hahaha sorry alan.
Big mistake of mine, I am dsylexic and yer well there u go.
I was reading suse as fedors (dont ask why).
Sorry for the false alarm, I did check and double check but sometimes
I never see the words right once I have mis-read them until some1 else
points it out.
So I should be u
Thanks again for the reply.
Yes it was a mistake on my behalf no1 elses (Im dsylexic and misread
the suse as fedora).
Thanks for catching me on that,
Keep up the good work guys.
On 4/19/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Hi,
>
> > Notes:
> > * The wiki glosses over a little and g
Hi,
> So I should be using the redhat spec file for fedora correct ? - will
correct. SUSE is a very different beast to RedHat - as you have
discovered
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Here is my updated Install (now the same as the wikis) and yes works
the way I expected. Swapping to 1.1.6 now, then back to figuring out
LDAP :)
# cd /usr/src
# tar zxvf /root/Desktop/freeradius-1.1.6.tar.gz
# cp /root/Desktop/freeradius-1.1.6.tar.gz
/usr/src/redhat/SOURCES/
# cp freeradius-1.1.6
Hi Alan,
On Wed, Apr 18, 2007 at 05:09:11PM +0200, Alan DeKok wrote:
> Ah. client_add() doesn't create the necessary structure. I've just
> fixed that.
==> I can confirm it works (cool!)
However here is another bug report:):
* cvs head
* all NASes in nas table(clients.conf not used)
* sendi
Freeradius 1.1.3 installed via YUM on Fedora (not suse :P)
radiusd.conf: http://pastebin.ca/447690
radiusd -X -A output: http://pastebin.ca/447693
domain: tfxschool.internal
ADS: tfxschoolfs01.tfxschool.internal
Hi again people,
I have been pouring through the oreillys LDAP book (quite informativ
Hi all,
I'm using cvs head on debian woody(historical reasons). I'm using
rlm_perl module with perl 5.6:
`dpkg -l '*perl*'`
...
ii libperl-dev5.6.1-8.9
ii libperl5.6 5.6.1-8.9
ii libsnmp-perl 4.2.3-2
...
This version of perl is without ithreads and does not support
> Sorry, those few things were all I could think of. I don't have an
> openSUSE server lying around, so I can't even confirm it works at all.
> Hopefully the source compile of net-snmp and freeradius will uncover the
> actual problem.
FWIW: I tried it on a non-prod system, compiled net-snmp 5.4
Ok, I have some more questions.
>
> It sounds like a database might be a better choice. pam_ldap, in
> conjunction with nss_ldap should solve the problem.
>
If I use LDAP to authenticate with PAM and freeradius authenticates against
LDAP as well am I able to still store session details wit
Jason Chan wrote:
> Is it possible for FreeRadius to perform grouping after Kerberos
> authentication accepted?
You can configure things in the post-authentication phase.
> My company has many switches and servers and we use kerberos 5 for
> RADIUS authentication. Once the user is authenticated
Hi all,
here is another bug report(but don't worry; I'm running out of my
bugreports):
I used to have following attr_rewrite in modules section:
attr_rewrite fix_sqlcounter_reply {
attribute = Reply-Message
searchin = reply
searchfor = "You
Milan Holub wrote:
> However here is another bug report:):
> * cvs head
> * all NASes in nas table(clients.conf not used)
> * sending HUP results in segmentation fault when re-building up internal
> clients structure:
Ok... I've added more code to re-set pointers on cleanup, and create
them on
Jacob Jarick wrote:
> I have been pouring through the oreillys LDAP book (quite informative
> so far to btw). I got the example of using freeradius against the
> linux passwd file working fine. I tried their Freeradius and OpenLDAP
> (now I know ADS isnt OpenLDAP btw) and it fails with the followin
daniel wrote:
> If I use LDAP to authenticate with PAM and freeradius authenticates against
> LDAP as well am I able to still store session details with LDAP?
I believe so, yes.
> I am trying to integrate my current hotspot database with my terminals so
> that users can authenticate on either
On Thu 19 Apr 2007, [EMAIL PROTECTED] wrote:
> Hi,
>
> > So I should be using the redhat spec file for fedora correct ? - will
>
> correct. SUSE is a very different beast to RedHat - as you have
> discovered
Erm.. Having said that, the SUSE spec file should and DOES build on Fedora as
well. I hav
i need to configure my freeradius server in proxy server to use it with
windows IAS! i want the configuration of the files of freeradius which can
permit me to do that!
my last coonfiguration of these files is:
radiusd.conf
proxy_request = yes
proxy.conf
realm gie.local {
t
After more research yet again (google/ oriellys/ FR mailing list
archives) I "think" its one of these 2 scenarios.
1 - Anonymous Searches in Active Directory isnt working
2 - When I set:
# identity = "cn=root,o=tfxschool,c=AU"
# password = pass
the password should be
Milan Holub wrote:
> here is another bug report(but don't worry; I'm running out of my
> bugreports):
That's good to hear.
