Re: Tagged Vlans
On Thu 23 Mar 2006 06:14, radhika putty wrote: Hi All, Does Free Radius support tagging of VLAN's FreeRADIUS can send any reply attributes that you configure it to send. -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpiYm9TguEzo.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Error message when using Simultaneous-use with EAP
Hi all I'm trying to use Simultaneous-Use to limit sessions connexions, but I havre following message: ... [/usr/local/etc/raddb/users]:217 WARNING! Check item Simultaneous-Use ?found in reply item list for user jvuvant. ?This attribute MUST go on the first line with the other check items ... Someone can help me ? Here is users configuration file for this account: Jvuvant Auth-Type := EAP, User-Password ==ayati Simultaneous-Use=1 Other question How to use freeradius with Mysql ? Thanks Jacques ___ Nouveau : téléphonez moins cher avec Yahoo! Messenger ! Découvez les tarifs exceptionnels pour appeler la France et l'international. Téléchargez sur http://fr.messenger.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error building version 1.1.1
It doesn't only happen when building an RPM. I installed from the tarball and the same thing happened. It worked when I manually created lib/ after the first failed attempt und tried it a second time (SuSE 8.2). Nicolas Baradakis sent me a patched Makefile, I will try that soon and report back if it fixes the issue. Tested and worked. It would be great to have that patch in cvs. Nicolas? Greetings, Stefan Winter -- Stefan WINTER RESTENA Foundation - Réseau Téléinformatique de l'Education Nationale et de la Recherche RD Engineer 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg email: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius ip allocation.
Is it possible to use freeradius to dynamically allocate ip adrreses from predefined pools. I want to assign an ip address from a specific set of pools, which pool to use is to be determined by the NAS Identifier the Called-Station-Id of the AccessRequest. Also to throw another complication in, these ip's should be consistent over 3 radius servers that are load balanced. Thanks This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link http://www.vodacom.co.za/legal/email.jsp - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: user not found in freeradius users file
Alan DeKok a écrit : Bertrand Poulet [EMAIL PROTECTED] wrote: why the user isn't found in file users of freeradius ? the users file is below. I wonder what or where in config files make that the same user 'someone' with the same users file is found in the first case (radtest ...) and not found in 2nd case (NAS request) ? Thanks. Bertrand. # # Please read the documentation file ../doc/processing_users_file, # or 'man 5 users' (after installing the server) for more information. # # This file contains authentication security and configuration # information for each user. Accounting requests are NOT processed # through this file. Instead, see 'acct_users', in this directory. # # The first field is the user's name and can be up to # 253 characters in length. This is followed (on the same line) with # the list of authentication requirements for that user. This can # include password, comm server name, comm server port number, protocol # type (perhaps set by the hints file), and huntgroup name (set by # the huntgroups file). # # If you are not sure why a particular reply is being sent by the # server, then run the server in debugging mode (radiusd -X), and # you will see which entries in this file are matched. # # When an authentication request is received from the comm server, # these values are tested. Only the first match is used unless the # Fall-Through variable is set to Yes. # # A special user named DEFAULT matches on all usernames. # You can have several DEFAULT entries. All entries are processed # in the order they appear in this file. The first entry that # matches the login-request will stop processing unless you use # the Fall-Through variable. # # If you use the database support to turn this file into a .db or .dbm # file, the DEFAULT entries _have_ to be at the end of this file and # you can't have multiple entries for one username. # # You don't need to specify a password if you set Auth-Type += System # on the list of authentication requirements. The RADIUS server # will then check the system password file. # # Indented (with the tab character) lines following the first # line indicate the configuration values to be passed back to # the comm server to allow the initiation of a user session. # This can include things like the PPP configuration values # or the host to log the user onto. # # You can include another `users' file with `$INCLUDE users.other' # # # For a list of RADIUS attributes, and links to their definitions, # see: # # http://www.freeradius.org/rfc/attributes.html # # # Deny access for a specific user. Note that this entry MUST # be before any other 'Auth-Type' attribute which results in the user # being authenticated. # # Note that there is NO 'Fall-Through' attribute, so the user will not # be given any additional resources. # #lameuser Auth-Type := Reject # Reply-Message = Your account has been disabled. # # Deny access for a group of users. # # Note that there is NO 'Fall-Through' attribute, so the user will not # be given any additional resources. # #DEFAULTGroup == disabled, Auth-Type := Reject # Reply-Message = Your account has been disabled. # # # This is a complete entry for steve. Note that there is no Fall-Through # entry so that no DEFAULT entry will be used, and the user will NOT # get any attributes in addition to the ones listed here. # #steve Auth-Type := Local, User-Password == testing # Service-Type = Framed-User, # Framed-Protocol = PPP, # Framed-IP-Address = 172.16.3.33, # Framed-IP-Netmask = 255.255.255.0, # Framed-Routing = Broadcast-Listen, # Framed-Filter-Id = std.ppp, # Framed-MTU = 1500, # Framed-Compression = Van-Jacobsen-TCP-IP # # This is an entry for a user with a space in their name. # Note the double quotes surrounding the name. # #John Doe Auth-Type := Local, User-Password == hello # Reply-Message = Hello, %u # # Dial user back and telnet to the default host for that port # #DegAuth-Type := Local, User-Password == ge55ged # Service-Type = Callback-Login-User, # Login-IP-Host = 0.0.0.0, # Callback-Number = 9,5551212, # Login-Service = Telnet, # Login-TCP-Port = Telnet # # Another complete entry. After the user dialbk has logged in, the # connection will be broken and the user will be dialed back after which # he will get a connection to the host timeshare1. # #dialbk Auth-Type := Local, User-Password == callme # Service-Type = Callback-Login-User, # Login-IP-Host = timeshare1, # Login-Service = PortMaster, # Callback-Number = 9,1-800-555-1212 # # user swilson will only get a static IP number if he logs in with # a framed protocol on a
Re: dynamic module installation
On Mar 22, 2006, at 10:15, Alan DeKok wrote: jasonatx0001 [EMAIL PROTECTED] wrote: Is it possible to dynamically install a new module ? i.e. configure/make/install radius then compile a new module seperately and move its .so to the lib directory ? Yes. That's the intent behind the design. Is there an example on how to construct the makefile for that? I know how to do it if you put the module into the freeradius structuure, but can it be built outside that structure? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius ip allocation.
