Nizar Zulmi wrote:
i just configure my RADIUS server with standard configuration. iam using
intel pentium 4 processors with 512MB of RAM, and this is what i got, to
perform stress test i am using Evolynx RADIUS load test??do you test
your RADIUS with this tool??this the result i got
We've
Fajar A. Nugraha wrote:
I just rebuilt 2.1.6 SRPM on RHEL5.
Using which spec file?
After some troubleshooting, I found out that
/etc/raddb/sites-available/* is NOT marked as %config(noreplace).
Since sites-enabled only have symlinks to sites-available files, this
effectively means RPM
On Tue, Jun 2, 2009 at 1:48 PM, Alan DeKok al...@deployingradius.com wrote:
Fajar A. Nugraha wrote:
I just rebuilt 2.1.6 SRPM on RHEL5.
Using which spec file?
From http://wiki.freeradius.org/Red_Hat_FAQ#Obtain_a_SRPM
After some troubleshooting, I found out that
2009/6/2 Alan DeKok al...@deployingradius.com:
Stun Box wrote:
I'm using PEAP/Mschapv2 with Windows machines. I need the user-name of
the inner-tunnel when the authentication ends to assign the vlan id.
...
But it seems it has not been escaped...
My User-Name DOMAIN/testx becomes = DOMAIN
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Stun Box wrote:
2009/6/2 Alan DeKok al...@deployingradius.com:
Stun Box wrote:
I'm using PEAP/Mschapv2 with Windows machines. I need the user-name of
the inner-tunnel when the authentication ends to assign the vlan id.
...
But it seems it has
ok, thank you for the news.
Regards,
2009/6/2 Arran Cudbard-Bell a.cudbard-b...@sussex.ac.uk:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Stun Box wrote:
2009/6/2 Alan DeKok al...@deployingradius.com:
Stun Box wrote:
I'm using PEAP/Mschapv2 with Windows machines. I need the user-name
Hi,
Alan committed a fix to the git repository last night. It does a
straight copy of the value without parsing it, so should fix the issues
you've been seeing.
does this fix mean that TTLS and PEAP get the inner identity copied
correctly so there is no more need for
update
a.l.m.bu...@lboro.ac.uk wrote:
does this fix mean that TTLS and PEAP get the inner identity copied
correctly so there is no more need for
update outer.reply {
User-Name = %{User-Name}
}
That's still needed. The question is what do you want the server to
Hi all,
At the moment, our FreeRaduis(v1.x) is looking up users in a PGSQL
database, with clear username and clear password in the fields.
We would like to switch it to FreeRadius (v2.x) and by the way, crypt
(SHA, just crypt(),...) the password in the Database. What encryption is
supported by
Am 02.06.2009 um 11:09 schrieb Rakotomandimby Mihamina:
Hi all,
At the moment, our FreeRaduis(v1.x) is looking up users in a PGSQL
database, with clear username and clear password in the fields.
We would like to switch it to FreeRadius (v2.x) and by the way, crypt
(SHA, just crypt(),...) the
I set in copy_tunnel_reply to yes and I use the inner-tunnel user-name
in my default / post-auth.
And I still have the real user-name hidden.
In default / post-auth :
update reply{
User-Name := %{request:User-Name}
Tunnel-Medium-Type = 6
Hi,
Heavy duty crypto can affect speed but that's part of cryptography's charm.
actually, this reminds me - the eap.conf calls 'DEFAULT' openssl crypto
engine - this should give the possibility to use offloading crypto
cards such as the Hifn (or even a VIA cX cpu with padlock engine.
alan
-
Well, I read the documentation, but I don't succeed to fix my problem, and I
don't know if the solution is in this documentation:
I use the attribute redundant and we can read:
* redundant{...} and append{...} are just shortcuts. You could write
group {
sql1 {
On 2/6/09 10:01, Alan DeKok wrote:
a.l.m.bu...@lboro.ac.uk wrote:
does this fix mean that TTLS and PEAP get the inner identity copied
correctly so there is no more need for
update outer.reply {
User-Name = %{User-Name}
}
That's still needed. The
Marinko Tarlac wrote:
After some investigation, I found that accounting start packets was
received before update packets and session was already in database
before the update happen. (AcctStartTime MySQL time in slow query log)
Also, after few tests I have:
- 10 000 row updates which doesn't
Good morning,
I back with the same problem.
