Freeradius-Users Digest, Vol 12, Issue 56 (Out Of Office)
BRETT WEEAST
LPPWEEAB at gw.njsp.org
Wed Apr 12 23:40:12 CEST 2006
I will be out of the office Thu, April 13 through Fri, April 21.
If you require assistance prior to April 24, email the Network Services Unit at: r035 at gw.njsp.org
>>> freeradius-users 04/12/06 17:12 >>>
Send Freeradius-Users mailing list submissions to
freeradius-users at lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
freeradius-users-request at lists.freeradius.org
You can reach the person managing the list at
freeradius-users-owner at lists.freeradius.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Re: Freeradius, mysql, please help!!! (YvesDM)
2. Re: Question (YvesDM)
3. Re: Freeradius, mysql, please help!!! (Laker Netman)
4. Multiple Locations and configuring 2 different methods of
Access (James)
5. Re: FreeRADIUS and SNMP (Kevin Bonner)
6. FreeRADIUS 1.1.1 Segmentation fault on Fedora 4 (Nikolas Thoman)
7. Question Regarding FreeRADIUS debug ----please help!
(Silpa Akkina)
----------------------------------------------------------------------
Message: 1
Date: Wed, 12 Apr 2006 20:43:22 +0200
From: YvesDM <ydmlog at gmail.com>
Subject: Re: Freeradius, mysql, please help!!!
To: "FreeRadius users mailing list"
<freeradius-users at lists.freeradius.org>
Message-ID:
<799e44b30604121143g1a162577uc05f667dacdaf21f at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
On 4/12/06, A.L.M.Buxey at lboro.ac.uk <A.L.M.Buxey at lboro.ac.uk> wrote:
>
> Hi,
>
> ummm. I'm not too certain here but wasnt the password you defined in the
> mySQL database for john $1$bkW9WNor$tq5sRRiUcwOV4/fwk3CYM/
> if this is a crypted password then surely the attribute is Crypt-Password
> rather than User-Password?
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
Correct, alan DeKok told me too. I changed it, but it didn't solve the
problem.
tnx
yves
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060412/8e9693ce/attachment-0001.html
------------------------------
Message: 2
Date: Wed, 12 Apr 2006 20:58:34 +0200
From: YvesDM <ydmlog at gmail.com>
Subject: Re: Question
To: "FreeRadius users mailing list"
<freeradius-users at lists.freeradius.org>
Message-ID:
<799e44b30604121158r9a4bfb2t2031cbe602195496 at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
On 4/12/06, A.L.M.Buxey at lboro.ac.uk <A.L.M.Buxey at lboro.ac.uk> wrote:
>
> Hi,
>
> > modcall: leaving group authorize (returns ok) for request 0
> > rad_check_password: Found Auth-Type System
> > auth: type "System"
>
> try removing the default System authentication method from your
> users file.
>
> alan
Working now!
i changed "system to "radius" in the users file and now it's working.
# First setup all accounts to be checked against the UNIX /etc/passwd.
# (Unless a password was already given earlier in this file).
#
DEFAULT Auth-Type = Radius
Fall-Through = 1
Many tnx
Yves
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060412/2b4efff6/attachment-0001.html
------------------------------
Message: 3
Date: Wed, 12 Apr 2006 12:23:05 -0700 (PDT)
From: Laker Netman <laker_netman at yahoo.com>
Subject: Re: Freeradius, mysql, please help!!!
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID: <20060412192305.70689.qmail at web50507.mail.yahoo.com>
Content-Type: text/plain; charset=iso-8859-1
--- YvesDM <ydmlog at gmail.com> wrote:
> On 4/12/06, Alan DeKok <aland at nitros9.org> wrote:
> >
> > YvesDM <ydmlog at gmail.com> wrote:
> > > mysql> select * from radcheck;
> > >
> >
>
+----+----------+---------------+----+------------------------------------+
> > > | id | UserName | Attribute | op |
> > Value |
> > >
> >
>
+----+----------+---------------+----+------------------------------------+
> > > | 1 | steve | User-Password | :=3D |
> > $1$nyiGAEuR$5wcFr5bT7SfkVjIChnbZo0=
> > > |
> >
> > These are *not* clear-text passwords. They're
> encrypted
> > passwords. Change the attribute name to
> Crypt-Password, and it should
> > work.
