Re[2]: daily limit
Monday, May 9, 2005, 9:34:05 PM, you wrote: SE Hm... maybe you should set the SQL statements in your sqlcounter.conf file SE that can be usually found in /etc/raddb or SE /usr/local/etc/raddb depending on SE distribution... SE You can define the different counters for your vouchers that will count time SE or traffic by defining them in the file I mentioned... SE I dont know, but maybe you should take a look at SE /usr/share/doc/packages/freeradius/rlm_sqlcounter if you already didnt do SE that... hello, i still cant solve the problem about 1 day limit. now im thinking to put in sqlcounter.conf : sqlcounter hourcounter { counter-name = Max-Hour-Session-Time check-name = Max-Hour-Session sqlmod-inst = sql key = User-Name reset = never query = SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime '%b' } and i set 86400 in radgroupcheck, and input : INSERT INTO radgroupcheck (id,GroupName,Attribute,Value,op) - VALUES ('','plan_name','Password-Expire','86400',':='); is it will work regard to my case ? the point is, customer cant login after next day, the login voucher will valid for twenty four hours from the first time login. please advice. thanks -- Best regards, avudz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re[2]: daily limit
You dont understand the way the counter works. As stated in the experimental.conf: # The 'reset' parameter defines when the counters are all # reset to zero. It can be hourly, daily, weekly, monthly or # never. It can also be user defined. It should be of the # form: # num[hdwm] where: # h: hours, d: days, w: weeks, m: months # If the letter is ommited days will be assumed. In example: # reset = 10h (reset every 10 hours) # reset = 12 (reset every 12 days) In your case you should change reset=never to reset=1h if you want to reset the counter every hour. But in that case it would not make sense to call it Max-Hour-Session-Time since the counter would be reset after the user's time is off and then she would be able to login again... What do you exactly wanna do? Your config as it is now does not make any sense. Your SQL says you want to allow your users to stay on 24 hours a day. But then you want to reset the counter every hour? That would make sense if the reset value was greater than the corresponding value of your Max-XYZ-Session. Here is my sqlcounter I use for daily, weekly, monthly and unlimited resets: http://www.yazzy.org/configs/linux/freeradius/sqlcounter.conf And btw, the Attribute field in the radgroupcheck table must be the same as the value of check-name, e.g: INSERT INTO radgroupcheck (id,GroupName,Attribute,op,Value) VALUES (1,'01hour','Max-Daily-Session',':=','3600'); On Wed, 11 May 2005 13:55:55 +0700 avudz [EMAIL PROTECTED] wrote: Monday, May 9, 2005, 9:34:05 PM, you wrote: SE Hm... maybe you should set the SQL statements in your sqlcounter.conf file SE that can be usually found in /etc/raddb or SE /usr/local/etc/raddb depending on SE distribution... SE You can define the different counters for your vouchers that will count time SE or traffic by defining them in the file I mentioned... SE I dont know, but maybe you should take a look at SE /usr/share/doc/packages/freeradius/rlm_sqlcounter if you already didnt do SE that... hello, i still cant solve the problem about 1 day limit. now im thinking to put in sqlcounter.conf : sqlcounter hourcounter { counter-name = Max-Hour-Session-Time check-name = Max-Hour-Session sqlmod-inst = sql key = User-Name reset = never query = SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime '%b' } and i set 86400 in radgroupcheck, and input : INSERT INTO radgroupcheck (id,GroupName,Attribute,Value,op) - VALUES ('','plan_name','Password-Expire','86400',':='); is it will work regard to my case ? the point is, customer cant login after next day, the login voucher will valid for twenty four hours from the first time login. please advice. thanks -- Best regards, avudz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[4]: daily limit
Hello Marcin, Wednesday, May 11, 2005, 2:54:09 PM, you wrote: MJ In your case you should change reset=never to reset=1h if you MJ want to reset the counter every hour. MJ But in that case it would not make sense to call it MJ Max-Hour-Session-Time since the counter would be reset after the MJ user's time is off and then she would be able to login again... --- ups, sorry. thanks for correcting my mistake. MJ What do you exactly wanna do? Your config as it is now does not make any sense. MJ Your SQL says you want to allow your users to stay on 24 MJ hours a day. But then you want to reset the counter every hour? MJ That would make sense if the reset value was greater than the MJ corresponding value of your Max-XYZ-Session. --- in my case, i have 1 day voucher limited to 24 hour, the password will expire next day after first login even the user only use 3 hours. -- Best regards, avudz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
difference between module authorize and authentication
Good morningWhat is the difference between the module authorize and authentication in the file radiusd.conf if authorize don't return ok but authentication returns ok, eap-tls or peap works but ! it is not normal. When the module "authorize" don't return ok, is it possible to don't validate the users because the server displays "login ok: [client/no user password attribute] from ..." i want : login incorrect: [] from ... when module authorize don't return ok thank you very much Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails !Créez votre Yahoo! Mail
Re: Counting number of open sessions in RADIUS
this is kinda wrong, because radwho has one extra line on top, so the output of radwho |wc -l will count +1 the actual number of users :) On 5/10/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Quoting Sonali Karmarkar [EMAIL PROTECTED]: Hi I am using freeradius 0.9.3 with mysql on linux. What is the correct way to count number of open sessions for freeradius server ? [EMAIL PROTECTED] wrote: the easiest way off the top of my head would be to run: %radius_dir%/bin/radwho | grep -c Or: %radius_dir%/bin/radwho | wc -l :) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re[4]: daily limit
