Hi Aran, thanks for clarification through your response
If I understand your answer is that you are saying is that currently as is
freeRadius is using 64bits data types in some areas and not in others, am I
Right?. Also is it possible to allow free radius to validate traffic above
4GB?
Thanks /
Is there a way I could trim a variable (such as a password variable) within
a configuration file. I saw a few examples manipulating variables using
unlang here: http://freeradius.org/radiusd/man/unlang.html#lbAB but could
not find anything about trimming variables.
For example I have the
Hi,
Good you got it working. Just as a couple of points:
On Wed, Apr 17, 2013 at 02:16:25PM +1000, David Brodrick wrote:
I got there. I added authtype = PAP to the passwd module
There's no such option, so this is irrelevant.
configuration and then DEFAULT Auth-Type = PAP to users.
You
On Wed, Apr 17, 2013 at 11:45:33AM +0100, P. Manton wrote:
Is there a way I could trim a variable (such as a password variable) within
a configuration file. I saw a few examples manipulating variables using
unlang here: http://freeradius.org/radiusd/man/unlang.html#lbAB but could
not find
On 17/04/13 11:45, P. Manton wrote:
Is there a way I could trim a variable (such as a password variable)
within a configuration file. I saw a few examples manipulating variables
using unlang here: http://freeradius.org/radiusd/man/unlang.html#lbAB
but could not find anything about trimming
I am facing a issue that captive portial server is sending a auth request
which is not a EAP message and hence freeradius server is rejecting , it
goes to users file and found the last line Auth-Type: Reject
Anyone can point how to fix this ? I guess if captive portal send a eap
message , it
Hi,
Thanks - that was just was just what I was looking for, although I assume
something like the following would go into
/etc/freeradius/sites-enabled/default
authorize
{
...
ntlm_auth
{
if (User-Password =~ /^(.+)([0-9]{6})$/) {
update request {
On Wed, Apr 17, 2013 at 05:21:32PM +0530, Chitrang Srivastava wrote:
I am facing a issue that captive portial server is sending a auth request
which is not a EAP message and hence freeradius server is rejecting , it
goes to users file and found the last line Auth-Type: Reject
Anyone can
Hi,
Can you please revise your question and put it in better way, i am not
clear, do some more typing. if captive portal (NAS) is CoovaChilli, this
works for me.
HS_RAD_PROTO=pap
Thanks / Regards
On Wed, Apr 17, 2013 at 11:51 AM, Chitrang Srivastava
chitrang.srivast...@gmail.com wrote:
I
I am using LDAP server as datasource
Attaching logs
On Wed, Apr 17, 2013 at 5:58 PM, Russell Mike radius@gmail.com wrote:
Hi,
Can you please revise your question and put it in better way, i am not
clear, do some more typing. if captive portal (NAS) is CoovaChilli, this
works for me.
On 17/04/13 13:00, P. Manton wrote:
Although it complains in the debug (radiusd -XXX) about the following:
Wed Apr 17 12:47:23 2013 : Debug: including configuration file
/etc/freeradius/sites-enabled/default
Wed Apr 17 12:47:23 2013 : Error:
/etc/freeradius/sites-enabled/default[216]: Too
Hi,
Although it complains in the debug (radiusd -XXX) about the following:
Wed Apr 17 12:47:23 2013 : Debug: including configuration file
/etc/freeradius/sites-enabled/default
Wed Apr 17 12:47:23 2013 : Error:
/etc/freeradius/sites-enabled/default[216]: Too many closing
On 17.04.2013 14:32, Chitrang Srivastava wrote:
I am using LDAP server as datasource
Attaching logs
You're doing PAP against LDAP.
This is the ONLY situation where Auth-Type should be set to ldap
looking at modules/ldap, we have
#
# By default, if the packet contains a
Hi,
I am facing a issue that captive portial server is sending a auth request
which is not a EAP message and hence freeradius server is rejecting , it
goes to users file and found the last line Auth-Type: Reject
send output of 'radiusd -X' - things will be quite clear in that so we
hi,
from the output:
[ldap_secondary] rlm_ldap: performing user authorization for symbol
[ldap_secondary]expand: (sAMAccountName=%{Stripped-User-Name}) -
(sAMAccountName=symbol)
[ldap_secondary]expand: cn=Users,DC=MotorolaSymbol,dc=local -
cn=Users,DC=MotorolaSymbol,dc=local
OK, So I see there is a preprocess module that says you can manipulate
attributes:
