Re: Assertionfailed trouble again

2007-08-29 Thread Janne Peltonen
On Thu, Aug 30, 2007 at 06:07:39AM +0200, Alan DeKok wrote: > > For now, I have a cron job that starts a dead server up again. I'll look > > at 2.0.0 when it's no longer at -pre ;) > The whole point of issuing pre-releases is so that problems > are found before the official release. That's tru

Re: freeradius + ad

2007-08-29 Thread Alan DeKok
Alexsander wrote: > 1 - but freeradius don't prints out any message using ntlm_auth > (except this one: mschap: ntlm_auth = > "/usr/bin/ntlm_auth...%{ntdomain} ...) Are you sure you're running a recent version? It SHOULD be printing out the entire ntlm_auth command. > 2 - the windows machine a

Re: FreeRADIUS 2.0.0-pre2 has been released

2007-08-29 Thread Alan DeKok
[EMAIL PROTECTED] wrote: > yep - the server should ship with an 'exaple' or defauly' entry...but > if you have copied over old config etc then it wouldnt be there...i'd guess > a 'no enabled sites, you want me to do something?' error message > might be more useful Which it does when I simply co

Re: Assertionfailed trouble again

2007-08-29 Thread Alan DeKok
Janne Peltonen wrote: > I restarted the server, didn't HUP. And the assertion failure appeared > in the dead of the night (admittedly, there was a small load peak on the > server that runs radius). Hmm... OK. > For now, I have a cron job that starts a dead server up again. I'll look > at 2.0.0

freeradius-users@lists.freeradius.org

2007-08-29 Thread Alan DeKok
Richard Elder wrote: > I have more info.. I turned on debugging on the Radius Server and this > is what I saw.. ... > rlm_eap: Either EAP-request timed out OR EAP-response to an unknown > EAP-request The supplicant is broken. > But then I use a newer wireless NIC, and it works perfectly..

Freeradius LDAP problem

2007-08-29 Thread George Beitis
Hi everyone I have a problem. I set up freeradius to use a local ldap server to authenticate a user. When i say authenticate i mean check if the user is there, check their password, and accept or reject them. When i do such an authentication i get a message from freeradius saying that user is au

freeradius-users@lists.freeradius.org

2007-08-29 Thread Richard Elder
I have more info.. I turned on debugging on the Radius Server and this is what I saw.. EAP-Message = 0x03030004 Message-Authenticator = 0x State = 0x4432dbd90b6b53254567784c2809c028 rad_recv: Access-Request packet from host 10.0.x.x:1645, id=195, l

Re: Looking for a RADIUS GUI CLIENT

2007-08-29 Thread Nicholas Hall
On 8/29/07, George Beitis <[EMAIL PROTECTED]> wrote: > > Hi everyone, > a bit irrelevant but i am looking for a client with a GUI to test my > freeradius server. Something that can actually show me responses et > cetera. Is there anything like this around? > NTRadPing is pretty nice for testing

Looking for a RADIUS GUI CLIENT

2007-08-29 Thread George Beitis
Hi everyone, a bit irrelevant but i am looking for a client with a GUI to test my freeradius server. Something that can actually show me responses et cetera. Is there anything like this around? regards George - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

SNMP

2007-08-29 Thread Claudio
Estimados, alguno de ustedes me puede ayudar a saber en que parte del código de freeradius puedo ver información sobre las alarmas SNMP que se envían? Gracias. Saludos. -- --- Claudio Enrique González Argote Service & Application Plus. Departamento de Ingenier

Re: FreeRADIUS 2.0.0-pre2 has been released

2007-08-29 Thread Peter Nixon
On Wed 29 Aug 2007, Alan T DeKok wrote: > After much waiting, 2.0.0-pre2 has been released. It contains MAJOR > functionality upgrades from 2.0.0-pre1. The new "unlang" feature can be > used to easily implement most policies. The virtual server support > makes running complicated configuration

Re: Freeradius and Quintum help plz

2007-08-29 Thread Nicholas Hall
On 8/29/07, Pretty Woman <[EMAIL PROTECTED]> wrote: > > Hello, > > I need to configure freeradius to make accounting with > Quintum. Where do I start ? What do I need to know in > order to do that ? > > I already installed and tested version 1.1.7 and have > a mysql or pgsql server but I dont know

Re: freeradius + ad

2007-08-29 Thread Alexsander
1 - but freeradius don't prints out any message using ntlm_auth (except this one: mschap: ntlm_auth = "/usr/bin/ntlm_auth...%{ntdomain} ...) 2 - the windows machine already on the network and logged on (with my username), i'm just swap swtch port that this machine is connected - swapping between po

EAP Testing Client for Darwin

2007-08-29 Thread Arran Cudbard-Bell
Hi, Has anyone come across decent EAP testing suite for Darwin ? I know WPA_Supplicant has eapol_test , but it refuses to compile :( Thanks, Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS 2.0.0-pre2 has been released

