Re: Free RADIUS tutorials or manuals?

maybe you can't get what you want. i think the begin is reading RFC2865. and then you can download the freeradius' source code. reading src/README, FAQ. etc. doc/README, aaa.txt, configurable_failover, module_interface, processing_users_file.

Re: Free RADIUS tutorials or manuals?

t q+  - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: malformed EAPOL-Key with LEAP and AEGIS Client

Hi Artur, Thanks for the info about the EAPOL packets. I've installed the latest drivers both for the AP and the pcmcia card. It seems that the AP340 has a bug(?:( Is there any website of Cisco where I can post my question? Thanks, Marios -Original Message- From: [EMAIL PROTECTED]

Users in LDAP and mysql

Hi to all, I want to ask this: using freeradius, can you have users in LDAP and mysql so doing authentication from both simultaneous? Thanks a lot Costas A. Christonis Networking Communications Centre Gallos Campus - University of Crete email: [EMAIL PROTECTED] http://www.ucnet.uoc.gr/

Class Attribute

Hi all, maybe a totally stupid question when I read the RFC 2865 RADIUS- then there is a section about CLASS attribute stateing : 5.25. Class Description This Attribute is available to be sent by the server to the client in an Access-Accept and SHOULD be sent unmodified by the

Re: Free RADIUS tutorials or manuals?

On Wed, 19 Nov 2003, ylei wrote: maybe you can't get what you want. i think the begin is reading RFC2865. and then you can download the freeradius' source code. reading src/README, FAQ. etc. doc/README, aaa.txt, configurable_failover, module_interface,

Re: Users in LDAP and mysql

On Wed, 19 Nov 2003, Costas Christonis wrote: Hi to all, I want to ask this: using freeradius, can you have users in LDAP and mysql so doing authentication from both simultaneous? In general yes. Though you will probably need to play with Autz-Type and Auth-Type to get that working ok

Re: tunneling

From dictionary.tunnel... ATTRIBUTE Tunnel-Type 64 integer has_tag what is mean by has_tag?? I'm currently working on RADIUS - MPLS-VPN project, and from example given by cisco.. Some of attributes needed for doing L2TP tunnelling are as below: Tunnel-Type =

Re: malformed EAPOL-Key with LEAP and AEGIS Client

hi Thanks for the info about the EAPOL packets. I've installed the latest drivers both for the AP and the pcmcia card. It seems that the AP340 has a bug(?:( Is there any website of Cisco where I can post my question? i've been using an AP340 with the 12T release for a quite a while now and i

Re: Class Attribute

Michael Kopp [EMAIL PROTECTED] wrote: If I look at the dictonary file of freeradius I see ATTRIBUTEClass 25 octets So shouldn`t this be like : ATTRIBUTE Class 25 string ?!? No. The string type in the RFC simply means that the attribute is variable

Re: Illegal attributes in update packets?

Alex French [EMAIL PROTECTED] wrote: Having read the RFCs (well, skimmed them at least) I am aware that including Acct-Session-Time, Acct-Output-Octets and Acct-Input-Octets in UPDATE messages is illegal. However, we have what we think is a good reason to do it, and freeradius seems to

RE: Documentation Suggestion

This question seems to aim for a FAQ question :) Jon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Alan DeKok Sent: Tuesday, November 18, 2003 9:27 PM Subject: Re: Documentation Suggestion Anson Rinesmith [EMAIL PROTECTED] wrote: What's the

RE: malformed EAPOL-Key with LEAP and AEGIS Client

Artur, Have you checked if the last EAPOL-Key is malformed. It works fine for me too even if the packet is not correct !! I tried to pass traffic with WEP enabled and I didn't have any problem, but I don't know if this packet should be malformed anyway!! Could you please try to pass traffic using

RE: cisco authorization through freeradius

On Tue, 18 Nov 2003, John A. Hengstler wrote: Greetings. I have an Cisco as5300 that I am using for Dial customers. The customer connects, the authentication comes through, but then at the authorization level the connection gets dropped by the nas.. Are there any suggested attributes to

RE: cisco authorization through freeradius

On Tue, 18 Nov 2003, John A. Hengstler wrote: Greetings. I have an Cisco as5300 that I am using for Dial customers. The customer connects, the authentication comes through, but then at the authorization level the connection gets dropped by the nas.. Are there any suggested

Re: Multiple realm authentication with FreeRADIUS back to Active Directory?

