Help me !!!
Hi everybody, I am new user for Radius Server.My requirement is to pass my username,password to radius server and to authenticate.Help me out how to add a user in radius server database and how to authenticate ?? regards,Prasad. Do you Yahoo!? Free Pop-Up Blocker - Get it now
Re: Help me !!!
Can you give more details of your setup?Prasad Yaramti [EMAIL PROTECTED] wrote: Hi there, I am new this radius authentication Concept,actually my requirement is to check User name and Passsword via Radius server.In this aspect I have to pass user name and Password to Radius and to get authenticate. Help me how store the username and password in the server,how to authneticate ? How to pass the my username and password to server Thanks inadvance for your help Regards,Prasad. Do you Yahoo!?Free Pop-Up Blocker - Get it now Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing
Re: Help me !!!
Prasad Yaramti [EMAIL PROTECTED] wrote: Help me how store the username and password in the server,how to authneticate ? How to pass the my username and password to server ??? Read the FAQ. It explains how to do this. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help me !!!
Hi there, I am new this radius authentication Concept,actually my requirement is to check User name and Passsword via Radius server.In this aspect I have to pass user name and Password to Radius and to get authenticate. Help me how store the username and password in the server,how to authneticate ? How to pass the my username and password to server Thanks inadvance for your help Regards,Prasad. Do you Yahoo!? Free Pop-Up Blocker - Get it now
Please help me (It is very Urgent)
Hello All, I am a new user to this mailing list. I am using Radius server to see how does it authenticate. I am running freeradius on Linux machine and it is connected to a AP600 (Access Point) through which users are connected. Users are running on Windows 2000 Professional. Following are the configuration I have done: file - clients.conf: # 192.168.100.7 is the IP address of my Access Point (wireless) (AP600) # which supports RADIUS. 192.168.100.7/24 { secret = abcde shortname = AP-600LAB } file - users: # TECH4 is the name of the wireless client (machine name) which is # running on Windows. TECH4 Auth-Type := EAP, User-Password == password Reply-Message = Hello, %u I think the problem is with the 'user' part. I dont know which 'Auth-Type' I have to use. Please help me in my settings. Please let me know what modifications I have to do to make it working. FYI: The 'radtest' is working fine. -- =-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= --Best Regards, Shashi. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP problem - HELP PLEASE
Thanks everyone for your help, yes Brian, you are right, i made a mistake when I wrote my users entry in the last mail! I wanted to say: ourson User-password = testtest In fact your right for the = which is better to be renplaced by == here. But in reallity, I didn't put any space on my user paswword I tried to put this entry: ourson User-Password == a Reply-Message = YSS, %u With this, I tought that if authentication were bad, my reply message won't appear, isn't it right? But in fact, I have already the same error, but in response I have my reply message! It's very strange. here are my last logs : rad_check_password: Found Auth-Type EAP auth: type EAP modcall: entering group authenticate for request 0 rlm_eap: Identity does not match User-Name, authentication failed. rlm_eap: Failed in handler modcall[authenticate]: module eap returns invalid for request 0 modcall: group authenticate returns invalid for request 0 auth: Failed to validate the user. Login incorrect: [ourson/no User-Password attribute] (from client AP1 port 37 cli 000af49c507f)Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 113 to 192.168.1.2:3186 Reply-Message = yeess Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 113 with timestamp 3fdf0ed2 Nothing to do. Sleeping until we see a request. I really don't understand how radiusd can say : Identity does not match User-Name, authentication failed and [ourson/no User-Password attribute] ... It seems that no password is sent from my supplicant..?? I tried to do radtest from another unix machine and it works : ... rad_recv: Access-Request packet from host 192.168.1.1:32769, id=85, length=58 User-Name = ourson User-Password = a NAS-IP-Address = 255.255.255.255 NAS-Port = 10 modcall: entering group authorize for request 6 modcall[authorize]: module preprocess returns ok for request 6 modcall[authorize]: module chap returns noop for request 6 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 6 rlm_realm: No '@' in User-Name = ourson, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 6 users: Matched ourson at 97 modcall[authorize]: module files returns ok for request 6 modcall[authorize]: module mschap returns noop for request 6 modcall: group authorize returns ok for request 6 auth: type Local auth: user supplied User-Password matches local User-Password radius_xlat: ' YSS, ourson' Sending Access-Accept of id 85 to 192.168.1.1:32769 Reply-Message = YSS, ourson Finished request 6 Going to the next request --- Walking the entire request list --- Cleaning up request 5 ID 170 with timestamp 3fdf22be Waking up in 6 seconds... I think that freeradius is well configured and it must be a windows or Access Point problem, don't you think so? Please if someone knows or just have an idea, tell me !! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Please help me (It is very Urgent)
did you setup eap? Shashidhara S Bapat [EMAIL PROTECTED] wrote: Hello All,I am a new user to this mailing list. I am using Radius server to seehow does it authenticate.I am running freeradius on Linux machine and it is connected to a AP600(Access Point) through which users are connected. Users are running onWindows 2000 Professional. Following are the configuration I have done:file - "clients.conf":# 192.168.100.7 is the IP address of my Access Point (wireless) (AP600)# which supports RADIUS.192.168.100.7/24 {secret = abcdeshortname = AP-600LAB}file - "users":# TECH4 is the name of the wireless client (machine name) which is # running on Windows.TECH4 Auth-Type := EAP, User-Password == "password"Reply-Message = "Hello, %u"I think the problem is with the 'user' part. I dont know which'Auth-Type' I have to use. Please help me in my settings.Please let me know what modifications I have to do to make it working.FYI: The 'radtest' is working fine.-- =-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=--Best Regards,Shashi.=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing
Re: Please help me (It is very Urgent)
WAht type of EAP are you using? I supposed MD5. I think the name TECH4 has to be between , so TECH4. El mié, 17-12-2003 a las 11:36, Julius Igugu escribió: did you setup eap? Shashidhara S Bapat [EMAIL PROTECTED] wrote: Hello All, I am a new user to this mailing list. I am using Radius server to see how does it authenticate. I am running freeradius on Linux machine and it is connected to a AP600 (Access Point) through which users are connected. Users are running on Windows 2000 Professional. Following are the configuration I have done: file - clients.conf: # 192.168.100.7 is the IP address of my Access Point (wireless) (AP600) # which supports RADIUS. 192.168.100.7/24 { secret = abcde shortname = AP-600LAB } file - users: # TECH4 is the name of the wireless client (machine name) which is # running on Windows. TECH4 Auth-Type := EAP, User-Password == password Reply-Message = Hello, %u I think the problem is with the 'user' part. I dont know which 'Auth-Type' I have to use. Please help me in my settings. Please let me know what modifications I have to do to make it working. FYI: The 'radtest' is working fine. -- =-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= --Best Regards, Shashi. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Please help me (It is very Urgent)
hi, Try using Auth-Type := LOCAL, and make a normal user in your Linux machine and then use that password to login to the server Ripunjay -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Shashidhara S Bapat Sent: Wednesday, December 17, 2003 12:43 PM To: Free Radius Mailing group Subject: Please help me (It is very Urgent) Hello All, I am a new user to this mailing list. I am using Radius server to see how does it authenticate. I am running freeradius on Linux machine and it is connected to a AP600 (Access Point) through which users are connected. Users are running on Windows 2000 Professional. Following are the configuration I have done: file - clients.conf: # 192.168.100.7 is the IP address of my Access Point (wireless) (AP600) # which supports RADIUS. 192.168.100.7/24 { secret = abcde shortname = AP-600LAB } file - users: # TECH4 is the name of the wireless client (machine name) which is # running on Windows. TECH4 Auth-Type := EAP, User-Password == password Reply-Message = Hello, %u I think the problem is with the 'user' part. I dont know which 'Auth-Type' I have to use. Please help me in my settings. Please let me know what modifications I have to do to make it working. FYI: The 'radtest' is working fine. -- =-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= --Best Regards, Shashi. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP problem - HELP PLEASE
Hi Alan! Thanks for your help. I did what you told me, but it seems that it wasn't the only error I made... I put in the users file : ourson User-Password = testtest and my user on the XP supplicant is also the same, but authentication is still impossible! I really don't understand because the same error message appears even if I change the users file like I show you before. I am asking myself about which options must be put on the MS-CHAP module (on radiusd.conf) ? I didn't change any options on the MS-CHAP module ( use_mppe, require_encryption, require_strong with a # before), but is it necessary?? (I tried quickly to put these options = yes ,but I had same results) If you have any idea about what is wrong with my configuration, please tell me! here are my log with the beginning of freeradius when it's launched: + LD_LIBRARY_PATH=/usr/local/ssl-end/lib + LD_PRELOAD=/usr/local/ssl-end/lib/libcrypto.so + export LD_LIBRARY_PATH LD_PRELOAD + /usr/local/sbin/radiusd -X -y -z Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /usr/local/var main: logdir = /usr/local/var/log/radius main: libdir = /usr/local/lib main: radacctdir = /usr/local/var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = yes main: log_file = /usr/local/var/log/radius/radius.log main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = /usr/local/var/run/radiusd/radiusd.pid main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients Using deprecated clients file. Support for this will go away soon. read_config_files: reading realms Using deprecated realms file. Support for this will go away soon. radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = yes mschap: require_strong = yes mschap: passwd = (null) mschap: authtype = MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded eap eap: default_eap_type = peap eap: timer_expire = 60 eap: ignore_unknown_eap_types = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = (null) tls: pem_file_type = yes tls: private_key_file = /sauv-certif/cert/new/serveur6.pem tls: certificate_file = /sauv-certif/cert/new/serveur6.pem tls: CA_file = /sauv-certif/cert/new/root.pem tls: private_key_password = saucisson tls: dh_file = /sauv-certif/cert/new/dh tls: random_file = /sauv-certif/cert/new/random tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no rlm_eap: Loaded and initialized type tls peap: default_eap_type = mschapv2 peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no rlm_eap: Loaded and initialized type peap rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = /usr/local/etc/raddb/huntgroups preprocess: hints = /usr/local/etc/raddb/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded detail detail: detailfile = /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (auth_log) Module: Loaded realm realm: format = suffix realm: delimiter = @ Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = /usr/local/etc/raddb/users files: acctusersfile = /usr/local/etc/raddb/acct_users files: preproxy_usersfile = /usr/local/etc/raddb/preproxy_users files: compat = no [/usr/local/etc/raddb/users]:156 WARNING! Changing 'User
Re: PEAP problem - HELP PLEASE
[EMAIL PROTECTED] wrote: Hi Alan! Thanks for your help. I did what you told me, but it seems that it wasn't the only error I made... I put in the users file : ourson User-Password = testtest i think i see two potential issues here ... one is noted in the logging: [/usr/local/etc/raddb/users]:156 WARNING! Changing 'User-Password =' to 'User-Password ==' ?for comparing RADIUS attribute in check item list for user ourson the operator that's needed is ==, not just = ... but radius sorta fixed that in the request, as the logs note. the other potential issue: the space before the password begins. assuming that the password gets encrypted into the EAP-Message ( something i'm thinking happens ... but i'm not sure of ), that space is getting added to the encypted string and will never match. and my user on the XP supplicant is also the same, but authentication is still impossible! I really don't understand because the same error message appears even if I change the users file like I show you before. I am asking myself about which options must be put on the MS-CHAP module (on radiusd.conf) ? I didn't change any options on the MS-CHAP module ( use_mppe, require_encryption, require_strong with a # before), but is it necessary?? (I tried quickly to put these options = yes ,but I had same results) If you have any idea about what is wrong with my configuration, please tell me! here are my log with the beginning of freeradius when it's launched: + LD_LIBRARY_PATH=/usr/local/ssl-end/lib + LD_PRELOAD=/usr/local/ssl-end/lib/libcrypto.so + export LD_LIBRARY_PATH LD_PRELOAD + /usr/local/sbin/radiusd -X -y -z Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /usr/local/var main: logdir = /usr/local/var/log/radius main: libdir = /usr/local/lib main: radacctdir = /usr/local/var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = yes main: log_file = /usr/local/var/log/radius/radius.log main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = /usr/local/var/run/radiusd/radiusd.pid main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients Using deprecated clients file. Support for this will go away soon. read_config_files: reading realms Using deprecated realms file. Support for this will go away soon. radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = yes mschap: require_strong = yes mschap: passwd = (null) mschap: authtype = MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded eap eap: default_eap_type = peap eap: timer_expire = 60 eap: ignore_unknown_eap_types = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = (null) tls: pem_file_type = yes tls: private_key_file = /sauv-certif/cert/new/serveur6.pem tls: certificate_file = /sauv-certif/cert/new/serveur6.pem tls: CA_file = /sauv-certif/cert/new/root.pem tls: private_key_password = saucisson tls: dh_file = /sauv-certif/cert/new/dh tls: random_file = /sauv-certif/cert/new/random tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no rlm_eap: Loaded and initialized type tls peap: default_eap_type = mschapv2 peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no rlm_eap: Loaded and initialized type peap rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = /usr/local/etc/raddb/huntgroups preprocess: hints = /usr/local/etc/raddb/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack
Realy need Help
Hi everybody, I am having a problem with acct_users, i did a shell script but when the user logon, the radius print that exec-program is running but it didnt make any action. I realy do know how to set it up. Thanks Atenciosamente Lucas Oliveira Web Manager Prompt Tecnologia www.prompt-tecnologia.com.br - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help needed.
