Orion wrote:
---++--+++--+-
| id | username | attribute | op | value|
++--+++--+
| 1 | orioni | Called-Station-Id | == | 001bd136e285 |
| 2 | orioni | Cleartext-Password | := |
William Segura wrote:
I am trying to setup Freeradius to authenticate against an active
directory server.
Only bind as user will work, and even then not always.
Here are the relevant files:
Please do not post configuration files to the list.
Radius Log:
...
rad_recv: Access-Request
Hi,
This can be done if we use the attribute Called-Station-Id
(or NAS-Identifier) with the operator '=~' and a value like
this: (00-1b-d1-36-e2-85|11-1b-d1-36-e2-86|22-1b-d1-36-e2-87)
This is a regular expression that will match the attribute
if its value is one of them that are listed.
Arlinelson Fernandes dos Santos wrote:
The pre1 version is buggy!!!
Yes... which is why 2.0.0 was released.
Now, I'm working to solver this: rlm_acct_unique: WARNING: Attribute
Client-IP-Address was not found in request, unique ID MAY be inconsistent
Grab the latest version from CVS. It
Pshem Kowalczyk wrote:
One more reason to upgrade ;-) Where should I look for that
functionality? proxy.conf?
Yes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 18/01/2008, Alan DeKok [EMAIL PROTECTED] wrote:
Pshem Kowalczyk wrote:
Is it possible to discard the packet on the proxy if the home server
doesn't reply and let the device to fall back to a different proxy?
Currently we use radius 1.1.7, but looking into upgrading it to 2.0.0.
As I can see Mikrotik wants mac address in next format XX:XX:XX:XX:XX:XX
(all letters must be in uppercase)
On Jan 17, 2008 7:53 PM, orion [EMAIL PROTECTED] wrote:
pershendetje/Hi dashamir.
sorry for my english , not my mother language.
i use the same scenario at our isp but we
check the
machine: TLS_accept:error in SSLv3 read client certificate A
user:(other): SSL negotiation finished successfully
There doesn't seem to be a machine certificate in the certificate store.
Ivan Kalik
Kalik Informatika ISP
Dana 18/1/2008, Michael Olson [EMAIL PROTECTED] piše:
I'm
Hello everyone,
I am trying to implement traffic volume accounting in my Radius server.
Is it possible to have a counter setup to achieve this?
I've tested a lot and it seems freeradius is just ignoring my counter.
I have somewhat managed to do some traffic accounting relying on external
scripts,
[EMAIL PROTECTED] wrote:
Hi,
This can be done if we use the attribute Called-Station-Id
(or NAS-Identifier) with the operator '=~' and a value like
this: (00-1b-d1-36-e2-85|11-1b-d1-36-e2-86|22-1b-d1-36-e2-87)
This is a regular expression that will match the attribute
if its value is one of
Hi,
I am not sure why, I inherited this setup and I am still trying to understand
it. The LDAP server is eDirectory (FreeRADIUS compiled with -with-edir)
The -X output says:
WARNING: Deprecated conditional expansion :-. See man unlang for details
expand:
Hi list,
Im completely new to freeradius, I have installed the server with MySQL and
also got the dialup web GUI up and running.
However its still not clear to me how I add new NAS devices, you dont appear to
be able to do that in the GUI. I just want
to add a system by IP address with a
Is it possible to have a counter setup to achieve this?
Yes. It is.
I'd like to know if someone has implemented realtime upload/download
limitations and what methods were used.
Realtime traffic accounting would have to be supported by your NAS. Any
kind of traffic/bandwidth
As entitled, with my office we have installed at a library town a server
with Ubuntu 7.10, Freeradius and Chilispot to
ensure wireless navigation to users with their notebooks from the local
library;
The access point is configured without any authentication, anyone can
connect, authentication
Erm, thanks. But Im trying to work out how I Administer the data in MySQL.
Are there no utilities for entering data? If I have to enter data manually
with SQL insert etc can anyone point me at some docs explaining the format
the information should be in??
Andy Smith wrote:
Im completely new
Hello,
Have you a patch for cisco wlse leap authentication, working for
freeradius 2.0 ?
Thanks
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(pt-BR) Ol Marcos,Eu tinha me deparado com este mesmo problema a
um tempo atrs, eu retirei o default e mudei de Date para IncidentDate, isso
resolveu.(en-US) Hi, Marcos,I saw this problem a time ago,
I delete the default in ID and replace Date to IncidentDate, appers to work
Hi,
I have installed freeradius-1.1.7 in fedora8. However I find that the module
rlm_sql does not work as described in this page:
http://wiki.freeradius.org/Rlm_sql
For example, I have inserted such data in the database:
radcheck:
+--+--+--++---+
| id |
FreeRadius Wiki is a good starting point. SQL Howto
Andy Smith wrote:
Erm, thanks. But Im trying to work out how I Administer the data in MySQL.
