, and still
gotten 100's of authentications per second.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
need experimental modules, and you don't need SQL.
Use the 'counter' module, not 'sqlcounter'.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
In RedHat 7.1 I used
linuxconf to set up virtual email domains, I haven't noticed any other good
solutions but don't know if it is compatible with RADIUS.
I doubt that any will be. You will have to edit configuration files.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
it is using.
See the PAP module.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
a couple dozen users.
This doesn't matter. Fix your NAS.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
, and 'integer' for their type.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Roger [EMAIL PROTECTED] wrote:
Alan DeKok wrote:
Try adding those attributes to the dictionary. Pick some some
greater than 2000 for their value, and 'integer' for their type.
...
and the below in the dictionary.compat file, the value was set
intentially low for testing purposes.
Um
Jim [EMAIL PROTECTED] wrote:
Using v.0.8.1 on FreeBSD 4.3-RELEASE
vanilla ./configure
...
Following error messages upon make -n:
'gmake' is required. Using that should help...
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
an
additional mysql process for each 'num_sql_sock'. Is there something
different about 0.8.x that causes this, or is there something different
between MySQL 3.23.49 (currently in production) and MySQL 3.23.55
(currently in test?)
I don't know anything about MySQL.
Alan DeKok.
-
List info/subscribe
'.
Also, what type of options do i need when i do a ./configure?
will just changing the PREFIX be enough?
If you want to change it, yes.0
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
), then BSD make will always be used.
To fix this, do:
cd /usr/local/bin
ln -s make gmake
and then typing 'gmake' should work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
in the config
files of freeradius, but didn't find anyway to do
this. Does anybody know how to set the server to do
rekeying?
The RADIUS server doesn't do rekeying. It's outside of the scope of
RADIUS.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
then when people ask for help above and beyond the scope of the outdated
faq's, they get pushed around.
sigh 'raddb/radiusd.conf' comes with examples of using the
'counter' module. If you can't understand that, how can I expect that
you'll understand my answers on this list?
Alan DeKok
that 'monthlycounter' doesn't appear in the debugging
output is DEFINITIVE. It doesn't work because you haven't told the
server to use it. The ONLY solution to the problem is to tell the
server to use the module. NOTHING else will work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
if you get such a link error.
Build it, and they will come.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
it's so much better than
commercial software, and not because it's free. I use it because I
can fix it when something goes wrong. When commercial software goes
wrong, your only option is often to toss it, and install an open-source
equivalent which isn't broken in quite the same way.
Alan DeKok
4.0 is very old.
Upgrade to FreeBSD 4.0, 4.3, or 5.0. FreeRADIUS wasn't designed to
run on 10-year old systems.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Michael Brininstool [EMAIL PROTECTED] wrote:
When I run in debug mode, I see the Auth-Type getting set to 'System'
somehow. I have not figured out exactly how.
The 'users' file sets that, through the 'files' module.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
be fixed.
You can work around it by enabling shared modules:
rm config.cache
./configure
make
make install
And then be sure to edit radiusd.conf, to set the 'libdir'
configuration entry to the right place.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
Evren Yurtesen [EMAIL PROTECTED] wrote:
that is not the same as checkrad, is it so that I should copy the
changes I made to original to this file and then make diff or ?
How should I proceed?
doc/DIFFS ?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
deleting that line from rlm_detail.c
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
what the error messages
mean.
Can anyone help me?
Make sure your SQL database works. Make sure that it responds to
the requests from FreeRADIUS.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
is sending garbage (i.e. useless things) to the server.
The only way to fix that is to fix the NAS.
As for the server crashing, that shouldn't be related, and it
shouldn't be happening.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
we've decided what that way is.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius, based on the config file, if a user logs in
at say, 7:28, and they're denied from 7:30-11:30, make their session-limit
2 minutes?
doc/README
Look for 'Login-Time'
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Acct-Type accttype in accounting module wrote:
accttype is not implemented ?
Not in 0.8.1. The latest CVS snapshot should have it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
CVS head has these.
Hmm.. Monaco... I'll probably be in Nice in June. That's just down
the road...
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
information.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Justin Wheeler [EMAIL PROTECTED] wrote:
I want to be able to specify multiple login-times for the same person.
The example in doc/README shows how to do this. Simply specify
multiple values, seperated by commas.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
of the above, then
the Login-Time code will take care of setting Session-Timout to the
SMALLEST of the allowed values.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
this.
The password for the username is correct.
Not for system authentication.