Ashwin Gobind wrote: Is it possible to use freeradius to dynamically allocate ip adrreses from predefined pools. I want to assign an ip address from a specific set of pools, which pool to use is to be determined by the NAS Identifier the Called-Station-Id of the AccessRequest. Yes. The module, strangely enough, is called ippool, and is well documented by comments in the default config file. Also to throw another complication in, these ip's should be consistent over 3 radius servers that are load balanced. That's rather harder. You need shared backend storage. There is an sqlippool module in 1.1.0 (I think - certainly it's in CVS) though I recall there being some discussion about it being suboptimal (that may just be my suboptimal memory!) - check the archives. Obviously all radius servers would need to be talking to the same SQL server, though I guess you could use replication and failover to make that part resilient. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: user not found in freeradius users file
Bertrand Poulet wrote: modcall[authorize]: module suffix returns noop for request 2 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 users: Matched entry DEFAULT at line 183 Line 183 is: DEFAULTFramed-Protocol == PPP Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP No Fall-Through=Yes, so processing stops. It works locally because radtest doesn't set Framed-Protocol=PPP. Add a Fall-Through=Yes, or better yet read the default users file, understand what it does and configure it correctly for your site. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error message when using Simultaneous-use with EAP
JVUVANT Yahoo wrote: Hi all I'm trying to use Simultaneous-Use to limit sessions connexions, but I havre following message: ... [/usr/local/etc/raddb/users]:217 WARNING! Check item Simultaneous-Use ?found in reply item list for user jvuvant. ?This attribute MUST go on the first line with the other check items ... Someone can help me ? If you can't understand that message yourself, no-one here will be able to help you: This attribute MUST go on the first line with the other check items Here is users configuration file for this account: Jvuvant Auth-Type := EAP, User-Password ==ayati Simultaneous-Use=1 So, just a wild guess here, perhaps: Jvuvant Auth-Type := EAP, User-Password ==ayati, Simultaneous-Use=1 ...I mean, come on. The server TELLS YOU how to fix it. Other question How to use freeradius with Mysql ? See here: http://www.catb.org/~esr/faqs/smart-questions.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error building version 1.1.1
Stefan Winter wrote: It doesn't only happen when building an RPM. I installed from the tarball and the same thing happened. It worked when I manually created lib/ after the first failed attempt und tried it a second time (SuSE 8.2). Nicolas Baradakis sent me a patched Makefile, I will try that soon and report back if it fixes the issue. Tested and worked. It would be great to have that patch in cvs. Nicolas? Thanks for testing the patch. I needed some feedback because I've no problem to build a Debian package. It's fixed in CVS, and version 1.1.2 will contain the fix. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error building version 1.1.1
Same problem exists on SUSE. -Peter On Thu 23 Mar 2006 09:28, Frank Büttner wrote: That is not possible, because I use rpmbuild. I it only possible to patch the sources. But what have changed?? 1.1.0 will work without any problems!!! Nicolas Baradakis schrieb: Frank Büttner wrote: Ok now compiling works, but at make install I get another error: ln -s libradius.la /var/tmp/freeradius-1.1.1-Frank-buildroot/usr/lib/libradius-1.1.1.la ln: creating symbolic link `/var/tmp/freeradius-1.1.1-Frank-buildroot/usr/lib/libradius-1.1.1.la' to `libradius.la': No such file or directory Now it's the same error as posted yesterday by someone else. I don't know exactly how to fix the bug because I've no problem to build a Debian package. Could you please try if the following patch fixes the problem? Index: src/lib/Makefile === RCS file: /source/radiusd/src/lib/Makefile,v retrieving revision 1.20.4.3 diff -u -r1.20.4.3 Makefile --- src/lib/Makefile10 Feb 2006 19:47:04 - 1.20.4.3 +++ src/lib/Makefile21 Mar 2006 17:19:21 - @@ -48,6 +48,6 @@ rm -rf .libs install: all - $(LIBTOOL) --mode=install $(INSTALL) -c $(TARGET).la $(R)$(libdir) + $(LIBTOOL) --mode=install $(INSTALL) -c $(TARGET).la $(R)$(libdir)/$(TARGET).la rm -f $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la; ln -s $(TARGET).la $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la Index: src/modules/rlm_eap/libeap/Makefile === RCS file: /source/radiusd/src/modules/rlm_eap/libeap/Makefile,v retrieving revision 1.1.4.2 diff -u -r1.1.4.2 Makefile --- src/modules/rlm_eap/libeap/Makefile 10 Feb 2006 19:47:09 - 1.1.4.2 +++ src/modules/rlm_eap/libeap/Makefile 21 Mar 2006 17:19:21 - @@ -38,6 +38,6 @@ rm -rf .libs install: all - $(LIBTOOL) --mode=install $(INSTALL) -c $(TARGET).la $(R)$(libdir) + $(LIBTOOL) --mode=install $(INSTALL) -c $(TARGET).la $(R)$(libdir)/$(TARGET).la rm -f $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la; ln -s $(TARGET).la $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgp9H4mo9GXmr.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius ip allocation.
On Thu 23 Mar 2006 11:46, Phil Mayers wrote: Ashwin Gobind wrote: Is it possible to use freeradius to dynamically allocate ip adrreses from predefined pools. I want to assign an ip address from a specific set of pools, which pool to use is to be determined by the NAS Identifier the Called-Station-Id of the AccessRequest. Yes. The module, strangely enough, is called ippool, and is well documented by comments in the default config file. Also to throw another complication in, these ip's should be consistent over 3 radius servers that are load balanced. That's rather harder. You need shared backend storage. There is an sqlippool module in 1.1.0 (I think - certainly it's in CVS) though I recall there being some discussion about it being suboptimal (that may just be my suboptimal memory!) - check the archives. Obviously all radius servers would need to be talking to the same SQL server, though I guess you could use replication and failover to make that part resilient. sqlippool works fine and can be load balanced. :-) -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgp8rpECv5XAv.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error building version 1.1.1
Hi, It's fixed in CVS, and version 1.1.2 will contain the fix. then maybe 1.1.2 should be pushed out _soon_. The current version doesn't install correctly on many platforms... Greetings, Stefan Winter -- Stefan WINTER RESTENA Foundation - Réseau Téléinformatique de l'Education Nationale et de la Recherche RD Engineer 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg email: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error building version 1.1.1
Frank Büttner wrote: But what have changed?? 1.1.0 will work without any problems!!! Almost all Makefiles were changed between 1.1.0 and 1.1.1. There was a lot of libtool misuses, and it was causing serious warnings or preventing some modules from beeing built correctly. http://bugs.debian.org/335890 -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error building version 1.1.1
Stefan Winter wrote: It's fixed in CVS, and version 1.1.2 will contain the fix. then maybe 1.1.2 should be pushed out _soon_. The current version doesn't install correctly on many platforms... From what I read on the mailing list until now, the current version *does* install on any system unless you (or rpmbuild) change installation paths through ./configure options. I didn't catch the problem before the release of 1.1.1 because on Debian dpkg-buildpackage automatically creates the tree of directories before building the freeradius package. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error building version 1.1.1
Before 1.1.1 all was ok, with rpmbuild. Only since 1.1.1 it will fail. I built it on and for Fedora Core 4. Nicolas Baradakis schrieb: Stefan Winter wrote: It's fixed in CVS, and version 1.1.2 will contain the fix. then maybe 1.1.2 should be pushed out _soon_. The current version doesn't install correctly on many platforms... From what I read on the mailing list until now, the current version *does* install on any system unless you (or rpmbuild) change installation paths through ./configure options. I didn't catch the problem before the release of 1.1.1 because on Debian dpkg-buildpackage automatically creates the tree of directories before building the freeradius package. smime.p7s Description: S/MIME Cryptographic Signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authentication with LDAP
What if you run freeradius with ssl enable, is it still going to show the authenticating user's password while connecting to LDAP in debug mode or in log file? --- Alan DeKok [EMAIL PROTECTED] wrote: fvt3 [EMAIL PROTECTED] wrote: How do you hide password that is sent to LDAP so it will not show up in the log and in debug mode ..Thanks in advance I don't think the LDAP password is logged normally. But it *is* printed out in debugging mode, nad that won't change. Printout out what the server is doing is the whole point of debugging mode. Alan DEKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PIX Accounting
Hello to the list I've configured my PIX 6.3(5) to authenticate PPTP VPN by FreeRadius. I've noticed that if a user login fails, PIX send a STOP Accounting Packet and then a START packet: in this way I have serious problem to track the simultaneous use of the users: I think it is not normal. I know...it is not a problem of freeradius...but maybe somebody of the list had the same problem in the past: do you have some suggestions? Tnx Regards Sergio Sagliocco - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Version 1.1.1 stops responding