I couldn't reproduce it, but I did track down and fix the underlying
problem.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://dep
> i need to configure my freeradius server in proxy server to use it with
> windows IAS! i want the configuration of the files of freeradius which can
> permit me to do that!
We all want lots of things. Asking a bit more polite might help.
> my last coonfiguration of these files is:
>
> radiusd.
Unless I did something wrong mate it def doesnt build (dependancies
have diff names).
On the topic though. 1.1.6 built fine from the redhat spec file, I am
going to trial it once Im done with testing this ldap search problem.
On 4/19/07, Peter Nixon <[EMAIL PROTECTED]> wrote:
> On Thu 19 Apr 2007
Hi Alan,
On Thu, Apr 19, 2007 at 10:46:51AM +0200, Alan DeKok wrote:
> I couldn't reproduce it, but I did track down and fix the underlying
> problem.
==> And I can confirm it's fixed.
Milan Holub
holub (at) thenet (dot) ch
--
TheNet-Internet Services AG,
Hi Alan,
On Thu, Apr 19, 2007 at 10:26:36AM +0200, Alan DeKok wrote:
> Ok... I've added more code to re-set pointers on cleanup, and create
> them on creation.
==> and yes it helped! no segmentation fault anymore
Milan Holub
holub (at) thenet (dot) ch
--
On Thu 19 Apr 2007, Jacob Jarick wrote:
> Unless I did something wrong mate it def doesnt build (dependancies
> have diff names).
Well, sorry. to be more clear, the latest version of the spec file which is
used to build the rpms in opensuse does. I may have forgotten to commit this
back to cvs.
it's true! i had configure my FreeRADIUS server as a client on the IAS box,
but my server freeradius which i need it toi be server proxy don't transmit
the request of my switch. when i learned freeradius, i begun it by
configurate it with users file, and after with MySQL database. then i want
Hi Alan,
snmp querying works great now. Thanks for that!
However I've tried also to query some MIBS from
RADIUS-ACC-SERVER-MIB.txt or RADIUS-STAT-MIB.txt files and it looks like
freeradius does not react on it at all(no DEBUG activity with -X).
(cvs head)
Working query (using MIBs from RADIUS-AU
Milan Holub wrote:
> I remember all MIBs worked a week before or so...
There was a missing bracket in smux.c.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradiu
You already have those files. What you need to do (if you really want
help on this list) is to paste the output from radiusd -X so people can
see what has gone wrong and tell you how to fix it. "freeradius reject
the packets" can mean loads of things.
Ivan Kalik
Kalik Informatika ISP
Dana 19/4/2
Hi Alan,
On Thu, Apr 19, 2007 at 12:26:46PM +0200, Alan DeKok wrote:
> There was a missing bracket in smux.c.
==> accounting MIBs now working:
main: smux_password = "verysecret"
main: snmp_write_access = yes
SMUX connect try 1
SMUX SMUX open oid: 1.3.6.1.4.1.3317.1.3.1
SMUX open progname: rad
Milan Holub wrote:
> but statistics MIBs not registered/working yet...
It's not implemented. It's also not a standard. It was added on the
theory that we might do it one day, but perhaps not.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradi
On 4/19/07, Alan DeKok <[EMAIL PROTECTED]> wrote:
Rick Macdougall wrote:
> Recompiled with --without-threads and it locks up hard on the first
> accounting request. And when I say locks up hard, I mean not even a kill
> -9 will stop it, I have to reboot the server.
Are you sure your OS isn't
It works!!! Thank you very much!
Kevin Bonner wrote:
I almost ignored your message, as I don't parse HTML well. =)
On Wednesday 18 April 2007 18:06:28 Sebastian Firpo wrote:
Thank you Kevin, but it didn't work now my entire users file is:
sebas Cry
Hi,
We'd like to use FR to assign users on our wired network to one of 30
different vlans on campus, based on an LDAP field. Currently, we are doing
this with huntgroups. Namely, we create a huntgroup for the NAS (in our
case, a network switch), and then in the users file, we put the following:
D
you could extend your ldap schema and add a field for the vlan a user should
belong too.
then all you would need is to query that field and propogate the variable.
"Tunnel-Private-Group-Id=`%{private-vlan}`"
On 4/19/07, Matt Ashfield <[EMAIL PROTECTED]> wrote:
Hi,
We'd like to use FR to assi
On the topic of password encryption.
Kevin would you know how to encode a password for windows 2003 active
directory server. I need a user with permission to do active directory
searchs, it tries atm but fails because the password is not encrypted.
Even if you know what the encryption they use is
Matt, how about the configuration that you have to have in the switch
Can you Help me
Robinson
[EMAIL PROTECTED]
On 4/19/07, Matt Ashfield <[EMAIL PROTECTED]> wrote:
Hi,
We'd like to use FR to assign users on our wired network to one of 30
different vlans on campus, based on an LDAP
FreeRADIUS Users/Developers,
Does anyone use RADIUS to authenticate Motorola SM's? If so, I'm needing
some information on how to accomplish this.