Heiden, John [EMAIL PROTECTED] wrote: I am assuming I need to somehow have FreeRADIUS add a realm to the incoming information first, then pass that back to the Active Directory server? Are you using FreeRADIUS to put the users into different realms, or are the users logging in with different

Sample PEAP or TTLS with LDAP

Hello, I would like, for testing, a sample configuration for freeradius with peap or EAP/TTLS with a openLDAP server backend. Thanks. Escuse my english -- GQS - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Multiple realm authentication with FreeRADIUS back to Active Directory?

I'm sorry, I should have been more specific. I have multiple Cisco access servers (AS5300/AS5350/AS5400) and some are in one pool of users, some are in another, and some are in still another. I think about 5 different pools. So kind of imagine a tree of sorts. The leaves/branches are the Cisco

Interim accounting update +mysql

-Name = shawn' rlm_acct_unique: Acct-Unique-Session-ID = f56023f6b2ffca98. modcall[accounting]: module acct_unique returns ok radius_xlat: '/usr/local/var/log/radius/radacct/205.28.26.18/detail-20031119' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /usr

Re: Multiple realm authentication with FreeRADIUS back to Active Directory?

Heiden, John [EMAIL PROTECTED] wrote: So kind of imagine a tree of sorts. The leaves/branches are the Cisco AS servers, they go back and authenticate to a Linux server with Free Radius. The Linux/FreeRADIUS server then ultimately authenticates the users back to an AD server. But the

Re: Interim accounting update +mysql

= 205.28.26.18,NAS-IP-Address = 205.28.26.18,Acc t-Session-Id = 8120001a,User-Name = shawn' rlm_acct_unique: Acct-Unique-Session-ID = f56023f6b2ffca98. modcall[accounting]: module acct_unique returns ok radius_xlat: '/usr/local/var/log/radius/radacct/205.28.26.18/detail-20031119' rlm_detail

Re: double Login

Am Die, 2003-11-18 um 20.26 schrieb Mario Duve: Hello, how I can reach, which can log in each user, not two times at the same time? The Simultaneous-Use Attribute not work in my groupcheck. that's what it should look like... | id | groupname |attribute | op | value

My problem with PEAP

Hey everyone, I continue to have a problem using peap with freeradius-snapshot-20031110. From what I have read about EAP, and from my discussions with others on this list, I believe I am seeing a problem from freeradius. Please correct me if I am wrong. According to the documentation in

RE: Multiple realm authentication with FreeRADIUS back to Active Directory?

The idea is that the only place where pool membership would be defined is in the AD. The problem is that each pool needs to be independent, and sometimes users move between pools. And the only place (that they want to keep track of ) membership is in the AD. That kind of sucks about CHAP. OH

Re: My problem with PEAP

Umm... dumb question, but you don't have eap listed in the authenticate section of your radiusd.conf file twice do you? --Mike On Wed, 2003-11-19 at 12:31, Bill Reid wrote: Hey everyone, I continue to have a problem using peap with freeradius-snapshot-20031110. From what I have read

Re: My problem with PEAP

I am asking the dumb questions here! No I don't. thanks Mike. -=Bill Michael Griego wrote: Umm... dumb question, but you don't have eap listed in the authenticate section of your radiusd.conf file twice do you? --Mike On Wed, 2003-11-19 at 12:31, Bill Reid wrote: Hey everyone, I continue

Re: My problem with PEAP

Bill Reid [EMAIL PROTECTED] wrote: I continue to have a problem using peap with freeradius-snapshot-20031110. From what I have read about EAP, and from my discussions with others on this list, I believe I am seeing a problem from freeradius. I've looked at your packet trace, and there

Re: My problem with PEAP

On Wed, 2003-11-19 at 13:09, Alan DeKok wrote: From the debug output, it looks like you've managed to make the server call the EAP module *twice* for the request, during the authenticate stage. I have no clue how you managed to do this, but it's definitely wrong. That's exactly what I'm

Cisco VPN 3000 experience

Hi list, I was wondering what peoples experiences have been with using FreeRadius with the cisco VPN 3000 concentrator. Are there any documents outlining this? Thanks, Dan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Cisco VPN 3000 experience

I have two 3005s and a 3015 that authenticate users via Freeradius. It just works right out of the box. I'm using our central LDAP directory that already contains user authentication info. -Tom On Wed, Nov 19, 2003 at 03:46:18PM -0500, Dan Didier wrote: Hi list, I was wondering what peoples

Mysql and Assigning an IP

I have freeradius/mysql setup authenticating on a MAX2000, the Max has the IP pool. I would like to know how to setup mysql/freeradius to handle giving out the IP. Im sure I its just setting up the table, but I dont know the syntax.

