Re: Basic question to authenticate switches and Linux boxes
You need to rephrase your question. Do you want to: a.) authenticate and authorize users accessing the console of your switch? b.) authenticate a machine/user connected to a port of a switch (MAC auth or 801.x) c.) Linux boxes are machines... see B d.) authenticate users accessing the boxes... Regards, E:S On 09.05.2013 21:38, Roberto Carna wrote: Dear Matt, my second question is: If I have to authenticate Linux boxes and switches against Freeradius, do I have to use libpam-radius-auth for both devices or what ??? Thanks again, Roberto 2013/5/8 Matt Zagrabelny mzagr...@d.umn.edu mailto:mzagr...@d.umn.edu On Wed, May 8, 2013 at 3:26 PM, Roberto Carna robertocarn...@gmail.com mailto:robertocarn...@gmail.com wrote: Dear, I'm new at Freeredius as an AAA sever in a Linux box and I need to authenticate Allied switches and Debian/Centos boxes. What package/module do I have to install in adition to freeradius ??? For the Debian clients you might want: libpam-radius-auth You can use apt-cache to search for things: % apt-cache search radius pam freeradius - high-performance and highly configurable RADIUS server libpam-radius-auth - The PAM RADIUS authentication module yardradius - YARD Radius Authorization and Accounting Server And what authentication procedure do I have ti use in order to let universal AAA ??? I don't understand this question. -mz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: HP-Command-String in sql accounting
Just change the SQL schema of your table and adapt the SQL query in sql.conf! Best regards, E:S -Original Message- From: freeradius-users- bounces+edvin.seferovic=kolp...@lists.freeradius.org [mailto:freeradius-users- bounces+edvin.seferovic=kolp...@lists.freeradius.org] On Behalf Of Marc Boisis-Delavaud Sent: Montag, 12. März 2012 15:56 To: FreeRadius users mailing list Subject: HP-Command-String in sql accounting Hello, I've enabled command accounting of my HP procure switches. The information is sent to radius : rad_recv: Accounting-Request packet from host 10.10.0.138 port 1274, id=79, length=128 Acct-Session-Id = 00280016 Acct-Status-Type = Interim-Update Service-Type = NAS-Prompt-User Acct-Authentic = RADIUS User-Name = toto NAS-IP-Address = 10.10.0.138 NAS-Identifier = sw NAS-Port-Type = Virtual Calling-Station-Id = 10.1.11.61 HP-Command-String = show running-config Acct-Delay-Time = 0 But the HP-Command-String is not present in the radacct table, is it possible to have it ? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Locked account
access_attr = dialupAccess access_attr_used_for_allow = yes or you can use the ldap attribute in the filter (something)(nsAccountLock=true) Kind regards, E:S From: freeradius-users-bounces+edvin.seferovic=kolp...@lists.freeradius.org [mailto:freeradius-users-bounces+edvin.seferovic=kolp...@lists.freeradius.or g] On Behalf Of Maurice James Sent: Mittwoch, 12. Oktober 2011 00:47 To: freeradius-users@lists.freeradius.org Subject: Locked account How do I get freeradius to deny access based on the ldap attribute nsAccountLock = true? http://g.bfbcs.com/175/pc_Lt%20Lotz.png Description: pc_Lt Lotz image001.jpg- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Strange problem regarding PPTP and FreeRADIUS
Might this be a PopTop issue? What platform are you using? Please note those two highlighted lines, the User-Name is \000ila while what I have used as the username is ali. Also, NAS-IP-Address is somehow encrypted. I searched a lot, but I could not find any similar problem. Any ideas? Regards, E.S. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Accounting into MySQL
1. Using NTRadPING, should I get entries in my radacct table? Are you sending accounting packets? If not - why should freeradius pass any request to accounting parts. 2. I have uncommented the sql_log, and all the detail log sections, and in the accounting section, and uncommented the sql in the accounting section. What other changed are required assuming that I am already successfully authenticating from the radcheck table? Did you set the right user/password combination for access to mysql server? ( you probably did, else you would have seen errors while starting freeradius with -X switch ) Regards, E:S - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: error too many open files error reading radiusd.conf
Open files 2048 ?? Man LSOF ?? Regards, E:S From: freeradius-users-bounces+edvin.seferovic=kolp...@lists.freeradius.org [mailto:freeradius-users-bounces+edvin.seferovic=kolp...@lists.freeradius.or g] On Behalf Of Angel Rivera Sent: Dienstag, 28. April 2009 00:51 To: freeradius-users@lists.freeradius.org Subject: error too many open files error reading radiusd.conf [r...@ws11 ws11]# radiusd -x Starting - reading configuration files ... Errors reading dictionary: dict_init: /usr/share/freeradius/dictionary[55]: Couldn't open dictionary /usr/share/freeradius/dictionary.compat: Too many open files Errors reading radiusd.conf I already adjusted the limit of my system [r...@ws11 ws11]# ulimit -aH core file size (blocks, -c) unlimited data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 8176 max locked memory (kbytes, -l) 32 max memory size (kbytes, -m) unlimited open files (-n) 2048 pipe size(512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) unlimited cpu time (seconds, -t) unlimited max user processes (-u) 8176 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited but still end up with the same problem -- ICQ# 209485063 YM: kuroro.rucil...@yahoo.com MSN: angelse...@hotmail.com AIM: SevarSS http://www.pie.us - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Acct-Input-Gigawords
how do i use the Acct-Input-Gigawords and Acct-Output-Gigawords Attributes with FreeRADIUS Version 1.1.3 and FreeRADIUS Version 1.0.2 and PPP 2.4.4? I set up the fields in the mysql-table but they do not get filled with data. Those will be filled when the connection goes over the limit of the Octets. See the freeradius homepage for the explanation on this. Is there a way (radius or ppp) to get the Accounting-Data on-the-fly (realtime) or maybe all 2 hours without disconnection the actual session of the user? Depending on your NAS, you can send Accounting updates every 5 minutes ! The attribute that NAS has to accept is called Acct-Interim-Interval. You can set it to 300 ( 5 min ) ! Kind regards, E:S - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Acct-Input-Gigawords
Where can i set it up? I use rp-pppoe-server and ppp 2.4.4 on debian That attribute should be replied by the server in access-accept RADIUS packet. You can define it for each user in your user DB ( SQL, LDAP ) and freeradius should be able to add it to the above mentioned packet. Regards, E:S - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius Usage
Hi, excuse me for asking, but why dont you set up the AppServer in your DMZ ? you could have ( what I call ) the T - structure --- INTERNET -- GATEWAY ( server1 ) --- LOCAL LAN I I DMZ I SERVER2 + APPServer It depends how your users use the gateway and how are they suppose to connect to the Internet. Regards, E:S From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of Jesse Stone Sent: Samstag, 06. September 2008 01:25 To: FreeRadius users mailing list Subject: Freeradius Usage Hi All, I am new to this mailing list and am about to ask a probably very silly question. Please feel free to direct me to resources that'll help me answer them. I want to setup the following: Gateway [server1] - nic1 = Internet - nic2 = DMZ [server2] - nic3 = Router w/ Wireless - App Server [Server3] (FREERADIUS SERVER HERE) - Local Lan I read a lot about both Freeradius and LDAP and cannot determine if either can accomplish my goals. What I want is: 1) 1 central place where all user authenication takes place: SSH, Shell Access, Samba, OpenVPN, Mumble, Any other app that requires user administration. 2) This information stored in a SQL type database so that I can build my own custom apps to report on user usage, performance ect. 3) My router has wireless and I have enabled the security features. I would still like authenication to take place before a wireless user is allowed on the network. For example, Currently, I have this: Router w/ Wireless - App Server [Server3] + Local Lan I want this: Router w/ Wireless - App Server [Server3] - Local Lan Is Freeradius the best approach for my needs? Do I need anything else? -Jesse - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: sqlcounters for traffic
