If we add a CONSTRAINT to enforce uniqueness for acctuniqueid in the DB,
will the failure to insert an accounting record confuse the freerad sql
module and will those failures percolate up towards the radius protocol
level and thus result in the NAS keep on sending that accounting packet?
Yes.
On 3/6/09 07:53, Arran Cudbard-Bell wrote:
If we add a CONSTRAINT to enforce uniqueness for acctuniqueid in the DB,
will the failure to insert an accounting record confuse the freerad sql
module and will those failures percolate up towards the radius protocol
level and thus result in the NAS
Hello,
On Wed, 03 Jun 2009 08:24:53 +0100 Arran Cudbard-Bell wrote:
[more uniqueness for accounting packets]
Example policy for this would be something like :
[snip]
Thanks a bundle for that, I was about to whack my head against the screen
here and type man unlang. ;)
If you're still
Hi,
I am using freeradius 2.1.3 for my AAA servers. I have a little problem when a
third-patner RADIUS is dead. My problem is my freeradius send the following
status packect every
2-5 seconds.
Sending Access-Request of id 77 to 200.160.126.23 port 1812
User-Name :=
Hi,
Following up from this, I think I've discovered what the real problem here
is. I think there's a problem with the MS-CHAP module
The module looks in the username to find host/ at the beginning, and if it
does then handles it differently. Whilst it sets the username section
correctly, it
Hello;
I have been using freeradius with CA, eap. I am also using OPENSLL
certificates
My question is that how to use only one certificate for only one user.
How to configure my raddb.conf, eap.conf, users for only one user.
Best regards,
begin:vcard
fn:Abdullah Dizdar
n:Dizdar;Abdullah
Santiago Balaguer García wrote:
I am using freeradius 2.1.3 for my AAA servers. I have a little problem
when a third-patner RADIUS is dead. My problem is my freeradius send the
following status packect every
2-5 seconds.
Sending Access-Request of id 77 to 200.160.126.23 port 1812
Hello,
I was wandering if anyone can help me. I am trying to set up freeradius
2.1.x
In the authorized section of default, we have the following coding:
if(%{User-Name} =~ /?([...@]+)@?([-[:alnum:]._]*)?$/) {
update request {
Realm := %{2}
Hi,
if(%{User-Name} =~ /?([...@]+)@?([-[:alnum:]._]*)?$/) {
update request {
Realm := %{2}
}
The staff login id is:
ps...@worc.ac.uk
Whereas the student login is in the format:
psdn1...@worc.ac.uk
Would it be possible to filter on the
Is there a way to tell freeradius not to include passwords in the log when
debugging?
-John
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok wrote:
Steve Bertrand wrote:
Can someone swing the clue bat at me, and provide me with information on
where I should look to find out how to disable detail log files for
specific NASs only?
$ man unlang
I need to keep the detail files for legacy purposes, but only for
Hi,
Is there a way to tell freeradius not to include passwords in the log when
debugging?
many ways - which log are you seeing the password in?
it *WILL ALWAYS* log any plain passwords when in full debug mode..
thats the idea of full debug mode
alan
-
List info/subscribe/unsubscribe? See
Hi every one
I am using freeradius 1.1.7
i am configuring checkval to check for Nas-Port-Type , i need to make
it checks for Nas-Port-Id also .
this is the radius.conf checkval sections
checkval {
item-name = NAS-Port-Id
check-name = NAS-Port-Id
item-name = NAS-Port-Type
check-name =
Hi
I think you have to do like this :
checkval checkNasPortId {
item-name = NAS-Port-Id
check-name = NAS-Port-Id
data-type = string
notfound-reject = yes
}
checkval checkNasPortType {
item-name =
Hi Franois
Thank you
it worked out
thanks a lot :-)
Regards,
Amr el-Saeed
Senior Systems Engineer
94 Tahrir St., Maghraby Plaza,
Dokki, Giza 12311, Egypt
T: +20 (2) 33 32 0700 | Ext: 1107
F: +20 (2) 33 32 0800 |
E: amr.elsa...@tedata.net
www.tedata.net
Franois Mehault
On Wed, 3 Jun 2009, Alan DeKok wrote:
Because you don't have the GDBM libraries or header files.
Ok, I installed those, and while I was at it, installed the latest
radiusd. The first error I got involved the experimental
raddb/sites-available/control-socket which was included in the old
Replying to myselferm, never mind...I must have a fairly old
raddb/radiusd.conf...I found this by googling:
db_dir = $(raddbdir) ==
It should be:
db_dir = ${raddbdir} (brackets are wrong)
On Wed, 3 Jun 2009, u...@3.am wrote:
On Wed, 3 Jun 2009, Alan DeKok wrote:
Because you
[snip]
Thanks a bundle for that, I was about to whack my head against the screen
here and type man unlang. ;)
If you're still getting duplicates, check that the NAS is actually
sending the value of the Class attribute. Vendors are notoriously bad
for ignoring the RFC in this area.
Yeah,
Arran Cudbard-Bell wrote:
Thanks, i'll poke Alan and see if he wants to include it.
$ git format-patch
:)
It'd be nice
to have a generic
hashing module for string expansions and not have to do some much unlang
hackyness,
useful for CUI too.
update reply {
User-Name :=
hi,
okay. so i've been preaching that people use eg
the buffered-sql virtual machine rather than do accounting
DB entries 'live' - therefore giving the admin better
FR performance with slower DBs etc...
however, I've been approached today by someone who has a
rather large detail file (few gigs)
Hi,
I have pap authentication working just fine. I want to change auth type to
chap. I am using the radius book that is very outdated. Don't really
understand why can't chap to work. I looked in the default file and chap
auth-type is not commented out, so I am assuming that if pap authentication
New to freeradius samba - and first post here.
Rather long post so to cut to the heart of the question:
Can freeradius be configured to authenticate users against an AD Forest
(multi-domain) using universal principal name (UPN) and if so...how?
I'm posting here because our only need for samba
Hi Adam,
I've been experimenting with something very similar recently.
ntlm_auth can handle authentication in one of the follow:
1. --username = NetBIOS Domain Name\Username, no --domain parameter
specified
2. --username = Username, --domain = NetBOIS Domain Name
3. --username = Username,
Hi All,
I'm *attempting* to recompile the rlm_mschap module with a quick mod to
hopefully fix my host authentication domain extraction problems.
Is this as simple as running make, and copying the resulting files to
/usr/lib (on my system atleast)?? And if so, is it just the two files I
need to
Rupert Finnigan wrote:
Hi All,
I'm *attempting* to recompile the rlm_mschap module with a quick mod to
hopefully fix my host authentication domain extraction problems.
Is this as simple as running make, and copying the resulting files to
/usr/lib (on my system atleast)?? And if so, is
25 matches
Mail list logo