So I built 1.1.1 on Debian. After a period of so many hours (variable) it stops responding. (Sometimes 2hours, sometimes 16hours) Now here's where it get's weird, (and makes me suspect it might not be freeRADIUS at the root cause) If I stop and restart the freeRADIUS service, it continues to ignore RADIUS packets. But if I restart the server (hard reboot) it works fine. Till it stops responding again. Obviously this is not enough information to help you diagnose the problem. How do I gather that information? The box is a 233 Pentium with 64 megs of ram. Has about 15 AP's, with around 100 users (not simultaneous, maybe 30 simultaneous) So what's the suggested way of gathering more info? Running debug mode piping to a text file? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Multiple responses per user, based on NAS
Hi guys, I’m currently mulling over two important things for us. Before I state the problems though, any input would certainly be appreciated and also that we have this working at the moment, but it did require a schema change to support. 1: How would radius be able to respond with a different fixed IP address (or a set/subset of other attributes) from radreply, based on the NAS the user connected from? 2: why would you Proxy-To-Realm and point it to a different instance/box, instead of handle it all within the local realm? Ie: Why is handing off the request a good thing, instead of building the functionality into the LOCAL realm. I have my own opinions on this, but I’d like some group input. Currently we have a nasty hack where in the radreply we have an additional field which links to the NAS. In the SQL query (this is all sql backed) we link the NAS field to the real NAS and therefore selectively respond with a different fixed IP, or set of attributes. This as stated, requires a schema hack and I would like to support it without. How would you go about it? For the record, the same goes against radgroupcheck/reply but that should follow suit with any solution. Any suggestions welcome, Cheers. John -- John Mylchreest ioko T: +44 (0)1904 438000 x324 M: +44 (0)7730 529047 E: [EMAIL PROTECTED] Communications on or through ioko's computer systems may be monitored or recorded to secure effective system operation and for other lawful purposes.Unless otherwise agreed expressly in writing, this communication is to be treated as confidential and the information in it may not be used or disclosed except for the purpose for which it has been sent. If you have reason to believe that you are not the intended recipient of this communication, please contact the sender immediately. No employee is authorised to conclude any binding agreement on behalf of ioko with another party by e-mail without prior express written confirmation.ioko365 Ltd. VAT reg 656 2443 31. Reg no 3048367. All rights reserved. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Version 1.1.1 stops responding
On Thu, 2006-03-23 at 09:24 -0500, King, Michael wrote: So I built 1.1.1 on Debian. After a period of so many hours (variable) it stops responding. (Sometimes 2hours, sometimes 16hours) Now here's where it get's weird, (and makes me suspect it might not be freeRADIUS at the root cause) If I stop and restart the freeRADIUS service, it continues to ignore RADIUS packets. I am seeing a similar problem on RedHat. I originally thought it was only happening when I sent a HUP signal, but it turns out this is not the case. However in my case all I have to do to fix it is restart the service (I do not need to reboot the entire operating system). Ben - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Version 1.1.1 stops responding
Hi, I am seeing a similar problem on RedHat. I originally thought it was only happening when I sent a HUP signal, but it turns out this is not the case. However in my case all I have to do to fix it is restart the service (I do not need to reboot the entire operating system). for the record: this happened to me *once* as well (SuSE 8.2). That coincided with an access point crashing in the middle of an authentication, so I thought it might just be that the AP sent a very weird packet while dieing. Really strange symptoms... radiusd and all its threads are running, and bound to the port they should, but no indication of a received packet. Re-starting the service did the trick for me as well. Greetings, Stefan Winter -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dynamic module installation
yes it can. I simply built my module with gcc as a dynamic library. Just be sure to use the same compiler flags that were used to build the freeradius sever - for example I was experiencing problems until I added the NDEBUG flag. After I built my module I just put the .so in the libs directory and added modified my config files. -- View this message in context: http://www.nabble.com/dynamic-module-installation-t1325486.html#a3554750 Sent from the FreeRadius - User forum at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE : Failed Compilation of Freeradius with Mysql since 1.1.0 (Works on 1.0.5)
Hi all, As suggested by Michael, I've recompiled Mysql with --enable-thread-safe-client and now it works. Thanks to Michael Best regards, -- Disclaimer Ce message ainsi que les eventuelles pieces jointes constituent une correspondance privee et confidentielle a l'attention exclusive du destinataire designe ci-dessus. Si vous n'etes pas le destinataire du present message ou une personne susceptible de pouvoir le lui delivrer, il vous est signifie que toute divulgation, distribution ou copie de cette transmission est strictement interdite. Si vous avez recu ce message par erreur, nous vous remercions d'en informer l'expediteur par telephone ou de lui retourner le present message, puis d'effacer immediatement ce message de votre systeme. *** This e-mail and any attachments is a confidential correspondence intended only for use of the individual or entity named above. If you are not the intended recipient or the agent responsible for delivering the message to the intended recipient, you are hereby notified that any disclosure, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender by phone or by replying this message, and then delete this message from your system. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_eap_tls sometimes fails to read files after HUP
Ben Thompson [EMAIL PROTECTED] wrote: Could someone advise how to go about debugging this problem? First I'd suggest editing the code so that it prints the SSL errors to radius.log, rather than stderr: http://bugs.freeradius.org/show_bug.cgi?id=347 That way the reason why SSL can't read the file will be printed too. Without that information, it's pretty much impossible to fix it. I've added a patch as an attachment to the bug report. It builds, but I haven't tested it. I'd suggest: a) try it in a test environment. If it doesn't kill the system, maybe put it in a live environment b) look at the logs to see what SSL errors are being returned right before the Error reading certificate file message. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: RADTEST
its says that your shared secret is incorrect... I would start their.. it may be a simple type.. check the clients.conf From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Atkins, Dwane PSent: Thursday, March 23, 2006 12:24 PMTo: freeradius-users@lists.freeradius.orgSubject: RADTEST I cannot get the radtest to work and this seems to be an integral part of continuing. I can now do a mysql u radius p radius and get into mysql. Resetting the password and FLUS PRIVILEGES helped there. I have created a user, atkinsd, on the radius database in radcheck. If I do a radtest atkinsd cisco123 localhost 1645 SHARED, I still get the same error. Why? [EMAIL PROTECTED] raddb]# radtest atkinsd cisco123 localhost 1812 x (I have tried both 1645 and 1812 with no luck) Sending Access-Request of id 225 to 127.0.0.1 port 1812 User-Name = "atkinsd" User-Password = "cisco123" NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 Re-sending Access-Request of id 225 to 127.0.0.1 port 1812 User-Name = "atkinsd" User-Password = "cisco123" NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=225, length=20 rad_decode: Received Access-Reject packet from client 127.0.0.1 port 1812 with invalid signature (err=2)! (Shared secret is incorrect.) [EMAIL PROTECTED] raddb]# --No virus found in this incoming message.Checked by AVG Free Edition.Version: 7.1.385 / Virus Database: 268.2.6/288 - Release Date: 3/22/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mod_auth_radius: multiple auth attempts
I am using mod_auth_radius2 with Apache version 2.0.54. When I attempt to authenticate, I see a successful attempt followed by 2 failed attempts, leaving me with a 401 Authorization Required message in the browser. Any ideas? I have tried increasing the timeout. Here is the relevant portion of my httpd.conf: IfModule mod_auth_radius-2.0.c AddRadiusAuth radius server 1:1645 shared-secret 5:3 AddRadiusAuth radius server 2:1645 shared-secret 5:3 AuthRadiusBindAddress server IP address /IfModule Directory /usr/local/apache2/htdocs/secure DirectoryIndex index.html AuthType Basic AuthName secure AuthAuthoritative off AuthRadiusAuthoritative on AuthRadiusCookieValid 15 AuthRadiusActive On require valid-user /Directory - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Table radacct is empty
I dono, maybe it is some error in 1.1.1 ? Im still runnin 1.1.0 and didnt
have any problems like this yet
-Original Message-
From:
[EMAIL PROTECTED]
.org
[mailto:[EMAIL PROTECTED]
eeradius.org] On Behalf Of Vincent MARGUERIE
Sent: Thursday, March 23, 2006 12:29 PM
To: freeradius-users@lists.freeradius.org
Subject: Re: Table radacct is empty
[EMAIL PROTECTED] a écrit :
Send Freeradius-Users mailing list submissions to
freeradius-users@lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than Re: Contents of Freeradius-Users digest...