rlm_sqlcounter: Sent Reply-Item for user scott, Type=Session-Traffic-Limit, value=12792 Which part dont you understand? Sqlcounter returned it. How does the log part of the RADIUS Packet looks like? It should contain the Session-Traffic-Limit if it can be found in the dictionary, right? E:S From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of Alexandre Chapellon Sent: Samstag, 06. September 2008 01:53 To: FreeRadius users mailing list Subject: sqlcounters for traffic I want to se sqlcounters to count bytes transferred from clients so that i manage quota. Aiming this i configured the following counter: sqlcounter bytesQuota { counter-name = traffic_quota check-name = Max-Traffic reply-name = Session-Traffic-Limit sqlmod-inst = mysqldb key = User-Name reset = hourly query = SELECT SUM(acctinputoctets + acctoutputoctets) FROM radacct WHERE UserName='%{%k}' } My first problem is that the Session-Traffic-Limit (from the redback dictionnary) is not returned. I can't see it neither in the output of radtest nor with radsniff. Yet, looking at the output of radiusd -X i can see it's correctly understood by freeradius: rlm_sqlcounter: Check item is greater than query result rlm_sqlcounter: Authorized user scott, check_item=12000, counter=10891 rlm_sqlcounter: Sent Reply-Item for user scott, Type=Session-Traffic-Limit, value=12792 ++[bytesQuota] returns ok Does anyone has a clue? Alexandre Chapellon a écrit : You're right, adding the name of my sqlcounter in the instantiate section lake it works. thx :) Alan DeKok a écrit : Alexandre Chapellon wrote: whenever i launch freeradius -X I get the folloawing error: /etc/freeradius/users[205]: Parse error (check) for entry scott: Invalid octet string 101 for attribute name Max-Traffic The modules are initialized in *order*. The sqlcounter module creates the attributes on the fly. But... it can't do this if it hasn't been run yet. Line 205 is the line where user scott is defined in users files. I have tryed setting up my own dictionnary (which i think shouldn't be needed) with the Max-Traffic attribute defined as interger VENDOR ME ATTRIBUTE Max-Traffic 1 integer That isn't the correct dictionary file format, but it's not relevant, either. But that doesn't help. I have read all over the web that sqlcounter with mysql are considered as stable enough for production , so am quite surprised of this issue... Any idea? List sqlcounter in the instantiate section. It will be initialized before the users file is read. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius Usage
It is a tricky concept, but it can be done with a lot of effort. Probably not for all applications ( since it doesn't make any sense for some of them ). Maybe you should consider making a real network DMZ. The concept of DMZ allows you to define and allow/disallow access to services from the Internet and those from the local LAN. You DO NOT make things or services available to the DMZ ! Start simple ! Regards, E:S From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of Jesse Stone Sent: Samstag, 06. September 2008 01:50 To: FreeRadius users mailing list Subject: Re: Freeradius Usage Thank you for the quick response. I may not have mentioned this previously but I am by no means a linux/networking expert. The company I work for is pro-MS. Recently, I got the urge to get back into Linux and here I am. My thinking (in regards to network structure) was that I wanted applications intended to the public as far away from my local lan as posible. The local lan requires the app server though- OpenVPN, Samba (as a PDC), misc other things so I wanted it available to the local lan but not to the DMZ. My main questions though are with Freeradius. My setup is for hobby purposes only and already I would have difficulty telling you exactly which users have access to what. I want to using a technology like Freeradius or LDAP create 1 central place on the app server that EVERYTHING would authenication to. In a perfect world, the end result would be that I could type something like this: select %user% from permissionsDB and be returned something like this: SSH: NO, OpenVPN: YES, Samba: %Specific group% (which indicates shares available), Shell Access: No, ect Basically, I want a setup where I can easilly scale upwards without having to teach each new application how to use a DB. Freeradious also can authenicate my wireless users when would also be great as for all I know, half my bandwidth is being used by my neighbors. -Jesse On Fri, Sep 5, 2008 at 4:34 PM, Edvin Seferovic [EMAIL PROTECTED] wrote: Hi, excuse me for asking, but why dont you set up the AppServer in your DMZ ? you could have ( what I call ) the T - structure --- INTERNET -- GATEWAY ( server1 ) --- LOCAL LAN I I DMZ I SERVER2 + APPServer It depends how your users use the gateway and how are they suppose to connect to the Internet. Regards, E:S From: freeradius-users-bounces+edvin.seferovic=kolp.at http://kolp.at/ @lists.freeradius.org http://lists.freeradius.org/ [mailto:freeradius-users-bounces+edvin.seferovic mailto:freeradius-users-bounces%2Bedvin.seferovic =kolp.at http://kolp.at/ @lists.freeradius.org http://lists.freeradius.org/ ] On Behalf Of Jesse Stone Sent: Samstag, 06. September 2008 01:25 To: FreeRadius users mailing list Subject: Freeradius Usage Hi All, I am new to this mailing list and am about to ask a probably very silly question. Please feel free to direct me to resources that'll help me answer them. I want to setup the following: Gateway [server1] - nic1 = Internet - nic2 = DMZ [server2] - nic3 = Router w/ Wireless - App Server [Server3] (FREERADIUS SERVER HERE) - Local Lan I read a lot about both Freeradius and LDAP and cannot determine if either can accomplish my goals. What I want is: 1) 1 central place where all user authenication takes place: SSH, Shell Access, Samba, OpenVPN, Mumble, Any other app that requires user administration. 2) This information stored in a SQL type database so that I can build my own custom apps to report on user usage, performance ect. 3) My router has wireless and I have enabled the security features. I would still like authenication to take place before a wireless user is allowed on the network. For example, Currently, I have this: Router w/ Wireless - App Server [Server3] + Local Lan I want this: Router w/ Wireless - App Server [Server3] - Local Lan Is Freeradius the best approach for my needs? Do I need anything else? -Jesse - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius+pptpd+mysq - rc_avpair_new: unknown attribute 6
Nice one ! Should be really usefull ! Regards, E:S -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of Thibault Le Meur Sent: Mittwoch, 19. März 2008 09:57 To: FreeRadius users mailing list Subject: Re: freeradius+pptpd+mysq - rc_avpair_new: unknown attribute 6 Alan DeKok a écrit : What am I doing wrong? Below I've copypasted config files of pptpd radius and their debug logs. sigh Do NOT post the FreeRADIUS dictionaries to this list. There is nothing wrong with the dictionaries. DO configure pptpd to point to the RADIUS dictionaries it needs. I've written a little tuto on this, maybe it can help you: http://wiki.freeradius.org/PopTop Regards, Thibault - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Newslists
