How about
#!/bin/sh
case "$1" in
start)
/usr/local/sbin/radiusd && echo ' Started Radius'
;;
stop)
if [ -f /usr/local/var/run/radiusd/radiusd.pid ]; then
kill -TERM `cat /usr/local/var/run/radiusd/radiusd.pid`
rm -f /usr/local/var/run/radius
figuration files ...
> Started Radius
> [EMAIL PROTECTED]:/# radstart restart
> /bin/radstart: /usr/local/var/run/radiusd/radiusd.pid: No such file or
> directory
> Stopped Radius
> Tue Feb 17 20:54:16 2004 : Info: Starting - reading configuration files ...
> Started Radius
&
On Thu, 19 Feb 2004, Raymond wrote:
> Hi,
>
> Does anyone know how radius does authentication? Is there any program that do
> authentication. Or should we manually authentication program in radius.
>
** read this: http://www.freeradius.org/rfc/rfc2865.html
> And same kind question is how radi
I've been using freeradius in production for about a year. We migrated
about 200,000 users from an old proprietary system to an ldap backend and
are using now using freeradius to authenticate against it for dial-up,
adsl, ftp (for webhosting), wifi, dial isdn, and vpn internally and as a
proxy for
Can you paste the radiusd -X debug info?
On Tue, 2 Mar 2004, Paul Blaich wrote:
> Hi All
>
> I want FreeRadius to include with the Access-Accept packet that it sends
> back some information that it reads from our LDAP directory (which is
> authenticating our users based on 3 values that could be
gh))
> rlm_ldap: checking if remote access for hugh is allowed by dialupAccess
> rlm_ldap: performing search in
> cn=dialup,cn=group,cn=radius,cn=config,ou=eaccounts,dc=megashaft,dc=com,
> dc=au, with filter (objectclass=radiusprofile)
> rlm_ldap: object not found or got ambiguous searc
esult ...
> rlm_ldap: user blaich authenticated succesfully
> modcall[authenticate]: module "ldap" returns ok for request 2
> modcall: group Auth-Type returns ok for request 2
> Login OK: [blaich] (from client eeyore port 0)
> Sending Access-Accept of id 2 to 130.194.999.
I think I understand what you are saying.
You could use huntgroups and then check for a different Ldap-Group based
on the NAS-IP.
example huntgroup file
# switches/routers
netadmins NAS-IP-Address == x.x.x.x
netadmins NAS-IP-Address == y.y.y.y
# vpn concentrators
vpnusersNAS
What's your proxy.conf file say? Do you have a default realm or the
bulldog realm set?
On Thu, 4 Mar 2004, Teoh, Chee wrote:
> Hi All,
>
>
>
> I am having difficulties stripping domain name from RADIUS request
> before sending it to LDAP. I have the following in the conf file:
>
>
>
> filter =
. So, no default realm or
> bulldog realm.
>
> Chee.
>
> -Original Message-----
> From: Dustin Doris [mailto:[EMAIL PROTECTED]
> Sent: 04 March 2004 17:18
> To: [EMAIL PROTECTED]
> Subject: Re: Stripping domain names for LDAP filter
>
> What's your proxy
You can use the program radclient to send an accounting message. Do a man
radclient.
On Fri, 5 Mar 2004, Bruno JEREMIE wrote:
>
> Hello,
>
> I have searched this file "radclient" but I didn't find it.
> I look up to this file :
> /freeradius-0.9.3/raddb/clients.conf
> /freeradius-0.9.3/raddb/cli
http://freeradius.org/radiusd/doc/ldap_howto.txt
should give you an idea
On Sun, 7 Mar 2004, Ripunjay Bararia wrote:
> Hi,
>
> Currently i'm running three FR0.93 servers doing AAA for about 3000
> pppoe clients,
> with MySQL 4.X at the backend, ben facing lots of porblems about the
> database se
DAPv3.schema
Regards
Dusty Doris
On Mon, 8 Mar 2004, Ripunjay Bararia wrote:
>
> Dustin Doris wrote:
>
> >http://freeradius.org/radiusd/doc/ldap_howto.txt
> >
> >should give you an idea
> >
> >On Sun, 7 Mar 2004, Ripunjay Bararia wrote:
> >
> >
Unpack the source and cd into the doc directory. Look for the file proxy.