Hi. As far as I know the sqlcounter will disallow furhter authentrication only if the user has used her time limit quota. The Session-Timeout Attribute will kick him out when loged in and the Max-XYZ-Session will be checked the next time a user wants to login. You would need an additional Attribute for user expiration date as well. On Wed, 11 May 2005 15:07:25 +0700 avudz [EMAIL PROTECTED] wrote: Hello Marcin, Wednesday, May 11, 2005, 2:54:09 PM, you wrote: MJ In your case you should change reset=never to reset=1h if you MJ want to reset the counter every hour. MJ But in that case it would not make sense to call it MJ Max-Hour-Session-Time since the counter would be reset after the MJ user's time is off and then she would be able to login again... --- ups, sorry. thanks for correcting my mistake. MJ What do you exactly wanna do? Your config as it is now does not make any sense. MJ Your SQL says you want to allow your users to stay on 24 MJ hours a day. But then you want to reset the counter every hour? MJ That would make sense if the reset value was greater than the MJ corresponding value of your Max-XYZ-Session. --- in my case, i have 1 day voucher limited to 24 hour, the password will expire next day after first login even the user only use 3 hours. -- Best regards, avudz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[6]: daily limit
Hello Marcin, Wednesday, May 11, 2005, 4:06:52 PM, you wrote: MJ Hi. MJ As far as I know the sqlcounter will disallow furhter MJ authentrication only if the user has used her time limit quota. MJ The Session-Timeout Attribute will kick him out when loged in MJ and the Max-XYZ-Session will be checked the next time a user wants MJ to login. MJ You would need an additional Attribute for user expiration date as well. --- mm i c, so i think i need external script to do this ?? like Exec-Program ? if min(AcctStartTime) or AcctStartTime == 0 the voucher will not expire, or its possible to generate from PHP script and doing query to database 'Expire' each time there was authenticate ? -- Best regards, avudzmailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re[6]: daily limit
On Wed, May 11, 2005 at 04:31:49PM +0700, avudz wrote: Hello Marcin, Wednesday, May 11, 2005, 4:06:52 PM, you wrote: MJ Hi. MJ As far as I know the sqlcounter will disallow furhter MJ authentrication only if the user has used her time limit quota. MJ The Session-Timeout Attribute will kick him out when loged in MJ and the Max-XYZ-Session will be checked the next time a user wants MJ to login. MJ You would need an additional Attribute for user expiration date as well. --- mm i c, so i think i need external script to do this ?? like Exec-Program ? if min(AcctStartTime) or AcctStartTime == 0 the voucher will not expire, or its possible to generate from PHP script and doing query to database 'Expire' each time there was authenticate ? I'll second that idea. Definately would need some external maintenance on the database every night to expire accounts older than 24hrs... Alternatively, you *can* do some nifty sql query on the authentication query that compaires radacct to the account being authenticated, but that would be a performance hit on authentication times. A nightly maintenance run would be the best way to go IMHO. -- Chris. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[8]: daily limit
Wednesday, May 11, 2005, 4:36:26 PM, you wrote: CK I'll second that idea. Definately would need some external maintenance CK on the database every night to expire accounts older than 24hrs... CK Alternatively, you *can* do some nifty sql query on the authentication query CK that compaires radacct to the account being authenticated, but that would be CK a performance hit on authentication times. A nightly maintenance run would CK be the best way to go IMHO. --- thanks so much for response and idea, btw last *hope* :-) is it possible to do like this : Database changed mysql select * from radgroupcheck; ++---+-+++ | id | GroupName | Attribute | op | Value | ++---+-+++ [SNIP] | 6 | test | Expiration | := | 2005-01-10 | ++---+-+++ 4 rows in set (0.00 sec) so all user which in group test if date 10-01-2005 will expire. *last hope* :-) -- Best regards, avudz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re[8]: daily limit
Hi. Yepp, that should work, i.e. mysql select * from radcheck; ++--+---+++ | id | UserName | Attribute | op | Value | ++--+---+++ | 5 | yazzy| User-Password | := | yazzy | | 6 | yazzy| Max-Daily-Session | := | 3600 | | 7 | yazzy| Expiration| := | 2005-01-10 | ++--+---+++ Or you could put it to the readgroupreply table as well for your group. On Wed, 11 May 2005 16:56:53 +0700 avudz [EMAIL PROTECTED] wrote: Wednesday, May 11, 2005, 4:36:26 PM, you wrote: CK I'll second that idea. Definately would need some external maintenance CK on the database every night to expire accounts older than 24hrs... CK Alternatively, you *can* do some nifty sql query on the authentication query CK that compaires radacct to the account being authenticated, but that would be CK a performance hit on authentication times. A nightly maintenance run would CK be the best way to go IMHO. --- thanks so much for response and idea, btw last *hope* :-) is it possible to do like this : Database changed mysql select * from radgroupcheck; ++---+-+++ | id | GroupName | Attribute | op | Value | ++---+-+++ [SNIP] | 6 | test | Expiration | := | 2005-01-10 | ++---+-+++ 4 rows in set (0.00 sec) so all user which in group test if date 10-01-2005 will expire. *last hope* :-) -- Best regards, avudz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re[8]: daily limit