Constructive answer like always is to analyze what you want to achieve with freeradius. Rethink the configuration, read the documentation for you setup needs and ask straight-forward question. You cannot just post the debug output and hope that someone can understand what you actually need. Try to elaborate your setup, the steps you have already done and of course the debugging output. Alan will probably give you simple answer like yes/no and point to the right direction. But again - you cannot expect someone to do the installation and setup for you ! People are usually paid for that ! Although Alan might be sarcastic, he has never let anyone down who was willing to learn and accept the mistakes ( including myself ). Regards, E:S -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Keith Dovale - HostworX.co.za Sent: Freitag, 08. Februar 2008 10:46 To: 'FreeRadius users mailing list' Subject: RE: Newslists No not at all, and I don’t expect it. But at least someone like yourself, who seems to be the guru on freeradius, could at least reply with a constructive answer rather than replying with sarcastic comments. My question is where did I announce I don’t read the documentation that is the first thing I went to. I have gone through the read me's, faq's etc and have followed their directions regarding this, it’s the debug that is giving the error. And responding with weird checks, that is exactly why I posted here as there is no google results / faqs, etc that answer my question. Regards Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Friday, February 08, 2008 9:44 AM To: FreeRadius users mailing list Subject: Re: Newslists Keith Dovale - HostworX.co.za wrote: My Honest opinion of this news list / user group is that it is not helpful at all, it seems if you are not in the click, no one helps, does anyone moderate this or not ? I have posted twice now and no one replies… Is there a contractual obligation requiring people to support you? In any case, you haven't followed the instructions in the FAQ, README, INSTALL, etc. You've already announced that you don't read the documentation people write, so why would anyone write more on this list? Regards Keith *From:* Keith Dovale - HostworX.co.za [mailto:[EMAIL PROTECTED] *Sent:* Thursday, February 07, 2008 9:08 PM *To:* ' *Subject:* attr rewrite issue Hi Guys, some help please . I am trying to do a attr rewrite to change an Attribute value then do a check based on the attribute that is changed, if the check fails do another attrib rewrite to the next value and do another check, until either the check fails or passes. There is basically only 4 checks in the group statement in the authorise section which do Attrib rewrite Do check (If it fails do) Attrib rewrite Do check (If it fails do) Attrib check Do rewrite (If it fails do) Attrib check Do rewrite Reject Pass When it runs it checks the reply packet for an attribute Configuration-Token which is defined in the radgroupreply for the users but it seems it cannot find it and gives an error. As below rlm_sqlcounter: (Check item - counter) is less than zero rlm_sqlcounter: Rejected user keith, check_item=0, counter=0 modcall[authorize]: module MonthlyUnShaped returns reject for request 2 radius_xlat: 'UNSHAPED_NORMAL' rlm_attr_rewrite: No match found for attribute Configuration-Token with value 'SHAPED_NORMAL' radius_xlat: 'UNSHAPED_NORMAL' radius_xlat: 'SHAPED_NORMAL' rlm_attr_rewrite: Changed value for attribute Configuration-Token from 'UNSHAPED_NORMAL' to 'SHAPED_NORMAL' rlm_attr_rewrite: Could not find value pair for attribute Configuration-Token modcall[authorize]: module AttrRewrite_MonthlyBlendedShaped returns ok for request 2 can anyone help - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: SNMP error
Hello, I am also curious about the answer on this question ! Are there any plans to implement AgentX protocol into freeradius project? Alan? Kind regards, E:S -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of Amr el-Saeed Sent: Dienstag, 05. Februar 2008 09:05 To: FreeRadius users mailing list Subject: Re: SNMP error Hi, any suggestions about what to do to make snmp work on 64-bit?? Amr el-Saeed wrote: Dear Alan, i build from the source file that i downloaded from freeradius.org i suspected the 64-bit i made several trials , and here is the result freeradius-1.1.7 , snmp-5.0.9-2.30E.20 , RHEL3 , 32-bit working freeradius-1.1.7 , snmp-5.0.9-2.30E.20 , RHEL5 , 32-bit working freeradius-1.1.7 , snmp-5.0.9-2.30E.20 , RHEL5 , 64-bit NOT working freeradius-1.1.7 , snmp-5.3.1-19.el5 , RHEL5 , 32-bit NOT working freeradius-1.1.7 , snmp-5.3.1-19.el5 , RHEL5 , 64-bit NOT working any comments ?? [EMAIL PROTECTED] wrote: Hi, i have OS RHEL5 it looks like it didnt build with the required debug parts - once again, as you are using the SPEC for your distro they could have other things that mess it up - I can only help if you build from the source and leave package management stuff alone. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius-Users Digest, Vol 34, Issue 16
It is probably turkish and since the guy had week knowledge of english language, maybe this guy can help him ! Regards, E:S -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of Mike Puchol Sent: Montag, 04. Februar 2008 10:49 To: FreeRadius users mailing list Subject: Re: Freeradius-Users Digest, Vol 34, Issue 16 [EMAIL PROTECTED] wrote: Selam kardes, Heralde yazdiklarini burda kimse anlamiyo. Belki anlamaz da. Onun icin ne yapmak istedigini, yaptigini gonder. Yani Radius'unu debug modunda calistir sonra da ciktisini buraya gonder ondan sonra sana daha iyi yardimda bulunurlar. Yoksa boyle seyler yazarsan sana dokumanlari oku demekle yetinicekler. Hadi kolay gelsin. I tried Rot13, but got nowhere. Any suggestions anyone? Cheers, Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: not Accountint
Those are access-request and access-accept packets. No accounting request is being received ! Your NAS isn't sending any accounting messages ? Maybe you should disable all those modules that you don't need ! Regards, E:S -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of [EMAIL PROTECTED] Sent: Montag, 04. Februar 2008 07:14 To: FreeRadius users mailing list Subject: not Accountint Hi, Everything with the Authentication is OK. But Accounting is not working. I've added dialupadmin tables (such as badusers.sql, userinfo.sql ) to my radius table. Do I have to insert some data to them? These tables are empty. And in dialupadmin, there isn't any RADIUSClients menu on the web. When I tried to add new user by dialupadmin, Could not open encryption library file error. I've uncommented most of parts in the conf files. I think, Accounting Packet is not sending and sending back Reply packet. How can I manage these? Also give me brief description of unlang function, please. Here is the logging with debugging mode: Ready to process requests. rad_recv: Access-Request packet from host 203.34.37.40 port 1060, id=2, length=124 User-Name = testuser User-Password = test NAS-IP-Address = 203.34.37.40 NAS-Port = 10101001 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 192.168.160.111 Called-Station-Id = 001B2109D9EC Calling-Station-Id = ff-ff-ff-ff-ff-ff Acct-Session-Id = 143 NAS-Port-Type = Virtual +- entering group authorize ++[preprocess] returns ok expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d - /usr/local/var/log/radius/radacct/203.34.37.40/auth-detail-20080204 rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/203.34.37.40/auth-detail-20080204 expand: %t - Mon Feb 4 12:27:56 2008 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = testuser, looking up realm NULL rlm_realm: No such realm NULL ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound users: Matched entry DEFAULT at line 172 ++[files] returns ok expand: %{User-Name} - testuser rlm_sql (sql): sql_set_user escaped user -- 'testuser' rlm_sql (sql): Reserving sql socket id: 1 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'testuser' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'testuser' ORDER BY id rlm_sql (sql): User found in radcheck table expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute, value, op FROM radreply WHERE username = 'testuser' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'testuser' ORDER BY id expand: SELECT groupname FROM usergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority - SELECT groupname FROM usergroup WHERE username = 'testuser' ORDER BY priority rlm_sql_mysql: query: SELECT groupname FROM usergroup WHERE username = 'testuser' ORDER BYpriority expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname= '%{Sql-Group}' ORDER BY id - SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'static' ORDER BY id rlm_sql_mysql: query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'static' ORDER BY id rlm_sql (sql): User found in group static expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname= '%{Sql-Group}' ORDER BY id - SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'static' ORDER BY id rlm_sql_mysql: query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'static' ORDER BY id rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok rlm_counter: Entering module authorize code rlm_counter: Could not find Check item value pair ++[daily] returns noop rlm_checkval: Item Name: Calling-Station-Id, Value: ff-ff-ff-ff-ff-ff rlm_checkval: Value
RE: Help me please!!
