proxy reply attribute
Hi, I do have a question about the proxy reply attribute. Where should i set/change the attribute like Session-Timeout and Idle-Timeout after the proxy authentication accepted? Thank you. Regards, Aren Chua _ Kick back and relax with hot games and cool activities at the Messenger Café. http://www.cafemessenger.com?ocid=TXT_TAGLM_SeptWLtagline- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: proxy reply attribute
Hi, Hi, I do have a question about the proxy reply attribute. Where should i set/change the attribute like Session-Timeout and Idle-Timeout after the proxy authentication accepted? wherever you set replies eg post-proxy could fire up an SQL query or Perl script. you could also use attr_rewrite or attr_filter to change a remote servers return value alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problems of Radius service
Now, I have 3 problems about freeradius in my radius server 1. If I enter service radiusd reload command in linux than freeradius process dead. 2. Sometime, I enter radtest command than no response from service (process was running in that time) 3. After I install mod_auth_radius to apache and configure complete but apache can't connect radius. ** Note I use Linux Fedora Core 6, Apache 2.2.4 and freeradius 1.1.7-3 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: proxy reply attribute
Hi Alan Thank you for the reply. Could you provide some example on attr_rewrite and attr_filter I have look for some wiki on freeradius site, but still not understand how to use it. Regards, Aren Chua Date: Thu, 20 Sep 2007 09:45:08 +0100 From: [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Subject: Re: proxy reply attribute Hi,Hi,I do have a question about the proxy reply attribute. Where should i set/change the attribute like Session-Timeout and Idle-Timeout after the proxy authentication accepted? wherever you set replies eg post-proxy could fire up an SQL query or Perl script. you could also use attr_rewrite or attr_filter to change a remote servers return value alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Gear up for Halo® 3 with free downloads and an exclusive offer. It’s our way of saying thanks for using Windows Live™. http://gethalo3gear.com?ocid=SeptemberWLHalo3_WLHMTxt_2- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems of Radius service
Hi, 1.If I enter service radiusd reload command in linux than freeradius process dead. 2.Sometime, I enter radtest command than no response from service (process was running in that time) 3.After I install mod_auth_radius to apache and configure complete but apache can't connect radius. well, 2 and 3 occur because of number 1. but if the server is running at the time then you have to check eg firewall rules or SELINUX reports for number 1 - does the daemon have the rights to read its config files and to write its config files - eg the user/group that you run radiusd as - when you run as root in debug mode it happily writes/reads what it wants. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
data limit in Mikrotik with Freeradius and Mysql
Hi Does anyone have solution for limiting users with data traffic. I have working setup of Mikrotik with freeradius and mysql. Have searched on net and found one solution but I can put limit to max 4 GB data. After 4 GB the counter resets to 0. I know the reason of that. It's b'coz of the values stored in protocol are 32 bits only. Awaiting your reply. Thanks Regards, Ravin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: data limit in Mikrotik with Freeradius and Mysql
Upgrade to 1.1.7 or: http://www.netexpertise.eu/en/FreeRadius/GigaWordsSupport.html Ivan Kalik Kalik Informatika ISP Dana 20/9/2007, ravi sawant [EMAIL PROTECTED] piše: Hi Does anyone have solution for limiting users with data traffic. I have working setup of Mikrotik with freeradius and mysql. Have searched on net and found one solution but I can put limit to max 4 GB data. After 4 GB the counter resets to 0. I know the reason of that. It's b'coz of the values stored in protocol are 32 bits only. Awaiting your reply. Thanks Regards, Ravin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP (PEAP) problem with MS Win XP
** High Priority ** ** Reply Requested When Convenient ** Hi, I have configure freeradius ver 1.1.5 on an MS XP Box. I need to authenticate and authorize MS Windows XP clients (people connect to Access Point manage by an 3Com wireless switch). I have set up the windos box's for EAP-PEAP and MSCHAP Here is the resaults from the debug Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: ../etc/raddb/proxy.conf Config: including file: ../etc/raddb/clients.conf Config: including file: ../etc/raddb/snmp.conf Config: including file: ../etc/raddb/eap.conf main: prefix = .. main: localstatedir = ../var main: logdir = ../var/log/radius main: libdir = ../lib main: radacctdir = ../var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = yes main: log_file = ../var/log/radius/radius.log main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = ../var/run/radiusd/radiusd.pid main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = ../sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is ../lib Module: Loaded exec exec: wait = yes exec: program = (null) exec: input_pairs = request exec: output_pairs = (null) exec: packet_type = (null) rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt pap: auto_header = yes Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = yes mschap: passwd = (null) mschap: ntlm_auth = (null) Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = (null) unix: shadow = (null) unix: group = (null) unix: radwtmp = ../var/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = tls eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = Password: gtc: auth_type = PAP rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = (null) tls: pem_file_type = yes tls: private_key_file = ../etc/raddb/certs/FreeRADIUS.net/DemoCerts/FreeRADIUS.net-Server.pem tls: certificate_file = ../etc/raddb/certs/FreeRADIUS.net/DemoCerts/FreeRADIUS.net-Server.crt tls: CA_file = ../etc/raddb/certs/FreeRADIUS.net/DemoCerts/FreeRADIUS.net-CA.crt tls: private_key_password = demo tls: dh_file = ../etc/raddb/certs/FreeRADIUS.net/DemoCerts/dh tls: random_file = ../etc/raddb/certs/FreeRADIUS.net/DemoCerts/random tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = %{User-Name} tls: cipher_list = (null) tls: check_cert_issuer = (null) rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls ttls: default_eap_type = md5 ttls: copy_request_to_tunnel = yes ttls: use_tunneled_reply = yes rlm_eap: Loaded and initialized type ttls peap: default_eap_type = mschapv2 peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = ../etc/raddb/huntgroups preprocess: hints = ../etc/raddb/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = yes preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module:
Re: EAP (PEAP) problem with MS Win XP
