Thanks for your advices! It works fine now.
I was using an older version(1.0.1) of radius before and ttls with
mschapV2 authentication seemed to go fine, even if I was using ==
operator instead of :=
Anyway, it is ok now. Thanks again
Phil Mayers wrote:
Cristian Novac wrote:
Could someone
Hi!
Thanks, You're right, unlang is a powerful tool. I just finished reading
it's man page. it has very interesting features. (accessing run-time
The suggested way of working with this software is
1. read the man page and other documentation
2. ask the mailing list
3. modify source code
Your
Hello everyone,
Is Freeradius able to send Change of Authorization Messages and Disconnect
messages (RFC 3576)
According to http://www.freeradius.org/features/ Freeradius supports RFC
3576.
According to this http://wiki.freeradius.org/RFC: Freeradius does not
support RFC 3576.
I can't find any
Bhavin,
on 04/11/2008 05:32 AM patel bhavin said the following:
Hi,
I have installed radius server but when i enter radius -X. It shows the
following error.
radiusd: Opening IP addresses and Ports
listen {
type = auth
ipaddr = *
port = 0
ERROR: Failed to
could someone tell me what effect has the following line from the users
file if matched:
DEFAULT Auth-Type = Local
and what's the difference between this line and this one:
DEFAULT Auth-Type := Local
Thank you!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
vmx vmx wrote:
Hello everyone,
Is Freeradius able to send Change of Authorization Messages and
Disconnect messages (RFC 3576)
According to http://www.freeradius.org/features/ Freeradius supports
RFC 3576.
According to this http://wiki.freeradius.org/RFC: Freeradius does not
support RFC
I will be out of the office starting 04/11/2008 and will not return until
04/14/2008.
Thank you and have a nice day,
Dan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hi,
client using PEAP? how have you stored the password
and what type of password are you trying to use?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Is there a way of using either rlm_sql_log or the post-auth query within
rlm_sql to log all the request and/or reply attributes to mysql ?
as part of our PERL bit of handling we spew out all of the attributes to
a debug log when we want ('if file exists' logic to turn it off and on)
you
Hi,
Hello everyone,
i want to use freeradius as a proxy for other radius-systems.
In my environment, i have two backend radius systems for the authentication
of the users.
the freeradiusserver must decide which packets he will send to which system.
the only difference between the
AnyOne?
Error: Rejecting request 20696 due to lack of any response from home server
X.X.X.X port 1646
Error: Ignoring request from unknown home server X.X.X.X port 1646
How I can fix that ?
banga wrote:
Hello All.
I Use freeradius 2.0.3 only for accounting purpose.
More than that, I
banga wrote:
AnyOne?
Error: Rejecting request 20696 due to lack of any response from home server
X.X.X.X port 1646
Error: Ignoring request from unknown home server X.X.X.X port 1646
How I can fix that ?
I think what's happening is that the home server is sending the
response from the
Cristian Novac wrote:
could someone tell me what effect has the following line from the users
file if matched:
DEFAULT Auth-Type = Local
and what's the difference between this line and this one:
DEFAULT Auth-Type := Local
$ man users
There *is* documentation.
Alan DeKok.
-
List
Julien Leloup wrote:
The same configuration, in FreeRadius 2.0.1 worked fine, but when I
recompiled Perl 5.8.8 with IThreads support, I also upgraded FreeRadius
in 2.0.3 and now I'm going through an error, only when the home server
is not alive, or not responding :
Grab the latest CVS. It
Alan DeKok wrote:
Arran Cudbard-Bell wrote:
FreeRADIUS does not currently support 3575, it's on the development
roadmap. When support is added to the server core it will only be for
*proxying* CoA messages not generating them. You can generate your own
CoA messages using the radius client
Hi,
Hi,
After a brief review of the logic, i managed to get it working. My
apologies for the trouble and thank you for your time.
rlm_perl related question once again:
When performing credential based Auth, how could I simply fall-though
to the next check when there isn't a match.
Arran Cudbard-Bell wrote:
Ok just the asynchronous nature of CoA requests... It's not really the
servers job to process feedback from the various SNMP probes, IDS's , or
track changes in the authorisation of users or their equipment.
Yes. That's what proxying is for.