# The preprocess module takes care of sanitizing some bizarre
# attributes in the request, and turning them into attributes
# which are more standard.
so I added the following:
if (User-Password =~
Thanks , I am trying to MSCHAPv2 (TTLS or PEAP ) or GTC with LDAP
I see that rlm_ldap.c will set Auth-Type as ldap based on set_auth_type
=yes and 3 other flags,
tried but it didn't worked ,
I will try from scratch
On Wed, Apr 17, 2013 at 6:24 PM, Olivier Beytrison oliv...@heliosnet.orgwrote:
P. Manton wrote:
OK, So I see there is a preprocess module that says you can manipulate
attributes:
# The preprocess module takes care of sanitizing some bizarre
# attributes in the request, and turning them into attributes
# which are more standard.
Yes. Quoting the configuration
On 17/04/13 14:25, P. Manton wrote:
OK, So I see there is a preprocess module that says you can manipulate
attributes:
# The preprocess module takes care of sanitizing some bizarre
# attributes in the request, and turning them into attributes
# which are more standard.
so I added the
On 17.04.2013 15:37, Chitrang Srivastava wrote:
Thanks , I am trying to MSCHAPv2 (TTLS or PEAP ) or GTC with LDAP
MSCHAPv2 with EAP-TTLS or PEAP will NOT work with LDAP. as explained
almost everywhere, and especially here :
http://deployingradius.com/documents/protocols/compatibility.html
You
Hi,
On Wed, Apr 17, 2013 at 02:25:36PM +0100, P. Manton wrote:
OK, So I see there is a preprocess module that says you can manipulate
attributes:
preprocess is irrelevant here.
# The preprocess module takes care of sanitizing some bizarre
# attributes in the request, and turning them into
On 17 Apr 2013, at 05:27, Russell Mike radius@gmail.com wrote:
Hi Aran, thanks for clarification through your response
If I understand your answer is that you are saying is that currently as is
freeRadius is using 64bits data types in some areas and not in others, am I
Right?. Also is
Dear Arrran,
Thanks you very(32) much. Thats what i wanted to know if it is not FR
limitation.
Regards / RM --
On Wed, Apr 17, 2013 at 2:13 PM, Arran Cudbard-Bell
a.cudba...@freeradius.org wrote:
On 17 Apr 2013, at 05:27, Russell Mike radius@gmail.com wrote:
Hi Aran, thanks for
Russell Mike wrote:
Thanks you very(32) much. Thats what i wanted to know if it is not FR
limitation.
It is a limitation of the RADIUS protocol. Integers are 32-bits.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
But its working fine with wifi authentication ( I am using ntlm auth for
MSCHAPv2 with LDAP) only issue is with when request come from captive
portal ..I needto see why PAP request comes
On Wed, Apr 17, 2013 at 7:28 PM, Olivier Beytrison oliv...@heliosnet.orgwrote:
On 17.04.2013 15:37,
Hi everybody,
Are there any problem known about FreeRADIUS use with InnoDB as engine of
MySQL?
I know that FreeRADIUS has been developed for using MyISAM as engine but I
think that could improve FreeRADIUS' performance.
Any ideas?
Thanks everybody.
Best regards,
Antonio Fernández.
-
List
Hi,
Are there any problem known about FreeRADIUS use with InnoDB as engine of
MySQL?
not that I am aware of. I used InnoDB with MySQL and FreeRADIUS for a couple
of years until I got so fed up of spending my time trying to optimise the DB
to its maximum nth degree that I just moved
On 17 Apr 2013, at 11:14, Antonio Fernández Pérez
antoniofernan...@fabergames.com wrote:
Hi everybody,
Are there any problem known about FreeRADIUS use with InnoDB as engine of
MySQL?
I know that FreeRADIUS has been developed for using MyISAM as engine but I
think that could improve
Good morning,
Thanks to everyone for their interesting suggestions.
The one that I found the most intuitive was to define some logical groups for
our NAS's in huntgroups and then reference those in the users file.
Something is missing though as IDLE-TIMEOUT is not being handed out as I would
Hi,
STDOUT shows that I am being handed the IDLE-TIMEOUT of 1800 even though I am
coming from the LAB Node with IP of 192.168.0.15
The user (me) does have an IDLE-TIMEOUT set in my user section of 1800 but I
thought the above lines would set it and because the IDLE-TIMEOUT in my user
Ok... I feel as though I am trying to solve a riddle here.