Hello All, I am a new user to this mailing list. I am using Radius server to see how does it authenticate. I am running freeradius on Linux machine and it is connected to a AP600 (Access Point) through which users are connected. Users are running on Windows 2000 Professional. Following are the configuration I have done: file - clients.conf: # 192.168.100.7 is the IP address of my Access Point (wireless) (AP600) # which supports RADIUS. 192.168.100.7/24 { secret = abcde shortname = AP-600LAB } file - users: # TECH4 is the name of the wireless client (machine name) which is # running on Windows. TECH4 Auth-Type := EAP, User-Password == password Reply-Message = Hello, %u I think the problem is with the 'user' part. I dont know which 'Auth-Type' I have to use. Please help me in my settings. Please let me know what modifications I have to do to make it working. FYI: The 'radtest' is working fine. -- =-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= --Best Regards, Shashi. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PEAP problem - HELP PLEASE
hello everybody! I am tryong to make a secure wireless access using PEAP, but I have a problem during authentication. I had successfully configured TLS module, and all work fine. But when I want to have a peap authentication, there is a problem. In fact could someone try to look at my log, and tell me where is my problem? I would be great! Another point is the configuration of the users file, for peap. I've read the list but nobody gave a real answer to this question.. how this file have to be configured?? I tried : username Auth-type := EAP , User-password == xxx or username Auth-type := Local , User-password == xxx or ... I don't really know which syntax is good according to peap authentication..maybe my problem is here? Thank you for your help! there are my logs : ... auth: type EAP modcall: entering group authenticate for request 15 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Proceeding to decode tunneled attributes. rlm_eap_peap: Identity - NOMADE\ourson rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled EAP-Message EAP-Message = 0x02810012014e4f4d4144455c6f7572736f6e PEAP: Got tunneled identity of NOMADE\ourson PEAP: Setting default EAP type for tunneled EAP session. PEAP: Sending tunneled request EAP-Message = 0x02810012014e4f4d4144455c6f7572736f6e Freeradius-Proxied-To = 127.0.0.1 User-Name = NOMADE\\ourson modcall: entering group authorize for request 15 modcall[authorize]: module preprocess returns ok for request 15 radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20031215' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20031215 modcall[authorize]: module auth_log returns ok for request 15 rlm_eap: EAP packet type response id 129 length 18 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 15 rlm_realm: No '@' in User-Name = NOMADE\ourson, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 15 modcall[authorize]: module files returns notfound for request 15 modcall: group authorize returns updated for request 15 rad_check_password: Found Auth-Type EAP auth: type EAP modcall: entering group authenticate for request 15 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module eap returns handled for request 15 modcall: group authenticate returns handled for request 15 PEAP: Got tunneled reply RADIUS code 11 EAP-Message = 0x018200271a01820022104c50168820c00ade9de928725f57b2964e4f4d4144455c6f7572736f6e Message-Authenticator = 0x State = 0xc2efbd051aa877ec625ee103a4a76b76 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module eap returns handled for request 15 modcall: group authenticate returns handled for request 15 Sending Access-Challenge of id 158 to 192.168.1.2:2462 EAP-Message = 0x0182003e19001703010033d078dd9a67221656dce0acbb5519d8b9af452bb0eaf5f600fcabafd63a385dfe8b1d076837f1798de3ca6d5b2a0d7269ad9f2f Message-Authenticator = 0x State = 0x55cbafd5eafc1a8c249ad219c5d26a3b Finished request 15 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.1.2:2463, id=159, length=250 User-Name = NOMADE\\ourson Cisco-AVPair = ssid=bebe NAS-IP-Address = 192.168.1.2 Called-Station-Id = 00409656deff Calling-Station-Id = 000af49c507f NAS-Identifier = AP350-56deff NAS-Port = 37 Framed-MTU = 1400 State = 0x55cbafd5eafc1a8c249ad219c5d26a3b NAS-Port-Type = Wireless-802.11 Service-Type = Login-User EAP-Message = 0x028200581900170301004d7375a04660bd286865a528793617699cb52551682fc670d49518765d8d8c78754448d9e3eea2d3d4c05fe1367daa485f6e915eebd1fa6d301bb4996dac7906667fa1013b41e11f29e367 Message-Authenticator = 0x63157043cdd0b024b172ecaf24dfb290 modcall: entering group authorize for request 16 modcall[authorize]: module preprocess returns ok for request 16 radius_xlat: '/usr/local/var/log/radius/radacct/192.168.1.2/auth-detail-20031215' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/192.168.1.2/auth-detail-20031215 modcall[authorize]: module auth_log returns ok for request 16 rlm_eap: EAP packet type response id 130 length 88 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
Help
Hello everyone, I am a new user of Freeradius server. I have installed freeradius (beta version) and tested radius server using 'radtest' command and found in working. I have a windows user connected through AP600 (NAS), and it is not responding. (I ran 'radiusd' with -X option ..and found it not showing any message, when the windows-user tried to access. It's allowing user to access the NAS without asking for any password). Please help me in configuring radius server. Thanks in advance for all the help. -- =-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= --Best Regards, Shashi. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP problem - HELP PLEASE
[EMAIL PROTECTED] wrote: In fact could someone try to look at my log, and tell me where is my problem? I would be great! The log you posted to the list contains a description of what is wrong. Another point is the configuration of the users file, for peap. I've read the list but nobody gave a real answer to this question.. how this file have to be configured?? I tried : username Auth-type := EAP , User-password == xxx or username Auth-type := Local , User-password == xxx You often don't need to do anything to the 'users' file. The simplest change to make (if you're not using LDAP or SQL), is to add the tunneled user name, with a password: tunnel-user User-Password = password That's it. rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: No LM-Password or NT-Password attribute found. Cannot perform MS-CHAP authentication. It needs a password. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help
Shashidhara S Bapat [EMAIL PROTECTED] wrote: I have a windows user connected through AP600 (NAS), and it is not responding. (I ran 'radiusd' with -X option ..and found it not showing any message, when the windows-user tried to access. It's allowing user to access the NAS without asking for any password). Then it's a problem with the NAS configuration. Nothing you do to FreeRADIUS will help. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Help!
Deramus, Chris [EMAIL PROTECTED] wrote: What file(s) should I run ldd against? rlm_sql_mysql.so Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MySQL Help!
Title: RE: MySQL Help! Alan, What file(s) should I run ldd against? Chris DeRamus OCIO VPN Administrator SAIC -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED]] Sent: Friday, December 12, 2003 4:44 PM To: [EMAIL PROTECTED] Subject: Re: MySQL Help! Deramus, Chris [EMAIL PROTECTED] wrote: I have checked and verified the LD_LIBRARY_PATH variable, I have updated ld.so.conf as well. I've tried multiple configuration options, including disable-shared. Something isn't adding up. Any suggestions would be most appreciated. Thanks and have a good weekend. 'ldd' should tell you which libraries are needed. Maybe MySQL needs additional libraries, which somehow aren't loaded. I don't know how else to help you. The server core doesn't know *anything* about modules/libraries, other than it asks the system to load them. If that doesn't work, there isn't much else the server can do. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MySQL Help!
Title: RE: MySQL Help! Chris, Thanks for the input, however, when I updated the configure script with your extra code configure would not find lmysqlclient and prompted that I specify the path to the library files by using --with-mysql-lib= When I put in the path to the MySQL library files, it still would not find lmysqlclient. Any other thoughts? If I get it I'll be sure to let you know what it was, thanks so much. Chris DeRamus OCIO VPN Administrator SAIC -Original Message- From: Chris Parker [mailto:[EMAIL PROTECTED]] Sent: Friday, December 12, 2003 5:14 PM To: [EMAIL PROTECTED] Subject: Re: MySQL Help! At 03:42 PM 12/12/2003, Rob Genovesi wrote: oh boy, I remember kicking this around for ever as well ... My solution was to 1) be sure you have development rpms installed and 2) do not use --disable-shared when running configure. I don't know exactly why this changed things, but compiling with shared libraries it was able to find and use all the necessary mysql libs and includes. I installed the following MySQL rpms (Redhat) : MySQL-devel-4.0.16-0 MySQL-shared-compat-4.0.16-0 MySQL-client-4.0.16-0 MySQL-server-4.0.16-0 Aha. Mysql4 changes some stuff. On Solaris we had to change some of the Makefiles manually to get all of the appropriate libs included to build the rlm_mysql driver built. It may be the same on RH as well. Helpfully, MySQL 3 build syntax is not totally workable with MySQL 4 at least as far as FR is concerned. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless! \ Director, Engineering | @ @ | \ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Help!
oh boy, I remember kicking this around for ever as well ... My solution was to 1) be sure you have development rpms installed and 2) do not use --disable-shared when running configure. I don't know exactly why this changed things, but compiling with shared libraries it was able to find and use all the necessary mysql libs and includes. I installed the following MySQL rpms (Redhat) : MySQL-devel-4.0.16-0 MySQL-shared-compat-4.0.16-0 MySQL-client-4.0.16-0 MySQL-server-4.0.16-0 -rob At 04:23 PM 12/12/2003 -0500, you wrote: To all, I have spent over 16 hours working this issue now and am completely out of ideas. I have tried RPM Installations of multiple versions of MySQL, including 3.23.58 and 4.0.16. I am still getting the error message: rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[4]: sql: Module instantiation failed. I have checked and verified the LD_LIBRARY_PATH variable, I have updated ld.so.conf as well. I've tried multiple configuration options, including disable-shared. Something isn't adding up. Any suggestions would be most appreciated. Thanks and have a good weekend. Chris DeRamus OCIO VPN Administrator SAIC -Original Message- From: Deramus, Chris Sent: Friday, December 12, 2003 2:01 PM To: '[EMAIL PROTECTED]' Subject: RE: RedHat Enterprise 2.1, FreeRadius 0.9.3 with MySQL I have check the FreeRADIUS FAQ and followed the instructions. My ld.so.conf file has been setup correcly and is pointing the respective library dependencies and it still is giving me the same error. I have also attempted ./configure --disable-shared and still no go. I know I do not need mysql-shared, I am honestly stumped. Sorry to keep this thread going, I just can't seem to find much documentation on any extra steps required when running this new distro of RedHat. Thanks, Chris DeRamus -Original Message- From: NetNITCO Systems Administration [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 11, 2003 5:26 PM To: [EMAIL PROTECTED] Subject: Re: RedHat Enterprise 2.1, FreeRadius 0.9.3 with MySQL On Thu, 2003-12-11 at 16:00, Deramus, Chris wrote: To all -- I recently upgraded my development RADIUS box which was running RedHat 8.0 to RedHat Enterprise Linux 2.1 ES. This was a fresh install which included all Mysql related packages contained on the CD's. It was noted that the Enterprise installation did not contain a Mysql-devel package, I am assuming it is now bundled in with one of the other rpm's. I tested SQL queries from both web applications and command line and everything seemed to be a go so I then configured freeradius. I believe you are mistaken. The current MySQL development package for RHEL ES 2.1 is mysql-devel-3.23.58-1.72. You can grab the package from the RHEL installation media, or, you can download the SRPM from a Red Hat mirror and rebuild the package: ftp://redhat.netnitco.net/pub/mirrors/redhat/updates/enterprise/2.1ES/en/os/SRPMS/mysql-3.23.58-1.72.src.rpm rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[4]: sql: Module instantiation failed. You'll get this until you compile FreeRADIUS with the MySQL development libraries installed. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Help!
Deramus, Chris [EMAIL PROTECTED] wrote: I have checked and verified the LD_LIBRARY_PATH variable, I have updated ld.so.conf as well. I've tried multiple configuration options, including disable-shared. Something isn't adding up. Any suggestions would be most appreciated. Thanks and have a good weekend. 'ldd' should tell you which libraries are needed. Maybe MySQL needs additional libraries, which somehow aren't loaded. I don't know how else to help you. The server core doesn't know *anything* about modules/libraries, other than it asks the system to load them. If that doesn't work, there isn't much else the server can do. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Help!
