Re: Freeradius-Users Digest, Vol 69, Issue 104
vijay s sheelavantar
s_vijay65 at rediffmail.com
Tue Feb 1 06:27:40 CET 2011
Thanks for the reply ... I solved this problem by making some changes in Makefile. added below lines in Makefile to solve Faulty module pam_radius_auth.so error.
md5.o: md5.c md5.h $(cc) $(CFLAGS) -c md5.c -o md5.o
On Mon, 31 Jan 2011 17:12:49 , freeradius-users-request at lists.freeradius.org wrote
Send Freeradius-Users mailing list submissions to
freeradius-users at lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
freeradius-users-request at lists.freeradius.org
You can reach the person managing the list at
freeradius-users-owner at lists.freeradius.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Re: Treating octets as string (Alan DeKok)
2. Faulty module pam_radius_auth.so (vijay s sheelavantar)
3. Re: Faulty module pam_radius_auth.so (Peter Lambrechtsen)
4. Exec Module FreeRADIUS Version 2.1.8 (hollman.diaz)
5. Re: deny access with huntgroups (tragus)
6. max_requests and db connection and oracle issues? (Omer Faruk SEN)
----------------------------------------------------------------------
Message: 1
Date: Sun, 30 Jan 2011 17:09:41 +0100
From: Alan DeKok <aland at deployingradius.com>
Subject: Re: Treating octets as string
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID: <4D458D45.5090705 at deployingradius.com>
Content-Type: text/plain; charset=ISO-8859-1
Brian Candler wrote:
> OK, I've had a go at a patch. You can find it at
> https://github.com/candlerb/freeradius-server/tree/candlerb/string_expansion
>
> Aside: I guess you can't use this if you have an 'octets' value with an
> embedded null. If I set
That's easy enough to fix, and the server already includes code to
handle non-printable characters in a string.
> Also, while doing this I also discovered a bug in the %{integer:...}
> expansion: it will cause freeradius to segfault if the vp is known in the
> dictionary but is not present in the request (radius_get_vp will return true
> but set vp to NULL). The fix is also in that branch, but I'll post it here
> too:
Whoops. That needs fixing, yes.
I've pushed fixes to the git repository.
Alan DeKok.
------------------------------
Message: 2
Date: 31 Jan 2011 01:07:54 -0000
From: "vijay s sheelavantar" <s_vijay65 at rediffmail.com>
Subject: Faulty module pam_radius_auth.so
To: "freeradius-users" <freeradius-users at lists.freeradius.org>
Message-ID: <20110131010754.9001.qmail at f4mail211.rediffmail.com>
Content-Type: text/plain; charset="utf-8"
Hello Friends,
I have compiled pam_radius_auth.so for MIPS architecture. I am linking the libraries as follows. $(LD) -Bshareable pam_radius_auth.o md5.o -lpam -o pam_radius_auth.soI tried by linking (-lc) also. but authentication is failing. I have captured the log from /var/log/auth.log. and it says the error as below.
Jan 31 10:11:10 (none) sshd[25680]: PAM unable to dlopen(/lib/security/pam_radius_auth.so)Jan 31 10:11:10 (none) sshd[25680]: PAM [dlerror: /lib/security/pam_radius_auth.so: undefined symbol: pra_MD5Init]Jan 31 10:11:10 (none) sshd[25680]: PAM adding faulty module: /lib/security/pam_radius_auth.so
kindly help me to solve this problem.
Thanks and Regards,
VIJAY S.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110131/d0e03a41/attachment.html>
------------------------------
Message: 3
Date: Mon, 31 Jan 2011 14:50:25 +1300
From: Peter Lambrechtsen <plambrechtsen at gmail.com>
Subject: Re: Faulty module pam_radius_auth.so
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID:
<AANLkTinPWP8pZYQtA=gg-7OswJzXNQ5nLe+sP4FPaH3X at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
You may have the same problem as we did with how UNIT4 was defined.
http://lists.freeradius.org/pipermail/freeradius-users/2010-September/msg00637.html
In the radius.h
-typedef unsigned long UINT4;
+typedef uint32_t UINT4;
Cheers
Peter
On Mon, Jan 31, 2011 at 2:07 PM, vijay s sheelavantar <
s_vijay65 at rediffmail.com> wrote:
> Hello Friends,
>
> I have compiled pam_radius_auth.so for MIPS architecture. I am linking the
> libraries as follows.
> * $(LD) -Bshareable pam_radius_auth.o md5.o -lpam -o pam_radius_auth.so*
> I tried by linking (-lc) also. but authentication is failing. I have
> captured the log from /var/log/auth.log. and it says the error as below.
>
> Jan 31 10:11:10 (none) sshd[25680]: PAM unable to
> dlopen(/lib/security/pam_radius_auth.so)
> Jan 31 10:11:10 (none) sshd[25680]: PAM [dlerror:
> /lib/security/pam_radius_auth.so: undefined symbol: pra_MD5
> Init]
> Jan 31 10:11:10 (none) sshd[25680]: PAM adding faulty module:
> /lib/security/pam_radius_auth.so
>
> kindly help me to solve this problem.