Alan Dekok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
, then I would say it's possibly due to
FreeRADIUS. But I'll bet it's either a Windows or NAS problem.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
converter. It might be useful to
update it, and ship it with FreeRADIUS, along with a note saying we
only do this because Cisco is broken.
http://miquels.www.cistron.nl/portslave.html
Hmm... The code looks pretty small. That might be a good idea.
Alan DeKok.
-
List info/subscribe
it wrong :-) However, I still get the same error
message.
shrug That error message means that the shared secrets are wrong.
If changing them doesn't fix the problem, I don't know what else to
suggest.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
figured out how to make that work.
Hmm... I think we need RLM_LDFLAGS, where now we have only
RLM_LIBS. That way the static linking of radiusd can use that
definition...
I don't have time to look into it now.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
is the complete table :
mysql SELECT * FROM radgroupreply WHERE GroupName=3D'internix';
...
| 48 | internix | Auth-Type | System =
| :=3D |0 |
Auth-Type should be in the check list, not in the reply list.
Alan DeKok.
-
List info/subscribe
. Read the 'users' file 'man'
page. Look at the 'users' file examples. The SQL configuration
attempts to mirror the same layout as the 'users' file.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Robert Canary [EMAIL PROTECTED] wrote:
I finally commented out every insistance on Auth-Type from the user.conf
There is no 'user.conf' file distributed with the server.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
it, then comment out
'files' in the 'authorize' section of radiusd.conf.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the 'users' file. If you're not using it, then comment out
'files' in the 'authorize' section of radiusd.conf.
That's where it is. Will commenting out 'files' stop reading the
clients.conf and proxy.conf files?
No.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
wonder if they realize that 99%
of the internet doesn't run the software that they run?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
where I should go
with this?
Upgrade to 0.8.1.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
In this case, define datadir...
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-type should go in rad(group)check and not
rad(group)reply, yes? (and I'm off to re-re-read the docs again...
Heh...)
Yes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
prove
anything on those 3 systems, since its empty.
Anyone have any ideas?
radrelay should do the trick. I'm not sure that you can give it 2-3
destination servers, but you should be able to relay 1-2, 2-3, 3-4
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
Andreas Wolf [EMAIL PROTECTED] wrote:
Any news on where this info could eventually be documented?
doc/mac-addresses?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
, is telling it to proxy that request.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
{
}
newType {
newAttribute = someValue
}
}
That's nice, but what problem are you trying to solve?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
that are otherwise blank.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
routines.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
like your system can't link libraries.
I would suggest doing a plain:
$ ./configure
$ make
as suggested in the documentation.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
was asking how to set up configure RADIUS.
This is not a Steel-Belted RADIUS support list.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
or somehting?
Unix groups.
2 If you will define groups how can you define the maximun connections
allowed for each group?
I don't think so.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
into the
'look and feel' of the rest of the site.
If you're willing to update it, then we can add a link to it from
the main page.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
'radiusd.conf', and look for IP address
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
replying
from wrong IP. Of cause, situation is quite rare.
Exactly. People have lived quite well with a single-IP RADIUS
server for quite a while. There isn't a huge need for having it
listen on multiple IP's.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
receiving a
packet. That's expensive, and causes the server to do a *lot* of
work.
A better solution is to explicitely list the addresses the server
listens on, which is much less expensive, but requires a bit more
code.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
Michael Brininstool [EMAIL PROTECTED] wrote:
When I run radtest though,
I get this error:
dict_init: Invalid type on line 257 of /etc/raddb/dictionary.ascend
Odds are you're not running the radtest you think you're running.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
it using 'files. But you didn't post the config
you're using... why?
And why are you forcing MS-CHAP authentication for user 'test12'?
Why not let the server discover that for itself?
Configure the 'passwd' file for the module, to point to 'smbpasswd',
and I bet it will work.
Alan DeKok
.
It's using MS-CHAP, but the supplied passwords don't match.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
You list 'eap' in the 'accounting' section, like you would for any
accounting module.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
falcon [EMAIL PROTECTED] wrote:
what does
Accounting: no Accounting-Status-Type record.
mean?
That attribute isn't in the request.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
falcon [EMAIL PROTECTED] wrote:
but it is absent in dictionaries, what where i shuold write or
read about it??? May be i should write it in acct request value-pairs?
PLease help
It's really Acct-Status-Type.
Read the dictionaries.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
.
If you want to tie an EAP request/response to an accounting packet,
see the 'Class' attribute.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
that the last realm, 'my_partner', is wrong. How would
I define the realm to authorize against a remote LDAP?