Errata. I meant radgroupcheck, not radgroupreply. On Wed, 11 May 2005 12:09:01 +0200 Marcin Jessa [EMAIL PROTECTED] wrote: Hi. Yepp, that should work, i.e. mysql select * from radcheck; ++--+---+++ | id | UserName | Attribute | op | Value | ++--+---+++ | 5 | yazzy| User-Password | := | yazzy | | 6 | yazzy| Max-Daily-Session | := | 3600 | | 7 | yazzy| Expiration| := | 2005-01-10 | ++--+---+++ Or you could put it to the readgroupreply table as well for your group. On Wed, 11 May 2005 16:56:53 +0700 avudz [EMAIL PROTECTED] wrote: Wednesday, May 11, 2005, 4:36:26 PM, you wrote: CK I'll second that idea. Definately would need some external maintenance CK on the database every night to expire accounts older than 24hrs... CK Alternatively, you *can* do some nifty sql query on the authentication query CK that compaires radacct to the account being authenticated, but that would be CK a performance hit on authentication times. A nightly maintenance run would CK be the best way to go IMHO. --- thanks so much for response and idea, btw last *hope* :-) is it possible to do like this : Database changed mysql select * from radgroupcheck; ++---+-+++ | id | GroupName | Attribute | op | Value | ++---+-+++ [SNIP] | 6 | test | Expiration | := | 2005-01-10 | ++---+-+++ 4 rows in set (0.00 sec) so all user which in group test if date 10-01-2005 will expire. *last hope* :-) -- Best regards, avudz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[10]: daily limit
Hello Marcin, Wednesday, May 11, 2005, 5:09:01 PM, you wrote: MJ Hi. MJ Yepp, that should work, i.e. mysql select * from radcheck; MJ ++--+---+++ MJ | id | UserName | Attribute | op | Value | MJ ++--+---+++ MJ | 5 | yazzy| User-Password | := | yazzy | MJ | 6 | yazzy| Max-Daily-Session | := | 3600 | MJ | 7 | yazzy| Expiration| := | 2005-01-10 | MJ ++--+---+++ MJ Or you could put it to the readgroupreply table as well for your group. --- wow, ok, dankee :-) -- Best regards, avudzmailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Huntgroups
Hi. I wonder how the huntgroups really work. Can I have a huntgroup with multiple NAS's stored in SQL and users belonging to that huntgroup? Then can each huntgroup have a different group defined in the radgroup/radcheck table ? What I want to do is to restrict certain users to only be able to access certain routers. At the same time those users would belong to certain groups, each with it's own definitions like time limits, bandtwith limits, IP-Pools etc. If so, what happens if the NAS user can connect to is listed as say number 3 in the lists of the avaliable NAS's in the hungroup? How will the avaliability of NAS's be checked for that user? Can a user belong to multiple huntgroups ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[11]: daily limit
Wednesday, May 11, 2005, 5:47:16 PM, you wrote: a Hello Marcin, a Wednesday, May 11, 2005, 5:09:01 PM, you wrote: MJ Hi. MJ Yepp, that should work, i.e. mysql select * from radcheck; MJ ++--+---+++ MJ | id | UserName | Attribute | op | Value | MJ ++--+---+++ MJ | 5 | yazzy| User-Password | := | yazzy | MJ | 6 | yazzy| Max-Daily-Session | := | 3600 | MJ | 7 | yazzy| Expiration| := | 2005-01-10 | MJ ++--+---+++ MJ Or you could put it to the readgroupreply table as well for your group. --- hello, sorry for bothering again :-) i've follow the example like you paste, but i still can login with user 'avudz' even i set date older 4 months. is it need some special option on first configure ? Database changed mysql select * from radcheck; ++--+---+++ | id | UserName | Attribute | op | Value | ++--+---+++ [SNIP] | 11 | 81 | Password | := | avudz | | 12 | 81 | Expiration| := | 2005-01-10 | ++--+---+++ 10 rows in set (0.00 sec) -- Best regards, avudz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re[11]: daily limit
Maybe the date format is incorrect? I am not sure what those silly americans use but afair it's of Month-Day-Year format - as logical as using bodyparts as the scale value for meassurements :) What does the debugging info say? On Wed, 11 May 2005 18:24:52 +0700 avudz [EMAIL PROTECTED] wrote: Wednesday, May 11, 2005, 5:47:16 PM, you wrote: a Hello Marcin, a Wednesday, May 11, 2005, 5:09:01 PM, you wrote: MJ Hi. MJ Yepp, that should work, i.e. mysql select * from radcheck; MJ ++--+---+++ MJ | id | UserName | Attribute | op | Value | MJ ++--+---+++ MJ | 5 | yazzy| User-Password | := | yazzy | MJ | 6 | yazzy| Max-Daily-Session | := | 3600 | MJ | 7 | yazzy| Expiration| := | 2005-01-10 | MJ ++--+---+++ MJ Or you could put it to the readgroupreply table as well for your group. --- hello, sorry for bothering again :-) i've follow the example like you paste, but i still can login with user 'avudz' even i set date older 4 months. is it need some special option on first configure ? Database changed mysql select * from radcheck; ++--+---+++ | id | UserName | Attribute | op | Value | ++--+---+++ [SNIP] | 11 | 81 | Password | := | avudz | | 12 | 81 | Expiration| := | 2005-01-10 | ++--+---+++ 10 rows in set (0.00 sec) -- Best regards, avudz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[13]: daily limit
Hello Marcin, Wednesday, May 11, 2005, 6:32:36 PM, you wrote: MJ Maybe the date format is incorrect? MJ I am not sure what those silly americans use but afair it's MJ of Month-Day-Year format - as logical as using bodyparts as the MJ scale value for meassurements :) MJ What does the debugging info say? hehehe.. i don't have any idea about this, how to debug sql date ? i try this one : mysql select now(); +-+ | now() | +-+ | 2005-05-11 18:40:36 | +-+ 1 row in set (0.00 sec) i guess the format are same, Year-Month-Date format. -- Best regards, avudzmailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
NAS compatibility
