Hi,
i even downloaded the freeradius-1.1.6 and installed it again when
i give the cmd radiusd -X, i get the same error
you have played wildly witht he config file...and have not supplied
that. its complaining because the config is incorrect (eg you've put
a PAP entry in the authorize
Did you try Crypt-Local auth-Type?
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Felipe Ceglia -
PY1NB
Gesendet: Mittwoch, 13. Juni 2007 00:26
An: FreeRadius users mailing list
Betreff: Re: encrypted password
Hi Arran,
Thank you for your
Jaume wrote:
Can my machine run 2 FreeRadius at the same time? Each FreeRadius in a
diferent IP but simultanously in the same CPU and O.S.? Somebody tell
me thats possible if each radius is reading from a diferent PATH...
As Josh said, yes.
But why? The server can be configured to listen
Colleen C. Morrissey wrote:
My question is can I somehow support both simultaneously with the same
freeradius daemon (I know I can simply run a second daemon on different
port supporting the other but that will require me to do lots of work on
infrastructure/ssids to point to different
[EMAIL PROTECTED] wrote:
Hi,
I am wondering if there is a tool or way to check the statistics in real
time.
I need something that can tell me how many users got accepted and
rejected so far since Radius started.
such a value would be nice as an SNMP'able 64bit counter?
If you build
Joe Vieira wrote:
Hi,
i've got freeradius 1.1.6 running on rhel5. when i goto do an ldap auth.
i get this
...
Segmentation fault
See doc/bugs
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List
Mahalakshmi Vijayakumar wrote:
Hi,
i even downloaded the freeradius-1.1.6 and installed it again when
i give the cmd radiusd -X, i get the same error
...
radiusd.conf: PAP modules aren't allowed in 'authorize' sections --
they have no such method.
radiusd.conf[1788] Failed to parse
Guilherme Franco wrote:
Hi,
Sorry for bothering you guys.
I would like to humbly ask if there's any ideas on this?
There's a lot there, and it's not clear what's going on.
Look at the differences between the two configurations.
Alan DeKok.
--
http://deployingradius.com -
Hi,
If you build the server with SNMP, it's available as a standard 32-bit
counter, via the RADIUS MIBs.
ah, sorry, thought it was 64bit as 32bit COULD wrap
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Did you put 9D8wtP7DGqgCg or 9D8wtP7DGqgCg into the database? Use
crypt and check if that is the crypted password you think it should be.
Ivan Kalik
Kalik Informatika ISP
Dana 12/6/2007, Felipe Ceglia - PY1NB [EMAIL PROTECTED]
piše:
Hi Arran,
Thank you for your reply.
I tried Crypt-Password
There are reports on the list that on odd occasion Simultaneous-Use
dosn't work with Cisco NAS. Turns out that sometimes OID in checkrad
needs to be changed. But if it works ...
Ivan Kalik
Kalik Informatika ISP
Dana 12/6/2007, Irina [EMAIL PROTECTED] piše:
Thanks so much. It makes a perfect
Hello,
I am quite new to the Freeradius topic and I have got a problem:
First of all I started with this tutorial:
http://www.wi-fitechnology.com/Papers+req-showcontent-id-1-page-2.html
But I did not get it running. Then I changed the configuration to this:
00-19-d2-2a-61-50 Auth-Type
[EMAIL PROTECTED] wrote:
Did you put 9D8wtP7DGqgCg or 9D8wtP7DGqgCg into the database? Use
crypt and check if that is the crypted password you think it should be.
Ivan Kalik
Kalik Informatika ISP
Dana 12/6/2007, Felipe Ceglia - PY1NB [EMAIL PROTECTED]
piše:
Hi Arran,
Thank you for
[EMAIL PROTECTED] wrote:
Hi,
If you build the server with SNMP, it's available as a standard 32-bit
counter, via the RADIUS MIBs.
ah, sorry, thought it was 64bit as 32bit COULD wrap
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Does
attached is my gdb log, looks like something happens with the ldap_set_option()
function. thanks for having a lot
Joe
-Original Message-
From: [EMAIL PROTECTED] on behalf of Alan Dekok
Sent: Wed 6/13/2007 3:33 AM
To: FreeRadius users mailing list
Subject: Re: seg fault
Joe Vieira
[EMAIL PROTECTED] wrote:
Hello,
I am quite new to the Freeradius topic and I have got a problem:
First of all I started with this tutorial:
http://www.wi-fitechnology.com/Papers+req-showcontent-id-1-page-2.html
But I did not get it running. Then I changed the configuration to this:
[EMAIL PROTECTED] wrote:
In the debug log I can see, that it should work. Without encryption it
works, but as soon as I configure any kind of static encryption (WEP, WPA)
on the ap, I won´t get any connection.
What do you mean by that?
