Freeradius-Users Digest, Vol 55, Issue 32

Peter Carlstedt pc_007 at hotmail.com
Mon Nov 9 16:46:13 CET 2009


Hello all again!

I have a problem which I and a friend here have been trying to solve for some days now.
It happens in both version 2.1.0 and 2.1.7 and has something to do with OpenSSL.
We have downloaded the source for both versions and installed OpenSSL, libssl-dev and libpq-dev which everyone on the "google-net" talks about.
We have modified "rules" and "control" in ~/FreeRadius-Server/debian/ so it should have support for OpenSSL, I will include the changes here:

Rules(instead of having "without" we changed to "with" for openssl, peap, tls & ttls)
ifeq ($(openssl), no)
     confflags += --with-openssl --with-rlm_eap_peap --with-rlm_eap_tls --with-rlm_eap_ttls --without-rlm_otp

Control(Did not have to change or add anything but want to add these lines so you can see if there is any faulty lines here)
Build-Depends: debhelper (>= 5), dpatch (>= 2), dpkg-dev (>= 1.13.19), autotools-dev, libtool (>= 1.5), libltdl3-dev, libpam0g-dev, libmysqlclient15-dev | libmysqlclient-dev, libgdbm-dev, libldap2-dev, libsasl2-dev, libiodbc2-dev, libkrb5-dev, libperl-dev, libpcap-dev, python-dev, snmp, libsnmp9-dev | libsnmp-dev, libpq-dev, libssl-dev

After we have run in terminal "./configure" ; "make" & "sudo make install" and afterwards try to run radius with "radiusd -X" (same as freeradius -X if youre using freeradius installed through "Synaptic Package Manager").

So is there anything we have missed? We have been reading about that Freeradius do not include support for OpenSSL since the problem with license but we have also read that if you want to get OpenSSL support anyway you should do like we have done. Is there anyway to get around this problem or is everyone facing same problem as we do with these versions of FreeRadius? We have also read about another one using version 2.1.6 with same problem so i guess it is common for all versions from at least 2.1.0 and upwards?