On Wed, 10 Mar 2004, Sayantan Bhowmick wrote:
> hi all
> i want to know how i can configure my radius server as a proxy server
> which sends requests to another main server. where all do i have to make
> changes. what chan
On Wed, 10 Mar 2004, Alan DeKok wrote:
> "Pavol Zibrita" <[EMAIL PROTECTED]> wrote:
> > Is there some way how to map clients (from accounting log) to for example
> > dhcp ip address assigments?
>
> Look at the logs, and try to compare MAC addresses.
>
> > Or is there some way to get dhpc "comm
of a group.
On Thu, 11 Mar 2004, Albers Darren wrote:
> Dustin Doris,
>
> Thank you for the help! Here is the information.
>
> I have the following group attributes set under LDAP in my radius.conf:
> groupname_attribute = Router_Admins
> g
On Thu, 11 Mar 2004, Albers Darren wrote:
> Hello all,
>
> I am attempting to use FreeRadius to authenticate based on a group in active
> directory. I have it performing authentication using LDAP against
> Active-Directory fine, but I would like to restrict it based on group
> membership. From w
run it radiusd -X
On Thu, 11 Mar 2004 [EMAIL PROTECTED] wrote:
>
> --
> Hi all
>
> I did read the faq to test my freeradius.
>
> radtest bob bob localhost 0 testing123
>
> but I got an error, access deny
>
> I don't know what is the problem
>
> CAn you tell me how to check it?
>
> I installed i
Take a look at ldap search filters
http://www.ietf.org/rfc/rfc2254.txt
On Tue, 16 Mar 2004, Robert Banniza wrote:
> Having a problem testing my LDAP authentication. In running 'radiusd -X
> -A', I'm trying to debug why uid 'brad' and his password are not being
> found. Here is my ldap filter fro
I don't think you need to do that. Check out http://www.doris.cc/radius.
You can have the same lookup, just the uid, but then check for a certain
group based on the NAS-IP or NAS-Port-Type etc.. What you are doing is
looking for something like dialuphomeenabled=yes as well as the uid when
authori
Try setting Fall-Through to no and putting a reject at the bottom of the
file.
DEFAULT Huntgroup-Name == dialup,
Ldap-Group == "cn=Dialup,ou=Remote Access,dc=kensfoods,dc=com"
Fall-Through = no
DEFAULT Huntgroup-Name == wireless,
Ldap-Group == "cn=Wireless,ou=Remote Access,dc=kensf
orize]: module "ldap" returns ok for request 2
> modcall: group authorize returns ok for request 2
> rad_check_password: Found Auth-Type Reject
> rad_check_password: Auth-Type = Reject, rejecting user
> auth: Failed to validate the user.
> Login incorrec
>
> I currently have FreeRADIUS setup to authenticate users against Active
> Directory and the local users file. Now I want to use it as the RADIUS
> server for my Extreme network switches. My hope is to be able to use the
> Active Directory accounts to authenticate the users to the switch via
>
Is "CN=User\\, Asteroid,OU=System Accounts..." a valid user with read
access to AD?
>
> It seems that this should not be so hard; I am sure I am making a stupid
> mistake somewhere, but I just don't see it.
>
> I am attempting to set up freeradius 0.9.3 (redhat) to use (initially) one
> of severa
have read access on AD (it is in the 'domain user' group).
>
> From: Dustin Doris <[EMAIL PROTECTED]> on Fri, 28 May 2004 13:16:20 -0400
> >
> > Is "CN=User\\, Asteroid,OU=System Accounts..." a valid user with read
> > access to AD?
> >
> >
I believe that 4.9 installs perl 5.6 as the default and it appears to be
looking for 5.005. Perhaps you need to reinstall the perl DBI or run a
portupgrade on it. Or change the path to perl in your script?
/usr/ports/databases/p5-DBI
Just a shot in the dark, hope that is helpful.
On Thu, 10
On Tue, 15 Jun 2004, Michael Check wrote:
> This was the first try in thinking that the Authentication would cascade
> through the servers. I had set up diff groups in testing, but couldn't get
> freeRADIUS to come up with the correct Auth-Type (like you suggest below).
