vic ismakaev [EMAIL PROTECTED] wrote:
Will the freeradius-0.8 work with cyrus-sasl v2?
I don't know. Why don't you try, and report back to the list how it
worked?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the server to do exactly what it's doing
now, but with the names changed.
How exaclty does that help?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
stuff, and FreeRADIUS is in that group.
Sounds good to me.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
will understand
if you refuse to give anything more to the FreeRADIUS project.
But I'll still be on the list, answering questions (including
yours). I'll still write more software that you will be free to use.
That's another area where we differ, I guess.
Alan DeKok.
-
List info/subscribe
does not send a username with some
accounting records. As a result the SQL query fails and the record
cannot be written into the database.
Read 'raddb/sql.conf', and look for sql_user_name.
The configuration file tells you how to deal with this problem.
Alan DeKok.
-
List info/subscribe
up a lot.
Should I use the 'pap' module instead?
You could, yes.
But I want to use 'Auth-Type=EAP'. How can I solve it
Then I guess you don't wanyt to use the pap module. I'd go out on a
limb, and say you might want to use the eap module.
Alan DeKok.
-
List info/subscribe
user_worked_secs...
So write a script. There are examples in the distribution telling
you how to use Exec-Program-wait.
You did look at the files distributed with the server, didn't you?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mm's [EMAIL PROTECTED] wrote:
Is any posibility to enter Calling-Station-Id field into detail file?
Why wouldn't it be?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
VISP Systems Administration [EMAIL PROTECTED] wrote:
Is there a particular reason that shortname= is required for
clients.conf? Any reason it couldn't be another optional line?
None, really. The shortname isn't used for much any more.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
for localhost (hardcoded to look for).
Yeah, that's fixed in the CVS head (I think). If there are other
issues, then the fix can be added to any 0.8.2 release.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Nathan Miller [EMAIL PROTECTED] wrote:
That's what I was hoping for..
any chance a coming release could have it's requirement omitted by default? =)
I've deleted that requirement in the CVS head.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
to a NAS_shortname directory instead of the Client-IP-Address? If
so, what variable name would I use to reference the NAS_shortname?
No, sorry.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-DialedDigits =~ ((711|713|810|999),)*(711|713|810|999)
should do it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
in the database about a NAS port is
no longer valid, when new information for that NAS port comes in.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
unable to read and understand simple English?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
to cleartext in the radiusd.conf ?
You don't. You put the clear text password into the database you're
using.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
', and the 'files' module will add 'Auth-Type += Local' AFTER that.
The EAP will take priority, and it will all work...
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
to rlm_smb.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the same.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
months
later to change it, because the NAS added another 3 digits to the
string.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
instead of rlm_files?
I believe so. The SQL configuration mirrors what the 'files' module
does.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
???
Send it accounting packets?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
remember setting extra attributes here in radiusd.conf,
all seems to be defaults? help?
Read the configuration for rlm_acct_unique, in radiusd.conf?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
suggestion is to try using configurable fail-over with ANOTHER
module (e.g. the 'always' module), for testing. Once you've got it
failing over, then switch to using the SQL module. If that stops
working, then there's a problem with SQL, not with configurable
fail-over.
Alan DeKok.
-
List info
a request with a CHAP-Password, and it will work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the time start, when the first logins or when i put
the user/pass in the users file?
When the user first logs in.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
to be in clear text, do they?
For EAP, yes, they do.
The solution to passwords going across the netwrok from your LDAP
server in clear-text is to encrypt the connection to the LDAP server.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
it to write to the wtmp file for
that request? Invented ports?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
do.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
of radiusd.conf. If it doesn't, upgrade to 0.8.1.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
...)
Hmm.. not right now. The server code needs to be modified before
that can happen.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the RFC's. Look at the source code to see how it works.
What I don't understand is why you would care. Either the server
works the way the RFC's say, in which case it doesn't matter HOW, or
the server doesn't work, in which case it's a bug.
Alan DeKok.
-
List info/subscribe/unsubscribe
the detail module, so that would explain why the detail file isn't
created.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
believe so. I've tested it with 100's of requests per second, on
a PIII 750MHz, with 64M of RAM.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mode
Have you tried reading the FAQ, the README, or any of the
documentation which comes with the server?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
a preliminary patch, put it on a web site somewhere, and
I'll try to give some feedback.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.html#Tunnel-Private-Group-ID
Just for kicks, have you tried setting the tag to a non-zero value? Such
as Tunnel-Private-Group-Id:1? If you set all your tunnel attributes to
the same tag, it should work.
