Help me !!!

2003-12-21 Thread Prasad Yaramti 
Hi everybody, 

 I am new user for Radius Server.My requirement is to pass my username,password to radius server and to authenticate.Help me out how to add a user in radius server database and how to authenticate ?? 

regards,Prasad.
Do you Yahoo!?
Free Pop-Up Blocker - Get it now

Re: Help me !!!

2003-12-20 Thread Julius Igugu 
Can you give more details of your setup?Prasad Yaramti [EMAIL PROTECTED] wrote:

Hi there,
 
  I am new this radius authentication Concept,actually my requirement is to check User name and Passsword via Radius server.In this aspect I have to pass user name and Password to Radius and to get authenticate.
 Help me how store the username and password in the server,how to authneticate ? How to pass the my username and password to server 

Thanks inadvance for your help

Regards,Prasad.


Do you Yahoo!?Free Pop-Up Blocker - Get it now
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing

Re: Help me !!!

2003-12-20 Thread Alan DeKok 
Prasad Yaramti [EMAIL PROTECTED] wrote:
Help me how store the username and password in the server,how to
 authneticate ?  How to pass the my username and password to server ???

  Read the FAQ.  It explains how to do this.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Help me !!!

2003-12-19 Thread Prasad Yaramti 
Hi there,
 
  I am new this radius authentication Concept,actually my requirement is to check User name and Passsword via Radius server.In this aspect I have to pass user name and Password to Radius and to get authenticate.
 Help me how store the username and password in the server,how to authneticate ? How to pass the my username and password to server 

Thanks inadvance for your help

Regards,Prasad.
Do you Yahoo!?
Free Pop-Up Blocker - Get it now

Please help me (It is very Urgent)

2003-12-17 Thread Shashidhara S Bapat 
Hello All,
I am a new user to this mailing list. I am using Radius server to see
how does it authenticate.
I am running freeradius on Linux machine and it is connected to a AP600
(Access Point) through which users are connected. Users are running on
Windows 2000 Professional. Following are the configuration I have done:

file - clients.conf:
# 192.168.100.7 is the IP address of my Access Point (wireless) (AP600)
# which supports RADIUS.
192.168.100.7/24 {
secret  = abcde
shortname   = AP-600LAB
}

file - users:
# TECH4 is the name of the wireless client (machine name) which is 
# running on Windows.
TECH4   Auth-Type := EAP, User-Password == password
Reply-Message = Hello, %u


I think the problem is with the 'user' part. I dont know which
'Auth-Type' I have to use. Please help me in my settings.
Please let me know what modifications I have to do to make it working.

FYI: The 'radtest' is working fine.

-- 
=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
--Best Regards,
  Shashi.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: PEAP problem - HELP PLEASE

2003-12-17 Thread garelli 
Thanks everyone for your help,
yes Brian, you are right, i made a mistake when I wrote my users entry in
the last mail! I wanted to say:

ourson User-password = testtest

In fact your right for the = which is better to be renplaced by == here.
But in reallity, I didn't put any space on my user paswword
I tried to put this entry:

ourson  User-Password == a
Reply-Message =  YSS, %u

With this, I tought that if authentication were bad, my reply message
won't appear, isn't it right?
But in fact, I have already the same error, but in response I have my
reply message! It's very strange.
here are my last logs :


 rad_check_password:  Found Auth-Type EAP
auth: type EAP
modcall: entering group authenticate for request 0
rlm_eap: Identity does not match User-Name, authentication failed.
  rlm_eap: Failed in handler
  modcall[authenticate]: module eap returns invalid for request 0
modcall: group authenticate returns invalid for request 0
auth: Failed to validate the user.
Login incorrect: [ourson/no User-Password attribute] (from client AP1
port 37 cli 000af49c507f)Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 113 to 192.168.1.2:3186
Reply-Message =  yeess
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 113 with timestamp 3fdf0ed2
Nothing to do.  Sleeping until we see a request.

I really don't understand how radiusd can say : Identity does not match
User-Name, authentication failed and [ourson/no User-Password
attribute] ... It seems that no password is sent from my supplicant..??

I tried to do radtest from another unix machine and it works :

...
rad_recv: Access-Request packet from host 192.168.1.1:32769, id=85, length=58
User-Name = ourson
User-Password = a
NAS-IP-Address = 255.255.255.255
NAS-Port = 10
modcall: entering group authorize for request 6
  modcall[authorize]: module preprocess returns ok for request 6
  modcall[authorize]: module chap returns noop for request 6
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module eap returns noop for request 6
rlm_realm: No '@' in User-Name = ourson, looking up realm NULL
rlm_realm: No such realm NULL
  modcall[authorize]: module suffix returns noop for request 6
users: Matched ourson at 97
  modcall[authorize]: module files returns ok for request 6
  modcall[authorize]: module mschap returns noop for request 6
modcall: group authorize returns ok for request 6
auth: type Local
auth: user supplied User-Password matches local User-Password
radius_xlat:  ' YSS, ourson'
Sending Access-Accept of id 85 to 192.168.1.1:32769
Reply-Message =  YSS, ourson
Finished request 6
Going to the next request
--- Walking the entire request list ---
Cleaning up request 5 ID 170 with timestamp 3fdf22be
Waking up in 6 seconds...

I think that freeradius is well configured and it must be a windows or
Access Point problem, don't you think so?
Please if someone knows or just have an idea, tell me !!









- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Please help me (It is very Urgent)

2003-12-17 Thread Julius Igugu 
did you setup eap?
Shashidhara S Bapat [EMAIL PROTECTED] wrote:
Hello All,I am a new user to this mailing list. I am using Radius server to seehow does it authenticate.I am running freeradius on Linux machine and it is connected to a AP600(Access Point) through which users are connected. Users are running onWindows 2000 Professional. Following are the configuration I have done:file - "clients.conf":# 192.168.100.7 is the IP address of my Access Point (wireless) (AP600)# which supports RADIUS.192.168.100.7/24 {secret = abcdeshortname = AP-600LAB}file - "users":# TECH4 is the name of the wireless client (machine name) which is # running on Windows.TECH4 Auth-Type := EAP, User-Password == "password"Reply-Message = "Hello, %u"I think the problem is with the 'user' part. I dont know which'Auth-Type' I have to use. Please help me in my settings.Please let me
 know what modifications I have to do to make it working.FYI: The 'radtest' is working fine.-- =-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=--Best Regards,Shashi.=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing

Re: Please help me (It is very Urgent)

2003-12-17 Thread mula_omar 
WAht type of EAP are you using? I supposed MD5.
I think the name TECH4 has to be between , so TECH4.



El mié, 17-12-2003 a las 11:36, Julius Igugu escribió:
 did you setup eap?
 
 Shashidhara S Bapat [EMAIL PROTECTED] wrote:
 Hello All,
 I am a new user to this mailing list. I am using Radius server to see
 how does it authenticate.
 I am running freeradius on Linux machine and it is connected to a AP600
 (Access Point) through which users are connected. Users are running on
 Windows 2000 Professional. Following are the configuration I have done:
 
 file - clients.conf:
 # 192.168.100.7 is the IP address of my Access Point (wireless) (AP600)
 # which supports RADIUS.
 192.168.100.7/24 {
 secret = abcde
 shortname = AP-600LAB
 }
 
 file - users:
 # TECH4 is the name of the wireless client (machine name) which is 
 # running on Windows.
 TECH4 Auth-Type := EAP, User-Password == password
 Reply-Message = Hello, %u
 
 
 I think the problem is with the 'user' part. I dont know which
 'Auth-Type' I have to use. Please help me in my settings.
 Please let me know what modifications I have to do to make it working.
 
 FYI: The 'radtest' is working fine.
 
 -- 
 =-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
 --Best Regards,
 Shashi.
 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 
 
 - 
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
 
 -
 Do you Yahoo!?
 New Yahoo! Photos - easier uploading and sharing




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Please help me (It is very Urgent)

2003-12-17 Thread Ripunjay Bararia 
hi,
Try using Auth-Type := LOCAL, and make a normal user in your Linux machine
and then use that password to login to the server

Ripunjay



 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of Shashidhara
 S Bapat
 Sent: Wednesday, December 17, 2003 12:43 PM
 To: Free Radius Mailing group
 Subject: Please help me (It is very Urgent)
 
 
 Hello All,
 I am a new user to this mailing list. I am using Radius server to see
 how does it authenticate.
 I am running freeradius on Linux machine and it is connected to a AP600
 (Access Point) through which users are connected. Users are running on
 Windows 2000 Professional. Following are the configuration I have done:
 
 file - clients.conf:
 # 192.168.100.7 is the IP address of my Access Point (wireless) (AP600)
 # which supports RADIUS.
 192.168.100.7/24 {
 secret  = abcde
 shortname   = AP-600LAB
 }
 
 file - users:
 # TECH4 is the name of the wireless client (machine name) which is 
 # running on Windows.
 TECH4   Auth-Type := EAP, User-Password == password
 Reply-Message = Hello, %u
 
 
 I think the problem is with the 'user' part. I dont know which
 'Auth-Type' I have to use. Please help me in my settings.
 Please let me know what modifications I have to do to make it working.
 
 FYI: The 'radtest' is working fine.
 
 -- 
 =-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
 --Best Regards,
   Shashi.
 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 
 
 - 
 List info/subscribe/unsubscribe? See 
 http://www.freeradius.org/list/users.html
 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: PEAP problem - HELP PLEASE

2003-12-16 Thread garelli 
Hi Alan!
Thanks for your help.
I did what you told me, but it seems that it wasn't the only error I made...
I put in the users file :

ourson  User-Password =  testtest

and my user on the XP supplicant is also the same, but authentication is
still impossible! I really don't understand because the same error message
appears even if I change the users file like I show you before.
I am asking myself about which options must be put on the MS-CHAP module
(on radiusd.conf) ?
I didn't change any options on the MS-CHAP module ( use_mppe,
require_encryption, require_strong with a # before), but is it necessary??
(I tried quickly to put these options = yes ,but I had same results)
If you have any idea about what is wrong with my configuration, please
tell me! here are my log with the beginning of freeradius when it's
launched:


+ LD_LIBRARY_PATH=/usr/local/ssl-end/lib
+ LD_PRELOAD=/usr/local/ssl-end/lib/libcrypto.so
+ export LD_LIBRARY_PATH LD_PRELOAD
+ /usr/local/sbin/radiusd -X -y -z
Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /usr/local/etc/raddb/clients.conf
Config:   including file: /usr/local/etc/raddb/snmp.conf
Config:   including file: /usr/local/etc/raddb/sql.conf
 main: prefix = /usr/local
 main: localstatedir = /usr/local/var
 main: logdir = /usr/local/var/log/radius
 main: libdir = /usr/local/lib
 main: radacctdir = /usr/local/var/log/radius/radacct
 main: hostname_lookups = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = yes
 main: log_file = /usr/local/var/log/radius/radius.log
 main: log_auth = yes
 main: log_auth_badpass = yes
main: log_auth_goodpass = yes
 main: pidfile = /usr/local/var/run/radiusd/radiusd.pid
 main: user = (null)
 main: group = (null)
 main: usercollide = no
 main: lower_user = no
 main: lower_pass = no
 main: nospace_user = no
 main: nospace_pass = no
 main: checkrad = /usr/local/sbin/checkrad
 main: proxy_requests = no
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
Using deprecated naslist file.  Support for this will go away soon.
read_config_files:  reading clients
Using deprecated clients file.  Support for this will go away soon.
read_config_files:  reading realms
Using deprecated realms file.  Support for this will go away soon.
radiusd:  entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
 pap: encryption_scheme = crypt
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
 mschap: use_mppe = yes
 mschap: require_encryption = yes
 mschap: require_strong = yes
 mschap: passwd = (null)
 mschap: authtype = MS-CHAP
Module: Instantiated mschap (mschap)
Module: Loaded eap
 eap: default_eap_type = peap
 eap: timer_expire = 60
 eap: ignore_unknown_eap_types = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
 tls: rsa_key_exchange = no
 tls: dh_key_exchange = yes
 tls: rsa_key_length = 512
 tls: dh_key_length = 512
 tls: verify_depth = 0
 tls: CA_path = (null)
 tls: pem_file_type = yes
 tls: private_key_file = /sauv-certif/cert/new/serveur6.pem
tls: certificate_file = /sauv-certif/cert/new/serveur6.pem
 tls: CA_file = /sauv-certif/cert/new/root.pem
 tls: private_key_password = saucisson
 tls: dh_file = /sauv-certif/cert/new/dh
 tls: random_file = /sauv-certif/cert/new/random
 tls: fragment_size = 1024
 tls: include_length = yes
 tls: check_crl = no
rlm_eap: Loaded and initialized type tls
 peap: default_eap_type = mschapv2
 peap: copy_request_to_tunnel = no
 peap: use_tunneled_reply = no
rlm_eap: Loaded and initialized type peap
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
 preprocess: huntgroups = /usr/local/etc/raddb/huntgroups
 preprocess: hints = /usr/local/etc/raddb/hints
 preprocess: with_ascend_hack = no
 preprocess: ascend_channels_per_line = 23
 preprocess: with_ntdomain_hack = no
 preprocess: with_specialix_jetstream_hack = no
 preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded detail
 detail: detailfile =
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
detail: detailperm = 384
 detail: dirperm = 493
 detail: locking = no
Module: Instantiated detail (auth_log)
Module: Loaded realm
 realm: format = suffix
 realm: delimiter = @
Module: Instantiated realm (suffix)
Module: Loaded files
 files: usersfile = /usr/local/etc/raddb/users
 files: acctusersfile = /usr/local/etc/raddb/acct_users
 files: preproxy_usersfile = /usr/local/etc/raddb/preproxy_users
 files: compat = no
[/usr/local/etc/raddb/users]:156 WARNING! Changing 'User

Re: PEAP problem - HELP PLEASE

2003-12-16 Thread Brian Clarkson 
[EMAIL PROTECTED] wrote:

Hi Alan!
Thanks for your help.
I did what you told me, but it seems that it wasn't the only error I made...
I put in the users file :
ourson  User-Password =  testtest
i think i see two potential issues here ... one is noted in the logging:

 [/usr/local/etc/raddb/users]:156 WARNING! Changing 'User-Password =' 
to 'User-Password ==' ?for comparing RADIUS attribute in check item list 
for user ourson

the operator that's needed is ==, not just = ... but radius sorta 
fixed that in the request, as the logs note.

the other potential issue:  the space before the password begins. 
assuming that the password gets encrypted into the EAP-Message ( 
something i'm thinking happens ... but i'm not sure of ), that space is 
getting added to the encypted string and will never match.