Today's Topics:
1. RE: Table radacct is empty (Vincent MARGUERIE)
2. RE: Table radacct is empty (Alex M)
--
Message: 1
Date: Thu, 23 Mar 2006 01:57:27 +0100
From: Vincent MARGUERIE [EMAIL PROTECTED]
Subject: RE: Table radacct is empty
To: freeradius freeradius-users@lists.freeradius.org
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Hi,
Yes, SQL is ok to query in accounting section. Here is a part of my
radiusd.conf :
# The rlm_sql_log module appends the SQL queries in a log
# file which is read later by the radsqlrelay program.
#
# This module only performs the dynamic expansion of the
# variables found in the SQL statements. No operation is
# executed on the database server. (this could be done
# later by an external program) That means the module is
# useful only with non-SELECT statements.
#
# See rlm_sql_log(5) manpage.
#
sql_log {
path = ${radacctdir}/sql-relay
acct_table = radacct
postauth_table = radpostauth
Start = INSERT INTO ${acct_table} (AcctSessionId,
UserName, \
NASIPAddress, FramedIPAddress, AcctStartTime,
AcctStopTime, \
AcctSessionTime, AcctTerminateCause) VALUES
\
('%{Acct-Session-Id}', '%{User-Name}',
'%{NAS-IP-Address}', \
'%{Framed-IP-Address}', '%S', '0', '0', '');
Stop = INSERT INTO ${acct_table} (AcctSessionId, UserName,
\
NASIPAddress, FramedIPAddress, AcctStartTime,
AcctStopTime, \
AcctSessionTime, AcctTerminateCause) VALUES
\
('%{Acct-Session-Id}', '%{User-Name}',
'%{NAS-IP-Address}', \
'%{Framed-IP-Address}', '0', '%S', '%{Acct-Session-Time}',
\
'%{Acct-Terminate-Cause}');
Alive = INSERT INTO ${acct_table} (AcctSessionId,
UserName, \
NASIPAddress, FramedIPAddress, AcctStartTime,
AcctStopTime, \
AcctSessionTime, AcctTerminateCause) VALUES
\
('%{Acct-Session-Id}', '%{User-Name}',
'%{NAS-IP-Address}', \
'%{Framed-IP-Address}', '0', '0',
'%{Acct-Session-Time}','');
Post-Auth = INSERT INTO ${postauth_table}
\
(user, pass, reply, date) VALUES
\
('%{User-Name}', '%{User-Password:-Chap-Password}',
\
'%{reply:Packet-Type}', '%S');
}
..
..
$INCLUDE ${confdir}/sql.conf
..
..
authorize {
sql
...
...
accounting {
sql
sql_log
session
sql
post-auth {
sql
sql_log
Moreover, the information are written in a file (sql-relay) which (is I
have understand correctly) is used by the radsqlrelay binary to put the
information in database.
The fact is that for the post-auth part, it works bacause i get all the
information of the post authorisation in the radpostauth table. But in
this sql-relay file, there's only information about post-auth...nothing
about accounting !!
The strange thing is that there's some informations about accounting in
others file auth-detail and reply-detail, but not in sql format.
some lines of the files :
sql-relay
INSERT INTO radpostauth (user, pass,
reply, date) VALUES('joseph',
'Chap-Password', 'Access-Accept', '2006-03-21
15:28:48');
-
reply-detail
Packet-Type = Access-Accept
Wed Mar 22 18:04:18 2006
Framed-Protocol = PPP
Framed-IP-Address = 255.255.255.254
Framed-IP-Netmask = 255.255.255.0
Framed-MTU = 1
Framed-Compression = Van-Jacobson-TCP-IP
Service-Type = Login-User
Session-Timeout = 1000
Idle-Timeout = 500
Port-Limit = 10
Reply-Message = Bye Mr Joseph !
MS-MPPE-Recv-Key =
RE: RADTEST
I have looked at the radius.log file and continue to get this: Thu Mar 23 12:47:48 2006 : Auth: rlm_unix: [atkinsd]: invalid password But I have it in radcheck and can prove it. Does anyone know what is going on? Thanks for all your help. Getting frustrated and even time off of this didnt help. Dwane From: Atkins, Dwane P Sent: Thursday, March 23, 2006 11:24 AM To: 'freeradius-users@lists.freeradius.org' Subject: RADTEST I cannot get the radtest to work and this seems to be an integral part of continuing. I can now do a mysql u radius p radius and get into mysql. Resetting the password and FLUS PRIVILEGES helped there. I have created a user, atkinsd, on the radius database in radcheck. If I do a radtest atkinsd cisco123 localhost 1645 SHARED, I still get the same error. Why? [EMAIL PROTECTED] raddb]# radtest atkinsd cisco123 localhost 1812 x (I have tried both 1645 and 1812 with no luck) Sending Access-Request of id 225 to 127.0.0.1 port 1812 User-Name = atkinsd User-Password = cisco123 NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 Re-sending Access-Request of id 225 to 127.0.0.1 port 1812 User-Name = atkinsd User-Password = cisco123 NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=225, length=20 rad_decode: Received Access-Reject packet from client 127.0.0.1 port 1812 with invalid signature (err=2)! (Shared secret is incorrect.) [EMAIL PROTECTED] raddb]# - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RADTEST
Atkins, Dwane P [EMAIL PROTECTED] wrote: I have looked at the radius.log file Don't. Run th eserver in debugging mode. Thu Mar 23 12:47:48 2006 : Auth: rlm_unix: [atkinsd]: invalid password The Unix module says that the password is wrong, or the user doesn't exist in /etc/passwd. But I have it in radcheck and can prove it. Then tell the server to use that password instead of the Unix module. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd will NOT parse my certificate
Don Osburn [EMAIL PROTECTED] wrote: I have built/installed freeradius 1.1.0. My openssl is version 0.9.6b-29. I don't think that will work. Try 0.9.7 or later. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Clear text passwords
I have recently built up a freeradius server V1.1.0, I am new to freeradius,
since we were using and old version of Navisradius. In Navisradius it would
compare the crypt password strings and log the crypt sting verses the clear
text password.
Is it possible to have freeradius not log the clear text passwords, while
still logging the auth request? Or have it log the crypt password strings
instead?
My radius server is binding to a Netscape LDAP server which is storing the
passwords using UNIX crypt. Yet the radius server is logging the clear test
password.
Thank you for your help.
