. If they
don't, then there's nothing you can do to fix the problem.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
of the
server, but 0.8 seems to be coming along nicely.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the documentation, didn't you?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
in with no
realm don't get detail files written for them.
Read 'doc/variables.txt'.
Use %{Stripped-User-Name:-${User-Name:-none}}
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
'
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
statement in FreeRadius 0.5 causes not to update
but to insert new entry in database?
So upgrade to the latest version. Maybe the problem is fixed there.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
of the time.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
a re-write of the realms file,
and SIGHUP the FR server. The only problem here being that someone
*could* inadvertently change only the realms file, SIGHUP the process,
and be out of synch with the DB.
shrug That's not a serious issue, in my opinion.
Alan DeKok.
-
List info/subscribe
?
Grab the CVS snapshot from tomorrow, and give it a try. It should
have snmp disabled by default, and you can enable it at run-time, if
you care.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
configuration, and don't know how to fix it.
The solution is to use the default configuration. If you change it
to do something stupid, of COURSE it won't work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Graeme Lee [EMAIL PROTECTED] wrote:
Was this ever answered? I too, need to limit the numbers of ports
available to groups of users.
It can't be done right now. You'll have to write code and/or a
script yourself.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
to the release you're using. Or, you can ask on the
list if the fix can be back-ported.
Either way, it's a whole lot easier to grab other people's bug
fixes, than it is to track down the problem, and come up with the fix
yourself.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
find
it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
not
that different from unable to contact SQL server
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
Try the CVS snapshot tomorrow, I'll try to add a fix today.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
process (realtime) relies on.
You're billing based on the output of radwho? That's *completely*
wrong.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the
accounting information from each NAS into a NAS-specific 'detail'
file, and then process that every hour or so. It's *exactly* the same
as what you're doing now, but a LOT less work.
There's NO need to do accounting every minute.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
will not make any difference to the
authentication of a user. The problem is elsewhere.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
, it should strip the realm, and forward the
request to the home server.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
out there that calculates time and throughput ect ect?
See the FAQ.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
idea to allow any machine on the Internet to
send packets to your radius server.
I will probably refuse any patches which allow 0.0.0.0/0 to work.
But two client networks for /1, with the same shared secret should
work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
should work...
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
. (But *tell* me if it doesn't help)
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
john babiarz [EMAIL PROTECTED] wrote:
Does anyone have a code fragment to decrypt a chap
password? I need to take the password in plain text,
after pulling it from authreq-strvalue to a private
routine.
Uh... read the source?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
Kliment Toshkov [EMAIL PROTECTED] wrote:
Exec-Program-Wait should work...
Well, it works fine and passess AV pairs exactly as before.
Then I don't understand why the external check fails...
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
in the CVS head.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
and passwords from
/etc/shadow.
Uh... the server comes configured to do that. Did you try it?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan Wong [EMAIL PROTECTED] wrote:
I need your advice regarding the password. I want to know how to set the
password to null after authentication.
Huh? Why would you want to do that?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
, if you read them.
configure: warning: FAILURE: rlm_dbm requires: (libndbm or libgdbm).
So... does your system have either? Do you know how to install
these packages on your system?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
/DIFFS'), and I'll
add it to CVS.
Once that's done, I think a 0.8.1 release would be a good idea.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
+ and others ones
with radius servers. There is any way to do it?
See 'tac2rad', somewhere on the net.
FreeRADIUS doesn't do TACACS+, and will never do TACACS+
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
Is there a RADIUS client which uses 3GPP VSA's?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
attribute. e.g. Menu = 1
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
that it is 254 before you place it on
the wire.
The string contents should ideally be allocated as memory seperate
from the VALUE_PAIR data structure. That would allow it to grow as
needed.
As always, patches are welcome.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
.
I'm not sure what you mean by that. 'radwho' doesn't read the
clients.conf file, or the naslist file.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
tree?
No. See './configure --help'
--with-rlm-FOO-lib-dir=DIR Directory to look for library files
used by module FOO
--with-rlm-FOO-include-dir=DIR Directory to look for include files
used by module FOO
This is NOT the same as where the C source for module FOO is
located
Alan
using lowercase and it
works..any thoughts?
Convince your users to log in using a standard user name.
Hmm... some patches to the radutmp module module might be good.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
System Administrator [EMAIL PROTECTED] wrote:
would the Simultaneous-Use parameter help me?
Maybe. Did you try it?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
what you did wrong.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
* Every place a value is assigned to a VALUE_PAIR
Maybe. But if you wrote a simple wrapper function, it wouldn't be
too much work. Just simple search and replace.
* Every place where a value pair is freed.
There's only one: pairfree()
Alan DeKok.
-
List info/subscribe/unsubscribe
configuration, and broke it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
I'd say look through the source to the rlm_unix module, to see if
anything leaps out.