and my user on the XP supplicant is also the same, but authentication is
still impossible! I really don't understand because the same error message
appears even if I change the users file like I show you before.
I am asking myself about which options must be put on the MS-CHAP module
(on radiusd.conf) ?
I didn't change any options on the MS-CHAP module ( use_mppe,
require_encryption, require_strong with a # before), but is it necessary??
(I tried quickly to put these options = yes ,but I had same results)
If you have any idea about what is wrong with my configuration, please
tell me! here are my log with the beginning of freeradius when it's
launched:
+ LD_LIBRARY_PATH=/usr/local/ssl-end/lib
+ LD_PRELOAD=/usr/local/ssl-end/lib/libcrypto.so
+ export LD_LIBRARY_PATH LD_PRELOAD
+ /usr/local/sbin/radiusd -X -y -z
Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /usr/local/etc/raddb/clients.conf
Config:   including file: /usr/local/etc/raddb/snmp.conf
Config:   including file: /usr/local/etc/raddb/sql.conf
 main: prefix = /usr/local
 main: localstatedir = /usr/local/var
 main: logdir = /usr/local/var/log/radius
 main: libdir = /usr/local/lib
 main: radacctdir = /usr/local/var/log/radius/radacct
 main: hostname_lookups = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = yes
 main: log_file = /usr/local/var/log/radius/radius.log
 main: log_auth = yes
 main: log_auth_badpass = yes
main: log_auth_goodpass = yes
 main: pidfile = /usr/local/var/run/radiusd/radiusd.pid
 main: user = (null)
 main: group = (null)
 main: usercollide = no
 main: lower_user = no
 main: lower_pass = no
 main: nospace_user = no
 main: nospace_pass = no
 main: checkrad = /usr/local/sbin/checkrad
 main: proxy_requests = no
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
Using deprecated naslist file.  Support for this will go away soon.
read_config_files:  reading clients
Using deprecated clients file.  Support for this will go away soon.
read_config_files:  reading realms
Using deprecated realms file.  Support for this will go away soon.
radiusd:  entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
 pap: encryption_scheme = crypt
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
 mschap: use_mppe = yes
 mschap: require_encryption = yes
 mschap: require_strong = yes
 mschap: passwd = (null)
 mschap: authtype = MS-CHAP
Module: Instantiated mschap (mschap)
Module: Loaded eap
 eap: default_eap_type = peap
 eap: timer_expire = 60
 eap: ignore_unknown_eap_types = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
 tls: rsa_key_exchange = no
 tls: dh_key_exchange = yes
 tls: rsa_key_length = 512
 tls: dh_key_length = 512
 tls: verify_depth = 0
 tls: CA_path = (null)
 tls: pem_file_type = yes
 tls: private_key_file = /sauv-certif/cert/new/serveur6.pem
tls: certificate_file = /sauv-certif/cert/new/serveur6.pem
 tls: CA_file = /sauv-certif/cert/new/root.pem
 tls: private_key_password = saucisson
 tls: dh_file = /sauv-certif/cert/new/dh
 tls: random_file = /sauv-certif/cert/new/random
 tls: fragment_size = 1024
 tls: include_length = yes
 tls: check_crl = no
rlm_eap: Loaded and initialized type tls
 peap: default_eap_type = mschapv2
 peap: copy_request_to_tunnel = no
 peap: use_tunneled_reply = no
rlm_eap: Loaded and initialized type peap
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
 preprocess: huntgroups = /usr/local/etc/raddb/huntgroups
 preprocess: hints = /usr/local/etc/raddb/hints
 preprocess: with_ascend_hack = no
 preprocess: ascend_channels_per_line = 23
 preprocess: with_ntdomain_hack = no
 preprocess: with_specialix_jetstream_hack = no
 preprocess: with_cisco_vsa_hack

Realy need Help

2003-12-16 Thread Lucas Oliveira 
Hi everybody,

I am having a problem with acct_users, i did a shell script but when the
user logon, the radius print that exec-program is running but it didnt make
any action.

I realy do know how to set it up.
Thanks
Atenciosamente
Lucas Oliveira
Web Manager
Prompt Tecnologia
www.prompt-tecnologia.com.br


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Help needed.

2003-12-16 Thread Shashidhara S Bapat 
Hello All,
I am a new user to this mailing list. I am using Radius server to see
how does it authenticate.
I am running freeradius on Linux machine and it is connected to a AP600
(Access Point) through which users are connected. Users are running on
Windows 2000 Professional. Following are the configuration I have done:

file - clients.conf:
# 192.168.100.7 is the IP address of my Access Point (wireless) (AP600)
# which supports RADIUS.
192.168.100.7/24 {
secret  = abcde
shortname   = AP-600LAB
}

file - users:
# TECH4 is the name of the wireless client (machine name) which is 
# running on Windows.
TECH4   Auth-Type := EAP, User-Password == password
Reply-Message = Hello, %u


I think the problem is with the 'user' part. I dont know which
'Auth-Type' I have to use. Please help me in my settings.
Please let me know what modifications I have to do to make it working.

FYI: The 'radtest' is working fine.



-- 
=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
--Best Regards,
  Shashi.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

PEAP problem - HELP PLEASE

2003-12-15 Thread garelli 
hello everybody!
I am tryong to make a secure wireless access using PEAP, but I have a
problem during authentication.
I had successfully configured TLS module, and all work fine.
But when I want to have a peap authentication, there is a problem.
In fact could someone try to look at my log, and tell me where is my
problem? I would be great!
Another point is the configuration of the users file, for peap. I've read
the list but nobody gave a real answer to this question.. how this file
have to be configured?? I tried :
username Auth-type := EAP , User-password ==  xxx
or
username Auth-type := Local , User-password ==  xxx
or ...
I don't really know which syntax is good according to peap
authentication..maybe my problem is here?
Thank you for your help!

there are my logs :

...
auth: type EAP
modcall: entering group authenticate for request 15
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Proceeding to decode tunneled
attributes.

  rlm_eap_peap: Identity - NOMADE\ourson
  rlm_eap_peap: Tunneled data is valid.
  PEAP: Got tunneled EAP-Message
EAP-Message = 0x02810012014e4f4d4144455c6f7572736f6e
  PEAP: Got tunneled identity of NOMADE\ourson
  PEAP: Setting default EAP type for tunneled EAP session.
  PEAP: Sending tunneled request
EAP-Message = 0x02810012014e4f4d4144455c6f7572736f6e
Freeradius-Proxied-To = 127.0.0.1
User-Name = NOMADE\\ourson
modcall: entering group authorize for request 15
  modcall[authorize]: module preprocess returns ok for request 15
radius_xlat: 
'/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20031215'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20031215
  modcall[authorize]: module auth_log returns ok for request 15
  rlm_eap: EAP packet type response id 129 length 18
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module eap returns updated for request 15
rlm_realm: No '@' in User-Name = NOMADE\ourson, looking up realm NULL
rlm_realm: No such realm NULL
  modcall[authorize]: module suffix returns noop for request 15
  modcall[authorize]: module files returns notfound for request 15
modcall: group authorize returns updated for request 15
  rad_check_password:  Found Auth-Type EAP
auth: type EAP
modcall: entering group authenticate for request 15
  rlm_eap: EAP Identity
  rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
  modcall[authenticate]: module eap returns handled for request 15
modcall: group authenticate returns handled for request 15
  PEAP: Got tunneled reply RADIUS code 11
EAP-Message =
0x018200271a01820022104c50168820c00ade9de928725f57b2964e4f4d4144455c6f7572736f6e
Message-Authenticator = 0x
State = 0xc2efbd051aa877ec625ee103a4a76b76
  PEAP: Got tunneled Access-Challenge
  modcall[authenticate]: module eap returns handled for request 15
modcall: group authenticate returns handled for request 15
Sending Access-Challenge of id 158 to 192.168.1.2:2462
EAP-Message =
0x0182003e19001703010033d078dd9a67221656dce0acbb5519d8b9af452bb0eaf5f600fcabafd63a385dfe8b1d076837f1798de3ca6d5b2a0d7269ad9f2f
Message-Authenticator = 0x
State = 0x55cbafd5eafc1a8c249ad219c5d26a3b
Finished request 15
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.2:2463, id=159,
length=250
User-Name = NOMADE\\ourson
Cisco-AVPair = ssid=bebe
NAS-IP-Address = 192.168.1.2
Called-Station-Id = 00409656deff
Calling-Station-Id = 000af49c507f
NAS-Identifier = AP350-56deff
NAS-Port = 37
Framed-MTU = 1400
State = 0x55cbafd5eafc1a8c249ad219c5d26a3b
NAS-Port-Type = Wireless-802.11
Service-Type = Login-User
EAP-Message =
0x028200581900170301004d7375a04660bd286865a528793617699cb52551682fc670d49518765d8d8c78754448d9e3eea2d3d4c05fe1367daa485f6e915eebd1fa6d301bb4996dac7906667fa1013b41e11f29e367
Message-Authenticator = 0x63157043cdd0b024b172ecaf24dfb290
modcall: entering group authorize for request 16
  modcall[authorize]: module preprocess returns ok for request 16
radius_xlat: 
'/usr/local/var/log/radius/radacct/192.168.1.2/auth-detail-20031215'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/var/log/radius/radacct/192.168.1.2/auth-detail-20031215
  modcall[authorize]: module auth_log returns ok for request 16
  rlm_eap: EAP packet type response id 130 length 88
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation

Help

2003-12-15 Thread Shashidhara S Bapat 
Hello  everyone,
I am a new user of Freeradius server. I have installed freeradius (beta
version) and tested radius server using 'radtest' command and found in
working.
I have a windows user connected through AP600 (NAS), and it is not
responding. (I ran 'radiusd' with -X option ..and found it not showing
any message, when the windows-user tried to access. It's allowing user
to access the NAS without asking for any password).


Please help me in configuring radius server.
Thanks in advance for all the help.




-- 
=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
--Best Regards,
  Shashi.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: PEAP problem - HELP PLEASE

2003-12-15 Thread Alan DeKok 
[EMAIL PROTECTED] wrote:
 In fact could someone try to look at my log, and tell me where is my
 problem? I would be great!

  The log you posted to the list contains a description of what is wrong.

 Another point is the configuration of the users file, for peap. I've read
 the list but nobody gave a real answer to this question.. how this file
 have to be configured?? I tried :
 username Auth-type := EAP , User-password ==  xxx
 or
 username Auth-type := Local , User-password ==  xxx

  You often don't need to do anything to the 'users' file.

  The simplest change to make (if you're not using LDAP or SQL), is to
add the tunneled user name, with a password:

tunnel-user  User-Password = password

  That's it.

   rlm_mschap: No User-Password configured.  Cannot create LM-Password.
   rlm_mschap: No User-Password configured.  Cannot create NT-Password.
   rlm_mschap: No LM-Password or NT-Password attribute found.  Cannot
 perform MS-CHAP authentication.

  It needs a password.

  Alan DeKok.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Help

2003-12-15 Thread Alan DeKok 
Shashidhara S Bapat [EMAIL PROTECTED] wrote:
 I have a windows user connected through AP600 (NAS), and it is not
 responding. (I ran 'radiusd' with -X option ..and found it not showing
 any message, when the windows-user tried to access. It's allowing user
 to access the NAS without asking for any password).

  Then it's a problem with the NAS configuration.  Nothing you do to
FreeRADIUS will help.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: MySQL Help!

2003-12-15 Thread Alan DeKok 
Deramus, Chris [EMAIL PROTECTED] wrote:
 What file(s) should I run ldd against? 

  rlm_sql_mysql.so

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: MySQL Help!

2003-12-14 Thread Deramus, Chris 
Title: RE: MySQL Help!





Alan,


What file(s) should I run ldd against? 


Chris DeRamus
OCIO VPN Administrator
SAIC



-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]] 
Sent: Friday, December 12, 2003 4:44 PM
To: [EMAIL PROTECTED]
Subject: Re: MySQL Help!



Deramus, Chris [EMAIL PROTECTED] wrote:
 I have checked and verified the LD_LIBRARY_PATH variable, I have 
 updated ld.so.conf as well. I've tried multiple configuration options, 
 including disable-shared. Something isn't adding up. Any suggestions 
 would be most appreciated. Thanks and have a good weekend.


 'ldd' should tell you which libraries are needed. Maybe MySQL needs additional libraries, which somehow aren't loaded.

 I don't know how else to help you. The server core doesn't know
*anything* about modules/libraries, other than it asks the system to load them. If that doesn't work, there isn't much else the server can do.

 Alan DeKok.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: MySQL Help!

2003-12-14 Thread Deramus, Chris 
Title: RE: MySQL Help!





Chris,


Thanks for the input, however, when I updated the configure script with your extra code configure would not find lmysqlclient and prompted that I specify the path to the library files by using --with-mysql-lib= When I put in the path to the MySQL library files, it still would not find lmysqlclient. 

Any other thoughts? If I get it I'll be sure to let you know what it was, thanks so much.


Chris DeRamus
OCIO VPN Administrator
SAIC



-Original Message-
From: Chris Parker [mailto:[EMAIL PROTECTED]] 
Sent: Friday, December 12, 2003 5:14 PM
To: [EMAIL PROTECTED]
Subject: Re: MySQL Help!



At 03:42 PM 12/12/2003, Rob Genovesi wrote:
oh boy, I remember kicking this around for ever as well ...

My solution was to 1) be sure you have development rpms installed and 
2)
do not use --disable-shared when running configure. I don't know 
exactly why this changed things, but compiling with shared libraries it 
was able to find and use all the necessary mysql libs and includes.

I installed the following MySQL rpms (Redhat) :
 MySQL-devel-4.0.16-0
 MySQL-shared-compat-4.0.16-0
 MySQL-client-4.0.16-0
 MySQL-server-4.0.16-0


Aha. Mysql4 changes some stuff. On Solaris we had to change some of the Makefiles manually to get all of the appropriate libs included to build the rlm_mysql driver built. It may be the same on RH as well.

Helpfully, MySQL 3 build syntax is not totally workable with MySQL 4 at least as far as FR is concerned.


-Chris
--
 \\\|||/// \ StarNet Inc. \ Chris Parker
 \ ~ ~ / \ WX *is* Wireless! \ Director, Engineering
 | @ @ | \ http://www.starnetwx.net \ (847) 963-0116
oOo---(_)---oOo--\--
 \ Wholesale Internet Services - http://www.megapop.net




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: MySQL Help!

2003-12-12 Thread Rob Genovesi 

oh boy, I remember kicking this around for ever as well ...
My solution was to 1) be sure you have development rpms installed and 2)
do not use --disable-shared when running configure. I
don't know exactly why this changed things, but compiling with shared
libraries it was able to find and use all the necessary mysql libs and
includes.
I installed the following MySQL rpms (Redhat) :
MySQL-devel-4.0.16-0
MySQL-shared-compat-4.0.16-0
MySQL-client-4.0.16-0
MySQL-server-4.0.16-0

-rob

At 04:23 PM 12/12/2003 -0500, you wrote:
To
all,

I have spent over 16 hours working this issue
now and am completely out of ideas. I have tried RPM Installations of
multiple versions of MySQL, including 3.23.58 and 4.0.16. I am still
getting the error message:

 rlm_sql (sql): Could not link driver
rlm_sql_mysql: file not found 
 rlm_sql (sql): Make sure it (and all its dependent libraries!) are
in 
 the search path of your system's ld. 
 radiusd.conf[4]: sql: Module instantiation failed. 


I have checked and verified the
LD_LIBRARY_PATH variable, I have updated ld.so.conf as well. I've tried
multiple configuration options, including disable-shared. Something isn't
adding up. Any suggestions would be most appreciated. Thanks and have a
good weekend. 