I guess I can see
Fabio Pedretti wrote:
It appears that this error is get when users are not already on the
machine.
Yes, it's a PAM problem.
The libpam-radius-auth plugin is powerful but has the limit that users
have to be previously created on the machine and this is not practical
when you have thousand
NAS-Identifier is not stored in radacct by default. But you can add it to
or replace NAS-IP-Address with it in radacct table and accounting
queries.
radacct is used for - accounting. You need to put NAS-Identifier check in
radcheck to stop users from connecting from other APs. You can a script
at
Arran Cudbard-Bell wrote:
FreeRADIUS does not currently support 3575, it's on the development
roadmap. When support is added to the server core it will only be for
*proxying* CoA messages not generating them. You can generate your own
CoA messages using the radius client bundled with the
What I can say ..
[EMAIL PROTECTED]:/var/log/radius# tcpdump -i eth0 host X.X.X.X
12:38:19.725549 IP aaa.copy.net.1094 X.X.X.X.1646: RADIUS, Accounting Request
(4), id: 0xca length: 387
12:38:19.725660 IP aaa.copy.net.1094 X.X.X.X.1646: RADIUS, Accounting Request
(4), id: 0xa8 length: 589
Ivan Popov wrote:
What I can say ..
[EMAIL PROTECTED]:/var/log/radius mailto:[EMAIL PROTECTED]:/var/log/radius#
tcpdump -i
eth0 host X.X.X.X
sigh While this is interesting, you were asked for debugging output.
Is It correct? I thing it should be between port 1813 and 1646 ...
The
Hello
Debug is difficult because of Segmentation Fault.
I will try to rebuild radius (in the night) with last patch , that you already
provide.
Is It something wrong whth my configuration?
I decide to disable all nonused modules. Maybe I disable something major?
[EMAIL PROTECTED] radiusd -X
http://wiki.freeradius.org/Operators
Ivan Kalik
Kalik Informatika ISP
Dana 11/4/2008, Cristian Novac [EMAIL PROTECTED]
piše:
could someone tell me what effect has the following line from the users
file if matched:
DEFAULT Auth-Type = Local
and what's the difference between this line and this
Vikash Badal wrote:
Once I set up the server to proxy, the following issue occured.
...
Thu Apr 10 06:49:06 2008 : Error: Rejecting request 31 due to lack of
any response from home server 196.26.56.8 port 1646
Thu Apr 10 06:49:06 2008 : Debug: Finished request 31.
Thu Apr 10 06:49:06 2008 :
Hi,
P.S
On website
http://www.freeradius.org/getting.html
Link to daily snapshot not work.
ftp://ftp.freeradius.org/pub/radius/CVS-snapshots/
just grab the CVS directly as per the info on
http://www.freeradius.org/download.html
then it wont be as stale - the FTP snapshots may be
up to
Alan DeKok wrote:
Arran Cudbard-Bell wrote:
Ok just the asynchronous nature of CoA requests... It's not really the
servers job to process feedback from the various SNMP probes, IDS's , or
track changes in the authorisation of users or their equipment.
Yes. That's what proxying is
Arran Cudbard-Bell wrote:
Ok take eduroam for example. A change in user authorisation at their
home site may result in the generation of a CoA request for the user to
be disconnected at the remote site, this would be proxied by the remote
sites RADIUS server. That same server may also wish to
Hello!
How can I delete a attribute in request via unlang code?
Michael
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mikhail Novikov wrote:
Hello!
How can I delete a attribute in request via unlang code?
$ man unlang
Look for remove
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_ldap: reading ldap-radius mappings from file /etc/raddb/ldap.attrmap
Hello,
I want to receive as Reply-Message carLicense value. When I debug a
radiusd session I can see the erro mentionned below (line marked by a
star). Have you an idea to eliminate this ?
rlm_ldap: reading
Remove this:
rlm_ldap: LDAP carLicense mapped to RADIUS $GENERIC$
and add it as a replyItem mapping for Reply-Message.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
It appears that the LDAP module in 2.0.3 is not setting the Ldap-UserDn in
a way that is available for further analysis. The problem shows up when
using edir_account_policy_check = yes and also when evaluating
Ldap-UserDn with unlang or from other modules as described below in my
previous post.
