Problem with Solaris 8 to Solaris 10 migration (same radius version).
Hello, We have a Solaris 8 box running freeradius 1.0.4. This machine is being upgraded to a bigger beast running Solaris 10. The problem I am having has occurred on all versions of freeradius I have tested on the new Solaris 10 machine - including 1.0.4, 1.0.5, and 1.1.1. The error, when running radiusd -X is this: auth: Failed to validate the user. WARNING: Unprintable characters in the password. ? Double-check the shared secret on the server and the NAS! Facts: 1. We are connecting the same NAS box to the new machine and getting the same error. 2. We are using the same exact configuration files (and obviously the same secret.) 3. The NAS box is a Cisco Catalyst 3450 (24 DC Powered) Protocol 1645, IOS 12.1[13]EA1C. 4. I have verified that the same configuration file with the same secret is being read, and that the secret on the NAS box stays the same when connecting to both hosts. 5. I am sending no extra options to ./configure at compile time. I thank you so much for any leads anyone can give me into the cause of this. Here is the entire output: bash-3.00# /usr/local/sbin/radiusd -X -p 1645 Ignoring deprecated command-line option -pStarting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /var main: logdir = /var/log/radius main: libdir = /usr/local/lib main: radacctdir = /var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 1645 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /var/log/radius/radius.log main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /var/run/radiusd.pid main: user = root main: group = root main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms Using deprecated realms file. Support for this will go away soon. radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded System unix: cache = yes unix: passwd = /etc/passwd unix: shadow = /etc/shadow unix: group = /etc/group unix: radwtmp = /var/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 300 HASH: Reinitializing hash structures and lists for caching... HASH: user root found in hashtable bucket 11726 HASH: user daemon found in hashtable bucket 11668 HASH: user bin found in hashtable bucket 86651 HASH: user sys found in hashtable bucket 64201 HASH: user adm found in hashtable bucket 26466 HASH: user lp found in hashtable bucket 54068 HASH: user uucp found in hashtable bucket 38541 HASH: user nuucp found in hashtable bucket 74587 HASH: user smmsp found in hashtable bucket 13600 HASH: user listen found in hashtable bucket 49327 HASH: user gdm found in hashtable bucket 50360 HASH: user webservd found in hashtable bucket 39570 HASH: user nobody found in hashtable bucket 99723 HASH: user noaccess found in hashtable bucket 80609 HASH: user nobody4 found in hashtable bucket 84789 HASH: user c927693 found in hashtable bucket 51401 HASH: Stored 16 entries from /etc/passwd HASH: Stored 21 entries from /etc/group Module: Instantiated unix (unix) Module: Loaded preprocess preprocess: huntgroups = /usr/local/etc/raddb/huntgroups preprocess: hints = /usr/local/etc/raddb/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = suffix realm: delimiter = @ realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = /usr/local/etc/raddb/users files: acctusersfile = /usr/local/etc/raddb/acct_users files: preproxy_usersfile = /usr/local/etc/raddb/preproxy_users files: compat = no Module: Instantiated files (files) Module: Loaded detail detail: detailfile =
mysql and huntgroups
I am using freeradius having all the users stored in a mysql database. This works fine. Now I have the need to introduce huntgroups. This also works fine, when using the huntgroups file. As the mysql database is replicated automatically, all changes to user accounts on the main database also appear on the backup server. Can freeradius be configured, so that also the huntfile is handled by mysql and changes within that file are also replicated to the backup database? I did not find information about that. Thanks Norbert Wegener - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Show Groups in dialup_admin
Hi all! This question has been asked (but not answered?) before: http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg11278.html I do the following: * click on 'Show Groups' * click on a group * select a member of the group * click on 'Administer selected user' I am then supposed to get the user info on that specific user. Instead the group administration page reloads... How do I make it so that I actually get the selected user info page? Greetings, Evert - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Autoreply: Reid Canavan is on vacation.
