Hi,
I thought the whole meaning of binding a freeRadius to an Active Directory
is that I have from now on just to configure Users in the AD.
So every device I want to authenticate on asks the FR which then asks the
AD. So the AD will answer if the User is valid and which Service-Type he
has.
On
On 2012/10/09 02:21 AM, 劉君羿 wrote:
I am using *Chillispot* on my NAS. But it doesn't seem to support CoA. Can
you suggest other AP controllers?
By the way, I though concurrent accounting was a feature that should be
supported. I wonder why it's not supported by the major AAA protocols.
Afaik
Hi,
I thought the whole meaning of binding a freeRadius to an Active Directory
is that I have from now on just to configure Users in the AD.
So every device I want to authenticate on asks the FR which then asks the
AD. So the AD will answer if the User is valid and which Service-Type he
has.
On 09/10/12 07:51, martin.heinzm...@belden.com wrote:
Hi,
I thought the whole meaning of binding a freeRadius to an Active
Directory is that I have from now on just to configure Users in the AD.
So every device I want to authenticate on asks the FR which then asks
the AD. So the AD will answer
Thank you guys very much. With your hints and a tutorial I found then(
http://www.perkinsblog.net/blog/index.php/2010/02/freeradius-and-windows-ad/
) I managed to make it work :-)
Thanks again
Martin
DISCLAIMER:
Privileged and/or Confidential information may be contained in this
message. If
I am trying to write a query to look at peoples quota and change their speed
biased on these details. So far I have:
if (%{sql: SELECT radgroupcheck.value FROM radusergroup Inner Join
radgroupcheck ON radusergroup.groupname = radgroupcheck.groupname WHERE
radusergroup.username = '%{User-Name}'
Jonathan Bastin wrote:
*Issue I get is that I always get *
Tue Oct 9 13:43:17 2012 : Info: ++- if (%{sql: SELECT
radgroupcheck.value FROM radusergroup Inner Join radgroupcheck ON
radusergroup.groupname = radgroupcheck.groupname WHERE
radusergroup.username = '%{User-Name}' AND
Thomas Raabo - Zitcom A/S wrote:
Need som help getting my external script to work
Here is my External module
exec MOTP {
wait = yes
program = /etc/raddb/otpverify.sh %{User-Name} %{User-Password}
%{reply:Secret} %{reply:Pin} %{reply:Offset}
What do you think
I seem to be losing it today. How do I check out the 2.2 version from git?
David
attachment: winmail.dat-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Here is my External module
exec MOTP {
wait = yes
program = /etc/raddb/otpverify.sh %{User-Name} %{User-Password}
%{reply:Secret} %{reply:Pin} %{reply:Offset}
What do you think that does? What is reply:Secret and reply:Pin ?
-Well a select is done on radcheck
This is the full dump I get
rad_recv: Access-Request packet from host 193.000.221.00 port 1645, id=213,
length=141
Framed-Protocol = PPP
User-Name = 02085000...@peerpointinternet.co.uk
CHAP-Password = 0x045f3e13da52acf8b9e784c0c125ed102f
Connect-Info =
I was mixed up on what table I am talking about its the radcheck
table. I was using navicat to set the attribute to Crypt-Password and
refreshing the database. The password stayed in plain text.
On Mon, Oct 8, 2012 at 4:29 PM, Matthias Nagel
matthias.h.na...@gmail.com wrote:
Hello,
first,
Hi,
Is there a document that I consult so I know what to look for if I want
more than just authentication with radius ?
I would like to buy a wireless accesspoint where I can time
user-access, meaning my users are restricted in time when they can use
the wireless accesspoint, and force them
On 09/10/12 14:44, David Peterson wrote:
I seem to be losing it today. How do I check out the 2.2 version from git?
It's the v2.1.x branch.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I've just updated my freeradius servers from 2.1.7 to 2.1.12 via yum update and
it worked like a charm, I'd always been a little nervous to do this until now.