>
> >> How can we get free
> Hello,
> I would like to know if this is possible
> Send a Class or Filter-Id attribute to the NAS, with the content
> being the names of the LDAP groups to which the user belongs.
>
> Thank you,
> denis
>
How does the NAS expect the group to come back?
Class:
-
List info/subscribe/unsubsc
>
> > Hello,
> > I would like to know if this is possible
> > Send a Class or Filter-Id attribute to the NAS, with the content
> > being the names of the LDAP groups to which the user belongs.
> >
> > Thank you,
> > denis
> >
>
> How does the NAS expect the group to come back?
>
> Class:
Sorry, I
cation 1
> rlm_ldap: bind as uid=testuser,ou=Information Technology,o=PUSD,c=US/test123
> to 127.0.0.1:389
> rlm_ldap: waiting for bind result ...
> rlm_ldap: user testuser authenticated succesfully
> modcall[authenticate]: module "ldap" returns ok for request 0
> modcall: g
Combining both posts.
As Allen said replying to your other post. If the FilterId has a space in
it, you'll need to quote it. Plus what I said about returning multiple
values. It would look like this in ldap as an example:
securityrole: "users otherstuff"
securityrole: += "testgroup1 stuff"
sec
> okay i'm not really into Win stuff .. ntPassword fields seem crypted since i
> can't "read" them with my eyes, but i think it's just a hash or something. Isn't
> it the regular way to store NT passwords ?
>
> anyway, here is my ldap section in radiusd.conf:
>
> ldap {
> server = "192.168.1.6"
>
>
> Considering running freeradius. I have a special need that just popped
> into my lap. I need to set up a radius server that allows for any
> arbitrary user with any password to be authenticated by the radius
> server. Sounds crazy, but I want to use the server to capture user
> information for
I've had a similar issue on 4.9 and above. I think I just went into
src/modules and rm -fr rlm_smb and then it worked.
On Wed, 30 Jun 2004, Chris Shenton wrote:
> I've been trying for a few days to get FreeRADIUS from CVS compiled on
> a FreeBSD-4.9 and FreeBSD-5.2 machine. I want to use it to
> Hi,
>
> This may look like a reccuring question, but I've checked the
> whole mailing list and many other websites but this isn't
> clear to me.
>
>
> I'm currently working on a gateway using a very poor but
> strong configuration of free radius.
> This gateway has installed the minimal configur
What is the debug output? What happens when you try to login to the
router? User denied?
On Fri, 9 Jul 2004, Robert Banniza wrote:
> Guys,
> We are trying to allow users to authenticate to Cisco 26xx routers using
> Freeradius with the rlm_ldap module (OpenLDAP). We would like some of
> these u
What about radiusd -x?
On Fri, 9 Jul 2004, Robert Banniza wrote:
> Here is what we are seeing when a user tries to login:
>
> % Authorization failed.
>
> Connection to host lost.
>
>
> On Fri, Jul 09, 2004 at 12:42:05PM -0400, Dustin Doris wrote:
> > What is the de
7;tty1' list=''
> service=EXEC
> 2d04h: AAA/AUTHOR/EXEC: tty1 (1601631891) user='jessica'
> 2d04h: tty1 AAA/AUTHOR/EXEC (1601631891): send AV service=shell
> 2d04h: tty1 AAA/AUTHOR/EXEC (1601631891): send AV cmd*
> 2d04h: tty1 AAA/AUTHOR/EXEC (1601631891): found li
I think you had a typo with radclient. It showed
Framed-IP-Address = 10.10.50.1.2
in your capture of the outgoing packet.
On Mon, 12 Jul 2004, Jeff Synnestvedt wrote:
> Hello,
>
> I am running accounting on freeradius-1.0.0-pre3. I am using pretty much
> the default configuration fi
t
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Sending Access-Reject of id 10 to 67.106.198.67:1645
> Juniper-Local-User-Name := "tier1"
t 0
> Sending Access-Accept of id 15 to 67.106.198.67:1645
> Juniper-Local-User-Name := "tier1"
> Cisco-AVPair := "shell:priv-lvl=15"
> Finished request 0
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 6 se
I set it up once in the past to test it out against mysql and postgres.
