Sven Hartge wrote:
Um 04:27 Uhr am 15.05.05 schrieb Chan Min Wai:
I'm working with freeradius that running EAP auth, the account info is
with LDAP server.
Just want to know what kind of Right did the freeradius need to have on
the LDAP server so that the ACL on the LDAP server can
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm working with freeradius that running EAP auth, the account info is
with LDAP server.
Just want to know what kind of Right did the freeradius need to have on
the LDAP server so that the ACL on the LDAP server can be control.
Also, I'm abit
On Wed, 30 Mar 2005 18:43:12 +0800, Chan Min Wai [EMAIL PROTECTED] wrote:
Hello all,
Anyone can help me configure the Auth-type
EAP for NAS A,b,c,d,e
plaintext for NAS h,i,j,k
regards.
extract from eap.conf
#
# Whatever you do, do NOT set 'Auth-Type := EAP'. The server
# is smart
Dear all,
I would like to have the variable below.
(Can get from almost everywhere)
1) User-Name
2) Nas-Ip-Address
3) Framed-Ip-Address
(Only can get the information if the exec run on the accounting part)
4) Acct-Status-Type
5) Acct-Session-Id
6) Acct-Unique-Session-Id
7) Acct-Session-Time
8)
MINODIER David RD-RESA-LAN wrote:
I found the solution.
Sorry for bothering.
Yours,
David.
I would like to know the answer too.
Thank you
-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la
part de MINODIER David RD-RESA
Envoyé : vendredi 13 août 2004
Dear all,
Anyone can provided me some of the references for using a different
accounting sql server for different class?
Regards,
Chan Min Wai
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dear all,
I've a few account type, one postpaid, one prepaid.
If there anyway I can split their Data input in SQL?
I've being trying to use class, but I don't know how.
both type of the users is in the same realms.
Anyone can provided some guide?
Regards,
Thank You
-
List
Alan DeKok wrote:
Chan Min Wai [EMAIL PROTECTED] wrote:
What should I provided so that the auth-type will be automated?
To do what?
To switch to EAP or normal... auth method.
The server does that automatically.
Alan DeKok.
This is what I'm having...
Listening on authentication
it into the files name.
This is a Hack not a solution...
Regards
Chan Min Wai
dhcpctrl.tar.gz
Description: Unix tar archive
Alan DeKok wrote:
Chan Min Wai [EMAIL PROTECTED] wrote:
I'm forcing Auth-Type == EAP-MD5 in my LDAP default profiles attribute
otherwise the switch auth will not pass.
There is no Auth-Type EAP-MD5.
Sorry Auth-Type = EAP
What should I provided so that the auth-type will be automated
Deal all,
I've a small problem here, Just minor...
I'm forcing Auth-Type == EAP-MD5 in my LDAP default profiles attribute
otherwise the switch auth will not pass.
What should I provided so that the auth-type will be automated?
Regards
dcmwai
Thank You
-
List
but it don't really help if you only want to remove the users on
one NAS switch instate of all of them.
Regards,
Chan Min Wai
Chan Min Wai wrote:
Radius wrote:
Radzap is mainly for the stale radwho that are not there but still
showing loged in.
Yep that user is already logout due
Name What TTY When From Location
[EMAIL PROTECTED] dcmwaiATocesb.com. shell S145 Thu 18:05 192.168.0
[EMAIL PROTECTED] root]#
Any idea/guide?
Regards
Chan Min Wai
Chan Min Wai wrote:
Hello all,
I found that this script isn't working for me, so wonder
to get this function working...
Regards,
Thank you
Chan Min Wai
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dustin Doris wrote:
On Wed, 2 Mar 2005, Chan Min Wai wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chan Min Wai wrote:
Dustin Doris wrote:
the variable for this script is
1) the NAS ip (the dhcp object class)
2) the Client MAC address
Hello all,
I know the script need to be define in the exec {}
And the script before users login is put into post-auth, what about the
script after users logout or Just before users logout?
Anyone have any idea?
Below is the script that someone help me to control dhcp with radius...
To remove
[EMAIL PROTECTED] wrote:
LS
How about accounting, when the disconnect frame enters.
