Freeradius-Users Digest, Vol 12, Issue 57

Silpa Akkina akkinasgroups at yahoo.com
Sat Apr 15 23:40:24 CEST 2006


I tried to search the source code...to find where i can edit it..to get  milliseconds resolution....but couldnt find it...can you please tell me  as to where i can edit the source code.....and how....
  
  
  Thanks,
  Silpa

freeradius-users-request at lists.freeradius.org wrote:  Send Freeradius-Users mailing list submissions to
 freeradius-users at lists.freeradius.org

To subscribe or unsubscribe via the World Wide Web, visit
 http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
 freeradius-users-request at lists.freeradius.org

You can reach the person managing the list at
 freeradius-users-owner at lists.freeradius.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."


Today's Topics:

   1. Re: Question Regarding FreeRADIUS debug ----please help! 
      (Alan DeKok)
   2. Re: FreeRADIUS 1.1.1 Segmentation fault on Fedora 4  (Alan DeKok)
   3. Re: Freeradius-Users Digest, Vol 12, Issue 56 (Out Of Office)
      (BRETT WEEAST)
   4. freeradius 1.0.5 - Max-All-Session, Max-Daily-Session and
      Max-Monthly-Session maximum value limit (James)
   5. Re: freeradius 1.0.5 - Max-All-Session, Max-Daily-Session and
      Max-Monthly-Session maximum value limit  (Alan DeKok)
   6. Simultaneous-Use Issue (James)
   7. EAP/TLS Authentication fail~~~~ (=?gb2312?B?y+8gx78=?=)


----------------------------------------------------------------------

Message: 1
Date: Wed, 12 Apr 2006 17:13:26 -0400
From: "Alan DeKok" 
Subject: Re: Question Regarding FreeRADIUS debug ----please help! 
To: FreeRadius users mailing list
 
Message-ID: <20060412211326.4676716CC1 at mail.nitros9.org>

Silpa Akkina  wrote:
> server....i think all i can get is debug with seconds resolution...but  for my 
>   
> project i have to take milli seconds readings....please help!

  Edit the source code.

  Alan DeKok.


------------------------------

Message: 2
Date: Wed, 12 Apr 2006 17:15:04 -0400
From: "Alan DeKok" 
Subject: Re: FreeRADIUS 1.1.1 Segmentation fault on Fedora 4 
To: FreeRadius users mailing list
 
Message-ID: <20060412211504.73DF516CC1 at mail.nitros9.org>

Nikolas Thoman  wrote:
> Any help in diagnosing the reason why I'm encountering a fault in
> malloc would be much appreciated.

  It usually happens because something else in the code is
over-writing a buffer, or writing to free'd memory.

  Run the server under valgrind to see what's going on.  You'll have
to pass special options to work around the infinite SSL warnings, but
those warnings can be ignored.

  Alan DeKok.


------------------------------

Message: 3
Date: Wed, 12 Apr 2006 17:40:12 -0400
From: "BRETT WEEAST" 
Subject: Re: Freeradius-Users Digest, Vol 12, Issue 56 (Out Of Office)
To: 
Message-ID: 
Content-Type: text/plain; charset=US-ASCII

I will be out of the office Thu, April 13 through Fri, April 21.  

If you require assistance prior to April 24, email the Network Services Unit at: r035 at gw.njsp.org 


>>> freeradius-users 04/12/06 17:12 >>>

Send Freeradius-Users mailing list submissions to
 freeradius-users at lists.freeradius.org

To subscribe or unsubscribe via the World Wide Web, visit
 http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
 freeradius-users-request at lists.freeradius.org

You can reach the person managing the list at
 freeradius-users-owner at lists.freeradius.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."