I've seeing past post for last week but I have any wrong because those
solutions don't work for me.
I have a script in exec module which set 2 values: Session-Timeout if
everything is correct for each user and it calculate his remaining time
to
Arran Cudbard-Bell wrote:
Currently attributes in outer.reply are not inserted if:
1) You're doing EAP-TTLS-MSCHAPv2
I set use_tunneled_reply = yes, and I get the reply attributes
copied from the inner tunnel to the outer tunnel.
And if I do update outer.reply with an attribute, it works
We pass hostname$ to ntlm_auth by rewriting the User-Name attribute as
follows:
attr_rewrite machine_UserName {
attribute = User-Name
searchin = packet
searchfor = ^host/(.*).domain.name
replacewith = %{1}$
Hello everyone,
I'm using freeradius 2.0.4 with a ldap server as a backend for
authentication of users to our wireless network. I've defined two ldap
servers in the radiusd.conf file:
.
ldap ldap_uba {
server = ldap_server
basedn = dc=uba,dc=ar
Diego Martín Capello wrote:
Hello everyone,
I'm using freeradius 2.0.4 with a ldap server as a backend for
authentication of users to our wireless network. I've defined two ldap
servers in the radiusd.conf file:
..
I want to switch between them based on the NAS-IP-Address of the arriving
Hi All.
Has anyone had success with running FreeRADIUS in the cloud computing
environment.
If so, did you create your own cloud or use a vendor?
Regards
Stelio Gouveia
--
Skyrove Software Engineer,
Skyrove (Pty) Ltd
Technology Top 100 Award Winner (2006)
Mobile: +27 82 34 09 120
Tel: +27 861
I've been reading the docs regarding failover and I'm not sure if the following
is correct. It seems to process an extra query.
group {
redundant {
ldap1-primary
ldap1-failover
}
fail = 1
ok = return
redundant {
Is that because freeradius is kind of like apache, as in that only certain
ips' are allowed to hit the freeradius server? So it is pretty secure as
soon as you install it right?
thanks jon
On Thu, May 28, 2009 at 10:58 AM, Ivan Kalik t...@kalik.net wrote:
Does your freeradius server have to
Hi,
We pass hostname$ to ntlm_auth by rewriting the User-Name attribute as
follows:
attr_rewrite machine_UserName {
attribute = User-Name
searchin = packet
searchfor = ^host/(.*).domain.name
replacewith =
Alan DeKok escribió:
..
I want to switch between them based on the NAS-IP-Address of the
arriving
request, so I've used unlang in the authorize section:
... of the file raddb/sites-enabled/inner-tunnel.
Exactly, but the path is /etc/freeradius/sites-enabled/inner-tunnel,
because i'm
why? with recent versions of FreeRADIUS this just works(tm) with no
rewriting needed
- just ensure that the ntlm_auth line has the correct arguments and
you have the ntdomain stuff turned on .
we used to have all kinds of hacky stuff in our config...almost all
of it is now wiped away
Hi,
2009/6/2 a.l.m.bu...@lboro.ac.uk
why? with recent versions of FreeRADIUS this just works(tm) with no
rewriting needed
- just ensure that the ntlm_auth line has the correct arguments and
you have the ntdomain stuff turned on .
I've tried, and can't make the default work. I've got
Hi,
If I follow the logic as supplied by Neil, and remove the --domain option
then this works fine for all users in all domains, and machines in same
domain that winbind was joined to, but not machines from remote domains. If
ah! multiple remote domains - not in a forest of trust?
I can't
Hi,
Is that because freeradius is kind of like apache, as in that only certain
ips' are allowed to hit the freeradius server? So it is pretty secure as
soon as you install it right?
unless you have a firewall in place then anything could talk
UDP to ports 1812, 1813 and 1814 - but then if
Hi,
2009/6/2 a.l.m.bu...@lboro.ac.uk
ah! multiple remote domains - not in a forest of trust?
All in the same Forest Tree, yes - but it still appears to be unhappy as
it can't work out which the domain the $PCNAME$ machine lives in.