2007-08-29 Thread A . L . M . Buxey
Hi, > ...Because you have to have at least one site in sites-enabled else the > server has nothing to do... yep - the server should ship with an 'exaple' or defauly' entry...but if you have copied over old config etc then it wouldnt be there...i'd guess a 'no enabled sites, you want me to do so

Re: FreeRADIUS 2.0.0-pre2 has been released

2007-08-29 Thread Arran Cudbard-Bell
Arran Cudbard-Bell wrote: Alan T DeKok wrote: Arran Cudbard-Bell wrote: /usr/local/freeradius-2.0pre2/etc/raddb/radiusd.conf[1572]: Failed to link to module 'rlm_exec': dlopen(/usr/local/freeradius-2.0pre2/lib/rlm_exec-2.0.0-pre2.so, 9): Symbol not found: _debug_flag Referenced from: /usr/l

Re: user already logged in

2007-08-29 Thread tnt
You can't "disable" radutmp in sql.conf. You change session database from radutmp to sql in radiusd.conf. Ivan Kalik Kalik Informatika ISP Dana 28/8/2007, "Michael Ziemann" <[EMAIL PROTECTED]> piše: >Hi Guys! > >I've another problem ... >When I enter radwho, it displays user1, user2 and user3 .

Freeradius and Quintum help plz

2007-08-29 Thread Pretty Woman
Hello, I need to configure freeradius to make accounting with Quintum. Where do I start ? What do I need to know in order to do that ? I already installed and tested version 1.1.7 and have a mysql or pgsql server but I dont know what steps to take yet. What structure should the tables in the

Re: FreeRADIUS 2.0.0-pre2 has been released

2007-08-29 Thread Arran Cudbard-Bell
Arran Cudbard-Bell wrote: Alan T DeKok wrote: Arran Cudbard-Bell wrote: /usr/local/freeradius-2.0pre2/etc/raddb/radiusd.conf[1572]: Failed to link to module 'rlm_exec': dlopen(/usr/local/freeradius-2.0pre2/lib/rlm_exec-2.0.0-pre2.so, 9): Symbol not found: _debug_flag Referenced from: /usr/l

Re: Configuring L2tp forwarding based on suffix?

2007-08-29 Thread Phil Mayers
> Testing the access via radtest, I get the "expected" info AFAICT: > > rad_recv: Access-Reject packet from host 10.218.212.15:1812, id=24, > length=133 > Cisco-AVPair = "vpdn:tunnel-type=l2tp" > Cisco-AVPair = "vpdn:ip-addresses=10.221.1.34" > Cisco-AVPair = "vpdn:l2tp-tun

Re: Assertionfailed trouble again

2007-08-29 Thread Janne Peltonen
On Wed, Aug 29, 2007 at 06:30:33PM +0200, Alan DeKok wrote: > Janne Peltonen wrote: > > I had a problem with radius choking on a failed assertion (probably sth > > to do with high load on the server, that is, the physical computer, not > > the radius server). As recommended > > (https://lists.freer

Re: freeradius-1.0.4 and MAC address authentication w/ win xp supplicant

2007-08-29 Thread Phil Mayers
2.11 > NAS-Port = 551 > NAS-IP-Address = 192.168.214.99 > NAS-Identifier = "AP-99" This is not an EAP authentication; your NAS (wireless AP) is not doing EAP. Make it do EAP if you want to do EAP. > rad_rmspace_pair: User-Password now 'Qp?d?%?

Re: FreeRADIUS 2.0.0-pre2 has been released

2007-08-29 Thread Arran Cudbard-Bell
Alan T DeKok wrote: Arran Cudbard-Bell wrote: /usr/local/freeradius-2.0pre2/etc/raddb/radiusd.conf[1572]: Failed to link to module 'rlm_exec': dlopen(/usr/local/freeradius-2.0pre2/lib/rlm_exec-2.0.0-pre2.so, 9): Symbol not found: _debug_flag Referenced from: /usr/local/freeradius-2.0pre2/li

freeradius-1.0.4 and MAC address authentication w/ win xp supplicant

2007-08-29 Thread John C. Koen
diusd.conf modcall: entering group authorize for request 2 radius_xlat: '/var/log/radius/radius-MAC/radacct/auth-detail-20070829' rlm_detail: /var/log/radius/radius-MAC/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radius-MAC/radacct//auth-detail-20070829 m

Re: Assertionfailed trouble again

2007-08-29 Thread Alan DeKok
Janne Peltonen wrote: > I had a problem with radius choking on a failed assertion (probably sth > to do with high load on the server, that is, the physical computer, not > the radius server). As recommended > (https://lists.freeradius.org/pipermail/freeradius-users/2007-August/065179.html), > I upg

