Hi,
Thanks for your reply Alan. Is there any way I can see what attributes the
accounting request paquets have (other than sniffing it)? When I run in
debug mode (-X) and a bogus accounting packet is received all the
information I get is that warning, with no information at all on what the
packet
On Tue, Dec 02, 2003 at 01:22:21AM +, jiang chong wrote:
Dear Andrej Brkic
Thank you for your help again.You are enthusiastic man.I think that
openldap and PAP work well now.My NAS is a cisco pix525 that provides VPN
tunnal for people who maybe in home or on a tour.Cisco pix525 can
Thanks Oliver
Oliver Graf wrote:
On Tue, Dec 02, 2003 at 08:49:59AM +0200, Pieter Bezuidenhout wrote:
Hi,
Hoping somebody could help me out ? Attached is an example of a user
profile. On a AAA request, the Freeradius server is only returning the
first Cisco-Avpair and ignoring the rest of
Matt,
Haven't played much with MRTG, but you can configure cricket to get values
from a program output rather than just SNMP queries. If you want to have a
number of users, maybe a radwho | wc -l will give you the number of them,
good as an entry for cricket.
datasource sessions
Dear Eliot Gable,
Make sure shared secret configured for NAS and password entered by
client are valid. Check cleartext and MS-CHAP (v1) authentication.
--Tuesday, December 2, 2003, 3:04:02 AM, you wrote to [EMAIL PROTECTED]:
EG I've been trying to get a Windows XP machine to authenticate
On Fri, 28 Nov 2003 11:56:04 -0500
Alan DeKok [EMAIL PROTECTED] wrote:
Graeme Hinchliffe [EMAIL PROTECTED] wrote:
Is it possible to redirect accounting packets recieved by one
radius server to another?
Yes. See 'acct_users'. You can set Proxy-To-Realm for all
accounting packets.
Hello freeradius-users,
i have mpd+freeradius+mysql
when i connecting to vpn server i see following messages in radius
log:
[pptp0] RADIUS: RadiusAccount for: test
[pptp0] RADIUS: using /usr/local/etc/radius.
[pptp0] RADIUS: RadiusAddServer Adding 192.168.100.1
[pptp0] RADIUS:
Ok, I will upgrade asap.
But is it a known bugs in old versions?
Thanks
Guillermo
- Original Message -
From: Alan DeKok [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, December 01, 2003 4:57 PM
Subject: Re: Radiusd process stopped
Guillermo Delmastro [EMAIL PROTECTED] wrote:
Hi all,
I have installed the Freeradius Server 0.9.3 with MySQL on Redhat Linux 9.
When I run the radiusd -XX, I am getting below these errors.
1. MySQL Check_Error:2013, returning SQL_DOWN
2. Could not find pool-name attribute
3. Unknown attribute Framed-IP-Address
4. Error getting data from
My idea is to have a central radacct server which holds all
radacct data from all RADIUS connections (makes it easy to search).
I know this can be done by simply directing the accounting packets
to this single server, but I was hoping to use the redundant feature
of freeradius so
From the NAS realms.conf file:
realm homenode.greatlakes.net {
type=radius
authhost=208.244.161.200:1812
accthost=208.244.161.200:1813
secret=076q2345hudp89YASIJF7890QW4
nostrip
}
From the server's clients.conf file:
client homenode.greatlakes.net {
Please post your configuration and full radius output.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 02, 2003 8:30 AM
To: [EMAIL PROTECTED]
Subject: Freeradius 0.9.3 Needhelp
Hi all,
I have installed the Freeradius Server 0.9.3 with MySQL
Title: Message
You need to have an entry in usergroup specifying what group the user belongs to. You
need another entry in radreply specifying any
specific attributes you want returned. Finally, you need an entry in radcheck specifying the username, attribute (password), op
(==), and value
Hi,
I compiled freeradius with SNMP support and now I would like
to try to test it. I am running 0.9.1 on redhat 9.0 .
Could someone send me some sample snmp queries to get me
started. I am interested in things like performance, number of users
etc.
Thanks,
Dave
-
List
I'm trying to find some information on the format of the MS-Filter VSA.
