -s 1500 -w raw.txt port 1813 and ud

Re: Problem with PEAP and LDAP

2005-08-24 Thread Thor Spruyt
Carlos Martínez-Troncoso Cera wrote: > Hello. > > We are trying to use FreeRadius with PEAP and LDAP. You might consider TTLS with PAP instead of PEAP with MS-CHAP-V2 -- Groeten, Regards, Salutations, Thor Spruyt M: +32 (0)475 67 22 65 E: [EMAIL PROTECTED] W: www.thor-spruyt.com www.salesguide.

Re: MySQL radacct not updated

2005-08-24 Thread Thor Spruyt
sean wrote: > Hi ALL, > > I have made no progress in resolving the radaccct problem. > Radius is loading with no error messages and I've gone over the > radiusd.conf and sql.conf a million times. > > below is the output from Radius when a client logs in. Now a debug trace of an Access-Request pack

Replaying data with tcpdump/netcat

2005-08-24 Thread Wesley Spadola
There is probably something pretty simple I'm forgetting, but please bear with me. :) We're in the process of migrating our Cistron server to FreeRADIUS. We are currently testing FreeRADIUS 1.1.0 CVS HEAD because of our need to accept and log MAX TNT TAOS v11 Ascend-* 16bit attributes. We are

Re: Problem with PEAP and LDAP

2005-08-24 Thread Alan DeKok
=?ISO-8859-1?Q?Carlos_Mart=EDnez-Troncoso_Cera?= <[EMAIL PROTECTED]> wrote: > I was looking how Sun ONE stores the passwords, it uses SSHA (Salted > Secure Hashing Algoritm), > I think this is the problem, because I suposse it looks for NT-LM > Hashing passwords, what can I do and where can I fin

Re: Freeradius denies auth when "Framed-IP-Address" set

2005-08-24 Thread Nicolas Baradakis
Gerret Apelt wrote: > I am now trying to have FreeRadius also assign IP Address and Netmask to a > subset of the user accounts, and that's where I'm getting stuck. [...] > This issue goes away as soon as I delete rows with id 1343 and 1344 below: > > mysql> select id, username, attribute, value,

Re: Freeradius 1.0.4 (rlm_perl enabled) and Debian 3.1 (stable - Sarge)

2005-08-24 Thread Roman Medina-Heigl Hernandez
More info. I've tried to see different between Debian 3.0 (where freeradius is working) and Debian 3.1. Excerpt from "perl -V" on 3.0, where FR *works*: Linker and Libraries: ld='gcc', ldflags =' -L/usr/local/lib' libpth=/usr/local/lib /lib /usr/lib libs=-lnsl -lndbm -ldb -ldl -lm -l

Problem with PEAP and LDAP

2005-08-24 Thread Carlos Martínez-Troncoso Cera
Hello. We are trying to use FreeRadius with PEAP and LDAP. Our access point is a 3Com 8750, is talking with a FreeRadius 1.0.4, Freeradius talks with LDAP (Sun One Messaging Server 5.1) and our PEAP clients are Windows XP and 2000. First we configured FreeRadius with LDAP, it works well, then

Re: Mobile phone authentication

2005-08-24 Thread sean
Hi, If I understand you properly you are trying to authenticate users by their mobile phone number.If that's right you need Kannel. You can download the latest version from http://www.kannel.org There is a bit of a learning curve but once you have authenticated the user you can pass them off to y

Freeradius denies auth when "Framed-IP-Address" set

2005-08-24 Thread Gerret Apelt
Hi all -- Debian Sarge 2.4.27-2-386 kernel freeRadius (dpkg version 1.0.2-4) MySQL Server (dpkg version 4.1.11a-4) I have been using FreeRadius successfully for half a year. All my setup does is authenticate dialup connections. Radius auth requests come in from a NAS, and once authentication has

Re: Windows Client Authentification bevore Domain logon

2005-08-24 Thread User Test
System pocztowy Galtex S.A. informuje, iz Twoja wiadomosc zostala dostarczona Wiadomosc wygenerowana automatycznie przez system pocztowy uzytkownika belskia Prosze na ta wiadomosc nie odpowiadac. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Constructing imcoming message.

2005-08-24 Thread Alan DeKok
"Iandc Davies" <[EMAIL PROTECTED]> wrote: > For the attributes, I'm getting a bit stuck as these are VSA AVP's. > I think I've managed to id the functions that I need ( paircreate() and > pairadd() ) but unsure how they are used. See the source in the server for some examples. > I've stated wha

Re: Windows Client Authentification bevore Domain logon

2005-08-24 Thread Armin Krämer
Ok, the hole day i tried to get it to work but this time when i install the certificate as a machine zertifikate the radius authentifikation log ends up with this log below.The Certificates where generated with openssl and all works fine as User certificates but not as computer zertificate. I set

Re: piping radacct details to a script

2005-08-24 Thread Alan DeKok
marc racal <[EMAIL PROTECTED]> wrote: > i meant the logs under this directory > /var/log/freeradius/radacct/some-ip-address/. this format is due to > the configuration which is found in the the radiusd.conf file, set as: > > detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d > > thus,

Re: Error compiling cvs-snapshot on FreeBSD 5.4-RELEASE

2005-08-24 Thread Valeriy V. Peshkoff
Nicolas Baradakis пишет: Valeriy V. Peshkoff wrote: In file included from ../include/libradius.h:38, from dict.c:42: /usr/include/sys/socket.h:243: error: redefinition of `struct sockaddr_storage' It seems to me the bug is either in autoconf or in FreeBSD headers. I

Re: Error compiling cvs-snapshot on FreeBSD 5.4-RELEASE

2005-08-24 Thread Nicolas Baradakis
Valeriy V. Peshkoff wrote: >>> In file included from ../include/libradius.h:38, >>>from dict.c:42: >>> /usr/include/sys/socket.h:243: error: redefinition of `struct >>> sockaddr_storage' >> >> It seems to me the bug is either in autoconf or in FreeBSD headers. >> I don't know what

AW: Mobile phone authentification

2005-08-24 Thread Marc.Schlueter
Well, thank you for the correction. Actually a radius server IS involved in authentication process of mobile terminals, no operator could live without it. Nevertheless after further investigation I found out that a radius server wouldn't help me in my scenario without a connection to the operato

Constructing imcoming message.