Chris DeRamus
OCIO VPN Administrator
SAIC

-Original Message-
From: Deramus, Chris 
Sent: Friday, December 12, 2003 2:01 PM
To: '[EMAIL PROTECTED]'
Subject: RE: RedHat Enterprise 2.1, FreeRadius 0.9.3 with
MySQL

I have check the FreeRADIUS FAQ and followed the instructions. My
ld.so.conf file has been setup correcly and is pointing the respective
library dependencies and it still is giving me the same error. I have
also attempted ./configure --disable-shared and still no go. I know I do
not need mysql-shared, I am honestly stumped.
Sorry to keep this thread going, I just can't seem to find much
documentation on any extra steps required when running this new distro of
RedHat.
Thanks, 

Chris DeRamus 

-Original Message- 
From: NetNITCO Systems Administration
[mailto:[EMAIL PROTECTED]]

Sent: Thursday, December 11, 2003 5:26 PM 
To: [EMAIL PROTECTED] 
Subject: Re: RedHat Enterprise 2.1, FreeRadius 0.9.3 with
MySQL 

On Thu, 2003-12-11 at 16:00, Deramus, Chris wrote:

 To all -- 
 
 I recently upgraded my development RADIUS box which was running RedHat 
 8.0 to RedHat Enterprise Linux 2.1 ES. This was a fresh install which 
 included all Mysql related packages contained on the CD's. It was 
 noted that the Enterprise installation did not contain a Mysql-devel 
 package, I am assuming it is now bundled in with one of the other 
 rpm's. I tested SQL queries from both web applications and command 
 line and everything seemed to be a go so I then configured freeradius. 
 
I believe you are mistaken. The current MySQL development package for RHEL ES 2.1 is mysql-devel-3.23.58-1.72. 

You can grab the package from the RHEL installation media, or, you can download the SRPM from a Red Hat mirror and rebuild the package:
ftp://redhat.netnitco.net/pub/mirrors/redhat/updates/enterprise/2.1ES/en/os/SRPMS/mysql-3.23.58-1.72.src.rpm 

 rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found 
 rlm_sql (sql): Make sure it (and all its dependent libraries!) are in 
 the search path of your system's ld. 
 radiusd.conf[4]: sql: Module instantiation failed. 
 
You'll get this until you compile FreeRADIUS with the MySQL development libraries installed. 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: MySQL Help!

2003-12-12 Thread Alan DeKok 
Deramus, Chris [EMAIL PROTECTED] wrote:
 I have checked and verified the LD_LIBRARY_PATH variable, I have updated
 ld.so.conf as well. I've tried multiple configuration options, including
 disable-shared. Something isn't adding up. Any suggestions would be most
 appreciated. Thanks and have a good weekend. 

  'ldd' should tell you which libraries are needed.  Maybe MySQL needs
additional libraries, which somehow aren't loaded.

  I don't know how else to help you.  The server core doesn't know
*anything* about modules/libraries, other than it asks the system to
load them.  If that doesn't work, there isn't much else the server can
do.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: MySQL Help!

2003-12-12 Thread Chris Parker 
At 03:42 PM 12/12/2003, Rob Genovesi wrote:
oh boy, I remember kicking this around for ever as well ...

My solution was to 1) be sure you have development rpms installed and 2) 
do not use --disable-shared when running configure.  I don't know 
exactly why this changed things, but compiling with shared libraries it 
was able to find and use all the necessary mysql libs and includes.

I installed the following MySQL rpms (Redhat) :
MySQL-devel-4.0.16-0
MySQL-shared-compat-4.0.16-0
MySQL-client-4.0.16-0
MySQL-server-4.0.16-0
Aha.  Mysql4 changes some stuff.  On Solaris we had to change some of the
Makefiles manually to get all of the appropriate libs included to build
the rlm_mysql driver built.  It may be the same on RH as well.
Helpfully, MySQL 3 build syntax is not totally workable with MySQL 4 at
least as far as FR is concerned.
-Chris
--
   \\\|||///  \  StarNet Inc.  \ Chris Parker
   \ ~   ~ /   \   WX *is* Wireless!\   Director, Engineering
   | @   @ |\   http://www.starnetwx.net \  (847) 963-0116
oOo---(_)---oOo--\--
  \ Wholesale Internet Services - http://www.megapop.net


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: MySQL Help!

2003-12-12 Thread Chris Parker 
At 04:14 PM 12/12/2003, Chris Parker wrote:
At 03:42 PM 12/12/2003, Rob Genovesi wrote:
oh boy, I remember kicking this around for ever as well ...

My solution was to 1) be sure you have development rpms installed and 2) 
do not use --disable-shared when running configure.  I don't know 
exactly why this changed things, but compiling with shared libraries it 
was able to find and use all the necessary mysql libs and includes.

I installed the following MySQL rpms (Redhat) :
MySQL-devel-4.0.16-0
MySQL-shared-compat-4.0.16-0
MySQL-client-4.0.16-0
MySQL-server-4.0.16-0
Aha.  Mysql4 changes some stuff.  On Solaris we had to change some of the
Makefiles manually to get all of the appropriate libs included to build
the rlm_mysql driver built.  It may be the same on RH as well.
Helpfully, MySQL 3 build syntax is not totally workable with MySQL 4 at
least as far as FR is concerned.
Following up my own post, here are the changes we had to make to the
'configure' in 'src/modules/rlm_sql/drivers/rlm_mysql', around line 900.
LIBS=$LIBS -lz

to

LIBS=$LIBS -lsocket -lnsl -lm -lz

In other words, we added the '-lsocket -lnsl -lm' libraries, as there
are needed for the compilation to complete.
Hope this helps,
-Chris
--
   \\\|||///  \  StarNet Inc.  \ Chris Parker
   \ ~   ~ /   \   WX *is* Wireless!\   Director, Engineering
   | @   @ |\   http://www.starnetwx.net \  (847) 963-0116
oOo---(_)---oOo--\--
  \ Wholesale Internet Services - http://www.megapop.net


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Relocation Error - Checked the SSL versions, but still apear - HELP

2003-12-10 Thread Ivan Dario Barrera 

Hi,

I was using an old snap version of freeradius, compiled with an old snap
version of OpenSSL, it was working fine with EAP-TLS, but I wanted to try
the TTLS, so I tried to set the OpenSSL to the latest stable version
0.9.7c and use the SNAPSHOT version of Freeradius to get the TTLS.

Now I'm getting the error:
./radiusd: relocation error:
/usr/local/radius//lib/rlm_eap_tls-1.0.0-pre0.so: undefined symbol:
SSL_set_msg_callback

as soon as a client tries to get in.

An old posted message said to be a problem with OpenSSL versions. I'm not
good with this linux installations. So what I did was to remove the old
directory where the snapshot were, and I used it again to install the
stable version. As soon as it finished, anyway I replaced the libcrypto.so
and libssl.so in the /usr/lib to point to the new ones. (also openssl file
by it self). - I'm using RH8 and I think I also have the 0.9.6 (engine)
which I just renamed as openssl.old.

I thought that was enough to fix the problem and make the freeradius point
to the 0.9.7c version, but still I compiled and executed getting this
error. I regenerated the certificates, I removed the whole radius
directory and installed it again, but it doesn't work.

Is there any way to check what are the versions I'm trying to use?
Is there a way to uninstall correctly whether freeradius or Openssl?

Probably I'm doing all wrong, but still I don't know what it is. If you
can help me out showing me the path, that would be awesome!!

Thanks a lot for your help,

Ivan D. Barrera

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Relocation Error - Checked the SSL versions, but still apear - HELP

2003-12-10 Thread Alan DeKok 
Ivan Dario Barrera [EMAIL PROTECTED] wrote:
...

  You do READ the list, don't you?

http://lists.cistron.nl/pipermail/freeradius-users/2003-December/026413.html

 Is there any way to check what are the versions I'm trying to use?

  ldd.  See the FAQ.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Help with ldap and pap

2003-12-08 Thread Rick Whitley 
Hi,

I am running freeradius snapshot 20030922. I need to get pap working
with ldap. How do I set the password attribute for pap? Where do I look
in the docs to provide this info?  Below are my settings. Any help would
be
greatly appreciated.

radiusd:
ldap {
server = 10.5.10.215
password = n0neshall
basedn = ou=academics,o=dbu
filter = (uid=%{Stripped-User-Name:-%{User-Name}})
start_tls = no
#default_profile =
cn=radprofile,ou=dialup,o=MyOrg,c=UA
profile_attribute = ou=academics,o=dbu
#access_attr = rADIUSEnableDialAccess
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
#password_header = {clear}
password_attribute = User-Password
#groupname_attribute = cn
#groupmembership_filter =
(|((objectClass=GroupOfNames)(member=%{Ldap-UserDn}))((objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))
#groupmembership_attribute = radiusGroupName
timeout = 10
timelimit = 10
net_timeout = 10
#compare_check_items = yes
#access_attr_used_for_allow = no
}

authorize {

files
ldap

}


# Authentication.
#
authenticate {

authtype pap {
pap
}

ldap

}

users:

DEFAULT Auth-Type := pap
#   Fall-Through = 1

radius debug output:
rad_recv: Access-Request packet from host 10.5.50.115:1645, id=164,
length=126
User-Name = install
Framed-MTU = 1400
Called-Station-Id = 000d.bd43.d9a8
Calling-Station-Id = 0040.9645.c07a
Message-Authenticator = 0x1c8d63f0b65665959e64db7f67bb883c
EAP-Message = 0x0201000c01696e7374616c6c
NAS-Port-Type = Virtual
NAS-Port = 341
NAS-IP-Address = 10.5.50.115
NAS-Identifier = TESTAP1
modcall: entering group authorize
users: Matched DEFAULT at 182
  modcall[authorize]: module files returns ok
rlm_ldap: - authorize
rlm_ldap: performing user authorization for install
radius_xlat:  '(uid=install)'
radius_xlat:  'ou=academics,o=dbu'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=academics,o=dbu, with filter
(uid=install)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user install authorized to use remote access
ldap_release_conn: Release Id: 0
  modcall[authorize]: module ldap returns ok
modcall: group authorize returns ok
  rad_check_password:  Found Auth-Type pap
auth: type PAP
modcall: entering group authtype
rlm_pap: Attribute Password is required for authentication.
  modcall[authenticate]: module pap returns invalid
modcall: group authtype returns invalid
auth: Failed to validate the user.
Login incorrect: [install/no User-Password attribute] (from client
testap1 port 341 cli 0040.9645.c07a)
Delaying request 3 for 1 seconds
Finished request 3
Going to the next request


rick...
Rom.5:8

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Help with ldap and pap

2003-12-08 Thread Alan DeKok 
Rick Whitley [EMAIL PROTECTED] wrote:
 I am running freeradius snapshot 20030922. I need to get pap working
 with ldap. How do I set the password attribute for pap? Where do I look
 in the docs to provide this info? 

  doc/rlm_ldap should be a place to start.

 users:
 
 DEFAULT   Auth-Type := pap

  Don't do that.

 rad_recv: Access-Request packet from host 10.5.50.115:1645, id=164,
 length=126
...
 EAP-Message = 0x0201000c01696e7374616c6c

  EAP messages don't contain PAP passwords.  So setting Auth-Type :=
PAP won't work.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Help with ldap and pap

2003-12-08 Thread Alan DeKok 
arg sent previous message too soon

 modcall: group authorize returns ok
   rad_check_password:  Found Auth-Type pap
 auth: type PAP
 modcall: entering group authtype
 rlm_pap: Attribute Password is required for authentication.
   modcall[authenticate]: module pap returns invalid
 modcall: group authtype returns invalid
 auth: Failed to validate the user.

  See?  That won't work.

  Why don't you try authenticating the user *without* editing the
users file, to see if it works?  Odds are that once you point the
server to an LDAP database, then PAP, EAP, and everything else will
work automatically.

 Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Help with ldap and pap

2003-12-08 Thread Rick Whitley 
Thanks for the info...should I comment out the eap module in radiusd?
Now reading rlm_ldap.


rick...
Rom.5:8

 [EMAIL PROTECTED] 12/08/03 03:18PM 
Rick Whitley [EMAIL PROTECTED] wrote:
 I am running freeradius snapshot 20030922. I need to get pap working
 with ldap. How do I set the password attribute for pap? Where do I
look
 in the docs to provide this info? 

  doc/rlm_ldap should be a place to start.

 users:
 
 DEFAULT   Auth-Type := pap

  Don't do that.

 rad_recv: Access-Request packet from host 10.5.50.115:1645, id=164,
 length=126
...
 EAP-Message = 0x0201000c01696e7374616c6c

  EAP messages don't contain PAP passwords.  So setting Auth-Type :=
PAP won't work.


- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Help with ldap and pap

2003-12-08 Thread Alan DeKok 
Rick Whitley [EMAIL PROTECTED] wrote:
 Thanks for the info...should I comment out the eap module in radiusd?

  Huh?  Can you explain to me why you would think that was necessary?

  Your client is sending EAP packets.  How are you going to
authenticate them, if you don't use the EAP module?

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Help with ldap and pap

2003-12-08 Thread Rick Whitley 
Please forgive my ignorance here. There is much about this I do not
understand. I am using the AlfaAriss client. If it is sending eap
packetts and those packetts do not contain a pap password does that mean
I can't use pap? Should I consider another method?

rick...
Rom.5:8

 [EMAIL PROTECTED] 12/08/03 03:27PM 
Rick Whitley [EMAIL PROTECTED] wrote:
 Thanks for the info...should I comment out the eap module in
radiusd?

  Huh?  Can you explain to me why you would think that was necessary?

  Your client is sending EAP packets.  How are you going to
authenticate them, if you don't use the EAP module?

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Help with ldap and pap

2003-12-08 Thread Alan DeKok 
Rick Whitley [EMAIL PROTECTED] wrote:
 Please forgive my ignorance here. There is much about this I do not
 understand. I am using the AlfaAriss client.

  Please pick a subject, ONE subject, and stick to it.  Also, if
you're not going to answer my questions, there isn't much incentive
for me to help you, is there?

  If it is sending eap packetts and those packetts do not contain a
 pap password does that mean I can't use pap? Should I consider
 another method?

  It means that what I told you was correct.  Now go do as I said, and
stop asking irrelevant questions.  Instead, *educate* yourself as to
what's going on.  Buy the RADIUS book.  Read all of the documentation,
and all of the comments in 'radiusd.conf' before asking more
questions.

  Also, describe *problems*, not *solutions*.  You're stuck on PAP
because you don't know how the server works.  Stop trying to figure
out how to use PAP to solve a problem you don't understand.


  If you configure the LDAP module to pull a password out of an LDAP
database for a user, then almost all of the authentication methods in
the server will work AUTOMATICALLY.

  Alan DeKok.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Please help with ldap problem

2003-12-05 Thread Rick Whitley 
I am running freeradius 20030922 snapshot on RedHat 9.0. I am
authorizing and authenticating via ldap. I seem to be getting authorized
and authenticated but my supplicant continues to try and authenticate.
Below is my debug output. If anyone can see anything unusual please let
me know. Thanks for any help.

rad_recv: Access-Request packet from host 10.5.50.115:1645, id=106,
length=211
User-Name = install
Framed-MTU = 1400
Called-Station-Id = 000d.bd43.d9a8
Calling-Station-Id = 0040.9645.c07a
Message-Authenticator = 0xaba44c3d8a18f7aa63dbf2fe20630dae
EAP-Message =
0x0205004f1580004517030100409dcc64928d8f5ff60c838cef0ac6a057006e51ad920af73b628207daa197dcbdcd1fbd2ea04505100cd5d27cf356a14adb8eb92944976da2adffa2e5623fdea9
NAS-Port-Type = Virtual
NAS-Port = 496
State = 0x0cd1fc1c30ee0fc4a8488e79f6205014
NAS-IP-Address = 10.5.50.115
NAS-Identifier = TESTAP1
modcall: entering group authorize
rlm_ldap: - authorize
rlm_ldap: performing user authorization for install
radius_xlat:  '(uid=install)'
radius_xlat:  'ou=academics,o=dbu'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=academics,o=dbu, with filter
(uid=install)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user install authorized to use remote access
ldap_release_conn: Release Id: 0
  modcall[authorize]: module ldap returns ok
  rlm_eap: EAP packet type response id 5 length 79
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module eap returns updated
modcall: group authorize returns updated
  rad_check_password:  Found Auth-Type LDAP
  rad_check_password:  Found Auth-Type EAP
Warning:  Found 2 auth-types on request for user 'install'
auth: type EAP
modcall: entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP_TYPE - ttls
  rlm_eap: processing type ttls
  rlm_eap_ttls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
  eaptls_process returned 7
  rlm_eap_ttls: Session established.  Proceeding to decode tunneled
attributes.