I've try to put there but what happen is that...
the users, get an ip and the the ip being release
Because account will be process after post-auth.
Any more idea?
regards
Chan Min Wai
-Original
Alan DeKok wrote:
Chan Min Wai [EMAIL PROTECTED] wrote:
What about the info that provided by the freeradius?
When we are using ippool which meant that the ipaddress actually came
from us. So we should be able to log them right?
When the IP address is assigned, yes.
I do try
Alan DeKok wrote:
Chan Min Wai [EMAIL PROTECTED] wrote:
I put it on the sql.conf
On
accounting_update_query = UPDATE ${acct_table1} \
SET FramedIPAddress = '%{reply:Framed-IP-Address}', \
...
And you're not seeing it in the database. This is covered in the
FAQ
can try it with a real NAS.
Thank You
Regards,
Chan Min Wai
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[EMAIL PROTECTED] wrote:
LS
How about accounting, when the disconnect frame enters.
Where is the diconnect frame enters located?
Thank You
Chan Min Wai
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-start records are not delayed.
Thank for the help, unlucky I'm not using cisco as the NAS :(
Just too bad...
Regards,
Chan Min Wai
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
,
Chan Min Wai
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok wrote:
Chan Min Wai [EMAIL PROTECTED] wrote:
I've the freeradius, ippool with mysql running however in the database
this fields is always blank.
WHAT fields?
Frame-IP-Address (this is more important)
NASPortType (I've sure the request have this)
CalledStationId
Alan DeKok wrote:
Chan Min Wai [EMAIL PROTECTED] wrote:
...
These are the fields that have no information at all.
Please read the FAQ. The server can only log what the NAS sends.
Alan DeKok.
What about the info that provided by the freeradius?
When we are using ippool which meant
of something..
If the NAS list is check from time to time. The restart might not be
required...
Am I dreaming somehow?
Regards.
Chan Min Wai
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment
one
subnet per pool?
And What about ippool fail over ;)
Regards,
Chan Min Wai
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFCJ93gV0p9slMZLW4RAs1zAJ9ehQOsDI7GAUguF07m5ZOYQi164ACg6FVd
GstZE/eQsqQsXnxbPkrn
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello All,
I'm using the default sql.conf for the Acount start/stop information
that will be inserted into the SQL database.
however I found some of the info was inserted into the SQL server.
E.g
NASPortType (I've sure the request have this)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dustin Doris wrote:
On Mon, 28 Feb 2005, Chan Min Wai wrote:
Greeting,
For example, if you did
exec test {
wait = yes
program = /pathto/somefile
input_pairs = request
output_pairs = reply
packet_type = Access-Accept
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chan Min Wai wrote:
Dustin Doris wrote:
the variable for this script is
1) the NAS ip (the dhcp object class)
2) the Client MAC address
3) the ip address from ippool
4) the subnet from the ippool
Strange ... I've it solved by this way...
exec
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greeting All,
I'm having a problem of this Simultaneous lockup the users when one of
the NAS was power down (without any logout session)
All the users will seem to be login for freeradius.
I think this was in the documentaion but can't find that.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kostas Kalevras wrote:
On Mon, 28 Feb 2005, Chan Min Wai wrote:
Greeting,
I wonder if there is anyway to do something like that.
Insert into the radacct DB with the Group is equal to something.
Not directly but you can send back a Class
Vladimir wrote:
I am trying to get 802.1x authentication going for wired clients on our
LAN. I have been successul in using local password database to
authenticate 802.1x users however I haven't been able to get it going
with LDAP. Version of FreeRadius is Debian packaged 1.0.1-2. These are
by the switch) , freeradius
will say that this users already login and then disconnect both and wait
for the new auth.
Is that normal?
Is there anyway to configure/make so that there is no disconnect in between?
Regards
Chan Min Wai
P.s Is there anyway to issue a reauth from the radius server
Greeting,
I wonder if there is anyway to do something like that.
Insert into the radacct DB with the Group is equal to something.
That can be insert into another DB also.
Regards,
Chan Min Wai
signature.asc
Description: OpenPGP digital signature
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rok Papez wrote:
Hello Chan Min Wai.