Today's Topics:

   1. Re: Freeradius, mysql, please help!!! (YvesDM)
   2. Re: Question (YvesDM)
   3. Re: Freeradius, mysql, please help!!! (Laker Netman)
   4. Multiple Locations and configuring 2 different methods of
      Access (James)
   5. Re: FreeRADIUS and SNMP (Kevin Bonner)
   6. FreeRADIUS 1.1.1 Segmentation fault on Fedora 4 (Nikolas Thoman)
   7. Question Regarding FreeRADIUS debug ----please help!
      (Silpa Akkina)


----------------------------------------------------------------------

Message: 1
Date: Wed, 12 Apr 2006 20:43:22 +0200
From: YvesDM 
Subject: Re: Freeradius, mysql, please help!!!
To: "FreeRadius users mailing list"
 
Message-ID:
 <799e44b30604121143g1a162577uc05f667dacdaf21f at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

On 4/12/06, A.L.M.Buxey at lboro.ac.uk  wrote:
>
> Hi,
>
> ummm. I'm not too certain here but wasnt the password you defined in the
> mySQL database for john $1$bkW9WNor$tq5sRRiUcwOV4/fwk3CYM/
> if this is a crypted password then surely the attribute is Crypt-Password
> rather than User-Password?
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>

Correct, alan DeKok told me too. I changed it, but it didn't solve the
problem.

tnx
yves
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060412/8e9693ce/attachment-0001.html

------------------------------

Message: 2
Date: Wed, 12 Apr 2006 20:58:34 +0200
From: YvesDM 
Subject: Re: Question
To: "FreeRadius users mailing list"
 
Message-ID:
 <799e44b30604121158r9a4bfb2t2031cbe602195496 at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

On 4/12/06, A.L.M.Buxey at lboro.ac.uk  wrote:
>
> Hi,
>
> > modcall: leaving group authorize (returns ok) for request 0
> >   rad_check_password:  Found Auth-Type System
> > auth: type "System"
>
> try removing the default System authentication method from your
> users file.
>
> alan


Working now!

i changed "system to "radius" in the users file and now it's working.

# First setup all accounts to be checked against the UNIX /etc/passwd.
# (Unless a password was already given earlier in this file).
#
DEFAULT Auth-Type = Radius
        Fall-Through = 1


Many tnx
Yves
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060412/2b4efff6/attachment-0001.html

------------------------------

Message: 3
Date: Wed, 12 Apr 2006 12:23:05 -0700 (PDT)
From: Laker Netman 
Subject: Re: Freeradius, mysql, please help!!!
To: FreeRadius users mailing list
 
Message-ID: <20060412192305.70689.qmail at web50507.mail.yahoo.com>
Content-Type: text/plain; charset=iso-8859-1

--- YvesDM  wrote:

> On 4/12/06, Alan DeKok  wrote:
> >
> > YvesDM  wrote:
> > > mysql> select * from radcheck;
> > >
> >
>
+----+----------+---------------+----+------------------------------------+
> > > | id | UserName | Attribute     | op |
> > Value                              |
> > >
> >
>
+----+----------+---------------+----+------------------------------------+
> > > |  1 | steve    | User-Password | :=3D |
> > $1$nyiGAEuR$5wcFr5bT7SfkVjIChnbZo0=
> > >  |
> >
> >   These are *not* clear-text passwords.  They're
> encrypted
> > passwords. Change the attribute name to
> Crypt-Password, and it should
> > work.
> >
> >   Alan DeKok.
> 
> 
> 
> Tnx for the reply, but it didn't solve my problem.
> 
>  mysql> select * from radcheck;
>
+----+----------+----------------+----+------------------------------------+
> | id | UserName | Attribute      | op | Value       
>                       |
>
+----+----------+----------------+----+------------------------------------+
> |  1 | steve    | User-Password  | := |
> $1$nyiGAEuR$5wcFr5bT7SfkVjIChnbZo0 |
> |  2 | maureen  | Crypt-Password | := |
> $1$LTvKoOtc$X2fVg8uDqyP4.mU.iLNKm0 |
> |  3 | john     | Crypt-Password | := |
> $1$bkW9WNor$tq5sRRiUcwOV4/fwk3CYM/ |
>
+----+----------+----------------+----+------------------------------------+
> 3 rows in set (0.00 sec)
> 
> mysql> quit
> Bye
> radius:/usr/local/etc/raddb# radtest john test
> localhost 1812 testing123
> Sending Access-Request of id 213 to 127.0.0.1 port
> 1812
>         User-Name = "john"
>         User-Password = "test"
>         NAS-IP-Address = 255.255.255.255
>         NAS-Port = 1812
> Re-sending Access-Request of id 213 to 127.0.0.1
> port 1812
>         User-Name = "john"
>         User-Password = "test"
>         NAS-IP-Address = 255.255.255.255
>         NAS-Port = 1812
> rad_recv: Access-Reject packet from host
> 127.0.0.1:1812, id=213, length=20
> radius:/usr/local/etc/raddb# radtest maureen test
> localhost 1812 testing123
> Sending Access-Request of id 219 to 127.0.0.1 port
> 1812
>         User-Name = "maureen"
>         User-Password = "test"
>         NAS-IP-Address = 255.255.255.255
>         NAS-Port = 1812
> Re-sending Access-Request of id 219 to 127.0.0.1
> port 1812
>         User-Name = "maureen"
>         User-Password = "test"
>         NAS-IP-Address = 255.255.255.255
>         NAS-Port = 1812
> rad_recv: Access-Reject packet from host
> 127.0.0.1:1812, id=219, length=20
> radius:/usr/local/etc/raddb#
> 
> Any other suggestions?
> 
> Yves
> > - 
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

Try switching everything back to clear text, with
User-Password attribute and *clear text passwords* and
see if anybody can auth that way.

Laker


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam
protection around 
http://mail.yahoo.com 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


------------------------------

Message: 4
Date: Wed, 12 Apr 2006 13:02:35 -0700
From: James 

Subject: Multiple Locations and configuring 2 different methods of
 Access
To: freeradius-users at lists.freeradius.org
Message-ID: <443D5CDB.1090107 at qujo.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Hello,

I am running freeradius 1.0.5 on FC4 i386

My end-users right now are getting authenticated by the login-based
mysql radcheck table from freeradius and they are coming from multiple
locations through a web-based portal redirected by their gateway.

My question is, if there is a way to setup freeradius for example: to
allow for 3 locations to login through the login based authentication
(the way it is setup right now) and at the same time grant 2 other
locations access without the need of using login based authentication, I
now there is an option to allow access without authentication, but to my
understanding this is global for all locations, I am looking for a way
to allow access without athentication for a specific location and at the
same time not interfere with the locations that are using login-based
authentication.

Is this possible? If so, where can I get more documentation on this
topic and where can I see an actual configuration example of this type
of setup?

If this is not possible "out of the box", where can I get documentation
on a work around or similar solutions?


Thank you in advance for all your help,


James




------------------------------

Message: 5
Date: Wed, 12 Apr 2006 16:34:14 -0400
From: Kevin Bonner 
Subject: Re: FreeRADIUS and SNMP
To: freeradius-users at lists.freeradius.org
Message-ID: <200604121634.20255.keb at pa.net>
Content-Type: text/plain; charset="iso-8859-15"

On Wednesday 12 April 2006 10:48, DESETech - German P. Santillan wrote:
> But... I can't obtain a valid response for OID 1.3.6.1.4.1.3317

The OIDs you want to query are:

radiusAuthServ 1.3.6.1.2.1.67.1.1.1.1.*  (or mib-2.67.1.1.1.1.*)
radiusAccServ 1.3.6.1.2.1.67.2.1.1.1.* (or mib-2.67.2.1.1.1.*)

Loading the MIBS from the mibs/ directory in the FR source will allow you to 
query the actual names instead of OIDs.