>
> Thanks and Regards,
> VIJAY S.
>
>
> <http://sigads.rediff.com/RealMedia/ads/click_nx.ads/www.rediffmail.com/signatureline.htm@Middle?>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110131/a3f64a46/attachment.html>
------------------------------
Message: 4
Date: Sun, 30 Jan 2011 17:50:32 -0800 (PST)
From: "hollman.diaz" <hollman.diaz at gmail.com>
Subject: Exec Module FreeRADIUS Version 2.1.8
To: freeradius-users at lists.freeradius.org
Message-ID: <1296438632053-3363953.post at n5.nabble.com>
Content-Type: text/plain; charset=us-ascii
Hi everybody
I'm trying to change the Auth-Type attribute with an external application.
I'm using FreeRADIUS Version 2.1.8 and Ubuntu 10.04
What files do I should modify?
I have tried with:
/etc/freeradius/radiusd.conf:
...
instantiate {
#
# Allows the execution of external scripts.
# The entire command line (and output) must fit into 253 bytes.
#
# e.g. Framed-Pool = `%{exec:/bin/echo foo}`
exec ven{
wait = yes
program = "/etc/disconnect/php return.php
%{Calling-Station-Id}"
input_pairs = request
output_pairs = reply
shell_escape = yes
}
/etc/freeradius/sites-enabled/default
post-auth {
...
exec ven{
wait = yes
program = "/etc/disconnect/php return.php
%{Calling-Station-Id}"
input_pairs = request
output_pairs = reply
shell_escape = yes
}
/etc/freeradius/modules/exec
...
# See also "echo" for more sample configuration.
#
exec ven{
wait = yes
program = "/etc/disconnect/php return.php
%{Calling-Station-Id}"
input_pairs = request
output_pairs = reply
shell_escape = yes
}
And /etc/freeradius/users:
...
DEFAULT Auth-Type := '%{exec:/etc/disconnect/php return.php
%{Calling-Station-Id}}'
Fall-Through = No
External application is /etc/disconnect/return.php and it returns Accept or
Reject values.
I have read several forums but I do not understand the procedure. I would
appreciate a step by step procedure :)
Running freeradius -X, I get (with no modifications in
/etc/freeradius/users):
...
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
/etc/freeradius/sites-enabled/default[464]: Failed to find module "exec".
/etc/freeradius/sites-enabled/default[435]: Errors parsing post-auth
section.
Line 464 is
exec ven{
and line 435 is
post-auth {
Thanks in advance,
Hollman Diaz
--
View this message in context: http://freeradius.1045715.n5.nabble.com/Exec-Module-FreeRADIUS-Version-2-1-8-tp3363953p3363953.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
------------------------------
Message: 5
Date: Sun, 30 Jan 2011 23:27:11 -0800 (PST)
From: tragus <francois.michaud91 at laposte.net>
Subject: Re: deny access with huntgroups
To: freeradius-users at lists.freeradius.org
Message-ID: <1296458831303-3364120.post at n5.nabble.com>
Content-Type: text/plain; charset=us-ascii
hello, I read your talks and I have the same problem, what you said help me,
but I can't find the right request to make in
/etc/raddb/sites-enabled/default in the section authorize just under
preprocess, can you send to me the request you have made. I will be so
thanksfull.
--
View this message in context: http://freeradius.1045715.n5.nabble.com/deny-access-with-huntgroups-tp2780330p3364120.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
------------------------------
Message: 6
Date: Mon, 31 Jan 2011 09:58:05 +0200
From: Omer Faruk SEN <omerfsen at gmail.com>
Subject: max_requests and db connection and oracle issues?
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID:
<AANLkTikjcHvJv+PeWL9Hnf+=T=FgUY_61zmTkL0iMF8Y at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Hi,
How can I see the online radius sessions on a certain time? Btw I am
having db connection issues but there is no log at radius.log about db
connection reset or connection problems. How can i see active db
sessions used by radiusd? I want to correlate radiusd connections and
db connections
Also my db connection string is :
RADIUSDB=(DESCRIPTION=(LOAD_BALANCE=yes)(FAILOVER=on)(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=XXX.YYY.ZZZ.TTT)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST=AAA.BBB.CCC.DDD)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST=QQQ.WWW.RRR.TTT)(PORT=1521)))(CONNECT_DATA=(SERVER=dedicated)(SERVICE_NAME=RADIUSDB)(failover_mode=
(type = session) (method = basic)(RETRIES=180)(DELAY=5))))
Is this a supported method for FreeRadius Daemon? I have 3 servers
with failover. Does radiusd support failover method used here?
regards.
------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
End of Freeradius-Users Digest, Vol 69, Issue 104
*************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110201/b451b1aa/attachment.html>
More information about the Freeradius-Users
mailing list