Re: FreeRADIUS 2.0.0-pre2 has been released

2007-08-29 Thread Alan T DeKok
Arran Cudbard-Bell wrote: > /usr/local/freeradius-2.0pre2/etc/raddb/radiusd.conf[1572]: Failed to > link to module 'rlm_exec': > dlopen(/usr/local/freeradius-2.0pre2/lib/rlm_exec-2.0.0-pre2.so, 9): > Symbol not found: _debug_flag Referenced from: > /usr/local/freeradius-2.0pre2/lib/rlm_exec-2.0.0

Re: Tesing Freeradius

2007-08-29 Thread Pretty Woman
Ok, now it works...the problem was that I was sending to port 1645 instead of 1812 which is supposed to be the default port.(or I didnt set that port in radiusd.conf ?) " Response: Access-Accept " :D I still need to make it somehow work with Quintum so if anyone knows how it's done please give me

Re: Tesing Freeradius

2007-08-29 Thread Punith Raj
well if u are testing freeradius with NTRADPING then this wat i did some time back *add the following in user file* # Framed-MTU = 1500, # Framed-Compression = Van-Jacobsen-TCP-IP ###punith added this for testing# *punith Cleartext-Password := "test123" root C

Tesing Freeradius

2007-08-29 Thread Pretty Woman
Hello, I installed freeradius 1.1.7 on a RedHat 9 system and after making a few basic changes to configuration files I tried to test the authentification with a program called NTRadPing. It doesnt work and gives : recvfrom() error, last error 10054 The configs I made are: In the radiusd.conf : u

Re: FreeRADIUS 2.0.0-pre2 has been released

2007-08-29 Thread Arran Cudbard-Bell
Alan T DeKok wrote: ram wrote: is there any distributed model and failover model available. iam looking Central one SERVER and other Servers are distributed model. like client server model any suggestion on same Read the documentation in 2.0.0-pre2. Alan DeKok. - List info/subscr

Assertionfailed trouble again

2007-08-29 Thread Janne Peltonen
Hi! I had a problem with radius choking on a failed assertion (probably sth to do with high load on the server, that is, the physical computer, not the radius server). As recommended (https://lists.freeradius.org/pipermail/freeradius-users/2007-August/065179.html), I upgraded to version 1.1.7, and

Re: FreeRADIUS 2.0.0-pre2 has been released

2007-08-29 Thread Alan T DeKok
ram wrote: > is there any distributed model and failover model available. > iam looking Central one SERVER and other Servers are distributed model. > like client server model > any suggestion on same Read the documentation in 2.0.0-pre2. Alan DeKok. - List info/subscribe/unsubscribe? See htt

Re: FreeRADIUS 2.0.0-pre2 has been released

2007-08-29 Thread ram
On 8/29/07, Alan T DeKok <[EMAIL PROTECTED]> wrote: > > After much waiting, 2.0.0-pre2 has been released. It contains MAJOR > functionality upgrades from 2.0.0-pre1. The new "unlang" feature can be > used to easily implement most policies. The virtual server support > makes running complicated c

Re: FreeRADIUS 2.0.0-pre2 has been released

2007-08-29 Thread Arran Cudbard-Bell
Alan T DeKok wrote: After much waiting, 2.0.0-pre2 has been released. It contains MAJOR functionality upgrades from 2.0.0-pre1. The new "unlang" feature can be used to easily implement most policies. The virtual server support makes running complicated configurations much easier than before.

FreeRADIUS 2.0.0-pre2 has been released

2007-08-29 Thread Alan T DeKok
After much waiting, 2.0.0-pre2 has been released. It contains MAJOR functionality upgrades from 2.0.0-pre1. The new "unlang" feature can be used to easily implement most policies. The virtual server support makes running complicated configurations much easier than before. For full details,

Re: hints/acct_users matching of subnets

2007-08-29 Thread Stefan Winter
> > DEFAULT Client-IP-Address == 158.64.14.224/28, Proxy-To-Realm := NULL > > Nope. There's no "ip/mask" data type. You've got to use a regular > expression to do the matching. Ok, using regex matching fixed it. Thanks! > Maybe this can be fixed in "unlang" in 2.0. IMHO that would be a goo

Re: error in SSLv3 read client certificate A

2007-08-29 Thread Ancalagon
Just for information. I made a new xen domU radius/ldap server on another Xen dom0 server. There, it works perfectly with the same configuration. There was a really big problem on the network of the firt borked domU. the borked dom0 is a SLES 10 the new dom0 is a SLES 10 SP1 Alan DeKok wrote:

Re: hints/acct_users matching of subnets

2007-08-29 Thread Alan DeKok
Stefan Winter wrote: > I would like to set up a rule in 1.1.7 that matches a subnet of > Client-IP-Addresses. I did > > DEFAULT Client-IP-Address == 158.64.14.224/28, Proxy-To-Realm := NULL Nope. There's no "ip/mask" data type. You've got to use a regular expression to do the matching. Ma