At 03:42 PM 12/12/2003, Rob Genovesi wrote: oh boy, I remember kicking this around for ever as well ... My solution was to 1) be sure you have development rpms installed and 2) do not use --disable-shared when running configure. I don't know exactly why this changed things, but compiling with shared libraries it was able to find and use all the necessary mysql libs and includes. I installed the following MySQL rpms (Redhat) : MySQL-devel-4.0.16-0 MySQL-shared-compat-4.0.16-0 MySQL-client-4.0.16-0 MySQL-server-4.0.16-0 Aha. Mysql4 changes some stuff. On Solaris we had to change some of the Makefiles manually to get all of the appropriate libs included to build the rlm_mysql driver built. It may be the same on RH as well. Helpfully, MySQL 3 build syntax is not totally workable with MySQL 4 at least as far as FR is concerned. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Help!
At 04:14 PM 12/12/2003, Chris Parker wrote: At 03:42 PM 12/12/2003, Rob Genovesi wrote: oh boy, I remember kicking this around for ever as well ... My solution was to 1) be sure you have development rpms installed and 2) do not use --disable-shared when running configure. I don't know exactly why this changed things, but compiling with shared libraries it was able to find and use all the necessary mysql libs and includes. I installed the following MySQL rpms (Redhat) : MySQL-devel-4.0.16-0 MySQL-shared-compat-4.0.16-0 MySQL-client-4.0.16-0 MySQL-server-4.0.16-0 Aha. Mysql4 changes some stuff. On Solaris we had to change some of the Makefiles manually to get all of the appropriate libs included to build the rlm_mysql driver built. It may be the same on RH as well. Helpfully, MySQL 3 build syntax is not totally workable with MySQL 4 at least as far as FR is concerned. Following up my own post, here are the changes we had to make to the 'configure' in 'src/modules/rlm_sql/drivers/rlm_mysql', around line 900. LIBS=$LIBS -lz to LIBS=$LIBS -lsocket -lnsl -lm -lz In other words, we added the '-lsocket -lnsl -lm' libraries, as there are needed for the compilation to complete. Hope this helps, -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Relocation Error - Checked the SSL versions, but still apear - HELP
Hi, I was using an old snap version of freeradius, compiled with an old snap version of OpenSSL, it was working fine with EAP-TLS, but I wanted to try the TTLS, so I tried to set the OpenSSL to the latest stable version 0.9.7c and use the SNAPSHOT version of Freeradius to get the TTLS. Now I'm getting the error: ./radiusd: relocation error: /usr/local/radius//lib/rlm_eap_tls-1.0.0-pre0.so: undefined symbol: SSL_set_msg_callback as soon as a client tries to get in. An old posted message said to be a problem with OpenSSL versions. I'm not good with this linux installations. So what I did was to remove the old directory where the snapshot were, and I used it again to install the stable version. As soon as it finished, anyway I replaced the libcrypto.so and libssl.so in the /usr/lib to point to the new ones. (also openssl file by it self). - I'm using RH8 and I think I also have the 0.9.6 (engine) which I just renamed as openssl.old. I thought that was enough to fix the problem and make the freeradius point to the 0.9.7c version, but still I compiled and executed getting this error. I regenerated the certificates, I removed the whole radius directory and installed it again, but it doesn't work. Is there any way to check what are the versions I'm trying to use? Is there a way to uninstall correctly whether freeradius or Openssl? Probably I'm doing all wrong, but still I don't know what it is. If you can help me out showing me the path, that would be awesome!! Thanks a lot for your help, Ivan D. Barrera - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Relocation Error - Checked the SSL versions, but still apear - HELP
Ivan Dario Barrera [EMAIL PROTECTED] wrote: ... You do READ the list, don't you? http://lists.cistron.nl/pipermail/freeradius-users/2003-December/026413.html Is there any way to check what are the versions I'm trying to use? ldd. See the FAQ. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help with ldap and pap
Hi, I am running freeradius snapshot 20030922. I need to get pap working with ldap. How do I set the password attribute for pap? Where do I look in the docs to provide this info? Below are my settings. Any help would be greatly appreciated. radiusd: ldap { server = 10.5.10.215 password = n0neshall basedn = ou=academics,o=dbu filter = (uid=%{Stripped-User-Name:-%{User-Name}}) start_tls = no #default_profile = cn=radprofile,ou=dialup,o=MyOrg,c=UA profile_attribute = ou=academics,o=dbu #access_attr = rADIUSEnableDialAccess dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 #password_header = {clear} password_attribute = User-Password #groupname_attribute = cn #groupmembership_filter = (|((objectClass=GroupOfNames)(member=%{Ldap-UserDn}))((objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn}))) #groupmembership_attribute = radiusGroupName timeout = 10 timelimit = 10 net_timeout = 10 #compare_check_items = yes #access_attr_used_for_allow = no } authorize { files ldap } # Authentication. # authenticate { authtype pap { pap } ldap } users: DEFAULT Auth-Type := pap # Fall-Through = 1 radius debug output: rad_recv: Access-Request packet from host 10.5.50.115:1645, id=164, length=126 User-Name = install Framed-MTU = 1400 Called-Station-Id = 000d.bd43.d9a8 Calling-Station-Id = 0040.9645.c07a Message-Authenticator = 0x1c8d63f0b65665959e64db7f67bb883c EAP-Message = 0x0201000c01696e7374616c6c NAS-Port-Type = Virtual NAS-Port = 341 NAS-IP-Address = 10.5.50.115 NAS-Identifier = TESTAP1 modcall: entering group authorize users: Matched DEFAULT at 182 modcall[authorize]: module files returns ok rlm_ldap: - authorize rlm_ldap: performing user authorization for install radius_xlat: '(uid=install)' radius_xlat: 'ou=academics,o=dbu' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=academics,o=dbu, with filter (uid=install) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user install authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type pap auth: type PAP modcall: entering group authtype rlm_pap: Attribute Password is required for authentication. modcall[authenticate]: module pap returns invalid modcall: group authtype returns invalid auth: Failed to validate the user. Login incorrect: [install/no User-Password attribute] (from client testap1 port 341 cli 0040.9645.c07a) Delaying request 3 for 1 seconds Finished request 3 Going to the next request rick... Rom.5:8 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with ldap and pap
Rick Whitley [EMAIL PROTECTED] wrote: I am running freeradius snapshot 20030922. I need to get pap working with ldap. How do I set the password attribute for pap? Where do I look in the docs to provide this info? doc/rlm_ldap should be a place to start. users: DEFAULT Auth-Type := pap Don't do that. rad_recv: Access-Request packet from host 10.5.50.115:1645, id=164, length=126 ... EAP-Message = 0x0201000c01696e7374616c6c EAP messages don't contain PAP passwords. So setting Auth-Type := PAP won't work. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with ldap and pap
arg sent previous message too soon modcall: group authorize returns ok rad_check_password: Found Auth-Type pap auth: type PAP modcall: entering group authtype rlm_pap: Attribute Password is required for authentication. modcall[authenticate]: module pap returns invalid modcall: group authtype returns invalid auth: Failed to validate the user. See? That won't work. Why don't you try authenticating the user *without* editing the users file, to see if it works? Odds are that once you point the server to an LDAP database, then PAP, EAP, and everything else will work automatically. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with ldap and pap
Thanks for the info...should I comment out the eap module in radiusd? Now reading rlm_ldap. rick... Rom.5:8 [EMAIL PROTECTED] 12/08/03 03:18PM Rick Whitley [EMAIL PROTECTED] wrote: I am running freeradius snapshot 20030922. I need to get pap working with ldap. How do I set the password attribute for pap? Where do I look in the docs to provide this info? doc/rlm_ldap should be a place to start. users: DEFAULT Auth-Type := pap Don't do that. rad_recv: Access-Request packet from host 10.5.50.115:1645, id=164, length=126 ... EAP-Message = 0x0201000c01696e7374616c6c EAP messages don't contain PAP passwords. So setting Auth-Type := PAP won't work. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with ldap and pap
Rick Whitley [EMAIL PROTECTED] wrote: Thanks for the info...should I comment out the eap module in radiusd? Huh? Can you explain to me why you would think that was necessary? Your client is sending EAP packets. How are you going to authenticate them, if you don't use the EAP module? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with ldap and pap
Please forgive my ignorance here. There is much about this I do not understand. I am using the AlfaAriss client. If it is sending eap packetts and those packetts do not contain a pap password does that mean I can't use pap? Should I consider another method? rick... Rom.5:8 [EMAIL PROTECTED] 12/08/03 03:27PM Rick Whitley [EMAIL PROTECTED] wrote: Thanks for the info...should I comment out the eap module in radiusd? Huh? Can you explain to me why you would think that was necessary? Your client is sending EAP packets. How are you going to authenticate them, if you don't use the EAP module? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with ldap and pap
Rick Whitley [EMAIL PROTECTED] wrote: Please forgive my ignorance here. There is much about this I do not understand. I am using the AlfaAriss client. Please pick a subject, ONE subject, and stick to it. Also, if you're not going to answer my questions, there isn't much incentive for me to help you, is there? If it is sending eap packetts and those packetts do not contain a pap password does that mean I can't use pap? Should I consider another method? It means that what I told you was correct. Now go do as I said, and stop asking irrelevant questions. Instead, *educate* yourself as to what's going on. Buy the RADIUS book. Read all of the documentation, and all of the comments in 'radiusd.conf' before asking more questions. Also, describe *problems*, not *solutions*. You're stuck on PAP because you don't know how the server works. Stop trying to figure out how to use PAP to solve a problem you don't understand. If you configure the LDAP module to pull a password out of an LDAP database for a user, then almost all of the authentication methods in the server will work AUTOMATICALLY. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Please help with ldap problem
I am running freeradius 20030922 snapshot on RedHat 9.0. I am authorizing and authenticating via ldap. I seem to be getting authorized and authenticated but my supplicant continues to try and authenticate. Below is my debug output. If anyone can see anything unusual please let me know. Thanks for any help. rad_recv: Access-Request packet from host 10.5.50.115:1645, id=106, length=211 User-Name = install Framed-MTU = 1400 Called-Station-Id = 000d.bd43.d9a8 Calling-Station-Id = 0040.9645.c07a Message-Authenticator = 0xaba44c3d8a18f7aa63dbf2fe20630dae EAP-Message = 0x0205004f1580004517030100409dcc64928d8f5ff60c838cef0ac6a057006e51ad920af73b628207daa197dcbdcd1fbd2ea04505100cd5d27cf356a14adb8eb92944976da2adffa2e5623fdea9 NAS-Port-Type = Virtual NAS-Port = 496 State = 0x0cd1fc1c30ee0fc4a8488e79f6205014 NAS-IP-Address = 10.5.50.115 NAS-Identifier = TESTAP1 modcall: entering group authorize rlm_ldap: - authorize rlm_ldap: performing user authorization for install radius_xlat: '(uid=install)' radius_xlat: 'ou=academics,o=dbu' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=academics,o=dbu, with filter (uid=install) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user install authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns ok rlm_eap: EAP packet type response id 5 length 79 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated modcall: group authorize returns updated rad_check_password: Found Auth-Type LDAP rad_check_password: Found Auth-Type EAP Warning: Found 2 auth-types on request for user 'install' auth: type EAP modcall: entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 eaptls_process returned 7 rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes. TTLS: Got tunneled request User-Name = install User-Password = f0ulb3ast Freeradius-Proxied-To = 127.0.0.1 TTLS: Sending tunneled request User-Name = install User-Password = f0ulb3ast Freeradius-Proxied-To = 127.0.0.1 modcall: entering group authorize rlm_ldap: - authorize rlm_ldap: performing user authorization for install radius_xlat: '(uid=install)' radius_xlat: 'ou=academics,o=dbu' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=academics,o=dbu, with filter (uid=install) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user install authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns ok rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop modcall: group authorize returns ok rad_check_password: Found Auth-Type LDAP auth: type LDAP modcall: entering group authenticate rlm_ldap: - authenticate rlm_ldap: login attempt by install with password f0ulb3ast rlm_ldap: user DN: cn=install,ou=Academics,o=DBU rlm_ldap: (re)connect to 10.5.10.215:389, authentication 1 rlm_ldap: bind as cn=install,ou=Academics,o=DBU/f0ulb3ast to 10.5.10.215:389 rlm_ldap: waiting for bind result ... rlm_ldap: user install authenticated succesfully modcall[authenticate]: module ldap returns ok modcall: group authenticate returns ok Trying to look up name of unknown client 127.0.0.1. Login OK: [install/f0ulb3ast] (from client UNKNOWN-CLIENT port 0) TTLS: Got tunneled reply RADIUS code 2 TTLS: Got tunneled Access-Accept rlm_eap: Freeing handler modcall[authenticate]: module eap returns handled modcall: group authenticate returns handled Sending Access-Accept of id 106 to 10.5.50.115:1645 MS-MPPE-Recv-Key = 0xe4bcd7f454abdd128405446d00ebf4127842ccf9716b0ae4ebd5da185ad75c17 MS-MPPE-Send-Key = 0xa847b8c85d1c43f533610ebceef89cbe6c8f1daf24e04dfe6316513047111c6f EAP-Message = 0x03050004 Message-Authenticator = 0x User-Name = install Finished request 23 Going to the next request Waking up in 1 seconds... rick... Rom.5:8 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help with RLM MYSQL
