RE: Fw: authorize and authenticate methods ina custom module
Thanks a lot Alan,I would like to explain what I am trying to develop. If someone has any advise, please tell me. This is my scenario:Until now, we have a RADIUS server (RADIUS PSI) which only receives Access-Request packets.Also we have a CGI application located in the URL http://X.Y.Z.W:8080/nucleo This application receives a set of parameters as an URL encoded string (all characters that are not a-z, A-Z or 0-9 are converted to their "URL escaped" version) with this form: Attribute1=Value1Attribute2=Value2... (where Attribute1, Attribute2... and Value1,Value2... are the differents Attribute/Value pairs obtained from the Access-Request packet) The CGI application consults a remote database (and normally authenticate the user using the telephone number; although there are other variants).According to the response obtained from the remote resource, the RADIUS server adds differents Attribute/Value pairs to the reply list, and always reply with an Access-Accept packet (whether or not the CGI application authenticate the user successfully)Now, we want to change to a FreeRadius server.I only want to call the remote resource (using th! e libcurl library) passing it the appropiates parameters and collect the information returned by it in order to create the reply list. As the CGI application performs the authorize and authenticate activities I am a little embarrassed to say that I am not sure which function should I implement (authorize or authenticate).Thank you very much in advanceBest wishes, Susana - Original Message - From: "Alan DeKok" <[EMAIL PROTECTED]>To: "FreeRadius users mailing list"Sent: Tuesday, January 03, 2006 4:31 PMSubject: Re: authorize and authenticate methods ina custom module Susana Macias <[EMAIL PROTECTED]>wrote: I have started working with the RADIUS protocol (and with FreeRadius in particular) three weeks ago. Congratulations for the product, it is really powerful! Thanks. But, when are the authorize() and authenticate() methods called? When a packet comes in. See doc/aaa.txt Is it necessary to include in the radiusd.conf the name of the instance (of the new module created) in the authorize section in order to call its authorize() method? Yes. Alan DeKok. - List info/subscribe/unsubscribe? Seehttp://www.freeradius.org/list/users.html Correo Yahoo!Comprueba qué es nuevo, aquíhttp://correo.yahoo.es- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
authorization depending on authentication (ldap)
Hi guys, First sorry for my bad english i am from austria ;-) i am running freeradius-1.0.2-5.5 i have a big problem here and cant solve it alone: there are 3 ldap instances: ldap1,ldap2,ldap3. and authenticate them all after another in the authentication section like this: authenticate { ldap1 ldap2 ldap3 } same in authorize-section: authorize { ldap1 ldap2 ldap3 } now my problem is, that if the user x is authenticated at ldap2 for instance the authorization fails cause the user isnt found at ldap1 (freeradius doesnt seem to try authorizing on ldap2 or ldap3) what i need would be a solution how to realize the following needs: if authentication runs over ldap1 authorize on ldap1 if authentication runs over ldap1 authorize on ldap2 if authentication runs over ldap1 authorize on ldap3 how can i do that? hope you guys can help me, i am searching for a solution for 3 days now and i havent got any ideo how to solve that :-( thanks and greetings from snowy austria! -- DSL-Aktion wegen großer Nachfrage bis 28.2.2006 verlängert: GMX DSL-Flatrate 1 Jahr kostenlos* http://www.gmx.net/de/go/dsl - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
In which point does the FR sever send the Access-Accept or Access-Reject packet?
Hy all,I have a doubt about when FreeRadius server decides to send an Access-Accept or an Access-Reject packet. When the authenticate module returns with a RLM_MODULE_REJECT, does the FR server send an Access-Reject packet? ordoes it occurlater? When the authenticate module returns with a RLM_MODULE_OK, does the FR server send the Access-Accept packet? ordoes it occurlater? Thanks in advance, Marta Correo Yahoo!Comprueba qué es nuevo, aquíhttp://correo.yahoo.es- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Installation problem Radiusd does not exist
I'm installing freeradius 1.0.5on a Debian Linux system I've downloaded tarball, extracted it with #tar zxvf freeradius-1.0.5.tar.gzI did: ./configure make make install But installation stops with following message: install: radiusd does not exist make[4]: ***[install] Error 2 Does anyone know what happened ?? Ing. Nicola IottiNetwork Managermailto: [EMAIL PROTECTED] Guglielmo S.r.l. Sede legale: Via Martiri di Minozzo, 12 Sede operativa: Via Sante Vincenzi ,2 / D 42100 Reggio Emilia ITALIA Tel.: +39-0522 - 40 63 67 Fax: +39-0522 - 54 08 16 Cell: +39-320 61 90 072 internet website: http://www.guglielmo.biz mailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: authorization depending on authentication (ldap)
[EMAIL PROTECTED] writes: i am running freeradius-1.0.2-5.5 there are 3 ldap instances: ldap1,ldap2,ldap3. and authenticate them all after another in the authentication section like this: authenticate { ldap1 ldap2 ldap3 } same in authorize-section: authorize { ldap1 ldap2 ldap3 } now my problem is, that if the user x is authenticated at ldap2 for instance the authorization fails cause the user isnt found at ldap1 (freeradius doesnt seem to try authorizing on ldap2 or ldap3) what i need would be a solution how to realize the following needs: if authentication runs over ldap1 authorize on ldap1 if authentication runs over ldap1 authorize on ldap2 if authentication runs over ldap1 authorize on ldap3 how can i do that? I assume you meant if authentication runs over ldap1 authorize on ldap1 if authentication runs over ldap2 authorize on ldap2 if authentication runs over ldap3 authorize on ldap3 The authenticate processing should set Auth-Type to an unique value for each instance. If you're using the default schema, then you can do that by adding a radiusAuthType ldap attribute to each user. Or maybe better: Use a default profile to set the appropriate radiusAuthType for each ldap instance. E.g. add something like this to the directories: ldap1: dn: cn=radprofile,ou=dialup,o=My Org,c=UA radiusAuthType: LDAP1 ldap2: dn: cn=radprofile,ou=dialup,o=My Org,c=UA radiusAuthType: LDAP2 ldap3: dn: cn=radprofile,ou=dialup,o=My Org,c=UA radiusAuthType: LDAP3 And then in radiusd.conf: modules { .. ldap ldap1 { .. default_profile = cn=radprofile,ou=dialup,o=My Org,c=UA .. } ldap ldap2 { .. default_profile = cn=radprofile,ou=dialup,o=My Org,c=UA .. } ldap ldap3 { .. default_profile = cn=radprofile,ou=dialup,o=My Org,c=UA .. } } .. authorize { Auth-Type LDAP1 { ldap1 } Auth-Type LDAP2 { ldap2 } Auth-Type LDAP3 { ldap3 } } Note: This would be a lot easier with freeradius-1.1, where I believe something like this would have been sufficient since rlm_ldap now sets Auth-Type to the instance name by default: authorize { Auth-Type ldap1 { ldap1 } Auth-Type ldap2 { ldap2 } Auth-Type ldap3 { ldap3 } } Bjørn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: authorization depending on authentication (ldap)
