Hi,
Is it possible to set the timeout for the auth cookie used by the mod_radius
authentication module to 0; by Zero I mean no time, not infinite time?
Or, is there a way that I can clear the cookie on a failed login?
At present, if a user login fails the user has to close the browser and open
Hi,
You could try using Autz-Type. It is documented in the file Autz-Type in the
FreeRADIUS documentation.
-Sayantan.
Kolbjørn Barmen [EMAIL PROTECTED] 07/22/05 4:37 PM
On Wed, 20 Jul 2005, Mearl Danner wrote:
Might try downloading this and reading. It's very helpful.
Using attr_rewrite i can add reply-message to any packet.
But i want add Reply-Message only to the Access-Reject packet or use
different Reply-Message to Accept and Reject. How can i do it?
--
Russia, St. Petersburg
Quantum Communications
Valeriy V. Peshkov | [EMAIL PROTECTED]
+7 (812)
Hi,
Does freeradius proxy the Calling-Station-Id ?
I am sending a realm to another radius server that will record the mac
address of the users computer.
Effectivly locking the user login to the mac address.
It seems the Calling-Station-Id is not proxied to the main server.
Valeriy V. Peshkoff wrote:
Using attr_rewrite i can add reply-message to any packet.
But i want add Reply-Message only to the Access-Reject packet or use
different Reply-Message to Accept and Reject. How can i do it?
See http://www.freeradius.org/radiusd/doc/Post-Auth-Type
--
Nicolas
Hi Vladimir,
I've followed your write-up on FreeRADIUS and LDAP and configured my Windows
clients to use TTLS+PAP but I still get the same error as below:
rad_recv: Access-Request packet from host 192.168.84.11:2048, id=0,
length=125
User-Name = melvin
NAS-IP-Address =
Hi,
(snipp)
modcall[authorize]: module files returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type LDAP
auth: type LDAP
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for
Hi,
Does anyone knows if Linksys WRT54G wireless router
supports FreeRadius with EAP-TTLS?
cheers
melvin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Nicolas Baradakis пишет:
Valeriy V. Peshkoff wrote:
Using attr_rewrite i can add reply-message to any packet.
But i want add Reply-Message only to the Access-Reject packet or use
different Reply-Message to Accept and Reject. How can i do it?
See
Hello.
Is it possible to have the stripped username stored somewhere, even
if I set 'nostrip' for a realm in proxy.conf?
My setting is this, and this is the only problem I have left on my server:
01 I have a realm example.com, and this realm has 'nostrip' in it's
definition in proxy.conf
02 If
Valeriy V. Peshkoff wrote:
Can you help me giving example on how to do it?
I have this in radius.conf
post-auth {
Post-Auth-Type REJECT {
Reply-Message
}
}
When i create
attr_rewrite Reply-Message {
attribute = Reply-Message
# may be packet, reply, proxy, proxy_reply or config
Nicolas Baradakis пишет:
Valeriy V. Peshkoff wrote:
Can you help me giving example on how to do it?
I have this in radius.conf
post-auth {
Post-Auth-Type REJECT {
Reply-Message
}
}
When i create
attr_rewrite Reply-Message {
attribute = Reply-Message
# may be packet, reply, proxy,
Hiya,
I have a problem (as you can see in the output of radiusd -X)
I am using a VPN server, and I want it to authenticate to my
/etc/samba/smbpasswd file. Somehow it seems to me it gets the
password from the radiusclient but then it gives the cryptical
option: no User-Password attribute in
Erling Paulsen wrote:
Is it possible to have the stripped username stored somewhere, even
if I set 'nostrip' for a realm in proxy.conf?
You can create the attribute Stripped-User-Name with an other module
than rlm_realm. For example, you could have in radiusd.conf:
modules {
Valeriy V. Peshkoff wrote:
But why developer doesn't do equal things for ACCEPT =)
Post-Auth-Type ACCEPT {
Reply-Message-Accept
}
Doesn't work
If I understand correctly what you are trying to do, it should be
written like this:
post-auth {
Reply-Message-Accept
Nicolas Baradakis пишет:
Valeriy V. Peshkoff wrote:
But why developer doesn't do equal things for ACCEPT =)
Post-Auth-Type ACCEPT {
Reply-Message-Accept
}
Doesn't work
If I understand correctly what you are trying to do, it should be
written like this:
post-auth {
I am trying to get a l2tpns server to authenticate to freeradius that
takes it's userbase from windows 2003 active directory. Are you
saying then that there is no way for me to use ldap as my user store?
On 7/26/05, Alan DeKok [EMAIL PROTECTED] wrote:
Tim P [EMAIL PROTECTED] wrote:
I am
melvin wrote:
Does anyone knows if Linksys WRT54G wireless router supports
FreeRadius with EAP-TTLS?
Yes it does. It supports both EAP-TTLS and PEAP.
Vladimir
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
melvin wrote:
rad_recv: Access-Request packet from host 192.168.84.11:2048, id=0,
length=125
User-Name = melvin
NAS-IP-Address = 192.168.84.11
Called-Station-Id = 000f66005feb
Calling-Station-Id = 0012f075e7b3
NAS-Identifier = 000f66005feb
NAS-Port =
Palmer J.D.F. [EMAIL PROTECTED] wrote:
Is it possible to set the timeout for the auth cookie used by the mod_radius
authentication module to 0; by Zero I mean no time, not infinite time?
You mean re-authenticate for every request? That would require
source code changes.
Or, is there a way
shane [EMAIL PROTECTED] wrote:
Does freeradius proxy the Calling-Station-Id ?
It proxies everything the NAS sends it.
It seems the Calling-Station-Id is not proxied to the main server.
