Re: freeRADIUS 1.0.1 and Cisco PIX 515 version 6.1
On Thu, 2004-12-09 at 09:23 -0500, Zachary Fortna wrote: We recently migrated over to freeRADIUS 1.0.1 (Redhat ES 3 RPM) from Steel Belted RADIUS for authentication of our VPN. I set it up to use System authentication, and it works like a charm for a day or two, but then all of a sudden just stops. It appears that the PIX is no longer sending the access request packet to the RADIUS server which causes the problem. Using radtest works just fine and I receive the Access Request Packet. If we switch the PIX back to using Steel Belted RADIUS everything works fine. Has anyone run into a problem like this? Any ideas, as according to the guy who runs the PIX, everything is running fine there. Zachary Fortna, DAD Technical Specialist CXtec 315.476.3000, ext 2570 fax: 315.455.1800 CXtec (formerly CABLExpress Technologies) is a DBA of Cablexpress Corporation. Visit us online at www.cxtec.com. I had a pix 515 with 6.2.3 working fine for local auth and vpn users till I replaced it with Openswan/iptables. Worked fine for well over a year with Freeradius. tcpdumpd and debug packet interface are your friends. Ted DISCLAIMER This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me and permanently delete the original and any copy of any e-mail and any printout thereof. E-mail transmission cannot be guaranteed to be secure or error-free. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. REGARDING PRIVACY AND CONFIDENTIALITY Crown Financial Group may, at its discretion, monitor and review the content of all e-mail communications. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius administrtion - adding a user
On Wed, 2004-12-08 at 19:45 +0100, Vaclav Mikolasek wrote: Hello, I'm bit confused. Is there any command line administration tool to add, delete etc. users at freeradius? I know I can edit users file, but I donn't want to keep they passwords unciphered. Beside the command line admin, how do I start the dial-up admin (php)? I'm absolute newbie. Thanks very much for any advice, I'm bit in hurry. Vasek. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html In users file. joeuser Auth-Type := System from terminal adduser joeuser -p tempasswd Have joeuser ssh into box and change his password. You can use many auth types, think this one through carefully. Ted DISCLAIMER This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me and permanently delete the original and any copy of any e-mail and any printout thereof. E-mail transmission cannot be guaranteed to be secure or error-free. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. REGARDING PRIVACY AND CONFIDENTIALITY Crown Financial Group may, at its discretion, monitor and review the content of all e-mail communications. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: recommended appliance
On Nov 26, 2004 03:48 PM, Omar Armas [EMAIL PROTECTED] wrote: What VPN appliance would you recommend to use with Freeswan to have host-to-host tunnels? We will put dumb terminals in kiosks of commercial centers(malls) connected through ADSL. So I need an appliance that be able to start the ADSL and establish an IPSEC connection to the central VPN/Freeswan server. Like we'll have many of them, I'd like a small, cheap and good appliance. Does such a thing exists? Which would you recommend me to use? (I tried Monowall, but IPSEC connection was unstable and freezes for moments. So I prefer to go with a secure option) Omar 1) Use Openswan, its rock solid for most application 2)Anything that ipsec works properly on Tested to Pix 515, Netscreen 5, Checkpoint FW-1, and Watchguard. Cheap and good in the same sentence, hmm. Problem with the cheap stuff from what I have read is they try to negotiate single des, which Openswan doesn't support. My co worker had a lynksys and this thing absolutuely refused to do 3des no matter what we tried. If you find one that does not support single des you may be better off. You may be better off just having semi dumb terminals :-) Check the archives at ltsp.org, you may get lucky. Ted DISCLAIMER This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me and permanently delete the original and any copy of any e-mail and any printout thereof. E-mail transmission cannot be guaranteed to be secure or error-free. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. REGARDING PRIVACY AND CONFIDENTIALITY Crown Financial Group may, at its discretion, monitor and review the content of all e-mail communications. BEGIN:VCARD VERSION:2.1 N:Kaczmarek;Ted;; FN:Ted Kaczmarek ORG:Crown Financial Group Inc.; NOTE:tkaczmar TEL;WORK;VOICE: TEL;CELL;VOICE: TEL;PAGER;VOICE: TEL;WORK;FAX: ADR;WORK:;;Tuxworld LABEL;WORK;ENCODING=QUOTED-PRINTABLE:=0D=0A, =0D=0AD URL;WORK: EMAIL;PREF;INTERNET:[EMAIL PROTECTED] MAILER:OPEN-XCHANGE END:VCARD
Re: command authorization facility
On Fri, 2004-11-05 at 07:33 -0800, Mike Donnelly wrote: All, Newbie ish question.. I would like to use FreeRadius to authorize cli users for specific commands entered on my cisco routers. I can set up my cisco's to look to radius for command authorization using the aaa authorization commands 1 default group radius ... string, but im unclear how i need to prepare/configure the radius server side. Is there an example of command authorization somewhere , or could someone point me in the right direction? I use FreeRadius Version 1.0.0-pre3 on solaris, flat files for logging + clients. My test command would be to allow user JOE to run the SHOW SNMP command on router 1.2.3.4. Thanks for any direction here .. The cisco docs are excellent for the cisco side, but alas I'm missing 1/2 the puzzle.. Example from my foundry setup use shadow. limtedaccessAuth-Type := System Acct-Authentic == RADIUS, Service-Type = NAS-Prompt-User, foundry-privilege-level = 0, foundry-command-string = show log; show vsrp; show ip interface; show arp; show mac-address *; show statistics; show vlan; show interface; show running-config; copy running-config *;configure terminal; interface *; speed-duplex *;port-name *; vlan *; tagged *; untagged *;, foundry-command-exception-Flag = 0 Since Cisco's docs are so good this should be all you need. Ted DISCLAIMER This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me and permanently delete the original and any copy of any e-mail and any printout thereof. E-mail transmission cannot be guaranteed to be secure or error-free. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. REGARDING PRIVACY AND CONFIDENTIALITY Crown Financial Group may, at its discretion, monitor and review the content of all e-mail communications. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: HP Procurve 5300XL and Privilege Levels
On Fri, 2004-10-29 at 14:57 +0300, Ville Leinonen wrote: Hi all, Has anyone have some information how i handle priv levels in 5300xl's and freeradius? Id like to make account wich have priv level 14 access (Operator RO) and couple level 15 access (Manager RW). I get aaa working, but i dont know how i must to do that level thing in users.conf. Best regards, Ville Leinonen - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html They may be doing something similar to Foundry. Look in the HP docs for privilege-level or command-string. HP support is pretty good with this type of stuff, just a tad on the slow side. Ted DISCLAIMER This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me and permanently delete the original and any copy of any e-mail and any printout thereof. E-mail transmission cannot be guaranteed to be secure or error-free. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. REGARDING PRIVACY AND CONFIDENTIALITY Crown Financial Group may, at its discretion, monitor and review the content of all e-mail communications. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Solaris 9 and pam_radius 1.3.16