Best Regards/ Peter Carlstedt


> From: freeradius-users-request at lists.freeradius.org
> Subject: Freeradius-Users Digest, Vol 55, Issue 32
> To: freeradius-users at lists.freeradius.org
> Date: Mon, 9 Nov 2009 15:30:11 +0100
> 
> Send Freeradius-Users mailing list submissions to
> 	freeradius-users at lists.freeradius.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> 	http://lists.freeradius.org/mailman/listinfo/freeradius-users
> or, via email, send a message with subject or body 'help' to
> 	freeradius-users-request at lists.freeradius.org
> 
> You can reach the person managing the list at
> 	freeradius-users-owner at lists.freeradius.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Users digest..."
> 
> 
> Today's Topics:
> 
>    1. Re: WLAN - Freeradius - OpenLDAP - VLANs
>       (Jos? Johnny RANDRIAMAMPIONONA)
>    2. Cannot upgade to 2.1.7 (kachin Agarwal)
>    3. Re: Cannot upgade to 2.1.7 (Alan Buxey)
>    4. Re: WLAN - Freeradius - OpenLDAP - VLANs (nf-vale)
>    5. Problem with server atribute in NAS table with mysql
>       (Ana Gallardo)
>    6. Re: Problem with server atribute in NAS table with mysql
>       (Alan Buxey)
>    7. Re: WLAN - Freeradius - OpenLDAP - VLANs (_Stefan_H)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Mon, 9 Nov 2009 12:25:13 +0000
> From: Jos? Johnny RANDRIAMAMPIONONA <vasiana09 at gmail.com>
> Subject: Re: WLAN - Freeradius - OpenLDAP - VLANs
> To: FreeRadius users mailing list
> 	<freeradius-users at lists.freeradius.org>
> Message-ID:
> 	<d379502d0911090425p7e48137brc0d7a21e4aa3a279 at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> Freeradius work well with openldap but only with cleartext password (PAP).
> Best regards!
> 
> 2009/11/9 _Stefan_H <stefanh007 at networld.at>
> 
> >
> > First I know my english is not the best, but i hope you will understand it.
> >
> > In the course of a project i have to make an authentification against a
> > freeradius server for the WLAN Users.
> > On the Server(OpenSUSE11.1) is a LDAP Directory and i want that the WLAN
> > Users have to authentificate with their accounts. After the successful
> > authentification they will be put into an other VLAN, that they can use
> > their homedirectories.
> >
> > I would like to know how I should do it, because i inform me about the
> > Authentification Types(EAP-TLS,TTLS,PEAP) and know I am totally confused
> > which i have to configure at the freeradius Server.
> >
> > I think that PEAP would be the easiest, but I really don't know which can
> > be
> > used whth a dynamic VLAN.
> >
> > http://old.nabble.com/file/p26230857/1.jpeg
> >
> > The AP is an Linksys WRT-54-GS
> > and the Switch is an CISCO-2950
> >
> >
> >
> > --
> > View this message in context:
> > http://old.nabble.com/WLAN----Freeradius----OpenLDAP----VLANs-tp26230857p26230857.html
> > Sent from the FreeRadius - User mailing list archive at Nabble.com.
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> 
> 
> 
> -- 
> JJohnny RANDRIAMAMPIONONA
> Phone: +212663682554, +212533158575
> National School of Applied Sciences
> ZIP 1818 TANGIER 90000
> ---------Morocco ---------------
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20091109/8589c60f/attachment.html>
> 
> ------------------------------
> 
> Message: 2
> Date: Mon, 9 Nov 2009 18:00:41 +0530 (IST)
> From: kachin Agarwal <kach_gr8 at yahoo.co.in>
> Subject: Cannot upgade to 2.1.7
> To: freeradius-users at lists.freeradius.org
> Message-ID: <318375.47862.qm at web94201.mail.in2.yahoo.com>
> Content-Type: text/plain; charset="utf-8"
> 
> Hi,
> I m trying to upgrade the freeradius server to 2.1.7. 
> But when i build i get the following error :
> 
> configure: error: set --without-rlm_counter to disable it explicitly.
> configure: error: ./configure failed for src/modules/rlm_counter
> make: *** [*/*/*/*/*/*/*/radius/freeradius-server-2.1.7/src/main/radiusd] Error 1
> 
> How can i rectify this???
> 
> Thanx & Regards,
> Kachin
> 
> 
> 
> 
>       Add whatever you love to the Yahoo! India homepage. Try now! http://in.yahoo.com/trynew
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20091109/6e36a5c7/attachment.html>
> 
> ------------------------------
> 
> Message: 3
> Date: Mon, 9 Nov 2009 12:50:45 +0000
> From: Alan Buxey <A.L.M.Buxey at lboro.ac.uk>
> Subject: Re: Cannot upgade to 2.1.7
> To: FreeRadius users mailing list
> 	<freeradius-users at lists.freeradius.org>
> Message-ID: <20091109125045.GB29997 at lboro.ac.uk>
> Content-Type: text/plain; charset=us-ascii
> 
> Hi,
> > Hi,
> > I m trying to upgrade the freeradius server to 2.1.7. 
> > But when i build i get the following error :
> > 
> > configure: error: set --without-rlm_counter to disable it explicitly.
> > configure: error: ./configure failed for src/modules/rlm_counter
> > make: *** [*/*/*/*/*/*/*/radius/freeradius-server-2.1.7/src/main/radiusd] Error 1
> > 
> > How can i rectify this???
> 
> do you want the counter module?  if not, simply do as it says...add
> 
> --without-rlm_counter   after the ./configure  eg plain version
> 
> ./configure --without-rlm_counter
> 
> 
> alan
> 
> 
> ------------------------------
> 
> Message: 4
> Date: Mon, 9 Nov 2009 13:36:55 +0000
> From: "nf-vale" <nf-vale at critical-links.com>
> Subject: Re: WLAN - Freeradius - OpenLDAP - VLANs