Can this be done first time user

Hello everyone, I've never used FreeRadius before. I think I successfully installed it on RedHat and it seems to start up OK. I added my windows XP IP address in the clients file along with a key; added the same IP address, short name, and portslave as the type; and uncommented out the 3 lines

Re: Can this be done first time user

FOR MAC based auth only - Make sure the IP address of you AP's are in the clients.conf - edit the users file and add the MAC address of the clients as the user name. Thepassword is the key you set on your AP's. Ken Connell Intermediate Network Engineer Computer Communication Services Ryerson

Limiting access at a proxy server based on Called-Station-ID

I've been asked if the following is possible. We operate a pair of radius servers that proxy several realms to their respective home servers. We need to limit their users access based on Called-Station-ID. When the Auth request comes in from the NAS, I need to be able to consult a (possibly

RE: Cisco VPN 3000 experience

Do you use group functions, or is everyone in the base group? Thanks, Dan -Original Message- From: Tom Miller [mailto:[EMAIL PROTECTED] Sent: Wed 11/19/2003 4:14 PM To: [EMAIL PROTECTED] Cc: Subject: Re: Cisco VPN 3000 experience

Re: Cisco VPN 3000 experience

Dan Didier [EMAIL PROTECTED] wrote: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: base64 Please fix your mailer to send text as text, instead of encoding it. Content-Type: application/ms-tnef; name=winmail.dat Please also fix your mailer to not send

Re: Limiting access at a proxy server based on Called-Station-ID

Mark Moody [EMAIL PROTECTED] wrote: We need to limit their users access based on Called-Station-ID. When the Auth request comes in from the NAS, I need to be able to consult a (possibly large) list of access numbers and determine if the user called an approved number, if so allow the request

Re: Can this be done first time user

At 03:28 PM 11/19/2003, Michael Shanafelt wrote: Hello everyone, I've never used FreeRadius before. I think I successfully installed it on RedHat and it seems to start up OK. I added my windows XP IP address in the clients file along with a key; added the same IP address, short name, and

Re: Cisco VPN 3000 experience

On Wed, 19 Nov 2003, Dan Didier wrote: Hi list, I was wondering what peoples experiences have been with using FreeRadius with the cisco VPN 3000 concentrator. Are there any documents outlining this? Thanks, Dan - List info/subscribe/unsubscribe? See

Rad Acct attribute show up in flat file but not database

Hi, I working on getting my radius accounting records in MySQL. I noticed that the attribute: Freeradius-Proxied-To = aa.bbb.ccc.ddd shows up in my radius accounting flat files but when I look at sqltrace.sql it shows up as ' ' and when I select that record from my radacct table it shows up as

Re: OSX Installation Using Mysql

Hello, After a good night, everything is better. So Andreas Congratulation for your great work, here with your package file everything work perfectly (without a glitch) on any panther distrib (tested on 3 Emac and 2 G4) I m really impressed by it (installing it with a mouse in graphical mode

Get your prescription filled right now!

Huntgroup file SQL syntax.

Hi all, Could someone please verify I'm using the right syntax for the huntgroups file and a sample row of data from the radcheck table in an SQL DB. huntgroups: # Group 1 group1 NAS-IP-Address == 10.100.50.6 NAS-IP-Address == 10.100.50.7 # Group 2 group2 NAS-IP-Address ==

Re: Huntgroup file SQL syntax, solved

At 09:12 PM 19/11/2003 -0500, you wrote: Disregard, I made an error in the huntgroups syntax. Hi all, Could someone please verify I'm using the right syntax for the huntgroups file and a sample row of data from the radcheck table in an SQL DB. huntgroups: # Group 1 group1 NAS-IP-Address ==

Mailing Liat

confirm 482356 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Limiting access at a proxy server based on Called-Station-ID

I think this can also be achieved by writing a function/procedure in database which return the values after doing the checking. Deepak Singhal - Original Message - From: Alan DeKok [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, November 20, 2003 3:28 AM Subject: Re: Limiting

itz urgent

hello sir, i'm trying to connect freeradius db2 . i want to know how the freeradius my sql works. 1) i mean to say the front end of freeradius is available on -? where shall i find it? the interface? 2) also how the tables are maintained in the freeradius server as well as the db2 server.

Simultaneous-Use works only with finger?

If I use freeradius with portsale check mulltiple logins (Simultaneous-Use) works only with finger? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html