Hello, I have problems with Linksys wap54g and wrt54g to do radius authentication. the NAS sends the request of the client and when freeradius sends the Access-Challenge, it seems that the NAS doesn't send it to the client. Naturaly, the client sends another Access-Request and that's never finished. It's very strange because it works sometimes and stops working when he wants. As the Linksys access points seem to not work fine with FreeRADIUS, I would know what is working well with it. Thank you, Sylvain Clerc. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re[13]: daily limit
Run your radiusd with -X flag, this will force it to foreground and give you more info. On Wed, 11 May 2005 18:40:38 +0700 avudz [EMAIL PROTECTED] wrote: Hello Marcin, Wednesday, May 11, 2005, 6:32:36 PM, you wrote: MJ Maybe the date format is incorrect? MJ I am not sure what those silly americans use but afair it's MJ of Month-Day-Year format - as logical as using bodyparts as the MJ scale value for meassurements :) MJ What does the debugging info say? hehehe.. i don't have any idea about this, how to debug sql date ? i try this one : mysql select now(); +-+ | now() | +-+ | 2005-05-11 18:40:36 | +-+ 1 row in set (0.00 sec) i guess the format are same, Year-Month-Date format. -- Best regards, avudzmailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help
On Wed, 11 May 2005 13:39:01 +0200 zze-BEN SAID Mehdi RD-CORE-ISS [EMAIL PROTECTED] wrote: Hi; I'm student and I'm new to freeRadius, actually I'm new to Radius! Hi. I used to be student and new to FreeRadius, then I started to read the docs and man pages. Then came google to make my life even easier. I just need some help for installing and running a Radius client. Thanks Here is some help I know it's not as generic as your question but with the information you provided that's the best I can do at the moment. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help
Hi , I think your question is about the process of compiling and installing. This is like other linux software, with a previous configure stage with some parameters, If you want more help, I think you could to send me a email. If you wish to learn more about RADIUS itself, I think first must to look for the concept, and then go to lear how to work with an specific RADIUS suchas freeradius Ernesto Freyre RamírezJefe de OperacionesQnetSoluciones TecnológicasAv. Paseo de la República 4675 - Lima 34 Telf.: (511) 241-4122 Anexo 2245Fax: (511) 446-8135 Visítenos en: www.qnet.com.pe- Original Message - From: Marcin Jessa To: freeradius-users@lists.freeradius.org Cc: [EMAIL PROTECTED] Sent: Wednesday, May 11, 2005 8:11 AM Subject: Re: help On Wed, 11 May 2005 13:39:01 +0200"zze-BEN SAID Mehdi RD-CORE-ISS" [EMAIL PROTECTED] wrote: Hi; I'm student and I'm new to freeRadius, actually I'm new to Radius!Hi. I used to be student and new to FreeRadius, then I started to read the docs and man pages.Then came google to make my life even easier. I just need some help for installing and running a Radius client. ThanksHere is some help I know it's not as generic as your question but with the information you provided that's the best I can do at the moment. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
reply-message
Hi all, I'm willing to send a reply-message when access-reject occurs. The thing is that, if authorize_check_query fails ( ie: user is not found) , then authorize_reply_query is not called. So, I do not know how to send back a Reply-Message Attribute if authorize_reply_query is not executed. Best Regards, Lucas -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.11.8 - Release Date: 10/05/2005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help
Don't you love it when you need to guess people's question? On Wed, 11 May 2005 09:03:54 -0500 Ernesto Freyre Ramírez [EMAIL PROTECTED] wrote: Hi , I think your question is about the process of compiling and installing. This is like other linux software, with a previous configure stage with some parameters, If you want more help, I think you could to send me a email. If you wish to learn more about RADIUS itself, I think first must to look for the concept, and then go to lear how to work with an specific RADIUS suchas freeradius Ernesto Freyre Ramírez Jefe de Operaciones Qnet Soluciones Tecnológicas Av. Paseo de la República 4675 - Lima 34 Telf.: (511) 241-4122 Anexo 2245 Fax: (511) 446-8135 Visítenos en: www.qnet.com.pe - Original Message - From: Marcin Jessa To: freeradius-users@lists.freeradius.org Cc: [EMAIL PROTECTED] Sent: Wednesday, May 11, 2005 8:11 AM Subject: Re: help On Wed, 11 May 2005 13:39:01 +0200 zze-BEN SAID Mehdi RD-CORE-ISS [EMAIL PROTECTED] wrote: Hi; I'm student and I'm new to freeRadius, actually I'm new to Radius! Hi. I used to be student and new to FreeRadius, then I started to read the docs and man pages. Then came google to make my life even easier. I just need some help for installing and running a Radius client. Thanks Here is some help I know it's not as generic as your question but with the information you provided that's the best I can do at the moment. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RADIUS on Linux Network
Hello! My name is Paulo. I would like to set up a network using at least two different operating systems. My main choices are SUSE Linux and Windows XP (not Windows 2K). I am planning to set up a network that runs through a RADIUS server. I will install the server to SUSE Linux and having my Windows XP as my client. I am also planning to have my client to access the server remotely from any locations using a VPN connection. I don't know if this is possible. I am not really familiar with Linux and having a problem to start with. My Windows XP is loaded into my built-in Wi-Fi laptop and I am about to load SUSE Linux into one of my old computers. What other devices should be involved? I am really having trouble configuring out on how to build this kind of network. I need to get this done in less than two weeks. If you have any help to offer, please contact me as soon as possible. Thank you in advance. I will be waiting for your reply.
