Freeradius-Users Digest, Vol 12, Issue 56 (Out Of Office)

BRETT WEEAST LPPWEEAB at gw.njsp.org
Wed Apr 12 23:40:12 CEST 2006


I will be out of the office Thu, April 13 through Fri, April 21.  

If you require assistance prior to April 24, email the Network Services Unit at: r035 at gw.njsp.org 


>>> freeradius-users 04/12/06 17:12 >>>

Send Freeradius-Users mailing list submissions to
	freeradius-users at lists.freeradius.org

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
	freeradius-users-request at lists.freeradius.org

You can reach the person managing the list at
	freeradius-users-owner at lists.freeradius.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."


Today's Topics:

   1. Re: Freeradius, mysql, please help!!! (YvesDM)
   2. Re: Question (YvesDM)
   3. Re: Freeradius, mysql, please help!!! (Laker Netman)
   4. Multiple Locations and configuring 2 different methods of
      Access (James)
   5. Re: FreeRADIUS and SNMP (Kevin Bonner)
   6. FreeRADIUS 1.1.1 Segmentation fault on Fedora 4 (Nikolas Thoman)
   7. Question Regarding FreeRADIUS debug ----please help!
      (Silpa Akkina)


----------------------------------------------------------------------

Message: 1
Date: Wed, 12 Apr 2006 20:43:22 +0200
From: YvesDM <ydmlog at gmail.com>
Subject: Re: Freeradius, mysql, please help!!!
To: "FreeRadius users mailing list"
	<freeradius-users at lists.freeradius.org>
Message-ID:
	<799e44b30604121143g1a162577uc05f667dacdaf21f at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

On 4/12/06, A.L.M.Buxey at lboro.ac.uk <A.L.M.Buxey at lboro.ac.uk> wrote:
>
> Hi,
>
> ummm. I'm not too certain here but wasnt the password you defined in the
> mySQL database for john $1$bkW9WNor$tq5sRRiUcwOV4/fwk3CYM/
> if this is a crypted password then surely the attribute is Crypt-Password
> rather than User-Password?
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>

Correct, alan DeKok told me too. I changed it, but it didn't solve the
problem.

tnx
yves
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060412/8e9693ce/attachment-0001.html

------------------------------

Message: 2
Date: Wed, 12 Apr 2006 20:58:34 +0200
From: YvesDM <ydmlog at gmail.com>
Subject: Re: Question
To: "FreeRadius users mailing list"
	<freeradius-users at lists.freeradius.org>
Message-ID:
	<799e44b30604121158r9a4bfb2t2031cbe602195496 at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

On 4/12/06, A.L.M.Buxey at lboro.ac.uk <A.L.M.Buxey at lboro.ac.uk> wrote:
>
> Hi,
>
> > modcall: leaving group authorize (returns ok) for request 0
> >   rad_check_password:  Found Auth-Type System
> > auth: type "System"
>
> try removing the default System authentication method from your
> users file.
>
> alan


Working now!

i changed "system to "radius" in the users file and now it's working.

# First setup all accounts to be checked against the UNIX /etc/passwd.
# (Unless a password was already given earlier in this file).
#
DEFAULT Auth-Type = Radius
        Fall-Through = 1


Many tnx
Yves
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060412/2b4efff6/attachment-0001.html

------------------------------

Message: 3
Date: Wed, 12 Apr 2006 12:23:05 -0700 (PDT)
From: Laker Netman <laker_netman at yahoo.com>
Subject: Re: Freeradius, mysql, please help!!!
To: FreeRadius users mailing list
	<freeradius-users at lists.freeradius.org>
Message-ID: <20060412192305.70689.qmail at web50507.mail.yahoo.com>
Content-Type: text/plain; charset=iso-8859-1

--- YvesDM <ydmlog at gmail.com> wrote:

> On 4/12/06, Alan DeKok <aland at nitros9.org> wrote:
> >
> > YvesDM <ydmlog at gmail.com> wrote:
> > > mysql> select * from radcheck;
> > >
> >
>
+----+----------+---------------+----+------------------------------------+
> > > | id | UserName | Attribute     | op |
> > Value                              |
> > >
> >
>
+----+----------+---------------+----+------------------------------------+
> > > |  1 | steve    | User-Password | :=3D |
> > $1$nyiGAEuR$5wcFr5bT7SfkVjIChnbZo0=
> > >  |
> >
> >   These are *not* clear-text passwords.  They're
> encrypted
> > passwords. Change the attribute name to
> Crypt-Password, and it should
> > work.
> >
> >   Alan DeKok.
> 
> 
> 
> Tnx for the reply, but it didn't solve my problem.
> 
>  mysql> select * from radcheck;
>
+----+----------+----------------+----+------------------------------------+
> | id | UserName | Attribute      | op | Value       
>                       |
>
+----+----------+----------------+----+------------------------------------+
> |  1 | steve    | User-Password  | := |
> $1$nyiGAEuR$5wcFr5bT7SfkVjIChnbZo0 |
> |  2 | maureen  | Crypt-Password | := |
> $1$LTvKoOtc$X2fVg8uDqyP4.mU.iLNKm0 |
> |  3 | john     | Crypt-Password | := |
> $1$bkW9WNor$tq5sRRiUcwOV4/fwk3CYM/ |
>
+----+----------+----------------+----+------------------------------------+
> 3 rows in set (0.00 sec)
> 
> mysql> quit
> Bye
> radius:/usr/local/etc/raddb# radtest john test
> localhost 1812 testing123
> Sending Access-Request of id 213 to 127.0.0.1 port
> 1812
>         User-Name = "john"
>         User-Password = "test"
>         NAS-IP-Address = 255.255.255.255
>         NAS-Port = 1812
> Re-sending Access-Request of id 213 to 127.0.0.1
> port 1812
>         User-Name = "john"
>         User-Password = "test"
>         NAS-IP-Address = 255.255.255.255
>         NAS-Port = 1812
> rad_recv: Access-Reject packet from host
> 127.0.0.1:1812, id=213, length=20
> radius:/usr/local/etc/raddb# radtest maureen test
> localhost 1812 testing123
> Sending Access-Request of id 219 to 127.0.0.1 port
> 1812
>         User-Name = "maureen"
>         User-Password = "test"
>         NAS-IP-Address = 255.255.255.255
>         NAS-Port = 1812
> Re-sending Access-Request of id 219 to 127.0.0.1
> port 1812
>         User-Name = "maureen"
>         User-Password = "test"
>         NAS-IP-Address = 255.255.255.255
>         NAS-Port = 1812
> rad_recv: Access-Reject packet from host
> 127.0.0.1:1812, id=219, length=20
> radius:/usr/local/etc/raddb#
> 
> Any other suggestions?
> 
> Yves
> > - 
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

Try switching everything back to clear text, with
User-Password attribute and *clear text passwords* and
see if anybody can auth that way.

Laker


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam
protection around 
http://mail.yahoo.com 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


------------------------------

Message: 4
Date: Wed, 12 Apr 2006 13:02:35 -0700
From: James <list-freeradius at qujo.com>
Subject: Multiple Locations and configuring 2 different methods of
	Access
To: freeradius-users at lists.freeradius.org
Message-ID: <443D5CDB.1090107 at qujo.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Hello,

I am running freeradius 1.0.5 on FC4 i386

My end-users right now are getting authenticated by the login-based
mysql radcheck table from freeradius and they are coming from multiple
locations through a web-based portal redirected by their gateway.

My question is, if there is a way to setup freeradius for example: to
allow for 3 locations to login through the login based authentication
(the way it is setup right now) and at the same time grant 2 other
locations access without the need of using login based authentication, I
now there is an option to allow access without authentication, but to my
understanding this is global for all locations, I am looking for a way
to allow access without athentication for a specific location and at the
same time not interfere with the locations that are using login-based
authentication.

Is this possible? If so, where can I get more documentation on this
topic and where can I see an actual configuration example of this type
of setup?

If this is not possible "out of the box", where can I get documentation
on a work around or similar solutions?