Yup.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
', somewhere on the net. It's a seperate
program, which does what you want.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
too much work, and ignoring the examples which tell you
about the DEFAULT user.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the documentation which comes with the server.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
test the authentication with Radius Client from
efinesoft.com, it returns:
Attr--59=\000\007\320
The RADIUS client from efinesoft.com doesn't know about the Ascend
attributes. Why don't you try 'radclient', which comes with
FreeRADIUS? It might work better.
Alan DeKok.
-
List info
them ?
They're openSSL things. I'd suggest searching the OpenSSL docs.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
think that this question would be addressed in the FAQ, or
in the documentation which comes with the server.
Oh, wait, it is...
What's preventing you from reading the FAQ?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
, you should be able to do:
./configure --disable-shared
make
make install
You may have to delete the src/modules/rlm_eap/types/rlm_eap_tls
directory, as it won't link, and I can't figure out why.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Nadeem Akhtar [EMAIL PROTECTED] wrote:
Do I have any other option besides using OpenSSL ?
Huh? The 'dh_file' and 'random_file' are needed by OpenSSL. Once
you chose to use OpenSSL, those files are required. If you don't want
to use those files, then don't use OpenSSL.
Alan DeKok
}
Starting radius with -X gives the following error message: ERROR: Cannot
find a configuration entry for module main_pool
Put the configuration into the 'modules' section of radiusd.conf.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
text, but transmitting
encrypted, if that matters). Can I do that with freeradius?
Yes. That's storing the username/password in SQL, and letting
FreeRADIUS use trhat information to authenticate them.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
astonishingly ugly.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the user doesn't
match.
I'd suggest debugging it with the 'users' file first, though. Get
the config working for the user, and then move it over to SQL. That
way you're tracking down one problem at a time.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
the 'users' file, you'll never get the SQL
configuration to do what you want.
Look over the examples in the 'users' file. Come up with a
configuration that you think *should* work. Try it, debug it, and try
again. It's exactly the method I use.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
that information.
I don't know if such a program exists, though.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
leaobicalho [EMAIL PROTECTED] wrote:
I need run Radius Server under
WindowsXP, are possible?
Under Cygwin? I don't know, why don't you try?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
{
ISP2
}
}
Then in the 'users' file, do:
DEFAULT User-Name =~ @isp1.com$, Auth-Type := ISP1
...
DEFAULT User-Name =~ @isp2.com$, Auth-Type := ISP2
...
That should work fine.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
the RFC's for
details.
If you mean what attributes are required in the packets, the answer
is also in the RFC's. But the server is willing to take almost
anything in an accounting packet.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
are. If there are no
objections, it should be declared 'stable' before the next release.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
*characters*, not *numbers*.
Try:
testNAS-IP-Address =~ ^10\.1\.1\.(0|1[0-9]?|2[0-9]?|3[0-2]?|[4-9])
You've got to specify all possible character representations.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
with the server.
rlm_realm: Authentication realm is LOCAL.
rlm_realm: auth_port is not set. proxy cancelled
Where do I have to set an auth_port ?
You don't. That error message is gone in the CVS head.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
Robert Canary [EMAIL PROTECTED] wrote:
That would be a NAS internal function. Unless you give everyone the
same password.
No, you can do:
bobAuth-Type := Accept
to accept the user without doing password checks.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
the example for one user. The DEFAULT user matches all of
them. It shouldn't be too difficult to go from there.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
into the CVS repository, and installs a back-door into FreeRADIUS.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
has another
free solution to the problem :).
No. SecurID is a proprietary system. There is NO free solution to
the problem.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
an option for such a check.
Is it missing or did I not read enough documentation?
FreeRADIUS doesn't have that feature.
As always, patches are welcome...
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
into radutmp or
radwtmp.
If the server receives accounting packets without (say) a port or a
User-Name, it doesn't know what to put in radutmp or radwtmp. So it
doesn't do anything with the packet.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
it up in clients file after enabling the
proxy server setup?