> >
> > Alan DeKok.
>
>
>
> Tnx for the reply, but it didn't solve my problem.
>
> mysql> select * from radcheck;
>
+----+----------+----------------+----+------------------------------------+
> | id | UserName | Attribute | op | Value
> |
>
+----+----------+----------------+----+------------------------------------+
> | 1 | steve | User-Password | := |
> $1$nyiGAEuR$5wcFr5bT7SfkVjIChnbZo0 |
> | 2 | maureen | Crypt-Password | := |
> $1$LTvKoOtc$X2fVg8uDqyP4.mU.iLNKm0 |
> | 3 | john | Crypt-Password | := |
> $1$bkW9WNor$tq5sRRiUcwOV4/fwk3CYM/ |
>
+----+----------+----------------+----+------------------------------------+
> 3 rows in set (0.00 sec)
>
> mysql> quit
> Bye
> radius:/usr/local/etc/raddb# radtest john test
> localhost 1812 testing123
> Sending Access-Request of id 213 to 127.0.0.1 port
> 1812
> User-Name = "john"
> User-Password = "test"
> NAS-IP-Address = 255.255.255.255
> NAS-Port = 1812
> Re-sending Access-Request of id 213 to 127.0.0.1
> port 1812
> User-Name = "john"
> User-Password = "test"
> NAS-IP-Address = 255.255.255.255
> NAS-Port = 1812
> rad_recv: Access-Reject packet from host
> 127.0.0.1:1812, id=213, length=20
> radius:/usr/local/etc/raddb# radtest maureen test
> localhost 1812 testing123
> Sending Access-Request of id 219 to 127.0.0.1 port
> 1812
> User-Name = "maureen"
> User-Password = "test"
> NAS-IP-Address = 255.255.255.255
> NAS-Port = 1812
> Re-sending Access-Request of id 219 to 127.0.0.1
> port 1812
> User-Name = "maureen"
> User-Password = "test"
> NAS-IP-Address = 255.255.255.255
> NAS-Port = 1812
> rad_recv: Access-Reject packet from host
> 127.0.0.1:1812, id=219, length=20
> radius:/usr/local/etc/raddb#
>
> Any other suggestions?
>
> Yves
> > -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Try switching everything back to clear text, with
User-Password attribute and *clear text passwords* and
see if anybody can auth that way.
Laker
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam
protection around
http://mail.yahoo.com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
------------------------------
Message: 4
Date: Wed, 12 Apr 2006 13:02:35 -0700
From: James <list-freeradius at qujo.com>
Subject: Multiple Locations and configuring 2 different methods of
Access
To: freeradius-users at lists.freeradius.org
Message-ID: <443D5CDB.1090107 at qujo.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Hello,
I am running freeradius 1.0.5 on FC4 i386
My end-users right now are getting authenticated by the login-based
mysql radcheck table from freeradius and they are coming from multiple
locations through a web-based portal redirected by their gateway.
My question is, if there is a way to setup freeradius for example: to
allow for 3 locations to login through the login based authentication
(the way it is setup right now) and at the same time grant 2 other
locations access without the need of using login based authentication, I
now there is an option to allow access without authentication, but to my
understanding this is global for all locations, I am looking for a way
to allow access without athentication for a specific location and at the
same time not interfere with the locations that are using login-based
authentication.
Is this possible? If so, where can I get more documentation on this
topic and where can I see an actual configuration example of this type
of setup?
If this is not possible "out of the box", where can I get documentation
on a work around or similar solutions?