Re: help
This is a good book for general RADIUS protocol information and some good freeradius specifics: http://www.oreilly.com/catalog/radius/index.html If you are running into a specific problem you need help with, then ask a specific question. -Chris Quoting zze-BEN SAID Mehdi RD-CORE-ISS [EMAIL PROTECTED]: Hi; I'm student and I'm new to freeRadius, actually I'm new to Radius! I just need some help for installing and running a Radius client. Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help
is there anyone you know that can help me setup a network step by step from scratch? thx. Hello! My name is Paulo. I would like to set up a network using at least two different operating systems. My main choices are SUSE Linux and Windows XP (not Windows 2K). I am planning to set up a network that runs through a RADIUS server. I will install the server to SUSE Linux and having my Windows XP as my client. I am also planning to have my client to access the server remotely from any locations using a VPN connection. I don't know if this is possible. I am not really familiar with Linux and having a problem to start with. My Windows XP is loaded into my built-in Wi-Fi laptop and I am about to load SUSE Linux into one of my old computers. What other devices should be involved? I am really having trouble configuring out on how to build this kind of network. I need to get this done in less than two weeks. If you have any help to offer, please contact me as soon as possible. Thank you in advance. I will be waiting for your reply.[EMAIL PROTECTED] wrote: This is a good book for general RADIUS protocol information and some goodfreeradius specifics:http://www.oreilly.com/catalog/radius/index.htmlIf you are running into a specific problem you need help with, then ask aspecific question.-ChrisQuoting zze-BEN SAID Mehdi RD-CORE-ISS <[EMAIL PROTECTED]>: Hi; I'm student and I'm new to freeRadius, actually I'm new to Radius! I just need some help for installing and running a Radius client. Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: RADIUS on Linux Network
thanks for replying. this is going to be my graduation project. I am trying to setup a network consisting of Linux and Windows XP. The server (RADIUS) is going to be installed on the linux having my Windows XP as my client. What materials do I need to have and how do I start it with?[EMAIL PROTECTED] wrote: -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Paulo C. PanaliganSent: Wednesday, May 11, 2005 10:19 AMTo: freeradius-users@lists.freeradius.orgSubject: RADIUS on Linux Network Hello! My name is Paulo. I would like to set up a network using at least two different operating systems. Hello, Paulo, My main choices are SUSE Linux and Windows XP(not Windows 2K). I am planning to set up a network that runs through a RADIUS server. I need to get this done in less than two weeks. If you have any help to offer, please contact me as soon as possible. less than two weeks, as soon as posible...umm where can i send you my rate card? Thank you in advance. I will be waiting for your reply. Your Welcome. Ahh wait , you want free supports from a freeopen forum, ummm you will have be more specific, what exactly are you trying to do, what problem are you trying to solve, is this an experiment or homework? :)
RE: RADIUS on Linux Network
thanks for replying. this is going to be my graduation project.I am trying to setup a network consisting of Linux and Windows XP. The server (RADIUS) is going to be installed on the linux having my Windows XP as my client. I was going to set up three workstations running three different OS but then I realized that I don't have much time to do so. What materials do I need to have and how do I start it with? thx in advance.Brian Ertel [EMAIL PROTECTED] wrote: Paulo, What are you using for a VPN server? I am assuming you want to use freeradius to authenticate remote users who are connecting to the VPN server to then gain access to resources on your network. Brian __ Brian Ertel Network Administrator Amherst College [EMAIL PROTECTED] 413.542.8320 __ -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Paulo C. PanaliganSent: Wednesday, May 11, 2005 12:19 PMTo: freeradius-users@lists.freeradius.orgSubject: RADIUS on Linux Network Hello! My name is Paulo. I would like to set up a network using at least two different operating systems. My main choices are SUSE Linux and Windows XP (not Windows 2K). I am planning to set up a network that runs through a RADIUS server. I will install the server to SUSE Linux and having my Windows XP as my client. I am also planning to have my client to access the server remotely from any locations using a VPN connection. I don't know if this is possible. I am not really familiar with Linux and having a problem to start with. My Windows XP is loaded into my built-in Wi-Fi laptop and I am about to load SUSE Linux into one of my old computers. What other devices should be involved? I am really having trouble configuring out on how to build this kind of network. I need to get this done in less than two weeks. If you have any help to offer, please contact me as soon as possible. Thank you in advance. I will be waiting for your reply.
posgresql how to
Hello, anybody knows where can i download / read radius-postgre how to ? i think i better switch to postgre :-) -- Best regards, ./avd mailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RADIUS NETWORK
WHAT MATERIALS DO I NEED TO SETUP A RADIUS NETWORK ON LINUX?
RE: RADIUS NETWORK
-Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Paulo C. PanaliganSent: Wednesday, May 11, 2005 11:18 AMTo: freeradius-users@lists.freeradius.orgSubject: RADIUS NETWORK WHAT MATERIALS DO I NEED TO SETUP A RADIUS NETWORK ON LINUX? A radius server, and at leat one machine runnig some type of radius client.
Re: (no subject)
On 5/8/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hello, I have a problem and I hope that You can help me, please!? version: 1.0.0 I want use (Free)RADIUS for AAA on IPv6. Only one router, one RADIUS server and one user. User(IPv6 address) connect with Telnet to Router(IPv6 address) Questions: Can RADIUS solve this problem? Can be RADIUS on Linux with IPv6 address?(problem with: radius-server host 192.168.2.2 auth-port 1812 acct-port 1813 - there is not IPv6 address) if yes, I need configuration of RADIUS if no, and it is on IPv4 address, need configuration of RADIUS Example: If all addresses are IPv4) Conf. on router: Router(config)# aaa new-model Router(config)# radius-server host 192.168.2.2 auth-port 1812 acct-port 1813 Router(config)# radius-server retransmit 1 Router(config)# radius-server key radius Router(config)# aaa authentication login default group radius Router(config)# aaa authorization exec default group radius Conf. of RADIUS: clients.conf: client 192.168.2.1 { secret = radius shortname = ethernet nastype= cisco } users: test Auth-Type := Local, User-Password == test I read RFC 3162 but it didn't help me... best solution for me is: Router(config)# aaa new-model Router(config)# radius-server host !!different!! 2001::2/64(IPv6) auth-port 1812 acct-port 1813 Router(config)# radius-server retransmit 1 Router(config)# radius-server key radius Router(config)# aaa authentication login default group radius Router(config)# aaa authorization exec default group radius Conf. of RADIUS: clients.conf: client !!different!!2001:1::/64(Ipv6) { secret = radius shortname = ethernet nastype= cisco !!different!! and there something like : Login-IPv6-Host NAS-IPv6-Address } users: test Auth-Type := Local, User-Password == test but this in not possible:) PLEASE HELP! Try the latest CVS and try your IPv6 client configuration For now, I guess, Login-IPv6-Host NAS-IPv6-Address are not supported. -Raghu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: RADIUS NETWORK