  TTLS: Got tunneled request
User-Name = install
User-Password = f0ulb3ast
Freeradius-Proxied-To = 127.0.0.1
  TTLS: Sending tunneled request
User-Name = install
User-Password = f0ulb3ast
Freeradius-Proxied-To = 127.0.0.1
modcall: entering group authorize
rlm_ldap: - authorize
rlm_ldap: performing user authorization for install
radius_xlat:  '(uid=install)'
radius_xlat:  'ou=academics,o=dbu'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=academics,o=dbu, with filter
(uid=install)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user install authorized to use remote access
ldap_release_conn: Release Id: 0
  modcall[authorize]: module ldap returns ok
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module eap returns noop
modcall: group authorize returns ok
  rad_check_password:  Found Auth-Type LDAP
auth: type LDAP
modcall: entering group authenticate
rlm_ldap: - authenticate
rlm_ldap: login attempt by install with password f0ulb3ast
rlm_ldap: user DN: cn=install,ou=Academics,o=DBU
rlm_ldap: (re)connect to 10.5.10.215:389, authentication 1
rlm_ldap: bind as cn=install,ou=Academics,o=DBU/f0ulb3ast to
10.5.10.215:389
rlm_ldap: waiting for bind result ...
rlm_ldap: user install authenticated succesfully
  modcall[authenticate]: module ldap returns ok
modcall: group authenticate returns ok
Trying to look up name of unknown client 127.0.0.1.
Login OK: [install/f0ulb3ast] (from client UNKNOWN-CLIENT port 0)
  TTLS: Got tunneled reply RADIUS code 2
  TTLS: Got tunneled Access-Accept
  rlm_eap: Freeing handler
  modcall[authenticate]: module eap returns handled
modcall: group authenticate returns handled
Sending Access-Accept of id 106 to 10.5.50.115:1645
MS-MPPE-Recv-Key =
0xe4bcd7f454abdd128405446d00ebf4127842ccf9716b0ae4ebd5da185ad75c17
MS-MPPE-Send-Key =
0xa847b8c85d1c43f533610ebceef89cbe6c8f1daf24e04dfe6316513047111c6f
EAP-Message = 0x03050004
Message-Authenticator = 0x
User-Name = install
Finished request 23
Going to the next request
Waking up in 1 seconds...


rick...
Rom.5:8

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Help with RLM MYSQL

2003-12-03 Thread Breuer Nicolas - BelCenter.com 

 Hello

 I have a big prob..

 I would like to use the rlm sql mysql module..
 My os is redhat 9 and i can't install and use this module..

 When i do a config , make  make install 
 (in dynamic or static), all module 'll be loaded
 except mysql

rlm_sqlippool: Could not link driver rlm_sql_mysql: file not found
rlm_sqlippool: Make sure it (and all its dependent libraries!) are in 
the search path of your system's ld.

I add my libdir to ld.conf and run ldconfig , same probs.

 Please help me

 Thanks
 Nico

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Help with RLM MYSQL

2003-12-03 Thread Bill Campbell 
On Wed, Dec 03, 2003, Breuer Nicolas - BelCenter.com wrote:

 Hello

 I have a big prob..

 I would like to use the rlm sql mysql module..
 My os is redhat 9 and i can't install and use this module..

I just ran into this last week when building freeradius under the
OpenPKG.org packaging system.

If your mysql headers and libraries aren't in /usr/local/include and
/usr/local/lib or similar standard locations or aren't installed at all,
you probably have to do a couple of things:
standard input:19: warning: macro `..' not defined

  1.  You may need to install the mysql-devel RPM on your RH system if they
  headers and libraries aren't there (I'm not very familiar with RH RPM
  structures, currently using SuSE, formerly Caldera Linux).

  2.  You may have to add a couple of options to your configure:
   ./configure \
  --with-mysql-include-dir=path_to_mysql_headers \
  --with-mysql-lib-dir=path_to_mysql_libraries \
  ...

The base ./configure script doesn't give the options for mysql or
postgresql, and probably some others.  I found them by running
``./configure --help'' in the appropriate directories.

Bill
--
INTERNET:   [EMAIL PROTECTED]  Bill Campbell; Celestial Systems, Inc.
UUCP:   camco!bill  PO Box 820; 6641 E. Mercer Way
FAX:(206) 232-9186  Mercer Island, WA 98040-0820; (206) 236-1676
URL: http://www.celestial.com/

``The who nation is interested that the best use shall be made of these
[new] territories.  We want them for the homes of free white people''
-- Abraham Lincoln, Octobe 16, 1854

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Help with RLM MYSQL

2003-12-03 Thread Patrick de Ruiter 
Hmm,

You probably forgot to install the mysql devel rpm.

Cheers
Patrick

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Breuer
Nicolas - BelCenter.com
Sent: woensdag 3 december 2003 10:55
To: [EMAIL PROTECTED]
Subject: Help with RLM MYSQL



 Hello

 I have a big prob..

 I would like to use the rlm sql mysql module..
 My os is redhat 9 and i can't install and use this module..

 When i do a config , make  make install
 (in dynamic or static), all module 'll be loaded
 except mysql

rlm_sqlippool: Could not link driver rlm_sql_mysql: file not found
rlm_sqlippool: Make sure it (and all its dependent libraries!) are in
the search path of your system's ld.

I add my libdir to ld.conf and run ldconfig , same probs.

 Please help me

 Thanks
 Nico

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

need help

2003-12-02 Thread Freak 
Hello freeradius-users,

  i have mpd+freeradius+mysql
  when i connecting to vpn server i see following messages in radius
  log:
[pptp0] RADIUS: RadiusAccount for: test
[pptp0] RADIUS: using /usr/local/etc/radius.
[pptp0] RADIUS: RadiusAddServer Adding 192.168.100.1
[pptp0] RADIUS: RadiusAccount: Sending accounting data (Type: 2)
[pptp0] RADIUS: RadiusSendRequest: rad_send_request failed No valid RADIUS responses 
received

please   prompt me how i  can solve this problem

-- 
Best regards,
 Sergey aka Freak  


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Help with EAP/TLS config

2003-12-01 Thread Alan DeKok 
John Furman [EMAIL PROTECTED] wrote:
 I am wondering if anyone has some pointers on how I should proceed from
 here.  I am at a loss as to why this isn't working.  Output and version
 info below.

  I'd say you're using an older version of the server.  Upgrate to
0.9.3, or the CVS snapshot.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

I need help

2003-11-26 Thread Jason Tres 
I am a microsoft guy who is trying to learn linux, because I have to i
freeradius on it. can anyone help me get started in the right direction.
Any help is appreciated

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: I need help

2003-11-26 Thread Josh Howlett 
Buy the O'Reilly RADIUS book.

josh.

On Wed, 2003-11-26 at 16:57, Jason Tres wrote:
 I am a microsoft guy who is trying to learn linux, because I have to i
 freeradius on it. can anyone help me get started in the right direction.
 Any help is appreciated
 
 - 
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- 
---
Josh Howlett, Networking  Digital Communications,
Information Systems  Computing, University of Bristol, U.K.
'phone: 0117 928 7850 email: [EMAIL PROTECTED]



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Help with EAP/TLS config

2003-11-26 Thread John Furman 
I am new to FreeRadius and 802.1x.  I have had dealings with Livingston
v1.xx  v2.xx years ago in my days with an ISP.

I am wondering if anyone has some pointers on how I should proceed from
here.  I am at a loss as to why this isn't working.  Output and version
info below.

The intent of the configuration is toward EAP/TLS...


Thank you.



Versions:
freeradius-0.9.3 [RHL 7.3]
openssl-0.9.7c

Client:  Odyssey v2.22.00.516 [Win 2000Pro]
AP:SMC2804WBR Barricade



+ LD_LIBRARY_PATH=/usr/local/ssl/lib
+ LD_PRELOAD=/usr/local/ssl/lib/libcrypto.so
+ export LD_LIBRARY_PATH
+ export LD_PRELOAD
+ /usr/local/sbin/radiusd -X -A
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = /usr/local
main: localstatedir = /var
main: logdir = /var/log/radius
main: libdir = /usr/local/lib
main: radacctdir = /var/log/radius/radacct
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = /var/log/radius/radius.log
main: log_auth = yes
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = /var/run/radiusd/radiusd.pid
main: bind_address = 172.28.1.1 IP address [172.28.1.1]
main: user = (null)
main: group = (null)
main: usercollide = no
main: lower_user = no
main: lower_pass = no
main: nospace_user = no
main: nospace_pass = no
main: checkrad = /usr/local/sbin/checkrad
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
Using deprecated clients file. Support for this will go away soon.
read_config_files: reading realms
Using deprecated realms file. Support for this will go away soon.
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded expr 
Module: Instantiated expr (expr) 
Module: Loaded System 
unix: cache = no
unix: passwd = (null)
unix: shadow = (null)
unix: group = (null)
unix: radwtmp = /var/log/radius/radwtmp
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix) 
Module: Loaded eap 
eap: default_eap_type = tls
eap: timer_expire = 60
rlm_eap: Loaded and initialized the type leap
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = (null)
tls: pem_file_type = yes
tls: private_key_file = /etc/1x/gandalf-wl.pem
tls: certificate_file = /etc/1x/gandalf-wl.pem
tls: CA_file = /etc/1x/root.pem
tls: private_key_password = whatever
tls: dh_file = /etc/1x/DH
tls: random_file = /etc/1x/random
tls: fragment_size = 512
tls: include_length = yes
rlm_eap_tls: conf N ctx stored 
rlm_eap: Loaded and initialized the type tls
Module: Instantiated eap (eap) 
Module: Loaded preprocess 
preprocess: huntgroups = /etc/raddb/huntgroups
preprocess: hints = /etc/raddb/hints
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess) 
Module: Loaded realm 
realm: format = suffix
realm: delimiter = @
Module: Instantiated realm (suffix) 
Module: Loaded files 
files: usersfile = /etc/raddb/users
files: acctusersfile = /etc/raddb/acct_users
files: preproxy_usersfile = /etc/raddb/preproxy_users
files: compat = no
Module: Instantiated files (files) 
Module: Loaded Acct-Unique-Session-Id 
acct_unique: key = User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port-Id
Module: Instantiated acct_unique (acct_unique) 
Module: Loaded detail 
detail: detailfile =
/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail) 
Module: Loaded radutmp 
radutmp: filename = /var/log/radius/radutmp
radutmp: username = %{User-Name}
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp) 
Listening on IP address 172.28.1.1, ports 1812/udp and 1813/udp, with
proxy on 1814/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 172.28.1.2:32801, id=3,
length=150
User-Name = jfurman
NAS-IP-Address = 172.28.1.2
Called-Station-Id =

help me with cisco_pix525,freeradius and openldap?

2003-11-26 Thread jiang chong 
hi,
  all,i am new to this list and freeradius.my environment is blow list:
a cisco pix525 run as vpn.
vpn authentication uses freeradius0.9.3 inside.the database of backend is 
OPENLDAP.
who has such a solution? help me!!!help me!!!
thank in advance
regards,
  jiang

_
 MSN Messenger:  http://messenger.msn.com/cn  

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Foundry command authorization help

2003-11-21 Thread Kaczmarek, Thaddeus 
Title: Foundry command authorization help





I am having some issues with command authorization. Foundry has a
Foundry-Command-String attribute and suspect I am just a chucklehead :-)


Syntax should be 


Foundry-Command-String = configure terminal,
Foundry-Command-String = int ethernet 20,
Foundry-Command-String = speed-duplex *,


or
Foundry-Command-String = configure terminal, int ethernet 20,
speed-duplex *,


I have tried both but am suspecting that Foundry does not support what I
think they do :-)


They have authorization levels 0,4 and 5. But in the cli you can only
enter one. I am used to Cisco where you can have multiple ones hence my
despair.



If anyone has been here before any tips would be greatly appreciated.


Ted



DISCLAIMER
e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me and permanently delete the original and any copy of any e-mail and any printout thereof.

E-mail transmission cannot be guaranteed to be secure or error-free. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission.

REGARDING PRIVACY AND CONFIDENTIALITY
Crown Financial Group may, at its discretion, monitor and review the content of all e-mail communications.

Re: Foundry command authorization help

2003-11-21 Thread Dave Mussulman 
 From: Kaczmarek, Thaddeus [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Subject: Foundry command authorization help
 Date: Fri, 21 Nov 2003 11:21:00 -0500
 Reply-To: [EMAIL PROTECTED]
 
 This message is in MIME format. Since your mail reader does not understand
 this format, some or all of this message may not be legible.
 
 --_=_NextPart_001_01C3B04B.734D7E00
 Content-Type: text/plain
 
 I am having some issues with command authorization. Foundry has a
 Foundry-Command-String attribute and suspect I am just a chucklehead :-)
 
 Syntax should be 
 
 Foundry-Command-String = configure terminal,
 Foundry-Command-String = int ethernet 20,
 Foundry-Command-String = speed-duplex *,
 
 or
 Foundry-Command-String = configure terminal, int ethernet 20,
 speed-duplex *,
 
 I have tried both but am suspecting that Foundry does not support what I
 think they do :-)
 
 They have authorization levels 0,4 and 5. But in the cli you can only
 enter one. I am used to Cisco where you can have multiple ones hence my
 despair.

First, the Foundry dictionary file that comes with FreeRADIUS doesn't
have those attributes, so you'll need to edit it.  What you need to add
is pretty straightforward in Foundry's docs.  (I'll submit my dictionary
file to the project when I'm sure it's got everything; I just added some
stuff for their management software yesterday.)

Second, you'll need to give the user the appropriate priviledge level,
and use the command-exception-flag VSA to tell it to only allow those
commands.  And then, list all the commands comma-separated in the
foundry-command-string attribute.  What's below works for me:

maint   Crypt-Password == junk
foundry-privilege-level = 0,
foundry-command-string = copy running-config *; enable,
foundry-command-exception-flag = 0

This is with a FastIron 1500 running 07.6.03hT51.

Good luck,
Dave

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Foundry command authorization help

2003-11-21 Thread Chris Parker 
At 11:23 AM 11/21/2003, Dave Mussulman wrote:

First, the Foundry dictionary file that comes with FreeRADIUS doesn't
have those attributes, so you'll need to edit it.  What you need to add
is pretty straightforward in Foundry's docs.  (I'll submit my dictionary
file to the project when I'm sure it's got everything; I just added some
stuff for their management software yesterday.)
Patch please?  Or list of the AV's?  If no one reports it, it won't get
included in later versions either.
-Chris
--
   \\\|||///  \  StarNet Inc.  \ Chris Parker
   \ ~   ~ /   \   WX *is* Wireless!\   Director, Engineering
   | @   @ |\   http://www.starnetwx.net \  (847) 963-0116
oOo---(_)---oOo--\--
  \ Wholesale Internet Services - http://www.megapop.net


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Foundry command authorization help

2003-11-21 Thread Kaczmarek, Thaddeus 
Title: Re: Foundry command authorization help





They came with both versions I have tried, 0.91 and 0.93.
They were in /usr/share/freeradius folder.