Thank you in advance for all your help,
James
------------------------------
Message: 5
Date: Wed, 12 Apr 2006 16:34:14 -0400
From: Kevin Bonner <keb at pa.net>
Subject: Re: FreeRADIUS and SNMP
To: freeradius-users at lists.freeradius.org
Message-ID: <200604121634.20255.keb at pa.net>
Content-Type: text/plain; charset="iso-8859-15"
On Wednesday 12 April 2006 10:48, DESETech - German P. Santillan wrote:
> But... I can't obtain a valid response for OID 1.3.6.1.4.1.3317
The OIDs you want to query are:
radiusAuthServ 1.3.6.1.2.1.67.1.1.1.1.* (or mib-2.67.1.1.1.1.*)
radiusAccServ 1.3.6.1.2.1.67.2.1.1.1.* (or mib-2.67.2.1.1.1.*)
Loading the MIBS from the mibs/ directory in the FR source will allow you to
query the actual names instead of OIDs.
Kevin Bonner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060412/4cea40ea/attachment-0001.bin
------------------------------
Message: 6
Date: Wed, 12 Apr 2006 13:56:18 -0700 (PDT)
From: Nikolas Thoman <nikthoman at yahoo.com>
Subject: FreeRADIUS 1.1.1 Segmentation fault on Fedora 4
To: freeradius-users at lists.freeradius.org
Message-ID: <20060412205618.26774.qmail at web81111.mail.mud.yahoo.com>
Content-Type: text/plain; charset="iso-8859-1"
I am running FreeRADIUS 1.1.1 on a Fedora Core 4 server (kernel 2.6.11-1.1369_FC4smp) to authenticate using EAP-SIM.
After ~400 successful auths at 20 requests/second the radiusd service encounters a segmentation fault. The output of the gdb dump is as follows:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1208572224 (LWP 9805)]
0x0072ec33 in _int_malloc () from /lib/libc.so.6
(gdb) bt
#0 0x0072ec33 in _int_malloc () from /lib/libc.so.6
#1 0x00730792 in malloc () from /lib/libc.so.6
#2 0x005007e4 in eap_compose (handler=0x8fb8220) at eap.c:395
#3 0x004ffa94 in eap_authenticate (instance=0x8f8e4b8, request=0x8fbe648) at rlm_eap.c:341
#4 0x08053009 in modcall ()
#5 0x0805351d in modcall ()
#6 0x0805312d in modcall ()
#7 0x080525ba in find_module_instance ()
#8 0x0804c532 in rad_check_password ()
#9 0x0804cb03 in rad_authenticate ()
#10 0x08054c0a in rad_respond ()
#11 0x08056287 in main ()
(gdb)
I have another FreeRADIUS 1.0.3 server running on a Red Hat 9 server (kernel 2.4.20-8) that has had no problems running this kind of traffic.
Any help in diagnosing the reason why I'm encountering a fault in malloc would be much appreciated.
Thanks,
Nik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060412/4cb8661f/attachment-0001.html
------------------------------
Message: 7
Date: Wed, 12 Apr 2006 14:02:30 -0700 (PDT)
From: Silpa Akkina <akkinasgroups at yahoo.com>
Subject: Question Regarding FreeRADIUS debug ----please help!
To: freeradius-users at lists.freeradius.org
Message-ID: <20060412210230.59303.qmail at web30001.mail.mud.yahoo.com>
Content-Type: text/plain; charset="iso-8859-1"
Hi....i am new to this group and joined just few minutes back. I had a
question regarding how to view the milliseonds resolution in the RADIUS
debug....i am trying to collect the output from the proxy radius
server....i think all i can get is debug with seconds resolution...but for my
project i have to take milli seconds readings....please help!
>
> Thanks,
> Silpa
http://akkinasilpa.blogspot.com
---------------------------------
Yahoo! Messenger with Voice. PC-to-Phone calls for ridiculously low rates.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060412/198f927e/attachment.html
------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
End of Freeradius-Users Digest, Vol 12, Issue 56
************************************************
More information about the Freeradius-Users
mailing list