We ended up using mysql in production. Anyway, when setting it up I was
able to do so reading the docs that came with freeradius.
raddb/raddb.conf
- change the INCLUDE to use oraclesql.conf instead of sql.conf
raddb/oracles
with out bothering any other fields and groupings, how to do that using
> mysql?
>
> Thank you,
> Sathish,
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Dustin
> Doris
> Sent: Tuesday, July 20, 2004 11:58 PM
> To: [
On Fri, 23 Jul 2004, Daniel Epstein wrote:
> Greetings all,
>
> We run a freeradius-0.9.3 installation handling authentications for a
> number of different NASs on our campus. The RADIUS servers are using
> an openldap directory as the primary user credentials store. For a
> number of reasons, w
Benedikt,
Hope I can help, my comments below.
> Hello FreeRadius users,
>
> can you give me some help on getting started with LDAP? I've read the
> ldap_howto by Dusty Doris included with Freeradius. Unforunately, it
> doesn't work for my system (maybe it's already too old).
Getting too old quic
> > Robert Banniza <[EMAIL PROTECTED]> wrote:
> > > 1) In the users file, I have the following (pay attention to the
> > > Ldap-Group entry):
> > >
> > > DEFAULT Huntgroup-Name == "Cisco"
> > > Auth-Type := LDAP,
> > > Service-Type := 6,
> > >
Check out the rlm_sqlcounter module. Read doc/rlm_sqlcounter. In your
sqlcounter.conf file you can use something like this.
sqlcounter poolofminutes {
counter-name = Max-All-Session-Time
check-name = Max-All-Session
sqlmod-inst = sql
key = User-Name
reset
ged in. If they've logged in and don't have an
> expiration, set the expiration for 30 days from the initial login.
>
>
> Charlie
>
>
>
> -Original Message-
> From: Dustin Doris [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, August 17, 2004 6:25 AM
>
> Hi,
>
> I would like to know if we can run two freeradius instances on the same
> server (on different ports of course !)
Yep
>
> If yes, how can I do this ?
Here is how I did it.
**Note: my directory structure is under /usr/local, if your's is different
just modify that.
1. Make two direct
On Fri, 20 Aug 2004, Simone Giovanardi wrote:
> Is it possible manage more thn one ippool in radiusd.conf??
Yep.
>
> I' ve tried to make this but doesn't work properly
>
> Is there an example of radiusd.conf and users file to consulting?
How about you post what you tried. Here is a breif overvi
> Is their a way to have Freeradius reply differently based on what NAS Server
> sent the request?
Yep.
>
> Example. [EMAIL PROTECTED] will connect throught our national dialup and
> get
> X-Ascend-Data-Filter == "ip in forward tcp est",
> X-Ascend-Data-Filter == "ip in forward dstip 1.2.3.4/24"
Below should help. If you have more specific questions about squid, I
would check their documentation as they explain it pretty well on how to
do external authentication.
Here is a brief overview on how you can setup squid to use radius
authentication.
In squid.conf under the auth_param section,
> My Windows 2000 domain is "office.netsystems.pt". The user I'm using is
> administrator.
Does this user actually exist in your ldap directory with that password?
You will need to find a user that exists in your AD that has read access
to the part of the tree your users are in.
>
> Is this wron
n ldap browser on that machine that
will show the tree for you?
>
>
>
> -Original Message-
> From: [EMAIL PROTECTED] on behalf of Dustin Doris
> Sent: Thu 9/9/2004 7:40 PM
> To: [EMAIL PROTECTED]
> Cc:
> Subject: Re: LDAP (continued...)
an ideia :-)
>
> -Original Message-
> From: [EMAIL PROTECTED] on behalf of Dustin Doris
> Sent: Fri 9/10/2004 1:27 AM
> To: [EMAIL PROTECTED]
> Cc:
> Subject: RE: LDAP (continued...)
>
>
>
>
>
> On Thu, 9 Sep 2004, so
On Thu, 16 Sep 2004, J.R. Cabanban wrote:
> command: radtest arookie localhost 1 sharedsecret
>
> response: rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=61,
> length=20
>
> snapshot of radiusd -X -A
>
> rad_recv: Access-Request packet from host 127.0.0.1:32847, id=53,
>
On Fri, 17 Sep 2004, Lionel Gavage wrote:
> Yes but even without it doesn't work. By using the directive "listen" in the
> radiusd.conf file (as indicated in my preceding mail)
>
> radiusd.conf:
>
> bind_address = *
> port = 1645
>
> listen {
> # IP address on which to listen.