Corey
Detail log shows:
Packet-Type = Access-Request
Thu Mar 23 11:23:30 2006
User-Name = cburks
User-Password = abc123
Vendor-3076-Attr-32 = 0x0004
NAS-IP-Address = 172.16.15.251
NAS-Port-Type = Virtual
Client-IP-Address = 172.16.15.251
Debug output shows
rad_recv: Access-Request packet from host 172.16.15.251:2264, id=1,
length=70
User-Name = cburks
User-Password = abc123
Vendor-3076-Attr-32 = 0x0004
NAS-IP-Address = 172.16.15.251
NAS-Port-Type = Virtual
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
radius_xlat:
'/usr/local/freeradius/var/log/radius/radacct/172.16.15.251/detail
'
rlm_detail: %A/%{Client-IP-Address}/detail expands to
/usr/local/freeradius/var/
log/radius/radacct/172.16.15.251/detail
modcall[authorize]: module auth_log returns ok for request 0
modcall[authorize]: module chap returns noop for request 0
modcall[authorize]: module mschap returns noop for request 0
rlm_realm: No '@' in User-Name = cburks, looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module suffix returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module eap returns noop for request 0
users: Matched entry DEFAULT at line 234
modcall[authorize]: module files returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cburks
radius_xlat: '(uid=cburks)'
radius_xlat: 'ou=people,o=zhone.com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap-master.oak.zhone.com:389, authentication 0
rlm_ldap: bind as cn=Directory Manager/secret to
ldap-master.oak.zhone.com:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=people,o=zhone.com, with filter
(uid=cburks)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cburks authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module ldap returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type ldap
auth: type LDAP
Processing the authenticate section of radiusd.conf
modcall: entering group LDAP for request 0
rlm_ldap: - authenticate
rlm_ldap: login attempt by cburks with password abc123
rlm_ldap: user DN: uid=CBurks,ou=People, o=zhone.com
rlm_ldap: (re)connect to ldap-master.oak.zhone.com:389, authentication 1
rlm_ldap: bind as uid=CBurks,ou=People, o=zhone.com/abc123 to
ldap-master.oak.zh
one.com:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: user cburks authenticated succesfully
modcall[authenticate]: module ldap returns ok for request 0
modcall: leaving group LDAP (returns ok) for request 0
Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 0
radius_xlat:
'/usr/local/freeradius/var/log/radius/radacct/172.16.15.251/reply-
detail-20060323'
rlm_detail:
/usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/re
ply-detail-%Y%m%d expands to
/usr/local/freeradius/var/log/radius/radacct/172.16
.15.251/reply-detail-20060323
modcall[post-auth]: module reply_log returns ok for request 0
modcall: leaving group post-auth (returns ok) for request 0
Sending Access-Accept of id 1 to 172.16.15.251 port 2264
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = 1
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Clear text passwords
Yes u can hide or crypt passwords in freeradius, this question was raised in
freeradius users mailing list, and if you search archives, the answer is
there
-Original Message-
From:
[EMAIL PROTECTED]
.org
[mailto:[EMAIL PROTECTED]
eeradius.org] On Behalf Of Corey Burks
Sent: Thursday, March 23, 2006 2:55 PM
To: freeradius-users@lists.freeradius.org
Subject: Clear text passwords
I have recently built up a freeradius server V1.1.0, I am new to freeradius,
since we were using and old version of Navisradius. In Navisradius it would
compare the crypt password strings and log the crypt sting verses the clear
text password.
Is it possible to have freeradius not log the clear text passwords, while
still logging the auth request? Or have it log the crypt password strings
instead?
My radius server is binding to a Netscape LDAP server which is storing the
passwords using UNIX crypt. Yet the radius server is logging the clear test
password.
Thank you for your help.
Corey
Detail log shows:
Packet-Type = Access-Request
Thu Mar 23 11:23:30 2006
User-Name = cburks
User-Password = abc123
Vendor-3076-Attr-32 = 0x0004
NAS-IP-Address = 172.16.15.251
NAS-Port-Type = Virtual
Client-IP-Address = 172.16.15.251
Debug output shows
rad_recv: Access-Request packet from host 172.16.15.251:2264, id=1,
length=70
User-Name = cburks
User-Password = abc123
Vendor-3076-Attr-32 = 0x0004
NAS-IP-Address = 172.16.15.251
NAS-Port-Type = Virtual
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
radius_xlat:
'/usr/local/freeradius/var/log/radius/radacct/172.16.15.251/detail
'
rlm_detail: %A/%{Client-IP-Address}/detail expands to
/usr/local/freeradius/var/
log/radius/radacct/172.16.15.251/detail
modcall[authorize]: module auth_log returns ok for request 0
modcall[authorize]: module chap returns noop for request 0
modcall[authorize]: module mschap returns noop for request 0
rlm_realm: No '@' in User-Name = cburks, looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module suffix returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module eap returns noop for request 0
users: Matched entry DEFAULT at line 234
modcall[authorize]: module files returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cburks
radius_xlat: '(uid=cburks)'
radius_xlat: 'ou=people,o=zhone.com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap-master.oak.zhone.com:389, authentication 0
rlm_ldap: bind as cn=Directory Manager/secret to
ldap-master.oak.zhone.com:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=people,o=zhone.com, with filter
(uid=cburks)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cburks authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module ldap returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type ldap
auth: type LDAP
Processing the authenticate section of radiusd.conf
modcall: entering group LDAP for request 0
rlm_ldap: - authenticate
rlm_ldap: login attempt by cburks with password abc123
rlm_ldap: user DN: uid=CBurks,ou=People, o=zhone.com
rlm_ldap: (re)connect to ldap-master.oak.zhone.com:389, authentication 1
rlm_ldap: bind as uid=CBurks,ou=People, o=zhone.com/abc123 to
ldap-master.oak.zh
one.com:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: user cburks authenticated succesfully
modcall[authenticate]: module ldap returns ok for request 0
modcall: leaving group LDAP (returns ok) for request 0
Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 0
radius_xlat:
'/usr/local/freeradius/var/log/radius/radacct/172.16.15.251/reply-
detail-20060323'
rlm_detail:
/usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/re
ply-detail-%Y%m%d expands to
/usr/local/freeradius/var/log/radius/radacct/172.16
.15.251/reply-detail-20060323
modcall[post-auth]: module reply_log returns ok for request 0
modcall: leaving group post-auth (returns ok) for request 0
Sending Access-Accept of id 1 to 172.16.15.251 port 2264
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = 1
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: File ATTRS
José Berenguer wrote: Hello! In the file attrs I have: domain.es Reply-Message = RADIUS OK but it doesn't return me the message. Try adding a colon before the equals sign. -- Groeten, Regards, Salutations, Thor Spruyt M: +32 (0)475 67 22 65 E: [EMAIL PROTECTED] W: www.thor-spruyt.com www.salesguide.be www.telenethotspot.be - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RADTEST
Alan and all, Thanks for your help. Here is an issue that I cannot get worked out. However, if I run the mysql u radius p radius command it will take me right to the radius database so it is working (right?) sql: safe-characters = @abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: / rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql): Connected new DB handle, #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql): Connected new DB handle, #2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql): Connected new DB handle, #4 Module: Instantiated sql (sql) Then tell the server to use that password instead of the Unix module Where is this process at? I cannot find it in the Radius book I bought. Thanks Dwane Message: 3 Date: Thu, 23 Mar 2006 14:30:00 -0500 From: Alan DeKok [EMAIL PROTECTED] Subject: Re: RADTEST To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Message-ID: [EMAIL PROTECTED] Atkins, Dwane P [EMAIL PROTECTED] wrote: I have looked at the radius.log file Don't. Run the server in debugging mode. Thu Mar 23 12:47:48 2006 : Auth: rlm_unix: [atkinsd]: invalid password The Unix module says that the password is wrong, or the user doesn't exist in /etc/passwd. But I have it in radcheck and can prove it. Then tell the server to use that password instead of the Unix module. Alan DeKok. Dwane Atkins TN 210-567-0158 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Binding to LDAP as user, rather than anonymous bind
I've got wireless equipment that can relay MS-CHAP-v2 requests to my FreeRADIUS box from Windows XP clients. I see the radius box making LDAP requests to the LDAP server (over SSL), binding as the anonymous user, and searching for the target user. So far so good. The problem is, our password information is not kept in LDAP, so there is no attribute to compare against. Our LDAP servers pass the authentication request off to Kerberos. The only way to authenticate via LDAP is to bind as the target user with the target password, rather than an anonymous user. Can FreeRadius extract the password out of the MS-CHAP-v2 request, and use it to bind against LDAP over SSL? I would much rather not have to tackle Kerberos, as it looks much more complicated. Thanks for any help, Norman Elton - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Clear text passwords
Sorry in advance for my stupidity but it is still not working.