On Fri, 2004-09-03 at 02:41, Chew, Darren wrote: Hi All, I am having trouble compiling pam_radius 1.3.16 on Solaris 9. [EMAIL PROTECTED] # CC=gcc;export CC [EMAIL PROTECTED] # make gcc -Wall -Wshadow -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Waggregate-return -c pam_radius_auth.c -o pam_radius_auth.o In file included from pam_radius_auth.h:23, from pam_radius_auth.c:63: md5.h:21: error: parse error before u_int32_t md5.h:21: warning: no semicolon at end of struct or union md5.h:22: warning: type defaults to `int' in declaration of `bits' md5.h:22: warning: data definition has no type or storage class md5.h:24: error: parse error before '}' token md5.h:29: error: parse error before buf md5.h:29: warning: function declaration isn't a prototype pam_radius_auth.c:151: warning: no previous prototype for '_int_free' pam_radius_auth.c: In function `ipstr2long': pam_radius_auth.c:179: warning: subscript has type `char' pam_radius_auth.c: In function `good_ipaddr': pam_radius_auth.c:215: warning: subscript has type `char' pam_radius_auth.c: In function `host2server': pam_radius_auth.c:271: warning: subscript has type `char' pam_radius_auth.c: In function `get_random_vector': pam_radius_auth.c:350: error: storage size of 'my_md5' isn't known pam_radius_auth.c:350: warning: unused variable `my_md5' pam_radius_auth.c: In function `get_accounting_vector': pam_radius_auth.c:382: error: storage size of 'my_md5' isn't known pam_radius_auth.c:382: warning: unused variable `my_md5' pam_radius_auth.c: In function `verify_packet': pam_radius_auth.c:400: error: storage size of 'my_md5' isn't known pam_radius_auth.c:400: warning: unused variable `my_md5' pam_radius_auth.c: In function `add_password': pam_radius_auth.c:497: error: storage size of 'md5_secret' isn't known pam_radius_auth.c:497: error: storage size of 'my_md5' isn't known pam_radius_auth.c:497: warning: unused variable `md5_secret' pam_radius_auth.c:497: warning: unused variable `my_md5' pam_radius_auth.c: In function `rad_converse': pam_radius_auth.c:1016: warning: passing arg 3 of `pam_get_item' from incompatible pointer type pam_radius_auth.c:1019: warning: passing arg 2 of pointer to function from incompatible pointer type pam_radius_auth.c: In function `pam_sm_authenticate': pam_radius_auth.c:1071: warning: passing arg 2 of `pam_get_user' from incompatible pointer type pam_radius_auth.c:1099: warning: passing arg 3 of `pam_get_item' from incompatible pointer type pam_radius_auth.c:1113: warning: passing arg 3 of `pam_get_item' from incompatible pointer type pam_radius_auth.c:1146: warning: passing arg 3 of `pam_get_item' from incompatible pointer type pam_radius_auth.c: In function `pam_private_session': pam_radius_auth.c:1267: warning: passing arg 2 of `pam_get_user' from incompatible pointer type pam_radius_auth.c:1288: warning: passing arg 3 of `pam_get_item' from incompatible pointer type pam_radius_auth.c: In function `pam_sm_chauthtok': pam_radius_auth.c:1374: warning: passing arg 2 of `pam_get_user' from incompatible pointer type pam_radius_auth.c:1395: warning: passing arg 3 of `pam_get_item' from incompatible pointer type pam_radius_auth.c:1404: warning: passing arg 3 of `pam_get_item' from incompatible pointer type pam_radius_auth.c:1409: warning: passing arg 3 of `pam_get_item' from incompatible pointer type make: *** [pam_radius_auth.o] Error 1 [EMAIL PROTECTED] # uname -a SunOS testbox1 5.9 Generic_117171-07 sun4u sparc SUNW,UltraAX-i2 [EMAIL PROTECTED] # gcc --version gcc (GCC) 3.4.1 Any help greatly appreciated. Darren Same boat here, but using Fedora Core 2. pam_radius_auth.c: In function `pam_sm_chauthtok': pam_radius_auth.c:1362: error: `PAM_AUTHTOK_ERR' undeclared (first use in this function) pam_radius_auth.c:1371: error: `argc' undeclared (first use in this function) pam_radius_auth.c:1371: error: `argv' undeclared (first use in this function) pam_radius_auth.c:1374: error: `pamh' undeclared (first use in this function) pam_radius_auth.c:1375: error: `PAM_SUCCESS' undeclared (first use in this function) pam_radius_auth.c:1380: error: `PAM_USER_UNKNOWN' undeclared (first use in this function) pam_radius_auth.c:1395: error: `PAM_SERVICE' undeclared (first use in this function) pam_radius_auth.c:1404: error: `PAM_OLDAUTHTOK' undeclared (first use in this function) pam_radius_auth.c:1409: error: `PAM_AUTHTOK' undeclared (first use in this function) pam_radius_auth.c:1414: error: `flags' undeclared (first use in this function) pam_radius_auth.c:1414: error: `PAM_PRELIM_CHECK' undeclared (first use in this function) pam_radius_auth.c:1416: error: `PAM_PROMPT_ECHO_OFF' undeclared (first use in this function) pam_radius_auth.c:1442: error: `PAM_PERM_DENIED' undeclared (first use in this function) pam_radius_auth.c:1467: error: `PAM_ERROR_MSG' undeclared (first use in this function) pam_radius_auth.c:1519:
