Re: Ubuntu FreeRadius does not recoginize some perl.so symbols and does not compile from source and is also outdated (Why is there no new version in SID? Is the package still maintained?)
Freeradius does not build from source. Yes. It does. But you are compiling some random external flavour. Download the source from freeradius.org and report what happens alan
Hello Alan,
Freeradius does not build from source. Yes. It does. But you are compiling some random external flavour. Download the source from freeradius.org and report what happens.
my subject line was misleading. I meant that the Debian package is so broken that it doesn't even compile from source (apt-get build-dep freeradius; apt-get source freeradius; cd freeradius-2.1.10+dfsg; debian/rules binary). I know that Freeradius compiles, I always use the following on Debian to get a version I can work with: sudo apt-get install ssh sudo gcc libssl-dev make openssl ./configure --with-openssl --prefix=/local/freeradius-server-2.2.0; make; make install I put the FreeRadius list on CC because I get technical solution from here. Cheers, Thomas
Hi,
I put the FreeRadius list on CC because I get technical solution from here.
the version from freeradius.org works - you need to contact Debian to get them to fix their packages. alan
Hello Alan,
Yes. It does. But you are compiling some random external flavour. Download the source from freeradius.org and report what happens
yes, you're right and I just noticed that the freeradius git tree contains a Debian folder which build packages which not only compile, now I try to migrate my configuration, but the hints no longer work. My configuration is pretty simple: (freeradius) [/etc/freeradius] cat sites-available/smsotp server default { listen { ipaddr = * type = auth } authenticate { perl } authorize { update control { Auth-Type := perl } preprocess } preacct { preprocess acct_unique } accounting { } session { } } (freeradius) [/etc/freeradius] cat hints DEFAULT User-Name =~ "^v104\\\\([^@]+)" User-Name := "%{1}@V104.GMVL.DE" DEFAULT User-Name =~ "^([^@]+)@v104.gmvl.de" User-Name := "%{1}@V104.GMVL.DE" (freeradius) [/etc/freeradius] cat clients.conf client 10.104.1.0 { secret = testing123 shortname = netscaler } client 127.0.0.1 { secret = testing123 shortname = cs-01 } In freeradius-2.2.0 the v104\Administrator got rewritten in Administrator@V104.GMVL.DE but with the curren version it does not work. Any idea what I'm doing wrong? (freeradius) [/etc/freeradius] freeradius -X freeradius: FreeRADIUS Version 3.0.0 (git #adfdfe7), for host x86_64-pc-linux-gnu, built on Jul 21 2013 at 17:07:13 Copyright (C) 1999-2013 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License. For more information about these matters, see the file named COPYRIGHT. Starting - reading configuration files ... including dictionary file /etc/freeradius/dictionary including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/mods-enabled/ including configuration file /etc/freeradius/mods-enabled/preprocess including configuration file /etc/freeradius/mods-enabled/perl including files in directory /etc/freeradius/policy.d/ including configuration file /etc/freeradius/policy.d/dhcp including configuration file /etc/freeradius/policy.d/control including configuration file /etc/freeradius/policy.d/accounting including configuration file /etc/freeradius/policy.d/cui including configuration file /etc/freeradius/policy.d/eap including configuration file /etc/freeradius/policy.d/operator-name including configuration file /etc/freeradius/policy.d/canonicalization including configuration file /etc/freeradius/policy.d/filter including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/smsotp main { security { allow_core_dumps = no } } main { name = "radiusd" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/freeradius" run_dir = "/var/run/radiusd" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/radiusd/radiusd.