Ted
On Fri, 2003-11-21 at 12:43, Chris Parker wrote:
 At 11:23 AM 11/21/2003, Dave Mussulman wrote:
 
 First, the Foundry dictionary file that comes with FreeRADIUS doesn't
 have those attributes, so you'll need to edit it. What you need to add
 is pretty straightforward in Foundry's docs. (I'll submit my dictionary
 file to the project when I'm sure it's got everything; I just added some
 stuff for their management software yesterday.)
 
 Patch please? Or list of the AV's? If no one reports it, it won't get
 included in later versions either.
 
 -Chris
 --
 \\\|||/// \ StarNet Inc. \ Chris Parker
 \ ~ ~ / \ WX *is* Wireless! \ Director, Engineering
 | @ @ | \ http://www.starnetwx.net \ (847) 963-0116
 oOo---(_)---oOo--\--
 \ Wholesale Internet Services - http://www.megapop.net
 
DISCLAIMER
e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me and permanently delete the original and any copy of any e-mail and any printout thereof.

E-mail transmission cannot be guaranteed to be secure or error-free. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission.

REGARDING PRIVACY AND CONFIDENTIALITY
Crown Financial Group may, at its discretion, monitor and review the content of all e-mail communications.

Re: Quintum Help

2003-11-16 Thread Amgaabaatar Purevjal 
Thanks 
The reason I edit dictionary files. I've got following error messages when I start radiusd

files: compat = "no"/etc/raddb/users[3]: Parse error (reply) for entry 12345: Unknown attribute Quintum-h323-credit-ammountErrors reading /etc/raddb/usersradiusd.conf[921]: files: Module instantiation failed.

My users file has onlu following entries

12345 User-Password = "12345" Quintum-h323-return-code = "h323-return-code=0", Quintum-h323-credit-ammount = "h323-credit-ammount=100", Quintum-h323-return-code = "h323-return-code=0", Quintum-h323-credit-time = "h323-credit-time=200",
I've tried without Quintum too. then I' ve got

Module: Loaded preprocessModule: Instantiated preprocess (preprocess)Module: Loaded realmModule: Instantiated realm (suffix)Module: Loaded files/etc/raddb/users[3]: Parse error (reply) for entry 12345: Unknown attribute h323-credit-ammountErrors reading /etc/raddb/usersradiusd.conf[921]: files: Module instantiation failed.

Alan DeKok [EMAIL PROTECTED] wrote:
Amgaabaatar Purevjal <[EMAIL PROTECTED]>wrote: Could you help me to configure freeradius for quintum . I installed radius. But itis rejecting users... rad_recv: Access-Request packet from host 192.168.1.10:24579, id=34, length=157 Attr-4 = 0xc0a8010a Attr-1 = 0x3132333435I am absolutely amazed at the effort you've put into destroying thedefault configuration of the server. You've done a lot of work tomake sure that the server won't be able to do anything.I have no idea why you've done this. The only answer I can give toyour problem is to use the server as it is installed. Don't breakit. Don't edit the dictionary files.Alan DeKok.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Quintum Help

2003-11-16 Thread Amgaabaatar Purevjal 
Never mind
I found the error. It was typo that I put ammount instead of amount
Thanks a lot
Please ignore prevouis reply Alan DeKok [EMAIL PROTECTED] wrote:
Amgaabaatar Purevjal <[EMAIL PROTECTED]>wrote: Could you help me to configure freeradius for quintum . I installed radius. But itis rejecting users... rad_recv: Access-Request packet from host 192.168.1.10:24579, id=34, length=157 Attr-4 = 0xc0a8010a Attr-1 = 0x3132333435I am absolutely amazed at the effort you've put into destroying thedefault configuration of the server. You've done a lot of work tomake sure that the server won't be able to do anything.I have no idea why you've done this. The only answer I can give toyour problem is to use the server as it is installed. Don't breakit. Don't edit the dictionary files.Alan DeKok.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Quintum Help

2003-11-15 Thread Alan DeKok 
Amgaabaatar Purevjal [EMAIL PROTECTED] wrote:
 Could you help me to configure freeradius for quintum . I installed
 radius. But itis rejecting users
...
 rad_recv: Access-Request packet from host 192.168.1.10:24579, id=34, length=157
 Attr-4 = 0xc0a8010a
 Attr-1 = 0x3132333435

  I am absolutely amazed at the effort you've put into destroying the
default configuration of the server.  You've done a lot of work to
make sure that the server won't be able to do anything.

  I have no idea why you've done this.  The only answer I can give to
your problem is to use the server as it is installed.  Don't break
it.  Don't edit the dictionary files.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Quintum Help

2003-11-14 Thread Amgaabaatar Purevjal 
Could you help me to configure freeradius for quintum . I installed radius. But itis rejecting users
Thank You

Here is my Quintum and Radius logs
RADIUS : 565661:RadiusRequest: Sending Access-Request MsgId=24 to 192.168.1.3,port 1812, Descriptor 3RADIUS : 566160:RadiusResponse: Received response, length=20, id=24, type=3RADIUS : 566160:RadiusSocket: Received ACCESS REJECT RESPONSERADIUS : 566160:RadiusResponse: Created response object 0XB05E84RADIUS : 566160:RadiusSocket: Sent ProcessAccessReject iucaCallBackSendRADIUS : 566160:RadiusHandler: Received iucaCallBackSend Access-RejectRADIUS : 566160:RadiusRequest: Client Process Marked Object=0XBBB204 MsgId=24for DeletionRADIUS : 566160:RadiusRequest: Radius Process Deleted Object=0XBBB204, MsgId=24RADIUS : 566160:RadiusRequest: destroying request object 0XBBB204RADIUS : 566160:RadiusResponse: destroying response object 0XB05E84RADIUS : 566790:RadiusRequest: Created request object
 0XD34404

And Radius Log

rad_recv: Access-Request packet from host 192.168.1.10:24579, id=34, length=157 Attr-4 = 0xc0a8010a Attr-1 = 0x3132333435 Attr-2 = 0x3132333435 Attr-61 = 0x Attr-31 = 0x36333037373635343634 Quintum-h323-conf-id = "h323-conf-id=33666235 36646263 31310030 003100FF" Quintum-AVPair = "h323-ivr-out=ACCESSCODE:"auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the userauth: Failed to validate the user.Login incorrect: [12345/12345] (from client quintum port 0 cli 6307765464)Delaying request 4 for 1 seconds

Help Reqd for X9.9

2003-11-05 Thread Badrinath Mohan 
Hi Guys
I am sorry if this is a duplicate post.I am a total
newbie to this group and this is my first post.I want
to make a x9.9 authentication.  I jsut compiled the
crcalc.c and executed it but it asks me the DES key. I
have secure computing safeword tokens and how i can
get the DES key associated with that token. I got one
file import0.dat while programming the token and have
a parameter called Token key in that. But its only 7
bytes and i know that traditional DES key len is 8
bytes. I know that i am doin some thing wrong here and
would appreciate any help from you  guys.

Waiting for ur reply
Thanks and Regards
Badrinath Mohan


--- Dustin Doris [EMAIL PROTECTED] wrote:
 
 
 On Tue, 4 Nov 2003, Sumner, Rob wrote:
 
  The FTP server is setup us the Linux pure-ftpd
 software.
 
 
 
 Check out proftpd.  They have a radius module that
 works great.
 
 www.proftpd.org for the server.

http://www.castaglia.org/proftpd/modules/mod_radius.html
 is documentation
 on the module.
 
 -Dustin Doris
 
 - 
 List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


__
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Help!

2003-11-02 Thread Åíΰ 
Hi,
When I'm compling radiusd-02.28.02,the following errors occur:
rlm_dbm_parser.o: In function `open_storage':
/usr/src/802/radius/radiusd/src/modules/rlm_dbm/rlm_dbm_parser.c:101:
undefined reference to `dbm_open'
rlm_dbm_parser.o: In function `close_storage':
/usr/src/802/radius/radiusd/src/modules/rlm_dbm/rlm_dbm_parser.c:109:
undefined reference to `dbm_close'
rlm_dbm_parser.o: In function `storecontent':
/usr/src/802/radius/radiusd/src/modules/rlm_dbm/rlm_dbm_parser.c:163:
undefined reference to `dbm_store'
/usr/src/802/radius/radiusd/src/modules/rlm_dbm/rlm_dbm_parser.c:168:
undefined reference to `dbm_store'
collect2: ld returned 1 exit status
make: *** [rlm_dbm_parser] Erreur 1
end complied-

Can anyone help me and tell me how to resolve it?
Thanks a lot!

Regards,
davy

Network Information Center
East China Normal University
Shanghai In China



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Help!

2003-11-02 Thread Alan DeKok 
Åíΰ [EMAIL PROTECTED] wrote:
 When I'm compling radiusd-02.28.02,the following errors occur:
 rlm_dbm_parser.o: In function `open_storage':
 /usr/src/802/radius/radiusd/src/modules/rlm_dbm/rlm_dbm_parser.c:101:
 undefined reference to `dbm_open'

  If you're not using rlm_dbm, simply delete that directory.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: dialup-admin / new help-pages

2003-11-01 Thread Kostas Kalevras 
On Thu, 30 Oct 2003, Ulrich Walcher wrote:

 HI,

 I have done some additions to user_edit.attrs and some help pages...

 They're all on http://www.walcher.co.at/fr/

Added, thanks a lot


 Greets,
 Uli


--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Dialup_Admin Help

2003-11-01 Thread Wayne T Work 
Title: Message



I have set up 
Dialup_Admin with Apache 2, MySQL 4, php and Redhat 9. I have set the 
permissions to the DB in the admin.conf file but the web server refuses to 
connect to the DB both remotely and Locally.

Any 
ideas???

Wayne T Work, 
Sr.CISSPwww.securitygauntlet.comwww.hipaact.com

dialup-admin / new help-pages

2003-10-30 Thread Ulrich Walcher 
HI,

I have done some additions to user_edit.attrs and some help pages...

They're all on http://www.walcher.co.at/fr/ 

Greets,
Uli


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

freeradius set up help needed

2003-10-29 Thread Ravi Kiran 
Hello Gurus,
Iam a Research Assistant at George Mason University trying to set up freeradius server for cisco aironet 1200 APs (MAC based auth). Though I have been googling for almost 3 days I dont get the big picture. Its been hard to find documentation or configuration steps. Iam to install freeradius on RedHat Linux 9.0 that authenticates clients coming through cisco aironet 1200 APs. I have no clue what is to be done(totally confused). I would appreciate if anybody could run me through the process of getting this working/any extensive doc will be an added benifit.

Thanking you all in anticipation,

Ravi Kiran Bhaskar
Do you Yahoo!?
Exclusive Video Premiere - Britney Spears

freeradius snap version doesn't compile..any help?

2003-10-29 Thread hulusi onder 
hi everybody ;
i ma trying to follow the guide EAP/TLS HOWTO guide
(http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm)
.througout this guide i made the first changes to the
src/modules/rlm_eap/types/rlm_eap_tls/Makefile.

however the make command didn't work as expected, it
is giving two errors and quit. could you please give
an hand to me about this problem. here is the log of
the error. 
the openssl is the snapshot version. i had once beat
this problem by skipping the mppe_keys.c in the
preceding make file.  but that might be the reason of
the next problems that i had encountered. 
...
...
/usr/local/openssl/include/openssl/ssl.h:349: warning:
function declaration isn't a prototype
/usr/local/openssl/include/openssl/ssl.h:350: warning:
function declaration isn't a prototype
/usr/local/openssl/include/openssl/ssl.h:351: warning:
function declaration isn't a prototype
/usr/local/openssl/include/openssl/ssl.h:610: warning:
function declaration isn't a prototype
/usr/local/openssl/include/openssl/ssl.h:758: warning:
function declaration isn't a prototype
In file included from rlm_eap_tls.h:61,
 from eap_tls.h:26,
 from mppe_keys.c:25:
/usr/local/openssl/include/openssl/ssl.h:1235:
warning: function declaration isn't a prototype
/usr/local/openssl/include/openssl/ssl.h:1271:
warning: function declaration isn't a prototype
/usr/local/openssl/include/openssl/ssl.h:1273:
warning: function declaration isn't a prototype
mppe_keys.c: In function `P_hash':
mppe_keys.c:61: too many arguments to function
`HMAC_Init_ex'
mppe_keys.c:62: too many arguments to function
`HMAC_Init_ex'
mppe_keys.c:84: too many arguments to function
`HMAC_Init_ex'
mppe_keys.c:89: too many arguments to function
`HMAC_Init_ex'
gmake[10]: *** [mppe_keys.o] Error 1
gmake[10]: Leaving directory
`/root/download/freeradius-snapshot-20031029/src/modules/rlm_eap/types/rlm_eap_tls'
gmake[9]: *** [common] Error 1
gmake[9]: Leaving directory
`/root/download/freeradius-snapshot-20031029/src/modules/rlm_eap/types'
gmake[8]: *** [static] Error 2
gmake[8]: Leaving directory
`/root/download/freeradius-snapshot-20031029/src/modules/rlm_eap/types'
gmake[7]: *** [common] Error 1
gmake[7]: Leaving directory
`/root/download/freeradius-snapshot-20031029/src/modules/rlm_eap'
gmake[6]: *** [static] Error 2
gmake[6]: Leaving directory
`/root/download/freeradius-snapshot-20031029/src/modules/rlm_eap'
gmake[5]: *** [common] Error 1
gmake[5]: Leaving directory
`/root/download/freeradius-snapshot-20031029/src/modules'
gmake[4]: *** [all] Error 2
gmake[4]: Leaving directory
`/root/download/freeradius-snapshot-20031029/src/modules'
gmake[3]: *** [common] Error 1
gmake[3]: Leaving directory
`/root/download/freeradius-snapshot-20031029/src'
gmake[2]: *** [all] Error 2
gmake[2]: Leaving directory
`/root/download/freeradius-snapshot-20031029/src'
gmake[1]: *** [common] Error 1
gmake[1]: Leaving directory
`/root/download/freeradius-snapshot-20031029'
make: *** [all] Error 2


__
Do you Yahoo!?
Exclusive Video Premiere - Britney Spears
http://launch.yahoo.com/promos/britneyspears/

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

proxy help question

2003-10-24 Thread CW 

(B
(B
(BIs it possible to haveONE radius 
(Bserver query TWO databases in the same server for requests for different 
(Brealms?
(B
(BFor example if I hadtwo 
(Brealms
(B
(B
(Bdialup.someisp.net
(Badsl.someisp.net
(B
(Band both realms came into the same radius 
(Bserver, and I had two mysql databases with two different customer bases 
(Bfortwo differnt services.(dialup and adsl)
(B
(BIs it possible for me to instruct the 
(Bradius server toquery different databases for different 
(Bdomains?
(B
(B
(BCheers,Craig 
(B

Re: proxy help question

2003-10-24 Thread Dustin Doris 


On Fri, 24 Oct 2003, CW wrote:

 Is it possible to have ONE radius server query TWO databases in the same
 server for requests for different realms?

 For example if I had two realms


 dialup.someisp.net
 adsl.someisp.net

 and both realms came into the same radius server, and I had two mysql
 databases with two different customer bases for two differnt services.
 (dialup and adsl)

 Is it possible for me to instruct the radius server to query different
 databases for different domains?