Before this get's too much further. You are experiencing a hard time because you have not done any research on your own, you are just asking for help. Especially when many howto's / write up's exist on the exact subject you are inquiring about. For people with no sense of humor http://www.google.com/search?query=FreeRADIUS++WinXP+Authentication+Setu p **WARNING** this link is only for people with a sense of humor www.justfuckinggoogleit.com/search.pl?query=FreeRADIUS/WinXP%20Authentic ation%20Setup PS, it's generally discouraged to send HTML mail to mailing lists. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paulo C. Panaligan Sent: Wednesday, May 11, 2005 1:18 PM To: freeradius-users@lists.freeradius.org Subject: RADIUS NETWORK WHAT MATERIALS DO I NEED TO SETUP A RADIUS NETWORK ON LINUX? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
DialupAdmin/LDAP - General Questions
Hello I'd like to manage my LDAP users with DialupAdmin Radius interface, and here come a few questions. 1: It seems that DialupAdmin uses LDAPv2 protocol. Can it possibly use LDAPv3 ? 2: From what I read in the /lib/ldap/create_user.php3: $dn = 'uid=' . $login . ',' . $config[ldap_default_new_entry_suffix]; $new_user_entry[objectclass][0]=top; $new_user_entry[objectclass][1]=person; $new_user_entry[objectclass][2]=organizationalPerson; $new_user_entry[objectclass][3]=inetOrgPerson; $new_user_entry[objectclass][4]=radiusprofile; dialupadmin intend to use an old radius LDAP schema instead of RADIUS-LDAPv3.schema. It uses uid= as mandatory attribute, but with RADIUS-LDAPv3.schema, cn= is expected. I don't want to modify the source of dialupadmin, so should I use an older radius schema, or modify it by myself ? Thanks a lot Mafioo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: reply-message
Lucas Aimaretto [EMAIL PROTECTED] wrote: I'm willing to send a reply-message when access-reject occurs. The thing is that, if authorize_check_query fails ( ie: user is not found) , then authorize_reply_query is not called. So, I do not know how to send back a Reply-Message Attribute if authorize_reply_query is not executed. List a module in the Reject section of post-auth. The SQL configuration you're using is meant to give users attributes. It's NOT meant to deal with users who aren't found at all. The rest of the server configuration allows you to control that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: reply-message
I'm willing to send a reply-message when access-reject occurs. The thing is that, if authorize_check_query fails ( ie: user is not found) then authorize_reply_query is not called. So, I do not know how to send back a Reply-Message Attribute if authorize_reply_query is not executed. List a module in the Reject section of post-auth. The SQL configuration you're using is meant to give users attributes. It's NOT meant to deal with users who aren't found at all. The rest of the server configuration allows you to control that. Thanx for the fast response!. Now, what do you suggest to do? I'm needing to have some reply-messages according to some situations. Example: credit of user 0, then Reply-Message = No credit destination not available, then Reply-Message = Destination error etc ... But, as you said, I'm checking this at the authorize_check_query. If any of those conditions fail, I'm returning an empty table, and so, authorize_check_query fails ... then authorize_reply_query is not executed. Finally, I have no reply-attributes to send back to NAS. I've tried the post-auth, with the sql module, and a postauth_query. The table I return contains the Reply-Message = THE_MESSAGE_NEEDED, but I can not see the Reply-Message attribute at the access-reject reply. Obviously it is not adding that attribute to the reply. How could I add some reply-messages at the access-reject reply, with variable content, according to some situations? ( keep in mind that I have all the users info at a sql database ). Besides this reply-message detail, I really need to say that freeradius is just a wonderful program. It is really versatile and I only have thankful words to the programmers of it. I was using ic-radius and I was kind of scared about migrating to freeradius, because I would take so much time. It only took a week Thanx again ... Regards, Lucas -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.11.8 - Release Date: 10/05/2005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Auth-Type = System and DSL Static IP
On Tue, 10 May 2005, Andrey wrote: Hi List, I have a question about Auth-Type = System. I have several accounts that need to be authenticated through System and it works great as long as the IP is assigned dynamically. As soon as I switch an account to static IP, it authenticates but does not assign the desired ip address. I'm guessing it's to do with the order in which things are checked: 1) check sql - auth-type: system; 2) system - authenticate; 3) assign dynamic ip, since it's not going back to sql, but of course it might be something else. When you say dynamic are you referring to rlm_ip_pool? If so, make sure you have override = no in your config. If you set it to override = yes, then ippool will override the reply item you already have configured for the user. When you say switch the account to static IP what do you mean by that. Does that mean that you are assigning the reply item of Framed-IP-Address? If so, that should not be overwriten by ip_pool so long as you have override = no. Otherwise - post some debug output (radiusd -X) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAp/TSL authorization problem
3 2005 22:39 Jim Seymour : Hmmm... I thought it meant simply that the User-Name was a match. Anyway . I changed it to User-Password and nothig has changed. Regards, Sergey. -- Sergey A. Guriev Organization: New Telephone Company e-mail: [EMAIL PROTECTED] -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAp/TSL authorization problem