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no colourise = yes } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "testing123" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 revive_interval = 120 status_check_timeout = 4 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client 10.104.1.0 { require_message_authenticator = no secret = "testing123" shortname = "netscaler" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 127.0.0.1 { require_message_authenticator = no secret = "testing123" shortname = "cs-01" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } radiusd: #### Instantiating modules #### instantiate { } modules { # Loaded module rlm_preprocess # Instantiating module "preprocess" from file /etc/freeradius/mods-enabled/preprocess preprocess { huntgroups = "/etc/freeradius/mods-config/preprocess/huntgroups" hints = "/etc/freeradius/mods-config/preprocess/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } reading pairlist file /etc/freeradius/mods-config/preprocess/huntgroups reading pairlist file /etc/freeradius/mods-config/preprocess/hints # Loaded module rlm_perl # Instantiating module "perl" from file /etc/freeradius/mods-enabled/perl perl { filename = "/etc/freeradius/smsotp_krb5_3strikes.pl" func_authorize = "authorize" func_authenticate = "authenticate" func_post_auth = "post_auth" func_accounting = "accounting" func_preacct = "preacct" func_checksimul = "checksimul" func_detach = "detach" func_xlat = "xlat" func_pre_proxy = "pre_proxy" func_post_proxy = "post_proxy" func_recv_coa = "recv_coa" func_send_coa = "send_coa" } } # modules radiusd: #### Loading Virtual Servers #### server { # from file /etc/freeradius/radiusd.conf } # server server default { # from file /etc/freeradius/sites-enabled/smsotp # Creating Auth-Type = perl # Loading authenticate {...} # Loading authorize {...} # Loading preacct {...} # Loading virtual module acct_unique } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 } Listening on auth address * port 1812 as server default Opening new proxy address * port 1814 Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 10.104.1.0 port 52437, id=174, length=58 User-Name = 'v104\\Administrator' User-Password = 'Pa$$w0rd' (0) # Executing section authorize from file /etc/freeradius/sites-enabled/smsotp (0) group authorize { (0) - entering group authorize {...} (0) update control { (0) Auth-Type := perl (0) } # update control = notfound (0) [preprocess] = ok (0) Found Auth-Type = perl (0) # Executing group from file /etc/freeradius/sites-enabled/smsotp (0) group authenticate { (0) - entering group authenticate {...} rlm_perl: authenticate: user unknown in database rlm_perl: Added pair User-Name = v104\\Administrator rlm_perl: Added pair User-Password = Pa$$w0rd rlm_perl: Added pair NAS-IP-Address = 10.104.1.0 rlm_perl: Added pair Auth-Type = perl (0) [perl] = reject (0) Failed to authenticate the user. (0) Using Post-Auth-Type Reject (0) WARNING: Unknown value specified for Post-Auth-Type. Cannot perform requested action. (0) Finished request 0. Waking up in 0.3 seconds. Waking up in 0.6 seconds. (0) Sending delayed reject Sending Access-Reject of id 174 from 10.104.252.162 port 1812 to 10.104.1.0 port 52437 Waking up in 4.9 seconds. (0) Cleaning up request packet ID 174 with timestamp +7 Ready to process requests. Cheers, Thomas
Hello, * Thomas Glanzmann <thomas@glanzmann.de> [2013-07-21 18:24]:
hints = "/etc/freeradius/mods-config/preprocess/hints"
I noticed that the wrong hints file was specified, however after updating, it still does not work, but the output now looks different: Ready to process requests. rad_recv: Access-Request packet from host 10.104.1.0 port 64254, id=195, length=58 User-Name = 'v104\\Administrator' User-Password = 'Pa$$w0rd' (0) # Executing section authorize from file /etc/freeradius/sites-enabled/smsotp (0) group authorize { (0) - entering group authorize {...} (0) update control { (0) Auth-Type := perl (0) } # update control = notfound (0) preprocess : expand: "^v104\([^@]+)" -> '^v104\[^@]+))' (0) preprocess : expand: "^([^@]+)@v104.gmvl.de" -> '^([^@]+)@v104.gmvl.de' (0) [preprocess] = ok (0) Found Auth-Type = perl (0) # Executing group from file /etc/freeradius/sites-enabled/smsotp (0) group authenticate { (0) - entering group authenticate {...} rlm_perl: authenticate: user unknown in database rlm_perl: Added pair User-Name = v104\\Administrator rlm_perl: Added pair User-Password = Pa$$w0rd rlm_perl: Added pair NAS-IP-Address = 10.104.1.0 rlm_perl: Added pair Auth-Type = perl (0) [perl] = reject (0) Failed to authenticate the user. (0) Using Post-Auth-Type Reject (0) WARNING: Unknown value specified for Post-Auth-Type. Cannot perform requested action. (0) Finished request 0. Waking up in 0.3 seconds. Waking up in 0.6 seconds. (0) Sending delayed reject Sending Access-Reject of id 195 from 10.104.252.162 port 1812 to 10.104.1.0 port 64254 Waking up in 4.9 seconds. (0) Cleaning up request packet ID 195 with timestamp +5 Ready to process requests. Full output: http://pbot.rmdir.de/IRC6zW11GNEWEFpMx0a13w Cheers, Thomas
participants (3)
-
A.L.M.Buxey@lboro.ac.uk -
Alan Buxey -
Thomas Glanzmann