I have been searching the archives and I did find a post where someone asked
the same question. The response was
See 'radiusd.conf'. Look for 'log passwords'
In my radiusd.conf file I made the following changes and it is still logging
my password clear text password
log_auth = no
log_auth_badpass = no
log_auth_goodpass = no
pap {
encryption_scheme = crypt
}
Thanks
Corey
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Alex M
Sent: Thursday, March 23, 2006 12:12 PM
To: 'FreeRadius users mailing list'
Subject: RE: Clear text passwords
Yes u can hide or crypt passwords in freeradius, this question was raised in
freeradius users mailing list, and if you search archives, the answer is
there
-Original Message-
From:
[EMAIL PROTECTED]
.org
[mailto:[EMAIL PROTECTED]
eeradius.org] On Behalf Of Corey Burks
Sent: Thursday, March 23, 2006 2:55 PM
To: freeradius-users@lists.freeradius.org
Subject: Clear text passwords
I have recently built up a freeradius server V1.1.0, I am new to freeradius,
since we were using and old version of Navisradius. In Navisradius it would
compare the crypt password strings and log the crypt sting verses the clear
text password.
Is it possible to have freeradius not log the clear text passwords, while
still logging the auth request? Or have it log the crypt password strings
instead?
My radius server is binding to a Netscape LDAP server which is storing the
passwords using UNIX crypt. Yet the radius server is logging the clear test
password.
Thank you for your help.
Corey
Detail log shows:
Packet-Type = Access-Request
Thu Mar 23 11:23:30 2006
User-Name = cburks
User-Password = abc123
Vendor-3076-Attr-32 = 0x0004
NAS-IP-Address = 172.16.15.251
NAS-Port-Type = Virtual
Client-IP-Address = 172.16.15.251
Debug output shows
rad_recv: Access-Request packet from host 172.16.15.251:2264, id=1,
length=70
User-Name = cburks
User-Password = abc123
Vendor-3076-Attr-32 = 0x0004
NAS-IP-Address = 172.16.15.251
NAS-Port-Type = Virtual
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
radius_xlat:
'/usr/local/freeradius/var/log/radius/radacct/172.16.15.251/detail
'
rlm_detail: %A/%{Client-IP-Address}/detail expands to
/usr/local/freeradius/var/
log/radius/radacct/172.16.15.251/detail
modcall[authorize]: module auth_log returns ok for request 0
modcall[authorize]: module chap returns noop for request 0
modcall[authorize]: module mschap returns noop for request 0
rlm_realm: No '@' in User-Name = cburks, looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module suffix returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module eap returns noop for request 0
users: Matched entry DEFAULT at line 234
modcall[authorize]: module files returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for cburks
radius_xlat: '(uid=cburks)'
radius_xlat: 'ou=people,o=zhone.com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ldap-master.oak.zhone.com:389, authentication 0
rlm_ldap: bind as cn=Directory Manager/secret to
ldap-master.oak.zhone.com:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=people,o=zhone.com, with filter
(uid=cburks)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user cburks authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module ldap returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type ldap
auth: type LDAP
Processing the authenticate section of radiusd.conf
modcall: entering group LDAP for request 0
rlm_ldap: - authenticate
rlm_ldap: login attempt by cburks with password abc123
rlm_ldap: user DN: uid=CBurks,ou=People, o=zhone.com
rlm_ldap: (re)connect to ldap-master.oak.zhone.com:389, authentication 1
rlm_ldap: bind as uid=CBurks,ou=People, o=zhone.com/abc123 to
ldap-master.oak.zh
one.com:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: user cburks authenticated succesfully
modcall[authenticate]: module ldap returns ok for request 0
modcall: leaving group LDAP (returns ok) for request 0
Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 0
radius_xlat:
'/usr/local/freeradius/var/log/radius/radacct/172.16.15.251/reply-
detail-20060323'
rlm_detail:
/usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/re
ply-detail-%Y%m%d expands
Re: Binding to LDAP as user, rather than anonymous bind
Norman Elton [EMAIL PROTECTED] wrote: Can FreeRadius extract the password out of the MS-CHAP-v2 request, and use it to bind against LDAP over SSL? No. MS-CHAPv2 is designed to make that impossible. I would much rather not have to tackle Kerberos, as it looks much more complicated. If you can't obtain the clear-text (or NT) password from LDAP, then what youy're trying to do is impossible. MS-CHAP is designed to make it impossible to get the clear-text password from the MS-CHAP data. Kerberos is designed to never give the password to the application. FreeRADIUS sits in the middle, and gets locked out by both ends. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Clear text passwords
Corey Burks [EMAIL PROTECTED] wrote: In my radiusd.conf file I made the following changes and it is still logging my password clear text password log_auth = no You will have to edit the source code to the detail module to make it do what you want. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: WiFi Mac address authentication
I've tried your recommendations but it does not work as expected:
using Reject as rlm_passwd's authtype (as you suggested), the user
is always rejected, even when the MAC is in the file and is actually
found:
modcall[authorize]: module MAC-IP returns ok for request 0
Furthermore, if I change rlm_passwrd's authtype to Accept, the
supplicant auth fails and the following warning is shown:
rad_check_password: Found Auth-Type Accept
rad_check_password: Found Auth-Type EAP
Warning: Found 2 auth-types on request for user 'bob'
However, if I comment rlm_passwd sections (MAC-IP in modules and
authorize), all works flawlessly.
The users file has entries like these:
bob NT-Password == 0xa3d411301d637a38f4d22d484f256a04
joe NT-Password == 0xa3d411301d637a38f4d22d484f256a04
(...)
Which are matched correctly in all scenarios I've tested:
modcall[authorize]: module eap returns updated for request 0
users: Matched entry bob at line 1
According to radius documentation (aaa.txt), it is not correct to
place Auth-Type on check nor reply lists on the users file:
A quite common mistake is to place the attributes in the wrong lists,
for example placing Auth-Type, Password, NT-Password etc in the check
list, or in the reply list. When run in debugging mode, the server
will normally issue 'WARNING' messages saying that the attributes are
in the wrong list
So I conclude that users file is correct as it is now. What I'm doing
wrong and what should I do to avoid those warning messages ? If you
want the radiusd -X logs, I can attach them if you wish.
Thanks in advance.
---
passwd MAC-IP {
filename = ${raddbdir}/MAC-IP
format = *Calling-Station-Id:
delimiter = :
authtype = Reject Also tried with Accept
}
(...)
authorize {
preprocess
MAC-IP {
notfound = reject
}
files
eap
}
authenticate {
Auth-Type MS-CHAP {
mschap
}
eap
}
On 3/13/06, Phil Mayers [EMAIL PROTECTED] wrote:
brainstorm wrote:
I'm trying to implement a similar scenario: I am using PEAP, and I
want to check if a given mac is in my database. In my case, the MACs
file looks like this:
0030.0996.CF52:192.168.12.1
I would like to match the first field (MAC) with the NAS
Calling-Station-Id attribute, if this check fails, I would like to
reject that user. Is it doable with rlm_password ? I've tried, but I
cannot figure out which is the right format for my case:
I've tried the following in radiusd.conf:
modules {
(...)
passwd mac-ip {
filename = /etc/raddb/MAC-IP
format = mac-address:Calling-Station-Id
delimiter = :
}
}
Please read the docs. This comments right above the passwd module in
the default config are VERY SPECIFIC. The format is:
format = *Key-Value:~Request-Value:=Reply-Value:Configure-Value
That is, the radius attribute Key-Value is the first field.
Request-Value (prefix ~) will be added to the request, Reply-Value
(prefix =) to the reply, and Configure-Value (no prefix) to the
configure items.