What do you want to do? What do you want to achieve? What authentication are you planning to use ? Regards, E:S From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of aziz yucelen Sent: Montag, 04. Februar 2008 07:35 To: freeradius-users@lists.freeradius.org Subject: Help me please!! Hi..Image removed by sender. Font Size I am receiving this Access-Challenge message.I dont know what I do.Please help me. Thanks... rad_recv: Access-Request packet from host 10.1.254.38 port 49155, id=0, length=73 Threads: total/active/spare threads = 5/0/5 Thread 2 got semaphore Thread 2 handling request 0, (1 handled so far) NAS-IP-Address = 10.1.254.38 NAS-Port-Type = Ethernet NAS-Port = 17 User-Name = test EAP-Message = 0x020100090174657374 Message-Authenticator = 0x40b01c65697a037c2aec79069d28d709 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop Waking up in 0.9 seconds. ++[unix] returns notfound rlm_realm: No '@' in User-Name = test, looking up realm NULL rlm_realm: No such realm NULL ++[suffix] returns noop rlm_eap: EAP packet type response id 1 length 9 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated users: Matched entry test at line 93 expand: Hello, %{User-Name} - Hello, test ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type EAP +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 0 to 10.1.254.38 port 49155 Reply-Message = Hello, test EAP-Message = 0x010200061920 Message-Authenticator = 0x State = 0xf779e639f77bff0d3d2c202f1c7a8b9c Finished request 0. Going to the next request Thread 2 waiting to be assigned a request rad_recv: Access-Request packet from host 10.1.254.38 port 49155, id=0, length=162 Cleaning up request 0 ID 0 with timestamp +553 Waking up in 0.9 seconds. Thread 3 got semaphore Thread 3 handling request 1, (1 handled so far) NAS-IP-Address = 10.1.254.38 NAS-Port-Type = Ethernet NAS-Port = 17 User-Name = test State = 0xf779e639f77bff0d3d2c202f1c7a8b9c EAP-Message = 0x02020050198000461603010041013d030147ac558d77684de77a5d4e927a0c8abb d79d3e8c289aa3006aa63ea402fae95c1600040005000a00090064006200030006001300 1200630100 Message-Authenticator = 0xb38e6c9574648ff3b9b43230ab24f470 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound rlm_realm: No '@' in User-Name = test, looking up realm NULL rlm_realm: No such realm NULL ++[suffix] returns noop rlm_eap: EAP packet type response id 2 length 80 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type EAP +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS TLS Length 70 rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: TLS 1.0 Handshake [length 0589], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 0 to 10.1.254.38 port 49155 EAP-Message = 0x0103040019c005e6160301004a0246030147a319d725ef54f7b8675834e9966206 0c8f0d046180fc473283e66e4672c67a205ba7f2ccb2f755a847a0e47c06522a98b521b9d02f e5a07f13bc49b5cb49637800040016030105890b00058500058200029730820293308201fca0 03020102020101300d06092a864886f70d01010505003078310b300906035504061302545231 0d300b0603550408130454524e4331153013060355040a0c0c44c384c2b0434c452042494d31 0c300a060355040b130342494d3110300e0603550403130742494d484f53543123302106092a 864886f70d010901161463636f736b756e406469636c652e6564 EAP-Message =
RE: Traffic volume accounting
Is it possible to have a counter setup to achieve this? Yes. It is. I'd like to know if someone has implemented realtime upload/download limitations and what methods were used. Realtime traffic accounting would have to be supported by your NAS. Any kind of traffic/bandwidth limitations has to be supported by you NAS, you have to tell freeRADIUS what data to store and how to calculate the values.. and of course, what attributes should it answer to NAS ! Regards, E:S - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Help Needed Please freeradius traffic limiting
What are you using as NAS ?? Regards, E:S From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of Keith Dovale Sent: Dienstag, 15. Jänner 2008 17:41 To: 'FreeRadius users mailing list' Subject: FW: Help Needed Please freeradius traffic limiting Regards Keith Dovale http://www.hostworx.co.za/ LogoNBG From: Keith Dovale Sent: Tuesday, January 15, 2008 6:24 PM To: 'FreeRadius users mailing list' Subject: Help Needed Please freeradius traffic limiting Ok I need to do this and if someone could help I would appreciate it as I am new to this 1. I Need to limit users by traffic and NOT session time (I setup the monthly counters to check but the counters cannot go beyond 2,148,000,000 and they fail I think this is due to the counters using the type as integer. If I can get this value to go beyond this this then sorts out my problem based on traffic.) 2. I need to execute a query to check the clients total traffic usage and compare it to their limit, if they have gone beyond their limit I need to be able to execute a disconnect. (The disconnect side I have got working manually, so if there is a way to trigger / execute a program on a interim update which will force a discon that will help, else if this can be done another way please let me know. 3. Any recommendations on how to go about the above issues which will do this in an easier way please let me know. Regards Keith Dovale http://www.hostworx.co.za/ LogoNBG image001.jpg- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MAC or user auth
Authorization via MAC Address (with no username required) This is being done by your NAS ! Username is usually the MAC address. if the machine is using a valid IP Address, it is automatically allowed to surf. (I know there is a Calling-Station-id attribute in radcheck) IP address has to be given by DHCP or your NAS. FreeRADIUS has nothing to do with the firewall rules ( NAT etc ). But I need also a support for username/password authentification (via WWW) too. This also depends on your NAS ! When I try to log in only with MAC, I get a Radius responce no username, and the machine is denied. Run freeradius in debug mode ( freeradius -X ) and see what attribute is used for MAC address and use it as i.e. username. You should send us more information about your NAS. Nobody will be able to help you in other case. Regards, E:S - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: powerfull manager?
Let me develop one for you :) Features :) Joke = OFF :) I would still like to hear the features for a billing manager since I am developing one as a project at TU Vienna. I am willing to publish some of the work under GPL.. just make it open source ( I hate law stuff !! ). Regards, E:S -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of CoMeC Sent: Dienstag, 11. Dezember 2007 21:41 To: freeradius-users@lists.freeradius.org Subject: powerfull manager? Hi, Just wanted to ask if you know any freeware/lowcost billing managers for Radius... I know Radius Manager - is cool, but does not cover some options. PhpMyPrepaid seems to be ok, but it is not being developed for a long time. Any ideas? Thanks in advance, CoMeC - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ NOD32 2716 (20071211) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: powerfull manager?
