Eumulate authentication by java
Dear freeradius-users: Can we use the java program to emulate the authentication? We want to write some code to post request to the radius server, and make an authentication with this way? does it possible? Any java api? or other language API? Best regards. MaFai [EMAIL PROTECTED] 2004-10-29 34955929 children1.gif
ip pool and gprs
Currently Im using a ip_pool as radius server at my CPD, for a cisco serving as private GPRS APN (property of telecom italia mobile); this setup is intended to get some kind of grps vpn. The problem is that a get always the same 2 ips (but theres a lot more, in fact, actually Im using the example main_pool of radius.conf), I presume the error is on the cisco side that is not serving the connection end, so fradius always thinks the ips are free. Now, I wonder if theres some way to always increment the next pool ip to server, instead of serve the first free ip. Greetings - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Hi
:)) ** ** WARNING: Panda Antivirus GateDefender has detected a virus in file attached to this e-mail message! The attachment has been automatically removed to protect your network. Panda Antivirus GateDefender Administrator: [EMAIL PROTECTED] 10/29/04 10:11:02 Panda Antivirus GateDefender (Version 5.1 R1f (5.0.64.12)) - http://www.pandasoftware.com/ Antivirus Vendor: Panda Software Scan Engine Version: 4.1.4.307 Pattern File Version: 3.85870 (Timestamp: 29/10/2004 094851) Machine name: PandaAppliance Machine IP address: 172.16.1.1 Server: 62.216.30.26 Client: 172.16.32.21 Protocol: SMTP Virus: W32/Bagle.BC.worm found! Attachment: price.scr ** **
RE: Eumulate authentication by java
Use jradiusclient Galbayar Dorjgotov Senior Software Engineer Mobile Business Development Department MobiCom Corp http://www.mobicom.mn From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MaFai Sent: 2004 10 29 14:16 To: freeradius-users Subject: Eumulate authentication by java Dear freeradius-users: Can we use the java program to emulate the authentication? We want to write some code to post request to the radius server, and make an authentication with this way? does it possible? Any java api? or other language API? Best regards. MaFai [EMAIL PROTECTED] 2004-10-29 34955929 image001.gif
alcatel omniswitch 6600 and 802.1x
hello,
I'm trying to set up a configuration with an Alcatel Omniswitch 6600-24 and
Freeradius 1.0.1. 802.1x client is either native XP or open1x (EAP-MD5).
Communication seem to go between the switch and Freeradius but authentication
fails.
Did someone succeded with the same kind of configuration: Omniswitch 66xx or
77xx or 88xx ?
Here are the logs from radiudsd -X:
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /opt/etc/raddb/proxy.conf
Config: including file: /opt/etc/raddb/clients.conf
Config: including file: /opt/etc/raddb/snmp.conf
Config: including file: /opt/etc/raddb/eap.conf
Config: including file: /opt/etc/raddb/sql.conf
main: prefix = /opt
main: localstatedir = /opt/var
main: logdir = /opt/var/log/radius
main: libdir = /opt/lib
main: radacctdir = /opt/var/log/radius/radacct
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = /opt/var/log/radius/radius.log
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = /opt/var/run/radiusd/radiusd.pid
main: user = (null)
main: group = (null)
main: usercollide = no
main: lower_user = no
main: lower_pass = no
main: nospace_user = no
main: nospace_pass = no
main: checkrad = /opt/sbin/checkrad
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /opt/lib
Module: Loaded exec
exec: wait = yes
exec: program = (null)
exec: input_pairs = request
exec: output_pairs = (null)
exec: packet_type = (null)
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = crypt
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = (null)
mschap: authtype = MS-CHAP
mschap: ntlm_auth = (null)
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = (null)
unix: shadow = (null)
unix: group = (null)
unix: radwtmp = /opt/var/log/radius/radwtmp
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = md5
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = Password:
gtc: auth_type = PAP
rlm_eap: Loaded and initialized type gtc
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = /opt/etc/raddb/huntgroups
preprocess: hints = /opt/etc/raddb/hints
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = suffix
realm: delimiter = @
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = /opt/etc/raddb/users
files: acctusersfile = /opt/etc/raddb/acct_users
files: preproxy_usersfile = /opt/etc/raddb/preproxy_users
files: compat = no
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Addre
ss, NAS-Port
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile = /opt/var/log/radius/radacct/%{Client-IP-Address}/detail-%
Y%m%d
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = /opt/var/log/radius/radutmp
radutmp: username = %{User-Name}
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.