You don't.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
. That would keep the
EAP-SIM configuration in one place, and easy to manage.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
will be for
the ability to run one server, which does different things, based on
which interface received the request. The response to that will be
NO.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
than trying to control username similarity when usernames are
created, anyone have an idea how to control this?
PS. Since this invloves PortSlave and freeradius and a security
problem. I doubled posted this on both mail-list.
You've either misconfigured portslave, or radiusd.
Alan DeKok
is gcc, not
mipsel-linux-gcc. So I think that maybe I should add --target
parameter. But it also cannot find out my crosscompiler. How do you
do that will make a Makefile that can use mipsel-linux-gcc to
compile freeradius?
Edit it by hand. See 'Make.inc'
Alan DeKok.
-
List info
to the NAS so it
can set up ist routing table, but on 0.8.1 only the first is
transmitted.
A bug or a feature in 0.8.1 ?
It's a feature. Read the 'users' file 'man' page.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
before an
accounting response is returned.
If you want a program to be executed immediately, grab the latest
CVS snapshot, and see 'rlm_exec'
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
an *atrocious* security record.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
a portion of the log :
...
rad_check_password: Found Auth-Type System
auth: type System
modcall: entering group authenticate
modcall[authenticate]: module unix returns notfound
Is it really that hard to understand that message?
Alan DeKok.
-
List info/subscribe/unsubscribe? See
the spam. It should just
throw the spam away.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
edited the configs, so I would
guess PPPd.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
architecture is a long
way away.
So it is not in the CVS (but It should from a long time...).
I've added it to my list of patches to add.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
an example of rejecting everyone via the 'Reject'
authentication type. You can accept everying with the 'Accept'
authentication type. e.g.
user Auth-Type := Accept
Will cause the user to be accepted.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
to handle generic databases.
If you want generic databases, use SQL. There is an 'sqlcounter'
version of the module.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
:= Ldap
Use regular expressions:
DEFAULT Called-Station-Id =~ .*0015, Autz-Type := Ldap
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
files.
Yes. The server doesn't deal well with HUP signals. I've spent
some time trying to fix it, but it's a fair bit of finicky work.
This should be fixed before we have a 1.0 release.
In the short term, don't HUP the server. Instead, stop restart
it.
Alan DeKok.
-
List info
, and delete the spaces.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-Compression = Van-Jacobsen-TCP-IP
is the entry ...
Huh? Now you've totally broken it.
I killed any lines with just spaces and this is what came out ?
No, you didn't. You deleted ALL spaces from ALL lines.
I said to look for BLANK LINES with NO TEXT, and delete the spaces
from them.
Alan
tested.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Rick Harris [EMAIL PROTECTED] wrote:
modcall: group authorize returns ok
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
So try setting Auth-Type somewhere?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
majordomo lemon [EMAIL PROTECTED] wrote:
I tried to start the Deamon to use Ascend-Data-Filter and got the
following message:
radiusd: dict_init: Invalid type on line 257 of
/etc/raddb/dictionary.ascend
You're using Cistron radiusd, not FreeRADIUS.
Try asking on the Cistron list.
Alan
anyone done this before? how? also I'm plannig to use MySQL for
the user file and the log file and the details, is there a
disadvantage on this?
No.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Eric Dean [EMAIL PROTECTED] wrote:
Thanks Alan...but was that an offer or an instruction?
No one has requested it before, so it was a suggestion.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
are that will solve a lot of problems.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
=?iso-8859-1?Q?Daniele_Brevi?= [EMAIL PROTECTED] wrote:
I have a question, there is a maximum number of client that can
connect to auhtenticate at the same time ?
That depends on the CPU power of the machine running FreeRADIUS.
See:
http://www.freeradius.org/testimonials.html
Alan
there.
h what do I put there?
$ ./radtest -d /usr/local/share/freeradius test test localhost 0 testing123
The dictionaries have moved, as /etc/raddb was getting too big (~30+
dictionaries)
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
would suggest buying an LDAP book.
Configuring FreeRADIUS to use LDAP won't be easy if you don't know
how to set up an LDAP database.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
Unfortunately, I don't know much about it...
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
shouldn't have had to copy the dictionaries. In the
latest CVS version, there should be NO dictionary files in .../raddb/,
as they've moved to a more intelligent place.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
attributes?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
it, to use MySQL.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
exits non-zero.
You're using the latest CVS snapshot. I'll commit a fix tonight, so
check the snapshot tomorrow.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
if
the program returned 1.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
1301 - 1400 of 2612 matches
Mail list logo