3 2005 22:39 Jim Seymour : Sergey Guriev [EMAIL PROTECTED] wrote: Hmmm... I thought it meant simply that the User-Name was a match. And, also I see that in the Radius.log --- Thu May 12 08:28:14 2005 : Info: rlm_eap_tls: Length Included Thu May 12 08:28:14 2005 : Error: TLS_accept:error in SSLv3 read client certificate A Thu May 12 08:28:14 2005 : Info: rlm_eap_tls: Length Included Thu May 12 08:28:14 2005 : Info: (other): SSL negotiation finished successfully Thu May 12 08:28:14 2005 : Info: rlm_eap_tls: Received EAP-TLS ACK message --- Regards, Sergey. -- Sergey A. Guriev Organization: New Telephone Company e-mail: [EMAIL PROTECTED] -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
OpenLDAP / FreeRADIUS / Cisco 5350 problem
I'm running into an issue here, and I can't seem to find the forest for the trees. I'm probably overlooking something obvious, and am not searching correctly for the problem. Our LDAP server is using crypted passwords at the moment. The router is a cisco 5350. RADIUS is FreeRADIUS 1.0.1-2 on Debian Sarge. The problem is this: If I pass the radtest client a clear-text password, authentication is successful. If either I pass the client an encrypted password (copied from the logs) or point the 5350 at the radius server, it doesn't work. I verified that the shared secret is correctly matched with what is in the router. Here is a sample of the password that is being passed: User-Password = \240d\351E\3737\025\022\0227,(rest removed) Here is the configuration (comments omitted to save space). I have tried with the password_header both set to {CRYPT} and commented out. ldap { server = *** identity = password = basedn = ou=people,dc=eiu,dc=edu filter = (uid=%{Stripped-User-Name:-%{User-Name}}) dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 password_header = {CRYPT} timeout = 4 timelimit = 3 net_timeout = 1 } authorize { preprocess auth_log suffix ldap } authenticate { Auth-Type LDAP { ldap } } Any ideas? Thanks. -- Douglas G. Phillips Distributed Computing Information Technology Services Eastern Illinois University(217) 581-7631 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: OpenLDAP / FreeRADIUS / Cisco 5350 problem
Douglas G. Phillips wrote: Here is a sample of the password that is being passed: User-Password = \240d\351E\3737\025\022\0227,(rest removed) This may imply that your shared secret is incorrect. Please verify that RADIUS shared secret on Cisco 5350 and shared secret for that particular IP in clients.conf match. Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: OpenLDAP / FreeRADIUS / Cisco 5350 problem
Douglas G. Phillips [EMAIL PROTECTED] wrote: Our LDAP server is using crypted passwords at the moment. RADIUS clients can use PAP. Nothing else. The problem is this: If I pass the radtest client a clear-text password, authentication is successful. If either I pass the client an encrypted password (copied from the logs) That won't work. The server will interpret the User-Password attribute as the clear-text password, because that's the definition of User-Password. There are no provisions in RADIUS for passing crypt'd passwords in a RADIUS packet. ... or point the 5350 at the radius server, it doesn't work. I don't see why. Here is the configuration (comments omitted to save space). I have tried with the password_header both set to {CRYPT} and commented out. That tells the LDAP module how to interpret the password it gets from the LDAP server. It doesn't tell FreeRADIUS to treat User-Password as a crypt'd password. The documentation for the LDAP module makes the first point clear. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: OpenLDAP / FreeRADIUS / Cisco 5350 problem
Hello Douglas, The password that you try to resend is not the encrypted password it s an ascii representation of your encrypted password. I assume that you need to activate the chap (or pap with a encryption_scheme = crypt) module to be able to authenticate this request. I don't know about LDAP, but I authenticate this kind of encrypted password with mysql using a scheme like this: modules { [...] pap { encryption_scheme = crypt } [...] chap { authtype = CHAP } [...] } authorize { preprocess auth_log chap suffix # I m using MySQL instead of LDAP ... sql } authenticate { Auth-Type LDAP { ldap } Auth-Type CHAP { chap } } Hope this can help you. I'm running into an issue here, and I can't seem to find the forest for the trees. I'm probably overlooking something obvious, and am not searching correctly for the problem. Our LDAP server is using crypted passwords at the moment. The router is a cisco 5350. RADIUS is FreeRADIUS 1.0.1-2 on Debian Sarge. The problem is this: If I pass the radtest client a clear-text password, authentication is successful. If either I pass the client an encrypted password (copied from the logs) or point the 5350 at the radius server, it doesn't work. I verified that the shared secret is correctly matched with what is in the router. Here is a sample of the password that is being passed: User-Password = \240d\351E\3737\025\022\0227,(rest removed) Here is the configuration (comments omitted to save space). I have tried with the password_header both set to {CRYPT} and commented out. ldap { server = *** identity = password = basedn = ou=people,dc=eiu,dc=edu filter = (uid=%{Stripped-User-Name:-%{User-Name}}) dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 password_header = {CRYPT} timeout = 4 timelimit = 3 net_timeout = 1 } authorize { preprocess auth_log suffix ldap } authenticate { Auth-Type LDAP { ldap } } Any ideas? Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: DialupAdmin/LDAP - General Questions
Mathieu Bénard wrote: Hello I'd like to manage my LDAP users with DialupAdmin Radius interface, and here come a few questions. 1: It seems that DialupAdmin uses LDAPv2 protocol. Can it possibly use LDAPv3 ? Absolutely. I'm using it right now. 2: From what I read in the /lib/ldap/create_user.php3: $dn = 'uid=' . $login . ',' . $config[ldap_default_new_entry_suffix]; $new_user_entry[objectclass][0]=top; $new_user_entry[objectclass][1]=person; $new_user_entry[objectclass][2]=organizationalPerson; $new_user_entry[objectclass][3]=inetOrgPerson; $new_user_entry[objectclass][4]=radiusprofile; dialupadmin intend to use an old radius LDAP schema instead of RADIUS-LDAPv3.schema. It uses uid= as mandatory attribute, but with RADIUS-LDAPv3.schema, cn= is expected. I don't want to modify the source of dialupadmin, so should I use an older radius schema, or modify it by myself ? I modified my schema to use cn= The objectclass radiusprofile is constructed as follows: objectclass ( 1.3.6.1.4.1.3317.4.3.2.1 NAME 'radiusprofile' SUP top STRUCTURAL DESC '' MUST cn MAY ( radiusArapFeatures $ radiusArapSecurity $ radiusArapZoneAccess $ radiusAuthType $ radiusCallbackId $ radiusCallbackNumber $ radiusCalledStationId $ radiusCallingStationId $ radiusClass $ radiusClientIPAddress $ radiusFilterId $ radiusFramedAppleTalkLink $ radiusFramedAppleTalkNetwork $ radiusFramedAppleTalkZone $ radiusFramedCompression $ radiusFramedIPAddress $ radiusFramedCompression $ radiusFramedIPAddress $ radiusFramedIPNetmask $ radiusFramedIPXNetwork $ radiusFramedMTU $ radiusFramedProtocol $ radiusFramedRoute $ radiusFramedRouting $ radiusIdleTimeout $ radiusGroupName $ radiusHint $ radiusHuntgroupName $ radiusLoginIPHost $ radiusLoginLATGroup $ radiusLoginLATNode $ radiusLoginLATPort $ radiusLoginLATService $ radiusLoginService $ radiusLoginTCPPort $ radiusLoginTime $ radiusPasswordRetry $ radiusPortLimit $ radiusPrompt $ radiusProxyToRealm $ radiusRealm $ radiusReplicateToRealm $ radiusServiceType $ radiusSessionTimeout $ radiusStripUserName $ radiusTerminationAction $ radiusTunnelAssignmentId $ radiusTunnelClientEndpoint $ radiusIdleTimeout $ radiusLoginIPHost $ radiusLoginLATGroup $ radiusLoginLATNode $ radiusLoginLATPort $ radiusLoginLATService $ radiusLoginService $ radiusLoginTCPPort $ radiusPasswordRetry $ radiusPortLimit $ radiusPrompt $ radiusProfileDn $ radiusServiceType $ radiusSessionTimeout $ radiusSimultaneousUse $ radiusTerminationAction $ radiusTunnelAssignmentId $ radiusTunnelClientEndpoint $ radiusTunnelMediumType $ radiusTunnelPassword $ radiusTunnelPreference $ radiusTunnelPrivateGroupId $ radiusTunnelServerEndpoint $ radiusTunnelType $ radiusUserCategory $ radiusVSA ) ) I hope that helps. -Chris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RADIUS NETWORK
Paulo C. Panaligan [EMAIL PROTECTED] wrote: WHAT MATERIALS DO I NEED TO SETUP A RADIUS NETWORK ON LINUX? Paulo, you're not getting any useful answers because you're violating every rule in the book on how to go about asking for help. Briefly: You're asking a group of people, this mailing list, to do all your work for you, to spoon-feed you, as it were, without demonstrating any willingness to expend any energy, time or resources of your own into learning how to do things. Mailing lists and other forums like this one do not exist to do your work for you, but to help you get over rough spots and improve the product/project through bug reports, etc. I might note that students pestering mailing lists to do their school-work for them are generally particularly unwelcome. Ask for help: Certainly. Ask us to do your project for you: No. I believe you'd be well-advised to read this: http://www.catb.org/~esr/faqs/smart-questions.html Pay particular attention to the section entitled Before You Ask. Good luck. Jim -- Note: My mail server employs *very* aggressive anti-spam filtering. If you reply to this email and your email is rejected, please accept my apologies and let me know via my web form at http://jimsun.linxnet.com/scform.php. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: RADIUS NETWORK
[EMAIL PROTECTED] wrote: Paulo C. Panaligan [EMAIL PROTECTED] wrote: WHAT MATERIALS DO I NEED TO SETUP A RADIUS NETWORK ON LINUX? Paulo, you're not getting any useful answers because you're violating every rule in the book on how to go about asking for help. I believe you'd be well-advised to read this: http://www.catb.org/~esr/faqs/smart-questions.html Pay particular attention to the section entitled Before You Ask. I believe this link will clarify in more detail what Paulo is doing bad http://perl.plover.com/Questions.html I cant think of a better example, Paulo: read it carefully and dont even think post any more messages before you understand what we are talking about. --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: HuntGroup + MySQL
On Wed, 11 May 2005, Julien freeradius wrote: Hello, I would like to set freeradius to send a PPP like configuration if the request come from a nas and a VPN style configuration if coming from another NAS. More or less like that : huntgroups file: PPPNAS-IP-Address == 192.168.2.1 VPN NAS-IP-Address == 192.168.2.2 Users file: DEFAULT Huntgroup-Name = PPP Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP, Framed-IP-Address = 255.255.255.254 DEFAULT Huntgroup-Name = VPN CVPN3000-Primary-DNS = XXX.XXX.XXX.XXX, CVPN3000-Secondary-DNS = XXX.XXX.XXX.XXX But I'm using MySQL. So I have set it as this: Usergroup table : | id | UserName | GroupName | | 1 | TestUser | confPPP | | 2 | TestUser | confVPN | Radgroupcheck Table : | id | GroupName| Attribute | op | Value | | 4 | confVPN| Huntgroup-Name | += | VPN | | 8 | confPPP | Huntgroup-Name | += | PPP | Why do you have the operator as += ? Try it with == instead. RadgroupReply table : | id| GroupName | Attribute | op | Value| prio | | 701 | confPPP | Framed-Address | := | 255.255.255.254 |3 | | 700 | confPPP | Framed-Protocol | := | PPP |2 | | 702 | confPPP | Framed-Compression | := | Van-Jacobsen-TCP-IP |4 | | 711 | confPPP | Fall-Through | := | No |5 | | 703 | confVPN | CVPN3000-Primary-DNS | := | 1|0 | | 704 | confVPN | CVPN3000-Secondary-DNS | := | 1|0 | The authentification work, the huntgroup is well match (I see the hunt group on the log), but the reply include always both data, the reply of the VPN AND the reply of the PPP. How can I reply only the VPN attributes when the request is coming from the VPN nas and PPP atribute for the other one. Thanks in advance. Read man 5 users. In that it says += always matches as a check item and == matches if the named attribute is present and has the given value. I think that is where your problem lies. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Windows/Linux
Hello, Thanks for replying back. I was just wondering can I setup a secured connection between two computers running Linux as my server and Windows XP as my client connected from a school LAN connection to a wireless router through a radius server? I have some of the resources for you check out: http://www.enterasys.com/support/manuals/Pol_Mgr1_5_0-web/docs/p_ht_authconfig_x.html http://text.dslreports.com/forum/remark,9286052~mode=flat I think the materials that I am going to use are: A computer with SUSELinux A wireless router (Belkin Wireless-G Router with 4-Port Switch)A built-in Wi-Fi laptop with Windows XP Do you think this is going to work? If not, please contact me as soon as possible. Thanks
Re: OpenLDAP / FreeRADIUS / Cisco 5350 problem
On Wed, May 11, 2005 at 05:28:27PM -0500, Douglas G. Phillips wrote: Date: Wed, 11 May 2005 17:28:27 -0500 From: Douglas G. Phillips [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Subject: OpenLDAP / FreeRADIUS / Cisco 5350 problem I'm running into an issue here, and I can't seem to find the forest for the trees. I'm probably overlooking something obvious, and am not searching correctly for the problem. Our LDAP server is using crypted passwords at the moment. ^ In this case only pap authentication will work. For chap/ms-chap etc you need clear text password from DB backend. Best wishes -- Alexei Chetroi Smile... Tomorrow will be worse. (c) Murphy's Law - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html