rad_recv:
radrelay segmentation failt
hi. When running radrelay on 162Mb accounting file it dies with segmentation fault. There is quite enough disk space on the working partition: /dev/dsk/c1t0d0s713842586 9457567 424659470%/export/home freeradius is of version 1.0.1. gdb output is below: # gdb /opt/fr/bin/radrelay GNU gdb 6.0 Copyright 2003 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is absolutely no warranty for GDB. Type show warranty for details. This GDB was configured as sparc-sun-solaris2.8... (gdb) set args -x -a . -n localhost 10.01 (gdb) run Starting program: /opt/fr/bin/radrelay -x -a . -n localhost 10.01 [New LWP 1] [New LWP 2] [New LWP 3] [New LWP 4] [New LWP 5] Program received signal SIGSEGV, Segmentation fault. 0x00013698 in read_one (fp=0x3a418, r_req=0x39d44) at radrelay.c:287 287 if (userparse(buf, vp) 0 (gdb) bt #0 0x00013698 in read_one (fp=0x3a418, r_req=0x39d44) at radrelay.c:287 #1 0x00013e40 in loop (r_args=0xffbef658) at radrelay.c:605 #2 0x00014b08 in main (argc=-4262312, argv=0x13470) at radrelay.c:1003 The machine is SunOS abs-test 5.8 Generic_108528-29 sun4u sparc SUNW,Sun-Fire-V240 The same result is on SunOS mcc-aaa2 5.8 Generic_108528-27 sun4u sparc SUNW,Ultra-60 What can be wrong? -- Sincerely Yours, Alexander Serkin, Skylink, Moscow, ph. +7(095)7952089 fa. +7(095)7952084 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Advice needed (Acct-Session-Id vs. User-Name)
Hello, For accounting_stop packet it's better to use Acct-Session-Time because for a call that the same user do you can use this to seperate the calls. In this way you can handle a lot of calls that one user do. All this if you want to know about the calls one by one. Kyriaki Gali, IT Applications Specialist Kinetix Tele.com Support Center, Tel Fax: +30 2310 256140 GSM: +30 6947 723737 http://www.kinetix.gr e-mail: [EMAIL PROTECTED] - Original Message - From: Roman Suzi [EMAIL PROTECTED] To: Radius Free [EMAIL PROTECTED] Sent: Thursday, October 28, 2004 9:09 AM Subject: Advice needed (Acct-Session-Id vs. User-Name) Hi, I need an advice. One of my collegues suggested to drop User-Name for accounting purposes to avoid realm clashes (when CISCO drops realms in some cases). He suggests to store Acct-Session-Id at authorisation and then restore User-Name at accounting stop event to make accounting. He claims it's more accurate than to rely on User-Name. As this is completely novel idea, I'd liked to know community opinion. Thank you! Sincerely yours, Roman A.Suzi -- - Petrozavodsk - Karelia - Russia - mailto:[EMAIL PROTECTED] - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Can´t install FreeRadius 1.0.1-1 en Fedora Core 2
Title: Mensagem Hi, I´m trying to install freeradius 1.0.1-1 in a Fedora Core 2 box but I´m getting lots os errors inmake install command. libtool: install: `rlm_acct_unique.la' is not a valid libtool archiveTry `libtool --help --mode=install' for more information.gmake[6]: Leaving directory `/root/freeradius-snapshot-20041028/src/modules/rlm_acct_unique'Making install in rlm_always...gmake[6]: Entering directory `/root/freeradius-snapshot-20041028/src/modules/rlm_always'if [ "xrlm_always" != "x" ]; then \ /root/freeradius-snapshot-20041028/libtool --mode=install /root/freeradius-snapshot-20041028/install-sh -c -c \ rlm_always.la /usr/local/lib/rlm_always.la; \ rm -f /usr/local/lib/rlm_always-1.1.0-pre0.la; \ ln -s rlm_always.la /usr/local/lib/rlm_always-1.1.0-pre0.la; \filibtool: install: `rlm_always.la' is not a valid libtool archiveTry `libtool --help --mode=install' for more information.gmake[6]: Leaving directory `/root/freeradius-snapshot-20041028/src/modules/rlm_always'Making install in rlm_attr_filter...gmake[6]: Entering directory `/root/freeradius-snapshot-20041028/src/modules/rlm_attr_filter'if [ "xrlm_attr_filter" != "x" ]; then \ /root/freeradius-snapshot-20041028/libtool --mode=install /root/freeradius-snapshot-20041028/install-sh -c -c \ rlm_attr_filter.la /usr/local/lib/rlm_attr_filter.la; \ rm -f /usr/local/lib/rlm_attr_filter-1.1.0-pre0.la; \ ln -s rlm_attr_filter.la /usr/local/lib/rlm_attr_filter-1.1.0-pre0.la; \filibtool: install: `rlm_attr_filter.la' is not a valid libtool archiveTry `libtool --help --mode=install' for more information.gmake[6]: Leaving directory `/root/freeradius-snapshot-20041028/src/modules/rlm_attr_filter'Making install in rlm_attr_rewrite...gmake[6]: Entering directory `/root/freeradius-snapshot-20041028/src/modules/rlm_attr_rewrite'if [ "xrlm_attr_rewrite" != "x" ]; then \ /root/freeradius-snapshot-20041028/libtool --mode=install /root/freeradius-snapshot-20041028/install-sh -c -c \ rlm_attr_rewrite.la /usr/local/lib/rlm_attr_rewrite.la; \ rm -f /usr/local/lib/rlm_attr_rewrite-1.1.0-pre0.la; \ ln -s rlm_attr_rewrite.la /usr/local/lib/rlm_attr_rewrite-1.1.0-pre0.la; \filibtool: install: `rlm_attr_rewrite.la' is not a valid libtool archiveTry `libtool --help --mode=install' for more information.gmake[6]: Leaving directory `/root/freeradius-snapshot-20041028/src/modules/rlm_attr_rewrite'Making install in rlm_chap...gmake[6]: Entering directory `/root/freeradius-snapshot-20041028/src/modules/rlm_chap'if [ "xrlm_chap" != "x" ]; then \ /root/freeradius-snapshot-20041028/libtool --mode=install /root/freeradius-snapshot-20041028/install-sh -c -c \ rlm_chap.la /usr/local/lib/rlm_chap.la; \ rm -f /usr/local/lib/rlm_chap-1.1.0-pre0.la; \ ln -s rlm_chap.la /usr/local/lib/rlm_chap-1.1.0-pre0.la; \filibtool: install: `rlm_chap.la' is not a valid libtool archiveTry `libtool --help --mode=install' for more information.gmake[6]: Leaving directory `/root/freeradius-snapshot-20041028/src/modules/rlm_chap'Making install in rlm_checkval...gmake[6]: Entering directory `/root/freeradius-snapshot-20041028/src/modules/rlm_checkval'if [ "xrlm_checkval" != "x" ]; then \ /root/freeradius-snapshot-20041028/libtool --mode=install /root/freeradius-snapshot-20041028/install-sh -c -c \ rlm_checkval.la /usr/local/lib/rlm_checkval.la; \ rm -f /usr/local/lib/rlm_checkval-1.1.0-pre0.la; \ ln -s rlm_checkval.la /usr/local/lib/rlm_checkval-1.1.0-pre0.la; \filibtool: install: `rlm_checkval.la' is not a valid libtool archiveTry `libtool --help --mode=install' for more information.gmake[6]: Leaving directory `/root/freeradius-snapshot-20041028/src/modules/rlm_checkval'Making install in rlm_copy_packet...gmake[6]: Entering directory `/root/freeradius-snapshot-20041028/src/modules/rlm_copy_packet'if [ "xrlm_copy_packet" != "x" ]; then \ /root/freeradius-snapshot-20041028/libtool --mode=install /root/freeradius-snapshot-20041028/install-sh -c -c \ rlm_copy_packet.la /usr/local/lib/rlm_copy_packet.la; \ rm -f /usr/local/lib/rlm_copy_packet-1.1.0-pre0.la; \ ln -s rlm_copy_packet.la /usr/local/lib/rlm_copy_packet-1.1.0-pre0.la; \filibtool: install: `rlm_copy_packet.la' is not a valid libtool archiveTry `libtool --help --mode=install' for more information.gmake[6]: Leaving directory `/root/freeradius-snapshot-20041028/src/modules/rlm_copy_packet'Making install in rlm_counter...gmake[6]: Entering directory `/root/freeradius-snapshot-20041028/src/modules/rlm_counter'if [ "xrlm_counter" != "x" ]; then \ /root/freeradius-snapshot-20041028/libtool --mode=install /root/freeradius-snapshot-20041028/install-sh -c -c \ rlm_counter.la /usr/local/lib/rlm_counter.la; \ rm -f /usr/local/lib/rlm_counter-1.1.0-pre0.la; \ ln -s rlm_counter.la /usr/local/lib/rlm_counter-1.1.0-pre0.la; \filibtool: install: `rlm_counter.la' is not a valid libtool archiveTry `libtool --help --mode=install' for more information.gmake[6]: Leaving
HP Procurve 5300XL and Privilege Levels
