Doug Hardie wrote:
I am a bit confused now. I understood that if a module returns
RLM_MODULE_FAIL that radiusd would not return an authorization
reject. However, it appears that it still does.
Have a look at doc/configurable-failover
--
Groeten, Regards, Salutations,
Thor Spruyt
M: +32
Doug Hardie wrote:
I am trying to get the Ascend NASs to switch to the secondary radius
server when the primary has a failure condition. I know that no
response will cause that, but haven't been able to find any way to
make the switch occur with the primary is not working properly. Is
there
Dear all,
I've given one assignment to create some sort of
tunneling to cache server (netcache) to do some content filtering when browsing.
There will be 2 cache-server. One passing all
traffic another one will do content filtering..
When user subscribe to this service (for their
Hi,
I've setup freeradius 1.0.4 for authenticating wireless users.
I use peap authentication with ntlm_auth.
Setup work fine for most of the users.
My ntlm auth command from radiusd.conf is as follows:
ntlm_auth = /usr/local/bin/ntlm_auth --request-nt-key
--username=%{mschap:User-Name}
Hi,
From a suggestion on the mailing list I plan on using EAP-TTLS and PAP inner
tunnel authentication.
The reason I'm going this route is because I want to authenticate against linux
user accounts and the password is encrypted in /etc/shadow so the ms-chap route
is no good since it can't work
Hi,
yesterday I've updated dialup_admin to CVS version.
Most things works great, but my radiusd produce many
defunct processes now. Any ideas?
radius01:/usr/local/dialup_admin/bin# pstree
init-+-atd
[..]
|-mysqld_safe---mysqld---mysqld---22*[mysqld]
that are at
$PREFIX/var/log/radius/radacct/1.2.3.4/post-proxy-detail-20050729 and
$PREFIX/var/log/radius/radacct/1.2.3.4/pre-proxy-detail-20050729 for example
- written by the following directgives in radiusd.conf :
# This module logs packets proxied to a home server.
#
# You will also
Hi
Could you tel me something more about configuration this file
or some examples
thanks a lot
[EMAIL PROTECTED]
- Original Message -
From: Alan DeKok [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Thursday, July 28, 2005 6:56 PM
This is completely NAS-specific, so read your NAS documentation to know what
attributes and values to return.
P.S.: try sending plain-text mail next time :)
--
Groeten, Regards, Salutations,
Thor Spruyt
M: +32 (0)475 67 22 65
E: [EMAIL PROTECTED]
W: www.thor-spruyt.com
www.salesguide.be
I've been put in a situation in which I am forced to replace
our old icradius server.
Hi. I also migrated from IC-Radius to Freeradius.
I'm now stuck with the task of migrating our old
(mySQL) databases, as we have far too many users to re-enter
manually.
Just make sure you are using
Are you willing to say which columns, or do we have to guess?
No, actually I was asking if there was any general information
available. I can handle the finer details on my own, I was merely
saying how far I've gotten along :)
FreeRADIUS includes documentation on how to configure it. It
Hi
1. Will FreeRadius challenges with access-challenge if auth-type is PAP?
If answer is it depends on some configuration, how to configure it?
2. How FreeRadius understands incoming Radius access-request packet
contains PAP authentication information, CHAP authentication information
On 7/28/05, Jeremy Kenney [EMAIL PROTECTED] wrote:
I have posted this twice now I was wondering if someone would be kind enough
to possibly answer it
Hello,
I am a very frustrated free radius user at this point. It's most likely my
brain not working right but here is my problem
I have
FreeRadius users mailing list freeradius-users@lists.freeradius.org on
July 29, 2005 at 01:40 -0800 wrote:
From a suggestion on the mailing list I plan on using EAP-TTLS and PAP
inner
tunnel authentication.
The reason I'm going this route is because I want to authenticate against
linux
user
Yes but what I want is for the radius server to check the accounting logs
for a session already in progress and send a access reject if its already
there
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Noah
Dain
Sent: Friday, July 29, 2005 11:00 AM
To:
Jeremy Kenney [EMAIL PROTECTED] wrote:
Yes but what I want is for the radius server to check the accounting logs
for a session already in progress and send a access reject if its already
there
I responded to this yesterday. Do you read the list?
Read doc/Simultaneous-Use
Alan DeKok.
[EMAIL PROTECTED] (Paul Hampson) wrote:
This last point seems trivial until you try to proxy backwards
through a chain you have only the last hop of, and the last hop
doesn't neccessarily know what the previous hop was.
Exaclty. Coupled with the problem that the server is *supposed* to
Will Carter [EMAIL PROTECTED] wrote:
Is it correct to say that after I successfully execute the 2 commands above
that I should have a set of code that I need to compile with configure,
make, and make install?
Yes. This is *exactly* how 1.0.4 was created. It's just a tar
file from that
Doug Hardie [EMAIL PROTECTED] wrote:
I am trying to get the Ascend NASs to switch to the secondary radius
server when the primary has a failure condition. I know that no
response will cause that, but haven't been able to find any way to
make the switch occur with the primary is not
[EMAIL PROTECTED] wrote:
I'm very frustrated now after spending a couple of weeks trying to get
free radius to authenticate my Win2k machine accounts against active
directory. :-(
Sorry, blame Microsoft. It isn't possible, but they don't make it
obvious that it's not possible.
