Thanks Alan...but was that an offer or an instruction?
Sure. Minor source code patches should do the trick.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
Attached is a little utility that we hacked to monitor
and restart 0.8.1. My server would die...and thenI'd get that late
night horror-movie phone call. "we're all dead!!!"
Some
people were running a kill -9 cron and that still leaves a potentially dangerous
period in between the cron
that yet because I'm
waiting for a PostgreSQL upgrade, scheduled to the next week, but if you
try that and tell me the result, it would be really useful.
Regards
Guillermo
Eric Dean wrote:
I was having pgsql problem between freeradius 0.7.1 and my
postgres database
whereby freeradius
Is there a way to proxy subrealms to downstream radius servers?
We have [EMAIL PROTECTED], [EMAIL PROTECTED], subrealm3.foo.com
and want to proxy all three subrealms to the same downstream radius server
without having to specify each subrealm...just the *.foo.com realm portion.
There were some
Hmm...we already have the DEFAULT in use for other purposes. I suspected
this to be the case. Thanks for your responsiveness.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Chris
Brotsos
Sent: Tuesday, February 04, 2003 4:38 PM
To: [EMAIL
We have a proxied customer that uses DNIS as part of their authentication
sequence; however Qwest and UUNET do not supply DNIS as part of their tests.
Is there a way to create a user [EMAIL PROTECTED] and have him locally
authenticate against a users file while allowing everything else to
This is a timedout authentication...not an issue with attribute 33.
If you are seeing the requests but they aren't seeing the responses then you
have a network problem...often attributed to a radius proxy having multiple
IP addresses. Does your server have more than one IP address? If so, is
Been there..run the latest CVS
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Enesha
Fairluck
Sent: Tuesday, June 11, 2002 10:42 AM
To: [EMAIL PROTECTED]
Subject: Proxy Value 33
Hey guys:)
I have another problem maybe some of you can
I got
no bytes on this and I already google'd the hell out of the subject matter...any
ideas?
-Original Message-From: Eric Dean
[mailto:[EMAIL PROTECTED]]Sent: Friday, June 07, 2002 3:40
PMTo: [EMAIL PROTECTED]Subject: Proxy
Client Source IP and Realm
The features page
The features page says that
freeradius can "Proxy or replicate the request to another RADIUS server, based
on any criteria, not just
'@realm'."
http://www.freeradius.org/features.html
Can someone shoot me an example whereby I can proxy
using theClient IP address of an upstream proxy
radiusd.conf:
log_auth = yes
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of David
Petruzzella
Sent: Tuesday, June 04, 2002 1:26 PM
To: [EMAIL PROTECTED]
Subject: RE:Question about logging
When ever a user or wireless card authenticates or
My postgres.log shows that users with underscore's somehow get transformed
to a value '=5F'
DEBUG: query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = '[EMAIL PROTECTED]' ORDER BY id
while my radius log shows it correctly:
Sun Jun 2 13:50:25 2002 : Auth: Login
Qwest and UUNET are throwing a fit because we are returning two sets of
Proxy-State attributes when we proxy to our customers. They expect only
one.
Apparently, according to the RFC:
http://www.freeradius.org/rfc/rfc2865.html#Proxy-State
When the proxy server receives the response to
We are proxying authentication to someone who is returning certain
attributes that create conflicts on the NAS. I would like to remove these
attributes in his replies.
Currently, I add certain attributes within the users file such as
X-Ascend-Data-Filter += ip in forward tcp est,
I'm not
Very nice. Thanks. I do not see, however, how to remove an attribute
from a reply.
On Wed, 13 Mar 2002, Alan DeKok wrote:
Eric Dean [EMAIL PROTECTED] wrote:
Can someone tell me how to remove an attribute...or better yet, the
general syntax of the users file (not structure)
'man 5
In my radius.log I see
Proxy: marking server radius.foo.com for realm foo.com dead
We are having an issue whereby we stop proxying a realm for a certain
period. It appears that maybe it doesn't get a radius response and then
marks that server as unresponsive/dead which causes problems for
I found the problem. The customer firewalls accounting which results in
the proxy client being disabled. There's a DEAD_TIME variable that can be
changed as well.