Hi all, Has anyone have some information how i handle priv levels in 5300xl's and freeradius? Id like to make account wich have priv level 14 access (Operator RO) and couple level 15 access (Manager RW). I get aaa working, but i dont know how i must to do that level thing in users.conf. Best regards, Ville Leinonen - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Bad Singature error
Hi, I am using EAP-TLS to authenticate a wireless Station to FreeRADIUS through an AP but am getting Bad Signature error. Following is the output of FreeRADIUS: rlm_eap_tls: TLS 1.0 Handshake [length 05e1], Certificate chain-depth=1, error=0 -- User-Name = Paradigm -- BUF-Name = -- subject = /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd -- issuer = /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd -- verify return:1 chain-depth=0, error=0 -- User-Name = Paradigm -- BUF-Name = Paradigm -- subject = /C=PK/ST=abcdef/L=LH/O=MyOrg/OU=Net/CN=Paradigm/emailAddress=addy -- issuer = /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd -- verify return:1 TLS_accept: SSLv3 read client certificate A rlm_eap_tls: TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: TLS 1.0 Handshake [length 0086], CertificateVerify rlm_eap_tls: TLS 1.0 Alert [length 0002], fatal decrypt_error TLS Alert write:fatal:decrypt error TLS_accept:failed in SSLv3 read certificate verify B 79644:error:04077068:rsa routines:RSA_verify:bad signature:/usr/src/crypto/openssl/crypto/rsa/rsa_sign.c:181: 79644:error:1408807A:SSL routines:SSL3_GET_CERT_VERIFY:bad rsa signature:/usr/src/crypto/openssl/ssl/s3_srvr.c:1839: 79644:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:/usr/src/crypto/openssl/ssl/s3_pkt.c:837: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. The FreeRADIUS Server while operating upon the CertificateVerify message from the Client gives out the Bad signature error. I have no clue what is happening here. Could someone please help me out with this issue? Thanks, Bilal - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: HP Procurve 5300XL and Privilege Levels
On Fri, 2004-10-29 at 14:57 +0300, Ville Leinonen wrote: Hi all, Has anyone have some information how i handle priv levels in 5300xl's and freeradius? Id like to make account wich have priv level 14 access (Operator RO) and couple level 15 access (Manager RW). I get aaa working, but i dont know how i must to do that level thing in users.conf. Best regards, Ville Leinonen - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html They may be doing something similar to Foundry. Look in the HP docs for privilege-level or command-string. HP support is pretty good with this type of stuff, just a tad on the slow side. Ted DISCLAIMER This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me and permanently delete the original and any copy of any e-mail and any printout thereof. E-mail transmission cannot be guaranteed to be secure or error-free. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. REGARDING PRIVACY AND CONFIDENTIALITY Crown Financial Group may, at its discretion, monitor and review the content of all e-mail communications. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Upgrade to 1.0.1 - radiusd wont start (RESOLVED)
On Fri, 2004-10-29 at 12:40, John Horne wrote:
We have a Fedora Core 2 linux server which unfortunately automatically
upgraded, using yum, from freeradius 0.9.3 to 1.0.1 last night. (I did
not intend that to happen so that I could check out the changes with
1.0.1 to ensure that it would work okay on our servers.) This morning
the server was showing that the freeradius daemon was not running.
In our radiusd.conf file in the authorize section we have:
mschap {
ok = return
}
Okay, I see that this was reported about 2 weeks ago by a user getting
the same type of error when using ldap. I also see that this has been
fixed in cvs by Alan DeKok, and should appear in freeradius 1.0.2. Many
thanks.
John.