I've searched through all the documentation I can find and looked
at the freeradius rlm_unix.c file, but my C skills are nil.
Hmm... that would make it a little more difficult.
Alan DeKok.
-
List info
troy white [EMAIL PROTECTED] wrote:
I am really starting to think this is usless crap.
Then don't use it.
Running an authentication server requires *some* amount of brains.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
something very basic.
Do you have the development libraries and header files installed?
configure: warning: the comm_err library isn't found!
Nope.
Alan Dekok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
should dump core if
there's a core-dump causing bug.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Chris Knipe [EMAIL PROTECTED] wrote:
I think I'm a bit confused. Is this due to password caching, or what may
be causing this...
Causing *what*?
The debugging output you posted was edited so much that it's taken
totally out of context, and thus totally useless.
Alan DeKok.
-
List
-set of people who expect that
installing complicated servers should be blindingly obvious, even if
they've never seen a computer before.
Free software is provided by dedicated people like Alan DeKok and they
don't need statements like that on a mailing list, they must be
encouraged. Indeed, he
-existent password taken from some database, by
another module.
So the fix to rlm_pap is NOT sufficient here. We need to know which
other module you're using to get the MD5 password, and why it returns
an empty password.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
running 0.8, read 'doc/rlm_sql'
If you're no running 0.8, upgrade and then read it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
face.
Download the server, install it in the default configuration, and do
the test authentication as shown in the FAQ. If that doesn't work,
I'll eat your entire computer.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
don't care. Understand how the server works FIRST,
and THEN try something more complicated.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[EMAIL PROTECTED] wrote:
When i start freeradius i get this message below.
I can authenticate through mysql using -X or -xx and can still
authenticate after calling radiusd.
...
Grab the CVS snapshot tomorrow. It should have the bug fixed.
Alan DeKok.
-
List info/subscribe/unsubscribe
Scott Miller [EMAIL PROTECTED] wrote:
I'm not finding it. I've looked in /usr/local/src and in my
/var/www/cgi-bin, but found nothing about dialup_admin.
I am running:
ICRadius 0.17b
Then why are you asking questions on the FreeRADIUS list?
Alan DeKok.
-
List info/subscribe
produced by the
server. Many people just post the entire output to the list, and ask
for help, when *reading* the output would be much more useful.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
can't see using anything other then := in the replies.
See 'doc/rlm_sql', and 'man 5 users' for more detailed information.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
So... what does the Cisco documentation say about this?
Once the RADIUS server responds with an Access-Accept, then if the
NAS rejects the user, the problem can be fixed ONLY on the NAS.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
: type System
auth: Failed to validate the user.
So... did you read that part of the output?
The server is doing exactly what you told it to do.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
in debugging mode, and then READ the
output, instead of blindly posting it to the list!
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Sergio de Almeida Lenzi [EMAIL PROTECTED] wrote:
The system builds ok but I cannot find any information about how to load
the dictionary into the sql table (dictionary).
That's because there is none.
Putting the dictionary into an SQL database won't help much, if at
all.
Alan DeKok
, but I don't know how to use it.
After building installing the server:
cd src/modules/rlm_smb
./configure
make
make install
Then copy the smb module configuration from 'experimental.conf' to
'radiusd.conf', in the 'modules' section.
Alan DeKok.
-
List info/subscribe/unsubscribe
to log to *two* SQL databases, then you don't want redundancy.
See 'doc/configurable_failover' for examples of redundancy.
If you want one server to log to 2 SQL databases, then do:
accounting {
sql1
sql2
}
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
* servers.
Hmm... that shouldn't happen.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
telling you.
I have disabled all accounting modules, to limit the troubleshooting
somewhat. What does Discarding new request from client .. due to
live request 123 exactly mean? it hasn't sent an response to request 123
yet?
Exactly. The request is still live.
Alan DeKok.
-
List info
Thomas Krantz [EMAIL PROTECTED] wrote:
My problem may already be fixed, I just pulled the latest CVS version (and
fixed some minor typo in a checked-in sql_postgresql..., and another
typo(?) in rlm_unix)
Do you have patches?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
.
Authentication is done elsewhere.
I assumed that it did authentication (As I define it above) and I had
cocked up somewhere for it to pass by the SQL auth without a match.
No. Read 'doc/aaa.txt'
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
Kevin [EMAIL PROTECTED] wrote:
I try use the attribute Calling-Station-Id to filter client's MAC
,but it can't work
Wonderful. So I take it you didn't read the FAQ.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
:
1) You didn't read the FAQ as to how to test the server
2) You didn't read the debugging output you posted to the list
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
helio [EMAIL PROTECTED] wrote:
I´ve just migrated from IC-Radius to FreeRadius. Everything is working fine,
and I *AM* authenticating users via MySQL. But I´d like to validate my NAS
though MySQL too. Is that possible in FreeRadius?