Re: Solaris 9 and pam_radius 1.3.16
On Wed, 2004-09-15 at 12:13, Kaczmarek, Thaddeus wrote: On Fri, 2004-09-03 at 02:41, Chew, Darren wrote: Hi All, I am having trouble compiling pam_radius 1.3.16 on Solaris 9. [EMAIL PROTECTED] # CC=gcc;export CC [EMAIL PROTECTED] # make gcc -Wall -Wshadow -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Waggregate-return -c pam_radius_auth.c -o pam_radius_auth.o In file included from pam_radius_auth.h:23, from pam_radius_auth.c:63: md5.h:21: error: parse error before u_int32_t md5.h:21: warning: no semicolon at end of struct or union md5.h:22: warning: type defaults to `int' in declaration of `bits' md5.h:22: warning: data definition has no type or storage class md5.h:24: error: parse error before '}' token md5.h:29: error: parse error before buf md5.h:29: warning: function declaration isn't a prototype pam_radius_auth.c:151: warning: no previous prototype for '_int_free' pam_radius_auth.c: In function `ipstr2long': pam_radius_auth.c:179: warning: subscript has type `char' pam_radius_auth.c: In function `good_ipaddr': pam_radius_auth.c:215: warning: subscript has type `char' pam_radius_auth.c: In function `host2server': pam_radius_auth.c:271: warning: subscript has type `char' pam_radius_auth.c: In function `get_random_vector': pam_radius_auth.c:350: error: storage size of 'my_md5' isn't known pam_radius_auth.c:350: warning: unused variable `my_md5' pam_radius_auth.c: In function `get_accounting_vector': pam_radius_auth.c:382: error: storage size of 'my_md5' isn't known pam_radius_auth.c:382: warning: unused variable `my_md5' pam_radius_auth.c: In function `verify_packet': pam_radius_auth.c:400: error: storage size of 'my_md5' isn't known pam_radius_auth.c:400: warning: unused variable `my_md5' pam_radius_auth.c: In function `add_password': pam_radius_auth.c:497: error: storage size of 'md5_secret' isn't known pam_radius_auth.c:497: error: storage size of 'my_md5' isn't known pam_radius_auth.c:497: warning: unused variable `md5_secret' pam_radius_auth.c:497: warning: unused variable `my_md5' pam_radius_auth.c: In function `rad_converse': pam_radius_auth.c:1016: warning: passing arg 3 of `pam_get_item' from incompatible pointer type pam_radius_auth.c:1019: warning: passing arg 2 of pointer to function from incompatible pointer type pam_radius_auth.c: In function `pam_sm_authenticate': pam_radius_auth.c:1071: warning: passing arg 2 of `pam_get_user' from incompatible pointer type pam_radius_auth.c:1099: warning: passing arg 3 of `pam_get_item' from incompatible pointer type pam_radius_auth.c:1113: warning: passing arg 3 of `pam_get_item' from incompatible pointer type pam_radius_auth.c:1146: warning: passing arg 3 of `pam_get_item' from incompatible pointer type pam_radius_auth.c: In function `pam_private_session': pam_radius_auth.c:1267: warning: passing arg 2 of `pam_get_user' from incompatible pointer type pam_radius_auth.c:1288: warning: passing arg 3 of `pam_get_item' from incompatible pointer type pam_radius_auth.c: In function `pam_sm_chauthtok': pam_radius_auth.c:1374: warning: passing arg 2 of `pam_get_user' from incompatible pointer type pam_radius_auth.c:1395: warning: passing arg 3 of `pam_get_item' from incompatible pointer type pam_radius_auth.c:1404: warning: passing arg 3 of `pam_get_item' from incompatible pointer type pam_radius_auth.c:1409: warning: passing arg 3 of `pam_get_item' from incompatible pointer type make: *** [pam_radius_auth.o] Error 1 [EMAIL PROTECTED] # uname -a SunOS testbox1 5.9 Generic_117171-07 sun4u sparc SUNW,UltraAX-i2 [EMAIL PROTECTED] # gcc --version gcc (GCC) 3.4.1 Any help greatly appreciated. Darren Same boat here, but using Fedora Core 2. pam_radius_auth.c: In function `pam_sm_chauthtok': pam_radius_auth.c:1362: error: `PAM_AUTHTOK_ERR' undeclared (first use in this function) pam_radius_auth.c:1371: error: `argc' undeclared (first use in this function) pam_radius_auth.c:1371: error: `argv' undeclared (first