--
---
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problems moving from FreeRADIUS 1.0.0 to version 1.0.1
Hello, I've been using FreeRADIUS 1.0.0 so far. I just tried to install FreeRADIUS 1.0.1, but I'm encountering a problem : I get a bus error upon receiving an access-request. I've got a very simple module that, on authorize event, tries to access request, request-packet and request-packet-vps. When trying to access request-packet-vps the program generates a bus error, but I don't know if the packet or request are valid pointers either at the beginning of my function... I did not have any problem with exactly the same code and configuration when using FreeRADIUS 1.0.0. In my configuration, I'm also using other modules such as detail. Those modules work fine, but I don't know why mine doesn't. Any ideas ? (As a side note, the FreeRADIUS 1.0.1 package found at the address below contains CSV directories. Thus, when configuring, the developper mode is enabled. This mode generates tons of warnings when compiling. Removing the top-level CVS directory before configure fixes the problem. ftp://ftp.freeradius.org/pub/radius/freeradius-1.0.1.tar.gz ) Please find below : 1. the request that I'm sending to the server with radclient 2. complete debug logs 3. source file of my module 4. my makefile 5. my radiusd.conf file 1. RADIUS test request [EMAIL PROTECTED] User-Password=ABC NAS-IP-Address=172.26.233.18 Framed-IP-Address=1.2.3.4 NAS-Port-Type=19 Acct-Session-ID=1234567890ABCDEF 2. debug logs @freerad0//home2/freerad0$HOME/freeradius/sbin/radiusd -d $HOME/freeradius/etc/raddb -X Fri Oct 29 15:29:22 2004 : Info: Starting - reading configuration files ... Fri Oct 29 15:29:22 2004 : Debug: reread_config: reading radiusd.conf Fri Oct 29 15:29:22 2004 : Debug: Config: including file: /home2/freerad0/freeradius/etc/raddb/proxy.conf Fri Oct 29 15:29:22 2004 : Debug: Config: including file: /home2/freerad0/freeradius/etc/raddb/clients.conf Fri Oct 29 15:29:22 2004 : Debug: Config: including file: /home2/freerad0/freeradius/etc/raddb/cg_custom.conf Fri Oct 29 15:29:22 2004 : Debug: main: prefix = /home2/freerad0/freeradius Fri Oct 29 15:29:22 2004 : Debug: main: localstatedir = /home2/freerad0/freeradius/var Fri Oct 29 15:29:22 2004 : Debug: main: logdir = /home2/freerad0/freeradius/var/log/radius Fri Oct 29 15:29:22 2004 : Debug: main: libdir = /home2/freerad0/freeradius/lib Fri Oct 29 15:29:22 2004 : Debug: main: radacctdir = /home2/freerad0/freeradius/var/log/radius/radacct Fri Oct 29 15:29:22 2004 : Debug: main: hostname_lookups = no Fri Oct 29 15:29:22 2004 : Debug: main: max_request_time = 30 Fri Oct 29 15:29:22 2004 : Debug: main: cleanup_delay = 5 Fri Oct 29 15:29:22 2004 : Debug: main: max_requests = 256 Fri Oct 29 15:29:22 2004 : Debug: main: delete_blocked_requests = 0 Fri Oct 29 15:29:22 2004 : Debug: main: port = 1645 Fri Oct 29 15:29:22 2004 : Debug: main: allow_core_dumps = no Fri Oct 29 15:29:22 2004 : Debug: main: log_stripped_names = no Fri Oct 29 15:29:22 2004 : Debug: main: log_file = /home2/freerad0/freeradius/var/log/radius/radius.log Fri Oct 29 15:29:22 2004 : Debug: main: log_auth = no Fri Oct 29 15:29:22 2004 : Debug: main: log_auth_badpass = no Fri Oct 29 15:29:22 2004 : Debug: main: log_auth_goodpass = no Fri Oct 29 15:29:22 2004 : Debug: main: pidfile = /home2/freerad0/freeradius/var/run/radiusd/radiusd.pid Fri Oct 29 15:29:22 2004 : Debug: main: user = (null) Fri Oct 29 15:29:22 2004 : Debug: main: group = (null) Fri Oct 29 15:29:22 2004 : Debug: main: usercollide = no Fri Oct 29 15:29:22 2004 : Debug: main: lower_user = no Fri Oct 29 15:29:22 2004 : Debug: main: lower_pass = no Fri Oct 29 15:29:22 2004 : Debug: main: nospace_user = no Fri Oct 29 15:29:22 2004 : Debug: main: nospace_pass = no Fri Oct 29 15:29:22 2004 : Debug: main: checkrad = /home2/freerad0/freeradius/sbin/checkrad Fri Oct 29 15:29:22 2004 : Debug: main: proxy_requests = yes Fri Oct 29 15:29:22 2004 : Debug: proxy: retry_delay = 5 Fri Oct 29 15:29:22 2004 : Debug: proxy: retry_count = 3 Fri Oct 29 15:29:22 2004 : Debug: proxy: synchronous = no Fri Oct 29 15:29:22 2004 : Debug: proxy: default_fallback = yes Fri Oct 29 15:29:22 2004 : Debug: proxy: dead_time = 60 Fri Oct 29 15:29:22 2004 : Debug: proxy: post_proxy_authorize = no Fri Oct 29 15:29:22 2004 : Debug: proxy: wake_all_if_all_dead = no Fri Oct 29 15:29:22 2004 : Debug: security: max_attributes = 200 Fri Oct 29 15:29:22 2004 : Debug: security: reject_delay = 0 Fri Oct 29 15:29:22 2004 : Debug: security: status_server = no Fri Oct 29 15:29:22 2004 : Debug: main: debug_level = 0 Fri Oct 29 15:29:22 2004 : Debug: read_config_files: reading dictionary Fri Oct 29 15:29:23 2004 : Debug: read_config_files: reading naslist Fri Oct 29 15:29:23 2004 : Info: Using deprecated naslist file. Support for this will go away soon. Fri Oct 29 15:29:23 2004 : Debug: read_config_files: reading clients Fri Oct 29 15:29:23 2004 : Debug: read_config_files: reading realms Fri Oct 29 15:29:23 2004 : Debug: radiusd: entering