Are there no utilities for entering data? If I have to enter data manually
with SQL insert etc can anyone point me at some docs explaining the format
I am testing my current 1.1.7 config with version 2.0.0.
I have 2 bits of config that are not quite right on 2.0.0
1) I have the line:
filter = (cn=%{Stripped-User-Name:-%{User-Name}})
I am not sure why, I inherited this setup and I am still trying to understand
it. The LDAP server is
I'm trying to install and configure my freeradius at rhel 5 to authenticate in
ldapdatabase. i read the rml_ldap and configure then according i understand. I
start my server with no problem, but i'm not sure if its working good or bad. I
create a test user at ldap database with username and
Alan,
Thanks for your quick response! Yes, I'm aware that apple has
included FR into Leopard and am curious to see how it works in that
version of the OS once I move to it eventually. However, for the
Tiger users of which I'll remain for a while, I'd like to provide
ease of installation
Have a look in debug mode to see if you are getting accounting packets
from Chillispot. If you are not getting accounting data there is no way
for counter to work.
Off topic, what stops a user to use a different username and gain another
2 hours? Mikrotik has a trial mode where users can gain
The nas table definition can be found at the bottom of this page
http://wiki.freeradius.org/MySQL_DDL_script
make sure to set:
readclients = yes (probably at the bottom of sql.conf)
the column names in the nas table are pretty self-explanatory after you
have that set up. Just be sure to
Dean, Barry wrote:
1) I have the line:
filter = (cn=%{Stripped-User-Name:-%{User-Name}})
I am not sure why, I inherited this setup and I am still trying to understand
it. The LDAP server is eDirectory (FreeRADIUS compiled with -with-edir)
In 1.1.7, read doc/variables.txt
What
I loaded the computer certificate via the MMC Certificates module,
into the Local Machine, Personal store. When there isn't one in
there I get a can't find a certificate error in widows when trying
to connect and it never tries to do EAP. Also, looking at the user
log and the computer log, they
Greetings,
Quick disclaimer: Though I've been working on my unix chops for the
last year (intermittently), I still consider myself a bit of a
newbie, so I apologize for any questions that might have obvious
answers. That said:
I'm working on a port of FR 2.0 for macports.org and had a
Found the problem... and ummm... I'm really ashamed to admit this one.
I had the CA root certificate in the users trusted root store, moved it
over the machine trusted root store and all is well.
Thank you for enduring my duh moment.
-- Mike Olson
Michael Olson wrote:
I loaded the
Andy Smith wrote:
Im completely new to freeradius, I have installed the server with
MySQL and also got the dialup web GUI up and running.
However its still not clear to me how I add new NAS devices, you dont
appear to be able to do that in the GUI. I just want
to add a system by IP address
Hi,
thanks, Ive looked at this and its a good guide to initial install but doesnt
seem to provide any detailed info on how to administer the data in the tables.
IE there is a sample of some data from a test system but this doesnt even
mention the NAS table, how are other people administering
Hi Alan,
I understand that you know a lot more than i do. Can you point me to
right RFC or draft which tells about the EAP-MSCHAPv2 radius call flow. We
are trying to establish an IKEv2 tunnel using the EAP-MSCHAPv2
authentication. We are not using EAP-PEAP, so no certificates involved.
Hi,
thanks, Ive looked at this and its a good guide to initial install but
doesnt seem to provide any detailed info on how to administer the data in the
tables. IE there is a sample of some data from a test system but this doesnt
even mention the NAS table, how are other people
Rupert Finnigan wrote:
On 17/01/2008, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
I have hp procurve 3500yl switches for which i use mac based authentication
against radius server.
The radius server should assign the vlan's.
The pc that hangs behind the phone get the correct vlan, but the
Hi,
HP ProCurve edge series can only dynamically assign a single untagged VLAN
to any one switch port.
It is not possible to create dynamic VLAN trunks. It may be possible to
create a VLAN trunk statically, then leave the switch to do VLAN
assignment, and just deny/allow access via the
pershendetje/Hi dashamir.
sorry for my english , not my mother language.
i use the same scenario at our isp but we
check the MAC address of the NAS where the client comes from.
In mysql we have:
++--+++--+
| id | username | attribute |
Andy Smith wrote:
Erm, thanks. But Im trying to work out how I Administer the data in MySQL.
Are there no utilities for entering data? If I have to enter data manually
with SQL insert etc can anyone point me at some docs explaining the format
the information should be in??
There are many
36 matches
Mail list logo