I thought that may be the case but!
I removed the IDLE-TIMEOUT entry from my user stanza and the NAS then rejected
me I think that was because no IDLE-TIMEOUT was being sent at all from the
server to the client
?!
More pieces to the puzzle... so I have been staring at the output from radiusd
-X.
I don't see the huntgroups config file being loaded... is this, perhaps, part
of the problem? The permissions on the disk look good to me.
[root@gofish raddb]# radiusd -X
FreeRADIUS Version 2.1.12, for host
Hi,
On Wed, Apr 17, 2013 at 12:32:32PM -0500, John Giordano wrote:
So in huntgroups I have:
### RADIUS HUNTGROUP TEST - jg ###
MSP7345 NAS-IP-Address =~ /^10\.99\.3\./
SNJ7000 NAS-IP-Address =~ /^10\.3\.99\./
LAB7000 NAS-IP-Address =~ /^192\.168\.0./
Testing it here, I'm not
On 17 Apr 2013, at 14:38, John Giordano john.giord...@ttmi.us wrote:
More pieces to the puzzle... so I have been staring at the output from
radiusd -X.
I don't see the huntgroups config file being loaded... is this, perhaps, part
of the problem? The permissions on the disk look good to
Hi,
On Wed, Apr 17, 2013 at 08:38:36PM +0100, Matthew Newton wrote:
On Wed, Apr 17, 2013 at 12:32:32PM -0500, John Giordano wrote:
So in huntgroups I have:
### RADIUS HUNTGROUP TEST - jg ###
MSP7345 NAS-IP-Address =~ /^10\.99\.3\./
SNJ7000 NAS-IP-Address =~ /^10\.3\.99\./
Use any one of the clients.conf methods that were mentioned yesterday with some
unlang and this would be working already. I seem to recall that huntgroups
might be going the way if the dodo(?) It doesn't do regex methods because its
older... pre 1.0 code
alan
-
List
Hi all,
We are very appreciative of the community's support of FreeRADIUS.
So Michael, I did add the line to sites-enabled/default as u suggested
And now the debug output is showing:
++[preprocess] returns ok
++? if (%{Huntgroup-Name})
expand: %{Huntgroup-Name} - LAB7000
? Evaluating
Yeehaw!
And *Matthew* (sorry about getting your name wrong in the last email):
The new REGEXP is working as such:
Login OK: [xx] (from client Seattle port 0)
# Executing section post-auth from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec]
On Wed, Apr 17, 2013 at 03:58:12PM -0500, John Giordano wrote:
Yeehaw!
And *Matthew* (sorry about getting your name wrong in the last email):
np
The new REGEXP is working as such:
Great.
Don't forget to strip the debugging if() out of
sites-enabled/default
Matthew
Login OK: [xx]
Hi,
I came across an attribute called Profile-Name, with an encoding of
1039 (string), from an old Merit RADIUS dictionary. I see this isn't
defined in the v2.2 FreeRADIUS internal dictionary, though there is a
gap in the numbering where it would be. If I understand it correctly,
it looks
John Center wrote:
Hi,
I came across an attribute called Profile-Name, with an encoding of
1039 (string), from an old Merit RADIUS dictionary.
This means it's *not* a RADIUS attribute.
i.e. it can't ever go into a RADIUS packet.
I see this isn't
defined in the v2.2 FreeRADIUS
On Wed, Apr 17, 2013 at 05:04:11PM -0400, John Center wrote:
it correctly, it looks like one could have a profiles file with
individual named profiles defined containing NAS-specific text that
would be sent back to the NAS as is upon successful authentication.
Is anything like this still
Quite right! Thanks for simplifying this for me Matthew.
Cheers,
Dave
Matthew Newton wrote:
Hi,
Good you got it working. Just as a couple of points:
On Wed, Apr 17, 2013 at 02:16:25PM +1000, David Brodrick wrote:
I got there. I added authtype = PAP to the passwd module
Hi everybody.
I'm using freeradius to log many wireless user, It works great.
I have a MySQL table working with freeradius, and I use some SQL_counters
to control the timeup of my users (based on the raddacct table of the
database); everything work great, but I only have a problem:
Using a
I think I may be doing something wrong but perhaps it is working as
designed.
When I setup the post-auth policy to send a update disconnect it works fine
if the response is an access accept. But if I update the control to access
reject the disconnect module gives me a noop.
Is this supposed to
45 matches
Mail list logo