I love GPL, but unfortunatelly there is too few software being developed for Radius... That was my problem too ! All I need is actually: - bandwith, time, volume limitation - username/password authentication - MAC authentication (but here is a trick - few MAC's for a one billing user) - card generator Almost everything covered ! And of course something that would allow me to print bills ;) I have PDF generation :) Do you know anything, that would do that? Not at the time of writing this. PhpMyPrePaid has some of interesting features. I suppose, that as your project is a Uni project, you can't make it as GPL? Actually I am developing it for my company and my BS project is about data accounting and anomaly detection in systems that use RADIUS ! I'll let you know ! Anyone interested in supporting this project ? Regards, E:S - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius2 CVS - hostname lookup has no effect
Likely just an issue in -pre2. I don't see it in CVS head. Well I do. Just got the CVS version. Tried hostname_lookups = off / no ! No help. Only when the client is being entered in the clients.conf it is recognised. In the other hand I get Mon Dec 10 08:58:52 2007 : Error: Trying to look up name of unknown client 172.19.10.110. Mon Dec 10 08:58:52 2007 : Auth: Login OK: [00:01:6c:a0:93:57] (from client UNKNOWN-CLIENT port 23 cli 00-01-6c-a0-93-57) How come the hostname_lookups has no effect at all ? I suppose it's not working properly, since I can enter the value off ? How come the only known clients are found in the clients.conf ? Does the logging part even take a look at the virtual server configs? Is clients.conf being read at reload ? I have to restart the server to get the client back into the known list :( Is it just me ? TIA ! Regards, E:S - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius2 CVS - hostname lookup has no effect
Well I do. Just got the CVS version. Tried hostname_lookups = off / no ! No help. Only when the client is being entered in the clients.conf it is recognised. In the other hand I get Ok... the issue isn't related to hostname lookups. The server keeps known clients internally, which are global. i.e. the per-server lookups confused the code. Try doing cvs update. It should be fixed. It is now ! The clients aren't read on HUP. See the debug output for what's read on HUP. Didn't know that. Thanks ! i.e. In CVS head, HUP *works*. Nothing bad happens, and *some* modules are reloaded. Even though not everything is reloaded... what *is* reloaded doesn't cause anything to crash. Ain't crashing at all, so it is just fine ! Regards, E:S - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius-pre2 - hostname lookup
Hi, my freeradius does always a hostname lookup although hostname_lookup = no AND if the client is not found in the clients.conf... Mon Dec 10 05:29:43 2007 : Error: Trying to look up name of unknown client 172.19.10.160. Mon Dec 10 05:29:43 2007 : Auth: Login OK: [00:09:34:14:ad:57] (from client UNKNOWN-CLIENT port 24 cli 00-09-34-14-ad-57) The client is entered in the virtual server config = server my_server { client clientname { ... } } ! Bug or just a random feature ? Regards, E:S - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FW: MS-CHAP-v2 and CHAP with different passwords in LDAP
Hello list members, before somebody yells not again - I just wish to ask if it is possible to use MS-CHAP and CHAP authentication with a LDAP backend which contains clear-text passwords as well as NT-Password ( used for MS-CHAP ) ??? Alan - yes/no answer please :) If positive - can somebody give me an example of attribute mapping to ldap for both ( MS-CHAP and CHAP ) to work ? My setup with LDAP as backend is working with a mapping of NT-Password to sambaNTPassword like this : checkItem NT-Password sambaNTPassword MS-CHAP works just fine ! For CHAP I added password_header = {clear} password_attribute = userPassword password_radius_attribute = User-Password to the LDAP module configuration. But unfortunately chap module doesn't like my clear-text password ( stored in userPassword ) for authentication :( How else can I say CHAP where to look for the clear-text password. Any hints please ? TIA ! Regards, E:S - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FW: MS-CHAP-v2 and CHAP with different passwords in LDAP
http://deployingradius.com/documents/protocols/compatibility.html Read it ! If you're doing bind as user in LDAP, read this: Nope - just using LDAP as storage and accessing it with a privileged user that has R/O access to the user profiles You don't do attribute mappings. See the ldap section in radiusd.conf, and look for password_attribute. Okay - did that now. MS-CHAP still working. Voila - CHAP works as well ! password_header = {clear} password_attribute = userPassword password_radius_attribute = User-Password Where did that last line come from? http://wiki.freeradius.org/Rlm_ldap from here ! Wasn't sure if that was the right for me. See the FAQ for it doesn't work. My FAQ says Find the typo and go to sleep :) Thanks Alan ! Kind regards, E:S - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRADIUS ( 2 ) and SNMP - broken pipe error - password not accepted
Hello, I have set up FreeRADIUS ( pre2 ) and activated SNMP ( rebuilt it with --with-snmp ... ). The snmpd is also configured with the smuxpeer and the correct password, but password seems to be rejected. I am using snmpd-5.3.1 on Debian Etch ( AMD64 ). Both passwords are the same. Does anyone have an idea what might be wrong? Sun Dec 2 09:47:20 2007 : Debug: SMUX connect try 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX open oid: 1.3.6.1.4.1.11344.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX open progname: radiusd Sun Dec 2 09:47:20 2007 : Debug: SMUX open password: rad Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register priority: -1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register operation: 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register priority: -1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register operation: 1 Sun Dec 2 09:47:20 2007 : Debug: Listening on authentication address 172.19.10.3 port 1812 as server mac-auth Sun Dec 2 09:47:20 2007 : Debug: Listening on accounting address 172.19.10.3 port 1813 as server mac-auth Sun Dec 2 09:47:20 2007 : Debug: Listening on SNMP SMUX with OID .1.3.6.1.4.1.11344.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: Ready to process requests. Sun Dec 2 09:47:20 2007 : Debug: SMUX read start Sun Dec 2 09:47:20 2007 : Debug: SMUX read len: 3 Sun Dec 2 09:47:20 2007 : Debug: SMUX message received type: 0 rest len: 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX Unknown type: 0 Sun Dec 2 09:47:20 2007 : Debug: Ready to process requests. Sun Dec 2 09:47:20 2007 : Debug: SMUX read start Sun Dec 2 09:47:20 2007 : Debug: SMUX connection closed: 12 Sun Dec 2 09:47:20 2007 : Debug: SMUX connect try 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX open oid: 1.3.6.1.4.1.11344.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX open progname: radiusd Sun Dec 2 09:47:20 2007 : Debug: SMUX open password: rad Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register priority: -1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register operation: 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register priority: -1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register operation: 1 Sun Dec 2 09:47:20 2007 : Debug: Ready to process requests. Sun Dec 2 09:47:20 2007 : Debug: SMUX read start Sun Dec 2 09:47:20 2007 : Debug: SMUX read len: 3 Sun Dec 2 09:47:20 2007 : Debug: SMUX message received type: 0 rest len: 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX Unknown type: 0 Sun Dec 2 09:47:20 2007 : Debug: Ready to process requests. Sun Dec 2 09:47:20 2007 : Debug: SMUX read start Sun Dec 2 09:47:20 2007 : Debug: SMUX connection closed: 12 Sun Dec 2 09:47:20 2007 : Debug: SMUX connect try 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX open oid: 1.3.6.1.4.1.11344.