Re: radrelay segmentation failt
Alexander Serkin [EMAIL PROTECTED] wrote: When running radrelay on 162Mb accounting file it dies with segmentation fault. There is quite enough disk space on the working partition: It's probably a previously-reported bug in radrelay. version 1.0.2 will contain the fix. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem Configuring EAP
Hi I tried to configure EAP-md5 : I did NOT set Auth-Type := EAP in the users file (as written in eap.conf) moduel eap ist loaded: Module: Loaded eap eap: default_eap_type = md5 in the authorize and the authenticate section of radiusd.conf I entered eap but I get following errors: modcall: group authorize returns ok for request 1 auth: type Local auth: No User-Password or CHAP-Password attribute in the request auth: Failed to validate the user. the Server somehow does not find out to use EAP-md5 by its own If I set Auth-Type := EAP in the users file I get following error msg: modcall[authorize]: module files returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type EAP auth: type EAP ERROR: Unknown value specified for Auth-Type. Cannot perform requested action. auth: Failed to validate the user. could anybode help my ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Logging to syslog
Recently I installed 1.0.1 and am very pleased with it. One thing I would like to do is have it log to syslog so I can send the logs to a central server so technical staff can use the logs for troubleshooting. If I tell FreeRadius to log to syslog the correct way, it doesn't. I know the source supports it and understand how it should work but it refuses to log to syslog. I've seen a few posts about this but nobody seems to have figured it out. Anyone have any tips, or a direction for me? Thanks so much! Christian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem Configuring EAP
=?iso-8859-1?Q?Geissb=FChler_Johannes?= [EMAIL PROTECTED] wrote: I tried to configure EAP-md5 : I did NOT set Auth-Type := EAP in the users file (as written in eap.conf) Ok... in the authorize and the authenticate section of radiusd.conf I entered eap Why? They're already included in those sections. but I get following errors: modcall: group authorize returns ok for request 1 auth: type Local auth: No User-Password or CHAP-Password attribute in the request auth: Failed to validate the user. Read the REST OF THE DEBUG LOG to see if the eap module is being used. looking at only part of the debug log is a guaranteed way to miss important messages which tell you what the server is doing. the Server somehow does not find out to use EAP-md5 by its own Yes... read the debug log to see why. If I set Auth-Type := EAP in the users file I get following error msg: modcall[authorize]: module files returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type EAP auth: type EAP ERROR: Unknown value specified for Auth-Type. Cannot perform requested action. auth: Failed to validate the user. That doesn't sound right. could anybode help my ? Read the entire debug log. Or failing that, post it to the list. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Logging to syslog
Christian Reeves [EMAIL PROTECTED] wrote: If I tell FreeRadius to log to syslog the correct way, it doesn't. What correct way? I think that in 1.0.x, the -l syslog command-line option doesn't work. In the CVS snapshots, there is another, better way to tell the server to log to syslog. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Logging to syslog
If I tell FreeRadius to log to syslog the correct way, it doesn't. What correct way? I set the -l flag in the startup script and the -g flag to set the facility. In the CVS snapshots, there is another, better way to tell the server to log to syslog. I'll have a look at the snapshot and see what I come up with. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
migration to freeradius
Hello, I have an interesting problem. We are trying to migrate from Merit radius 3.6B to freeradius. It seems to work for 99% of the users, however about 1% of the users, it fails to receive a password for. If we point the NAS back to the merit server they get on without a problem. We are using USR/3COM Total Control HiperArc's. Anyone have an idea of what I can do to resolve this issue ? Wade - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: migration to freeradius