Thank You In Advanced!,
Matt Neumark
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
We would like to use FreeRADIUS (acting as a proxy server) to set the
Primary-DNS-Server and Secondary-DNS-server attributes in the auth
response to the RADIUS client only if these attributes are not provied
by the end RADIUS server (which we don't control). Is there anyway to
do this without
Hi,
Radclient works fine with almost every except when you use the -c flag
to specify that multiple copies of the same packet are sent.
---
./radclient -c 10 -x -f user radius1.susx.ac.uk auth xxx
Sending Access-Request of id 205 to 139.184.14.180 port 1812
User-Name = "ac221"
Thank you Alan. I read the documentations and now I'm able to use
Kerberos and MySQL along with FreeRadius. Thank you for your help.
However, I'm stuck in the last part of the project which is to reply the
accept request along with assigned attributes.
For example, Kerberos successfully authenti
I was afraid someone would say that! Haha
Matt
-Original Message-
From: Donny Jekels [mailto:[EMAIL PROTECTED]
Sent: April 19, 2007 10:57 AM
To: [EMAIL PROTECTED]; FreeRadius users mailing list
Subject: Re: suggestions for multiple vlans in hundreds of switches
you could extend yo
Yeah, there's that too. We need to create these vlans within the edge
switches as well. Once created, you shouldn't have to touch them again.
Or you don't create them at the edge, and instead just create them in the
core, however that kind of kills the advantage of extending your vlans to
the
Hi,
> This seems to work. The issue is scale. I have would conceivably have to
> have a huntgroup definition in the huntgroups file for each NAS. And if I
> wanted 30 vlans, I'd have to have 30 definitions like the ones above in my
> users file for EACH one of my NAS's.
that would depend on what
I have been following your thread and am interrested to find out how do d
you get freeradius to do authentication wiht kerberos?
any config examples would be helpfull.
On 4/18/07, Jason Chan <[EMAIL PROTECTED]> wrote:
Hello,
Is it possible for FreeRadius to perform grouping after Kerberos
auth
On Thursday 19 April 2007 10:42:30 Jacob Jarick wrote:
> On the topic of password encryption.
> Kevin would you know how to encode a password for windows 2003 active
> directory server. I need a user with permission to do active directory
> searchs, it tries atm but fails because the password is no
I'm using Redhat Enterprise Linux and here is my steps to setup
FreeRadius
1) Make SURE you have installed MIT Kerberos on your linux (krb5
packages)
2) Configure Realm, KDC servers, etc... for your linux
(system-config-authentication for redhat)
3) Install FreeRadius
4) Make SURE you have rlm_krb
Ok,
I've taken out the SQL accounting completely, left in the SQL authentication
and the problem still persists. On accounting packets with threads
disabled, the accounting process stops completely after one packet, on
accounting packets with threads enabled, the accounts process reports the
ma
Well, I went through everything in the accounting { } and the problems turns
out to be radutmp
Any reason this might be a problem. The file gets created but never written
to. If I comment it out of the accounting { }, then everything, including
mysql records being written, works just fine.
Reg
On Thu 19 Apr 2007, Rick Macdougall wrote:
> Well, I went through everything in the accounting { } and the problems
> turns out to be radutmp
>
> Any reason this might be a problem. The file gets created but never
> written to. If I comment it out of the accounting { }, then everything,
> includi
Arran Cudbard-Bell wrote:
> Radclient works fine with almost every except when you use the -c flag
> to specify that multiple copies of the same packet are sent.
I have a fix I'll be committing tomorrow.
> Was looking forward to doing some crude benchmarking :(
Last week it was slower than
Jason Chan wrote:
> For example, Kerberos successfully authenticate admin/admin (yes I don't
> use MySQL for authentication), and FreeRadius knows this user has
> permission to access. Now, in the postauth part, FreeRadius searches the
> radreply table in its MySQL database for the proper attribute
Rick Macdougall wrote:
> Well, I went through everything in the accounting { } and the problems
> turns out to be radutmp
>
> Any reason this might be a problem. The file gets created but never
> written to. If I comment it out of the accounting { }, then everything,
> including mysql records be
You are right on with the NFS locking issue.
I believe that is exactly the problem, my only concern now is why it happens
with CentOS 4.x and not with Fedora Core 3.
More info in the morning as I'm currently having a beer (or 4) and watching
the Hockey playoffs.
Thanks for the help.
Regards,
Hello,
this week I updated to freeradius 1.1.6. We use eap/tls with a crl from
a Microsoft CA, which is downloaded and converted by a shell script
every hour or has to be updated manually. If it changes, I have to
reload the server config, right? Since the update the server crashes
with a seg faul
53 matches
Mail list logo