Bjørn Mork [EMAIL PROTECTED] writes: authorize { Auth-Type LDAP1 { ldap1 } Auth-Type LDAP2 { ldap2 } Auth-Type LDAP3 { ldap3 } } Note: This would be a lot easier with freeradius-1.1, where I believe something like this would have been sufficient since rlm_ldap now sets Auth-Type to the instance name by default: authorize { Auth-Type ldap1 { ldap1 } Auth-Type ldap2 { ldap2 } Auth-Type ldap3 { ldap3 } } Ooops, sorry. This should of course go into the authenticate section, *not* the authorize section. Bjørn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Installation problem Radiusd does not exist
Hi Nicola, Try compiling the debian stuff by executing dpkg-buildpackage from freeradius source dir. That will do the trick! You'll get debian packages ready to install (they will be placed outside the source dir. For example: src dir /home/nicola/freeradius-XX.YY debian packages in /home/nicola) Hope it helps! I'm installing freeradius 1.0.5 on a Debian Linux system I've downloaded tarball, extracted it with #tar zxvf freeradius-1.0.5.tar.gz I did : ./configure make make install But installation stops with following message: install: radiusd does not exist make[4]: ***[install] Error 2 Does anyone know what happened ?? Ing. Nicola Iotti Network Manager _mailto: [EMAIL PROTECTED] Guglielmo S.r.l. Sede legale: Via Martiri di Minozzo, 12 Sede operativa: Via Sante Vincenzi , 2 / D 42100 Reggio Emilia ITALIA Tel.: +39-0522 - 40 63 67 Fax: +39-0522 - 54 08 16 Cell: +39-320 61 90 072 internet website: _http://www.guglielmo.biz_ http://www.guglielmo.biz/ _mailto mailto:[EMAIL PROTECTED]:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]_ Add FUN to your email - CLICK HERE! http://www.incredimail.com/index.asp?id=54475 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: In which point does the FR sever send the Access-Accept or Access-Reject packet?
Marta Lajas [EMAIL PROTECTED] writes: I have a doubt about when FreeRadius server decides to send an Access-Accept or an Access-Reject packet. When the authenticate module returns with a RLM_MODULE_REJECT, does the FR server send an Access-Reject packet? or does it occur later? When the authenticate module returns with a RLM_MODULE_OK, does the FR server send the Access-Accept packet? or does it occur later? You can find the answers in src/main/modcall.c. The default authenticate actions are: { MOD_ACTION_RETURN, /* reject */ 1, /* fail */ MOD_ACTION_RETURN, /* ok */ MOD_ACTION_RETURN, /* handled */ 1, /* invalid */ MOD_ACTION_RETURN, /* userlock */ MOD_ACTION_RETURN, /* notfound */ 1, /* noop */ 1 /* updated */ }, Which means that both RLM_MODULE_REJECT and RLM_MODULE_OK will cause an immediate return action without calling any further modules in the authenticate section. Note that these actions may be modified by redundant or append module grouping, or even configured on code by code basis. See doc/configurable_failover The modules in postauth will of course still be called before sending Access-Reject or Access-Accept. Bjørn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Installation problem Radiusd does not exist
Nicola Iotti wrote: I'm installing freeradius 1.0.5 on a Debian Linux system I've downloaded tarball, extracted it with #tar zxvf freeradius-1.0.5.tar.gz I did : ./configure make make install You should just get the Debian binary package with apt-get. If you really want to recompile FreeRADIUS from source, see the advices on the wiki: http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ#How_do_I_build_a_Debian_package_from_sources.3F And please turn off HTML in your email client when posting to this mailing list: http://freeradius.org/list/users.html -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Installation problem Radiusd does not exist
Hello, #tar zxvf freeradius-1.0.5.tar.gz #cd freeradius-1.0.5 #./configure --localstatedir=/var --sysconfdir=/etc #make #make install for command debian; ozgur:~# apt-cache search freeradius freeradius - a high-performance and highly configurable server #apt-get install freeradius and #cd /etc/raddb #pico users #pico clients.conf for edit users and clients file, #radiusd -X - Original Message - From: Nicolas Baradakis [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Subject: Re: Installation problem Radiusd does not exist Date: Thu, 5 Jan 2006 12:47:08 +0100 Nicola Iotti wrote: I'm installing freeradius 1.0.5 on a Debian Linux system I've downloaded tarball, extracted it with #tar zxvf freeradius-1.0.5.tar.gz I did : ./configure make make install You should just get the Debian binary package with apt-get. If you really want to recompile FreeRADIUS from source, see the advices on the wiki: http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ#How_do_I_build_a_Debian_package_from_sources.3F And please turn off HTML in your email client when posting to this mailing list: http://freeradius.org/list/users.html -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html +-+-+-+ BEGIN PGP SIGNATURE +-+-+-+ Version: GnuPG v1.4.2 (GNU/Linux) .-. .-._ : : : : :_; .-' : .--. : `-. .-. .--. ,-.,-. ' .; :' '_.'' .; :: :' .; ; : ,. : `.__.'`.__.'`.__.':_;`.__,_;:_;:_; Kai Ozgur Geek Network Engineer PGP ID: B1B63B6E +-+-+-+ END PGP SIGNATURE +-+-+-+ -- ___ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
acct_unique
Good day. I need to use such a construction in radiusd.conf acct_unique acct_std{ key = User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port } acct_unique acct_PIX{ key = Acct-Session-Id, NAS-IP-Address, Login-IP-Host, Login-TCP-Port } preacct { preprocess Acct-Type PIX{ acct_PIX } acct_std } BUT got an error when i do radiusd -X: .. .. Module: Instantiated sql (sql) radiusd.conf[1683] Unknown module rcode 'acct_PIX'. In radiusd.conf there are the strings: string 1682: Acct-Type PIX{ string 1683: acct_PIX string 1684:} WHERE IS MY MISTAKE ? And a questions - Why we need to use attribute Acct-Unique-Session-Id ? I use sql database for accounting, there we have unique index radacctid and i need to understand the purpose and advantages of using the attribute Acct-Unique-Session-Id THANKS - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Fw: In which point does the FR sever send the Access-Accept orAccess-Reject packet?