Wade Kemp [EMAIL PROTECTED] wrote: Hello, I have an interesting problem. We are trying to migrate from Merit radius 3.6B to freeradius. It seems to work for 99% of the users, however about 1% of the users, it fails to receive a password for. for the user? That's odd. The NAS sends packets, and doesn't know what kind of server it's sending packets to. So switching from Merit to FreeRADIUS makes *zero* difference to the packets sent by the NAS. I doubt very much that what you described is the problem. Can you post a debug log from FreeRADIUS of a request which works with Merit, but not with FreeRADIUS? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Can´t install FreeRadius 1.0.1-1 en Fedora Core 2
Title: Message someone else suggested this to me and it worked for me on FC 2 - ln -s /usr/include/et/com_err.h /usr/include/com_err.h Ron Ron Nutter[EMAIL PROTECTED]Network ManagerInformation Technology Services(502)863-7002Georgetown College Georgetown, KY40324-1696 -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of João Romariz SobrinhoSent: Friday, October 29, 2004 7:35 AMTo: [EMAIL PROTECTED]Subject: Can´t install FreeRadius 1.0.1-1 en Fedora Core 2 Hi, I´m trying to install freeradius 1.0.1-1 in a Fedora Core 2 box but I´m getting lots os errors inmake install command. libtool: install: `rlm_acct_unique.la' is not a valid libtool archiveTry `libtool --help --mode=install' for more information.gmake[6]: Leaving directory `/root/freeradius-snapshot-20041028/src/modules/rlm_acct_unique'Making install in rlm_always...gmake[6]: Entering directory `/root/freeradius-snapshot-20041028/src/modules/rlm_always'if [ "xrlm_always" != "x" ]; then \ /root/freeradius-snapshot-20041028/libtool --mode=install /root/freeradius-snapshot-20041028/install-sh -c -c \ rlm_always.la /usr/local/lib/rlm_always.la; \ rm -f /usr/local/lib/rlm_always-1.1.0-pre0.la; \ ln -s rlm_always.la /usr/local/lib/rlm_always-1.1.0-pre0.la; \filibtool: install: `rlm_always.la' is not a valid libtool archiveTry `libtool --help --mode=install' for more information.gmake[6]: Leaving directory `/root/freeradius-snapshot-20041028/src/modules/rlm_always'Making install in rlm_attr_filter...gmake[6]: Entering directory `/root/freeradius-snapshot-20041028/src/modules/rlm_attr_filter'if [ "xrlm_attr_filter" != "x" ]; then \ /root/freeradius-snapshot-20041028/libtool --mode=install /root/freeradius-snapshot-20041028/install-sh -c -c \ rlm_attr_filter.la /usr/local/lib/rlm_attr_filter.la; \ rm -f /usr/local/lib/rlm_attr_filter-1.1.0-pre0.la; \ ln -s rlm_attr_filter.la /usr/local/lib/rlm_attr_filter-1.1.0-pre0.la; \filibtool: install: `rlm_attr_filter.la' is not a valid libtool archiveTry `libtool --help --mode=install' for more information.gmake[6]: Leaving directory `/root/freeradius-snapshot-20041028/src/modules/rlm_attr_filter'Making install in rlm_attr_rewrite...gmake[6]: Entering directory `/root/freeradius-snapshot-20041028/src/modules/rlm_attr_rewrite'if [ "xrlm_attr_rewrite" != "x" ]; then \ /root/freeradius-snapshot-20041028/libtool --mode=install /root/freeradius-snapshot-20041028/install-sh -c -c \ rlm_attr_rewrite.la /usr/local/lib/rlm_attr_rewrite.la; \ rm -f /usr/local/lib/rlm_attr_rewrite-1.1.0-pre0.la; \ ln -s rlm_attr_rewrite.la /usr/local/lib/rlm_attr_rewrite-1.1.0-pre0.la; \filibtool: install: `rlm_attr_rewrite.la' is not a valid libtool archiveTry `libtool --help --mode=install' for more information.gmake[6]: Leaving directory `/root/freeradius-snapshot-20041028/src/modules/rlm_attr_rewrite'Making install in rlm_chap...gmake[6]: Entering directory `/root/freeradius-snapshot-20041028/src/modules/rlm_chap'if [ "xrlm_chap" != "x" ]; then \ /root/freeradius-snapshot-20041028/libtool --mode=install /root/freeradius-snapshot-20041028/install-sh -c -c \ rlm_chap.la /usr/local/lib/rlm_chap.la; \ rm -f /usr/local/lib/rlm_chap-1.1.0-pre0.la; \ ln -s rlm_chap.la /usr/local/lib/rlm_chap-1.1.0-pre0.la; \filibtool: install: `rlm_chap.la' is not a valid libtool archiveTry `libtool --help --mode=install' for more information.gmake[6]: Leaving directory `/root/freeradius-snapshot-20041028/src/modules/rlm_chap'Making install in rlm_checkval...gmake[6]: Entering directory `/root/freeradius-snapshot-20041028/src/modules/rlm_checkval'if [ "xrlm_checkval" != "x" ]; then \ /root/freeradius-snapshot-20041028/libtool --mode=install /root/freeradius-snapshot-20041028/install-sh -c -c \ rlm_checkval.la /usr/local/lib/rlm_checkval.la; \ rm -f /usr/local/lib/rlm_checkval-1.1.0-pre0.la; \ ln -s rlm_checkval.la /usr/local/lib/rlm_checkval-1.1.0-pre0.la; \filibtool: install: `rlm_checkval.la' is not a valid libtool archiveTry `libtool --help --mode=install' for more information.gmake[6]: Leaving directory `/root/freeradius-snapshot-20041028/src/modules/rlm_checkval'Making install in rlm_copy_packet...gmake[6]: Entering directory `/root/freeradius-snapshot-20041028/src/modules/rlm_copy_packet'if [ "xrlm_copy_packet" != "x" ]; then \ /root/freeradius-snapshot-20041028/libtool --mode=install /root/freeradius-snapshot-20041028/install-sh -c -c \ rlm_copy_packet.la /usr/local/lib/rlm_copy_packet.la; \ rm -f /usr/local/lib/rlm_copy_packet-1.1.0-pre0.la; \ ln -s rlm_copy_packet.la