> #
Hello.
I am looking to use rlm_ippool to manage my users IPs. The setup we have
here is kind of unique and wondering if rlm_ippool can accomplish what I
need to do.
We will have a block of say /18 assigned to a particular NAS. During the
radius authentication, we will need to send back two radi
> Dustin Doris <[EMAIL PROTECTED]> wrote:
> > We will have a block of say /18 assigned to a particular NAS. During the
> > radius authentication, we will need to send back two radius attributes of
> > Framed-IP-Address and Framed-IP-Netmask. However, the Framed-IP-
> I have FR set up to auth/acct against MySQL. It appears to work fine in
> a high load environment, most of the time.
>
> Very, very occasionally FR appears to mis-process requests from the
> NASes.
>
> The NAS will report that an Access-Request has been sent, and an
> Access-Accept recieved, but
> Dera list:
>
> I´m working with PPP Dial-In connections to a Cisco box with CHAP
> authentication. My users are authenticated through Radius server
> (freeradius 1.0.1) and the user profiles are load in a MySQL database
> created with the script provided in a freeradius.tar.gz file. All is
> wor
On Thu, 21 Oct 2004, John Simms wrote:
> Hi, can anyone tell me where I can get good
> documentation for freeradius. I've just installed it
> on my linux box and need to configure it and begin
> using it for work.
>
> Thanks!
When you tar xvfz the file, look in the raddb dir and read the
configu
> Hello FreeRadius list:
>
> I'm having difficulty getting the attr_rewrite module to do...well,
> anything.
>
> I have a working RADIUS installation validating off of a mySQL database.
> Our existing NASs (Wireless APs) transmit mac addresses as 12 character
> lower case letter/number combos - th
Look into the doc directory.
README tells you about Exec-Program and Exec-Program-Wait you can put into
the users file.
variables.txt shows the variables that you can pass to it. Pay attention
to the line with printenv > /tmp/exec-program-wait. That will show you
the variables that are actually
It means its being truncated. Try adjusting the snaplen. You should be
able to do -s 0 to make sure you capture the entire packet or you can
specify a length such as -s 1024. Do a man tcpdump and search for
snaplen.
ie: tcpdump -i fxp0 -s 0 udp port 1812
-Dusty Doris
On Tue, 16 Nov 2004, jesk
> Hello all,
>
> I've spent quite a long time trying to understand how freeradius works
> and trying to get everything I want working.
> I am using Openldap since 2001 and I've no problems to understand LDAP
> as I wrote many programs around LDAP. In fact I don't understand how
> groups are working
y IP, and there is very little doc about
> ippool and the way it works.
>
> I suppose that the NAS is completely relying on radius for IP delivery.
> I'm wondering what happen in case of the failure of the main radius server.
>
> Dom
>
> Dustin Doris a écrit :
>
ure the ippool modules and include those
> >> in the
> >> accounting section and post-auth section. Forgot to include that in the
> >> last email. A radiusd -X will show you exactly what is going on. If it
> >> doesn't work, please post that to the list wi
Are you sure your filter is correct? You have ((posixAccount)(uid=toor)),
coming accross as the filter.
Try changing the filter to something like
(&(objectclass=posixaccount)(uid=%{Stripped-User-Name:-%{User-Name}}))
On Wed, 24 Nov 2004, Terry Inzauro wrote:
> Hey folks. I'm trying to get fre
help. i may need some more depending how well this goes.
>
>
> Dustin Doris wrote:
> > Are you sure your filter is correct? You have ((posixAccount)(uid=toor)),
> > coming accross as the filter.
> >
> > Try changing the filter to something like
> >
>
Add this to the top of your DEFAULT entries in the users file.
DEFAULT Huntrgroup-Name == "dial", Ldap-Group == "nodial", Auth-Type :=
Reject
Define what the group attribute is in your radiusd.conf file.
ie: groupname_attribute = radiusgroupname
Define the dial NASes in your huntgroups file
ie
You can do this.