Thank you very much Bjørn. So it is after the post-auth section when the FreeRadius server decides to send an Access-Accept or an Access-Reject packet (in response of a previous Access-Request packet) depending on the result (success or not, OK or REJECT) of the authenticate method. Am I right?Best regards, Marta - Original Message - From: "Bjørn Mork" <[EMAIL PROTECTED]>To: "FreeRadius users mailing list"Sent: Thursday, January 05, 2006 12:42 PMSubject: Re: In which point does the FR sever send the Access-AcceptorAccess-Reject packet? Marta Lajas <[EMAIL PROTECTED]>writes: I have a doubt about when FreeRadius server decides to send an Access-Accept or an Access-! Reject packet. When the authenticate module returns with a RLM_MODULE_REJECT, does the FR server send an Access-Reject packet? or does it occur later? When the authenticate module returns with a RLM_MODULE_OK, does the FR server send the Access-Accept packet? or does it occur later? You can find the answers in src/main/modcall.c. The default authenticate actions are: { MOD_ACTION_RETURN, /* reject */ 1, /* fail */ MOD_ACTION_RETURN, /* ok */ MOD_ACTION_RETURN, /* handled */ 1, /* invalid */ MOD_ACTION_RETURN, /* userlock */ MOD_ACTION_RETURN, /* notfound */ 1, /* noop */ 1 /* updated */ }, Which means that both RLM_MODULE_REJECT and RLM_MODULE_OK will cause an immediate return action without calling any further modules in the authe! nticate section. Note that these actions may be modified by "redundant" or "append" module grouping, or even configured on code by code basis. See doc/configurable_failover The modules in postauth will of course still be called before sending Access-Reject or Access-Accept. Bjørn - List info/subscribe/unsubscribe? Seehttp://www.freeradius.org/list/users.html Correo Yahoo!Comprueba qué es nuevo, aquíhttp://correo.yahoo.es- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: authorization depending on authentication (ldap)
I assume you meant if authentication runs over ldap1 authorize on ldap1 if authentication runs over ldap2 authorize on ldap2 if authentication runs over ldap3 authorize on ldap3 sorry my fault - should check my copy-paste better ;-) The authenticate processing should set Auth-Type to an unique value for each instance. If you're using the default schema, then you can do that by adding a radiusAuthType ldap attribute to each user. Or maybe better: Use a default profile to set the appropriate radiusAuthType for each ldap instance. E.g. add something like this to the directories: ldap1: dn: cn=radprofile,ou=dialup,o=My Org,c=UA radiusAuthType: LDAP1 ldap2: dn: cn=radprofile,ou=dialup,o=My Org,c=UA radiusAuthType: LDAP2 ldap3: dn: cn=radprofile,ou=dialup,o=My Org,c=UA radiusAuthType: LDAP3 hm, i dont understand where i should add this kind of lines. i guess they should be in the users file as an default entry. can you give a complete working sample for such an entry? sorry if this would be base-knowledge but i dont know how to check ldap-settings in the users file. thanks in advance Stefan --- Ursprüngliche Nachricht --- Von: Bjørn Mork [EMAIL PROTECTED] An: FreeRadius users mailing list freeradius-users@lists.freeradius.org Betreff: Re: authorization depending on authentication (ldap) Datum: Thu, 05 Jan 2006 11:56:33 +0100 [EMAIL PROTECTED] writes: i am running freeradius-1.0.2-5.5 there are 3 ldap instances: ldap1,ldap2,ldap3. and authenticate them all after another in the authentication section like this: authenticate { ldap1 ldap2 ldap3 } same in authorize-section: authorize { ldap1 ldap2 ldap3 } now my problem is, that if the user x is authenticated at ldap2 for instance the authorization fails cause the user isnt found at ldap1 (freeradius doesnt seem to try authorizing on ldap2 or ldap3) what i need would be a solution how to realize the following needs: if authentication runs over ldap1 authorize on ldap1 if authentication runs over ldap1 authorize on ldap2 if authentication runs over ldap1 authorize on ldap3 how can i do that? I assume you meant if authentication runs over ldap1 authorize on ldap1 if authentication runs over ldap2 authorize on ldap2 if authentication runs over ldap3 authorize on ldap3 The authenticate processing should set Auth-Type to an unique value for each instance. If you're using the default schema, then you can do that by adding a radiusAuthType ldap attribute to each user. Or maybe better: Use a default profile to set the appropriate radiusAuthType for each ldap instance. E.g. add something like this to the directories: ldap1: dn: cn=radprofile,ou=dialup,o=My Org,c=UA radiusAuthType: LDAP1 ldap2: dn: cn=radprofile,ou=dialup,o=My Org,c=UA radiusAuthType: LDAP2 ldap3: dn: cn=radprofile,ou=dialup,o=My Org,c=UA radiusAuthType: LDAP3 And then in radiusd.conf: modules { .. ldap ldap1 { .. default_profile = cn=radprofile,ou=dialup,o=My Org,c=UA .. } ldap