> To: freeradius-users at lists.freeradius.org
> Message-ID: <200911091336.56041.nf-vale at critical-links.com>
> Content-Type: Text/Plain;  charset="iso-8859-15"
> 
> On Monday 09 November 2009 12:25:13 Jos? Johnny RANDRIAMAMPIONONA wrote:
> > Freeradius work well with openldap but only with cleartext password (PAP).
> > Best regards!
> 
> Don't give wrong answers if you're not sure of what you're talking.
> 
> > 
> > 2009/11/9 _Stefan_H <stefanh007 at networld.at>
> > 
> > > First I know my english is not the best, but i hope you will understand
> > > it.
> > >
> > > In the course of a project i have to make an authentification against a
> > > freeradius server for the WLAN Users.
> > > On the Server(OpenSUSE11.1) is a LDAP Directory and i want that the WLAN
> > > Users have to authentificate with their accounts. After the successful
> > > authentification they will be put into an other VLAN, that they can use
> > > their homedirectories.
> > >
> > > I would like to know how I should do it, because i inform me about the
> > > Authentification Types(EAP-TLS,TTLS,PEAP) and know I am totally confused
> > > which i have to configure at the freeradius Server.
> 
> See http://deployingradius.com/documents/protocols/compatibility.html for 
> compatibilty issues.
> 
> 
> You can authenticate users using PEAP against LDAP just as long as the user's 
> entries in the LDAP DB have NT / LM password hashes. For instance, if using 
> OpenLDAP, you need to include the samba.schema in the supported schemas list 
> and then add sambaNTPassword and sambaLMPassword to each one of the user's 
> entries  in the DB.
> 
> Ex:
> 
> "
> dn: uid=xxx,ou=people,dc=local,dc=loc
> objectClass: inetOrgPerson
> objectClass: sambaSamAccount
> uidNumber: 1
> uid: xxx
> userPassword:: e01ENX1mMmhLRytkajNnSSs2aEtmL3ltSnV3PT0=
> sambaLMPassword: AB849716E6B337C43B639FCD27BDA434
> sambaNTPassword: 9574805413661ADC5E8FA7B943026723
> ...
> "
> 
> You can hash the user's password using the smbencrypt utility.
> 
> > >
> > > I think that PEAP would be the easiest, but I really don't know which can
> > > be
> > > used whth a dynamic VLAN.
> > >
> > > http://old.nabble.com/file/p26230857/1.jpeg
> > >
> > > The AP is an Linksys WRT-54-GS
> > > and the Switch is an CISCO-2950
> > >
> > >
> > >
> > > --
> > > View this message in context:
> > > http://old.nabble.com/WLAN----Freeradius----OpenLDAP----VLANs-tp26230857p
> > >26230857.html Sent from the FreeRadius - User mailing list archive at
> > > Nabble.com.
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> > 
> 
> 
> 
> ------------------------------
> 
> Message: 5
> Date: Mon, 9 Nov 2009 14:42:51 +0100
> From: Ana Gallardo <ana.gallardo.77 at gmail.com>
> Subject: Problem with server atribute in NAS table with mysql
> To: FreeRadius users mailing list
> 	<freeradius-users at lists.freeradius.org>
> Message-ID:
> 	<74556fcf0911090542q1d863b4am44e7467ecb18f297 at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> Hello, I'm using Freeradius 2.0.4-3 an Debian.
> 
> My clients are in a MySQL database (nas table).
> 
> +----+------------------+---------------+-------+---------+------------+---------+---------------+---------------------------+
> | id |     nasname     |  shortname | type  | ports    | secret     | server
> | community  | description                |
> +----+------------------+---------------+-------+---------+------------+---------+---------------+---------------------------+
> | 1 |      XXX             | NODO1      | other | NULL | secretN1 | nodes  |
> nodo           | Nodo Wifi                  |
> | 2 |      YYY             | NODO2      | other | NULL | secretN2 | nodes  |
> nodo           | Nodo Wifi                  |
> 
> 
> I want to process some clients through one virtual server (server nodes{}),
> so I have the name of the virtual server in the "server" column, but this
> doesn't work.
> 
> When I receive a request from those clients, the default server proccess
> them.
> 
> I test to change the column name to virtual_server with same result.
> 
> I have to put the clients with value in "virtual_server" in clients.conf
> file and the clients without value in nas table from MySQL.
> 
> I test to put them in server section:
> 
> ##/etc/freeradius/sites-enabled/nodes
> 
> server nodes{
>    client nodo1{
>    }
>    ...
> }
> 
> but this doesn't work. I have to put them out of server section, like this:
> 
> ##/etc/freeradius/sites-enabled/nodes
> client nodo1{
> }
> 
> server nodes{
>    ...
> }
> 
> and I think that this is the same that put them in clients files ??
> 
> Thank you very much and sorry for my english.
> 
> -- 
> ____________________
> 
>  Ana Gallardo G?mez
> ____________________
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20091109/cfde27ab/attachment.html>
> 
> ------------------------------
> 
> Message: 6
> Date: Mon, 9 Nov 2009 14:03:54 +0000
> From: Alan Buxey <A.L.M.Buxey at lboro.ac.uk>
> Subject: Re: Problem with server atribute in NAS table with mysql
> To: FreeRadius users mailing list
> 	<freeradius-users at lists.freeradius.org>
> Message-ID: <20091109140354.GA30095 at lboro.ac.uk>
> Content-Type: text/plain; charset=us-ascii
> 
> Hi,
> 
> > My clients are in a MySQL database (nas table).
> > 