2005-08-24 Thread Iandc Davies
Hi all, I'm trying to construct a simple program that will allow me to take some information from another source (possibly a pointer to a structure passed in) and populate the RADIUS_PACKET template. A separate process will then be used to send this message over UDP to the radius server. The info

Re: Error compiling cvs-snapshot on FreeBSD 5.4-RELEASE

2005-08-24 Thread Valeriy V. Peshkoff
Nicolas Baradakis пишет: Valeriy V. Peshkoff wrote: I'm still unable to compile CVS version of freeradius on Freebsd [...] gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-string

lowercase before domain match in users file

2005-08-24 Thread Tariq Rashid
hi - is it possible for freeradius to match the domains/realms for proxying purposes only (ie not rewrite the User-Name): in the users file: # following is used to map subdomains of *.easynet.co.uk # to be proxied according to the realm easynet.co.uk DEFAULT User-Name =~

Re: MySQL radacct not updated

2005-08-24 Thread sean
Hi ALL, I have made no progress in resolving the radaccct problem. Radius is loading with no error messages and I've gone over the radiusd.conf and sql.conf a million times. below is the output from Radius when a client logs in. rad_recv: Access-Request packet from host 82.141.232.132:51214, id

Re: Acct-Session-Id too long

2005-08-24 Thread Paul TBBle Hampson
On Mon, Aug 22, 2005 at 05:15:53PM +0800, Rohaizam Abu Bakar wrote: > Dear all, > but one case as below, i received a long "Acct-Session-Id" ... and cannot fit > into mysql... and problem to update Stop record... > should I change column size from char32 to reasonable value ? > Acct-Session-Id

Re: FreeRADIUS 1.0.4: SEGMENTATION FAULT

2005-08-24 Thread Nicolas Baradakis
BugBuster wrote: > I compiled  with  '--disable-shared' but  on Debian Linux > FreeRADIUS does not work with MySQL. On Debian, compile FreeRADIUS with the command dpkg-buildpackage. This will prior check whether all the necessary packages are installed on your system. $ cd freeradius-1.0.4 $ fak

matching accounting packets in the acct_users file

2005-08-24 Thread Tariq Rashid
i would like to filter off interim accoutning packets from specific domains to a different proxy target - as follows... # interim/status/alive accounting records are actually sent to the processing domain DEFAULT User-Name =~ "@.*\.abc\.co\.uk$", Acct-Status-Type == Alive, Proxy-T

Re: FreeRADIUS 1.0.4: SEGMENTATION FAULT

2005-08-24 Thread BugBuster
Hi Alan. I compiled  with  '--disable-shared' but  on Debian Linux FreeRADIUS does not work with MySQL. So I recompiled  on Red Hat Enterprise 3 using the same configuration command: ./configure --prefix=/usr/local/freeradius \            --with-logdir=/usr/local/freeradius/logs\         --with

Re: Error compiling cvs-snapshot on FreeBSD 5.4-RELEASE

2005-08-24 Thread Nicolas Baradakis
Valeriy V. Peshkoff wrote: > I'm still unable to compile CVS version of freeradius on Freebsd [...] > gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 > -Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align > -Wwrite-strings -Wstrict-prototypes -Wmissing-pr

Re: piping radacct details to a script

2005-08-24 Thread marc racal
On 8/24/05, Alan DeKok <[EMAIL PROTECTED]> wrote: > marc racal <[EMAIL PROTECTED]> wrote: > > > What log file? There are many. > > > > radacct details logs. > > Thanks for keeping your answer as short and as cryptic as possible. > It really gives people incentive to answer you. > > 1) The

Freeradius 1.0.4 (rlm_perl enabled) and Debian 3.1 (stable - Sarge)

2005-08-24 Thread Roman Medina-Heigl Hernandez
Hi, I'm trying to get FR 1.0.4 to work with new Debian stable distro (3.1). I need rlm_perl so I run ./configure with --with-experimental-modules and compiled it from source (latest .tgz downloaded from freeradius.org): # tar zxvf freeradius-1.0.4.tar.gz # chown -R root. freeradius-1.0.4 # cd fre

Re: Windows Client Authentification bevore Domain logon

2005-08-24 Thread Steven Atkinson
At 12:49 23/08/05, you wrote: Hi, thanks for your email! Ok, i tried it out but i have some problems. If i use the DWORT String you sent me it has no efekkt. I found an other DWORT Key which Sounds "AuthMode" and with this DWORT he only tries to authentificate with the machine account. Maybe

Error compiling cvs-snapshot on FreeBSD 5.4-RELEASE

2005-08-24 Thread Valeriy V. Peshkoff
Hi! I'm still unable to compile CVS version of freeradius on Freebsd Configure it like that ./configure --prefix=/usr/local/radius Only this seems bad to me . checking net/if.h usability... no checking net/if.h presence... yes configure: WARNING: net/if.h: present but cannot be compiled confi