I will be out of the office starting 09/11/2006 and will not return until 09/18/2006. I will respond to your message when I return. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql and huntgroups
Norbert Wegener [EMAIL PROTECTED] wrote: Can freeradius be configured, so that also the huntfile is handled by mysql and changes within that file are also replicated to the backup database? No. But the SQL module could probably be updated a little to handle that... Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Q:ABOUT:EXECUTE QUERY
Hello. My scenario is the next. I need to detect the telephone number that dial to my NAS (Network Access Server) and validate if that number exist in my database to retrieve some information, if that telephone number dosen´t exist i need to insert it's data. Then. 1. How can i get the telephone number that dial to my NAS? 2. Ones that i get the telephone number, what is the correct form to implement a new query to validate the existense of the number an the insert of it's data if not? Thank's in advanced. ___ Do You Yahoo!? La mejor conexión a Internet y b 2GB/b extra a tu correo por $100 al mes. http://net.yahoo.com.mx - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
auth flow according to attribute value
Hi all I'm new to freeradius, I would like to know if there is a module that basing on some attribute of the radius request execute a module, i.e. I want to alter the execution flow of the authorize section ... This give me the possibiltity to manage some business logic through the configuration of radius server... For example I could analize the nas-port-type attribute in the request and autheticate users on different database, basing on such parameter.. Best regards Giuseppe Tricarico - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Q:ABOUT:EXECUTE QUERY
Hello. My scenario is the next. I need to detect the telephone number that dial to my NAS (Network Access Server) and validate if that number exist in my database to retrieve some information, if that telephone number dosen´t exist i need to insert it's data. Then. 1. How can i get the telephone number that dial to my NAS? 2. Ones that i get the telephone number, what is the correct form to implement a new query to validate the existense of the number an the insert of it's data if not? its scenarios like this that convinced me to use rlm_perl, then your custom perl authentication script can update your database as it sees fit. Other methods would be to use rlm_exec (for another scripting language) or using stored proceedures (supported in mysql 5 for example). Oh and i think the radius parameter you are looking for is Calling-Station-Id. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: auth flow according to attribute value
On Mon, 11 Sep 2006, Giuseppe Tricarico wrote: Hi all I'm new to freeradius, I would like to know if there is a module that basing on some attribute of the radius request execute a module, i.e. I want to alter the execution flow of the authorize section ... This give me the possibiltity to manage some business logic through the configuration of radius server... For example I could analize the nas-port-type attribute in the request and autheticate users on different database, basing on such parameter.. See doc/Autz-Type Something like (in users file): DEFAULT NAS-Port-Type == Virtual, Autz-Type := Virtual DEFAULT NAS-Port-Type == ISDN, Autz-Type := ISDN Best regards Giuseppe Tricarico - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: auth flow according to attribute value
Giuseppe Tricarico wrote: Hi all I'm new to freeradius, I would like to know if there is a module that basing on some attribute of the radius request execute a module, i.e. I want to alter the execution flow of the authorize section ... This give me the possibiltity to manage some business logic through the configuration of radius server... For example I could analize the nas-port-type attribute in the request and autheticate users on different database, basing on such parameter.. see doc/Autz-Type which does exactly this Best regards Giuseppe Tricarico - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl and accounting -- radrelay?
Was there any final word on the direction of this and when it might be available? Thanks. -jc Peter Nixon wrote: On Thu 07 Sep 2006 15:07, Alan DeKok wrote: Kostas Kalevras [EMAIL PROTECTED] wrote: Just a side note on the clone packets issue i ve come across it in another situation. We act as a proxy for various ISPs and we need to have a way to replicate accounting-on/off packets (which obviously don't carry a [EMAIL PROTECTED] attribute) to all ISPs. But currently this is not possible since we have a server logic of one request,one thread. Being able to use multiple Proxy-To-Realm attributes would be great. I think the easiest way to do this is to write a special-purpose 1-N proxying server. It's special purpose enough that I'm not sure that work belongs in the server core. i.e. Doing N proxies means what, exactly for pre/post-proxy sections? Do we add a queue of proxied packets to the REQUEST? The 1-N proxying server can look for special proxy to X attributes in the packet, strip them out, and proxy the packet to N different places. It can even read proxy.conf, so there's one source for configuration files. With a little more work, it can also read the detail files, and be radrelay, too. Being able to selectively replicate an accounting packet N times may not be a standard configuration (although certainly usefull) but proxying accounting-on/off packets to some/all downstream servers is something that almost _everyone_ proxying accounting will want to do. This probaby warrants a new config option in proxy.conf (acctonoff-shotgun=yes/no) In particular any downstream servers running ippools need this information... Not to mention people who charge by the minute for a particular service.. Cheers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mac auth configuration
Thanks a lot! That worked. -Vineet Phil Mayers wrote: Vineet Verma wrote: Hi, I have been able to configure FreeRadius to successfully authenticate a client based on the MAC address with entries like: 00-0c-41-5f-91-4b Auth-Type := Local, User-Password == 00-0c-41-5f-91-4b Acct-Interim-Interval = 60 Is there any way to configure it so I don't have to list every client? For example can I have some kind of glob as follows, say for all clients with OUI 00-0c-41: 00-0c-41-* Auth-Type := Local, User-Password == 00-0c-41-5f-91-4b Acct-Interim-Interval = 60 If not, how do I do something like this? Try: DEFAULTUser-Name =~ 00-0c-41-..-..-.., Auth-Type := Accept Acct-Interim-Interval = 60 If this is a multi-NAS server (e.g. dialup+802.1x+macauth) you'll want to put more checks on the first line e.g. NAS-Port-Type == Ethernet, Huntgroup-Name == mac-auth-switches to avoid the minor security hole of a user on the other NASes being able to set their username to a MAC address. Thanks, Vineet - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl and accounting -- radrelay?