ldap2 { .. default_profile = cn=radprofile,ou=dialup,o=My Org,c=UA .. } ldap ldap3 { .. default_profile = cn=radprofile,ou=dialup,o=My Org,c=UA .. } } .. authorize { Auth-Type LDAP1 { ldap1 } Auth-Type LDAP2 { ldap2 } Auth-Type LDAP3 { ldap3 } } Note: This would be a lot easier with freeradius-1.1, where I believe something like this would have been sufficient since rlm_ldap now sets Auth-Type to the instance name by default: authorize { Auth-Type ldap1 { ldap1 } Auth-Type ldap2 { ldap2 } Auth-Type ldap3 { ldap3 } } Bjørn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Telefonieren Sie schon oder sparen Sie noch? NEU: GMX Phone_Flat http://www.gmx.net/de/go/telefonie - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: authorization depending on authentication (ldap)
I assume you meant if authentication runs over ldap1 authorize on ldap1 if authentication runs over ldap2 authorize on ldap2 if authentication runs over ldap3 authorize on ldap3 sorry my fault - should check my copy-paste better ;-) The authenticate processing should set Auth-Type to an unique value for each instance. If you're using the default schema, then you can do that by adding a radiusAuthType ldap attribute to each user. Or maybe better: Use a default profile to set the appropriate radiusAuthType for each ldap instance. E.g. add something like this to the directories: ldap1: dn: cn=radprofile,ou=dialup,o=My Org,c=UA radiusAuthType: LDAP1 ldap2: dn: cn=radprofile,ou=dialup,o=My Org,c=UA radiusAuthType: LDAP2 ldap3: dn: cn=radprofile,ou=dialup,o=My Org,c=UA radiusAuthType: LDAP3 hm, i dont understand where i should add this kind of lines. i guess they should be in the users file as an default entry. can you give a complete working sample for such an entry? sorry if this would be base-knowledge but i dont know how to check ldap-settings in the users file. thanks in advance Stefan --- Ursprüngliche Nachricht --- Von: Bjørn Mork [EMAIL PROTECTED] An: FreeRadius users mailing list freeradius-users@lists.freeradius.org Betreff: Re: authorization depending on authentication (ldap) Datum: Thu, 05 Jan 2006 11:56:33 +0100 [EMAIL PROTECTED] writes: i am running freeradius-1.0.2-5.5 there are 3 ldap instances: ldap1,ldap2,ldap3. and authenticate them all after another in the authentication section like this: authenticate { ldap1 ldap2 ldap3 } same in authorize-section: authorize { ldap1 ldap2 ldap3 } now my problem is, that if the user x is authenticated at ldap2 for instance the authorization fails cause the user isnt found at ldap1 (freeradius doesnt seem to try authorizing on ldap2 or ldap3) what i need would be a solution how to realize the following needs: if authentication runs over ldap1 authorize on ldap1 if authentication runs over ldap1 authorize on ldap2 if authentication runs over ldap1 authorize on ldap3 how can i do that? I assume you meant if authentication runs over ldap1 authorize on ldap1 if authentication runs over ldap2 authorize on ldap2 if authentication runs over ldap3 authorize on ldap3 The authenticate processing should set Auth-Type to an unique value for each instance. If you're using the default schema, then you can do that by adding a radiusAuthType ldap attribute to each user. Or maybe better: Use a default profile to set the appropriate radiusAuthType for each ldap instance. E.g. add something like this to the directories: ldap1: dn: cn=radprofile,ou=dialup,o=My Org,c=UA radiusAuthType: LDAP1 ldap2: dn: cn=radprofile,ou=dialup,o=My Org,c=UA radiusAuthType: LDAP2 ldap3: dn: cn=radprofile,ou=dialup,o=My Org,c=UA radiusAuthType: LDAP3 And then in radiusd.conf: modules { .. ldap ldap1 { .. default_profile = cn=radprofile,ou=dialup,o=My Org,c=UA .. } ldap ldap2 { .. default_profile = cn=radprofile,ou=dialup,o=My Org,c=UA .. } ldap ldap3 { .. default_profile = cn=radprofile,ou=dialup,o=My Org,c=UA .. } } .. authorize { Auth-Type LDAP1 { ldap1 } Auth-Type LDAP2 { ldap2 } Auth-Type LDAP3 { ldap3 } } Note: This would be a lot easier with freeradius-1.1, where I believe something like this would have been sufficient since rlm_ldap now sets Auth-Type to the instance name by default: authorize { Auth-Type ldap1 { ldap1 } Auth-Type ldap2 { ldap2 } Auth-Type ldap3 { ldap3 } } Bjørn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Telefonieren Sie schon oder sparen Sie noch? NEU: GMX Phone_Flat http://www.gmx.net/de/go/telefonie - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: authorization depending on authentication (ldap)