use in this function) pam_radius_auth.c:1374: error: `pamh' undeclared (first use in this function) pam_radius_auth.c:1375: error: `PAM_SUCCESS' undeclared (first use in this function) pam_radius_auth.c:1380: error: `PAM_USER_UNKNOWN' undeclared (first use in this function) pam_radius_auth.c:1395: error: `PAM_SERVICE' undeclared (first use in this function) pam_radius_auth.c:1404: error: `PAM_OLDAUTHTOK' undeclared (first use in this function) pam_radius_auth.c:1409: error: `PAM_AUTHTOK' undeclared (first use in this function) pam_radius_auth.c:1414: error: `flags' undeclared (first use in this function) pam_radius_auth.c:1414: error: `PAM_PRELIM_CHECK' undeclared (first use in this function) pam_radius_auth.c:1416: error: `PAM_PROMPT_ECHO_OFF' undeclared (first use in this function) pam_radius_auth.c:1442: error
Re: Not authenticating only bad guys
On Mon, 2004-09-13 at 08:55, Mike Markowski wrote: For a very open wireless network, we'd like to allow everyone to connect unless we know the MAC is a bad guy. That is, if the MAC address is *in* the postgres db, don't authenticate. If it's not in the db, authenticate. Can anyone think of a way to do this, or will I need to tweak the code? Thanks! Mike Not for nothing, but would it not be much easier to only authenticate trusted macs? I suspect the table would be much smaller as well. Just one mans opinion. Ted DISCLAIMER This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me and permanently delete the original and any copy of any e-mail and any printout thereof. E-mail transmission cannot be guaranteed to be secure or error-free. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. REGARDING PRIVACY AND CONFIDENTIALITY Crown Financial Group may, at its discretion, monitor and review the content of all e-mail communications. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Not authenticating only bad guys
On Mon, 2004-09-13 at 09:16, Mike Markowski wrote: On Mon 13-Sep-04 at 859 EDT, Kaczmarek, Thaddeus wrote: On Mon, 2004-09-13 at 08:55, Mike Markowski wrote: For a very open wireless network, we'd like to allow everyone to connect unless we know the MAC is a bad guy. That is, if the MAC address is *in* the postgres db, don't authenticate. If it's not in the db, authenticate. Can anyone think of a way to do this, or will I need to tweak the code? Thanks! Mike Not for nothing, but would it not be much easier to only authenticate trusted macs? I suspect the table would be much smaller as well. Thanks, Ted, for your thoughts, but it so happens that just the opposite is the case in this instance. I won't bore the list with the details, but there will be many users over time, and a few will inevitably be discovered to be hacked machines spamming the world, sharing copyrighted material, etc., and must be disabled till the machines are cleaned. Those are the only guys we care about. Anyone else in range gets to connect. I'm sure a code tweak is simple for this, but I hate to have to do that on each and every new freeradius release if there's a better way. Mike - Very interested in how this unfolds, I am definitely going to learn something :-) Ted DISCLAIMER This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me and permanently delete the original and any copy of any e-mail and any printout thereof. E-mail transmission cannot be guaranteed to be secure or error-free. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. REGARDING PRIVACY AND CONFIDENTIALITY Crown Financial Group may, at its discretion, monitor and review the content of all e-mail communications. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: what is NAS
On Tue, 2004-08-24 at 08:59, jassim El-mansori wrote: hi I'm not sure about NAS I'm evaluating freeradius and i have this 2 figures below (WIN2K)---ethernet-(radius) and wirless one (WIN2K)---AP(3com)---(radius) so, does need to be a phsical item please any details about this Network Access Server. I would recommend googling for a while. Ted DISCLAIMER This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me and permanently delete the original and any copy of any e-mail and any printout thereof. E-mail transmission cannot be guaranteed to be secure or error-free. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. REGARDING PRIVACY AND CONFIDENTIALITY Crown Financial Group may, at its discretion, monitor and review the content of all e-mail communications. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Remove these errors/info