So you're wrong several ways:
1. mac-address is not a radius attribute
2. None of your attributes have * for key
3. In any case, for WAPs, Calling-Station-Id is normally the MAC, not IP
3. By itself you can't negate the sense and reject-if-no-match
Try something like this:
passwd mac-ip {
filename = /etc/raddb/MAC-IP
format = *Calling-Station-Id:Class
delimiter = :
authtype = Reject
}
always fail {
rcode = fail
}
authorize {
mac-ip {
notfound = reject
}
# others
}
...and note that many/most APs send the MAC as 00-11-22-33-44-55 so
the file should look like this:
00-11-22-33-44-55:KnownUser
This is all in the docs.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radclient for ttls?
just wonder if anybody can make or already have eap-ttls to radclient just like jradius' radclient. k- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radclient for ttls?
kevin [EMAIL PROTECTED] wrote: just wonder if anybody can make or already have eap-ttls to radclient just like jradius' radclient. eapol_test, from wpa_supplicant. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Clear text passwords
On Thu, 2006-23-03 at 17:44 -0500, Alan DeKok wrote: Corey Burks [EMAIL PROTECTED] wrote: In my radiusd.conf file I made the following changes and it is still logging my password clear text password log_auth = no You will have to edit the source code to the detail module to make it do what you want. Is that the way it is supposed to be, or is it on a todo list for it to be fixed? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Clear text passwords
Guy Fraser [EMAIL PROTECTED] wrote: You will have to edit the source code to the detail module to make it do what you want. Is that the way it is supposed to be, or is it on a todo list for it to be fixed? Fixed to do what, and why? No, I'm not being dumb, I'd like to see reasons why dropping information from the detail log is a good idea. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Odd behaviour: with vs without child processes
Hi All (warning, big/verbose email below), First of all, quick summary of setup: - Stock Debian Sarge - Clean freeradius 1.1.1 package downloaded yesterday. Built using standard dpkg-buildpackage from source. - Stock config files, with appropriate SQL bits uncommented for freeradius-mysql to work (see bottom of email). So, generally, it works fine - However, I'm experiencing a problem where whenever an Access-Reject is sent, the response is VERY slow (ie: 30 seconds). This happens if it's a formal Access-Reject via radgroupcheck or just wrong password or whatever (anything that would result in an Access-Reject). Access-Accept is instant/perfect, it's only any Access-Reject. And yes, reject_delay is on its standard setting of 1. Now, the bit that baffled me was I couldn't replicate it in debug mode (freeradius -X). At least, until I worked out it only occurs when freeradius is run normally. If you pass the -s flag (Do not spawn child processes), it works perfectly with a 1 second Access-Reject delay; if you set it to spawn child processes, it appears the reject only gets sent when the request times out (or something). See below for full output of a working and non-working example: Run without child processes: --Working /usr/sbin/freeradius -sfxxyz Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/freeradius/proxy.conf Config: including file: /etc/freeradius/clients.conf Config: including file: /etc/freeradius/snmp.conf Config: including file: /etc/freeradius/eap.conf Config: including file: /etc/freeradius/sql.conf main: prefix = /usr main: localstatedir = /var main: logdir = /var/log/freeradius main: libdir = /usr/lib/freeradius main: radacctdir = /var/log/freeradius/radacct main: hostname_lookups = no main: snmp = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /var/log/freeradius/radius.log main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = no main: pidfile = /var/run/freeradius/freeradius.pid main: user = freerad main: group = freerad main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib/freeradius Module: Loaded exec exec: wait = yes exec: program = (null) exec: input_pairs = request exec: output_pairs = (null) exec: packet_type = (null) rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = clear Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = (null) mschap: authtype = MS-CHAP mschap: ntlm_auth = (null) Module: Instantiated mschap (mschap) Module: Loaded eap eap: default_eap_type = md5 eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = Password: gtc: auth_type = PAP rlm_eap: Loaded and initialized type gtc mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = /etc/freeradius/huntgroups preprocess: hints = /etc/freeradius/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = suffix realm: delimiter = @ realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded SQL sql: driver = rlm_sql_mysql sql: server = localhost sql: port = sql: login = freeradius sql: password = xx sql: radius_db = freeradius sql: acct_table = radacct sql: acct_table2 = radacct sql: authcheck_table =
Re: Clear text passwords
Alan DeKok wrote: Guy Fraser [EMAIL PROTECTED] wrote: You will have to edit the source code to the detail module to make it do what you want. Is that the way it is supposed to be, or is it on a todo list for it to be fixed? Fixed to do what, and why? To not log passwords in the detail file, because it puts them at unnecessary risk of exposure. No, I'm not being dumb, I'd like to see reasons why dropping information from the detail log is a good idea. Actually, I may be confused here. Are we talking about passwords entered by users and sent to the RADIUS daemon by a NAS being logged in the radius.log or the detail file? I ask because I *don't* see this behavior (except in debugging mode) on freeradius 1.0.5. So maybe we're talking about something else. We have strict rules here about handling sensitive data; I'd be in big trouble if any of my systems was storing user-supplied passphrases in a log file. -- George C. Kaplan[EMAIL PROTECTED] Communication Network Services510-643-0496 University of California at Berkeley - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Odd behaviour: with vs without child processes
Fenn Bailey [EMAIL PROTECTED] wrote: So, generally, it works fine - However, I'm experiencing a problem where whenever an Access-Reject is sent, the response is VERY slow (ie: 30 seconds). This happens if it's a formal Access-Reject via radgroupcheck or just wrong password or whatever (anything that would result in an Access-Reject). It's a bug. Set reject_delay=0, and it will work. This should be fixed in 1.1.2. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: WiFi Mac address authentication
brainstorm wrote:
I've tried your recommendations but it does not work as expected:
using Reject as rlm_passwd's authtype (as you suggested), the user
is always rejected, even when the MAC is in the file and is actually
found:
Yes sorry, that was wrong. Clearly authtype = Reject will fail the
request if the module matches. Don't know why I said that...
modcall[authorize]: module MAC-IP returns ok for request 0
Furthermore, if I change rlm_passwrd's authtype to Accept, the
supplicant auth fails and the following warning is shown:
That definitely won't work. Don't do it.
rad_check_password: Found Auth-Type Accept
rad_check_password: Found Auth-Type EAP
Warning: Found 2 auth-types on request for user 'bob'
However, if I comment rlm_passwd sections (MAC-IP in modules and
authorize), all works flawlessly.
Well, yes. But if it works flawlessly, why are you wanting help?
The users file has entries like these:
bob NT-Password == 0xa3d411301d637a38f4d22d484f256a04
joe NT-Password == 0xa3d411301d637a38f4d22d484f256a04
(...)
Which are matched correctly in all scenarios I've tested:
modcall[authorize]: module eap returns updated for request 0
users: Matched entry bob at line 1
According to radius documentation (aaa.txt), it is not correct to
place Auth-Type on check nor reply lists on the users file:
A quite common mistake is to place the attributes in the wrong lists,
for example placing Auth-Type, Password, NT-Password etc in the check
list, or in the reply list. When run in debugging mode, the server
will normally issue 'WARNING' messages saying that the attributes are
in the wrong list
So I conclude that users file is correct as it is now. What I'm doing
wrong and what should I do to avoid those warning messages ? If you
want the radiusd -X logs, I can attach them if you wish.