Hello I have a big prob.. I would like to use the rlm sql mysql module.. My os is redhat 9 and i can't install and use this module.. When i do a config , make make install (in dynamic or static), all module 'll be loaded except mysql rlm_sqlippool: Could not link driver rlm_sql_mysql: file not found rlm_sqlippool: Make sure it (and all its dependent libraries!) are in the search path of your system's ld. I add my libdir to ld.conf and run ldconfig , same probs. Please help me Thanks Nico - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with RLM MYSQL
On Wed, Dec 03, 2003, Breuer Nicolas - BelCenter.com wrote: Hello I have a big prob.. I would like to use the rlm sql mysql module.. My os is redhat 9 and i can't install and use this module.. I just ran into this last week when building freeradius under the OpenPKG.org packaging system. If your mysql headers and libraries aren't in /usr/local/include and /usr/local/lib or similar standard locations or aren't installed at all, you probably have to do a couple of things: standard input:19: warning: macro `..' not defined 1. You may need to install the mysql-devel RPM on your RH system if they headers and libraries aren't there (I'm not very familiar with RH RPM structures, currently using SuSE, formerly Caldera Linux). 2. You may have to add a couple of options to your configure: ./configure \ --with-mysql-include-dir=path_to_mysql_headers \ --with-mysql-lib-dir=path_to_mysql_libraries \ ... The base ./configure script doesn't give the options for mysql or postgresql, and probably some others. I found them by running ``./configure --help'' in the appropriate directories. Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Systems, Inc. UUCP: camco!bill PO Box 820; 6641 E. Mercer Way FAX:(206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 URL: http://www.celestial.com/ ``The who nation is interested that the best use shall be made of these [new] territories. We want them for the homes of free white people'' -- Abraham Lincoln, Octobe 16, 1854 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Help with RLM MYSQL
Hmm, You probably forgot to install the mysql devel rpm. Cheers Patrick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Breuer Nicolas - BelCenter.com Sent: woensdag 3 december 2003 10:55 To: [EMAIL PROTECTED] Subject: Help with RLM MYSQL Hello I have a big prob.. I would like to use the rlm sql mysql module.. My os is redhat 9 and i can't install and use this module.. When i do a config , make make install (in dynamic or static), all module 'll be loaded except mysql rlm_sqlippool: Could not link driver rlm_sql_mysql: file not found rlm_sqlippool: Make sure it (and all its dependent libraries!) are in the search path of your system's ld. I add my libdir to ld.conf and run ldconfig , same probs. Please help me Thanks Nico - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
need help
Hello freeradius-users, i have mpd+freeradius+mysql when i connecting to vpn server i see following messages in radius log: [pptp0] RADIUS: RadiusAccount for: test [pptp0] RADIUS: using /usr/local/etc/radius. [pptp0] RADIUS: RadiusAddServer Adding 192.168.100.1 [pptp0] RADIUS: RadiusAccount: Sending accounting data (Type: 2) [pptp0] RADIUS: RadiusSendRequest: rad_send_request failed No valid RADIUS responses received please prompt me how i can solve this problem -- Best regards, Sergey aka Freak - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with EAP/TLS config
John Furman [EMAIL PROTECTED] wrote: I am wondering if anyone has some pointers on how I should proceed from here. I am at a loss as to why this isn't working. Output and version info below. I'd say you're using an older version of the server. Upgrate to 0.9.3, or the CVS snapshot. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I need help
I am a microsoft guy who is trying to learn linux, because I have to i freeradius on it. can anyone help me get started in the right direction. Any help is appreciated - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: I need help
Buy the O'Reilly RADIUS book. josh. On Wed, 2003-11-26 at 16:57, Jason Tres wrote: I am a microsoft guy who is trying to learn linux, because I have to i freeradius on it. can anyone help me get started in the right direction. Any help is appreciated - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- --- Josh Howlett, Networking Digital Communications, Information Systems Computing, University of Bristol, U.K. 'phone: 0117 928 7850 email: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help with EAP/TLS config
I am new to FreeRadius and 802.1x. I have had dealings with Livingston v1.xx v2.xx years ago in my days with an ISP. I am wondering if anyone has some pointers on how I should proceed from here. I am at a loss as to why this isn't working. Output and version info below. The intent of the configuration is toward EAP/TLS... Thank you. Versions: freeradius-0.9.3 [RHL 7.3] openssl-0.9.7c Client: Odyssey v2.22.00.516 [Win 2000Pro] AP:SMC2804WBR Barricade + LD_LIBRARY_PATH=/usr/local/ssl/lib + LD_PRELOAD=/usr/local/ssl/lib/libcrypto.so + export LD_LIBRARY_PATH + export LD_PRELOAD + /usr/local/sbin/radiusd -X -A Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /var main: logdir = /var/log/radius main: libdir = /usr/local/lib main: radacctdir = /var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /var/log/radius/radius.log main: log_auth = yes main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /var/run/radiusd/radiusd.pid main: bind_address = 172.28.1.1 IP address [172.28.1.1] main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients Using deprecated clients file. Support for this will go away soon. read_config_files: reading realms Using deprecated realms file. Support for this will go away soon. radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded System unix: cache = no unix: passwd = (null) unix: shadow = (null) unix: group = (null) unix: radwtmp = /var/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = tls eap: timer_expire = 60 rlm_eap: Loaded and initialized the type leap tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = (null) tls: pem_file_type = yes tls: private_key_file = /etc/1x/gandalf-wl.pem tls: certificate_file = /etc/1x/gandalf-wl.pem tls: CA_file = /etc/1x/root.pem tls: private_key_password = whatever tls: dh_file = /etc/1x/DH tls: random_file = /etc/1x/random tls: fragment_size = 512 tls: include_length = yes rlm_eap_tls: conf N ctx stored rlm_eap: Loaded and initialized the type tls Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = /etc/raddb/huntgroups preprocess: hints = /etc/raddb/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = suffix realm: delimiter = @ Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = /etc/raddb/users files: acctusersfile = /etc/raddb/acct_users files: preproxy_usersfile = /etc/raddb/preproxy_users files: compat = no Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port-Id Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = /var/log/radius/radutmp radutmp: username = %{User-Name} radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on IP address 172.28.1.1, ports 1812/udp and 1813/udp, with proxy on 1814/udp. Ready to process requests. rad_recv: Access-Request packet from host 172.28.1.2:32801, id=3, length=150 User-Name = jfurman NAS-IP-Address = 172.28.1.2 Called-Station-Id =
help me with cisco_pix525,freeradius and openldap?
hi, all,i am new to this list and freeradius.my environment is blow list: a cisco pix525 run as vpn. vpn authentication uses freeradius0.9.3 inside.the database of backend is OPENLDAP. who has such a solution? help me!!!help me!!! thank in advance regards, jiang _ MSN Messenger: http://messenger.msn.com/cn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Foundry command authorization help
Title: Foundry command authorization help I am having some issues with command authorization. Foundry has a Foundry-Command-String attribute and suspect I am just a chucklehead :-) Syntax should be Foundry-Command-String = configure terminal, Foundry-Command-String = int ethernet 20, Foundry-Command-String = speed-duplex *, or Foundry-Command-String = configure terminal, int ethernet 20, speed-duplex *, I have tried both but am suspecting that Foundry does not support what I think they do :-) They have authorization levels 0,4 and 5. But in the cli you can only enter one. I am used to Cisco where you can have multiple ones hence my despair. If anyone has been here before any tips would be greatly appreciated. Ted DISCLAIMER e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me and permanently delete the original and any copy of any e-mail and any printout thereof. E-mail transmission cannot be guaranteed to be secure or error-free. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. REGARDING PRIVACY AND CONFIDENTIALITY Crown Financial Group may, at its discretion, monitor and review the content of all e-mail communications.
Re: Foundry command authorization help
From: Kaczmarek, Thaddeus [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Foundry command authorization help Date: Fri, 21 Nov 2003 11:21:00 -0500 Reply-To: [EMAIL PROTECTED] This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --_=_NextPart_001_01C3B04B.734D7E00 Content-Type: text/plain I am having some issues with command authorization. Foundry has a Foundry-Command-String attribute and suspect I am just a chucklehead :-) Syntax should be Foundry-Command-String = configure terminal, Foundry-Command-String = int ethernet 20, Foundry-Command-String = speed-duplex *, or Foundry-Command-String = configure terminal, int ethernet 20, speed-duplex *, I have tried both but am suspecting that Foundry does not support what I think they do :-) They have authorization levels 0,4 and 5. But in the cli you can only enter one. I am used to Cisco where you can have multiple ones hence my despair. First, the Foundry dictionary file that comes with FreeRADIUS doesn't have those attributes, so you'll need to edit it. What you need to add is pretty straightforward in Foundry's docs. (I'll submit my dictionary file to the project when I'm sure it's got everything; I just added some stuff for their management software yesterday.) Second, you'll need to give the user the appropriate priviledge level, and use the command-exception-flag VSA to tell it to only allow those commands. And then, list all the commands comma-separated in the foundry-command-string attribute. What's below works for me: maint Crypt-Password == junk foundry-privilege-level = 0, foundry-command-string = copy running-config *; enable, foundry-command-exception-flag = 0 This is with a FastIron 1500 running 07.6.03hT51. Good luck, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Foundry command authorization help
At 11:23 AM 11/21/2003, Dave Mussulman wrote: First, the Foundry dictionary file that comes with FreeRADIUS doesn't have those attributes, so you'll need to edit it. What you need to add is pretty straightforward in Foundry's docs. (I'll submit my dictionary file to the project when I'm sure it's got everything; I just added some stuff for their management software yesterday.) Patch please? Or list of the AV's? If no one reports it, it won't get included in later versions either. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Foundry command authorization help
Title: Re: Foundry command authorization help They came with both versions I have tried, 0.91 and 0.93. They were in /usr/share/freeradius folder. Ted On Fri, 2003-11-21 at 12:43, Chris Parker wrote: At 11:23 AM 11/21/2003, Dave Mussulman wrote: First, the Foundry dictionary file that comes with FreeRADIUS doesn't have those attributes, so you'll need to edit it. What you need to add is pretty straightforward in Foundry's docs. (I'll submit my dictionary file to the project when I'm sure it's got everything; I just added some stuff for their management software yesterday.) Patch please? Or list of the AV's? If no one reports it, it won't get included in later versions either. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless! \ Director, Engineering | @ @ | \ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net DISCLAIMER e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me and permanently delete the original and any copy of any e-mail and any printout thereof. E-mail transmission cannot be guaranteed to be secure or error-free. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. REGARDING PRIVACY AND CONFIDENTIALITY Crown Financial Group may, at its discretion, monitor and review the content of all e-mail communications.