On Tue, 2004-06-22 at 14:42 +0100, jihad Jaafar wrote: How do I stop these infos Cumming up Tue Jun 22 09:43:21 2004 : Info: Using deprecated naslist file. Support for this will go away soon. Tue Jun 22 09:43:21 2004 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Thanks Just a guess, but maybe deleting the config files that are deprecated :-) Ted DISCLAIMER This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me and permanently delete the original and any copy of any e-mail and any printout thereof. E-mail transmission cannot be guaranteed to be secure or error-free. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. REGARDING PRIVACY AND CONFIDENTIALITY Crown Financial Group may, at its discretion, monitor and review the content of all e-mail communications. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco config to use two radius servers
Title: Re: Cisco config to use two radius servers On Wed, 2004-04-28 at 10:53, RH List Account wrote: Morning folks, Im trying to get accounting data to go to our billing radius server, and our authentication/authorization to go to be requested. I tried inputting: radius-dev(config)#radius-server host 4.3.2.1 auth 1812 radius-dev(config)#radius-server host 1.2.3.4 acct 1813 but I ended up with: radius-server host 4.3.2.1 auth-port 1812 acct-port 1646 radius-server host 1.2.3.4 auth-port 1645 acct-port 1813 I havent been able to find any docs on this. Anybody have the same problem? TIA, Rob I also want to set up a second authentication radius box, but first things first! A little iptables prerouting action may be helpful if you are running on Linux. Ted DISCLAIMER e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me and permanently delete the original and any copy of any e-mail and any printout thereof. E-mail transmission cannot be guaranteed to be secure or error-free. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. REGARDING PRIVACY AND CONFIDENTIALITY Crown Financial Group may, at its discretion, monitor and review the content of all e-mail communications.
Re: configuring the NAS
Title: Re: configuring the NAS Try setting the ports on the switches config, I will bet you are running on 1812 and 1813 and the switch is using 1645 and 1646. Ted On Wed, 2004-04-28 at 10:53, deborha malka wrote: Hello, I have the freeradius server v0.9.3 installed. It works with PAM clients under Linux, and with W2K dial-in via a NAS Windows (under W2K server). I'm now trying to configure a switch Catalyst 3750 to be the NAS, but it still doesn't work. Here is the actual configuration of the switch: aaa new-model aaa authentication ppp default if-needed group radius local aaa authorization network default group radius aaa accounting update newinfo aaa accounting exec default start-stop group radius aaa accounting network default wait-start group radius aaa accounting connection default start-stop group radius radius-server host 192.168.9.200 radius-server key secret What do I have to do more ? The w2K dial-in is connecting to the switch via PPTP or L2TP. Thank you very much for answering me as soon as possible, = = Dborah Malka Yahoo! Mail : votre e-mail personnel et gratuit qui vous suit partout ! Crez votre Yahoo! Mail sur http://fr.benefits.yahoo.com/ Dialoguez en direct avec vos amis grce Yahoo! Messenger !Tlchargez Yahoo! Messenger sur http://fr.messenger.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html DISCLAIMER e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me and permanently delete the original and any copy of any e-mail and any printout thereof. E-mail transmission cannot be guaranteed to be secure or error-free. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. REGARDING PRIVACY AND CONFIDENTIALITY Crown Financial Group may, at its discretion, monitor and review the content of all e-mail communications.