Hmm. I still say you need to read and understand the docs, but try this:
passwd MAC-IP {
filename = ${raddbdir}/MAC-IP
format = *Calling-Station-Id:
delimiter = :
}
(...)
authorize {
preprocess
MAC-IP {
# If the MAC isn't in the file, the modules returns notfound
# in that case, exit authorize with reject immediately
notfound = reject
}
files
eap
}
That is, have no authtype on the passwd module. If that doesn't work,
you may try something like:
passwd MAC-IP {
filename = ${raddbdir}/MAC-IP
format = *Calling-Station-Id:~Group
delimiter = :
}
(...)
authorize {
preprocess
MAC-IP
files
eap
}
/etc/raddb/MAC-IP:
00-11-22-33-44-55:FAKEGROUP
aa-bb-cc-dd-ee-ff:FAKEGROUP
/etc/raddb/users:
DEFAULT Group !* ANY, Auth-Type := Reject
user1 NT-Password := abcdefg...
user2 NT-Password := abcdefg...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Table radacct is empty
Dear freeradius users, I've try to with the previously version (freeradius 1.1.0) but I always got the same problem (table radacct id empty after the connection is OK for my client)..strange thing no ? Is it due to the NAS (DWL-2000ap+) which doesn't give all the informations...or something like that ? I'm really lost...I need to make it works. Best regards, Vincent - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dynamic module installation
On Mar 23, 2006, at 08:07, jasonatx0001 wrote: yes it can. I simply built my module with gcc as a dynamic library. Just be sure to use the same compiler flags that were used to build the freeradius sever - for example I was experiencing problems until I added the NDEBUG flag. After I built my module I just put the .so in the libs directory and added modified my config files. Not having a lot of success with this. I used that info and built the module. this is a module that works fine when built directly into freeradius. Copied it to libs and tried to use it. With the NDEBUG flag I get a core dump. My module does use the DEBUG command. So I removed that. No more core dumps, but a connect to a unix socket fails miserably. The socket is there and works. Restoring the original module works fine too. Perhaps something is still wrong in the way I am making the module. Here is the makefile: VERS = 1.0.5 CFLAGS = -I/usr/include -I/usr/local/msql3/include \ -I/usr/ports/net/freeradius/work/freeradius-$(VERS)/src/ include LIBS= -lc -L/usr/local/msql3/lib -lmsql ALL:rlm_msql.o rlm_msql rlm_msql.o: rlm_msql.c cc -g -fPIC -c $(CFLAGS) rlm_msql.c rlm_msql: rlm_msql.o cc -g -shared -soname,rlm_msql-$(VERS).so $(LIBS) \ -o rlm_msql-$(VERS).so rlm_msql.o install:rlm_msql install rlm_msql-$(VERS).so /usr/local/lib ln -s /usr/local/lib/rlm_msql-$(VERS).so /usr/local/lib/ rlm_msql.so - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Compilation errors with 1.0.5 (Solaris)
I am pretty sure I have seen this before, but after searching the archives, I can't find the solution. Anyway, under Solaris 9 (SPARC) I get the following during compilation: Making static dynamic in rlm_eap... make[6]: Entering directory `/home/jheiden/freeradius-1.0.5/src/modules/rlm_eap' gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -W -Wredundant-decls -Wundef -I../../include -I./libeap -c rlm_eap.c -o rlm_eap.o In file included from rlm_eap.c:26: rlm_eap.h:26:18: ltdl.h: No such file or directory In file included from rlm_eap.c:26: rlm_eap.h:36: error: parse error before lt_dlhandle rlm_eap.h:36: warning: no semicolon at end of struct or union rlm_eap.h:39: error: parse error before '}' token rlm_eap.h:39: warning: type defaults to `int' in declaration of `EAP_TYPES' rlm_eap.h:39: warning: data definition has no type or storage class rlm_eap.h:51: error: parse error before EAP_TYPES rlm_eap.h:51: warning: no semicolon at end of struct or union rlm_eap.h:66: error: parse error before '}' token rlm_eap.h:66: warning: type defaults to `int' in declaration of `rlm_eap_t' rlm_eap.h:66: warning: data definition has no type or storage class rlm_eap.h:70: error: parse error before '*' token rlm_eap.h:70: warning: function declaration isn't a prototype rlm_eap.h:71: error: parse error before '*' token rlm_eap.h:71: warning: function declaration isn't a prototype rlm_eap.h:72: error: parse error before '*' token rlm_eap.h:72: warning: function declaration isn't a prototype rlm_eap.h:75: error: parse error before '*' token rlm_eap.h:75: warning: function declaration isn't a prototype rlm_eap.h:79: error: parse error before '*' token rlm_eap.h:79: warning: function declaration isn't a prototype rlm_eap.h:89: error: parse error before '*' token rlm_eap.h:89: warning: function declaration isn't a prototype rlm_eap.h:90: error: parse error before '*' token rlm_eap.h:90: warning: function declaration isn't a prototype rlm_eap.h:91: error: parse error before '*' token rlm_eap.h:92: warning: function declaration isn't a prototype rlm_eap.c:33: error: parse error before ')' token rlm_eap.c:33: error: initializer element is not constant rlm_eap.c:33: error: (near initialization for `module_config[0].offset') rlm_eap.c:33: warning: missing initializer rlm_eap.c:33: warning: (near initialization for `module_config[0].offset') rlm_eap.c:33: error: initializer element is not constant rlm_eap.c:33: error: (near initialization for `module_config[0]') rlm_eap.c:35: error: parse error before ')' token rlm_eap.c:35: error: initializer element is not constant rlm_eap.c:35: error: (near initialization for `module_config[1].offset') rlm_eap.c:35: warning: missing initializer rlm_eap.c:35: warning: (near initialization for `module_config[1].offset') rlm_eap.c:35: error: initializer element is not constant rlm_eap.c:35: error: (near initialization for `module_config[1]') rlm_eap.c:37: error: parse error before ')' token rlm_eap.c:37: error: initializer element is not constant rlm_eap.c:37: error: (near initialization for `module_config[2].offset') rlm_eap.c:37: warning: missing initializer rlm_eap.c:37: warning: (near initialization for `module_config[2].offset') rlm_eap.c:37: error: initializer element is not constant rlm_eap.c:37: error: (near initialization for `module_config[2]') rlm_eap.c:39: error: parse error before ')' token rlm_eap.c:39: error: initializer element is not constant rlm_eap.c:39: error: (near initialization for `module_config[3].offset') rlm_eap.c:39: warning: missing initializer rlm_eap.c:39: warning: (near initialization for `module_config[3].offset') rlm_eap.c:39: error: initializer element is not constant rlm_eap.c:39: error: (near initialization for `module_config[3]') rlm_eap.c:41: error: initializer element is not constant rlm_eap.c:41: error: (near initialization for `module_config[4]') rlm_eap.c: In function `eap_detach': rlm_eap.c:55: error: `inst' undeclared (first use in this function) rlm_eap.c:55: error: (Each undeclared identifier is reported only once rlm_eap.c:55: error: for each function it appears in.) rlm_eap.c:58: error: parse error before ')' token rlm_eap.c:53: warning: unused parameter `instance' rlm_eap.c: At top level: rlm_eap.c:82: warning: declaration of `cs' shadows a global declaration rlm_eap.h:37: warning: shadowed declaration is here rlm_eap.c: In function `eap_instantiate': rlm_eap.c:87: error: `inst' undeclared (first use in this function) rlm_eap.c:89: error: parse error before ')' token rlm_eap.c: In function `eap_authenticate': rlm_eap.c:199: error: `inst' undeclared (first use in this function) rlm_eap.c:207: error: parse error before ')' token rlm_eap.c:197: warning: unused parameter `instance' rlm_eap.c: In function `eap_authorize': rlm_eap.c:428: error: `inst' undeclared
Help me get started
Hello guys This is Vignesh here. I have just started with Free Radius. I would like to understand the working of Free Radius before I start experimenting with it. We are planning to use Free Radius for developing a telecomm billing solution both prepaid and postpaid. I am not sure where to start from. Could you please help me out with it. If you have any documents, samples and if you can forward It would be of great help. My email id is [EMAIL PROTECTED] Thanks in advance Vignesh - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