Dne etrtek 24 februar 2005 07:28 je Chan Min Wai napisal(a):
Anyone have a good documentation on this part?
I have some documentation (system set-up instructions). If it's
any good for you, you'll
at the time...
But Thank for the script, it seem to be the one that you are having is a
bit different.
Could you please tell me where do you get the patch?
Regards,
Chan Min Wai
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
zack musa wrote:
Hi
To anyone who tried radius with Nocat gateway.
In Nocat, there is a patch called RADIUS.pm that send
the details of accounting information to the radius
server. how ever, there is a problem where not all
attribute that we
)
But after doing the justification, I'm thinking about doing TTLS+PAP.
Anyone have any clue?
regards,
Chan Min Wai
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFCHXP6V0p9slMZLW4RAtL9AJwJo
...
After working on this Group, I'm thinking what is the real use of Group?
Define the default attribute/replyItem for certain services?
Regards,
Chan Min Wai
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
Seem to be something is missing somewhere.
I've follow the same way. But there is still no sight og LDAP-Group in
the log.
Below is the log.
Dustin Doris wrote:
ldap_howto.txt in the doc directory tells you how, not sure how outdated
that is by now, I will be rewriting it sometime this
to make it work and (the radiusGroupName) and
am I doing a right jobs using it to disable the unpaid users?
currently I'm using radiusprofileDN to disable them.
Regards,
Chan Min Wai
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Greeting,
I'm trying to setup a computer with the above configuration.
Anyone know about how to pass the NoCat Attribute of (Member) back to
the NoCat Gateway?
I've got this in the radtest
Vendor-32767-Attr-1 = 0x4d656d626572
Idle-Timeout = 300
Anyone know if I'm on the right
Alan DeKok wrote:
Chan Min Wai [EMAIL PROTECTED] wrote:
And IF I really insane and want to put an MD5 encrypted password for eap
usage in the LDAP, what kind of modification I'll be looking into and
which program would it be?
Openldap? freeradius LDAP module?
As was pointed out, EAP-TTLS
mind e.g: mschap, chap ...)
And IF I really insane and want to put an MD5 encrypted password for eap
usage in the LDAP, what kind of modification I'll be looking into and
which program would it be?
Openldap? freeradius LDAP module?
I don't mind to pay for the contribution somehow.
Regards,
Chan Min
Hello all,
The following are the info that I've got from the freeradius. 1.0.1 (on FC2)
The configuration is sure that eap is able to over cable (Wire) env.
I've no idea on EAP-TTLS.
Thank You I'll need some help.
rad_recv: Access-Request packet from host 192.168.0.151:1031, id=0,
length=226
Hello all,
The following are the info that I've got from the freeradius. 1.0.1 (on FC2)
The configuration is sure that eap is able to over cable (Wire) env.
I've no idea on EAP-TTLS.
Thank You I'll need some help.
rad_recv: Access-Request packet from host 192.168.0.151:1031, id=0,
length=226
Hello all,
According to this MIB.
http://www.ieee802.org/1/files/public/MIBs/802-1x-2001-mib.txt
I think that this OID 1.0.8802.1.1.1.1.1
to the checkrad for checking of Simultaneous Users.
However I'm noway near the languages that you are using...
Can someone help me somehow?
Regards,
Thank
however the password
transmission will be clear text.
Am I wrong in someway?
I'm currently using LDAP with EAP and would like to know if PAP will be
a better solution.
please clarify me.
Someone who had lost.
Chan Min Wai
Thank You
-
List info/subscribe/unsubscribe? See http
will get the one
that freeradius assign.
Nice idea? :)
Any Though.
Thank You
Chan Min Wai
signature.asc
Description: OpenPGP digital signature
Hello all,
Can I have a replicated mysql database?
E.g Instate of putting the accounting in one db, put it into another DB
on another server.
Regards
Thank You
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thor Spruyt wrote:
If you're not more specific about what you're trying to accomplish,
I'm afraid nobody can advise you.
Sorry I want to have the freeradius Accounting entry insert into 2
database at the same time.