This has given me the confidence to look into upgrading the servers from the
source files to get up to 2.2.0.
Reading the README and
On 09/10/12 14:47, Thomas Raabo - Zitcom A/S wrote:
Here is my External module
exec MOTP {
wait = yes
program = /etc/raddb/otpverify.sh %{User-Name} %{User-Password}
%{reply:Secret} %{reply:Pin} %{reply:Offset}
What do you think that does? What is reply:Secret
On 09/10/12 15:23, Morris, Andi wrote:
Firstly running ./configure failed because my server (CentOS 5.5) didn’t
have a C compiler installed. I installed GCC via yum, and on we go.
Now the configure.log tells me I don’t have make installed. I installed
that via yum, and on we go.
You need
Morris, Andi wrote:
I guess there’s something here to show what’s wrong? Is there any log
created by make and make install?
They log what they're doing to standard out. The intention is for you
to read it.
Do I need to specify an installation
directory or does the code know where my
Thanks for the info Phil. One thing that did not work, the server still had
the old sql.conf file in the raddb directory. I copied it to modules/sql
and it worked fine.
David
-Original Message-
From:
freeradius-users-bounces+davidp=wirelessconnections@lists.freeradius.org
Koenraad Lelong wrote:
Is there a document that I consult so I know what to look for if I want
more than just authentication with radius ?
See the NAS vendor documentation.
I would like to buy a wireless accesspoint where I can time
user-access, meaning my users are restricted in time when
Oh dear, that's pretty glum news. I wasn't in this role when the server was
setup, so I'm not sure why it would be as broken as it is.
Perhaps I'll leave these servers at 2.1.12 until the yum repository is update
to 2.2.0, with the thought of getting a fresh install on a new server asap.
I guess there’s something here to show what’s wrong? Is there any log
created by make and make install?
They log what they're doing to standard out. The intention is for you to
read it.
Fair enough, the output on screen was scrolling far too fast to read, I
should probably have
Hi,
./configure
make
make install
Firstly running ./configure failed because my server (CentOS 5.5) didn’t
have a C compiler installed. I installed GCC via yum, and on we go.
i see you've already had advise with yum groups - if you did carry on you'd
see tools missing
On 10/09/2012 10:23 AM, Morris, Andi wrote:
I’ve just updated my freeradius servers from 2.1.7 to 2.1.12 via yum
update and it worked like a charm, I’d always been a little nervous to
do this until now. This has given me the confidence to look into
upgrading the servers from the source files to
Thanks Alan, I'll investigate all of that further.
Cheers all,
Andi
-Original Message-
From: freeradius-users-bounces+amorris=cardiffmet.ac...@lists.freeradius.org
[mailto:freeradius-users-bounces+amorris=cardiffmet.ac...@lists.freeradius.org]
On Behalf Of alan buxey
Sent: 09 October
On 10/09/2012 11:19 AM, John Dennis wrote:
The process to build a local rpm is detailed in the FreeRADIUS wiki page
Red Hat FAQ (which apparently has moved, maybe someone can provide a
pointer).
Ah, found it:
http://wiki.freeradius.org/guide/Red-Hat-FAQ
Some of the info is a little outdated,
On Tue, 2012-10-09 at 11:19 -0400, John Dennis wrote:
By using a rpm spec file to build rpms from you'll get all the nasty
details of correct building handled for you. There are 2.2 rpms
available for Fedora. Just be aware spec files are also tuned for
specific Red Hat releases, you'll
On 10/09/2012 11:55 AM, John Horne wrote:
On Tue, 2012-10-09 at 11:19 -0400, John Dennis wrote:
By using a rpm spec file to build rpms from you'll get all the nasty
details of correct building handled for you. There are 2.2 rpms
available for Fedora. Just be aware spec files are also tuned for
Am Dienstag 09 Oktober 2012, 09:10:15 schrieben Sie:
I was mixed up on what table I am talking about its the radcheck
table. I was using navicat to set the attribute to Crypt-Password and
refreshing the database. The password stayed in plain text.