radiusi.log question
Title: radiusi.log question Is their a way to run freeradius so the passwords in radiusd.log are encrypted? Auth-Type := System Sorry about asking this again, but I suspect I was not clear in my first port on this. Thanks, Ted DISCLAIMER e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me and permanently delete the original and any copy of any e-mail and any printout thereof. E-mail transmission cannot be guaranteed to be secure or error-free. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. REGARDING PRIVACY AND CONFIDENTIALITY Crown Financial Group may, at its discretion, monitor and review the content of all e-mail communications.
Encrypting password
Title: Encrypting password Is their a way to run Freeradius that will encrypt the users passwords in the radius.log? Thanks, Ted DISCLAIMER e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me and permanently delete the original and any copy of any e-mail and any printout thereof. E-mail transmission cannot be guaranteed to be secure or error-free. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. REGARDING PRIVACY AND CONFIDENTIALITY Crown Financial Group may, at its discretion, monitor and review the content of all e-mail communications.
Re: Freeradius/Alan
Title: Re: Freeradius/Alan On Wed, 2004-03-31 at 22:31, Steve OBrien wrote: I don't in any way wish to be derogatory. I applaud what all you guys are doing. It's just that I have posted several questions and seen several other questions posted that get no response. Granted these may be areas that the collective you are not familiar with, it just seems like someone could say something about them. Like we haven't done that yet or RTFM (wait there isn't a FM) or something Sorry but I have been working on this for several weeks and really still am not sure if what I am trying to accomplish is possible... Again I really do not want anyone to take this the wrong way, I still think this is an awesome piece of software and I do appreciate the help that I have received. Sorry, Steve It is amazing how top posting gets scourged, but it is for good reason. The quickest way to annoy mailing users is to top post, makes it much more difficult to read. Also making snide comments doesn't earn many brownie points either. Many time's I have asked question's and gotten minimal responses, this is typically due to poor etiquette, the question is too vague for a mailing list appropriate response, or it has been asked so many times that their is no way in hell that you checked the archives before posting. Also their is a manual, it is called Radius and published by O'Reilly :-) Other than that most other stuff is nailed down in one place or another. If you like, I am sure no one would object if you wrote a manual an submitted it Ted DISCLAIMER e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me and permanently delete the original and any copy of any e-mail and any printout thereof. E-mail transmission cannot be guaranteed to be secure or error-free. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. REGARDING PRIVACY AND CONFIDENTIALITY Crown Financial Group may, at its discretion, monitor and review the content of all e-mail communications.
rlm_smb status
Title: rlm_smb status What is the present status of rlm_smb? I see some posts where people are trying to use it, and other posts saying it should not be used. Having illusions of authenticating users against a Win32 PDC, using a recent snapshot on Redhat 9 and before I totally spin my wheels would like some feedback on its status :-) Thanks, Ted DISCLAIMER e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me and permanently delete the original and any copy of any e-mail and any printout thereof. E-mail transmission cannot be guaranteed to be secure or error-free. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. REGARDING PRIVACY AND CONFIDENTIALITY Crown Financial Group may, at its discretion, monitor and review the content of all e-mail communications.
