I have upgrade my libs, but when execute dpkg-buildpackage -uc -b(under root privilege), some error show out: ..... dpkg-buildpackage: source maintainer is Paul Hampson <Paul.Hampson@anu.edu.au> dpkg-buildpackage: host architecture is i386 debian/rules clean dh_testdir rm -f stamp-build debian/{files,substvars} debian/*.debhelper libltdl/stamp-h1 [ -f Make.inc ] && make distclean || true dh_clean rm -rf /home/software/freeradius-1.0.5/debian/freeradius for modname in krb5 ldap mysql iodbc postgresql; do \ rm -rf /home/software/freeradius-1.0.5/debian/freeradius-${modname}{,.substvars}; \ done [ -f config.sub.dist ] && rm config.sub && mv config.sub.dist config.sub || true [ -f config.guess.dist ] && rm config.guess && mv config.guess.dist config.guess || true dpatch deapply-all /bin/bash: line 1: dpatch: command not found make: *** [unpatch] Error 127 any idea? 2005/12/2, darkblue <darkblue2000@gmail.com>:
hi,
sorry to boring you. according to your comment. I encounter such error: sccgd:/home/software/freeradius-1.0.5# dpkg-buildpackage -b -uc dpkg-buildpackage: source package is freeradius dpkg-buildpackage: source version is 1.0.5-0 dpkg-buildpackage: source maintainer is Paul Hampson <Paul.Hampson@anu.edu.au> dpkg-buildpackage: host architecture is i386 dpkg-checkbuilddeps: Unmet build dependencies: debhelper (>= 4.1.68) libltdl3-dev libpam0g-dev libpq-dev | postgresql-dev libmysqlclient12-dev | libmysqlclient-dev libgdbm-dev | libgdbmg1-dev libldap2-dev libsasl2-dev libsnmp5-dev | libsnmp4.2-dev libiodbc2-dev libkrb5-dev libssl-dev libtool1.4 | libtool (< 1.5) snmp autotools-dev dpkg-buildpackage: Build dependencies/conflicts unsatisfied; aborting. dpkg-buildpackage: (Use -d flag to override.)
I also use the -d flag, but failed. any suggestion?
2005/11/23, Nicolas Baradakis <nbk@sitadelle.com>:
King, Michael wrote:
Ignore the freeRADIUS package. Due to license restrictions, it cannot contain the binaries for OpenSSL. We have to use the source.
Indeed.
Download the latest release of freeRADIUS
Unzip freeRADIUS Tar -zxvf freeradius-1.0.5.tar.gz
Switch to the directory then
./configure --disable-shared make make install
I don't recommend this method to the Debian users, because it confuses dpkg about the files installed on the system and it's not possible to uninstall the files later. I think it's a lot better to build FreeRADIUS from sources using dpkg-buildpackage.
$ tar zxf freeradius-1.0.5.tar.gz $ cd freeradius-1.0.5 $ fakeroot dpkg-buildpackage -b -uc $ sudo dpkg -i ../freeradius_1.0.5-0_i386.deb
You can look at my notes if you want: http://www.mpking.com/articles.php?lng=en&pg=55
Please add a note about dpkg-buildpackage, too.
-- Nicolas Baradakis
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- He is nothing
-- He is nothing 2005/11/27, Alhagie Puye <APuye@datawave.com>:
Thanks Dusty. That's very helpful.
I have one little problem. I was hoping someone can shed some light on it.
For the Active Directory security, I need to specify the username as "Domain\user" instead of just "user" for the identity in radiusd.conf
"user@domain.com" doesn't seem to work.
Here is the output:
rad_recv: Access-Request packet from host 192.168.42.1:50667, id=146, length=57 User-Name = "user" User-Password = "password" NAS-IP-Address = 255.255.255.255 NAS-Port = 1 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "apuye", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 4 users: Matched entry DEFAULT at line 153 modcall[authorize]: module "files" returns ok for request 4 rlm_ldap: - authorize rlm_ldap: performing user authorization for apuye radius_xlat: '(uid=apuye)' radius_xlat: 'dc=ad,dc=puyenet,dc=com' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to orion.puyenet.com:389, authentication 0 rlm_ldap: bind as cn=apuye@ad.puyenet.com,ou=users,dc=ad,dc=puyenet,dc=com/password to orion.puyenet.com:389 rlm_ldap: waiting for bind result ... rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf rlm_ldap: (re)connection attempt failed rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns fail for request 4 modcall: group authorize returns fail for request 4 Finished request 4 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 4 ID 146 with timestamp 4388ab87 Nothing to do. Sleeping until we see a request.
The radiusd.conf file looks like this for the ldap section: ldap { server = "orion.puyenet.com" # identity = "cn=admin,o=My Org,c=UA" identity = "cn=apuye@ad.puyenet.com,ou=users,dc=ad,dc=puyenet,dc=com" password = password #basedn = "o=My Org,c=UA" basedn = "dc=ad,dc=puyenet,dc=com" filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" # base_filter = "(objectclass=radiusprofile)"
Thanks in advance.
Alhagie Puye - Network Engineer Datawave Group of Companies (604)295-1817
-----Original Message----- From: freeradius-users-bounces@lists.freeradius.org [mailto:freeradius-users-bounces@lists.freeradius.org] On Behalf Of Dusty Doris Sent: November 25, 2005 9:43 AM To: FreeRadius users mailing list Subject: RE: Freeradius How to integrate Active Directory[ADIntegrationWindowsXP NTLM Tutorial]
So, the question again is if the VPN Concentrator is only sending username and password, do I need ntml_auth or ms-chap? FreeRADIUS doesn't have any usernames and password and will query Active Directory for the actual authentication.
Thanks,
If the packet is merely containing plaintext username and password, then you can probably just use rlm_ldap against AD and hit it directly. Just need to setup a user with read access to the directory to do the initial bind with and search of the user for authorization. Then the user will be authenticated by doing a bind against AD with the username/password in the packet.
BTW - I use freeradius w/ ldap for cisco VPN concentrators as well, although its openldap instead of AD. To pass back the class attribute, you must modify ldap.attrmap and specify the reply item of Class to match what you call it in the directory.
eg:
replyItem Class radiusClass
Then in the directory, you have
dn: cn=someuser,... ... radiusClass: "OU=myvpngroup;"
So, for AD, you'll need to extend the schema and add an attribute for this. Or if you already have something that you can use, just modify ldap.attrmap to know what it is.
-Dusty Doris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Disclaimer: This message (including any attachments) is confidential, may be privileged and is only intended for the person to whom it is addressed. If you have received it by mistake please notify the sender by return e-mail and delete this message from your system. Any unauthorized use or dissemination of this message in whole or in part is strictly prohibited. E-mail communications are inherently vulnerable to interception by unauthorized parties and are susceptible to change. We will use alternate communication means upon request.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- He is nothing