Alan, do
Tariq Rashid [EMAIL PROTECTED] wrote:
those that are at
$PREFIX/var/log/radius/radacct/1.2.3.4/post-proxy-detail-20050729 and
$PREFIX/var/log/radius/radacct/1.2.3.4/pre-proxy-detail-20050729 for example
Ah. The reason the username isn't there is because it's not in the
packets.
Alan
ManyX [EMAIL PROTECTED] wrote:
Could you tel me something more about configuration this file
or some examples
Try reading the file. It answers your questions.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Srinivasa Rao Chigurupati [EMAIL PROTECTED] wrote:
1. Will FreeRadius challenges with access-challenge if auth-type is PAP?
No. Read the RFC's for how PAP works.
2. How FreeRadius understands incoming Radius access-request packet
contains PAP authentication information, CHAP
Alan DeKok wrote:
[EMAIL PROTECTED] (Paul Hampson) wrote:
This last point seems trivial until you try to proxy backwards
through a chain you have only the last hop of, and the last hop
doesn't neccessarily know what the previous hop was.
Exaclty. Coupled with the problem that the
Uwe Driessen [EMAIL PROTECTED] wrote:
There missing the Framed-IP-Adress and the Acctsession-ID is the MAC from
the Calling Station with this Information the Unique session Id is alway for
this User the same and after a separation the Radius write in the same
record.
The packet you quoted
I am having difficulty getting my Cisco APs (all 1230s) to send
accounting information regarding
802.1x PEAP authentications - stop/start info.Does anyone have this
working? If so can you please post the AP config.
I currently have the following:
aaa accounting network eap_methods
Hi people,
I need your help.
We´ve a solution that use SER athenticating, athotizing and accounting in a
freeRadius+mySQL.
I´ve a challenge now to limit thu number of simultaneous connections (i.e: we
can permit only ten connections at the same time).
Does anybody has any idea to implement
On Fri, 29 Jul 2005 15:41:55 -0300
Jose Divino de Lima [EMAIL PROTECTED] wrote:
Hi people,
I need your help.
We´ve a solution that use SER athenticating, athotizing and accounting in a
freeRadius+mySQL.
I´ve a challenge now to limit thu number of simultaneous connections (i.e: we
can
Please take a look here...
http://wcarter.webitects.com/freeRadiusDebug.html
This url outlines what I did and has links to the terminal output with each
command.
I executed these commands...
$ cvs -d :pserver:[EMAIL PROTECTED]:/source login
$ cvs -d :pserver:[EMAIL PROTECTED]:/source co -r
Hello,
I am having problems with Simultaneous-Use and checkrad. I know that
checkrad is not running because:
grep debug /usr/local/sbin/checkrad
# Config: $debug is the file you want to put debug messages in
#$debug = ;
$debug =
Will Carter [EMAIL PROTECTED] wrote:
Please take a look here...
http://wcarter.webitects.com/freeRadiusDebug.html
This url outlines what I did and has links to the terminal output with each
command.
Which doesn't show any errors or problems.
So... I'm not sure what to tell you.
Alan
Hmmm...looked at it again. In my terminal I see errors/warnings that are not
appearing in the txt file when I do something like...
Make configure.txt
How do I get the error/warning messages to appear in the text file?
-will
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
doesn't start. There are no files in my /etc/raddb at this point.
-will
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Julius
Igugu
Sent: Friday, July 29, 2005 4:27 PM
To: FreeRadius users mailing list
Subject: RE: newbie questions using freeradius as
Will Carter [EMAIL PROTECTED] wrote:
doesn't start. There are no files in my /etc/raddb at this point.
Then the build and/or make install failed.
$ script log.txt
$ configure
$ make
$ make install
If you see errors at any point DO NOT go to the next step. You
should be able to post a
Uwe Driessen [EMAIL PROTECTED] wrote:
There missing the Framed-IP-Adress and the Acctsession-ID
is the MAC
from the Calling Station with this Information the Unique
session Id
is alway for this User the same and after a separation the Radius
write in the same record.
The
I am not sure what I am looking for but it appears something is going wrong
after the make command. I did not continue to make install.
These happen after .configure...
configure: WARNING: FAILURE: rlm_eap_peap requires: OpenSSL.
configure: WARNING: FAILURE: rlm_eap_tls requires: OpenSSL.
Will Carter [EMAIL PROTECTED] wrote:
This is at the very end after the make command
gmake[4]: *** [client.o] Error 1
gmake[4]: Leaving directory `/root/radiusd/src/main'
gmake[3]: *** [common] Error 2
The real errors are above that.
the full log is here:
Uwe Driessen [EMAIL PROTECTED] wrote:
My Problem is that there is nothing Acct-Session-Id comming from the AP700.
Acct-Session-Id's are not sent in Access-Request packets.
As Acct-Session-Id this AP sends the MAC off the Client no counter or other
unique's for this Session.
Then you're
You are absolutely right, I was careless to overlook the the cvs
command...stupid.
Anyways, I was successful at compiling the release_1_0 branch and I can
run that version of the freeradius server now.
BUT, my problem still remains, as is discussed here:
Will Carter [EMAIL PROTECTED] wrote:
It seems that there is no rlm_expiration module in the version that I just
got: cvs release_1_0 branch.
That's because it doesn't exist in that branch. The server core
supplies that functionality.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Hmm...I am trying hard to understand, but am not doing so well.
Can you give me another hint as to how I can get the rlm_expiration
functionality?
Here's a question. when I visit:
http://www.freeradius.org/cgi-bin/cvsweb.cgi/radiusd/src/modules/
I see a rlm_expiration module
Do I somehow get it
41 matches
Mail list logo