Is the NAS sending that attribute to FreeRADIUS?
The default configuration is to proxy everything.
Ramses van Pinxteren [EMAIL PROTECTED] wrote:
i hope that someone has time to help a stupid dutchman ;)
Hmm... I resemble that remark.
Module: Loaded passwd
passwd: filename = /etc/samba/smbpasswd
passwd: format =
*User-Name::LM-Password:NT-Password:SMB-Account-CTRL-TEXT::
passwd:
Tim P [EMAIL PROTECTED] wrote:
I am trying to get a l2tpns server to authenticate to freeradius that
takes it's userbase from windows 2003 active directory. Are you
saying then that there is no way for me to use ldap as my user store?
What part of my response was unclear?
Alan DeKok.
-
It sounded to me like you were saying I will never get radius to
authenticate vs my ldap directory.
Anyway I fixed the problem and now authenticate. I needed to change
that users file to use LDAP as the DEFAULT Auth-Type and it now
authenticates. I now have to figure out a L2TPNS problem I am
Hi,
Our wireless network currently authenticates and authorizes users via
freeradius 0.8.1 with a custom module that talks to custom
authentication and authorization servers.
I'm upgrading the server side to freeradius 1.0.4. At the same time,
the people who run the wireless network are
The servers (MYSQL and FREERADIUS)are running. The configuration
works when I run it in debug.
Then I issue the /etc/init.d/radiusd start command and get a
OK back but then I can not connect to mysql
Jamie Chitester
Information Technology
Department Manager
City Light Gas
Water
Hi,
I have a problem with Freeradius returning Colubris-AVPairs. I have a CN3300
(Colubris AP) set up to authenticate from my radius server (FR), which in turn
passes it information such as login pages, access lists, etc. All these
attributes are defined in my radgroupreply table (3 in all), which
Hi all,
I am a complete newbie with radius. I have try to configure freeradius on
fedora core 3 to authenticates against unix password /etc/passwd,
/etc/shadow, but seem to be fail until now.. can any want pls guide me
though this.. Besides, pls advice me if i doing anything wrong.
My
On Wed, Jul 27, 2005 at 03:07:00PM -0400, Andrey wrote:
When I attempt to authenticate the AP, the Access-Accept response has only the
first Colubris-AVPair, whichever it might be (i've tried different orders).
Is there any reason for this kind of behaviour? Do attributes have to have
unique
Hi,
BAD PASSWORD: it is based on a dictionary word
I hope you dont let folk SSH into this box :-)
[EMAIL PROTECTED] ~]# radtest dummy testing localhost:1812 1 testing123
Sending Access-Request of id 251 to 127.0.0.1:1812
User-Name = dummy
User-Password = testing
Ok. I am trying to figure out how to disconnect a user, or to tell the
radius server to send a disconnect packet to the NAS for a specific
user. This is the command I am using:
echo User-Name = nickwhite | radclient 192.168.1.1 disconnect mysecret -x
This is the debug output from the radius
N White [EMAIL PROTECTED] wrote:
Ok. I am trying to figure out how to disconnect a user, or to tell the
radius server to send a disconnect packet to the NAS for a specific
user. This is the command I am using:
echo User-Name = nickwhite | radclient 192.168.1.1 disconnect mysecret -x
Is
Hello i have a Problem with the Proxim AP700 to get a Unique Session ID or
AcctUniqueId
There only MAC Authentication. Has anyone Experience with the AP-700. To
avoidance that more than one record for a session in the radacct-table i
have made Username and AcctUniqueID Unique.
The Problem is
Alan DeKok wrote:
N White [EMAIL PROTECTED] wrote:
Ok. I am trying to figure out how to disconnect a user, or to tell the
radius server to send a disconnect packet to the NAS for a specific
user. This is the command I am using:
echo User-Name = nickwhite | radclient 192.168.1.1
Thanks for pointing in the right direction with rlm_sqlcounter. I think I
have it working correctly, but I am not seeing how the following situation
can be accounted for.
The Max-All-Session attribute is working great if I want to allow a user to
buy a block of time and they can use it in
N White wrote:
Alan DeKok wrote:
N White [EMAIL PROTECTED] wrote:
Ok. I am trying to figure out how to disconnect a user, or to tell
the radius server to send a disconnect packet to the NAS for a
specific user. This is the command I am using:
echo User-Name = nickwhite | radclient
Yes 192.168.1.1 is the NAS. I thought that's what radclient did - told
the RADIUS server to send a disconnect to the NAS that the client(user)
is connected to. I've tried sending the disconnect to the
NAS(Portmaster). Any particular port?
Not sure about Portmaster, but the general
Will Carter [EMAIL PROTECTED] wrote:
The Max-All-Session attribute is working great if I want to allow a user to
buy a block of time and they can use it in increments. But say I want a user
to be able to buy a block of time that will expire at a certain time
regardless of how long they spend
3. Re: Access-Reject packet from host 127.0.0.1:1812
--
Message: 3
Date: Wed, 27 Jul 2005 21:34:01 +0100
From: [EMAIL PROTECTED]
Subject: Re: Access-Reject packet from host 127.0.0.1:1812
To: FreeRadius users mailing list
3. Re: Access-Reject packet from host 127.0.0.1:1812
--
Message: 3
Date: Wed, 27 Jul 2005 21:34:01 +0100
From: [EMAIL PROTECTED]
Subject: Re: Access-Reject packet from host 127.0.0.1:1812
To: FreeRadius users mailing list
Hello,
I am a very frustrated free radius user at this point. Its
most likely my brain not working right but here is my problem
I have a free radius server that does authentication for our
slipstream accelerator. The accelerator passes an attribute to the radius
server and identifies
41 matches
Mail list logo