FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 10-11-2010, 04:35 PM
Klistvud
 
Default Debian Running Radius

Dne, 11. 10. 2010 17:44:51 je Jennie Kingsland napisal(a):



There must be a way when directly at the server to cancel the radius
and

get logged in? As I've mentioned CTRL C doesn't work.


Have you tried another if virtual terminal (e.g. ctrl-alt-F2) would
give you a login prompt?



I can get to the
ok prompt but not sure what command to use and if I could change the
network config at the ok prompt or if I could somehow cancel the
startup

script at the ok prompt?


I'm afraid I don't understand what an "ok prompt" would be...




Please help out if you can?



Also I guess I shouldn't be using radius -X in my startup script, to
prevent this problem is there something else I should be using? I
tried

using radius -x (the small x) and I hit enter and then no process for
radius starts so I'm a bit confused.



As a rule, services in Debian are configured by the install scripts. If
you installed radius from official repositories, it should "just work".
Why are you trying to run it via a hand-made "startup-script"? Are you
positive you're not complicating things unnecessarily?


I apologize if my ramblings make no sense, but I've never used radius
in my life.


--
Regards,

Klistvud
Certifiable Loonix User #481801
http://bufferoverflow.tiddlyspot.com

Please reply to the list, not to me.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 1286814948.7905.2@compax">http://lists.debian.org/1286814948.7905.2@compax
 
Old 10-11-2010, 06:03 PM
Joe
 
Default Debian Running Radius

On 11/10/10 17:35, Klistvud wrote:

Dne, 11. 10. 2010 17:44:51 je Jennie Kingsland napisal(a):



There must be a way when directly at the server to cancel the radius and
get logged in? As I've mentioned CTRL C doesn't work.


It should. Works For Me (tm). But as suggested, bring up a second screen
and kill it from there.


Also I guess I shouldn't be using radius -X in my startup script, to
prevent this problem is there something else I should be using? I tried
using radius -x (the small x) and I hit enter and then no process for
radius starts so I'm a bit confused.

No, you use -X to sort out problems. In particular, nobody will lift a
finger to help with a freeradius problem unless you do start it in debug
mode and publish the output along with your enquiry. It's not a trivial
program. But use debug in a spare terminal. I've been making two ssh
connections, and leaving one running the -X option.


I wouldn't have thought you'd normally use any flag at startup.
Configuration should already be in place in the appropriate files.




As a rule, services in Debian are configured by the install scripts. If
you installed radius from official repositories, it should "just work".
Why are you trying to run it via a hand-made "startup-script"? Are you
positive you're not complicating things unnecessarily?

I apologize if my ramblings make no sense, but I've never used radius in
my life.



Freeradius is a bit of a nuisance. I'm sure there's an excellent reason
for this, but although Debian packages both freeradius and openssl, it
refuses to package freeradius with openssl support. So if you want most
of the EAP authentications, you have to compile it yourself, leaving you
to sort out details like startup.


I can't actually help with that, as I'm still using -X mode with manual
startup, as I'm taking some time discovering what 'support for 802.1x'
in a Cisco brochure actually means. At the moment, it seems to mean
'after a reboot, rip out all the wireless security stuff and re-enter
it' if you actually want the thing to talk to a Radius server.


Oh, and the freeradius certificate-building script doesn't work for
client certificates, so if you want EAP-TLS you have to scratch around
for a modified script.


--
Joe


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 4CB35184.8020004@jretrading.com">http://lists.debian.org/4CB35184.8020004@jretrading.com
 
Old 10-11-2010, 06:44 PM
"Boyd Stephen Smith Jr."
 