Where the 1st DB is for log process and the 2nd DB is for some
calculation
Alan DeKok wrote:
Chan Min Wai (System Administrator) [EMAIL PROTECTED] wrote:
CLEAR text passwords are required for EAP-MD5. Crypt passwords will
NEVER work.
Anyway to make it work? somehow?
No. It's impossible.
I know this have been bugging you From Or since freeradius support LDAP
with the
crypt password?
Please and Thank You
the error message is as below:
rlm_eap_md5: User-Password is required for EAP-MD5 authentication
rlm_eap: Handler failed in EAP/md5
rlm_eap: Failed in EAP select
These are the log.
Thank You
Chan Min Wai
Sear All,
I'm not sure what is but the result using radtest and the result using switch
is different Below.
Can anyone tell me why?
I'm using LDAP (with {crypt} password)
And Freeradius 1.01 from the Fc2 update
Please Give me a hands... I require your help.
Using with a Swith
and wired to the
users client :)
That seems like an awful lot of effort, and an attempt to shoehorn
two solutions into one (not clearly defined) problem.
The problem is the ip address assignment from radius (ippool or Dhcpd
for the best control)
Regards,
Thank You
Chan Min Wai
Craig Huckabee wrote:
Paul Hampson wrote:
On Wed, Nov 03, 2004 at 07:04:09PM +0800, Chan Min Wai wrote:
I hope that radius server can talk to the DHCP server and tell the DHCP
server what ip address to be allocate...
Write a script in that adds the authenticated client's MAC address
Paul Hampson wrote:
On Wed, Nov 03, 2004 at 02:19:21PM +0800, Chan Min Wai wrote:
Dana Hudes wrote:
On Wed, 3 Nov 2004, Chan Min Wai wrote:
Go back to the defintion of RADIUS: Remote Authentication Dial-In User
System. Now think. How do dialup users connect? They use SLIP/PPP.
PPP has
Dana Hudes wrote:
On Wed, 3 Nov 2004, Chan Min Wai wrote:
So unless that, this Switch is smart enough to do a PPP connection and
only then this IP address will be able to be distribute by the switch to
the client.
What switch? Made by whom? What model?
It is a 24 Port 10/100 Switch by D
. and Alan Suggest to use a DHCP
server. My Question is, what is the use of ippool then?
What are their different?
My situation is that I want to assign Ip address to my client (which
using xp supplicant)
From my Switch (work as 802.11x client)
Regards,
Thank You
Chan Min Wai
--
This message has been
Dana Hudes wrote:
On Wed, 3 Nov 2004, Chan Min Wai wrote:
Go back to the defintion of RADIUS: Remote Authentication Dial-In User
System. Now think. How do dialup users connect? They use SLIP/PPP.
PPP has provision for sending the IP address info for the connection. It
is part
Hello all,
I wonder where can i get a dialer Or x1supllaction to do this jobs so
that it can work on EAPOL Or the ttls-EAPol with my dlink switch.
If anyone are willing to help me wrote it with some prices, I wouldn't
mind paying it.
Thank You
Chan Min Wai
--
This message has been
Hello all,
I'm not sure what to call about that program?
The program which will comminicate with the NAS to get an Ip address and auth with the
NAS radius.
Anyone know where can I find such a software. Pay or fre (will be nice).
Our NAS is actually a switch... so it is quite funny to do
information pass on?
Can anyone tell me where I was wrong?
Regards,
Thank You
Chan Min Wai
users.ldif
==
dn: uid=dcmwai, ou=People, dc=abc,dc=net
displayName: Chan Min Wai
givenName: Chan Min
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass
Daniel Eyholzer wrote:
Hi there
Im using 1.0.0-pre3 to authenticate users with ldap as backend. In the
LDAP-tree I have md5 passwords. When I configure the Network Access Server
to use PAP it works fine, but with CHAP it does not work. I have read that
CHAP can not be used with encryptet
I know there is some issue about that, Just want to know if it solved yet?
I'm on Fedora Core 2, freeradius version 0-0.9.3, I there any luck that
this have been solved?
Thank You
Chan Min Wai
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
66 matches
Mail list logo