Kevin Bonner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060412/4cea40ea/attachment-0001.bin

------------------------------

Message: 6
Date: Wed, 12 Apr 2006 13:56:18 -0700 (PDT)
From: Nikolas Thoman 
Subject: FreeRADIUS 1.1.1 Segmentation fault on Fedora 4
To: freeradius-users at lists.freeradius.org
Message-ID: <20060412205618.26774.qmail at web81111.mail.mud.yahoo.com>
Content-Type: text/plain; charset="iso-8859-1"

I am running FreeRADIUS 1.1.1 on a Fedora Core 4 server (kernel 2.6.11-1.1369_FC4smp) to authenticate using EAP-SIM.
  
  After ~400 successful auths at 20 requests/second the radiusd service  encounters a segmentation fault. The output of the gdb dump is as  follows:
  
  Program received signal SIGSEGV, Segmentation fault.
  [Switching to Thread -1208572224 (LWP 9805)]
  0x0072ec33 in _int_malloc () from /lib/libc.so.6
  (gdb) bt
  #0  0x0072ec33 in _int_malloc () from /lib/libc.so.6
  #1  0x00730792 in malloc () from /lib/libc.so.6
  #2  0x005007e4 in eap_compose (handler=0x8fb8220) at eap.c:395
  #3  0x004ffa94 in eap_authenticate (instance=0x8f8e4b8, request=0x8fbe648) at rlm_eap.c:341
  #4  0x08053009 in modcall ()
  #5  0x0805351d in modcall ()
  #6  0x0805312d in modcall ()
  #7  0x080525ba in find_module_instance ()
  #8  0x0804c532 in rad_check_password ()
  #9  0x0804cb03 in rad_authenticate ()
  #10 0x08054c0a in rad_respond ()
  #11 0x08056287 in main ()
  (gdb)
  
  I have another FreeRADIUS 1.0.3 server running on a Red Hat 9 server  (kernel 2.4.20-8) that has had no problems running this kind of traffic.
  
  Any help in diagnosing the reason why I'm encountering a fault in malloc would be much appreciated.
  
  Thanks,
  Nik
  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060412/4cb8661f/attachment-0001.html

------------------------------

Message: 7
Date: Wed, 12 Apr 2006 14:02:30 -0700 (PDT)
From: Silpa Akkina 
Subject: Question Regarding FreeRADIUS debug ----please help!
To: freeradius-users at lists.freeradius.org
Message-ID: <20060412210230.59303.qmail at web30001.mail.mud.yahoo.com>
Content-Type: text/plain; charset="iso-8859-1"


Hi....i am new to this group and joined just few minutes back. I had a 
  
question  regarding how to view the milliseonds resolution in the RADIUS  
  
debug....i am trying to collect the output from the proxy radius  
  
server....i think all i can get is debug with seconds resolution...but  for my 
  
project i have to take milli seconds readings....please help!
  
>   
  
>   Thanks,
  
>   Silpa
  

http://akkinasilpa.blogspot.com

   
---------------------------------
Yahoo! Messenger with Voice. PC-to-Phone calls for ridiculously low rates.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060412/198f927e/attachment.html

------------------------------

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


End of Freeradius-Users Digest, Vol 12, Issue 56
************************************************





------------------------------

Message: 4
Date: Wed, 12 Apr 2006 17:48:54 -0700
From: James 

Subject: freeradius 1.0.5 - Max-All-Session, Max-Daily-Session and
 Max-Monthly-Session maximum value limit
To: freeradius-users at lists.freeradius.org
Message-ID: <443D9FF6.6010607 at qujo.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Hello I am using freeradius 1.0.5, what is the maximum value of seconds 
allowed in the attributes: Max-All-Session, Max-Daily-Session and 
Max-Monthly-Session ?

I cannot find this information in my research.

Thank you,

James


------------------------------

Message: 5
Date: Wed, 12 Apr 2006 20:46:02 -0400
From: "Alan DeKok" 
Subject: Re: freeradius 1.0.5 - Max-All-Session, Max-Daily-Session and
 Max-Monthly-Session maximum value limit 
To: FreeRadius users mailing list
 
Message-ID: <20060413004602.9BF7516CC1 at mail.nitros9.org>

James 
 wrote:
> Hello I am using freeradius 1.0.5, what is the maximum value of seconds 
> allowed in the attributes: Max-All-Session, Max-Daily-Session and 
> Max-Monthly-Session ?