Re: Quintum Help
Thanks The reason I edit dictionary files. I've got following error messages when I start radiusd files: compat = "no"/etc/raddb/users[3]: Parse error (reply) for entry 12345: Unknown attribute Quintum-h323-credit-ammountErrors reading /etc/raddb/usersradiusd.conf[921]: files: Module instantiation failed. My users file has onlu following entries 12345 User-Password = "12345" Quintum-h323-return-code = "h323-return-code=0", Quintum-h323-credit-ammount = "h323-credit-ammount=100", Quintum-h323-return-code = "h323-return-code=0", Quintum-h323-credit-time = "h323-credit-time=200", I've tried without Quintum too. then I' ve got Module: Loaded preprocessModule: Instantiated preprocess (preprocess)Module: Loaded realmModule: Instantiated realm (suffix)Module: Loaded files/etc/raddb/users[3]: Parse error (reply) for entry 12345: Unknown attribute h323-credit-ammountErrors reading /etc/raddb/usersradiusd.conf[921]: files: Module instantiation failed. Alan DeKok [EMAIL PROTECTED] wrote: Amgaabaatar Purevjal <[EMAIL PROTECTED]>wrote: Could you help me to configure freeradius for quintum . I installed radius. But itis rejecting users... rad_recv: Access-Request packet from host 192.168.1.10:24579, id=34, length=157 Attr-4 = 0xc0a8010a Attr-1 = 0x3132333435I am absolutely amazed at the effort you've put into destroying thedefault configuration of the server. You've done a lot of work tomake sure that the server won't be able to do anything.I have no idea why you've done this. The only answer I can give toyour problem is to use the server as it is installed. Don't breakit. Don't edit the dictionary files.Alan DeKok.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Quintum Help
Never mind I found the error. It was typo that I put ammount instead of amount Thanks a lot Please ignore prevouis reply Alan DeKok [EMAIL PROTECTED] wrote: Amgaabaatar Purevjal <[EMAIL PROTECTED]>wrote: Could you help me to configure freeradius for quintum . I installed radius. But itis rejecting users... rad_recv: Access-Request packet from host 192.168.1.10:24579, id=34, length=157 Attr-4 = 0xc0a8010a Attr-1 = 0x3132333435I am absolutely amazed at the effort you've put into destroying thedefault configuration of the server. You've done a lot of work tomake sure that the server won't be able to do anything.I have no idea why you've done this. The only answer I can give toyour problem is to use the server as it is installed. Don't breakit. Don't edit the dictionary files.Alan DeKok.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Quintum Help
Amgaabaatar Purevjal [EMAIL PROTECTED] wrote: Could you help me to configure freeradius for quintum . I installed radius. But itis rejecting users ... rad_recv: Access-Request packet from host 192.168.1.10:24579, id=34, length=157 Attr-4 = 0xc0a8010a Attr-1 = 0x3132333435 I am absolutely amazed at the effort you've put into destroying the default configuration of the server. You've done a lot of work to make sure that the server won't be able to do anything. I have no idea why you've done this. The only answer I can give to your problem is to use the server as it is installed. Don't break it. Don't edit the dictionary files. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Quintum Help
Could you help me to configure freeradius for quintum . I installed radius. But itis rejecting users Thank You Here is my Quintum and Radius logs RADIUS : 565661:RadiusRequest: Sending Access-Request MsgId=24 to 192.168.1.3,port 1812, Descriptor 3RADIUS : 566160:RadiusResponse: Received response, length=20, id=24, type=3RADIUS : 566160:RadiusSocket: Received ACCESS REJECT RESPONSERADIUS : 566160:RadiusResponse: Created response object 0XB05E84RADIUS : 566160:RadiusSocket: Sent ProcessAccessReject iucaCallBackSendRADIUS : 566160:RadiusHandler: Received iucaCallBackSend Access-RejectRADIUS : 566160:RadiusRequest: Client Process Marked Object=0XBBB204 MsgId=24for DeletionRADIUS : 566160:RadiusRequest: Radius Process Deleted Object=0XBBB204, MsgId=24RADIUS : 566160:RadiusRequest: destroying request object 0XBBB204RADIUS : 566160:RadiusResponse: destroying response object 0XB05E84RADIUS : 566790:RadiusRequest: Created request object 0XD34404 And Radius Log rad_recv: Access-Request packet from host 192.168.1.10:24579, id=34, length=157 Attr-4 = 0xc0a8010a Attr-1 = 0x3132333435 Attr-2 = 0x3132333435 Attr-61 = 0x Attr-31 = 0x36333037373635343634 Quintum-h323-conf-id = "h323-conf-id=33666235 36646263 31310030 003100FF" Quintum-AVPair = "h323-ivr-out=ACCESSCODE:"auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the userauth: Failed to validate the user.Login incorrect: [12345/12345] (from client quintum port 0 cli 6307765464)Delaying request 4 for 1 seconds
Help Reqd for X9.9
Hi Guys I am sorry if this is a duplicate post.I am a total newbie to this group and this is my first post.I want to make a x9.9 authentication. I jsut compiled the crcalc.c and executed it but it asks me the DES key. I have secure computing safeword tokens and how i can get the DES key associated with that token. I got one file import0.dat while programming the token and have a parameter called Token key in that. But its only 7 bytes and i know that traditional DES key len is 8 bytes. I know that i am doin some thing wrong here and would appreciate any help from you guys. Waiting for ur reply Thanks and Regards Badrinath Mohan --- Dustin Doris [EMAIL PROTECTED] wrote: On Tue, 4 Nov 2003, Sumner, Rob wrote: The FTP server is setup us the Linux pure-ftpd software. Check out proftpd. They have a radius module that works great. www.proftpd.org for the server. http://www.castaglia.org/proftpd/modules/mod_radius.html is documentation on the module. -Dustin Doris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help!
Hi, When I'm compling radiusd-02.28.02,the following errors occur: rlm_dbm_parser.o: In function `open_storage': /usr/src/802/radius/radiusd/src/modules/rlm_dbm/rlm_dbm_parser.c:101: undefined reference to `dbm_open' rlm_dbm_parser.o: In function `close_storage': /usr/src/802/radius/radiusd/src/modules/rlm_dbm/rlm_dbm_parser.c:109: undefined reference to `dbm_close' rlm_dbm_parser.o: In function `storecontent': /usr/src/802/radius/radiusd/src/modules/rlm_dbm/rlm_dbm_parser.c:163: undefined reference to `dbm_store' /usr/src/802/radius/radiusd/src/modules/rlm_dbm/rlm_dbm_parser.c:168: undefined reference to `dbm_store' collect2: ld returned 1 exit status make: *** [rlm_dbm_parser] Erreur 1 end complied- Can anyone help me and tell me how to resolve it? Thanks a lot! Regards, davy Network Information Center East China Normal University Shanghai In China - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help!
Ã…Ãΰ [EMAIL PROTECTED] wrote: When I'm compling radiusd-02.28.02,the following errors occur: rlm_dbm_parser.o: In function `open_storage': /usr/src/802/radius/radiusd/src/modules/rlm_dbm/rlm_dbm_parser.c:101: undefined reference to `dbm_open' If you're not using rlm_dbm, simply delete that directory. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup-admin / new help-pages
On Thu, 30 Oct 2003, Ulrich Walcher wrote: HI, I have done some additions to user_edit.attrs and some help pages... They're all on http://www.walcher.co.at/fr/ Added, thanks a lot Greets, Uli -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dialup_Admin Help
Title: Message I have set up Dialup_Admin with Apache 2, MySQL 4, php and Redhat 9. I have set the permissions to the DB in the admin.conf file but the web server refuses to connect to the DB both remotely and Locally. Any ideas??? Wayne T Work, Sr.CISSPwww.securitygauntlet.comwww.hipaact.com
dialup-admin / new help-pages
HI, I have done some additions to user_edit.attrs and some help pages... They're all on http://www.walcher.co.at/fr/ Greets, Uli - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius set up help needed
Hello Gurus, Iam a Research Assistant at George Mason University trying to set up freeradius server for cisco aironet 1200 APs (MAC based auth). Though I have been googling for almost 3 days I dont get the big picture. Its been hard to find documentation or configuration steps. Iam to install freeradius on RedHat Linux 9.0 that authenticates clients coming through cisco aironet 1200 APs. I have no clue what is to be done(totally confused). I would appreciate if anybody could run me through the process of getting this working/any extensive doc will be an added benifit. Thanking you all in anticipation, Ravi Kiran Bhaskar Do you Yahoo!? Exclusive Video Premiere - Britney Spears
freeradius snap version doesn't compile..any help?
hi everybody ; i ma trying to follow the guide EAP/TLS HOWTO guide (http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm) .througout this guide i made the first changes to the src/modules/rlm_eap/types/rlm_eap_tls/Makefile. however the make command didn't work as expected, it is giving two errors and quit. could you please give an hand to me about this problem. here is the log of the error. the openssl is the snapshot version. i had once beat this problem by skipping the mppe_keys.c in the preceding make file. but that might be the reason of the next problems that i had encountered. ... ... /usr/local/openssl/include/openssl/ssl.h:349: warning: function declaration isn't a prototype /usr/local/openssl/include/openssl/ssl.h:350: warning: function declaration isn't a prototype /usr/local/openssl/include/openssl/ssl.h:351: warning: function declaration isn't a prototype /usr/local/openssl/include/openssl/ssl.h:610: warning: function declaration isn't a prototype /usr/local/openssl/include/openssl/ssl.h:758: warning: function declaration isn't a prototype In file included from rlm_eap_tls.h:61, from eap_tls.h:26, from mppe_keys.c:25: /usr/local/openssl/include/openssl/ssl.h:1235: warning: function declaration isn't a prototype /usr/local/openssl/include/openssl/ssl.h:1271: warning: function declaration isn't a prototype /usr/local/openssl/include/openssl/ssl.h:1273: warning: function declaration isn't a prototype mppe_keys.c: In function `P_hash': mppe_keys.c:61: too many arguments to function `HMAC_Init_ex' mppe_keys.c:62: too many arguments to function `HMAC_Init_ex' mppe_keys.c:84: too many arguments to function `HMAC_Init_ex' mppe_keys.c:89: too many arguments to function `HMAC_Init_ex' gmake[10]: *** [mppe_keys.o] Error 1 gmake[10]: Leaving directory `/root/download/freeradius-snapshot-20031029/src/modules/rlm_eap/types/rlm_eap_tls' gmake[9]: *** [common] Error 1 gmake[9]: Leaving directory `/root/download/freeradius-snapshot-20031029/src/modules/rlm_eap/types' gmake[8]: *** [static] Error 2 gmake[8]: Leaving directory `/root/download/freeradius-snapshot-20031029/src/modules/rlm_eap/types' gmake[7]: *** [common] Error 1 gmake[7]: Leaving directory `/root/download/freeradius-snapshot-20031029/src/modules/rlm_eap' gmake[6]: *** [static] Error 2 gmake[6]: Leaving directory `/root/download/freeradius-snapshot-20031029/src/modules/rlm_eap' gmake[5]: *** [common] Error 1 gmake[5]: Leaving directory `/root/download/freeradius-snapshot-20031029/src/modules' gmake[4]: *** [all] Error 2 gmake[4]: Leaving directory `/root/download/freeradius-snapshot-20031029/src/modules' gmake[3]: *** [common] Error 1 gmake[3]: Leaving directory `/root/download/freeradius-snapshot-20031029/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/root/download/freeradius-snapshot-20031029/src' gmake[1]: *** [common] Error 1 gmake[1]: Leaving directory `/root/download/freeradius-snapshot-20031029' make: *** [all] Error 2 __ Do you Yahoo!? Exclusive Video Premiere - Britney Spears http://launch.yahoo.com/promos/britneyspears/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
proxy help question
(B (B (BIs it possible to haveONE radius (Bserver query TWO databases in the same server for requests for different (Brealms? (B (BFor example if I hadtwo (Brealms (B (B (Bdialup.someisp.net (Badsl.someisp.net (B (Band both realms came into the same radius (Bserver, and I had two mysql databases with two different customer bases (Bfortwo differnt services.(dialup and adsl) (B (BIs it possible for me to instruct the (Bradius server toquery different databases for different (Bdomains? (B (B (BCheers,Craig (B
Re: proxy help question
On Fri, 24 Oct 2003, CW wrote: Is it possible to have ONE radius server query TWO databases in the same server for requests for different realms? For example if I had two realms dialup.someisp.net adsl.someisp.net and both realms came into the same radius server, and I had two mysql databases with two different customer bases for two differnt services. (dialup and adsl) Is it possible for me to instruct the radius server to query different databases for different domains? Cheers, Craig Sure thing, just check out doc/Autz-Type - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help on FreeBSD.
We are trying to set up FreeRadius on a FreeBSD 4.8 system. For some reason it won't compile. It complained about not having gnu make, so I downloaded, compiled and installed gnu make and it still says it can't find it. Are there any switches or flags I need to adjust? We would even be willing to pay someone to install and configure it for us correctly. Let us know. - Sincerely, Roger Cates, CCNA Vice President Chief Technical Officer Xpower Internet, LLC Xpowerhosting.com | Xpoweronline.com Xpowernet.com | Aerotouch.net P 888.245.7501 | F 270.338.4602 Internet to the power of X. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help on FreBSD
try to install gmake using port: cd /usr/port/dev/gmake make install clean = [ apellido jr., wilfredo p. ] +63 034 4880-449 If you can't hear me, it's because i'm in parentheses. __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help on FreeBSD.
Roger Cates wrote: We are trying to set up FreeRadius on a FreeBSD 4.8 system. For some reason it won't compile. It complained about not having gnu make, so I downloaded, compiled and installed gnu make and it still says it can't find it. Are there any switches or flags I need to adjust? Once you've installed gmake from ports, run 'gmake' instead of 'make' during your installation. DS - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: can u help me?