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX open progname: radiusd Sun Dec 2 09:47:20 2007 : Debug: SMUX open password: rad Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register priority: -1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register operation: 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register priority: -1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register operation: 1 Sun Dec 2 09:47:20 2007 : Debug: Ready to process requests. Sun Dec 2 09:47:20 2007 : Debug: SMUX read start Sun Dec 2 09:47:20 2007 : Debug: SMUX read len: 3 Sun Dec 2 09:47:20 2007 : Debug: SMUX message received type: 0 rest len: 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX Unknown type: 0 Sun Dec 2 09:47:20 2007 : Debug: Ready to process requests. Sun Dec 2 09:47:20 2007 : Debug: SMUX read start Sun Dec 2 09:47:20 2007 : Debug: SMUX connection closed: 12 Sun Dec 2 09:47:20 2007 : Debug: SMUX connect try 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX open oid: 1.3.6.1.4.1.11344.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX open progname: radiusd Sun Dec 2 09:47:20 2007 : Debug: SMUX open password: rad Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register priority: -1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register operation: 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register priority: -1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register operation: 1 Sun Dec 2 09:47:20 2007 : Debug: Ready to process requests. Sun Dec 2 09:47:20 2007 : Debug: SMUX read start Sun Dec 2 09:47:20 2007 : Debug: SMUX read len: 3 Sun Dec 2 09:47:20 2007 : Debug: SMUX message received type: 0 rest len: 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX Unknown type: 0 Sun Dec 2 09:47:20 2007 : Debug: Ready to
RE: 64-bit issues ( SNMP issues )
Hi Alan, thank you ! As you mentioned - net-snmp libraries do have a problem. Although I've found a patch on their mailing list covering this problem for net-snmp 5.3.1 ( I am attaching it ). Nevertheless I cannot get any data... freeradius seems to register just fine : Sun Dec 2 20:17:11 2007 : Debug: SMUX connect try 1 Sun Dec 2 20:17:11 2007 : Debug: SMUX SMUX open oid: 1.3.6.1.4.1.11344.1.1.1 Sun Dec 2 20:17:11 2007 : Debug: SMUX open progname: radiusd Sun Dec 2 20:17:11 2007 : Debug: SMUX open password: rad Sun Dec 2 20:17:11 2007 : Debug: SMUX SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1 Sun Dec 2 20:17:11 2007 : Debug: SMUX register priority: -1 Sun Dec 2 20:17:11 2007 : Debug: SMUX register operation: 1 Sun Dec 2 20:17:11 2007 : Debug: SMUX SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1 Sun Dec 2 20:17:11 2007 : Debug: SMUX register priority: -1 Sun Dec 2 20:17:11 2007 : Debug: SMUX register operation: 1 Sun Dec 2 20:17:11 2007 : Debug: Listening on authentication address 172.19.10.3 port 1812 as server mac-auth Sun Dec 2 20:17:11 2007 : Debug: Listening on accounting address 172.19.10.3 port 1813 as server mac-auth Sun Dec 2 20:17:11 2007 : Debug: Listening on SNMP SMUX with OID .1.3.6.1.4.1.11344.1.1.1 Sun Dec 2 20:17:11 2007 : Debug: Ready to process requests. Sun Dec 2 20:17:11 2007 : Debug: SMUX read start Sun Dec 2 20:17:11 2007 : Debug: SMUX read len: 6 Sun Dec 2 20:17:11 2007 : Debug: SMUX message received type: 67 rest len: 4 Sun Dec 2 20:17:11 2007 : Debug: SMUX_RRSP Sun Dec 2 20:17:11 2007 : Debug: SMUX_RRSP value: 0 errstat: 0 Sun Dec 2 20:17:11 2007 : Debug: Ready to process requests. Sun Dec 2 20:17:11 2007 : Debug: SMUX read start Sun Dec 2 20:17:11 2007 : Debug: SMUX read len: 6 Sun Dec 2 20:17:11 2007 : Debug: SMUX message received type: 67 rest len: 4 Sun Dec 2 20:17:11 2007 : Debug: SMUX_RRSP Sun Dec 2 20:17:11 2007 : Debug: SMUX_RRSP value: 0 errstat: 0 Dec 2 20:18:50 sphinx snmpd[17853]: NET-SNMP version 5.3.1 Dec 2 20:19:28 sphinx snmpd[17853]: Connection from UDP: [127.0.0.1]:32784 Dec 2 20:19:41 sphinx snmpd[17853]: [smux_accept] accepted fd 10 from 127.0.0.1:60772 Dec 2 20:19:41 sphinx snmpd[17853]: accepted smux peer: oid SNMPv2-SMI::enterprises.11344.1.1.1, descr radiusd Dec 2 20:19:48 sphinx snmpd[17853]: Connection from UDP: [127.0.0.1]:32784 sphinx:~/software# snmpwalk -v 2c -m /usr/share/snmp/mibs/RADIUS-AUTH-SERVER-MIB.txt -c public 127.0.0.1 radiusAuth RADIUS-AUTH-SERVER-MIB::radiusAuthentication = No more variables left in this MIB View (It is past the end of the MIB tree) Any ideas what might go wrong ? TIA Regards, E:S -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Sonntag, 02. Dezember 2007 17:44 To: Edvin Seferovic Subject: 64-bit issues I don't know if the net-snmp libraries are 64-bit clean, either. In any case, I've cleaned up src/main/smux.c. Please try downloading building CVS head. Maybe that will fix it... Alan DeKok. __ NOD32 2697 (20071202) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com net-snmp-5.3.1-smux-password.diff Description: Binary data - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Packets in Accounting ?
I found this in an older sql.conf file of mine : accounting_update_query = UPDATE ${acct_table1} SET FramedIPAddress = '%{Framed-IP-Address}', AcctSessionTime = '%{Acct-Ses sion-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', AcctOutputPackets ='%{Acct-Output -Packets}', AcctInputPackets = '%{Acct-Input-Packets}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStopTime = 0 AND NASPortId= '%{NAS-Port}' I suppose, the packets were in the schema, but I cannot confirm that for version 1.0 since the FTP server of freeradius doesn't respond :( Packets are also defined in the dictionary, why not have them in the accounting DB ? Regards, E:S -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Samstag, 01. Dezember 2007 16:14 To: [EMAIL PROTECTED]; FreeRadius users mailing list Subject: Re: Packets in Accounting ? Edvin Seferovic wrote: what happened to the Acct-Input/Output-Packets in Accounting. MySQL schema doesn’t have those fields anymore. Any special reason ? Were they ever in the schema? I don't see them in 1.1.x. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Packets in Accounting ?
Hello, what happened to the Acct-Input/Output-Packets in Accounting. MySQL schema doesn't have those fields anymore. Any special reason ? Regards, E:S - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius-pre2 .. unknown client appears in log !
Hi, Ive just installed freeradius-pre2 and configured it for MAC auth... when I define my clients in the virtual host file like server mac-auth { client IP { name... } ... } I get following in the log Login OK: [00:e0:7d:75:ca:31] (from client UNKNOWN-CLIENT port 14 cli 00-e0-7d-75-ca-31) ! After I enter the same client IP { ... } stuff into clients.conf I get the expected Login OK: [00:01:6c:a0:93:57] (from client switch_1stock port 23 cli 00-01-6c-a0-93-57) ! Is it supposed to be like this ( broken ?? ) ? Would it be possible to have the name of the virtual server in the log too ? Something like Servername: Auth: Login OK: [00:01:6c:a0:93:57] (from client switch_1stock port 23 cli 00-01-6c-a0-93-57) Thanks, E:S - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Shared secret is incorrect - but it is identical!