  They're integers, so 32-bits, or 4 billion.

  Alan DeKok.


------------------------------

Message: 6
Date: Wed, 12 Apr 2006 20:55:57 -0700
From: James 

Subject: Simultaneous-Use Issue
To: freeradius-users at lists.freeradius.org
Message-ID: <443DCBCD.9050904 at qujo.com>
Content-Type: text/plain; charset=windows-1252; format=flowed

I have freeradius 1.0.5 installed

my end-users are able to login simultaneously using the same username 
and password, the radacct table is recording the aggregating session 
time that the multiple simultaneous users use.

in my radcheck table I have all my users login attributes set to:

User-Password = somepassword
Max-All-Session = 123456
Simultaneous-Use := 1

Is there extra attributes that I need to set or configuration that I 
need to add in order to not let the same user login simultaneously 
through different machines?

Thank you,

James


------------------------------

Message: 7
Date: Thu, 13 Apr 2006 14:07:38 +0800
From: =?gb2312?B?y+8gx78=?= 
Subject: EAP/TLS Authentication fail~~~~
To: freeradius-users at lists.freeradius.org
Message-ID: 
Content-Type: text/plain; charset=gb2312; format=flowed

Hi

 I want to build a freeradius+openssl server to authenticate 802.1x 
and I've installed freeradius-1.0.2 and openssl-0.9.7e
the server is built in RedHat 9 and the client is Odyssey Client Manager in 
Windows XP.

now i can use EAP/MD5 get the authentication well.
but when we use EAP/TLS, the client cannot be authenticated ~~
I don't whether it's the problem of the freeradius server configure or CAs 
or anyother 
I paste the fail information and the freeradius debug infos below.
Please give me some help ,Thanks!

there're such errors:

line242:    TLS_accept:error in SSLv3 read client certificate A

line344:    rlm_eap_tls: <<< TLS 1.0 Handshake [length 05d2], Certificate
--> verify error:num=18:self signed certificate

line361:    rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
            TLS Alert write:fatal:unknown CA
              TLS_accept:error in SSLv3 read client certificate B
            5385:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no 
certificate returned:s3_srvr.c:1989:
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.


##the debug infos of freeradius

[root at localhost sbin]# radiusd -X -A
Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /usr/local/etc/raddb/proxy.conf
Config:   including file: /usr/local/etc/raddb/clients.conf
Config:   including file: /usr/local/etc/raddb/snmp.conf
Config:   including file: /usr/local/etc/raddb/eap.conf
Config:   including file: /usr/local/etc/raddb/sql.conf
 main: prefix = "/usr/local"
 main: localstatedir = "/usr/local/var"
 main: logdir = "/usr/local/var/log/radius"
 main: libdir = "/usr/local/lib"
 main: radacctdir = "/usr/local/var/log/radius/radacct"
 main: hostname_lookups = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 1812
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_file = "/usr/local/var/log/radius/radius.log"
 main: log_auth = no
 main: log_auth_badpass = no
 main: log_auth_goodpass = no
 main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
 main: user = "(null)"
 main: group = "(null)"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"
 main: checkrad = "/usr/local/sbin/checkrad"
 main: proxy_requests = yes
 proxy: retry_delay = 5
 proxy: retry_count = 3
 proxy: synchronous = no
 proxy: default_fallback = yes
 proxy: dead_time = 120
 proxy: post_proxy_authorize = yes
 proxy: wake_all_if_all_dead = no
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary

=== message truncated ===


http://akkinasilpa.blogspot.com

			
---------------------------------
Yahoo! Messenger with Voice. PC-to-Phone calls for ridiculously low rates.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060415/ef817a8f/attachment.html>


More information about the Freeradius-Users mailing list