sorry, now i understand what you meant with that: ldap1: dn: cn=radprofile,ou=dialup,o=My Org,c=UA radiusAuthType: LDAP1 ldap2: dn: cn=radprofile,ou=dialup,o=My Org,c=UA radiusAuthType: LDAP2 ldap3: dn: cn=radprofile,ou=dialup,o=My Org,c=UA radiusAuthType: LDAP3 i should chance the ldap-directory. isnt it possible to make it fit my needs without changing the ldap-directory? without freeradius-1.1? --- Ursprüngliche Nachricht --- Von: [EMAIL PROTECTED] An: FreeRadius users mailing list freeradius-users@lists.freeradius.org Betreff: Re: authorization depending on authentication (ldap) Datum: Thu, 5 Jan 2006 13:30:16 +0100 (MET) I assume you meant if authentication runs over ldap1 authorize on ldap1 if authentication runs over ldap2 authorize on ldap2 if authentication runs over ldap3 authorize on ldap3 sorry my fault - should check my copy-paste better ;-) The authenticate processing should set Auth-Type to an unique value for each instance. If you're using the default schema, then you can do that by adding a radiusAuthType ldap attribute to each user. Or maybe better: Use a default profile to set the appropriate radiusAuthType for each ldap instance. E.g. add something like this to the directories: ldap1: dn: cn=radprofile,ou=dialup,o=My Org,c=UA radiusAuthType: LDAP1 ldap2: dn: cn=radprofile,ou=dialup,o=My Org,c=UA radiusAuthType: LDAP2 ldap3: dn: cn=radprofile,ou=dialup,o=My Org,c=UA radiusAuthType: LDAP3 hm, i dont understand where i should add this kind of lines. i guess they should be in the users file as an default entry. can you give a complete working sample for such an entry? sorry if this would be base-knowledge but i dont know how to check ldap-settings in the users file. thanks in advance Stefan --- Ursprüngliche Nachricht --- Von: Bjørn Mork [EMAIL PROTECTED] An: FreeRadius users mailing list freeradius-users@lists.freeradius.org Betreff: Re: authorization depending on authentication (ldap) Datum: Thu, 05 Jan 2006 11:56:33 +0100 [EMAIL PROTECTED] writes: i am running freeradius-1.0.2-5.5 there are 3 ldap instances: ldap1,ldap2,ldap3. and authenticate them all after another in the authentication section like this: authenticate { ldap1 ldap2 ldap3 } same in authorize-section: authorize { ldap1 ldap2 ldap3 } now my problem is, that if the user x is authenticated at ldap2 for instance the authorization fails cause the user isnt found at ldap1 (freeradius doesnt seem to try authorizing on ldap2 or ldap3) what i need would be a solution how to realize the following needs: if authentication runs over ldap1 authorize on ldap1 if authentication runs over ldap1 authorize on ldap2 if authentication runs over ldap1 authorize on ldap3 how can i do that? I assume you meant if authentication runs over ldap1 authorize on ldap1 if authentication runs over ldap2 authorize on ldap2 if authentication runs over ldap3 authorize on ldap3 The authenticate processing should set Auth-Type to an unique value for each instance. If you're using the default schema, then you can do that by adding a radiusAuthType ldap attribute to each user. Or maybe better: Use a default profile to set the appropriate radiusAuthType for each ldap instance. E.g. add something like this to the directories: ldap1: dn: cn=radprofile,ou=dialup,o=My Org,c=UA radiusAuthType: LDAP1 ldap2: dn: cn=radprofile,ou=dialup,o=My Org,c=UA radiusAuthType: LDAP2 ldap3: dn: cn=radprofile,ou=dialup,o=My Org,c=UA radiusAuthType: LDAP3 And then in radiusd.conf: modules { .. ldap ldap1 { .. default_profile = cn=radprofile,ou=dialup,o=My Org,c=UA .. } ldap ldap2 { .. default_profile = cn=radprofile,ou=dialup,o=My Org,c=UA .. } ldap ldap3 { .. default_profile = cn=radprofile,ou=dialup,o=My Org,c=UA .. } } .. authorize { Auth-Type LDAP1 { ldap1 } Auth-Type LDAP2 { ldap2 } Auth-Type LDAP3 { ldap3 } } Note: This would be a lot easier with freeradius-1.1, where I believe something like this would have been sufficient since rlm_ldap now sets Auth-Type to the instance name by default: authorize { Auth-Type ldap1 {
Re: authorization depending on authentication (ldap)
i managed it, there is one attribute in our ldap where i can exactly define where the user should be authorized. With the radiusAuthType Attribute it works now perfectly. thanks a lot for this litte hint :-) Stefan --- Ursprüngliche Nachricht --- Von: [EMAIL PROTECTED] An: FreeRadius users mailing list freeradius-users@lists.freeradius.org Betreff: Re: authorization depending on authentication (ldap) Datum: Thu, 5 Jan 2006 13:56:35 +0100 (MET) sorry, now i understand what you meant with that: ldap1: dn: cn=radprofile,ou=dialup,o=My Org,c=UA radiusAuthType: LDAP1 ldap2: dn: cn=radprofile,ou=dialup,o=My Org,c=UA radiusAuthType: LDAP2 ldap3: dn: cn=radprofile,ou=dialup,o=My Org,c=UA radiusAuthType: LDAP3 i should chance the ldap-directory. isnt it possible to make it fit my needs without changing the ldap-directory? without freeradius-1.1? --- Ursprüngliche Nachricht --- Von: [EMAIL PROTECTED] An: FreeRadius users mailing list freeradius-users@lists.freeradius.org Betreff: Re: authorization depending on authentication (ldap) Datum: Thu, 5 Jan 2006 13:30:16 +0100 (MET) I assume you meant if authentication runs over ldap1 authorize on ldap1 if authentication