Does this have anything to do with the authentication method and AD ? I don't think so. Ken are you using 64bit OS maybe? I had the same problem ( shared secret was incorrect ) due a broken library on 64bit version of SuSE 9.1. Regards, E:S -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of Josh Howlett Sent: Dienstag, 03. Juli 2007 23:19 To: [EMAIL PROTECTED]; FreeRadius users mailing list Cc: Josh Howlett Subject: RE: Shared secret is incorrect - but it is identical! Hi Ken, What happens if, using radtest, you specify the username *without* the realm from the remote machine? josh. -Original Message- From: [EMAIL PROTECTED] us.org [mailto:[EMAIL PROTECTED] freeradius.org] On Behalf Of ken Sent: 03 July 2007 22:02 To: FreeRadius users mailing list Subject: Shared secret is incorrect - but it is identical! I'm trying to get FreeRadius working on a Fedora Core 6 server with a view to eventually using it to authenticate against Windows Active Directory via ntlm_auth for the Janet Roaming Service. The first attempts at configuring it failed rather drastically so I went back to the beginning and I'm doing things one step at at time, making one-line changes to configs then using radtest and/or radclient to ensure it still works. I can now authenticate a users defined in users file, or in the Unix passwd file, from radtest on local machine. (i.e. the same one the server is running on). Next step is to check that I can use FreeRadius over the network by trying radclient on another machine. It doesn't work from the networked machine. I see the invalid signature (err=2)! (Shared secret is incorrect.) message. Debug log says to double check the shared secret on the server. I have more than double checked it. I'm using the same shared secret on both machines. I know the shared secret is correct because it works from the local machine. But obviously it isn't! Because the encrypted password can't be read on the server. What can I do to make sure the shared secret truly is correct? The definitions for both hosts are identical in the clients.conf file. At one point I manually edited them to swap the names of servers while leaving the secrets the same, just in case there was some hidden unprintable character - but the new local one still worked, proving that the two entries in the clients.conf file are in fact identical. The shared secrets used in the radtest command are identical. I'm cutting and pasting the *same* radtest command in, not retyping it. To test for sure I put radclient commands in scripts on the remote machine, where they failed. Then I ftped them from the machine they failed on to the other one - where they worked! So it *has* to be the same! And if I alter it in any way there then radtest fails so its not getting a free passage just because its local. I have a horrid fear I've missed something totally obvious about how radclient works and that I'm doing something really really stupid stupid - but I can't see what. And I've been stuck here for over a week now. Any clues? From the local machine I get: === [EMAIL PROTECTED] ~]$ /usr/local/bin/radtest -d /etc/raddb [EMAIL PROTECTED] password server.IP.addr 122 sharedsecret Sending Access-Request of id 121 to server.IP.addr port 1812 User-Name = [EMAIL PROTECTED] User-Password = password NAS-IP-Address = 255.255.255.255 NAS-Port = 122 rad_recv: Access-Accept packet from host server.IP.addr:1812, id=121, length=20 === But when I try from the remote machine I get: === /usr/local/bin/radtest -d /etc/raddb [EMAIL PROTECTED] password server.IP.addr 122 sharedsecret Sending Access-Request of id 184 to server.IP.addr port 1812 User-Name = [EMAIL PROTECTED] User-Password = password NAS-IP-Address = 255.255.255.255 NAS-Port = 122 rad_recv: Access-Reject packet from host server.IP.addr:1812, id=184, length=20 rad_verify: Received Access-Reject packet from client server.IP.addr port 1812 with invalid signature (err=2)! (Shared secret is incorrect.) [EMAIL PROTECTED] ~]$ /usr/local/bin/radtest -d /etc/raddb [EMAIL PROTECTED] password server.IP.addr 122 sharedsecret Sending Access-Request of id 246 to server.IP.addr port 1812 User-Name = [EMAIL PROTECTED] User-Password = password NAS-IP-Address = 255.255.255.255 NAS-Port = 122 rad_recv: Access-Reject packet from host server.IP.addr:1812, id=246, length=20 rad_verify: Received Access-Reject packet from client server.IP.addr port 1812 with invalid signature (err=2)! (Shared secret is incorrect.) [EMAIL PROTECTED] ~]$ /usr/local/bin/radtest -d /etc/raddb [EMAIL PROTECTED] password server.IP.addr 122 sharedsecret Sending Access-Request of id 7 to
RE: mysql database limit
Use the latest stable version of freeradius. I am using MySQL5 for accouting of 200 users and LDAP for 200 users and ca. 400 machines. No performance issues although my machine is slower. Be nice to your DB and add another 512MB of RAM to the machine ;) Regards, E:S From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of satish patel Sent: Freitag, 25. Mai 2007 12:33 To: freeradius-users Subject: mysql database limit Dear ALL I have single machine with model name : Intel(R) Pentium(R) D CPU 2.80GHz + RAM 512 - configuration i am plaing to use freeradius-1.0.0 with mysql with 500 users so what about the performance issue so it will working fine in this configuration or not What is the limit of radacct table in mysql is there any limit of data how much it will go up to data in mysql or any performance issuse with more data ??? $ cat ~/satish/url.txt http://www.linuxbug.org _ _ Download prohibited? No problem! CHAT http://in.rd.yahoo.com/mail/in/ywebmessenger/*http:/in.messenger.yahoo.com/ webmessengerpromo.php from any browser, without download. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: bandwidth and volume limit
Change it in the sqlcounter code ! First functionality shouldnt be a problem if you know your NAS ! Regards, E:S -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of Mathieu Lemaitre Sent: Donnerstag, 22. März 2007 12:31 To: freeradius-users@lists.freeradius.org Subject: bandwidth and volume limit HI all, I'm running freeradius 1.0.2 on a debian stable. For new clients, I need to implement 2 functions: * a bandwidth limit on a per-user basis. I mean, I need to be able to set, for a user, a value for his upstream and downstream bw, which is sent by the radius as a reply attribute. Are they predefined attributes to do this? * a volume limit: I'd like to be able to set a maximum amount of data monthly downloadable for each user. I tried with rlm_slqcounter, changing the sql request to check AcctInputOctet instead of SessionTime, but the problem is that radius always reply an attribute called MaxSessionTime (or sthg like that), containing the remaining data volume for the user... is there as way to change the name of the attribute answered by freeradius?? Many thaks, Mathieu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius and vlan assignment
= 0x029800261900170301001bae5f10c31db3214c9b97a5a5f8a4c027e3e599ea4820750c4376 4c Message-Authenticator = 0x3b5bfbac96e06c7751c2c9405fd8bd0e Login OK: [CSB\\test/no User-Password attribute] (from client 192.168.16.1 port 50147 cli 00-04-75-85-8F-61) Sending Access-Accept of id 152 to 192.168.16.1:1645 MS-MPPE-Recv-Key = 0xa159f53b8ccddbfe198e451f9e34f4572525e4257bf0a2ef0d62f9b829de2405 MS-MPPE-Send-Key = 0x57d9ef257640d9cf18b06cf26ddca8083e2484464499e2b9b74c8ac5ccd6a213 EAP-Message = 0x03980004 Message-Authenticator = 0x User-Name = CSB\\test 2007/3/9, Bruno Mardirossian [EMAIL PROTECTED]: Thanks i will try this on Monday The rest of my configuration for the user test in the users file seem to be correct ? 