ort] shared_secret
timeout (s)127.0.0.1 testing123
110.150.110.42 testing123
&n
Hi,
I have a problem with passwor-matching. Everything seams to be all
right, but radius still won't accept shared_secret.
I use radius with mysql-database for ssh authenticate. If I try to
authenticate with radtest on server (10.10.10.11) - it works fine. If I
try to authenticate vom client with
Hello,
https://github.com/alandekok/freeradius-server/blob/stable/raddb/modules/smsotp
Are there any daemons available that can be used by the freeradius rlm_smsotp
plugin?
Or do I need to write my own..
Thanks!
-- Pasi
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/us
On 1/27/2011 3:03 PM, Phil Mayers wrote:
>> I've met this need (using 2.1.11 from git) with a simple bit of unlang
>> in post-auth{}:
>> if ( "%{TLS-Client-Cert-Subject}" =~ /OU=Evil/ ) {
>> reject
>> }
>
> Just put this in the "authorize" section? If it's early in the EAP
> conversation,
Hi,
i prepare freeradius with eap/peap and the users file that works fine.
Now i setup a sql database,
i can use radtest or radeapclient to check the user and password in the
database and it works fine,
but if i try to connect to freeradius the request will be rejected and i
have no idea why
So
On 1/27/2011 3:41 PM, Matt Garretson wrote:
> The XP client still tries three times (duh), but at least radius.log reflects
> a failure:
>
> Error: TLS_accept: error in SSLv3 read client certificate B
> Error: rlm_eap: SSL error error:140890B2:SSL
> routines:SSL3_GET_CLIENT_CERTIFICATE:n
On 1/27/2011 1:24 PM, Matt Garretson wrote:
> Thanks. That's actually my goal. But unlang isn't allowed in
> authenticate{}, and my attempts to sneak it into the authentication
> phase via the tls{} section in eap.conf didn't seem to work.
> Any other ways to do it?
Replying to myself here
On 1/26/2011 23:49, piston wrote:
Hi
Is that possible to reset the sql counter every 30 minute?
Basically, i need to get user free access of 20 minutes, after 20
minutes NAS will logout the user.
And the user is allow to login again after 30 minute.
Thanks
-
List info/subscribe/unsubscrib
On 01/27/2011 06:04 PM, Matt Garretson wrote:
For years, we've been doing simple EAP-TLS with various versions of
FreeRADIUS. Now, a new requirement has come down to me such that radius
will have to reject certain valid client certs based on a string in the
Subject field of the client cert.
I'v
On 1/27/2011 1:14 PM, Alan Buxey wrote:
> you are authenticating...and then rejecting in the post-auth
> stage. you really need to break the process in the authentication
> stage.
Thanks. That's actually my goal. But unlang isn't allowed in
authenticate{}, and my attempts to sneak it into th
hi,
you are authenticating...and then rejecting in the post-auth
stage. you really need to break the process in the authentication
stage.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
For years, we've been doing simple EAP-TLS with various versions of
FreeRADIUS. Now, a new requirement has come down to me such that radius
will have to reject certain valid client certs based on a string in the
Subject field of the client cert.
I've met this need (using 2.1.11 from git) with a s
Difan Zhao wrote:
> I’m wondering if it’s possible for the radius.log file to show the NAS
> IP instead of the “client” name (which is IP range in my case).
Read radiusd.conf, look for msg_goodpass
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi experts,
I'm wondering if it's possible for the radius.log file to show the NAS IP
instead of the "client" name (which is IP range in my case).
Currently the log looks like:
Thu Jan 27 11:53:15 2011 : Auth: Login incorrect: [08000f513f60/08000f513f60]
(from client 10.143.115.0/24 port 50303
McCann, Brian wrote:
> The python module is currently catching NO exceptions. There are no
> try/except blocks. Right now I just have the module simply printing
> something and returning “OK” for everything…just as a proof of concept.
IIRC, the python libraries do trap signals, for a variety o
The python module is currently catching NO exceptions. There are no try/except
blocks. Right now I just have the module simply printing something and
returning "OK" for everything...just as a proof of concept.
Thanks though,
--Brian
From: freeradius-users-bounces+bmccann=andmore@lists.fre
Brian Candler wrote:
> I notice that recently a %{integer:...} expansion was added. Is there
> perhaps a case for a corresponding %{string:...} expansion?
Yes.
Editing the dictionaries is not recommended, as it can have additional
side effects. Adding %{string:Class} is pretty specific.
A
Just add the line:
ATTRIBUTE Class 25 string
to the end of raddb/dictionary. It will override the type defined in
the standard dictionaries, which you may not want to fiddle with too
much.
On Thu, Jan 27, 2011 at 2:45 PM, Brian Candler wrote:
> In an accounting se
In an accounting server, I would like to be able to parse the Class
attribute with a regexp to pull parts out. However the standard dictionary
defines it as 'octets' which makes it hard to parse - and I'd like to avoid
modifying the dictionary if possible.
Copying it to a 'string' attribute doesn
Hi,
>"vijay" Auth-Type := Local, Cleartext-Password == "123qwe",
1 ^ 2
1 is wrong. you dont need it.
2 is wrong, operator should be := , not ==
>Above mentioned is my configuration. when i try to connect client with SSH
>it is
You can use Session-Timeout attribute in your radreply sql table like:
+-+---+-++-+---+
| id | UserName | Attribute | op | Value |
+-+---+-++-+---+
| | 257 | test | Session-Timeout | := | 1800|
21 matches
Mail list logo