On Tue, 2008-04-08 at 10:14 +0100, John Horne wrote:
On Tue, 2008-04-08 at 08:18 +0200, Alan DeKok wrote:
John Horne wrote:
It seems that radiusd doesn't like the NULL realm after the DEFAULT. I
swapped these two around, and radiusd started up fine.
? I can start up the server
Ivan Popov wrote:
Debug is difficult because of Segmentation Fault.
doc/bugs
Is It something wrong whth my configuration?
I decide to disable all nonused modules. Maybe I disable something major?
I don't think so. This should work, and it works in my tests.
Alan DeKok.
-
List
Hi,
No one has any ideas or suggestions? If I can solve this issue I will
have a 'perfect' freeradius installation. And FYI I upgraded my server
to a dual core 2BG of RAM and still the same issue resides.
radutmp issueS? what are you using to make sessions unique? perhaps
they are not unique
hi,
I wonder how many of you have needed to change the
postgres schema for radacct table - the default
value of VARCHAR(32) for the AcctSessionId seems
to be very low - our user-names are often that long
by themselves! (domain and full path when using
machine auth for example) I've submitted a
hi,
any reason why the NAS schema is not part of the
database schema? nas.sql and schema.sql rather
than just schema.sql?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks for the reply. However, these are Internet customers coming from
DSL or Dial up. I assume the Cisco and portmasters are sending unique
session IDs.
I will try creating a session timeout of 2 days, then create a script
for updating the accounting stop time.
Thanks all.
-Original
I'm using a PEAP-Mschapv2 autentication with freeradius.
When a client wants to autenticate for the first time, windows askes for
the credentials where you must put your user name and password.
When this client wants to autenticate for the second time, windows
doesn't ask his credentials (user
[EMAIL PROTECTED] wrote:
any reason why the NAS schema is not part of the
database schema? nas.sql and schema.sql rather
than just schema.sql?
The schema.sql file is for the normal dialup/ISP/policy management.
The IP pool, NAS, etc. schemas are all in separate files.
Alan DeKok.
-
Hi,
I'm using a PEAP-Mschapv2 autentication with freeradius.
When a client wants to autenticate for the first time, windows askes for
the credentials where you must put your user name and password.
When this client wants to autenticate for the second time, windows doesn't
ask his
Hi,
The schema.sql file is for the normal dialup/ISP/policy management.
The IP pool, NAS, etc. schemas are all in separate files.
ah! would it be best to have them in one and get people
to drop the tables they dont want?
alan
-
List info/subscribe/unsubscribe? See
[EMAIL PROTECTED] wrote:
ah! would it be best to have them in one and get people
to drop the tables they dont want?
I don't think so. It may be easier to have an SQL bootstrap script
that creates the appropriate tables, based on a couple of questions.
Alan DeKok.
-
List
Hello,
I'm trying to get 802.1x authentication going using PEAP/MS-CHAPv2 but cant
quite get it going (I think I'm pretty cloise though) so I'm hoping someone
here can take a look at my debug output below and perhaps offer some helpful
advice. Here's the specifics: Ubuntu 7.10, freeRADIUS
Hi,
I had actually kept this email in my queue to implement
someday. Today is someday. But I have a question.
The config file contains IP addresses, which the nas.sql
doesn't. How do I sync up the format of the clients.conf with
the nas.sql?
client nas_shortname {
IP address (or DNS name) goes into nasname field.
Ivan Kalik
Kalik Informatika ISP
Dana 11/4/2008, Tuc at T-B-O-H.NET [EMAIL PROTECTED] piše:
Hi,
I had actually kept this email in my queue to implement
someday. Today is someday. But I have a question.
The config file contains
Hi,
I will have to consider the NAS-Identifier replacing NAS-IP-Address.
This is not for our use, this is at a customer site. I'm leary about using
a field for something other than its intention (Or adding a field that is
unexpected) due to the possibility of them installing a package
Hi,
If I choose DNS name, and I don't fully qualify it,
does it follow the standard BIND rules of using the domain
setting, or going down the search path?
Reason I'm trying to avoid the IP or the FQDN is that
I was hoping to use the nasname along with the secret in
the UAM
49 matches
Mail list logo