I want to parse this VSA to acquire the encoded filters.
I've looked in RFC 2548 where it is defined, but it doesn't explain the
formatting.
A google search hasn't turned up much either.
Does anyone here have any clue as to
Guillermo Delmastro [EMAIL PROTECTED] wrote:
Ok, I will upgrade asap.
But is it a known bugs in old versions?
At this point, I don't even remember any more. Bugs in old versions
are not something I keep track of.
Pretty much all bugs we're aware of in older versions have been
fixed in the
[EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
I compiled freeradius with SNMP support and now I would like
to try to test it. I am running 0.9.1 on redhat 9.0 .
You should upgrade to 0.9.3.
Could someone send me some sample snmp queries to get me
started. I am interested in things like
Hi,
I would like to use EAP TTLS with an authentication with a LDAP server
Is it possbile with freeradius 0.9.3 ???
Where can I fin documentation about FREERADIUS and LDAP nd FREERADIUS and
EAP TTLS ???
Thank u
-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la
Hi,
I'm
trying to configure a Freeradius server so that it can host the authentication
of serveral network elements (Nokia firewalls and Alteon WebSwitches by
the way). I'm not having any problem with Nokias, but i'm not able to make
it work with Alteon.
The
freeradius version I'm using
so i've read through the O'Reilly _Radius_ book, the FAQ for FreeRADIUS,
and browsed the list's archive, but i still i have a relatively basic
question that just needs some clarification.
Accounting-Start packets are sent by the client ( which could be either
the NAS or the end-user in the
At 12:27 PM 12/2/2003, Brian Clarkson wrote:
so i've read through the O'Reilly _Radius_ book, the FAQ for FreeRADIUS,
and browsed the list's archive, but i still i have a relatively basic
question that just needs some clarification.
Accounting-Start packets are sent by the client ( which could
Guy Fraser [EMAIL PROTECTED] wrote:
It appears as though, the location in the file for this patch
has changed to :
@@ -220,10 +220,15 @@
And then patch will apply there, but I'm not sure if it is required
for 0.9.3?
The patch shouldn't be in the module at all. See the 'preprocess'
Chris Parker wrote:
At 12:27 PM 12/2/2003, Brian Clarkson wrote:
Accounting-Start packets are sent by the client ( which could be
either the NAS or the end-user in the case of wireless auth, which is
what i'm doing ).
No, it will be the NAS, it will not be the end-user.
that's what i thought
At 12:46 PM 12/2/2003, Brian Clarkson wrote:
Chris Parker wrote:
At 12:27 PM 12/2/2003, Brian Clarkson wrote:
Accounting-Start packets are sent by the client ( which could be either
the NAS or the end-user in the case of wireless auth, which is what i'm
doing ).
No, it will be the NAS, it will
-Original Message-
From: 3APA3A [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 02, 2003 5:27 AM
To: Eliot Gable
Subject: Re: MS-CHAPv2 + MySQL + group authtype failure
Dear Eliot Gable,
Make sure shared secret configured for NAS and password entered
by
client are
Eliot Gable [EMAIL PROTECTED] wrote:
snip
WARNING: Malformed RADIUS packet from host 208.244.163.17: Vendor
specific attributes do not exactly fill Vendor-Specific
snip
Yes. Do you understand what Vendor-Specific attributes are?
| 4 | 56/56 | Vendor-Specific | :=3D |
Chris Parker wrote:
Is there a particular problem you are trying to solve? It might be
better to spell out your problem, and listen to the proposed solutions
than trying to jump straight to a solution as the one you see may not
be perhaps the 'best' for your particular problem.
there are 2
[EMAIL PROTECTED] wrote:
I have installed the Freeradius Server 0.9.3 with MySQL on Redhat Linux 9.
When I run the radiusd -XX, I am getting below these errors.
1. MySQL Check_Error:2013, returning SQL_DOWN
2. Could not find pool-name attribute
3. Unknown attribute Framed-IP-Address
Your
No, I don't understand what Vendor-Specific attributes are. Is there
someplace where I can learn about them (aside from source-code)? Or
could you possibly give me a brief explaination?