runs over ldap2 authorize on ldap2 if authentication runs over ldap3 authorize on ldap3 sorry my fault - should check my copy-paste better ;-) The authenticate processing should set Auth-Type to an unique value for each instance. If you're using the default schema, then you can do that by adding a radiusAuthType ldap attribute to each user. Or maybe better: Use a default profile to set the appropriate radiusAuthType for each ldap instance. E.g. add something like this to the directories: ldap1: dn: cn=radprofile,ou=dialup,o=My Org,c=UA radiusAuthType: LDAP1 ldap2: dn: cn=radprofile,ou=dialup,o=My Org,c=UA radiusAuthType: LDAP2 ldap3: dn: cn=radprofile,ou=dialup,o=My Org,c=UA radiusAuthType: LDAP3 hm, i dont understand where i should add this kind of lines. i guess they should be in the users file as an default entry. can you give a complete working sample for such an entry? sorry if this would be base-knowledge but i dont know how to check ldap-settings in the users file. thanks in advance Stefan --- Ursprüngliche Nachricht --- Von: Bjørn Mork [EMAIL PROTECTED] An: FreeRadius users mailing list freeradius-users@lists.freeradius.org Betreff: Re: authorization depending on authentication (ldap) Datum: Thu, 05 Jan 2006 11:56:33 +0100 [EMAIL PROTECTED] writes: i am running freeradius-1.0.2-5.5 there are 3 ldap instances: ldap1,ldap2,ldap3. and authenticate them all after another in the authentication section like this: authenticate { ldap1 ldap2 ldap3 } same in authorize-section: authorize { ldap1 ldap2 ldap3 } now my problem is, that if the user x is authenticated at ldap2 for instance the authorization fails cause the user isnt found at ldap1 (freeradius doesnt seem to try authorizing on ldap2 or ldap3) what i need would be a solution how to realize the following needs: if authentication runs over ldap1 authorize on ldap1 if authentication runs over ldap1 authorize on ldap2 if authentication runs over ldap1 authorize on ldap3 how can i do that? I assume you meant if authentication runs over ldap1 authorize on ldap1 if authentication runs over ldap2 authorize on ldap2 if authentication runs over ldap3 authorize on ldap3 The authenticate processing should set Auth-Type to an unique value for each instance. If you're using the default schema, then you can do that by adding a radiusAuthType ldap attribute to each user. Or maybe better: Use a default profile to set the appropriate radiusAuthType for each ldap instance. E.g. add something like this to the directories: ldap1: dn: cn=radprofile,ou=dialup,o=My Org,c=UA radiusAuthType: LDAP1 ldap2: dn: cn=radprofile,ou=dialup,o=My Org,c=UA radiusAuthType: LDAP2 ldap3: dn: cn=radprofile,ou=dialup,o=My Org,c=UA radiusAuthType: LDAP3 And then in radiusd.conf: modules { .. ldap ldap1 { .. default_profile = cn=radprofile,ou=dialup,o=My Org,c=UA .. } ldap ldap2 { .. default_profile = cn=radprofile,ou=dialup,o=My Org,c=UA .. } ldap ldap3 {
NAS-identifier instead of IP-identifier
Hello, I am new to freeradius and need a little help We are going to be deploying a bunch of Wireless Routers all over the place and they may have DHCP addresses on them instead of static WAN addresses..When a client associates to our Wireless Router they are redirected to the Radius Server which then creates a secure session onto the internet(WPA etc) Is there a way of identifying the router to our FreeRadius server without having a static IP address on each Router? Cheers Rob - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP-TLS and user configuration
Hi, I must ti configure an authentication server with freeradius 1.0.5. The authentication method must be EAP-TLS. I have configured the files: eap.conf, radiusd.conf, clients.conf I would to known: 1) If I must configure /etc/raddb/users 2) How to configure /etc/raddb/users 3) Authentication operation will be showed in the any files in the system Thanks ___ Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB http://mail.yahoo.it - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
LDAP scope
Hi! Is it possible to specify a basedn of dc=example,dc=com with a scope of sub so that my search filters can apply to both ou=People and ou=Computers for example? It seems from my testing that the scope is one by default. The reason I would like to do this is to have the check box in Windows XP that says Authenticate as computer... checked. Doing this, FreeRADIUS is first presented with the credentials of the computer (host/name). Since I already have a computer account in ou=Computers, I figure I'd just add a cn=host/name attribute and modify the filter to be (|(uid=%{User-Name})(cn=%{User-Name})). But this can only work with a basedn of dc=example,dc=com and a scope of sub. Thanks! Stefan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: In which point does the FR sever send the Access-Accept or Access-Reject packet?
