Humberto Cardoza wrote:
I am a new user with Freeradius, now i have it configured with Mysql
but, the problem that i have is that the cui table it is not pupulated
with information of the active sessions. i get configured the
sql/mysql/cui.conf and all the stuff that i found that is necessary,
On Wed, Nov 25, 2009 at 08:50:32AM +0100, Alan DeKok wrote:
I made my own instance of linelog and configured it just like the default,
i.e. it has:
format = ...
reference = %{%{Packet-Type}:-format}
That's used for logging per-packet information.
Accounting-Request
Hi,
I would like to group NASs by ip address but as I have a few hundred, I don't
want to maintain a list.
Can I configure ip address ranges in huntgroups eg. Group1 NAS-IP-Address ==
192.168.1.101 - 105
If not, can I use regular expressions?
How else can I do this? What is the best way?
Sorry,
if (Realm == 'your.realm') {
update control {
Auth-Type = Reject
}
}
Ana Gallardo Gómez
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
How do I tie up user to specific NAS so that they can log in from that
location only? I have different hotspots in different locations and
using dynamic-clients? After a quick search, I found NAS-Identifier
attribute. Is this the solution? If yes
NAS-Identifier = ? (IP, MAC, Name)
Thanks
Ben Carbery ben.carb...@gmail.com wrote:
I am using freeradius to proxy eduroam requests. These could be for any
number of different realms so I only have a DEFAULT realm configured.
I'm a 'DEFAULT' kinda guy, however there seems to be in the .ac.uk world
a push to get people to 'nudge'
Leighton Man l.j@hud.ac.uk wrote:
I would like to group NASs by ip address but as I have a few hundred,
I don't want to maintain a list.
Can I configure ip address ranges in huntgroups eg. Group1
NAS-IP-Address == 192.168.1.101 - 105 If not, can I use regular
expressions?
How
I used to use huntgroups to do this, however recently
discovered in the mailing list archives that the clients.conf
file can be used to better effect with grouping:
client 2.3.4.0/24 {
shortname = switch
secret = blar
}
client 3.4.5.0/24 {
Security.
http://www.eset.com
__ Information from ESET Smart Security, version of virus signature
database 4635 (20091125) __
The message was checked by ESET Smart Security.
http://www.eset.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
Hello
I'm playing with freeradius dhcp support, and get the following problem.
Freeradius 2.1.7, option 82, for dhcp snooping to work I have not only get
DHCP-Relay-Agent-Information (option 82) in request but send it back to dhcp
relay.
Just test examle (radiusd in debug mode):
-- next part --
An HTML attachment was scrubbed...
URL:
https://lists.freeradius.org/pipermail/freeradius-users/attachments/20091124/095ab34c/attachment.html
--
Message: 2
Date: Tue, 24 Nov 2009 19:35:17 - (UTC)
From:
Craig Campbell cr...@ccraft.ca writes:
can anyone identify a certain GOOD build to use for the git
bisect? (Say where 2.1.7 was released?)
I looked through the logs and have arbitrarily selected,
134f314c57d67b56bab93db4089c25e956ad6cf2] Lots of notes prior to 2.1.7
I do not know how to
Hello!
radiusd: FreeRADIUS Version 1.1.3, for host
x86_64-redhat-linux-gnu, built on Apr 25 2007 at 09:04:23
I need to make an authorization of some RADIUS clients in
LDAP by RADIUS. Clients need only to check passwords. I can
check this in ONE LDAP server at a time without problems.
It's work
Hi
Help again please!
I've read the doc at
http://deployingradius.com/documents/configuration/active_directory.html and
I'm now confused again.
I'm running version 2.1.7 so module configurations are now in a separate
directory rather than modules.conf.
I have an access request packet
Hey,
Firstly, is the accounting part of FreeRadius used by major organisations?
Due to the possibility and indeed occurrence of duplicate sessions appearing
in the radacct table and other issues I've found, it doesn't seem to be all
that robust a solution. I realise freeradius is just reporting
Ade Slade wrote:
Firstly, is the accounting part of FreeRadius used by major
organisations?
http://freeradius.org/press/survey.html
If by major, you mean 10 million or more users, yes.
Due to the possibility and indeed occurrence of duplicate
sessions appearing in the radacct table and
I want to configure EAP-TLS on freeradius but it doesn’t work I hope the
information below is enough.
I am using freeradius 2.1.1. (openSUSE11.1), first I configured PAP using
this tutorial(
http://en.opensuse.org/RadiusServerHOWTO#Configuring_file_based_authentication
Leighton Man wrote:
I've read the doc at
http://deployingradius.com/documents/configuration/active_directory.html and
I'm now confused again.
I'm running version 2.1.7 so module configurations are now in a separate
directory rather than modules.conf.
That change is just re-organization.
Hi,
I'm running FreeRADIUS Version 2.1.5. We are trying to do system
authentication for some users. Doing this by creating huntgroups based on
NAS-IP-Address, and then telling that huntgroup to use System for
authentication.
The problem is that although the Access-Request packet is shown
The problem is that although the Access-Request packet is shown as coming
from the correct host,
that host's ip address is not showing up as the NAS-IP-Address for that
request. Instead, it's showing
as 127.0.0.1 as seen below:
I'm wondering what could cause this? Any help is appreciated.
I just figured that out via a sniff. Thanks for the note. I'll go after the
requesting software now.