I do not use MySQL a lot and I have never
All,
Bit of an odd one here. Not sure where best to bring it up... if anyone
has a more suitable discussion forum, please point me that way!
As I iterate through our logging config, I'm gaining increasing
visibility of all kinds of peculiar stuff. This one I spotted today - we
are seeing
Hi,
As I iterate through our logging config, I'm gaining increasing
visibility of all kinds of peculiar stuff. This one I spotted today
- we are seeing remote RADIUS servers (eduroam visited sites)
sending retransmits via different intermediate proxies.
I've seen this a couple of times int
On Sat, Oct 6, 2012 at 4:03 AM, Alan DeKok al...@deployingradius.com wrote:
Or, use Raw-Attribute in FreeRADIUS. It puts data into a packet
exactly as-is. It means that you do the work of creating a VSA with
subattributes, and FreeRADIUS handles all of the signing, packet
sending, etc.
Can freeradius be configured to authenticate all requests and only log the
authentication attempts, including username and password in plain text.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Well I'm back...
I have changed the module line in /etc/raddb/modules/perl, from:
module = ${confdir}/example.pl
to: module = /etc/raddb/sjpl.pl
Also, in the perl file I have uncommented the line: func_authenticate
= authenticate
Next, in /etc/raddb/sites-enabled/default I added perl to the
On 09/11/2012 07:42 AM, Alan DeKok wrote:
Jonathan Gazeley wrote:
It seems to me that the broken behaviour is not with RPM but with
FreeRADIUS. Can the regular expression that includes config files and
modules be tweaked to exclude *.rpmnew files?
As always, patches are welcome.
O.K. I
Hi all,
We're currently using Microsoft IAS for RADIUS on our Cisco managed
wireless network. We do wireless logon on our clients, which requires the
user to first authenticate to RADIUS to initiate the wireless connection,
then authenticate against Active Directory to complete the login process.
On Tue, Oct 9, 2012 at 11:11 PM, John Dennis jden...@redhat.com wrote:
On 10/09/2012 11:55 AM, John Horne wrote:
On Tue, 2012-10-09 at 11:19 -0400, John Dennis wrote:
Unfortunately (?) the differences now between Fedora and RHEL,
especially in terms of Fedora using systemctl rather than SysV
On Wed, Oct 10, 2012 at 5:39 AM, John Dennis jden...@redhat.com wrote:
On 09/11/2012 07:42 AM, Alan DeKok wrote:
Jonathan Gazeley wrote:
It seems to me that the broken behaviour is not with RPM but with
FreeRADIUS. Can the regular expression that includes config files and
modules be tweaked
Far Runner wrote:
I have tried Raw-Attribute, but the result packet doesn't contain the
synthesized VSA, and there is no error message in -X debug output. I
search around, and found following in 2.0.2 release notes:
* Added ability send raw attributes via Raw-Attribute =
0x0102...This is
Jason Agress wrote:
I've read lots about this problem with FreeRADIUS and have seen some
implied solutions, but nothing concrete. So here's my question: With
FreeRADIUS, is there a way to allow successful RADIUS authentication
with an expired password? This way the AD login process can
Will that allow successful RADIUS authentication - and, therefore wireless
access - before the password change is initiated? Because our clients are
Macs that won't prompt for password change until after they are connected
to the wireless and authenticating against AD.
Alan DeKok Wrote:
Jason
On Wed, Oct 10, 2012 at 5:30 AM, Metcalf, David
david.metc...@expedient.com wrote:
Can freeradius be configured to authenticate all requests and only log the
authentication attempts, including username and password in plain text.
Sort of. See
On Wed, Oct 10, 2012 at 8:36 AM, Alan DeKok al...@deployingradius.com wrote:
Far Runner wrote:
I have tried Raw-Attribute, but the result packet doesn't contain the
synthesized VSA, and there is no error message in -X debug output. I
search around, and found following in 2.0.2 release notes:
43 matches
Mail list logo