I can't really see anyway to resolve this, other
Fajar A. Nugraha wrote:
On Sun, May 17, 2009 at 11:33 PM, John Dennis jden...@redhat.com wrote:
However on tomorrow on Monday the 2.1.6 release is
scheduled to go public from the FreeRADIUS project. Shortly thereafter I
will have posted 2.1.6 SRPM and RPM's on koji (will probably show up by
Hi,
Sounds good - I'll give this logic a go... Where best to place this bit of
Unlang? In the inner-tunnel Authorization stanza, before ms-chap? Would I
need to repeat in the Authentication MS-CHAP bit too, or does it get set at
the beginning of the request session and follow all the way
Hi:
I am trying to configure a server-side IP pool for select pptp users to
bypass the NAS's internal pool. The documentation appears sparse, but
this is what I've done so far:
In raddb/radiusd.conf:
ippool users_pool {
range-start = 172.16.1.2
u...@3.am wrote:
I am trying to configure a server-side IP pool for select pptp users to
bypass the NAS's internal pool. The documentation appears sparse, but
this is what I've done so far:
In raddb/radiusd.conf:
ippool users_pool {
The examples show it using main_pool. The
I am trying to compile freeradius on uclibc, it complains of undefined symbol
__tls_get_addr. So I went to modify src/include/autoconf.h, and commented
#define HAVE_THREAD_TLS 1, then the compilation was successful. My question is
what do I missed from disabling THREAD_TLS ? Does it mean
Hi,
How configuring freeradius with ldap windows server 2003 ?
I do in my freeradius, when I installed it is
./configure --prefix=/usr/local/freeradius --with-modules=rlm-ldap
Until I'm configured in radiusd.conf
It's Still
radiusd.conf[744] Failed to link to module 'rlm_ldap': rlm_ldap.so: cannot
Hi everyone,
Can someone swing the clue bat at me, and provide me with information on
where I should look to find out how to disable detail log files for
specific NASs only?
I need to keep the detail files for legacy purposes, but only for
specific NASs, and I'd like to disable the rest of them
On Tue, 2 Jun 2009, Alan DeKok wrote:
u...@3.am wrote:
I am trying to configure a server-side IP pool for select pptp users to
bypass the NAS's internal pool. The documentation appears sparse, but
this is what I've done so far:
In raddb/radiusd.conf:
ippool users_pool {
The
--- On Tue, 6/2/09, Ming-Ching Tiew mct...@yahoo.com wrote:
I am trying to compile freeradius on uclibc, it complains
of undefined symbol
__tls_get_addr. So I went to modify
src/include/autoconf.h, and commented
#define HAVE_THREAD_TLS 1, then the compilation was
successful. My
Hello,
First of, been using freeradius for 5-6 years now and we are happy campers
thanks to it.
Freeradius 2.04 (Debian Lenny package), but I don't think this is
very version specific.
Configuration is set for direct (sql, not sql_log) logging of accounting
records into mysql.
We've got a
Hello,
I install freeradius on WIN2003,i want use AD as user database,
how to config radiusd.conf? LDAP or NTLM_Auth?
I can not find NTLM_Auth on windows 2003 , LDAP=AD?
thanks !
miao
2009-06-03
miaowang
-
List
On Tue, 2009-06-02 at 16:27 -0400, John Dennis wrote:
It looks like this was a packaging bug in the spec file. You are indeed
correct /etc/raddb/sites-available/* should have been %config(noreplace).
I'm in the process of pushing out a new set of packages with your
suggested fix. Thank you
Hari Novferdianto wrote:
Hi,
How configuring freeradius with ldap windows server 2003 ?
I do in my freeradius, when I installed it is
./configure --prefix=/usr/local/freeradius --with-modules=rlm-ldap
That isn't enough. You need to have the local LDAP libraries
header files on your
u...@3.am wrote:
Now I get this running debug mode:
}
/usr/etc/raddb/radiusd.conf[1824]: Failed to link to module
'rlm_ippool': rlm_ippool.so: cannot open shared object file: No such
file or directory
Because you don't have the GDBM libraries or header files.
Steve Bertrand wrote:
Can someone swing the clue bat at me, and provide me with information on
where I should look to find out how to disable detail log files for
specific NASs only?
$ man unlang
I need to keep the detail files for legacy purposes, but only for
specific NASs, and I'd like
Ming-Ching Tiew wrote:
What is the performance impact of disabling THREAD_TLS but
USE_PTHREAD_FOR_TLS instead ?
You're likely running on an embedded system (because you're using
ulibc rather than glibc). So performance is the least of your worries.
If you plan on having the system do EAP,
46 matches
Mail list logo