Not right now.
As always, patches are welcome.
Alan
, read the dictionaries and examples.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
as before. It's annoying, but not
a serious problem.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PROTECTED]
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
' file.
Yes, terminology is important.
Where can I find it? Of course I've listed users file many times and results
are miserable :-)
See the documentation shipped with the server. 'man 5 users' should
help, as should the files in 'doc'
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Auth-Type = System
Service-Type = Framed-User,
Framed-Protocol = PPP
That looks somewhat reasonable.
whats the best way to aproach this,
ive been failing at doing this...
And the output of debugging mode is... ?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
?
Huh? If the users are listed in /etc/passwd, then you don't have to
add them to the 'users' file.
Read the default 'users' file shipped with the server. It
authenticates *anyone* in /etc/passwd.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
betux [EMAIL PROTECTED] wrote:
i install freetds-0.53.
and i want using freetds(mssql) as radius database.
but i see in readme file, freetds module may not build because in development.
is there the complete freetds module for download?
No. Use rlm_iodbc, instead.
Alan DeKok.
-
List
instead of honoring the SIGHUP and
rereading the initialization files I'll get ' Error: MASTER: exit on signal
(11)' and the daemon dies.
Something upgrading will fix?
Nope. Maybe 0.9 will have the fix, and definitely 1.0 won't be
released without the fix.
Alan DeKok.
-
List info
Chris A. Kalin [EMAIL PROTECTED] wrote:
I've looked over the documentation, but I can't seem to find how to run a
script if the user fails authentication.
There isn't one, right now.
The 'post-auth' section may be able to help you.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Chris A. Kalin [EMAIL PROTECTED] wrote:
OK, so do you think the best way to go would be to always have a script run
that performs authentication and decides whether a user gets the standard
set of reply attributes or the restricted ones?
For now, yes.
Alan DeKok.
-
List info/subscribe
.
I figure the best way to do that is to have the script return
Auth-Type = System ...
That won't work.
Look in the CVS head, and try the 'rlm_perl' module. It's been
significantly updated, and might be your best solution.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
that the same
username is currently online and gets yet another active session
with different IP.
It's doing what you say you want, and you say it's a problem.
Huh?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
bogdan [EMAIL PROTECTED] wrote:
I managed to get everything on its feet thanx Alan,
now what is bugging me is, how can i limit
the monthly session time for a system user ?
Is there a way or i'll have to do it via database?
Read the 'radiusd.conf' file.
Alan DeKok.
-
List info/subscribe
of %{User-Name} COULD go to bob. It now goes to bob
(without the quotes). This makes it difficult to properly handle
special characters inside of strings.
For now, the current solution is safe. I don't want to replace/fix
it, until we have a better solution, which is just as safe.
Alan DeKok
= md5
}
as well as setting it to crypt, and neither seem to work.
Wow. Why doesn't it work? Did you read the FAQ?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
seen in freeradius source and after reading
some lines that rlm_perl for exmple is able to spawn some script ...
Anybody got some details about the way to use rlm_perl ?
See the latest CVS head. rlm_perl has been updated.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
David Mallwitz [EMAIL PROTECTED] wrote:
I've tried building the python module in FR 0.8.1, but I'm having no luck
Try using rlm_python from the CVS head. It will work with 0.8.1,
but it contains fixes that didn't go into 0.8.1
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
' attributes.
Stop trying to out-think the server. Don't give it any fancy
configure options if you don't understand their impact.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Sean Albright [EMAIL PROTECTED] wrote:
I ran config with:
./configure --localstatedir=/var --sysconfdir=/etc
and no other options... so --with-ascend-binary should have been yes,
the default, right?
Hmm... yes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
. That should work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
it to!?
Accounting response packets can only contain certain attributes.
See the function rfc_clean() in src/main/radiusd.c
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
to
the NAS.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
are welcome.
And, after the authentication of the user I want to send (proxy) the
authentication packets to another FreeRADIUS server, How can I do
that?
Why?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
' and 'users'.
Look for the word 'Hints', and see how it's used.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-Type := System' piece,
and the hints that come afterwards.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radrelay.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
supports doing it.
But for less than the price of buying Funk's server, you could
probably pay somone to implement LEAP in FreeRADIUS. You could then
have a *real* RADIUS server with complete source.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
? That has problems.
Still, the module shouldn't die. I'm not that familiar with
Kerberos, so I can't help much.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
don't have a 'Hints == PPP' entry
in the 'users' file. See how the distributed file uses hints...
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
, and try to reconnect. The Kerberos module needs to do the same
thing.
As always, patches are welcome.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
to
authenticate user.
It does more than that. See the 'users' file.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
you
understand how it works now.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
1101 - 1200 of 2612 matches
Mail list logo