On Thu, Sep 18, 2003 at 09:27:14AM +0800, ???} wrote: Hi jeffery : i am try to cross compile freeradius on a arm platform, but i have many strange problems. can u tell me how to cross compile freeradius on a mips platform? You want to crosscompile a arm freeradius on a mips platform? Or the other way around? Or one each? What OS you are running on those platforms? Do you have some of those strange errors for us? Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
help
Hi all ! Can anyone tell me how to make EAP-TLS and PAM work together? or EAP-TLS and a Windows Active Directory work together? I want my Users to authenticate based on the /etc/passwd of my linux box.. or users in my active directory? aside from the whatever shared secret authentication and certificate.. Any advice?? thanks... arniel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help
arniel [EMAIL PROTECTED] wrote: Can anyone tell me how to make EAP-TLS and PAM work together? or EAP-TLS and a Windows Active Directory work together? You can't. They're not designed to work together. I want my Users to authenticate based on the /etc/passwd of my linux box.. or users in my active directory? aside from the whatever shared secret authentication and certificate.. Use EAP-TTLS, and require a client-side certificate. EAP-TLS authenticates anyone who has a client certificate which has been signed by the root certificate. No password is required, and no password will ever be supplied. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
can u help me?
Hi jeffery : i am try to cross compile freeradius on a arm platform, but i have many strange problems. can u tell me how to cross compile freeradius on a mips platform? thank you very much leo
Re: POSTGRESQL + FREERADIUS 0.9.1 configuration help
guy, my reason of using fr 0.9.1 for pgsql 7.3.2 is that pgsql has triggers and functions that i am using on. i am implementing a lot of stored procedures on it. can you send me the config files of fr + pgsql? i'll be delighted to study it. thanksHiIdidhave0.8.1workingasatest,butlatelastweekIdecidedtoupgradeto0.9.1beforemodifyingdial-admintoworkwithPostgreSQL.Havingrunintoaproblemporting0.9.1toFreeBSDInolongerhaveafunctionalexampletoshowyou.UnlessyouhaveaspecificreasontousePostgreSQL,youareprobablybetteroffusingMySQL.ItappearsasthoughPostgreSQLisbarelysupported.Thesetupin0.9.1ismuchbetter,butthereisnosetupfordialup-admin,andIamnotsureifthereissetupinformationforsql_counterbecauseIhavenotlookedatityet.Iamstillusingcistron1.6.6thatIpatchedtoaccounttoPostgreSQL,anduntilIamsatisfiedwithPostgreSQLfunctionsinFreeRadiusIwillbetestingandhopefullyprovidingpatchesandsuggestingfixesfortheimplementationofPostgreSQL.[EMAIL PROTECTED]wrote:ididthatalready.itstillwont...doyouhaveworkingconfigs?alaboutFRandPGSQLMakesuretheuseryouhavesetuptoaccessthedatabasehasinsertandupdatepermissionsfortheradaccttable.-Listinfo/subscribe/unsubscribe?Seehttp://www.freeradius.org/list/users.html - Bringing First World Technology Closer to You. http://www.1asialink.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: POSTGRESQL + FREERADIUS 0.9.1 configuration help
, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('2836', '3879d6b9c94adcc6', 'boggss', '', '10.10.80.23', '', '', '2003-09-11 00:12:19', '-1', '', '', '', '0', '0', '', '', '', '', '', '', '', '0') rlm_sql_postgresql: Status: PGRES_FATAL_ERROR rlm_sql_postgresql: affected rows = rlm_sql_postgresql: Postgresql check_error: PGRES_FATAL_ERROR, returning SQL_DOWN rlm_sql (sql): Attempting to connect rlm_sql_postgresql #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql_postgresql: query: INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('2836', '3879d6b9c94adcc6', 'boggss', '', '10.10.80.23', '', '', '2003-09-11 00:12:19', '-1', '', '', '', '0', '0', '', '', '', '', '', '', '', '0') rlm_sql_postgresql: Status: PGRES_FATAL_ERROR rlm_sql_postgresql: affected rows = rlm_sql_postgresql: Postgresql check_error: PGRES_FATAL_ERROR, returning SQL_DOWN rlm_sql (sql): failed after re-connect rlm_sql (sql): Couldn't update SQL accounting for START packet - ERROR: pg_atoi: zero-length string radius_xlat: 'UPDATE radacct SET AcctStartTime = '2003-09-11 00:12:19', AcctStartDelay = '', ConnectInfo_start = '' WHERE AcctSessionId = '2836' AND UserName = 'boggss' AND NASIPAddress = '10.10.80.23'' radius_xlat: '/usr/local/var/log/radius/sqltrace.sql' rlm_sql_postgresql: query: UPDATE radacct SET AcctStartTime = '2003-09-11 00:12:19', AcctStartDelay = '', ConnectInfo_start = '' WHERE AcctSessionId = '2836' AND UserName = 'boggss' AND NASIPAddress = '10.10.80.23' rlm_sql_postgresql: Status: PGRES_FATAL_ERROR rlm_sql_postgresql: affected rows = rlm_sql_postgresql: Postgresql check_error: PGRES_FATAL_ERROR, returning SQL_DOWN rlm_sql (sql): Attempting to connect rlm_sql_postgresql #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql_postgresql: query: UPDATE radacct SET AcctStartTime = '2003-09-11 00:12:19', AcctStartDelay = '', ConnectInfo_start = '' WHERE AcctSessionId = '2836' AND UserName = 'boggss' AND NASIPAddress = '10.10.80.23' rlm_sql_postgresql: Status: PGRES_FATAL_ERROR rlm_sql_postgresql: affected rows = rlm_sql_postgresql: Postgresql check_error: PGRES_FATAL_ERROR, returning SQL_DOWN rlm_sql (sql): failed after re-connect rlm_sql (sql): Couldn't update SQLaccounting START record - ERROR: Bad int8 external representation rlm_sql (sql): Released sql socket id: 3 modcall[accounting]: module sql returns fail modcall: group accounting returns fail Finished request 1 Going to the next request --- Walking the entire request list --- Cleaning up request 1 ID 8 with timestamp 3f5f4d63 Nothing to do. Sleeping until we see a request. - what will i do list?.. looking forward of your best help for this... thanks, francis ted a. seguerra Groots NetQuest - 1Asialink www.1asialink.com brbr table border=0 width=100% height=9 tr td width=100% height=9 font face=Arial color=#006600-br iBringing First World Technology Closer to You./ibr bhttp://www.1asialink.com/b/font/td /tr /table - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Guy Fraser Network Administrator The Internet Centre 780-450-6787 , 1-888-450-6787 There is a fine line between genius and lunacy, fear not, walk the line with pride. Not all things will end up as you wanted, but you will certainly discover things the meek and timid will miss out on. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: POSTGRESQL + FREERADIUS 0.9.1 configuration help
i have done that already... it has all the rights for the db...but still it insert any to the radacct.?Makesuretheuseryouhavesetuptoaccessthedatabasehasinsertandupdatepermissionsfortheradaccttable.[EMAIL PROTECTED]wrote:hilist,gooddaytoall...ihavesetupmypostgresql7.3.2andfreeradius0.9.1onafreebsd4.8machine.ihavesuccessfullysetupthepostgresqlandfreeradiustosupportdialupservices.itriedtotesttheoriginalconfigurationoffreeradius0.9.1usingntradping..iwasabletoauthenticatetheusersbutitseemstohavefailureonaccountingofusers.thepostgresqlreturnsnoresultofradacctafteritriedaccountingstart.theerrorsays:(radiusd-x-x)Starting-readingconfigurationfiles...reread_config: readingradiusd.confConfig: includingfile:/usr/local/etc/raddb/proxy.confConfig: includingfile:/usr/local/etc/raddb/clients.confConfig: includingfile:/usr/local/etc/raddb/snmp.confConfig: includingfile:/usr/local/etc/raddb/sql.confmain:prefix="/usr/local"main:localstatedir="/usr/local/var"main:logdir="/usr/local/var/log/radius"main:libdir="/usr/local/lib"main:radacctdir="/usr/local/var/log/radius/radacct"main:hostname_lookups=nomain:max_request_time=30main:cleanup_delay=5main:max_requests=1024main:delete_blocked_requests=0main:port=0main:allow_core_dumps=nomain:log_stripped_names=nomain:log_file="/usr/local/var/log/radius/radius.log"main:log_auth=nomain:log_auth_badpass=nomain:log_auth_goodpass=nomain:pidfile="/usr/local/var/run/radiusd/radiusd.pid"main:user="radius"main:group="radius"main:usercollide=nomain:lower_user="no"main:lower_pass="no"main:nospace_user="no"main:nospace_pass="no"main:checkrad="/usr/local/sbin/checkrad"main:proxy_requests=yesproxy:retry_delay=5proxy:retry_count=3proxy:synchronous=noproxy:default_fallback=yesproxy:dead_time=120proxy:post_proxy_authorize=yesproxy:wake_all_if_all_dead=nosecurity:max_attributes=200security:reject_delay=1security:status_server=nomain:debug_level=0read_config_files: readingdictionaryread_config_files: readingnaslistUsingdeprecatednaslistfile. Supportforthiswillgoawaysoon.read_config_files: readingclientsUsingdeprecatedclientsfile. Supportforthiswillgoawaysoon.read_config_files: readingrealmsUsingdeprecatedrealmsfile. Supportforthiswillgoawaysoon.radiusd:
Re: POSTGRESQL + FREERADIUS 0.9.1 configuration help
Hi I did have 0.8.1 working as a test, but late last week I decided to upgrade to 0.9.1 before modifying dial-admin to work with PostgreSQL. Having run into a problem porting 0.9.1 to FreeBSD I no longer have a functional example to show you. Unless you have a specific reason to use PostgreSQL, you are probably better off using MySQL. It appears as though PostgreSQL is barely supported. The setup in 0.9.1 is much better, but there is no setup for dialup-admin, and I am not sure if there is setup information for sql_counter because I have not looked at it yet. I am still using cistron 1.6.6 that I patched to account to PostgreSQL, and until I am satisfied with PostgreSQL functions in FreeRadius I will be testing and hopefully providing patches and suggesting fixes for the implementation of PostgreSQL. [EMAIL PROTECTED] wrote: i did that already.it still wont... do you have working configs?al about FR and PGSQL Make sure the user you have setup to access the database has insert and update permissions for the radacct table. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
POSTGRESQL + FREERADIUS 0.9.1 configuration help
, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('2836', '3879d6b9c94adcc6', 'boggss', '', '10.10.80.23', '', '', '2003-09-11 00:12:19', '-1', '', '', '', '0', '0', '', '', '', '', '', '', '', '0') rlm_sql_postgresql: Status: PGRES_FATAL_ERROR rlm_sql_postgresql: affected rows = rlm_sql_postgresql: Postgresql check_error: PGRES_FATAL_ERROR, returning SQL_DOWN rlm_sql (sql): Attempting to connect rlm_sql_postgresql #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql_postgresql: query: INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('2836', '3879d6b9c94adcc6', 'boggss', '', '10.10.80.23', '', '', '2003-09-11 00:12:19', '-1', '', '', '', '0', '0', '', '', '', '', '', '', '', '0') rlm_sql_postgresql: Status: PGRES_FATAL_ERROR rlm_sql_postgresql: affected rows = rlm_sql_postgresql: Postgresql check_error: PGRES_FATAL_ERROR, returning SQL_DOWN rlm_sql (sql): failed after re-connect rlm_sql (sql): Couldn't update SQL accounting for START packet - ERROR: pg_atoi: zero-length string radius_xlat: 'UPDATE radacct SET AcctStartTime = '2003-09-11 00:12:19', AcctStartDelay = '', ConnectInfo_start = '' WHERE AcctSessionId = '2836' AND UserName = 'boggss' AND NASIPAddress = '10.10.80.23'' radius_xlat: '/usr/local/var/log/radius/sqltrace.sql' rlm_sql_postgresql: query: UPDATE radacct SET AcctStartTime = '2003-09-11 00:12:19', AcctStartDelay = '', ConnectInfo_start = '' WHERE AcctSessionId = '2836' AND UserName = 'boggss' AND NASIPAddress = '10.10.80.23' rlm_sql_postgresql: Status: PGRES_FATAL_ERROR rlm_sql_postgresql: affected rows = rlm_sql_postgresql: Postgresql check_error: PGRES_FATAL_ERROR, returning SQL_DOWN rlm_sql (sql): Attempting to connect rlm_sql_postgresql #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql_postgresql: query: UPDATE radacct SET AcctStartTime = '2003-09-11 00:12:19', AcctStartDelay = '', ConnectInfo_start = '' WHERE AcctSessionId = '2836' AND UserName = 'boggss' AND NASIPAddress = '10.10.80.23' rlm_sql_postgresql: Status: PGRES_FATAL_ERROR rlm_sql_postgresql: affected rows = rlm_sql_postgresql: Postgresql check_error: PGRES_FATAL_ERROR, returning SQL_DOWN rlm_sql (sql): failed after re-connect rlm_sql (sql): Couldn't update SQLaccounting START record - ERROR: Bad int8 external representation rlm_sql (sql): Released sql socket id: 3 modcall[accounting]: module sql returns fail modcall: group accounting returns fail Finished request 1 Going to the next request --- Walking the entire request list --- Cleaning up request 1 ID 8 with timestamp 3f5f4d63 Nothing to do. Sleeping until we see a request. - what will i do list?.. looking forward of your best help for this... thanks, francis ted a. seguerra Groots NetQuest - 1Asialink www.1asialink.com brbr table border=0 width=100% height=9 tr td width=100% height=9 font face=Arial color=#006600-br iBringing First World Technology Closer to You./ibr bhttp://www.1asialink.com/b/font/td /tr /table - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius 0.9.0 and Proxim Orinoco AP-2000 Help
FYI update, I ran tcpdump on the server and found that the radius server was responding with a different address, even though I used the -i xxx.xxx.xxx.xxx address switch. I changed the radius address on the AP and it's working fine now. David --- Artur Hecker [EMAIL PROTECTED] wrote: you could log in into the AP and see what happens in there if this is supported. you mean the AP sends the Request, gets the challenge but never answers? ciao artur David Middleton wrote: Yes I can. I also traced it and it is getting there. It's almost like the AP is ignoring the packets being sent to it. David --- Ulrich Walcher [EMAIL PROTECTED] wrote: Sounds like a routing problem. Can you ping the ap? Am Fre, 2003-09-05 um 17.30 schrieb David Middleton: ---SNIP --- The radius server and the ap are on different networks, but there is no firewall between them. Any assistance would be appreciated, David - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius 0.9.0 and Proxim Orinoco AP-2000 Help
