On Tue, 22 Aug 2006, Alan DeKok wrote:
|->Keith Woodworth <[EMAIL PROTECTED]> wrote:
|->> One of the things I did try was add PAP to the authorize section, but
|->> radius failed to start when I did that.
|->
|-> And the error message was...?
Had to put this project a side for the last 2 weeks.
We have multiple remote sites each with it's own NAS, each NAS search
for users in multiple LDAP contexts. Each NAS (read: site) has one or
more "primary" contexts, which I like to search first before looking
in all others (roaming users). At this time search order is based on
the order of LDAP mo
Thank you Gef that pointed me in the right direction. What I still had
to figure out was that the "check-item" variable is an extra row in the
radcheck table and that the operator has to be "==".
Kind regards,
Eugene
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
org
Ah. It looks like Chillispot doesn't do EAP.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
Now I have removed the RadiusFilterID (radius packet 11) attribute,but
chilli still receive this :
chillispot[22760]: chi
Hi Alan
Thanks for your help.
Best RegardsOn 9/7/06, Alan DeKok <[EMAIL PROTECTED]> wrote:
"Ali Majdzadeh" <[EMAIL PROTECTED]> wrote:> Is it possible to catch Multiple-valued attributes through a C program?> I can fetch, for example, User-Name attribute by calling USER_NAME = getenv
> (USER_NAME);
On Thu 07 Sep 2006 15:07, Alan DeKok wrote:
> Kostas Kalevras <[EMAIL PROTECTED]> wrote:
> > Just a side note on the clone packets issue i ve come across it in
> > another situation. We act as a proxy for various ISPs and we need to
> > have a way to replicate accounting-on/off packets (which obvio
Josh <[EMAIL PROTECTED]> wrote:
> I'm actually running Funk (Juniper) Steel-Belted
> Radius on the windows box. I'm working out issues
> with the user profiles on that box... I was hoping to
> let freeradius take care of who had access to proxy
> (if possible).
"man rlm_passwd"
Put the user
Hi,
> We did try your suggestion before posting back and you can enter any
> pasword and it will accept it. We tried it again and here is the output:
>
> rad_recv: Access-Request packet from host 192.168.1.1:1224, id=1, length=84
> User-Name = "[EMAIL PROTECTED]"
> User-Password =
Hi,
I just looked at it in 1.1.3. I found the same behaviour you noted,
when the script had not the execute permission. If you put the
equivalent into an exec stanza in the main config file, that does
loudly complain about not being able to run the script and then denies
access therefore. After f
Justin Church <[EMAIL PROTECTED]> wrote:
> How would the proxy.conf work? Would you define N identical realms with
> different remote servers, and the 1-N proxy server would replicate to
> the first N matches it finds in proxy.conf?
That's an option.
I'm open to suggestions as to how to co
Thanks for your suggestion...
I'm actually running Funk (Juniper) Steel-Belted
Radius on the windows box. I'm working out issues
with the user profiles on that box... I was hoping to
let freeradius take care of who had access to proxy
(if possible).
Any other possibilities?
--- Josh Howlett <
relists <[EMAIL PROTECTED]> wrote:
> We did try your suggestion before posting back and you can enter any
> pasword and it will accept it. We tried it again and here is the output:
Yes... because your "Exec-Program-Wait" script is supposed to do the
authentication. It is accepting the user wit
Shankar Ganesh C <[EMAIL PROTECTED]> wrote:
> Below is the code i am trying in the exec-program-wait
>
> putenv("Calling-Station-ID=10")
That is not the documented way to send attributes back to the server.
See scripts/exec-program-wait
> I am trying to set the accounting response packets w
Alan DeKok wrote:
Kostas Kalevras <[EMAIL PROTECTED]> wrote:
Just a side note on the clone packets issue i ve come across it in
another situation. We act as a proxy for various ISPs and we need to
have a way to replicate accounting-on/off packets (which obviously
don't carry a [EMAIL PROTECTED]
Alan DeKok wrote:
relists <[EMAIL PROTECTED]> wrote:
The problem with your suggestion is that you can enter the wrong
password and it will still authenticate you. We need this to obviously
accept when the password is correct and reject when the password is
incorrect.