Marta Lajas [EMAIL PROTECTED] wrote: I have a doubt about when FreeRadius server decides to send an Access-Accept or an Access-Reject packet. Why ask the list when you can run it yourself and see? When the authenticate module returns with a RLM_MODULE_REJECT, does the FR server send an Access-Reject packet? or does it occur later? Yes. It *may* occur later because of reject_delay. See radiusd.conf. When the authenticate module returns with a RLM_MODULE_OK, does the FR server send the Access-Accept packet? or does it occur later? Yes. And it's sent immediately. I can't help but think these questions are *not* the questions you want answered. What problem are you trying to solve? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: acct_unique
Velikanov [EMAIL PROTECTED] wrote: preacct { preprocess Acct-Type PIX{ acct_PIX } You put an Acct-Type in a preacct section. That won't work. Acct-Types have to go into accounting sections. radiusd.conf[1683] Unknown module rcode 'acct_PIX'. It's treating Acct-Type as a module name, because Acct-Types don't belong in preacct sections. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: NAS-identifier instead of IP-identifier
Rob Cleminson [EMAIL PROTECTED] wrote: Is there a way of identifying the router to our FreeRadius server without having a static IP address on each Router? Configure a networked client in clients.conf. See the examples there. The NASes all have to have the same secret, though. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: NAS-identifier instead of IP-identifier
I don't believe so. Not if you use the NAS-IP-Address attribute. Traditionally that was used for access servers on the coporate level and due to the nature of their work they had static IP addresses. I for one would not want my APs (if I were deploying a wide area wireless network) to have dynamic IP addresses. The administration of that would seem to become a nightmare unless you use a dynamic dns service, but that seems kind of corny for a service provider. I may be talking out my butt, and I don't mean anything by it, I just wouldn't use dynamic ip addresses for any of my network infrastructure. Usually static IP address aren't that much more from your upstream provider. On second thought, what if you created a VPN tunnel from the AP (using, say OpenWrt) and then you could assign static private IPs to the AP? Would this work? I hope this was useful, but somebody else will probably come up with a lot more intelligent answer. Richard Rob Cleminson wrote: Hello, I am new to freeradius and need a little help We are going to be deploying a bunch of Wireless Routers all over the place and they may have DHCP addresses on them instead of static WAN addresses..When a client associates to our Wireless Router they are redirected to the Radius Server which then creates a secure session onto the internet(WPA etc) Is there a way of identifying the router to our FreeRadius server without having a static IP address on each Router? Cheers Rob - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MySQL settings causing FreeRADIUS to segfault
Hello again,I got the DialupAdmin/SQL problem fixed (Thanks) but now I'm running into a problem with FreeRADIUS. I've tried following several different guides I've found on the net for setting up FreeRADIUS and MySQL and each time, I get the same results. Whenever, I enable anything regarding SQL in radiusd.conf and start up radiusd in debug mode (radiusd -X), FreeRADIUS segfaults. If I start the program with -x, I get the same results however when I start up radiusd without any options (radiusd, by itself), the program starts fine. Could this be a configuration issue in FreeRADIUS or something messed up with my Ubuntu install? We've tried authenticating when FreeRADIUS is started without command-line options and it does not accept the information in the MySQL database inputed via Dialupadmin.If needed, I can post my config files. I figured I'd wait to see if it was needed before doing so.Thanks- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Failed to link to module 'rlm_exec': /usr/local/lib/rlm_exec.a: invalid ELF header
Mathieu Clément wrote: Good morning, Look at this: --- # radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /usr/local/var main: logdir = /usr/local/var/log/radius main: libdir = /usr/local/lib main: radacctdir = /usr/local/var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /usr/local/var/log/radius/radius.log main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /usr/local/var/run/radiusd/radiusd.pid main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib radiusd.conf[1383] Failed to link to module 'rlm_exec': /usr/local/lib/rlm_exec.a: invalid ELF header Running mandrake with mysql. Second question: How to add users in the mysql table ? I see UserName, value, etc. but where to put the password, and which format (md5 ? sha1 ? cleared-text ?) Thank you in advance, Have a good day. Mathieu --- avast! Antivirus: message Sortant propre. Base de donnÚes des virus (VPS): 0601-1, 03/01/2006 Test du: 05/01/2006 02:47:50 avast! - copyright (c) 1988-2004 ALWIL Software. http://www.avast.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Connection TimeOut!!!
Title: Connection TimeOut!!! Hello: RH 9.0, freeRADIUS 1.4 I have been using freeRADIUS for the last 10 Months. Works great. I like to setup a maximum connection time of 120 minutes for each user. I am a complete newbie. Can somebody direct me to the file I need to set the timeout time? I also need to know the exact command, if possible. Thanks in Advance. Kirt - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Connection TimeOut!!!
Hello: RH 9.0, freeRADIUS 1.4 I have been using freeRADIUS for the last 10 Months. Works great. I like to setup a maximum connection time of 120 minutes for each user. I am a complete newbie. Can somebody direct me to the file I need to set the timeout time? I also need to know the exact command, if possible. Do you mean max connection time before logging in again? In that case, you usually just need to add Session-Timeout = xxx With xxx being the number of seconds before timing out. If you want to give them say 120 minutes each day or week or month. Then you should look at rlm_sql_counter. Install freeradius with experimental modules and read experimental.conf. This is all dependant on your NAS accepting the Session-Timeout variable and actually ending the session at that time. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP scope
Stefan Adams wrote: Hi! Is it possible to specify a basedn of dc=example,dc=com with a scope of sub so that my search filters can apply to both ou=People and ou=Computers for example? It seems from my testing that the scope is one by default. From my experience it is a scope of sub by default. My people are in the data store like: dn: uid=gaa,ou=people,dc=ulticom,dc=com and my ldap section of radius.conf is: ldap { server = ldap.ulticom.com basedn = dc=ulticom,dc=com filter = ((objectclass=person)(uid=%{Stripped-User-Name:-%{User-Name}})) do_xlat = yes base_filter = (objectclass=*) start_tls = no access_attr = uid dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 timeout = 4 timelimit = 3 net_timeout = 1 } The reason I would like to do this is to have the check box in Windows XP that says Authenticate as computer... checked. Doing this, FreeRADIUS is first presented with the credentials of the computer (host/name). Since I already have a computer account in ou=Computers, I figure I'd just add a cn=host/name attribute and modify the filter to be (|(uid=%{User-Name})(cn=%{User-Name})). But this can only work with a basedn of dc=example,dc=com and a scope of sub. The thing to watch out for is the actual LDAP lookup may not be what you think. Without special regex matches or other tricks it will only lookup your hostname. For instance with a user of gaa on host malachite, the supplied user value is MALACHITE\GAA. This then results in an LDAP lookup of (from radiusd -X): - rlm_ldap: performing user authorization for MALACHITE\gaa radius_xlat: '((objectclass=person)(uid=MALACHITE))' radius_xlat: 'dc=ulticom,dc=com' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=ulticom,dc=com, with filter ((objectclass=person)(uid=MALACHITE)) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 - I tried to handle it with this: hints file: ... DEFAULT NAS-IP-Address == 172.25.16.9, User-Name =~ ^(.