I am having trouble getting FreeRadius and an AP-2000 to work. I installed FreeRadius 0.9.0 on a slackware linux server and everything there went fine. I then configured the AP-2000 and everything looked ok, I can even see requests being sent to the radius server and the radius server sending a responce. The trouble is, the AP says the radius server is not responding. I have configured the clients.conf file with the ap in there and have the matching shared secret on both the ap and radius server. I am trying to do MAC address resolution and I can see that working, just nothing gets back to the ap. The radius server and the ap are on different networks, but there is no firewall between them. Any assistance would be appreciated, David __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius 0.9.0 and Proxim Orinoco AP-2000 Help
Sounds like a routing problem. Can you ping the ap? Am Fre, 2003-09-05 um 17.30 schrieb David Middleton: ---SNIP --- The radius server and the ap are on different networks, but there is no firewall between them. Any assistance would be appreciated, David - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius 0.9.0 and Proxim Orinoco AP-2000 Help
Yes I can. I also traced it and it is getting there. It's almost like the AP is ignoring the packets being sent to it. David --- Ulrich Walcher [EMAIL PROTECTED] wrote: Sounds like a routing problem. Can you ping the ap? Am Fre, 2003-09-05 um 17.30 schrieb David Middleton: ---SNIP --- The radius server and the ap are on different networks, but there is no firewall between them. Any assistance would be appreciated, David - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius 0.9.0 and Proxim Orinoco AP-2000 Help
you could log in into the AP and see what happens in there if this is supported. you mean the AP sends the Request, gets the challenge but never answers? ciao artur David Middleton wrote: Yes I can. I also traced it and it is getting there. It's almost like the AP is ignoring the packets being sent to it. David --- Ulrich Walcher [EMAIL PROTECTED] wrote: Sounds like a routing problem. Can you ping the ap? Am Fre, 2003-09-05 um 17.30 schrieb David Middleton: ---SNIP --- The radius server and the ap are on different networks, but there is no firewall between them. Any assistance would be appreciated, David - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help with freeradius 0.9.0, Active Directory, and MS-CHAPv2
Sean Perry [EMAIL PROTECTED] wrote: I am trying to setup a Linux VPN. Most of the pieces are now in place. I am trying to authenticate against radius which in turn will authenticate against our existing Active Directory server. People have done this. To a certain extent, AD is just another LDAP server. Looking through the archives I see several people try but no real responses. Ron Wahler claims to have Active Directory working but he was not using chap. Is this possible? Not with CHAP. AD doesn't allow you to look at the users clear-text passwords, so CHAP is impossible. Yet, somehow, IAS does CHAP against AD. Is anyone willing to bet *against* the idea that Microsoft has one API for customers, and another, better API for themselves? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help with freeradius 0.9.0, Active Directory, and MS-CHAPv2
Alan DeKok wrote: Sean Perry [EMAIL PROTECTED] wrote: I am trying to setup a Linux VPN. Most of the pieces are now in place. I am trying to authenticate against radius which in turn will authenticate against our existing Active Directory server. People have done this. To a certain extent, AD is just another LDAP server. yeah, I have it working in other applications like apache so I know it can be done. Looking through the archives I see several people try but no real responses. Ron Wahler claims to have Active Directory working but he was not using chap. Is this possible? Not with CHAP. AD doesn't allow you to look at the users clear-text passwords, so CHAP is impossible. I have solved this in other cases by using the password to rebind as the user. If the bind fails the password is incorrect. What I have not seen is a way to get the password out of CHAP. Is this a viable solution?? Yet, somehow, IAS does CHAP against AD. Is anyone willing to bet *against* the idea that Microsoft has one API for customers, and another, better API for themselves? it is not entirely unreasonable to believe they have a CHAP -- Kerberos interface. But I agree with you, they definately make life harder for the rest of us. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help with freeradius 0.9.0, Active Directory, and MS-CHAPv2
Sean Perry [EMAIL PROTECTED] wrote: Not with CHAP. AD doesn't allow you to look at the users clear-text passwords, so CHAP is impossible. I have solved this in other cases by using the password to rebind as the user. If the bind fails the password is incorrect. What I have not seen is a way to get the password out of CHAP. Is this a viable solution?? No. As I had said above, it's impossible. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help with freeradius 0.9.0, Active Directory, and MS-CHAPv2
Alan DeKok wrote: Sean Perry [EMAIL PROTECTED] wrote: Not with CHAP. AD doesn't allow you to look at the users clear-text passwords, so CHAP is impossible. I have solved this in other cases by using the password to rebind as the user. If the bind fails the password is incorrect. What I have not seen is a way to get the password out of CHAP. Is this a viable solution?? No. As I had said above, it's impossible. Thanks Alan. When I started this project it looked like all of the pieces were there. Now the next person will be able to find this thread and know about the issues. Looks like I am going to try the IAS authentication approach and see how it works. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Need help on application - RADIUS integration
Hi all, Greeting to all. I am currently working on a wireless project that requires integration of a web portal with a mobile carrier's AAA system (a RADIUS system). I am rather new to RADIUS technology, but I have tried playing around with FreeRADIUS to familiarize myself with the technology and to prepare for the integration work with the carrier's AAA system. For my project at the current moment, unfortunately, I am still waiting to get the right technical contact and the necessary technical info about their RADIUS system from the carrier...The info is coming in rather slowly. My project requirements as far as integration with the carrier's RADIUS system is concerned are as follows: 1. to retrieve mobile users' MSISDNs (Mobile Station ISDN) or assigned client IP addresses from the incoming HTTP requests received by the web portal, and to validate it against the carrier's AAA system. The web portal will grant user access based on the result of the validation. 2. In cases where client IP addresses are received, to also get the users' corresponding MSISDNs from the carrier's AAA system. 3. Upon successful validation, to also fetch the required user profiles (name, email, etc if available) from the carrier's AAA system so that the user info can be made available for the web portal's use. Instead of waiting for the info to come in, I am thinking of configuring my FreeRADIUS server to simulate a typical mobile carrier's RADIUS system as closely as possible and to start some preliminary integration of my web portal with the RADIUS server. As I am very new to RADIUS and not to mention the mobile carrier's RADIUS system, which I gathered from pieces of information - it could be a specialized RADIUS system for wireless industry, I am not sure how viable is my above approach. I would really appreciate it if somebody, who is expert in application - RADIUS integration or familiar with carrier RADIUS deployment, share their valuable experience and suggestions as to how should I proceed with my tasks. I would also appreciate it very much if any of you can point me to the right directions on the followings: - Is there a document/case study that describes how mobile carriers typically make use of RADIUS for authenticating their mobile users? - Has anyone ever configured FreeRADIUS in a way that closely resembles a typical mobile carrier's RADIUS system? Can you share your system architecture or configurations? - Is there a comprehensive and stable open-source Java APIs for RADIUS integration? I am sorry for sending such a long email ...more so if this is not the right forum for this type of questions. But, I would really appreciate your valuable inputs. Best Regards. __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need help on application - RADIUS integration
KT Poh [EMAIL PROTECTED] wrote: My project requirements as far as integration with the carrier's RADIUS system is concerned are as follows: 1. to retrieve mobile users' MSISDNs (Mobile Station ISDN) or assigned client IP addresses from the incoming HTTP requests received by the web portal, and to validate it against the carrier's AAA system. The web portal will grant user access based on the result of the validation. For Apache, mod_auth_radius can do some of this. You may have to edit the source to add features for your local system. 2. In cases where client IP addresses are received, to also get the users' corresponding MSISDNs from the carrier's AAA system. If the MSISDN is defined in a RADIUS attribute, that's possible. 3. Upon successful validation, to also fetch the required user profiles (name, email, etc if available) from the carrier's AAA system so that the user info can be made available for the web portal's use. For that, you'll probably need to create a local vendor dictionary, and write a RADIUS client to integrate into your web portal, which understands these attributes. As I am very new to RADIUS and not to mention the mobile carrier's RADIUS system, which I gathered from pieces of information - it could be a specialized RADIUS system for wireless industry, I am not sure how viable is my above approach. It's possible, it's just a lot of work. Personally, I would use RADIUS just for authentication, and have the users information in an SQL database. The web portal can then query the database for the user information ONLY if the RADIUS server says that the user was authenticated. The reason for this design is that it looks like you're trying to use the RADIUS server for both authentication some database information. That's going to cause difficulties. - Is there a document/case study that describes how mobile carriers typically make use of RADIUS for authenticating their mobile users? I doubt it. That kind of information is usually kept secret. - Is there a comprehensive and stable open-source Java APIs for RADIUS integration? Look on google. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: help with freeradius 0.9.0, Active Directory, and MS-CHAPv2
From: Alan DeKok Sent: Thursday, 4 September 2003 11:46 PM Sean Perry [EMAIL PROTECTED] wrote: I am trying to setup a Linux VPN. Most of the pieces are now in place. I am trying to authenticate against radius which in turn will authenticate against our existing Active Directory server. People have done this. To a certain extent, AD is just another LDAP server. Is this possible? Not with CHAP. AD doesn't allow you to look at the users clear-text passwords, so CHAP is impossible. Yet, somehow, IAS does CHAP against AD. Is anyone willing to bet *against* the idea that Microsoft has one API for customers, and another, better API for themselves? So surely you could proxy CHAP requests to IAS, and authenticate other requests using the superior powers of FreeRADIUS. You'd end up with a post-proxy section that looks a lot like your post-auth section. I'm probably terribly terribly wrong here, but to my mind you _should_ be able to. After all, MS _have_ supplied a RADIUS interface to the passwords on the server, which seems an improvement over having to write the W32API authentication calls yourself. -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help with freeradius 0.9.0, Active Directory, and MS-CHAPv2
Paul Hampson wrote: Yet, somehow, IAS does CHAP against AD. Is anyone willing to bet *against* the idea that Microsoft has one API for customers, and another, better API for themselves? So surely you could proxy CHAP requests to IAS, and authenticate other requests using the superior powers of FreeRADIUS. You'd end up with a post-proxy section that looks a lot like your post-auth section. I'm probably terribly terribly wrong here, but to my mind you _should_ be able to. After all, MS _have_ supplied a RADIUS interface to the passwords on the server, which seems an improvement over having to write the W32API authentication calls yourself. In my case I am ONLY using Radius for our VPN and do not really expect this to change. While I would like to use freeradius it does not make much sense to do so. For others your suggestion probably makes more sense. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
help with freeradius 0.9.0, Active Directory, and MS-CHAPv2
I am trying to setup a Linux VPN. Most of the pieces are now in place. I am trying to authenticate against radius which in turn will authenticate against our existing Active Directory server. Looking through the archives I see several people try but no real responses. Ron Wahler claims to have Active Directory working but he was not using chap. Is this possible? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help with freeradius 0.9.0, Active Directory, and MS-CHAPv2