Really? I t
Cool, I'll have to take a closer look at Method 2.On 9/7/06, Rob Shepherd <[EMAIL PROTECTED]> wrote:
Peter Nixon wrote:>> Thanks for doing this, however there is already a Solaris section on
> the "Build" page of the wiki at:My Bad!>> http://wiki.freeradius.org/index.php/Build#Building_on_Solaris_1
Easier - create a policy in IAS to only authorise the users you want.
josh.
Josh wrote:
I have a VPN appliance authenticating users (~20
users) against my freeradius server. I have another
radius server running on a windows box authenticating
users on local and trusted domains (250+ users). F
Hi
All,
I am trying to set
values for more than one attributes in the exec-program-wait for accounting
start packets.
Below is the code i
am trying in the exec-program-wait
putenv("Calling-Station-ID=10")
putenv("Called-Station-ID=50")
Putenv("Acct-Session-ID="20")
return
0;
I have
"Giuseppina Venezia" <[EMAIL PROTECTED]> wrote:
> I've update freeradius version, when i connect a client in WPA mode,
> chillispot give no error (but it can't authenticate however), when i
> connect a client in WPA2 mode, chillispot returns me the same error,
> whitout authenticate. I think that t
"Ali Majdzadeh" <[EMAIL PROTECTED]> wrote:
> Is it possible to catch Multiple-valued attributes through a C program?
> I can fetch, for example, User-Name attribute by calling USER_NAME = getenv
> (USER_NAME);
> but how should I fetch something like Cisco-AVPair?
You don't. You write a module in
Kostas Kalevras <[EMAIL PROTECTED]> wrote:
> Just a side note on the clone packets issue i ve come across it in
> another situation. We act as a proxy for various ISPs and we need to
> have a way to replicate accounting-on/off packets (which obviously
> don't carry a [EMAIL PROTECTED] attribute) to
Muthu <[EMAIL PROTECTED]> wrote:
> I was trying to use PAM authentication with freeradius for Win XP client
> (PEAP).
PAM works only for clear-text passwords. I'll update the
compatibility matrix on my web site.
Alan DeKok.
--
http://deployingradius.com - The web site of the bo
relists <[EMAIL PROTECTED]> wrote:
> The problem with your suggestion is that you can enter the wrong
> password and it will still authenticate you. We need this to obviously
> accept when the password is correct and reject when the password is
> incorrect.
Really? I thought I understood how
I have a VPN appliance authenticating users (~20
users) against my freeradius server. I have another
radius server running on a windows box authenticating
users on local and trusted domains (250+ users). For
technical reasons I can't point the VPN appliance to
the windows radius server. However,
Ah sorry,By the way, in the C code, please change Cisco-AVPair to CISCO_AVPAIR. This is the transformation which freeradius makes with regard to its environment variables and you should take care of the issue in your shell scripts or C code.
Best RegardsAliOn 9/7/06, Ali Majdzadeh <[EMAIL PROTECTED
Hi FonciThanks for your attention.I consulted the freeradius documentation about the problem.They have mentioned that the AV pairs which contain multiple values are maintained using arrays. These arrays are available in, for example, shell scripts:
example:%{Cisco-AVPair[0]} references the value of
Hi,
You can view what is done in the Debian/rules file
Yupp, it works now! My mistake was to use the little bit broken 1.1.0
deb package a few months ago. Source-Build didn't work. If I take the
sources of the official tar.gz I can build now all without problems
under unstable.
Great. Don
Hello,
> I was trying to use PAM authentication with freeradius for Win XP
> client (PEAP). I was getting error in the tls section. I posted to
> freeradius userlist. I got the reply as below. Is this right?. If not, Can
> I use LDAP+PEAP+freeradius.