*)(.*) Hint = 8021XUSER, Stripped-User-Name = `${2}` ... users file: ... DEFAULT Hint == 8021XUSER Fall-Through = 1 ... This strips the hostname off, mostly. I see it do several uid=gaa lookups, then one uid=MALACHITE and then it fails. If you get it to work, let me know. All I want to do is lookup the user. If you want to use the hostname, how will you match the password? What credentials are you expecting it to pass? I was under the assumption that when you select Authenticate as computer... it expects to use certificates (I may be wrong here). The format of the password when using the Windows domain style login is the Windows encrypted format (actually a hash, not encrypted, but you still can't recreate the clear text password). The the default configuration, this value is matched against the LDAP attribute sambaNTPassword. This assumes that you are already using Samba for SMB/CIFS access. (I am). Thanks! Stefan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Gary Algier, WB2FWZ gaa at ulticom.com +1 856 787 2758 Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054 Fax:+1 856 866 2033 Nielsen's First Law of Computer Manuals: People don't read documentation voluntarily. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fw: authorize and authenticate methods ina custom module
I've done something like this. You should write a custom script for the authorization section, put something like this in radiusd.conf modules { . exec myscript { program = /path/to/myscript %{User-Name} wait = yes input_pairs = request output_pairs = config packet_type = Access-Accept } . } authorize { . pap chap myscript .. } Assuming it's a shell script, it has do this: - retrieve the parameters of the Access-Request. User-Name is passed as an argument, other attributes can be access from the environment variables or passed as addition myscript arguments - then call the cgi with the approriate parameters using curl - if the user exists, the cgi should return the Password XX to myscript (I'm assuming PAP/CHAP is used for authentication) - then myscript will write Password =X to stdout (it will make a config attribute for freeradius) and then exit(0) - if the cgi says that the user does not exits. Exit(0) without writing anything to stdout. This way other authorization modules may try to find the user. If the user really does not exist anywhere, the access-reject will be decided during PAP/CHAP authentication. (a user with no password = reject) Yannick Deltroo On 1/5/06, Susana Macias [EMAIL PROTECTED] wrote: Thanks a lot Alan, I would like to explain what I am trying to develop. If someone has any advise, please tell me. This is my scenario: Until now, we have a RADIUS server (RADIUS PSI) which only receives Access-Request packets. Also we have a CGI application located in the URL http://X.Y.Z.W:8080/nucleo This application receives a set of parameters as an URL encoded string (all characters that are not a-z, A-Z or 0-9 are converted to their URL escaped version) with this form: Attribute1=Value1Attribute2=Value2... (where Attribute1, Attribute2... and Value1,Value2... are the differents Attribute/Value pairs obtained from the Access-Request packet) The CGI application consults a remote database (and normally authenticate the user using the telephone number; although there are other variants). According to the response obtained from the remote resource, the RADIUS server adds differents Attribute/Value pairs to the reply list, and always reply with an Access-Accept packet (whether or not the CGI application authenticate the user successfully) Now, we want to change to a FreeRadius server. I only want to call the remote resource (using th! e libcurl library) passing it the appropiates parameters and collect the information returned by it in order to create the reply list. As the CGI application performs the authorize and authenticate activities I am a little embarrassed to say that I am not sure which function should I implement (authorize or authenticate). Thank you very much in advance Best wishes, Susana - Original Message - From: Alan DeKok To: FreeRadius users mailing list Sent: Tuesday, January 03, 2006 4:31 PM Subject: Re: authorize and authenticate methods ina custom module Susana Macias wrote: I have started working with the RADIUS protocol (and with FreeRadius in particular) three weeks ago. Congratulations for the product, it is really powerful! Thanks. But, when are the authorize() and authenticate() methods called? When a packet comes in. See doc/aaa.txt Is it necessary to include in the radiusd.conf the name of the instance (of the new module created) in the authorize section in order to call its authorize() method? Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Correo Yahoo! Comprueba qué es nuevo, aquí http://correo.yahoo.es - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Connection TimeOut!!!
Do you mean max connection time before logging in again? In that case, you usually just need to add Session-Timeout = xxx Yes. I have looked into various files and can not find out where I enter this setting. Kindly, point out the file the location (or the module), where I enter this command? Thanks a million. FUI, I use 3COM TCM. I think it handles the Session-Timeout featire. Kirti - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
before freeradius, openssl don't work
hi everybody, well still trying to use freeradius for a wlan. i use debian sarge kernel 2.6.13, openssl 0.9.8.a to generate certificates and last freeradius version. well i followed many tutorials about securing wlans with freeradius and all of them have this step: openssl rsa newreq.pem servidor-key.pem but when i type this my system returns: unable to load Private Key 5237:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:644:Expecting: ANY PRIVATE KEY so i think it's a problem with rsa generation and tried to generate rsa key but always get same error. i know it's not a list of openssl but i posted this question in openssl list and nobody ask; searched in internet and nothing; so, any body could help?? what is happening and how could i solve this?? excuse if this so trivial but i'm new with both, openssl and freeradius and don't understand what is happening and why. thanks in advance for your time and help. _ MSN Amor: busca tu ½ naranja http://latam.msn.com/amor/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Test
Please answer if it works - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Test
got it here's your reply M T On 1/5/06, Mathieu Clément [EMAIL PROTECTED] wrote: Please answer if it works-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
thread pool information
hi, can anyone please tell me abt the thread pool configurations? start_servers = 5 ... but 5 RADIUS servers aren't started initially. then what is this attribute for?? --DilipSimha - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: thread pool information
DilipSimha.N.M [EMAIL PROTECTED] wrote: can anyone please tell me abt the thread pool configurations? Read the documentation in the comments in radiusd.conf? start_servers = 5 ... but 5 RADIUS servers aren't started initially. then what is this attribute for?? threads are not processes. The server starts 5 threads, not processes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html