When WEP or WPA is used, the AP doesn't contact the
Alan Dekok wrote:
[EMAIL PROTECTED] wrote:
In the debug log I can see, that it should work. Without encryption it
works, but as soon as I configure any kind of static encryption (WEP, WPA)
on the ap, I won´t get any connection.
What do you mean by that?
When WEP or WPA is used, the
[EMAIL PROTECTED] wrote:
such a value would be nice as an SNMP'able 64bit counter?
Does anyone know of any system that could be used to remotely monitor if
a radius server is up?
Similar to the uptime testing tools that are available for DNS and http.
Chatted to my current monitoring
Do you mean you are not getting any Access-Reqest packets? Problem is
hardly with radius then.
Ivan Kalik
Kalik Informatika ISP
Dana 13/6/2007, [EMAIL PROTECTED] [EMAIL PROTECTED] piše:
Hello,
I am quite new to the Freeradius topic and I have got a problem:
First of all I started with this
Hi,
Does anyone know of any system that could be used to remotely monitor if
a radius server is up?
we use nagios and SNMP - zabbix could also be used to monitor the service
in a client/server way.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi there,
Thank you for your replies, but I cannot manage to make this crypt thing
work.
I dont have the on the databse, it looks like:
mysql select * from radcheck where username = 'anavc';
++--++---++
| id | UserName | Attribute | Value
Hello,
It's the same server with the very same config for both users in
radcheck and radreply, except that in proxy.conf, only the proxy.com
realm is set to be proxied to 192.168.1.2.
When the user [EMAIL PROTECTED] (no proxy) logs in, the VSA
ERX-Service-Bundle is sent to the B-RAS, while it's
Arran Cudbard-Bell wrote:
Surely it does for *MAC* based authentication, which is what hes using
judging by the users file entry...
If that has been configured, yes.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
Felipe Ceglia - PY1NB wrote:
When I try to put pap on the authorize section, server dies:
radiusd.conf: PAP modules aren't allowed in 'authorize' sections --
they have no such method.
Install 1.1.6.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
I've updated the documentation for radiusd.conf, to document the new
un-language. Text is attached here for comment.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
unlang(5) FreeRADIUS Processing
radiusd.conf.in,v 1.123 2002/11/12 20:22:48
What server version is this? Install current version (1.1.6) and it will
work with default configuration.
Ivan Kalik
Kalik Informatika ISP
Dana 13/6/2007, Felipe Ceglia - PY1NB [EMAIL PROTECTED]
piše:
Hi there,
Thank you for your replies, but I
-50
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
radius_xlat:
'../var/log/radius/radacct/172.19.0.11/auth-detail-20070613.log'
rlm_detail:
../var/log/radius/radacct/%{Client-IP
[EMAIL PROTECTED] wrote:
Here is the output from the debug screen... The authorization process as
below loops when I switch on the encryption. Without any encryption it
works quite perfect.
Or is it 'not' possible to use mac authentication and WEP/WPA with
preshared key at the same time?
Graham Beneke wrote:
Does anyone know of any system that could be used to remotely monitor if
a radius server is up?
radclient? Send the server a Status-Server request, and it should
respond. See radiusd.conf for more.
Something along the lines of radtest and then you would add a
group authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
radius_xlat:
'../var/log/radius/radacct/172.19.0.11/auth-detail-20070613.log'
rlm_detail:
.../var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d.lo
g expands to
.../var/log/radius/radacct
switch
Evaluate the given string, and choose the first matching case
statement inside of the current block. No statement other than
case can appear in a switch block.
switch string {
...
Arran Cudbard-Bell wrote:
switch
These work now ? :D
Yes. I just added a default to the switch statements, too. See the
updated man unlang.
Control instead of config ?
Yes. config is already used for configuration-file stuff.
Cool , very nice work :)
Thanks. I think it's
Thanks! I had ldap returning Password-with-Header for GTC deployment
and then added NT-Password for ms-chapv2. Commenting out the
password-with-header for userpassword in ldap.attrmap seems to allow
both to work. Which makes my life much easier :)
Alan Dekok wrote:
Colleen C. Morrissey
Hi,
I have a trainee.
-I have to write a module witch should be able to authenticate users with
username and password concatenated to OTP (One Time Password) rather than
only password.
- this module should be able to authenticate first the user within Active
Directory and then validate the OTP.
First, thanks to Ivan for help with Simultaneous and to Dennis with
indexing.
I am new to radius, please bear with me. I will try to describe the problem
as much as I can.
I need to ask if anybody has experienced a problem with DB handles. Here is
what we have experienced a couple of times.
= 00-19-d2-2a-61-50
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
radius_xlat:
'../var/log/radius/radacct/172.19.0.11/auth-detail-20070613.log'
rlm_detail:
.../var/log/radius/radacct
Hello all,
Does anybody use monit?