What do you mean by configuring a way for the server to authenticate
that request? I thought the whole point
Graeme Hinchliffe [EMAIL PROTECTED] wrote:
It's 80% perfect for what I want, my issue is that if the radacct
system that acct is proxied to fails and doesn't respond the local
system retries, which is fine, however it logs locally each one of
these retries in it's own local format (which I
Greetings!
I'm new to freeradius, I have a freeradius-0.9.1 install with mysql
support (for accounting only) on a freebsd 5.1 box.
I'm experiencing some issues with logging of accounting where the
Framed-IP-Address only shows at the stop of a user session, not at
start, so I cannot query from
Eliot Gable [EMAIL PROTECTED] wrote:
The only essential design feature is this: when a user authenticates =
against a localnode, a Vendor-Specific attribute (with a vendor code of =
4363 and attribute number of 5) containing a string of the name of =
the user's RNET must be returned to the
Thank you for the help. Let me see if I have this straight now
The dictionary file that Josh Howlett sent me was:
# Roamnode VSAs
#
# $Id: dictionary.roamnode,v 1.0 2002/08/28 17:20:00 josh Exp $
#
VENDOR roamnode 4363
ATTRIBUTE NN-Data-Rate 1 integer roamnode
Eliot Gable [EMAIL PROTECTED] wrote:
So, what he is actually saying is that I need to put this in my
radgroupreply:
NN-Homeservice-Name := homenode.greatlakes.net
Yes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 02, 2003 2:29 PM
To: [EMAIL PROTECTED]
Subject: Re: MS-CHAPv2 + MySQL + group authtype failure
What do you mean by configuring a way for the server to authenticate
that request? I thought the
I got it to work. I removed the @homenode.greatlakes.net from the username and the
received response then matched the calculated response. My question now is, if both
user egable and [EMAIL PROTECTED] are in the database with the same password, why
would it matter which way it is passed in? Is
Eliot Gable [EMAIL PROTECTED] wrote:
I got it to work. I removed the @homenode.greatlakes.net from the
username and the received response then matched the calculated response.
Yup.
My question now is, if both user egable and
[EMAIL PROTECTED] are in the database with the same
password,
So, is it wrong to just use the prefix to calculate the response in the
cases where you get a prefix and a suffix? Or are there some cases where
this would break other things? Just curious...
-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 02, 2003
This is a cisco issue.
Add something like {This is what I use on my 5200's}:
aaa accounting update newinfo
Go to Cisco's site for more information, and the specific commands for your
version of IOS.
This is most of the AAA config on one of my 5200's :
aaa new-model
aaa authentication login
Eliot Gable [EMAIL PROTECTED] wrote:
So, is it wrong to just use the prefix to calculate the response in the
cases where you get a prefix and a suffix? Or are there some cases where
this would break other things? Just curious...
The problem is you don't know what the prefix is. Windows is
Hi there,
I'm doing testing in preparation to upgrade a server from 0.5 to 0.9.3,
and I've run into an issue with Cisco's auth-proxy feature. Under 0.5,
it's been working. Upon successful authentication, the radius server
sends back the proper Cisco-AVpairs for a temporary ACL. I have a debug
Ben Hockenhull [EMAIL PROTECTED] wrote:
Under 0.9.3, only the first AVPair is sent back. I'm not sure why.
Read the 'man' page for the 'users' file. I think it's also in the
FAQ.
Try '+=', instead of '='.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
It works! Thanks a lot guys!
The aaa accounting delay-start is not understood on our AS5200
running IOS 12.1.18,
Receiving an extra packet shouldn't be an issue for us.
Thanks Again!
Tony Axtell
On Tue, 2003-12-02 at 14:07, Guy Fraser wrote:
This is a cisco issue.
Add something like
Make sure when you install the new server you get the new man pages as well.
Alan DeKok wrote:
Ben Hockenhull [EMAIL PROTECTED] wrote:
Under 0.9.3, only the first AVPair is sent back. I'm not sure why.
Read the 'man' page for the 'users' file. I think it's also in the
FAQ.
Try '+=',
44 matches
Mail list logo