Thank you in advance for all your help,


James




------------------------------

Message: 5
Date: Wed, 12 Apr 2006 16:34:14 -0400
From: Kevin Bonner <keb at pa.net>
Subject: Re: FreeRADIUS and SNMP
To: freeradius-users at lists.freeradius.org
Message-ID: <200604121634.20255.keb at pa.net>
Content-Type: text/plain; charset="iso-8859-15"

On Wednesday 12 April 2006 10:48, DESETech - German P. Santillan wrote:
> But... I can't obtain a valid response for OID 1.3.6.1.4.1.3317

The OIDs you want to query are:

radiusAuthServ 1.3.6.1.2.1.67.1.1.1.1.*  (or mib-2.67.1.1.1.1.*)
radiusAccServ 1.3.6.1.2.1.67.2.1.1.1.* (or mib-2.67.2.1.1.1.*)

Loading the MIBS from the mibs/ directory in the FR source will allow you to 
query the actual names instead of OIDs.

Kevin Bonner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060412/4cea40ea/attachment-0001.bin

------------------------------

Message: 6
Date: Wed, 12 Apr 2006 13:56:18 -0700 (PDT)
From: Nikolas Thoman <nikthoman at yahoo.com>
Subject: FreeRADIUS 1.1.1 Segmentation fault on Fedora 4
To: freeradius-users at lists.freeradius.org
Message-ID: <20060412205618.26774.qmail at web81111.mail.mud.yahoo.com>
Content-Type: text/plain; charset="iso-8859-1"

I am running FreeRADIUS 1.1.1 on a Fedora Core 4 server (kernel 2.6.11-1.1369_FC4smp) to authenticate using EAP-SIM.
  
  After ~400 successful auths at 20 requests/second the radiusd service  encounters a segmentation fault.  The output of the gdb dump is as  follows:
  
  Program received signal SIGSEGV, Segmentation fault.
  [Switching to Thread -1208572224 (LWP 9805)]
  0x0072ec33 in _int_malloc () from /lib/libc.so.6
  (gdb) bt
  #0  0x0072ec33 in _int_malloc () from /lib/libc.so.6
  #1  0x00730792 in malloc () from /lib/libc.so.6
  #2  0x005007e4 in eap_compose (handler=0x8fb8220) at eap.c:395
  #3  0x004ffa94 in eap_authenticate (instance=0x8f8e4b8, request=0x8fbe648) at rlm_eap.c:341
  #4  0x08053009 in modcall ()
  #5  0x0805351d in modcall ()
  #6  0x0805312d in modcall ()
  #7  0x080525ba in find_module_instance ()
  #8  0x0804c532 in rad_check_password ()
  #9  0x0804cb03 in rad_authenticate ()
  #10 0x08054c0a in rad_respond ()
  #11 0x08056287 in main ()
  (gdb)
  
  I have another FreeRADIUS 1.0.3 server running on a Red Hat 9 server  (kernel 2.4.20-8) that has had no problems running this kind of traffic.
  
  Any help in diagnosing the reason why I'm encountering a fault in malloc would be much appreciated.
  
  Thanks,
  Nik
  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060412/4cb8661f/attachment-0001.html

------------------------------

Message: 7
Date: Wed, 12 Apr 2006 14:02:30 -0700 (PDT)
From: Silpa Akkina <akkinasgroups at yahoo.com>
Subject: Question Regarding FreeRADIUS debug ----please help!
To: freeradius-users at lists.freeradius.org
Message-ID: <20060412210230.59303.qmail at web30001.mail.mud.yahoo.com>
Content-Type: text/plain; charset="iso-8859-1"


Hi....i am new to this group and joined just few minutes back. I had a 
  
question  regarding how to view the milliseonds resolution in the RADIUS  
  
debug....i am trying to collect the output from the proxy radius  
  
server....i think all i can get is debug with seconds resolution...but  for my 
  
project i have to take milli seconds readings....please help!
  
>   
  
>   Thanks,
  
>   Silpa
  

http://akkinasilpa.blogspot.com

			
---------------------------------
Yahoo! Messenger with Voice. PC-to-Phone calls for ridiculously low rates.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060412/198f927e/attachment.html

------------------------------

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


End of Freeradius-Users Digest, Vol 12, Issue 56
************************************************






More information about the Freeradius-Users mailing list