> > +----+------------------+---------------+-------+---------+------------+---------+---------------+---------------------------+
> > | id |     nasname     |  shortname | type  | ports    | secret     | server
> > | community  | description                |
> > +----+------------------+---------------+-------+---------+------------+---------+---------------+---------------------------+
> > | 1 |      XXX             | NODO1      | other | NULL | secretN1 | nodes  |
> > nodo           | Nodo Wifi                  |
> > | 2 |      YYY             | NODO2      | other | NULL | secretN2 | nodes  |
> > nodo           | Nodo Wifi                  |
> > 
> > 
> > I want to process some clients through one virtual server (server nodes{}),
> > so I have the name of the virtual server in the "server" column, but this
> > doesn't work.
> > 
> > When I receive a request from those clients, the default server proccess
> > them.
> 
> which means you havent updated the SQL qeuery to use that column.
> 
> check your sql/mysql/dialup.conf file and edit the call to pull in the NAS
> from
> 
>         nas_query = "SELECT id, nasname, shortname, type, secret FROM ${nas_table}"
> 
> to
> 
> 	nas_query = "SELECT id, nasname, shortname, type, secret, server FROM ${nas_table}"
> 
> then the server attribute will be pulled in and the 'nodes' virtual host will get used.
> 
> alan
> 
> 
> ------------------------------
> 
> Message: 7
> Date: Mon, 9 Nov 2009 06:30:04 -0800 (PST)
> From: _Stefan_H <stefanh007 at networld.at>
> Subject: Re: WLAN - Freeradius - OpenLDAP - VLANs
> To: freeradius-users at lists.freeradius.org
> Message-ID: <26267282.post at talk.nabble.com>
> Content-Type: text/plain; charset=UTF-8
> 
> 
> Thanks for answering and I hope that I will have no problems in configuring
> the server .... but I think that won't happen.
> 
> 
> nf-vale wrote:
> > 
> > On Monday 09 November 2009 12:25:13 Jos? Johnny RANDRIAMAMPIONONA wrote:
> >> Freeradius work well with openldap but only with cleartext password
> >> (PAP).
> >> Best regards!
> > 
> > Don't give wrong answers if you're not sure of what you're talking.
> > 
> >> 
> >> 2009/11/9 _Stefan_H <stefanh007 at networld.at>
> >> 
> >> > First I know my english is not the best, but i hope you will understand
> >> > it.
> >> >
> >> > In the course of a project i have to make an authentification against a
> >> > freeradius server for the WLAN Users.
> >> > On the Server(OpenSUSE11.1) is a LDAP Directory and i want that the
> >> WLAN
> >> > Users have to authentificate with their accounts. After the successful
> >> > authentification they will be put into an other VLAN, that they can use
> >> > their homedirectories.
> >> >
> >> > I would like to know how I should do it, because i inform me about the
> >> > Authentification Types(EAP-TLS,TTLS,PEAP) and know I am totally
> >> confused
> >> > which i have to configure at the freeradius Server.
> > 
> > See http://deployingradius.com/documents/protocols/compatibility.html for 
> > compatibilty issues.
> > 
> > 
> > You can authenticate users using PEAP against LDAP just as long as the
> > user's 
> > entries in the LDAP DB have NT / LM password hashes. For instance, if
> > using 
> > OpenLDAP, you need to include the samba.schema in the supported schemas
> > list 
> > and then add sambaNTPassword and sambaLMPassword to each one of the user's 
> > entries  in the DB.
> > 
> > Ex:
> > 
> > "
> > dn: uid=xxx,ou=people,dc=local,dc=loc
> > objectClass: inetOrgPerson
> > objectClass: sambaSamAccount
> > uidNumber: 1
> > uid: xxx
> > userPassword:: e01ENX1mMmhLRytkajNnSSs2aEtmL3ltSnV3PT0=
> > sambaLMPassword: AB849716E6B337C43B639FCD27BDA434
> > sambaNTPassword: 9574805413661ADC5E8FA7B943026723
> > ...
> > "
> > 
> > You can hash the user's password using the smbencrypt utility.
> > 
> >> >
> >> > I think that PEAP would be the easiest, but I really don't know which
> >> can
> >> > be
> >> > used whth a dynamic VLAN.
> >> >
> >> > http://old.nabble.com/file/p26230857/1.jpeg
> >> >
> >> > The AP is an Linksys WRT-54-GS
> >> > and the Switch is an CISCO-2950
> >> >
> >> >
> >> >
> >> > --
> >> > View this message in context:
> >> >
> >> http://old.nabble.com/WLAN----Freeradius----OpenLDAP----VLANs-tp26230857p
> >> >26230857.html Sent from the FreeRadius - User mailing list archive at
> >> > Nabble.com.
> >> >
> >> > -
> >> > List info/subscribe/unsubscribe? See
> >> > http://www.freeradius.org/list/users.html
> >> 
> > 
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> > 
> > 
> 
> -- 
> View this message in context: http://old.nabble.com/WLAN----Freeradius----OpenLDAP----VLANs-tp26230857p26267282.html
> Sent from the FreeRadius - User mailing list archive at Nabble.com.
> 
> 
> 
> 
> ------------------------------
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 
> 
> End of Freeradius-Users Digest, Vol 55, Issue 32
> ************************************************
 		 	   		  
_________________________________________________________________
Windows Live: Make it easier for your friends to see what you’re up to on Facebook.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_2:092009
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091109/6c50dc03/attachment.html>


More information about the Freeradius-Users mailing list