On Wed, 13 Mar 2002, Eric Dean wrote:
In my radius.log I see
Proxy: marking server radius.foo.com for realm foo.com dead
On Mon, 4 Mar 2002, Joseph Soma Reddy wrote:
Hello,
Can someone tell me the difference between freeradius and gnuradius? any major
differences in features or stability etc
Are both of them developed from the same code base?
There are probably many differences but I switched from GNUradius
-
List info/subscribe/unsubscribe? See http://wwwfreeradiusorg/list/usershtml
Eric Dean
President, Crystal Ball Inc
W 703-322-8000
F 703-322-8010
M 703-597-6921
-
List info/subscribe/unsubscribe? See http://wwwfreeradiusorg/list/usershtml
Unfortunately, if the NAS has already negotiated PAP, it's pretty useless
to have the radius server not authenticate because it's already been sent.
On Mon, 4 Mar 2002, Alan DeKok wrote:
Eduardo Roldan [EMAIL PROTECTED] wrote:
I have a wireless network. I want that my customers only
to have the NAS deny
PAP, but doing it at the RADIUS server still has some benefit.
/fc
On Mon, Mar 04, 2002 at 04:32:36PM -0500, Eric Dean wrote:
Unfortunately, if the NAS has already negotiated PAP, it's pretty useless
to have the radius server not authenticate because it's already been
a marketing expert could not have written a better statementI
especially like the synergy part
FreeRADIUS is one of the most modular and featureful RADIUS servers
available today It has been written by a team of developers who have
more than a decade of collective experience in
on my radius server, but we all have our ideas of what constitutes
'secure'. Why not compromise and set up a vpn between your NAS and
radius server so even PAP is encrypted?
On Monday 04 March 2002 19:58, you wrote:
On Mon, 2002-03-04 at 21:56, Eric Dean wrote:
My experience
NASs can switch the order of authentication: CHAP first then PAP or PAP
then CHAP Different service providers employ different
philosophiesand that's where it should remain on the NASbut
freeradius supports it nonetheless
You have customers whose computers are configured for PAP? Amazing,
using UUNET VIP with Freeradius 0.4 on this list e-mail me their
radius config files so that I can compare them to mine to see what I am doing wrong.
We are using straight system authentication.
Thanks in advance to anyone that can help!
Tom
[EMAIL PROTECTED]
Eric Dean
President
Anyboday know of a good way I can debug this so that I can let everyone
know the source of this problem?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Anyboday know of a good way I can debug this so that I can let everyone
know the source of this problem?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
That's a bit off topic but the answer to your question is the device(s)
that you are collecting accounting on and maintaining state sessions.
On Mon, 4 Feb 2002, Solomon Sokolovsky wrote:
Hi,
I want to implement Interim-Update for L2TP/PPP Sessions to collect IP usage of
permanent not
We are working fine with Qwest, Genuity, Broadwing, et al...but for some
reason, we can't get our SMTP filters to take on UUNET. I've seen other
radius servers have issues with the padding length of the Ascend Data
Filterthat it should be no longer than 26 bytes. Anyone had
experience or
a filter for smtp traffic to only
allow relaying accross one smtp server denying all other port 25 relays. Is
this possible with cistron? and how do I go about it.
Thank You
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Eric Dean
President, Crystal Ball
We are proxying a realm i.e. foo.bar.com
I have the proxy.conf set ok with the nostrip option and it works fine.
However, if I try to modify the reply attributes to add certain attributes
within the users file by specifying
DEFAULT Suffix==foo.bar.com
Session-Timeout = 28800,
I have realms I am proxying to defined within proxy.conf. I also have
attributes associated with a suffix defined within users that will augment
replies. However, when I specify a Suffix within the Users file, it strips
the realm from the proxied user. How do I keep radisu from stripping the
32 matches
Mail list logo