First setup two different tables for auth. Maybe cedt_authcheck and
ece_authcheck. Setup your permissions to modify those tables
appropriately in mysql.
Then in sql.conf, comment out the authcheck_table variable and create two
new ones.
ie:
cedt_authcheck = "cedt_authcheck"
> Thor Spruyt wrote:
>
> > If you're not more specific about what you're trying to accomplish,
> > I'm afraid nobody can advise you.
>
> Sorry I want to have the freeradius Accounting entry insert into 2
> database at the same time.
> Where the 1st DB is for log process and the 2nd DB is for some
> > Thor Spruyt wrote:
> >
> > > If you're not more specific about what you're trying to accomplish,
> > > I'm afraid nobody can advise you.
> >
> > Sorry I want to have the freeradius Accounting entry insert into 2
> > database at the same time.
> > Where the 1st DB is for log process and the 2nd
On Wed, 1 Dec 2004, [iso-8859-1] Juan Manuel García Carral wrote:
> Hi,
>
> I am currently running freeradius 0.8.1 with LDAP as backend. It works fine.
> I need to upgrade to a later version because I need some features regarding
> Autz.
>
> Certain users have some Cisco ACLs associated in the
> I have an ISP scenario using freeradius 1.0.1. to authenticate dialup
> customers on our single domain. We use a Mysql backend.
> We have added a second domain for a national dialup service. A 3rd party
> providing the POPS will pass radius requests to our radius servers.
>
> Question:
> How do
On Thu, 2 Dec 2004, Christian Reeves wrote:
> > > I have an ISP scenario using freeradius 1.0.1. to
> > authenticate dialup
> > > customers on our single domain. We use a Mysql backend.
> > > We have added a second domain for a national dialup service. A 3rd
> > > party providing the POPS will pas
> I'm getting segmentation faults when it tried to load the SQL module
> after implementing Thor's changes:
>
> bash# radiusd -X
> ...
> ...
> ...
> Module: Instantiated realm (suffix)
> Segmentation fault
> bash#
>
> Configuration:
>
> sql.conf:
>
> sql_acct {
> driver = "rlm_sql_mysql"
> Hi
>
> I'm having some problems getting Session_Timeout to function - when the
> time limit is reached nothing happens (I assume it is suposed to send
> some sort of disconnect message). Is there anything else that needs set
> alongside this to have it function?
> Using - Freeradius 1.0.1 and Ch
I use freeradius to authenticate about 200,000 users for various
services, all connecting to an ldap backend. We use radrelay on our 4
radius servers to send a copy of all accounting data to one server that
stores it in sql. Its been incredibly stable, we've actually never
touched our failover se
> Hi all
>
> I'm looking to implement a prepaid card type service - I plan on using
> Session-Timeout to disconnect the users. How does freeradius keep
> track of the time elapsed while connected? I am holding all the info
> in SQL - I guess when a user connects it counts down until 0 then
> sends
On Thu, 9 Dec 2004, Michel van Dop wrote:
> Hello,
>
> I using freeradius-mysql-0.9.3-1.1 on fedora 1, i connect to mysql server
> 3.58.x db. It work okay mysql on username and groupname.
> My totacct is empty in mysql db. Can anyone tell me how to config this or can
> me send a good link with i
Hi All,
I am in the process of rebuilding our servers to recent openldap and
freeradius versions in our lab and when done will re-write the ldap howto,
as I know its pretty outdated by now.
Anyway, I've been playing around with using configurable failover for my
ldap setup and ran into an issue.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Do you mean give a user a specific IP address from a pool, or assign a
user to a specific pool?
If its the first, I don't believe you can do that. Rlm_ippool is setup
for dynamic assignment. You could just assign that value in the users
file or sql and then in ippool you set this
override = no
> Hello all,
>
> Recently I found that omshell can be use to control the dhcpd server
> without restarting the server.
> So I'm thinking would there be a way to ask the freeradius to "Talk" to
> omshell when a users auth and assign an ip though omshell.