 Cheers,
 Craig


Sure thing, just check out doc/Autz-Type



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Help on FreeBSD.

2003-10-16 Thread Roger Cates 
We are trying to set up FreeRadius on a FreeBSD 4.8 system. For some
reason it won't compile. It complained about not having gnu make, so I
downloaded, compiled and installed gnu make and it still says it can't
find it.

Are there any switches or flags I need to adjust?

We would even be willing to pay someone to install and configure it for
us correctly.

Let us know.

-
Sincerely,
 
Roger Cates, CCNA
Vice President  Chief Technical Officer
Xpower Internet, LLC
Xpowerhosting.com | Xpoweronline.com 
Xpowernet.com | Aerotouch.net
P 888.245.7501 | F 270.338.4602
Internet to the power of X.
 




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Help on FreBSD

2003-10-16 Thread apellido jr., wilfredo p 
try to install gmake using port:

cd /usr/port/dev/gmake

make install clean

=
[ apellido jr., wilfredo p. ]
+63 034 4880-449

If you can't hear me, it's because i'm in parentheses.

__
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Help on FreeBSD.

2003-10-16 Thread Sancho2k.net Lists 
Roger Cates wrote:

We are trying to set up FreeRadius on a FreeBSD 4.8 system. For some
reason it won't compile. It complained about not having gnu make, so I
downloaded, compiled and installed gnu make and it still says it can't
find it.
Are there any switches or flags I need to adjust?
Once you've installed gmake from ports, run 'gmake' instead of 'make' 
during your installation.

DS

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: can u help me?

2003-09-18 Thread Oliver Graf 
On Thu, Sep 18, 2003 at 09:27:14AM +0800, ???} wrote:
 Hi jeffery :
 
  i am try to cross compile freeradius on a arm platform, but i have many strange 
 problems.
 
  can u tell me how to cross compile freeradius on a mips platform?

You want to crosscompile a arm freeradius on a mips platform? Or the
other way around? Or one each?

What OS you are running on those platforms?

Do you have some of those strange errors for us?

Oliver.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

help

2003-09-18 Thread arniel 

  Hi all !

 Can anyone tell me how to make EAP-TLS and PAM work together? or EAP-TLS
and
 a Windows Active Directory work together?

 I want my Users to authenticate based on the /etc/passwd of my linux box..
or users in my active
 directory? aside from the whatever shared secret authentication and
certificate..

Any advice??


 thanks...

 arniel



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: help

2003-09-18 Thread Alan DeKok 
arniel [EMAIL PROTECTED] wrote:
  Can anyone tell me how to make EAP-TLS and PAM work together? or
 EAP-TLS and a Windows Active Directory work together?

  You can't.  They're not designed to work together.

  I want my Users to authenticate based on the /etc/passwd of my
 linux box..  or users in my active directory? aside from the
 whatever shared secret authentication and certificate..

  Use EAP-TTLS, and require a client-side certificate.

  EAP-TLS authenticates anyone who has a client certificate which has
been signed by the root certificate.  No password is required, and no
password will ever be supplied.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

can u help me?

2003-09-17 Thread 



Hi jeffery :

 i am try to cross compile 
freeradius on a arm platform, but i have many strange problems.

 can u tell me how to cross 
compile freeradius on a mips platform?

 thank you very 
much

leo

Re: POSTGRESQL + FREERADIUS 0.9.1 configuration help

2003-09-16 Thread boggss 
guy, my reason of using fr 0.9.1 for pgsql 7.3.2 is that pgsql has
triggers and functions that i am using on. i am implementing a lot of
stored procedures on it. can you send me the config files of fr + pgsql?
i'll be delighted to study it.
thanksHiIdidhave0.8.1workingasatest,butlatelastweekIdecidedtoupgradeto0.9.1beforemodifyingdial-admintoworkwithPostgreSQL.Havingrunintoaproblemporting0.9.1toFreeBSDInolongerhaveafunctionalexampletoshowyou.UnlessyouhaveaspecificreasontousePostgreSQL,youareprobablybetteroffusingMySQL.ItappearsasthoughPostgreSQLisbarelysupported.Thesetupin0.9.1ismuchbetter,butthereisnosetupfordialup-admin,andIamnotsureifthereissetupinformationforsql_counterbecauseIhavenotlookedatityet.Iamstillusingcistron1.6.6thatIpatchedtoaccounttoPostgreSQL,anduntilIamsatisfiedwithPostgreSQLfunctionsinFreeRadiusIwillbetestingandhopefullyprovidingpatchesandsuggestingfixesfortheimplementationofPostgreSQL.[EMAIL PROTECTED]wrote:ididthatalready.itstillwont...doyouhaveworkingconfigs?alaboutFRandPGSQLMakesuretheuseryouhavesetuptoaccessthedatabasehasinsertandupdatepermissionsfortheradaccttable.-Listinfo/subscribe/unsubscribe?Seehttp://www.freeradius.org/list/users.html


  

-
Bringing First World Technology Closer to You.
http://www.1asialink.com
  


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: POSTGRESQL + FREERADIUS 0.9.1 configuration help

2003-09-15 Thread Guy Fraser 
, AcctTerminateCause, ServiceType, FramedProtocol,
FramedIPAddress, AcctStartDelay, AcctStopDelay) values('2836',
'3879d6b9c94adcc6', 'boggss', '', '10.10.80.23', '', '', '2003-09-11
00:12:19', '-1', '', '', '', '0', '0', '', '', '', '', '', '', '', '0')
rlm_sql_postgresql: Status: PGRES_FATAL_ERROR
rlm_sql_postgresql: affected rows =
rlm_sql_postgresql: Postgresql check_error: PGRES_FATAL_ERROR, returning
SQL_DOWN
rlm_sql (sql): Attempting to connect rlm_sql_postgresql #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql_postgresql: query: INSERT into radacct (AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,
AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start,
ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId,
CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol,
FramedIPAddress, AcctStartDelay, AcctStopDelay) values('2836',
'3879d6b9c94adcc6', 'boggss', '', '10.10.80.23', '', '', '2003-09-11
00:12:19', '-1', '', '', '', '0', '0', '', '', '', '', '', '', '', '0')
rlm_sql_postgresql: Status: PGRES_FATAL_ERROR
rlm_sql_postgresql: affected rows =
rlm_sql_postgresql: Postgresql check_error: PGRES_FATAL_ERROR, returning
SQL_DOWN
rlm_sql (sql): failed after re-connect
rlm_sql (sql): Couldn't update SQL accounting for START packet - ERROR: 
pg_atoi: zero-length string
radius_xlat:  'UPDATE radacct SET AcctStartTime = '2003-09-11 00:12:19',
AcctStartDelay = '', ConnectInfo_start = '' WHERE AcctSessionId = '2836'
AND UserName = 'boggss' AND NASIPAddress = '10.10.80.23''
radius_xlat:  '/usr/local/var/log/radius/sqltrace.sql'
rlm_sql_postgresql: query: UPDATE radacct SET AcctStartTime = '2003-09-11
00:12:19', AcctStartDelay = '', ConnectInfo_start = '' WHERE AcctSessionId
= '2836' AND UserName = 'boggss' AND NASIPAddress = '10.10.80.23'
rlm_sql_postgresql: Status: PGRES_FATAL_ERROR
rlm_sql_postgresql: affected rows =
rlm_sql_postgresql: Postgresql check_error: PGRES_FATAL_ERROR, returning
SQL_DOWN
rlm_sql (sql): Attempting to connect rlm_sql_postgresql #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql_postgresql: query: UPDATE radacct SET AcctStartTime = '2003-09-11
00:12:19', AcctStartDelay = '', ConnectInfo_start = '' WHERE AcctSessionId
= '2836' AND UserName = 'boggss' AND NASIPAddress = '10.10.80.23'
rlm_sql_postgresql: Status: PGRES_FATAL_ERROR
rlm_sql_postgresql: affected rows =
rlm_sql_postgresql: Postgresql check_error: PGRES_FATAL_ERROR, returning
SQL_DOWN
rlm_sql (sql): failed after re-connect
rlm_sql (sql): Couldn't update SQLaccounting START record - ERROR:  Bad
int8 external representation 
rlm_sql (sql): Released sql socket id: 3
 modcall[accounting]: module sql returns fail
modcall: group accounting returns fail
Finished request 1
Going to the next request
--- Walking the entire request list ---
Cleaning up request 1 ID 8 with timestamp 3f5f4d63
Nothing to do.  Sleeping until we see a request.





- what will i do list?.. looking forward of your
best help for this...
thanks,
francis ted a. seguerra
Groots NetQuest - 1Asialink
www.1asialink.com
brbr
table border=0 width=100% height=9
 tr
   td width=100% height=9
   font face=Arial 
color=#006600-br
   iBringing First World Technology Closer to You./ibr
   bhttp://www.1asialink.com/b/font/td
 /tr
/table
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

 

--
Guy Fraser
Network Administrator
The Internet Centre
780-450-6787 , 1-888-450-6787
There is a fine line between genius and lunacy, fear not, walk the
line with pride. Not all things will end up as you wanted, but you
will certainly discover things the meek and timid will miss out on.




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: POSTGRESQL + FREERADIUS 0.9.1 configuration help

2003-09-15 Thread boggss 
i have done that already... it has all the rights for the db...but still
it insert any to the
radacct.?Makesuretheuseryouhavesetuptoaccessthedatabasehasinsertandupdatepermissionsfortheradaccttable.[EMAIL PROTECTED]wrote:hilist,gooddaytoall...ihavesetupmypostgresql7.3.2andfreeradius0.9.1onafreebsd4.8machine.ihavesuccessfullysetupthepostgresqlandfreeradiustosupportdialupservices.itriedtotesttheoriginalconfigurationoffreeradius0.9.1usingntradping..iwasabletoauthenticatetheusersbutitseemstohavefailureonaccountingofusers.thepostgresqlreturnsnoresultofradacctafteritriedaccountingstart.theerrorsays:(radiusd-x-x)Starting-readingconfigurationfiles...reread_config:
readingradiusd.confConfig:
includingfile:/usr/local/etc/raddb/proxy.confConfig:
includingfile:/usr/local/etc/raddb/clients.confConfig:
includingfile:/usr/local/etc/raddb/snmp.confConfig:
includingfile:/usr/local/etc/raddb/sql.confmain:prefix="/usr/local"main:localstatedir="/usr/local/var"main:logdir="/usr/local/var/log/radius"main:libdir="/usr/local/lib"main:radacctdir="/usr/local/var/log/radius/radacct"main:hostname_lookups=nomain:max_request_time=30main:cleanup_delay=5main:max_requests=1024main:delete_blocked_requests=0main:port=0main:allow_core_dumps=nomain:log_stripped_names=nomain:log_file="/usr/local/var/log/radius/radius.log"main:log_auth=nomain:log_auth_badpass=nomain:log_auth_goodpass=nomain:pidfile="/usr/local/var/run/radiusd/radiusd.pid"main:user="radius"main:group="radius"main:usercollide=nomain:lower_user="no"main:lower_pass="no"main:nospace_user="no"main:nospace_pass="no"main:checkrad="/usr/local/sbin/checkrad"main:proxy_requests=yesproxy:retry_delay=5proxy:retry_count=3proxy:synchronous=noproxy:default_fallback=yesproxy:dead_time=120proxy:post_proxy_authorize=yesproxy:wake_all_if_all_dead=nosecurity:max_attributes=200security:reject_delay=1security:status_server=nomain:debug_level=0read_config_files:
readingdictionaryread_config_files:
readingnaslistUsingdeprecatednaslistfile.
Supportforthiswillgoawaysoon.read_config_files:
readingclientsUsingdeprecatedclientsfile.
Supportforthiswillgoawaysoon.read_config_files:
readingrealmsUsingdeprecatedrealmsfile.
Supportforthiswillgoawaysoon.radiusd:

Re: POSTGRESQL + FREERADIUS 0.9.1 configuration help

2003-09-15 Thread Guy Fraser 
Hi

I did have 0.8.1 working as a test, but late last week I decided to 
upgrade to 0.9.1
before modifying dial-admin to work with PostgreSQL. Having run into a 
problem
porting 0.9.1 to FreeBSD I no longer have a functional example to show you.

Unless you have a specific reason to use PostgreSQL, you are probably 
better off
using MySQL. It appears as though PostgreSQL is barely supported. The setup
in 0.9.1 is much better, but there is no setup for dialup-admin, and I 
am not sure if
there is setup information for sql_counter because I have not looked at 
it yet.

I am still using cistron 1.6.6 that I patched to account to PostgreSQL, 
and until I am
satisfied with PostgreSQL functions in FreeRadius I will be testing and 
hopefully
providing patches and suggesting fixes for the implementation of PostgreSQL.

[EMAIL PROTECTED] wrote:

i did that already.it still wont...

do you have working configs?al about FR and PGSQL

 Make sure the user you have setup to access the database has insert and
 update permissions
 for the radacct table.
 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

POSTGRESQL + FREERADIUS 0.9.1 configuration help

2003-09-13 Thread boggss 
, ServiceType, FramedProtocol,
FramedIPAddress, AcctStartDelay, AcctStopDelay) values('2836',
'3879d6b9c94adcc6', 'boggss', '', '10.10.80.23', '', '', '2003-09-11
00:12:19', '-1', '', '', '', '0', '0', '', '', '', '', '', '', '', '0')
rlm_sql_postgresql: Status: PGRES_FATAL_ERROR
rlm_sql_postgresql: affected rows =
rlm_sql_postgresql: Postgresql check_error: PGRES_FATAL_ERROR, returning
SQL_DOWN
rlm_sql (sql): Attempting to connect rlm_sql_postgresql #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql_postgresql: query: INSERT into radacct (AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,
AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start,
ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId,
CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol,
FramedIPAddress, AcctStartDelay, AcctStopDelay) values('2836',
'3879d6b9c94adcc6', 'boggss', '', '10.10.80.23', '', '', '2003-09-11
00:12:19', '-1', '', '', '', '0', '0', '', '', '', '', '', '', '', '0')
rlm_sql_postgresql: Status: PGRES_FATAL_ERROR
rlm_sql_postgresql: affected rows =
rlm_sql_postgresql: Postgresql check_error: PGRES_FATAL_ERROR, returning
SQL_DOWN
rlm_sql (sql): failed after re-connect
rlm_sql (sql): Couldn't update SQL accounting for START packet - ERROR: 
pg_atoi: zero-length string
radius_xlat:  'UPDATE radacct SET AcctStartTime = '2003-09-11 00:12:19',
AcctStartDelay = '', ConnectInfo_start = '' WHERE AcctSessionId = '2836'
AND UserName = 'boggss' AND NASIPAddress = '10.10.80.23''
radius_xlat:  '/usr/local/var/log/radius/sqltrace.sql'
rlm_sql_postgresql: query: UPDATE radacct SET AcctStartTime = '2003-09-11
00:12:19', AcctStartDelay = '', ConnectInfo_start = '' WHERE AcctSessionId
= '2836' AND UserName = 'boggss' AND NASIPAddress = '10.10.80.23'
rlm_sql_postgresql: Status: PGRES_FATAL_ERROR
rlm_sql_postgresql: affected rows =
rlm_sql_postgresql: Postgresql check_error: PGRES_FATAL_ERROR, returning
SQL_DOWN
rlm_sql (sql): Attempting to connect rlm_sql_postgresql #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql_postgresql: query: UPDATE radacct SET AcctStartTime = '2003-09-11
00:12:19', AcctStartDelay = '', ConnectInfo_start = '' WHERE AcctSessionId
= '2836' AND UserName = 'boggss' AND NASIPAddress = '10.10.80.23'
rlm_sql_postgresql: Status: PGRES_FATAL_ERROR
rlm_sql_postgresql: affected rows =
rlm_sql_postgresql: Postgresql check_error: PGRES_FATAL_ERROR, returning
SQL_DOWN
rlm_sql (sql): failed after re-connect
rlm_sql (sql): Couldn't update SQLaccounting START record - ERROR:  Bad
int8 external representation 
rlm_sql (sql): Released sql socket id: 3
  modcall[accounting]: module sql returns fail
modcall: group accounting returns fail
Finished request 1
Going to the next request
--- Walking the entire request list ---
Cleaning up request 1 ID 8 with timestamp 3f5f4d63
Nothing to do.  Sleeping until we see a request.