You would set FreeRADIUS up to proxy to the RSA server no
differently than proxying to any other RADIUS server.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
, and that DEFAULT isn't reached.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
for this ?
This problem has been fixed. You're probably running an older
version of the server, and should upgrade.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
, proxy.conf gets to be quite a long file after
you add so many realms. :)
What I am wondering is if it is possible to combine these realm entries that
have the same information?
Not really. Source code mods might help...
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
methods.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
. So my question is, can FreeRadius specify no
echo? If not, if anyone has any ideas.
grep -i echo dictionary*
and then try to figure out what the attributes do.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Malakhov Alexander [EMAIL PROTECTED] wrote:
Hello. the bug in radius_exec_program declaration in
freeradius-snapshot-20030125
I'll fix it tomorrow.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
to any country which has an institute that hold such
training programs.
I don't know of any such training program. I'd suggest buying the
RADIUS book, and going from there.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
Generating new packets is always problematic. I would suggest
avoiding it if you can.
Why would it be necessary to create a new start/stop packet?
Any thoughts on whether it should be a seperate module or a
modification to the proxy code?
A module.
Alan DeKok.
-
List info/subscribe
NAS box, then these attributes won't help.
If you don't know what the attributes are supposed to do, then they
won't help. Consult your NAS documentation for which attributes can
be used, and for what they do.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
:
$ man 5 users
and read the resulting documentation.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
documentation describing the 'users' file. Or, go to the web
page:
http://www.freeradius.org/doc/
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
unless you
describe EXACTLY what problem you're seeing.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
to the pseduo-detail file a 'stop' packet
for the previous day, and a 'start' packet for the current day. Then
update the 'utmp' information, with the fact that the user logged in
again.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the user.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
yourself. Then post the results to the list.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
such as those to your NAS's. The home server can use those
filters to pass/deny traffic from the customer inside of your local
network.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
on?
In short, you're wasting your time (and mine) by being difficult.
Stop it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
. Authentication is NOT
done by the 'users' file.
Please read 'doc/rlm_sql' in the latest CVS snapshot.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
in the 'authorize' section. It returns
'OK', (or something like that). That does NOT mean that the user is
authenticated. It does NOT mean that the user will be sent an
Access-Accept packet.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dave Mason [EMAIL PROTECTED] wrote:
Hi - any thoughts on this? I'm curious if there's a bug here or if
everything is as intended.
It's a bug. I'll update rlm_preprocess in the CVS head.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
numbers are due to something else blocking the server
(back-end database, disk IO, DNS, etc)
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
system, can you do:
grep ^exeext libtool
and mail the output to the list? I'll see if I can fix the problems
with installing executables.
6. Hmm... I'll fix that in the CVS head. It may also explain
weirdness on MACOSX.
It's a good document. I'll add it as 'doc/CYGWIN'
Alan DeKok
are open again.
Is there any way to do a new connection to the DB (open new sockets)
in case that the DB is restarted?
Yes. Patch the rlm_sql_sybase driver to return SQL_DOWN in the
appropriate places. See the rlm_sql_mysql code for examples of
SQL_DOWN.
Alan DeKok.
-
List info
back to the list with
questions.
Configurable fail-over won't help here, as the database connections
will *never* come back up.
Sending a HUP signal to the server may help in the short term.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
is
missing.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
to match on a substring?
No.
But you can do it elsewhere:
DEFAULT User-Name =~ @.*\.isp\.net$, Proxy-To-Realm = isp.net
...
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Toni Mueller [EMAIL PROTECTED] wrote:
we can safely assume that you are able to hammer out enough packets
to load your server to begin with...
./radclient ... -c 1000 ...
Sends a request 1000 times (not duplicated: 1000 unique, but similar
requests)
Alan DeKok.
-
List info/subscribe
the server in debugging mode to see why...
I was wondering if there are any special characters that FreeRadius 0.5
won't pass correctly.
A zero byte embedded inside of the user name.
But why are you running 0.5? 0.8.1 is *much* better, and has been
out for a while.
Alan DeKok
(or
failed authentication), but before the Reject packet is sent to the client.
Please reply both on-list and off.
Why?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the authentication.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
B.I. [EMAIL PROTECTED] wrote:
Is it possible to use logical OR in check items, returned by
authorize_check_query?
For now, regular expressions.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
1201 - 1300 of 2612 matches
Mail list logo