> When the users request the ip from dhcpd s
>
> >> I would like to monitor my users(wireless) and I try writing a system and
> >> I'm using table radacct. But value for Calling-Station-Id is not recorded
> >> and we are using DHCP server.All user can get ip address from dhcp but my
> >> radius server doesn't record it. Can anyone help me ho
http://www.freeradius.org/rfc/rfc2865.html#Framed-Route
On Mon, 13 Dec 2004, Nirmal wrote:
> Hi,
>
> I am using FR-0.9 and MySQL as backend. how can i add
> single framed-route for a user ? e.g. i just want to
> forward /30 to a user.
>
> what is the exact format for framed-route attribute ?
>
>
Grab it for what? You can use the exec module to run a script on those
variables. Is that what you're looking for? Maybe if you explain what
you are trying to do, I can be more helpful.
On Wed, 15 Dec 2004 [EMAIL PROTECTED] wrote:
> Hi all,
> Can anyone please suggest me how to grab th
> Michael Markstaller wrote:
> >
> > I feel uncomfortable with something happening with logging occured.
> > When talking about auth this might be ok, for acct it is definitely not.
> > My opinion is: waht couldn't get logged shouldn't happen and when
> > replying before *trying* to log this cannot
> I have a radius box set up using 1.0.1. Currently it is doing
> authentication and working fine. I am trying to integrate in 802.1x
> auth. I have the EAP-TTLS w/ PAP working fine with a users entry of
> "username" User-Password == "test", but I am confused how the users
> and authorize and auth
2004, Joe Raviele wrote:
> EAP is in both the authenticate and authorize sections. I still have
> not gotten it to work, today I am trying several different
> permutations of the users file.
>
> - Joe
>
>
> On Thu, 16 Dec 2004 08:44:20 -0500 (EST), Dustin Doris
> <[EMAIL
> Hi,
> I had setup RADIUS server for authentication using EAP + PEAP + MSCHAPv2.
>
>In the users file I declared the user as
>
> Phani User-Password == "phani123" Calling-Station-Id == "000d549f5296"
> Reply-Message = " Ur a right user"
Do you have a comma in between that in your actu
When you unpack the source, its in
freeradius-1.0.1/src/modules/rlm_sql/drivers/rlm_sql_mysql
named
db_mysql.sql
On Mon, 20 Dec 2004, Mathias [ISO-8859-1] Röhl wrote:
> Hi
>
> after my setup works with an accesspoint and 802.1x I tried to use LDAP
> and mysql. AFAIR there must be a script to c
> I try to setup proxy and realm for freeradius
> in my forwarding server, in the proxy.conf file, it
> looks like this:
What is setup in radiusd.conf to determine realm? If you are using
something like suffix, then it would determine on the username. ie:
[EMAIL PROTECTED] and your proxy.conf f
> I'm trying to get freeradius (1.0.1) working with huntgroups and ldap
> groups, after toying with this for a few days and searching the mailing
> list I still can't seem to make it work, perhaps someone can assist.
>
> huntgroups:
> apsdialin NAS-IP-Address == 192.168.1.10
>
> users:
>
> D
>
> On Dec 22, 2004, at 12:57 PM, Dustin Doris wrote:
>
> > I cliped some of your message and only left the relevant parts. The
> > packet you show came from the NASIP of 149.28.3.101, not 192.168.1.10.
> > Is
> > that your entire huntgroups file you showed
> >
> > On Dec 22, 2004, at 12:57 PM, Dustin Doris wrote:
> >
> > > I cliped some of your message and only left the relevant parts. The
> > > packet you show came from the NASIP of 149.28.3.101, not 192.168.1.10.
> > > Is
> > > that your
> Hi
>
> I tried to run fr with LDAP and MYSQL. It works with EAP/TLS fine, but
> with local Auth in the users file.
> Now I added into radiusd.conf
>
> --
> authorize {
> #
> #preprocess
> #chap
> #mschap
> #auth_log
>
Yep. Check out man 5 users.
ie:
DEFAULT Calling-Station-Id == 33
Framed-IP-Address = 10.10.10.1
Framed-IP-Netmask = 255.255.255.0
Or you can use a backend to store this information, such as ldap or mysql.
On Wed, 29 Dec 2004, Lito Lampitoc wrote:
> Is it possi
1 - 100 of 281 matches
Mail list logo