- what will i do list?.. looking forward of your
best help for this...

thanks,
francis ted a. seguerra
Groots NetQuest - 1Asialink
www.1asialink.com
brbr
table border=0 width=100% height=9
  tr
td width=100% height=9
font face=Arial 
color=#006600-br
iBringing First World Technology Closer to You./ibr
bhttp://www.1asialink.com/b/font/td
  /tr
/table

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius 0.9.0 and Proxim Orinoco AP-2000 Help

2003-09-09 Thread David Middleton 
FYI update, I ran tcpdump on the server and found that the radius
server was responding with a different address, even though I used the
-i xxx.xxx.xxx.xxx address switch. I changed the radius address on the
AP and it's working fine now.

David


--- Artur Hecker [EMAIL PROTECTED] wrote:
 you could log in into the AP and see what happens in there if this is
 
 supported.
 
 you mean the AP sends the Request, gets the challenge but never
 answers?
 
 
 ciao
 artur
 
 
 David Middleton wrote:
 
  Yes I can. I also traced it and it is getting there. It's almost
 like
  the AP is ignoring the packets being sent to it. 
  
  David
  
  --- Ulrich Walcher [EMAIL PROTECTED] wrote:
  
 Sounds like a routing problem.
 Can you ping the ap?
 Am Fre, 2003-09-05 um 17.30 schrieb David Middleton:
 ---SNIP ---
 
  The radius server and the ap are on
 different networks, but there is no firewall between them. 
 
 Any assistance would be appreciated,
 David
 
 
 
 - 
 List info/subscribe/unsubscribe? See
  
  http://www.freeradius.org/list/users.html
  
  
  __
  Do you Yahoo!?
  Yahoo! SiteBuilder - Free, easy-to-use web site design software
  http://sitebuilder.yahoo.com
  
  - 
  List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html
 
 
 - 
 List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

FreeRadius 0.9.0 and Proxim Orinoco AP-2000 Help

2003-09-05 Thread David Middleton 
I am having trouble getting FreeRadius and an AP-2000 to work.

I installed FreeRadius 0.9.0 on a slackware linux server and everything
there went fine. I then configured the AP-2000 and everything looked
ok, I can even see requests being sent to the radius server and the
radius server sending a responce. The trouble is, the AP says the
radius server is not responding. 

I have configured the clients.conf file with the ap in there and have
the matching shared secret on both the ap and radius server. I am
trying to do MAC address resolution and I can see that working, just
nothing gets back to the ap. The radius server and the ap are on
different networks, but there is no firewall between them. 

Any assistance would be appreciated,
David

__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius 0.9.0 and Proxim Orinoco AP-2000 Help

2003-09-05 Thread Ulrich Walcher 
Sounds like a routing problem.
Can you ping the ap?
Am Fre, 2003-09-05 um 17.30 schrieb David Middleton:
---SNIP ---
  The radius server and the ap are on
 different networks, but there is no firewall between them. 
 
 Any assistance would be appreciated,
 David



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius 0.9.0 and Proxim Orinoco AP-2000 Help

2003-09-05 Thread David Middleton 
Yes I can. I also traced it and it is getting there. It's almost like
the AP is ignoring the packets being sent to it. 

David

--- Ulrich Walcher [EMAIL PROTECTED] wrote:
 Sounds like a routing problem.
 Can you ping the ap?
 Am Fre, 2003-09-05 um 17.30 schrieb David Middleton:
 ---SNIP ---
   The radius server and the ap are on
  different networks, but there is no firewall between them. 
  
  Any assistance would be appreciated,
  David
 
 
 
 - 
 List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius 0.9.0 and Proxim Orinoco AP-2000 Help

2003-09-05 Thread Artur Hecker 
you could log in into the AP and see what happens in there if this is 
supported.

you mean the AP sends the Request, gets the challenge but never answers?

ciao
artur
David Middleton wrote:

Yes I can. I also traced it and it is getting there. It's almost like
the AP is ignoring the packets being sent to it. 

David

--- Ulrich Walcher [EMAIL PROTECTED] wrote:

Sounds like a routing problem.
Can you ping the ap?
Am Fre, 2003-09-05 um 17.30 schrieb David Middleton:
---SNIP ---
The radius server and the ap are on
different networks, but there is no firewall between them. 

Any assistance would be appreciated,
David


- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: help with freeradius 0.9.0, Active Directory, and MS-CHAPv2

2003-09-04 Thread Alan DeKok 
Sean Perry [EMAIL PROTECTED] wrote:
 I am trying to setup a Linux VPN.  Most of the pieces are now in place. 
   I am trying to authenticate against radius which in turn will 
 authenticate against our existing Active Directory server.

  People have done this.  To a certain extent, AD is just another LDAP
server.

 Looking through the archives I see several people try but no real 
 responses.  Ron Wahler claims to have Active Directory working but he 
 was not using chap.
 
 Is this possible?

  Not with CHAP.  AD doesn't allow you to look at the users clear-text
passwords, so CHAP is impossible.

  Yet, somehow, IAS does CHAP against AD.  Is anyone willing to bet
*against* the idea that Microsoft has one API for customers, and
another, better API for themselves?

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: help with freeradius 0.9.0, Active Directory, and MS-CHAPv2

2003-09-04 Thread Sean Perry 
Alan DeKok wrote:

Sean Perry [EMAIL PROTECTED] wrote:

I am trying to setup a Linux VPN.  Most of the pieces are now in place. 
 I am trying to authenticate against radius which in turn will 
authenticate against our existing Active Directory server.


  People have done this.  To a certain extent, AD is just another LDAP
server.

yeah, I have it working in other applications like apache so I know it 
can be done.

Looking through the archives I see several people try but no real 
responses.  Ron Wahler claims to have Active Directory working but he 
was not using chap.

Is this possible?


  Not with CHAP.  AD doesn't allow you to look at the users clear-text
passwords, so CHAP is impossible.
I have solved this in other cases by using the password to rebind as the 
user.  If the bind fails the password is incorrect.  What I have not 
seen is a way to get the password out of CHAP.  Is this a viable solution??

  Yet, somehow, IAS does CHAP against AD.  Is anyone willing to bet
*against* the idea that Microsoft has one API for customers, and
another, better API for themselves?
it is not entirely unreasonable to believe they have a CHAP -- Kerberos 
interface.  But I agree with you, they definately make life harder for 
the rest of us.



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: help with freeradius 0.9.0, Active Directory, and MS-CHAPv2

2003-09-04 Thread Alan DeKok 
Sean Perry [EMAIL PROTECTED] wrote:
Not with CHAP.  AD doesn't allow you to look at the users clear-text
  passwords, so CHAP is impossible.
 
 I have solved this in other cases by using the password to rebind as the 
 user.  If the bind fails the password is incorrect.  What I have not 
 seen is a way to get the password out of CHAP.  Is this a viable solution??

  No.  As I had said above, it's impossible.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: help with freeradius 0.9.0, Active Directory, and MS-CHAPv2

2003-09-04 Thread Sean Perry 
Alan DeKok wrote:

Sean Perry [EMAIL PROTECTED] wrote:

 Not with CHAP.  AD doesn't allow you to look at the users clear-text
passwords, so CHAP is impossible.
I have solved this in other cases by using the password to rebind as the 
user.  If the bind fails the password is incorrect.  What I have not 
seen is a way to get the password out of CHAP.  Is this a viable solution??


  No.  As I had said above, it's impossible.

Thanks Alan.

When I started this project it looked like all of the pieces were there. 
 Now the next person will be able to find this thread and know about 
the issues.

Looks like I am going to try the IAS authentication approach and see how 
it works.



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Need help on application - RADIUS integration

2003-09-04 Thread KT Poh 
Hi all,

Greeting to all. I am currently working on a wireless
project that requires integration of a web portal with
a mobile carrier's AAA system (a RADIUS system). I am
rather new to RADIUS technology, but I have tried
playing around with FreeRADIUS to familiarize myself
with the technology and to prepare for the integration
work with the carrier's AAA system.

For my project at the current moment, unfortunately, I
am still waiting to get the right technical contact
and the necessary technical info about their RADIUS
system from the carrier...The info is coming in rather
slowly. My project requirements as far as integration
with the carrier's RADIUS system is concerned are as
follows:

1. to retrieve mobile users' MSISDNs (Mobile Station
ISDN) or assigned client IP addresses from the
incoming HTTP requests received by the web portal, and
to validate it against the carrier's AAA system. The
web portal will grant user access based on the result
of the validation. 

2. In cases where client IP addresses are received,
to also get the users' corresponding MSISDNs from the
carrier's AAA system.

3. Upon successful validation, to also fetch the
required user profiles (name, email, etc if available)
from the carrier's AAA system so that the user info
can be made available for the web portal's use.

Instead of waiting for the info to come in, I am
thinking of configuring my FreeRADIUS server to
simulate a typical mobile carrier's RADIUS system as
closely as possible and to start some preliminary
integration of my web portal with the RADIUS server.

As I am very new to RADIUS and not to mention the
mobile carrier's RADIUS system, which I gathered from
pieces of information - it could be a specialized
RADIUS system for wireless industry, I am not sure how
viable is my above approach. I would really appreciate
it if somebody, who is expert in application - RADIUS
integration or familiar with carrier RADIUS
deployment, share their valuable experience and
suggestions as to how should I proceed with my tasks.

I would also appreciate it very much if any of you can
point me to the right directions on the followings:

- Is there a document/case study that describes how
mobile carriers typically make use of RADIUS for
authenticating their mobile users?

- Has anyone ever configured FreeRADIUS in a way that
closely resembles a typical mobile carrier's RADIUS
system? Can you share your system architecture or
configurations?

- Is there a comprehensive and stable open-source Java
APIs for RADIUS integration?


I am sorry for sending such a long email ...more so if
this is not the right forum for this type of
questions. But, I would really appreciate your
valuable inputs.


Best Regards.






__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Need help on application - RADIUS integration

2003-09-04 Thread Alan DeKok 
KT Poh [EMAIL PROTECTED] wrote:
 My project requirements as far as integration
 with the carrier's RADIUS system is concerned are as
 follows:
   
   1. to retrieve mobile users' MSISDNs (Mobile Station
 ISDN) or assigned client IP addresses from the
 incoming HTTP requests received by the web portal, and
 to validate it against the carrier's AAA system. The
 web portal will grant user access based on the result
 of the validation. 

  For Apache, mod_auth_radius can do some of this.  You may have to
edit the source to add features for your local system.

   2. In cases where client IP addresses are received,
 to also get the users' corresponding MSISDNs from the
 carrier's AAA system.

  If the MSISDN is defined in a RADIUS attribute, that's possible.

   3. Upon successful validation, to also fetch the
 required user profiles (name, email, etc if available)
 from the carrier's AAA system so that the user info
 can be made available for the web portal's use.

  For that, you'll probably need to create a local vendor dictionary,
and write a RADIUS client to integrate into your web portal, which
understands these attributes.

 As I am very new to RADIUS and not to mention the
 mobile carrier's RADIUS system, which I gathered from
 pieces of information - it could be a specialized
 RADIUS system for wireless industry, I am not sure how
 viable is my above approach.

  It's possible, it's just a lot of work.

  Personally, I would use RADIUS just for authentication, and have the
users information in an SQL database.  The web portal can then query
the database for the user information ONLY if the RADIUS server says
that the user was authenticated.

  The reason for this design is that it looks like you're trying to
use the RADIUS server for both authentication  some database
information.  That's going to cause difficulties.

 - Is there a document/case study that describes how
 mobile carriers typically make use of RADIUS for
 authenticating their mobile users?

  I doubt it.  That kind of information is usually kept secret.

 - Is there a comprehensive and stable open-source Java
 APIs for RADIUS integration?

  Look on google.

  Alan DeKok.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: help with freeradius 0.9.0, Active Directory, and MS-CHAPv2

2003-09-04 Thread Paul Hampson 
 From: Alan DeKok
 Sent: Thursday, 4 September 2003 11:46 PM

 Sean Perry [EMAIL PROTECTED] wrote:
  I am trying to setup a Linux VPN.  Most of the pieces are now in place. 
I am trying to authenticate against radius which in turn will 
  authenticate against our existing Active Directory server.

   People have done this.  To a certain extent, AD is just another LDAP
 server.

  Is this possible?

   Not with CHAP.  AD doesn't allow you to look at the users clear-text
 passwords, so CHAP is impossible.

   Yet, somehow, IAS does CHAP against AD.  Is anyone willing to bet
 *against* the idea that Microsoft has one API for customers, and
 another, better API for themselves?

So surely you could proxy CHAP requests to IAS, and authenticate other
requests using the superior powers of FreeRADIUS. You'd end up with
a post-proxy section that looks a lot like your post-auth section.

I'm probably terribly terribly wrong here, but to my mind you _should_
be able to. After all, MS _have_ supplied a RADIUS interface to the
passwords on the server, which seems an improvement over having to
write the W32API authentication calls yourself.

--
=
Paul TBBle Hampson
Bubblesworth Pty Ltd (ABN: 51 095 284 361)
[EMAIL PROTECTED]

This is a one line proof...if we start
sufficiently far to the left.
-- Cambridge University Math Department
-
Random signature generator 3.0 by Paul TBBle Hampson
=


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: help with freeradius 0.9.0, Active Directory, and MS-CHAPv2

2003-09-04 Thread Sean Perry 
Paul Hampson wrote:
 Yet, somehow, IAS does CHAP against AD.  Is anyone willing to bet
*against* the idea that Microsoft has one API for customers, and
another, better API for themselves?


So surely you could proxy CHAP requests to IAS, and authenticate other
requests using the superior powers of FreeRADIUS. You'd end up with
a post-proxy section that looks a lot like your post-auth section.
I'm probably terribly terribly wrong here, but to my mind you _should_
be able to. After all, MS _have_ supplied a RADIUS interface to the
passwords on the server, which seems an improvement over having to
write the W32API authentication calls yourself.
In my case I am ONLY using Radius for our VPN and do not really expect 
this to change.  While I would like to use freeradius it does not make 
much sense to do so.  For others your suggestion probably makes more sense.



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

help with freeradius 0.9.0, Active Directory, and MS-CHAPv2

2003-09-03 Thread Sean Perry 
I am trying to setup a Linux VPN.  Most of the pieces are now in place. 
 I am trying to authenticate against radius which in turn will 
authenticate against our existing Active Directory server.

Looking through the archives I see several people try but no real 
responses.  Ron Wahler claims to have Active Directory working but he 
was not using chap.

Is this possible?