Justin Church [EMAIL PROTECTED] wrote: Was there any final word on the direction of this and when it might be available? Whenever someone gets time to do the work... Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRADIUS install time errors on Solaris
Hello, I am trying to compile and install the latest FreeRADIUS version freeradius-1.1.3 on Solaris 5.8 I am able to run the ./configure and make commands, but when I run make install Im getting the following error: /nisusers/rsutaria/FreeRADIUS/freeradius-1.1.3/install-sh -c -c .libs/libradius.lai /usr/local/lib/libradius.la /nisusers/rsutaria/FreeRADIUS/freeradius-1.1.3/install-sh -c -c .libs/libradius.a /usr/local/lib/libradius.a chmod 644 /usr/local/lib/libradius.a ranlib /usr/local/lib/libradius.a /nisusers/rsutaria/FreeRADIUS/freeradius-1.1.3/libtool: ranlib: command not found make[4]: *** [install] Error 127 make[4]: Leaving directory `/nisusers/rsutaria/FreeRADIUS/freeradius-1.1.3/src/lib' make[3]: *** [common] Error 2 I can gather that my solaris instance is missing the ranlib command- but I was wondering if someone could tell me which is the package I need to install on solaris for the make install to work fine? Is there anything else that I could be doing wrong here? Help is much appreciated, in advance! Thanks, Ronak - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FreeRADIUS install time errors on Solaris
Hello, Please pardon my below mail- Im a newbie to FreeRADIUS working on solaris after a long time. Below was shell env problems. Thanks, Ronak From: Ronak Sutaria Sent: Monday, September 11, 2006 3:22 PM To: 'freeradius-users@lists.freeradius.org' Cc: '[EMAIL PROTECTED]' Subject: FreeRADIUS install time errors on Solaris Hello, I am trying to compile and install the latest FreeRADIUS version freeradius-1.1.3 on Solaris 5.8 I am able to run the ./configure and make commands, but when I run make install Im getting the following error: /nisusers/rsutaria/FreeRADIUS/freeradius-1.1.3/install-sh -c -c .libs/libradius.lai /usr/local/lib/libradius.la /nisusers/rsutaria/FreeRADIUS/freeradius-1.1.3/install-sh -c -c .libs/libradius.a /usr/local/lib/libradius.a chmod 644 /usr/local/lib/libradius.a ranlib /usr/local/lib/libradius.a /nisusers/rsutaria/FreeRADIUS/freeradius-1.1.3/libtool: ranlib: command not found make[4]: *** [install] Error 127 make[4]: Leaving directory `/nisusers/rsutaria/FreeRADIUS/freeradius-1.1.3/src/lib' make[3]: *** [common] Error 2 I can gather that my solaris instance is missing the ranlib command- but I was wondering if someone could tell me which is the package I need to install on solaris for the make install to work fine? Is there anything else that I could be doing wrong here? Help is much appreciated, in advance! Thanks, Ronak - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius suport IPv6 ??????????????/
whether Free-Radius support IPv6?? Help me please!!! ☞ 카트라이더가 지겹다면? 이제는 인라인 레이싱게임 Xplay! ☜ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