Sean Perry wrote: I am trying to setup a Linux VPN. Most of the pieces are now in place. I am trying to authenticate against radius which in turn will authenticate against our existing Active Directory server. Looking through the archives I see several people try but no real responses. Ron Wahler claims to have Active Directory working but he was not using chap. Is this possible? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html It is theoretically possible. You will need to install Internet Authentication Service, which is MS's RADIUS server. I've used IAS with Cisco devices, but I'm still trying to get pam_radius_auth to work on my RH9 system so I can try it with that. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need some help configuring freeradius - openssl problem (EAP)
Hi madhusudan! if you look at the mail list archives, i posted a manually edited Makefile for the eap_tls module a while ago. ciao artur Alan DeKok wrote: Madhusudan Singh [EMAIL PROTECTED] wrote: I tried what you suggested. Downloaded freeradius-snapshot-20030830. No go. I still get : checking for openssl/ssl.h... no checking for DH_new in -lcrypto... no ... Try looking at the logs from 'configure'. If that doesn't help, edit the Makefiles. Each 'Makefile' for the modules is about 10 lines. The 'configure' scripts are there only as an easy short-hand, in 99% of the normal cases. If 'configure' is too hard to use, edit the 'Makefile' by hand. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need some help configuring freeradius - openssl problem (EAP)
Hi Artur, Thanks for the heads up. I wish to fix the configure script though. For instance : the correct set of options to use were (note the openssl options) : ./configure --prefix=/usr/local/freeradius --with-mcrypt=/usr/local/lib/libmcrypt/ --with-mhash=/usr/local/lib/libmhash/ --with-ltdl-lib=/usr/lib --with-gnu-ld --with-openssl-includes=/usr/local/ssl/include/ --with-openssl-libraries=/usr/local/ssl/lib/ Now I get : checking for openssl/ssl.h... yes checking for DH_new in -lcrypto... yes checking for SSL_new in -lssl... no checking how to run the C preprocessor... (cached) gcc -E checking for openssl/err.h... no checking for openssl/rand.h... no checking for openssl/engine.h... no configure: warning: silently not building rlm_eap_tls. configure: warning: FAILURE: rlm_eap_tls requires: libssl. and checking for DES_cbc_encrypt in -lcrypto... no checking for des_cbc_encrypt in -lcrypto... no configure: warning: silently not building rlm_x99_token. configure: warning: FAILURE: rlm_x99_token requires: des_cbc_encrypt. The contents of /usr/local/ssl/lib : libcrypto.a libssl.a pkgconfig The contents of /usr/local/ssl/includes/openssl : engine.h, err.h rand.h among other things. Which makes some of the messages above look absolutely nonsensical. Why would configure do such a thing ?? While the existence of libcrypto is being detected, it seems that it does not have support for des_cbc_encrypt cipher. Which is strange because I did not disable any ciphers during installation of openssl. libssl is not being detected at all. Btw, could it be related to shared vs static libraries ? Thanks, MS Artur Hecker wrote: Hi madhusudan! if you look at the mail list archives, i posted a manually edited Makefile for the eap_tls module a while ago. ciao artur - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need some help configuring freeradius - openssl problem (EAP)
Madhusudan Singh [EMAIL PROTECTED] wrote: I wish to fix the configure script though. Then read the configure *log* files. The output that 'configure' prints to the screen just tells you what went wrong. It doesn't tell you *why* it went wrong. The only way to fix configure is to know *why* the test failed. Multiple posts of the output of 'configure' saying 'no' aren't helping. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need some help configuring freeradius - openssl problem (EAP)
Hi I did that, and found that the correct set of options to use were (note the openssl options) : ./configure --prefix=/usr/local/freeradius --with-mcrypt=/usr/local/lib/libmcrypt/ --with-mhash=/usr/local/lib/libmhash/ --with-ltdl-lib=/usr/lib --with-gnu-ld --with-openssl-includes=/usr/local/ssl/include/ --with-openssl-libraries=/usr/local/ssl/lib/ Now I get : checking for openssl/ssl.h... yes checking for DH_new in -lcrypto... yes checking for SSL_new in -lssl... no checking how to run the C preprocessor... (cached) gcc -E checking for openssl/err.h... no checking for openssl/rand.h... no checking for openssl/engine.h... no configure: warning: silently not building rlm_eap_tls. configure: warning: FAILURE: rlm_eap_tls requires: libssl. and checking for DES_cbc_encrypt in -lcrypto... no checking for des_cbc_encrypt in -lcrypto... no configure: warning: silently not building rlm_x99_token. configure: warning: FAILURE: rlm_x99_token requires: des_cbc_encrypt. The contents of /usr/local/ssl/lib : libcrypto.a libssl.a pkgconfig The contents of /usr/local/ssl/includes/openssl : engine.h, err.h rand.h among other things. Which makes some of the messages above look absolutely nonsensical. While the existence of libcrypto is being detected, it seems that it does not have support for des_cbc_encrypt cipher. Which is strange because I did not disable any ciphers during installation of openssl. libssl is not being detected at all. Btw, could it be related to shared vs static libraries ? I will start editing Makefile by hand as a last resort, but wish to fix the configure script for you :) Thanks, MS Alan DeKok wrote: Madhusudan Singh [EMAIL PROTECTED] wrote: I tried what you suggested. Downloaded freeradius-snapshot-20030830. No go. I still get : checking for openssl/ssl.h... no checking for DH_new in -lcrypto... no ... Try looking at the logs from 'configure'. If that doesn't help, edit the Makefiles. Each 'Makefile' for the modules is about 10 lines. The 'configure' scripts are there only as an easy short-hand, in 99% of the normal cases. If 'configure' is too hard to use, edit the 'Makefile' by hand. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Need some help configuring freeradius - openssl problem (EAP)
Hi, I sent this message out twice, but did not get a response. I was wondering if someone could help me. --- Hi, I have openssl 0.9.7 installed in /usr/local/ssl, and am trying to configure my freeradius installation at my wireless access point with : ./configure --prefix=/usr/local/freeradius --with-ssl=/usr/local/ssl --with-mcrypt=/usr/local/lib/libmcrypt/ --with-mhash=/usr/local/lib/libmhash/ --with-ltdl-lib=/usr/lib --with-gnu-ld I get an error in the configuration : loading cache ../../../../.././config.cache checking for gcc... (cached) gcc checking whether the C compiler (gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG ) works... yes checking whether the C compiler (gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG ) is a cross-compiler... no checking whether we are using GNU C... (cached) yes checking whether gcc accepts -g... (cached) yes checking for openssl/ssl.h... no checking for DH_new in -lcrypto... no checking for SSL_new in -lssl... no checking how to run the C preprocessor... (cached) gcc -E checking for openssl/err.h... no checking for openssl/engine.h... no configure: warning: silently not building rlm_eap_tls. configure: warning: FAILURE: rlm_eap_tls requires: (openssl/ssl.h) libcrypto libssl. How do I fix this problem ? Thanks, MS - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Need some help configuring freeradius - openssl problem (EAP)
Hi, I sent this message out twice, but did not get a response. I was wondering if someone could help me. --- Hi, I have openssl 0.9.7 installed in /usr/local/ssl, and am trying to configure my freeradius installation at my wireless access point with : ./configure --prefix=/usr/local/freeradius --with-ssl=/usr/local/ssl --with-mcrypt=/usr/local/lib/libmcrypt/ --with-mhash=/usr/local/lib/libmhash/ --with-ltdl-lib=/usr/lib --with-gnu-ld I get an error in the configuration : loading cache ../../../../.././config.cache checking for gcc... (cached) gcc checking whether the C compiler (gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG ) works... yes checking whether the C compiler (gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG ) is a cross-compiler... no checking whether we are using GNU C... (cached) yes checking whether gcc accepts -g... (cached) yes checking for openssl/ssl.h... no checking for DH_new in -lcrypto... no checking for SSL_new in -lssl... no checking how to run the C preprocessor... (cached) gcc -E checking for openssl/err.h... no checking for openssl/engine.h... no configure: warning: silently not building rlm_eap_tls. configure: warning: FAILURE: rlm_eap_tls requires: (openssl/ssl.h) libcrypto libssl. How do I fix this problem ? Thanks, MS - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need some help configuring freeradius - openssl problem (EAP)
From: Madhusudan Singh [EMAIL PROTECTED] configure: warning: FAILURE: rlm_eap_tls requires: (openssl/ssl.h) libcrypto libssl. This is the problem. How do I fix this problem ? By installing libcrypto and libssl Do a find / -name ssl.h to find out if ssl.h is already there. Thor. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need some help configuring freeradius - openssl problem (EAP)
Madhusudan Singh [EMAIL PROTECTED] wrote: I have openssl 0.9.7 installed in /usr/local/ssl, and am trying to configure my freeradius installation at my wireless access point with : ./configure --prefix=/usr/local/freeradius --with-ssl=/usr/local/ssl ... That won't work in FreeRADIUS 0.9.0. It doesn't use that option to look for OpenSSL. Try the latest CVS snapshot, and do: ./configure --prefix=/usr/local/freeradius --with-open-ssl-inc=/usr/local/ssl/include --with-openssl-lib=/usr/local/ssl/lib ... and it should be better. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need some help configuring freeradius - openssl problem (EAP)
Hi Thanks for your response. Let me try this out. MS That won't work in FreeRADIUS 0.9.0. It doesn't use that option to look for OpenSSL. Try the latest CVS snapshot, and do: ./configure --prefix=/usr/local/freeradius --with-open-ssl-inc=/usr/local/ssl/include --with-openssl-lib=/usr/local/ssl/lib ... and it should be better. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need some help configuring freeradius - openssl problem (EAP)
Hi I tried what you suggested. Downloaded freeradius-snapshot-20030830. No go. I still get : checking for openssl/ssl.h... no checking for DH_new in -lcrypto... no checking for SSL_new in -lssl... no checking how to run the C preprocessor... (cached) gcc -E checking for openssl/err.h... no checking for openssl/rand.h... no checking for openssl/engine.h... no configure: warning: silently not building rlm_eap_tls. configure: warning: FAILURE: rlm_eap_tls requires: (openssl/ssl.h) libcrypto libssl. and checking for inttypes.h... (cached) yes checking for DES_cbc_encrypt in -lcrypto... no checking for des_cbc_encrypt in -lcrypto... no configure: warning: silently not building rlm_x99_token. configure: warning: FAILURE: rlm_x99_token requires: des_cbc_encrypt. I used the following different configure options : --with-open-ssl-inc=, --with-openssl-inc and --with-openssl-include. (the first is what you suggested, I was just trying to make sure it wasn't a typo) Last configure command : ./configure --prefix=/usr/local/freeradius --with-mcrypt=/usr/local/lib/libmcrypt/ --with-mhash=/usr/local/lib/libmhash/ --with-ltdl-lib=/usr/lib --with-gnu-ld --with-openssl-include=/usr/local/ssl/include/ --with-openssl-lib=/usr/local/ssl/lib/ And I do have the following include file : /usr/local/ssl/include/openssl/ssl.h What could be wrong ? Thanks, MS Alan DeKok wrote: Madhusudan Singh [EMAIL PROTECTED] wrote: I have openssl 0.9.7 installed in /usr/local/ssl, and am trying to configure my freeradius installation at my wireless access point with : ./configure --prefix=/usr/local/freeradius --with-ssl=/usr/local/ssl ... That won't work in FreeRADIUS 0.9.0. It doesn't use that option to look for OpenSSL. Try the latest CVS snapshot, and do: ./configure --prefix=/usr/local/freeradius --with-open-ssl-inc=/usr/local/ssl/include --with-openssl-lib=/usr/local/ssl/lib ... and it should be better. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need some help configuring freeradius - openssl problem (EAP)
Madhusudan Singh [EMAIL PROTECTED] wrote: I tried what you suggested. Downloaded freeradius-snapshot-20030830. No go. I still get : checking for openssl/ssl.h... no checking for DH_new in -lcrypto... no ... Try looking at the logs from 'configure'. If that doesn't help, edit the Makefiles. Each 'Makefile' for the modules is about 10 lines. The 'configure' scripts are there only as an easy short-hand, in 99% of the normal cases. If 'configure' is too hard to use, edit the 'Makefile' by hand. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Need some help configuring freeradius - openssl problem (EAP)
Hi, I have openssl 0.9.7 installed in /usr/local/ssl, and am trying to configure my freeradius installation at my wireless access point with : ./configure --prefix=/usr/local/freeradius --with-ssl=/usr/local/ssl --with-mcrypt=/usr/local/lib/libmcrypt/ --with-mhash=/usr/local/lib/libmhash/ --with-ltdl-lib=/usr/lib --with-gnu-ld I get an error in the configuration : loading cache ../../../../.././config.cache checking for gcc... (cached) gcc checking whether the C compiler (gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG ) works... yes checking whether the C compiler (gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG ) is a cross-compiler... no checking whether we are using GNU C... (cached) yes checking whether gcc accepts -g... (cached) yes checking for openssl/ssl.h... no checking for DH_new in -lcrypto... no checking for SSL_new in -lssl... no checking how to run the C preprocessor... (cached) gcc -E checking for openssl/err.h... no checking for openssl/engine.h... no configure: warning: silently not building rlm_eap_tls. configure: warning: FAILURE: rlm_eap_tls requires: (openssl/ssl.h) libcrypto libssl. How do I fix this problem ? Thanks, MS - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html