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: help with freeradius 0.9.0, Active Directory, and MS-CHAPv2

2003-09-03 Thread Alan Lehman 
Sean Perry wrote:
I am trying to setup a Linux VPN.  Most of the pieces are now in place. 
 I am trying to authenticate against radius which in turn will 
authenticate against our existing Active Directory server.

Looking through the archives I see several people try but no real 
responses.  Ron Wahler claims to have Active Directory working but he 
was not using chap.

Is this possible?



- List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html


It is theoretically possible. You will need to install Internet Authentication Service, which is MS's RADIUS server. I've used IAS 
with Cisco devices, but I'm still trying to get pam_radius_auth to work on my RH9 system so I can try it with that.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Need some help configuring freeradius - openssl problem (EAP)

2003-09-01 Thread Artur Hecker 
Hi madhusudan!

if you look at the mail list archives, i posted a manually edited 
Makefile for the eap_tls module a while ago.

ciao
artur
Alan DeKok wrote:

Madhusudan Singh [EMAIL PROTECTED] wrote:

   I tried what you suggested. Downloaded freeradius-snapshot-20030830.

   No go. I still get :

checking for openssl/ssl.h... no
checking for DH_new in -lcrypto... no
...

  Try looking at the logs from 'configure'.  If that doesn't help,
edit the Makefiles.
  Each 'Makefile' for the modules is about 10 lines.  The 'configure'
scripts are there only as an easy short-hand, in 99% of the normal
cases.  If 'configure' is too hard to use, edit the 'Makefile' by
hand.
  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Need some help configuring freeradius - openssl problem (EAP)

2003-09-01 Thread Madhusudan Singh 
Hi Artur,

   Thanks for the heads up.
  
   I wish to fix the configure script though.

   For instance :

   the correct set of options to use were (note the openssl options) :

   ./configure --prefix=/usr/local/freeradius 
--with-mcrypt=/usr/local/lib/libmcrypt/ 
--with-mhash=/usr/local/lib/libmhash/ --with-ltdl-lib=/usr/lib 
--with-gnu-ld --with-openssl-includes=/usr/local/ssl/include/ 
--with-openssl-libraries=/usr/local/ssl/lib/

  Now I get :

checking for openssl/ssl.h... yes
checking for DH_new in -lcrypto... yes
checking for SSL_new in -lssl... no
checking how to run the C preprocessor... (cached) gcc -E
checking for openssl/err.h... no
checking for openssl/rand.h... no
checking for openssl/engine.h... no
configure: warning: silently not building rlm_eap_tls.
configure: warning: FAILURE: rlm_eap_tls requires:  libssl.
and
checking for DES_cbc_encrypt in -lcrypto... no
checking for des_cbc_encrypt in -lcrypto... no
configure: warning: silently not building rlm_x99_token.
configure: warning: FAILURE: rlm_x99_token requires:  des_cbc_encrypt.
The contents of /usr/local/ssl/lib :

libcrypto.a  libssl.a  pkgconfig

The contents of /usr/local/ssl/includes/openssl :
engine.h, err.h rand.h among other things. Which makes some of the 
messages above look absolutely nonsensical. Why would configure do such 
a thing ??

While the existence of libcrypto is being detected, it seems that it 
does not have support for des_cbc_encrypt cipher. Which is strange 
because I did not disable any ciphers during installation of openssl.

libssl is not being detected at all. Btw, could it be related to shared 
vs static libraries ?

Thanks,

MS

Artur Hecker wrote:

Hi madhusudan!

if you look at the mail list archives, i posted a manually edited 
Makefile for the eap_tls module a while ago.

ciao
artur


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Need some help configuring freeradius - openssl problem (EAP)

2003-09-01 Thread Alan DeKok 
Madhusudan Singh [EMAIL PROTECTED] wrote:
 I wish to fix the configure script though.

  Then read the configure *log* files.  The output that 'configure'
prints to the screen just tells you what went wrong.  It doesn't tell
you *why* it went wrong.

  The only way to fix configure is to know *why* the test failed.
Multiple posts of the output of 'configure' saying 'no' aren't
helping.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Need some help configuring freeradius - openssl problem (EAP)

2003-08-31 Thread Madhusudan Singh 
Hi
  
   I did that, and found that the correct set of options to use were 
(note the openssl options) :

./configure --prefix=/usr/local/freeradius 
--with-mcrypt=/usr/local/lib/libmcrypt/ 
--with-mhash=/usr/local/lib/libmhash/ --with-ltdl-lib=/usr/lib 
--with-gnu-ld --with-openssl-includes=/usr/local/ssl/include/ 
--with-openssl-libraries=/usr/local/ssl/lib/

   Now I get :

checking for openssl/ssl.h... yes
checking for DH_new in -lcrypto... yes
checking for SSL_new in -lssl... no
checking how to run the C preprocessor... (cached) gcc -E
checking for openssl/err.h... no
checking for openssl/rand.h... no
checking for openssl/engine.h... no
configure: warning: silently not building rlm_eap_tls.
configure: warning: FAILURE: rlm_eap_tls requires:  libssl.
and
checking for DES_cbc_encrypt in -lcrypto... no
checking for des_cbc_encrypt in -lcrypto... no
configure: warning: silently not building rlm_x99_token.
configure: warning: FAILURE: rlm_x99_token requires:  des_cbc_encrypt.
The contents of /usr/local/ssl/lib :

libcrypto.a  libssl.a  pkgconfig

The contents of /usr/local/ssl/includes/openssl :
engine.h, err.h rand.h among other things. Which makes some of the 
messages above look absolutely nonsensical.

While the existence of libcrypto is being detected, it seems that it 
does not have support for des_cbc_encrypt cipher. Which is strange 
because I did not disable any ciphers during installation of openssl.

libssl is not being detected at all. Btw, could it be related to shared 
vs static libraries ?

I will start editing Makefile by hand as a last resort, but wish to fix 
the configure script for you :)

Thanks,

MS

Alan DeKok wrote:

Madhusudan Singh [EMAIL PROTECTED] wrote:
 

   I tried what you suggested. Downloaded freeradius-snapshot-20030830.

   No go. I still get :

checking for openssl/ssl.h... no
checking for DH_new in -lcrypto... no
   

...

 Try looking at the logs from 'configure'.  If that doesn't help,
edit the Makefiles.
 Each 'Makefile' for the modules is about 10 lines.  The 'configure'
scripts are there only as an easy short-hand, in 99% of the normal
cases.  If 'configure' is too hard to use, edit the 'Makefile' by
hand.
 Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
 



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Need some help configuring freeradius - openssl problem (EAP)

2003-08-30 Thread Madhusudan Singh 
Hi,
	I sent this message out twice, but did not get a response. I was 
wondering if someone could help me.

---

Hi,
   I have openssl 0.9.7 installed in /usr/local/ssl, and am trying to
configure my freeradius installation at my wireless access point with :
   ./configure --prefix=/usr/local/freeradius --with-ssl=/usr/local/ssl
--with-mcrypt=/usr/local/lib/libmcrypt/
--with-mhash=/usr/local/lib/libmhash/ --with-ltdl-lib=/usr/lib
--with-gnu-ld
   I get an error in the configuration :

loading cache ../../../../.././config.cache
checking for gcc... (cached) gcc
checking whether the C compiler (gcc -g -O2 -D_REENTRANT
-D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG ) works... yes
checking whether the C compiler (gcc -g -O2 -D_REENTRANT
-D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG ) is a
cross-compiler... no
checking whether we are using GNU C... (cached) yes
checking whether gcc accepts -g... (cached) yes
checking for openssl/ssl.h... no
checking for DH_new in -lcrypto... no
checking for SSL_new in -lssl... no
checking how to run the C preprocessor... (cached) gcc -E
checking for openssl/err.h... no
checking for openssl/engine.h... no
configure: warning: silently not building rlm_eap_tls.
configure: warning: FAILURE: rlm_eap_tls requires:  (openssl/ssl.h)
libcrypto libssl.
   How do I fix this problem ?

Thanks,

MS



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Need some help configuring freeradius - openssl problem (EAP)

2003-08-30 Thread Madhusudan Singh 
Hi,
	I sent this message out twice, but did not get a response. I was 
wondering if someone could help me.

---

Hi,
   I have openssl 0.9.7 installed in /usr/local/ssl, and am trying to
configure my freeradius installation at my wireless access point with :
   ./configure --prefix=/usr/local/freeradius --with-ssl=/usr/local/ssl
--with-mcrypt=/usr/local/lib/libmcrypt/
--with-mhash=/usr/local/lib/libmhash/ --with-ltdl-lib=/usr/lib
--with-gnu-ld
   I get an error in the configuration :

loading cache ../../../../.././config.cache
checking for gcc... (cached) gcc
checking whether the C compiler (gcc -g -O2 -D_REENTRANT
-D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG ) works... yes
checking whether the C compiler (gcc -g -O2 -D_REENTRANT
-D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG ) is a
cross-compiler... no
checking whether we are using GNU C... (cached) yes
checking whether gcc accepts -g... (cached) yes
checking for openssl/ssl.h... no
checking for DH_new in -lcrypto... no
checking for SSL_new in -lssl... no
checking how to run the C preprocessor... (cached) gcc -E
checking for openssl/err.h... no
checking for openssl/engine.h... no
configure: warning: silently not building rlm_eap_tls.
configure: warning: FAILURE: rlm_eap_tls requires:  (openssl/ssl.h)
libcrypto libssl.
   How do I fix this problem ?

Thanks,

MS



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Need some help configuring freeradius - openssl problem (EAP)

2003-08-30 Thread Thor Spruyt 
From: Madhusudan Singh [EMAIL PROTECTED]
 configure: warning: FAILURE: rlm_eap_tls requires:  (openssl/ssl.h)
 libcrypto libssl.

This is the problem.

 How do I fix this problem ?

By installing libcrypto and libssl
Do a find / -name ssl.h to find out if ssl.h is already there.

Thor.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Need some help configuring freeradius - openssl problem (EAP)

2003-08-30 Thread Alan DeKok 
Madhusudan Singh [EMAIL PROTECTED] wrote:
 I have openssl 0.9.7 installed in /usr/local/ssl, and am trying to
 configure my freeradius installation at my wireless access point with :
 
 ./configure --prefix=/usr/local/freeradius --with-ssl=/usr/local/ssl
...

  That won't work in FreeRADIUS 0.9.0.  It doesn't use that option to
look for OpenSSL.

  Try the latest CVS snapshot, and do:

   ./configure --prefix=/usr/local/freeradius 
--with-open-ssl-inc=/usr/local/ssl/include --with-openssl-lib=/usr/local/ssl/lib ...

  and it should be better.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Need some help configuring freeradius - openssl problem (EAP)

2003-08-30 Thread Madhusudan Singh 
Hi

   Thanks for your response. Let me try this out.

MS

 That won't work in FreeRADIUS 0.9.0.  It doesn't use that option to
look for OpenSSL.
 Try the latest CVS snapshot, and do:

  ./configure --prefix=/usr/local/freeradius --with-open-ssl-inc=/usr/local/ssl/include --with-openssl-lib=/usr/local/ssl/lib ...

 and it should be better.

 Alan DeKok.

 



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Need some help configuring freeradius - openssl problem (EAP)

2003-08-30 Thread Madhusudan Singh 
Hi

   I tried what you suggested. Downloaded freeradius-snapshot-20030830.

   No go. I still get :

checking for openssl/ssl.h... no
checking for DH_new in -lcrypto... no
checking for SSL_new in -lssl... no
checking how to run the C preprocessor... (cached) gcc -E
checking for openssl/err.h... no
checking for openssl/rand.h... no
checking for openssl/engine.h... no
configure: warning: silently not building rlm_eap_tls.
configure: warning: FAILURE: rlm_eap_tls requires:  (openssl/ssl.h) 
libcrypto libssl.

and

checking for inttypes.h... (cached) yes
checking for DES_cbc_encrypt in -lcrypto... no
checking for des_cbc_encrypt in -lcrypto... no
configure: warning: silently not building rlm_x99_token.
configure: warning: FAILURE: rlm_x99_token requires:  des_cbc_encrypt.
   I used the following different configure options :

   --with-open-ssl-inc=, --with-openssl-inc and --with-openssl-include.

(the first is what you suggested, I was just trying to make sure it 
wasn't a typo)

   Last configure command :

   ./configure --prefix=/usr/local/freeradius 
--with-mcrypt=/usr/local/lib/libmcrypt/ 
--with-mhash=/usr/local/lib/libmhash/ --with-ltdl-lib=/usr/lib 
--with-gnu-ld --with-openssl-include=/usr/local/ssl/include/ 
--with-openssl-lib=/usr/local/ssl/lib/

   And I do have the following include file :

   /usr/local/ssl/include/openssl/ssl.h

   What could be wrong ?

Thanks,

MS

Alan DeKok wrote:

Madhusudan Singh [EMAIL PROTECTED] wrote:
 

   I have openssl 0.9.7 installed in /usr/local/ssl, and am trying to
configure my freeradius installation at my wireless access point with :
   ./configure --prefix=/usr/local/freeradius --with-ssl=/usr/local/ssl
   

...

 That won't work in FreeRADIUS 0.9.0.  It doesn't use that option to
look for OpenSSL.
 Try the latest CVS snapshot, and do:

  ./configure --prefix=/usr/local/freeradius --with-open-ssl-inc=/usr/local/ssl/include --with-openssl-lib=/usr/local/ssl/lib ...

 and it should be better.

 Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
 



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Need some help configuring freeradius - openssl problem (EAP)

2003-08-30 Thread Alan DeKok 
Madhusudan Singh [EMAIL PROTECTED] wrote:
 I tried what you suggested. Downloaded freeradius-snapshot-20030830.
 
 No go. I still get :
 
 checking for openssl/ssl.h... no
 checking for DH_new in -lcrypto... no
...

  Try looking at the logs from 'configure'.  If that doesn't help,
edit the Makefiles.

  Each 'Makefile' for the modules is about 10 lines.  The 'configure'
scripts are there only as an easy short-hand, in 99% of the normal
cases.  If 'configure' is too hard to use, edit the 'Makefile' by
hand.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Need some help configuring freeradius - openssl problem (EAP)

2003-08-28 Thread Madhusudan Singh 
Hi,
  I have openssl 0.9.7 installed in /usr/local/ssl, and am trying to 
configure my freeradius installation at my wireless access point with :

  ./configure --prefix=/usr/local/freeradius --with-ssl=/usr/local/ssl 
--with-mcrypt=/usr/local/lib/libmcrypt/ 
--with-mhash=/usr/local/lib/libmhash/ --with-ltdl-lib=/usr/lib 
--with-gnu-ld

  I get an error in the configuration :

loading cache ../../../../.././config.cache
checking for gcc... (cached) gcc
checking whether the C compiler (gcc -g -O2 -D_REENTRANT 
-D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG ) works... yes
checking whether the C compiler (gcc -g -O2 -D_REENTRANT 
-D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG ) is a 
cross-compiler... no
checking whether we are using GNU C... (cached) yes
checking whether gcc accepts -g... (cached) yes
checking for openssl/ssl.h... no
checking for DH_new in -lcrypto... no
checking for SSL_new in -lssl... no
checking how to run the C preprocessor... (cached) gcc -E
checking for openssl/err.h... no
checking for openssl/engine.h... no
configure: warning: silently not building rlm_eap_tls.
configure: warning: FAILURE: rlm_eap_tls requires:  (openssl/ssl.h) 
libcrypto libssl.

  How do I fix this problem ?

Thanks,

MS

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

  1   2   3   4   5   6   7   >