From: Garber, Neal [mailto:neal.gar...@energyeast.com]
Sent: November 25, 2009 2:27 PM
To: 'm...@unb.ca'; 'FreeRadius users mailing list'
Subject: RE: showing NAS-IP of 127.0.01 instead of
How do I tie up user to specific NAS so that they can log in from that
location only? I have different hotspots in different locations and
using dynamic-clients? After a quick search, I found NAS-Identifier
attribute. Is this the solution? If yes
NAS-Identifier = ? (IP, MAC, Name)
You will
You *can* have multiple entries (rows) for each user. You don't have to
cram everything into a single row.
Okay, but I don´t think it makes any sense that you have multiple inputs
of the same user in a table?
It doesn't make sense - to you. Everybody else is quite OK with that. You
evidently
radiusd: FreeRADIUS Version 1.1.3, for host
x86_64-redhat-linux-gnu, built on Apr 25 2007 at 09:04:23
Upgrade.
http://wiki.freeradius.org/Red_Hat_FAQ#Current_Pre-built_RPM.27s_for_RHEL_5_and_CentOS_5
I need to make an authorization of some RADIUS clients in
LDAP by RADIUS. Clients need only
Help again please!
I've read the doc at
http://deployingradius.com/documents/configuration/active_directory.html
and I'm now confused again.
I'm running version 2.1.7 so module configurations are now in a separate
directory rather than modules.conf.
I have an access request packet
Craig Campbell wrote:
Ok,
can anyone identify a certain GOOD build to use for the git bisect?
(Say where 2.1.7 was released?)
I looked through the logs and have arbitrarily selected,
134f314c57d67b56bab93db4089c25e956ad6cf2] Lots of notes prior to 2.1.7
I do not know how to force git
I am now seeing this very same problem, and strongly suspect it to be
related to dead proxy home servers. I was able to provoke the Exiting
normally on a server with *no* traffic at all, by doing a couple of
requests for a realm with dead home servers and then waiting:
Wed Nov 25 18:03:56 2009
At 02:54 PM 11/25/2009, you wrote:
Just make it anothe file in the modules directory (like all the others).
Any file placed in that directory is authomatically included as a module.
Can you provide an example of that file?
Also, on the web page for AD config it has:
ntlm_auth =
At 10:45 AM 11/25/2009, Alan DeKok wrote:
What part of the instructions is not working for you?
well for me at least, I have authentication working.
radtest account password localhost 0 m3H1hc4Z1OtpNC2ZLX3A
works fine.
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=164,
At 02:54 PM 11/25/2009, you wrote:
Just make it anothe file in the modules directory (like all the others).
Any file placed in that directory is authomatically included as a module.
Can you provide an example of that file?
Example for exec ntlm_auth is in the guide.
Also, on the web page for
At 10:45 AM 11/25/2009, Alan DeKok wrote:
What part of the instructions is not working for you?
well for me at least, I have authentication working.
radtest account password localhost 0 m3H1hc4Z1OtpNC2ZLX3A
works fine.
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=164,
At 05:04 PM 11/25/2009, t...@kalik.net wrote:
At 02:54 PM 11/25/2009, you wrote:
Just make it anothe file in the modules directory (like all the others).
Any file placed in that directory is authomatically included as a module.
Can you provide an example of that file?
Example for exec
Hi,
In the guide there are two separate ntlm_auth lines. The first one
says it should go in radiusd.conf. Where does that relate to a module?
in latest 2.1.x you will find ntlm_auth living in the mschap module -
you can coopy/read that method and command line
alan
-
List
freerad...@corwyn.net wrote:
At 05:04 PM 11/25/2009, t...@kalik.net wrote:
At 02:54 PM 11/25/2009, you wrote:
Just make it anothe file in the modules directory (like all the
others).
Any file placed in that directory is authomatically included as a
module.
Can you provide an example of
At 05:57 PM 11/25/2009, Rick Steeves wrote:
I have the cisco configured per that guide already . However, I
don't want to put user / password info in the users file, because
that would defeat part of the model of centralized authentication to
AD. So I want that to feed authentication back to
freerad...@corwyn.net wrote:
Perhaps my question is how to integrate
Per User Privilege Level
You can also send the privilege level (enable mode is level 15) for
individual users as a reply item to automatically put them into that
level with cisco-avpair = shell:priv-lvl=15
You can do this
At 06:24 PM 11/25/2009, you wrote:
Configure AD as ldap server in ldap module (.raddb/modules/ldap).
Then add to users file:
DEFAULT Ldap-Group == max_priv_level or whatever is your group called
Service-Type = NAS-Prompt-User,
cisco-avpair =
At 06:15 PM 11/25/2009, you wrote:
There are dozens of them there. Just save what is quoted in the
guide (with adjusted text) as a file into raddb/modules directory.
Yeah, and in tinkering with module files I clearly haven't had success.
so you're saying create a (adjusted for my environment)
freerad...@corwyn.net wrote:
At 06:15 PM 11/25/2009, you wrote:
There are dozens of them there. Just save what is quoted in the guide
(with adjusted text) as a file into raddb/modules directory.
Yeah, and in tinkering with module files I clearly haven't had success.
so you're saying create a
Alan DeKok al...@deployingradius.com writes:
Bjørn Mork wrote:
I am now seeing this very same problem, and strongly suspect it to be
related to dead proxy home servers. I was able to provoke the Exiting
normally on a server with *no* traffic at all, by doing a couple of
requests for a realm
hi,
i want to decode both(CHAP and MS-CHAP) passwords.
why i want to do this is?
i am sending username and password to java file to test authentication.there
it is unable to understand that chap and ms-cahp encrypted data.
before going to java file i will decode and convert to plain-text .so
41 matches
Mail list logo