2007/3/9, Edvin Seferovic [EMAIL PROTECTED]: http://wiki.freeradius.org/Operators Hint += for Tunnel-Type ! Regards, E:S From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] ] On Behalf Of Bruno Mardirossian Sent: Freitag, 09. März 2007 03:49 To: freeradius-users@lists.freeradius.org Subject: Freeradius and vlan assignment Hello! I am working on implementing freeradius with a cisco 3750 switch connected to freeradius , which then talks to AD. (The linux box is on the AD domain) Anyway, we try to make vlan assignment by using the 'users' file . We create a user named 'test' on my AD server , and we created this section in the file users : test Auth-Type := MS-CHAP Tunnel-Type = 13, Tunnel-Medium-Type = 6, Tunnel-Private-Group-Id = 2 The user is correctly authenticated by AD , but he is put in the default vlan ( id 1 ) and not in the vlan defined in the file 'users' ( id 2 ) . By the way, readind the radiusd output , i think that freeradius does not read my users file...i didn't see int he log anything about the Tunnel-Type or Tunnel-Private-Group-Id informations Anyone have any thoughts? Regards Bruno Message-Authenticator = 0xa309657e84ce8131d67aa64d9a491059 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module preprocess returns ok for request 6 modcall[authorize]: module chap returns noop for request 6 rlm_realm: No '@' in User-Name = CSB\test, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 6 users: Matched entry DEFAULT at line 165 users: Matched entry DEFAULT at line 184 modcall[authorize]: module files returns ok for request 6 rlm_eap: EAP packet type response id 6 length 90 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 6 modcall[authorize]: module mschap returns noop for request 6 modcall: group authorize returns updated for request 6 rad_check_password: Found Auth-Type MS-CHAP rad_check_password: Found Auth-Type EAP Warning: Found 2 auth-types on request for user 'CSB\test' auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Setting User-Name to CSB\test PEAP: Adding old state with 86 79 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module preprocess returns ok for request 6 modcall[authorize]: module chap returns noop for request 6 rlm_realm: No '@' in User-Name = CSB\test, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 6 users: Matched entry DEFAULT at line 165 modcall[authorize]: module files returns ok for request 6 rlm_eap: EAP packet type response id 6 length 67 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 6 modcall[authorize]: module mschap returns noop for request 6 modcall: group authorize returns updated for request 6 rad_check_password: Found Auth-Type MS-CHAP rad_check_password: Found Auth-Type EAP Warning: Found 2 auth-types on request for user 'CSB\test' auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 6 rlm_mschap: No User-Password configured. Cannot
RE: 802.1x-radius VLAN assignment
Attribute Mapping ( attr.map file ) - AFAIK ! Regards, E:S _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of Ryan Kramer Sent: Donnerstag, 08. März 2007 23:07 To: freeradius-users@lists.freeradius.org Subject: 802.1x-radius VLAN assignment Hello! I am working on implementing freeradius with an aruba Wifi controller connected to freeradius, which then talks to AD. (The linux box is on the AD domain) Anyway, we need to pull the vlan identifier through from an AD group, but it appears FreeRadius does not pull that through the request field. Anyone have any thoughts? We know this is possible through the Microsoft radius solution, but are having a tough time of it without using that instead. Thanks! Ryan Kramer - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius and vlan assignment
http://wiki.freeradius.org/Operators Hint += for Tunnel-Type ! Regards, E:S _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of Bruno Mardirossian Sent: Freitag, 09. März 2007 03:49 To: freeradius-users@lists.freeradius.org Subject: Freeradius and vlan assignment Hello! I am working on implementing freeradius with a cisco 3750 switch connected to freeradius , which then talks to AD. (The linux box is on the AD domain) Anyway, we try to make vlan assignment by using the 'users' file . We create a user named 'test' on my AD server , and we created this section in the file users : testAuth-Type := MS-CHAP Tunnel-Type = 13, Tunnel-Medium-Type = 6, Tunnel-Private-Group-Id = 2 The user is correctly authenticated by AD , but he is put in the default vlan ( id 1 ) and not in the vlan defined in the file 'users' ( id 2 ) . By the way, readind the radiusd output , i think that freeradius does not read my users file...i didn't see int he log anything about the Tunnel-Type or Tunnel-Private-Group-Id informations Anyone have any thoughts? Regards Bruno Message-Authenticator = 0xa309657e84ce8131d67aa64d9a491059 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module preprocess returns ok for request 6 modcall[authorize]: module chap returns noop for request 6 rlm_realm: No '@' in User-Name = CSB\test, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 6 users: Matched entry DEFAULT at line 165 users: Matched entry DEFAULT at line 184 modcall[authorize]: module files returns ok for request 6 rlm_eap: EAP packet type response id 6 length 90 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 6 modcall[authorize]: module mschap returns noop for request 6 modcall: group authorize returns updated for request 6 rad_check_password: Found Auth-Type MS-CHAP rad_check_password: Found Auth-Type EAP Warning: Found 2 auth-types on request for user 'CSB\test' auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Setting User-Name to CSB\test PEAP: Adding old state with 86 79 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module preprocess returns ok for request 6 modcall[authorize]: module chap returns noop for request 6 rlm_realm: No '@' in User-Name = CSB\test, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 6 users: Matched entry DEFAULT at line 165 modcall[authorize]: module files returns ok for request 6 rlm_eap: EAP packet type response id 6 length 67 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 6 modcall[authorize]: module mschap returns noop for request 6 modcall: group authorize returns updated for request 6 rad_check_password: Found Auth-Type MS-CHAP rad_check_password: Found Auth-Type EAP Warning: Found 2 auth-types on request for user 'CSB\test' auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 6 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for test with NT-Password radius_xlat: Running registered xlat function of module mschap for string 'NT-Domain' radius_xlat: Running registered xlat function of module mschap for string 'User-Name' radius_xlat: Running registered xlat function of module mschap for string 'Challenge' mschap2: 9a radius_xlat: Running registered xlat function of module mschap for string 'NT-Response' radius_xlat: '/usr/bin/ntlm_auth --request-nt-key --domain=CSB --username=test --challenge=0529c10bac22a3fa --nt-response=4b1e21679b85263858da26874073491971a58f8bfc024456' Exec-Program: /usr/bin/ntlm_auth --request-nt-key --domain=CSB --username=test --challenge=0529c10bac22a3fa
RE: Some problem
Hi, do you need rlm_perl to be build? If not - just remove the rlm_perl directory from the modules directory and it should be fine. In other case - I have no solution :-( Regards, E:S _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of zhangxianshi Sent: Dienstag, 06. März 2007 03:51 To: freeradius-users@lists.freeradius.org Subject: Some problem Dear All, I use a Linux system called Ubuntu. Yesterday I tried to complier the freeradius 1.1.4. When I begun to make, there is something wrong. This is the error log: Making all in rlm_passwd... make[6]: Entering directory `/home/stone/freeradius-1.1.4/src/modules/rlm_passwd' make[6]: Leaving directory `/home/stone/freeradius-1.1.4/src/modules/rlm_passwd' Making all in rlm_perl... make[6]: Entering directory `/home/stone/freeradius-1.1.4/src/modules/rlm_perl' /home/stone/freeradius-1.1.4/libtool --mode=link gcc -release 1.1.4 \ -module -export-dynamic -o rlm_perl.la \ -rpath /usr/local/lib rlm_perl.lo rlm_perl.c /home/stone/freeradius-1.1.4/src/lib/libradius.la \ `perl -MExtUtils::Embed -e ldopts` -lnsl -lresolv -lpthread *** Warning: Linking the shared library rlm_perl.la against the *** static library /usr/lib/perl/5.8/auto/DynaLoader/DynaLoader.a is not portable! gcc -shared .libs/rlm_perl.o -Wl,--rpath -Wl,/home/stone/freeradius-1.1.4/src/lib/.libs -Wl,--rpath -Wl,/usr/local/lib /home/stone/freeradius-1.1.4/src/lib/.libs/libradius.so -L/usr/local/lib /usr/lib/perl/5.8/auto/DynaLoader/DynaLoader.a -L/usr/lib/perl/5.8/CORE -lperl -ldl -lm -lc -lcrypt -lnsl -lresolv -lpthread -Wl,-E -Wl,-soname -Wl,rlm_perl-1.1.4.so -o .libs/rlm_perl-1.1.4.so /usr/bin/ld: cannot find -lperl collect2: ld returned 1 exit status make[6]: *** [rlm_perl.la] Error 1 make[6]: Leaving directory `/home/stone/freeradius-1.1.4/src/modules/rlm_perl' make[5]: *** [common] Error 2 make[5]: Leaving directory `/home/stone/freeradius-1.1.4/src/modules' make[4]: *** [all] Error 2 make[4]: Leaving directory `/home/stone/freeradius-1.1.4/src/modules' make[3]: *** [common] Error 2 make[3]: Leaving directory `/home/stone/freeradius-1.1.4/src' make[2]: *** [all] Error 2 make[2]: Leaving directory `/home/stone/freeradius-1.1.4/src' make[1]: *** [common] Error 2 make[1]: Leaving directory `/home/stone/freeradius-1.1.4' make: *** [all] Error 2 How can I slove it? Regards Zhang - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Why Freeradius and Mysql dont work?
rlm_sql_mysql: Mysql error 'Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)' rlm_sql (sql): Failed to connect DB handle #0 rlm_sql (sql): Failed to connect to any SQL server. your socket file is not in the place.. maybe you should use an IP in your sql.conf instead of the localhost ! Regards, E:S - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html