Wayne, hoekom doen jy nie jou EAP-PEAP authentication van 'n linux box af nie? jy sal jou lewe soveel makliker maak. On 9/20/07, WAYNE VANDERMERWE [EMAIL PROTECTED] wrote: Hi, I have configure freeradius ver 1.1.5 on an MS XP Box. I need to authenticate and authorize MS Windows XP clients (people connect to Access Point manage by an 3Com wireless switch). I have set up the windos box's for EAP-PEAP and MSCHAP Here is the resaults from the debug Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: ../etc/raddb/proxy.conf Config: including file: ../etc/raddb/clients.conf Config: including file: ../etc/raddb/snmp.conf Config: including file: ../etc/raddb/eap.conf main: prefix = .. main: localstatedir = ../var main: logdir = ../var/log/radius main: libdir = ../lib main: radacctdir = ../var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = yes main: log_file = ../var/log/radius/radius.log main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = ../var/run/radiusd/radiusd.pid main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = ../sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is ../lib Module: Loaded exec exec: wait = yes exec: program = (null) exec: input_pairs = request exec: output_pairs = (null) exec: packet_type = (null) rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt pap: auto_header = yes Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = yes mschap: passwd = (null) mschap: ntlm_auth = (null) Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = (null) unix: shadow = (null) unix: group = (null) unix: radwtmp = ../var/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = tls eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = Password: gtc: auth_type = PAP rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = (null) tls: pem_file_type = yes tls: private_key_file = ../etc/raddb/certs/FreeRADIUS.net/DemoCerts/FreeRADIUS.net-Server.pem tls: certificate_file = ../etc/raddb/certs/FreeRADIUS.net/DemoCerts/FreeRADIUS.net-Server.crt tls: CA_file = ../etc/raddb/certs/FreeRADIUS.net/DemoCerts/FreeRADIUS.net-CA.crt tls: private_key_password = demo tls: dh_file = ../etc/raddb/certs/FreeRADIUS.net/DemoCerts/dh tls: random_file = ../etc/raddb/certs/FreeRADIUS.net/DemoCerts/random tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = %{User-Name} tls: cipher_list = (null) tls: check_cert_issuer = (null) rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls ttls: default_eap_type = md5 ttls: copy_request_to_tunnel = yes ttls: use_tunneled_reply = yes rlm_eap: Loaded and initialized type ttls peap: default_eap_type = mschapv2 peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = ../etc/raddb/huntgroups preprocess: hints = ../etc/raddb/hints preprocess: with_ascend_hack = no preprocess:
Re: New dictionary for huawei-3com
Krzysztof Olędzki wrote: Hello, 3Com is now also using #25506 (H3C - huawei-3com) vendor attribute in a new firmware (3.3.0) for 3c5500G switches. This patch adds appropriate dictionary and also moves hp to be properly sorted. Added, thanks. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP (PEAP) problem with MS Win XP
Hi, ** High Priority ** ** Reply Requested When Convenient ** What? This isnt a paid-for service. answers given on this mailing list are given in community spirit. however, should you wish to take any of us on in a consulting role for usual financial reimbursements under contractual agreement ona commercial basis then i am sure that such requests would be taken for granted. so, PEAP isnt working. have you tested from a non windows box to ensure that you havent fallen foul of the usual EAP problems - as clearly noted at the top of eap.conf? if so, then i would be concerned by this int he debug: modcall: entering group authenticate for request 0 rlm_eap: Identity does not match User-Name, setting from EAP Identity. rlm_eap: Failed in handler modcall[authenticate]: module eap returns invalid for request 0 modcall: leaving group authenticate (returns invalid) for request 0 auth: Failed to validate the user. Login incorrect: [53986067/no User-Password attribute] (from client elhc-network port 0 cli 00-0F-CB-FA-D4-63) what are you doing with the User-Name and/or identity? you cant play with those packets as it breaks EAP. the debug also looks worryingly short. you should post the whole debug. also, HOW are you authenticating the users? you dont have ntlm_auth set and LDAP doesnt seem to be doing anything...I fear very very much that you have some Auth-Type := EAP in yours users file or something worse! please post your config files. oh, and dont hurry, i'm certainly not demanding an urgent response. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
unsubscribe
thanks for all the help guys, Im no longer using freeradius at work. Big thanks to every1 (excluding Alan Dekok, sorry we had our diff). Take it easy. unsubscribe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
unsubscribe
thanks for all the help guys, Im no longer using freeradius at work. Big thanks to every1 (excluding Alan Dekok...) unsubscribe John Wan Please consider the environment before printing this email -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jacob Jarick Sent: Friday, 21 September 2007 1:27 PM To: FreeRadius users mailing list Subject: unsubscribe thanks for all the help guys, Im no longer using freeradius at work. Big thanks to every1 (excluding Alan Dekok, sorry we had our diff). Take it easy. unsubscribe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- ___ Notice from Melbourne Business School Ltd The information contained in this e-mail is confidential, and is intended for the named person's use only. It may contain proprietary or legally privileged information. If you have received this email in error, please notify the sender and delete it immediately. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient Internet communications are not secure. You should scan this message and any attachments for viruses. Melbourne Business School does not accept any liability for loss or damage which may result from receipt of this message or any attachments. __ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html