I am using the following in monit.conf
---
check process radiusd with pidfile /var/run/radiusd.pid
group radius
start program = /etc/init.d/radiusd start
stop program = /etc/init.d/radiusd stop
if failed host 127.0.0.1 port 1645 type udp then
Alan Dekok wrote:
Graham Beneke wrote:
Does anyone know of any system that could be used to remotely monitor if
a radius server is up?
radclient? Send the server a Status-Server request, and it should
respond. See radiusd.conf for more.
Something along the lines of radtest and then
Dennis Skinner wrote:
Alan Dekok wrote:
Graham Beneke wrote:
Does anyone know of any system that could be used to remotely monitor if
a radius server is up?
radclient? Send the server a Status-Server request, and it should
respond. See radiusd.conf for more.
Something along the lines
Hi,
Hello all,
Does anybody use monit?
I am using the following in monit.conf
---
check process radiusd with pidfile /var/run/radiusd.pid
group radius
start program = /etc/init.d/radiusd start
stop program = /etc/init.d/radiusd stop
if failed host 127.0.0.1 port 1645 type
Found the issue, i added -DLDAP_DEPRECATED to the CFLAGS.
Joe
Joe Vieira wrote:
Hi,
i've got freeradius 1.1.6 running on rhel5. when i goto do an ldap auth.
i get this
...
Segmentation fault
See doc/bugs
Alan DeKok.
--
http://deployingradius.com - The web site of the
Dennis Skinner wrote:
Except I don't think that will test your db connection (if you have
one). If you use radclient to do a full auth test, you get a better
idea as to the status of the entire service instead of just the daemon.
That's why 2.0.0 has the following support for Status-Server:
Control instead of config ?
Yes. config is already used for configuration-file stuff.
Both appear to work and do the same thing when updating things...
Ok,
It appears that either update request is broken,
or something else weird is happening.
if((%{User-Name} =~ /([^-]+)-emergency-/)
Alan Dekok wrote:
Arran Cudbard-Bell wrote:
Actually ... it might be an idea to add another return path which drops
the request and sends no reply, just to make the RADIUS server seem dead
if any of it's critical dependencies fail.
I've been discussing similar issues on the IETF RADIUS
Arran Cudbard-Bell wrote:
Actually ... it might be an idea to add another return path which drops
the request and sends no reply, just to make the RADIUS server seem dead
if any of it's critical dependencies fail.
I've been discussing similar issues on the IETF RADIUS list. It seems
that
I use Nagios and NRPE to monitor my servers. With this you can check
any number of things, including the db connections, slow queries, radius,
cpu time, memory, any number of ports, etc... Provides
a web interface and full reporting, including notifications by email,
text message... It works
update request {
NAS-IP-Address := %{Packet-Src-IP-Address}
}
Results in bus error
update request {
NAS-IP-Address = %{Packet-Src-IP-Address}
}
Is fine...
--
Arran Cudbard-Bell ([EMAIL PROTECTED])
Authentication, Authorisation and Accounting
From: Alan Dekok [EMAIL PROTECTED]
Run it under valgrind, and re-direct all of the valgrind output to a
file.
What radiusd switches should I use?
I've never used valgrind before, not sure if it handles daemonized and/pr
threaded services, so I'm not sure if I'd need to run radiusd with -s
If you meant that I have to restart radius whenever I need the statistics, I
will not do that. Is there a way that we can rotate radius.log then?
Dennis Skinner [EMAIL PROTECTED] wrote: Kevin J wrote:
I am wondering if there is a tool or way to check the statistics in real
time.
I need
Kevin J wrote:
I need something that can tell me how many users got accepted and
rejected so far since Radius started.
Rotate the log whenever you restart radius then:
grep -c OK radius.log
grep -c Failed radius.log
If you meant that I have to restart radius
There are quite a few droped packets here. And vry slow
communication. That first request was processed for more than 5 seconds
which is way too long. It looks like chackrad is haging for a very, very
long time. Can you run radiusd -X and post the output (or attach it to
e-mail) when this
PS. Example:
http://puck.nether.net/pipermail/cisco-nas/2004-January/000474.html
checkrad works with one Cisco router but not with another with same
configuration and same IOS version.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
MessageI am having a problem with freeradius 1.1.6 crashing unexpectantly.
Only once has it given the error
Jun 9 13:32:35 radius freeradius[16938]: Assertion failed in util.c, line 190
Jun 9 13:32:35 radius freeradius[17330]: Assertion failed in threads.c, line
394
As of yet I have no
MessageUpdate! it may be related to the radwtmp file as when I restarted the
daemon it complained of file size exceeded when I started in debug mode.
deleted that file and it started fine.
- Original Message -
From: Mark Jones
To: FreeRadius users mailing list
Sent: Wednesday,
Has anybody published any FreeRadius 2.0 Debian (.deb) Packages yet ?
George.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
56 matches
Mail list logo