SV: Eumulate authentication by java
Hi, Jradius is a good API. I have extended the API with vendor specific attributes and multiple attribute values which Im glad to share if you want it. Regards /P Frn: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Fr MaFai Skickat: Friday, October 29, 2004 8:16 AM Till: freeradius-users mne: Eumulate authentication by java Dear freeradius-users: Can we use the java program to emulate the authentication? We want to write some code to post request to the radius server, and make an authentication with this way? does it possible? Any java api? or other language API? Best regards. MaFai [EMAIL PROTECTED] 2004-10-29 34955929 image001.gif
RADIUS Proxy
Title: Nachricht Gurus, I'll need a RADIUS Proxy sytsem wich is able to proxy requests qualified by -usernam, -called-station-id, -source IP, to some other RADIUS servers. The big thing is: it must be fault tolerant and must proxy some thousends of requests per second (starting with 1000 complete sessions: Auth, Acct-Start, Acct-Stop). Would Freeradius be able to do this? Is there a nearly equivalent implementation around there? What would be the HW requirement? I'm thinking about an infrastucture ofsome loadbalancers hiding some systems to do the proxying. I don't need any HD writings for logfiles or sessiond data. The receivers of the packets will take care of the date. Logfiles for debug will be used sometimes. Thank You Stefan children1.gif
Re: RADIUS Proxy
On Fri, 29 Oct 2004, Stefan wrote: The big thing is: it must be fault tolerant and must proxy some thousends of requests per second (starting with 1000 complete sessions: Auth, Acct-Start, Acct-Stop). Would Freeradius be able to do this? Yes. Is there a nearly equivalent implementation around there? ??? What would be the HW requirement? Minimal. josh. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius - mysql auth issues
Having a bit of trouble with the setup on of MYSQL with Freeradius. I am able to test these accounts using DA's check password tool so I don't believe I have the wrong password. Where I seem to be missing some configuration is in the radiusd.conf file with regards to the auth: type . I cant for the life of me find where the setting would be to get radiusd to use mysql to check passwords. Please can someone point me in the right direction - I have reviewed most Free-radius mysql faq docs and havent see this particular error. Any help would be greatly appreciated - please review the debug below - everything seems fine until the auth: type local line. rad_recv: Access-Request packet from host 10.149.204.32:2293, id=6, length=46 User-Name = Andrew User-Password = removed Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_realm: No '@' in User-Name = Andrew, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 0 radius_xlat: 'Andrew' rlm_sql (sql): sql_set_user escaped user -- 'Andrew' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'Andrew' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'Andrew' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'Andrew' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'Andrew' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns ok for request 0 modcall: group authorize returns ok for request 0 auth: type Local auth: user supplied User-Password does NOT match local User-Password auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 6 to 10.149.204.32:2293 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 6 with timestamp 4182b32c Thanks, Andrew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems moving from FreeRADIUS 1.0.0 to version 1.0.1
Chaigneau Nicolas [EMAIL PROTECTED] wrote: I've been using FreeRADIUS 1.0.0 so far. I just tried to install FreeRADIUS 1.0.1, but I'm encountering a problem : I get a bus error upon receiving an access-request. Did you re-build you module in 1.0.1, or just re-use the lobrary from 1.0.0? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius - mysql auth issues
Kirk, Andrew J. [EMAIL PROTECTED] wrote: Where I seem to be missing some configuration is in the radiusd.conf file with regards to the auth: type . I cant for the life of me find where the setting would be to get radiusd to use mysql to check passwords. You don't. MySQL is a database, it stores user information (like passwords). FreeRADIUS is an authentication server. It uses databases like MySQL to get passwords, and then uses those passwords to authenticate people. auth: type Local auth: user supplied User-Password does NOT match local User-Password That's fairly definitive. The server got the users password from MySQL, but it didn't match what was in the packet. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