Yes, the info was right. But _still_, you
Hai,
Thanks for your reply.
I was trying to use PAM authentication with freeradius for Win XP client
(PEAP). I was getting error in the tls section. I posted to freeradius
userlist. I got the reply as below. Is this right?. If not, Can I use
LDAP+PEAP+freeradius.
==
Peter Nixon wrote:
Thanks for doing this, however there is already a Solaris section on
the "Build" page of the wiki at:
My Bad!
http://wiki.freeradius.org/index.php/Build#Building_on_Solaris_10
I think the info you have added should probably be rolled into that page
rather than starting
Hi Alan,
I've update freeradius version, when i connect a client in WPA mode,
chillispot give no error (but it can't authenticate however), when i
connect a client in WPA2 mode, chillispot returns me the same error,
whitout authenticate. I think that there is also an EAP problem.
Thanks in advance
Alan DeKok wrote:
relists <[EMAIL PROTECTED]> wrote:
The external script in XT Radius checks the username and password
against a postgres database and if username and password match it
returns the details for that user e.g. IP address, Framed-Address etc etc.
We are using the default xra
Hi Is it possible to catch Multiple-valued attributes through a C program?I can fetch, for example, User-Name attribute by calling USER_NAME = getenv (USER_NAME); but how should I fetch something like Cisco-AVPair?
Best RegardsAli
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/li
On Thu 07 Sep 2006 08:52, Rob Shepherd wrote:
> Rafiqul Ahsan wrote:
> > Thanks to Lin, Mercel, and Rob for your input. I am not sure about
> > Mercel's comment on value of AR, this has been set to false in the
> > Makefile at libltdl/ directory (where it actually fails). The question
> > is what v
Rafiqul Ahsan wrote:
Thanks to Lin, Mercel, and Rob for your input. I am not sure about
Mercel's comment on value of AR, this has been set to false in the
Makefile at libltdl/ directory (where it actually fails). The question
is what value should it be ?
Also, Rob - when I put the /usr/ccs/bi
On Thu 07 Sep 2006 08:05, Kostas Kalevras wrote:
> On Wed, 6 Sep 2006, Alan DeKok wrote:
> > Justin Church <[EMAIL PROTECTED]> wrote:
> >> OK. The patch worked, since I can now run radiusd -n radrelay w/o the
> >> Abort, but I still am not seeing a way to replicate to multiple
> >> accounting serv
Hi AlanI replied Geoffrey with all I knew about AV pairs expected by a Cisco VoIP gateway. But I have another problem.I am using rlm_example to develop a module to handle VoIP stuff.My question is, how should I pack and send those AV piars expected by the gateway?
For example, in example_authentica
On Wed, 6 Sep 2006, Alan DeKok wrote:
Justin Church <[EMAIL PROTECTED]> wrote:
OK. The patch worked, since I can now run radiusd -n radrelay w/o the
Abort, but I still am not seeing a way to replicate to multiple
accounting servers with radiusd -n radrelay.
Unfortunately, it doesn't yet do
Hi GeoffreyI am using Cisco 3600. In my case, I have found out the following issues with AV pairs:Call Leg 1:Cisco sends the following AV pairs to the radius server:User-NameUser-Passwordh323-conf-id
Cisco-AVPair=h323-ivr-outNAS-Port-Typecisco-nas-portNAS-PortCisco-AVPair=interfaceService-TypeNAS-I
Hello all
How can I make sqlcounter module for rechargeable account in my
freeradius server with mysql backened.
Bsal
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> > I have to make a dictionary file, but I have a little
problem:
> > There is an attribute in the vsa attributes, which has more
> > than one value. Is it possible to separate it in the
> > dictionary file? Is there a class attribute, or something?
>
> "man 5 users". Use the "+=" operator.
S
Hi
Is free radius can be used in cluster?? , If so please
provide some links to go through in detail.
Thanks & Regards
Ravi
Tech Mahindra, for
42 matches
Mail list logo