Default Debian Running Radius

In <4CB35184.8020004@jretrading.com>, Joe wrote:
>On 11/10/10 17:35, Klistvud wrote:
>> Dne, 11. 10. 2010 17:44:51 je Jennie Kingsland napisal(a):
>>> There must be a way when directly at the server to cancel the radius and
>>> get logged in? As I've mentioned CTRL C doesn't work.
>
>It should. Works For Me (tm). But as suggested, bring up a second screen
>and kill it from there.
>
>>> Also I guess I shouldn't be using radius -X in my startup script, to
>>> prevent this problem is there something else I should be using? I tried
>>> using radius -x (the small x) and I hit enter and then no process for
>>> radius starts so I'm a bit confused.
>
>No, you use -X to sort out problems. In particular, nobody will lift a
>finger to help with a freeradius problem unless you do start it in debug
>mode and publish the output along with your enquiry. It's not a trivial
>program. But use debug in a spare terminal. I've been making two ssh
>connections, and leaving one running the -X option.
>
>I wouldn't have thought you'd normally use any flag at startup.
>Configuration should already be in place in the appropriate files.
>
>> As a rule, services in Debian are configured by the install scripts. If
>> you installed radius from official repositories, it should "just work".
>> Why are you trying to run it via a hand-made "startup-script"? Are you
>> positive you're not complicating things unnecessarily?
>>
>> I apologize if my ramblings make no sense, but I've never used radius in
>> my life.
>
>Freeradius is a bit of a nuisance. I'm sure there's an excellent reason
>for this, but although Debian packages both freeradius and openssl, it
>refuses to package freeradius with openssl support.

Most likely because of licensing issues. OpenSSL is under a license that has
restrictions not in the GPL. The FSF's interpretation of the GPL is that
everything linked (even dynamically) into a single binary is a single "work"
under copyright.[1] The GPL requires that no additional restrictions be added
to the ones it places. This means that combining GPL source with the OpenSSL
source to produce a program/library/package results in a work with no valid
license; and Debian can't distribute copyrighted works without a valid
license.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
bss@iguanasuicide.net ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/ \_/

[1] The only time I ever read anything written by a lawyer on the topic, his
opinion was that dynamic linking doesn't create a combined work.
 
Old 10-11-2010, 08:31 PM
lee
 
Default Debian Running Radius

On Mon, Oct 11, 2010 at 04:44:51PM +0100, Jennie Kingsland wrote:
>
> Also I guess I shouldn't be using radius -X in my startup script, to
> prevent this problem is there something else I should be using?

What keeps you from booting your server without starting radius, then
logging in to the server and starting radius manually from a console?
You should always be able to "kill -9" radius from another console
then.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20101011203138.GD4178@yun.yagibdah.de">http://lists.debian.org/20101011203138.GD4178@yun.yagibdah.de
 
Old 10-11-2010, 10:03 PM
Bill Thompson
 
Default Debian Running Radius

On Mon, 11 Oct 2010 16:44:51 +0100
"Jennie Kingsland" <Jennie.Kingsland@sunderland.gov.uk> wrote:

> Hi,
>
>
>
> Not sure if you can help with this one, I have searched Google and
> also your archives but cannot find an answer to my problem.
>

If you are running Freeradius, the problem with the start-up script is
the "-X" argument which should only be used for debugging. Also, your
log directory should be specified in the config
file, /usr/local/etc/raddb/radiusd.conf and not the command line.
This would make your startup script command:

/usr/local/sbin/radiusd -d /usr/local/etc/raddb/

The big question is why compile radius from source? If you use the
Debian package for Freeradius, this is mostly done for you.

--
Bill Thompson
BillT@Mahagonny.com
 
Old 10-12-2010, 01:26 PM
Joe
 
Default Debian Running Radius

On 11/10/10 23:03, Bill Thompson wrote:


The big question is why compile radius from source? If you use the
Debian package for Freeradius, this is mostly done for you.

Because for licencing reasons the packaged version does not have SSL
support, thereby ruling out EAP-TLS and other certificate-secured
authentication methods.


Radius is typically used for securing wireless or VPN connections, and
the normal security measures for these technologies is good. Pretty much
the only reason for going to Radius is to use certificates, and then
probably only for wireless as VPN systems usually have certificate-using
modes, though they may not be as convenient for central administration
as Radius.


--
Joe


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 4CB461F2.4070402@jretrading.com">http://lists.debian.org/4CB461F2.4070402@jretrading.com
 

Thread Tools




All times are GMT. The time now is 12:32 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org