WiSPr
Hey al, iread that i can rate limit on a per user basis with the WISPr-Bandwidth-Max-Down and Up.. correct? Can someone please tell me how i can do this? I have freeradius running on Ubuntu server, with mysql atabase and daloradius for web management. My users connect to the freeradius through the captive portal on my pfSense firewall. Thanks in advance - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: WiSPr
By NAS i assume you men my pfsense. There isnt anywhere within Freeradius to traffic shape? are you saying it has to be done on the router and not in freeradius? On 14/09/2011 12:11 PM, Suman Dash wrote: Bandwidth Limit greatly depends on NAS. If yous NAS supports it then it can be done ! On Wed, Sep 14, 2011 at 7:29 PM, Luke Hammond l...@dezignbrasil.com mailto:l...@dezignbrasil.com wrote: Hey al, iread that i can rate limit on a per user basis with the WISPr-Bandwidth-Max-Down and Up.. correct? Can someone please tell me how i can do this? I have freeradius running on Ubuntu server, with mysql atabase and daloradius for web management. My users connect to the freeradius through the captive portal on my pfSense firewall. Thanks in advance - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: WiSPr
Thanks Suman. WIll take a look. On 14/09/2011 1:11 PM, Suman Dash wrote: WISPr-Bandwidth-Max-Down / UP is indeed the Attribute which you are looking. But you need search the mailing lists and find out how to add those into radreply/radgroup reply. Hint : Read http://wiki.freeradius.org/Rlm_sql Regards Suman On Wed, Sep 14, 2011 at 9:34 PM, Suman Dash sumand...@gmail.com mailto:sumand...@gmail.com wrote: Exactly ! Traffic Shaping has nothing to do with RADIUS. RADIUS will send values as configured to NAS. If NAS understands then NAS can use those attributes and do much more than just Traffic Shaping. Check the RADIUS dictionary of pfsense and you can find the attributes which will be used to control traffic. Once you get the attributes, use the same as Reply-Items and it will work like a charm. Read the basic documentation of RADIUS to understand how it works. There is already a lot of discussion regarding *lazy peoples* Regards Suman On Wed, Sep 14, 2011 at 9:18 PM, Luke Hammond l...@dezignbrasil.com mailto:l...@dezignbrasil.com wrote: By NAS i assume you men my pfsense. There isnt anywhere within Freeradius to traffic shape? are you saying it has to be done on the router and not in freeradius? On 14/09/2011 12:11 PM, Suman Dash wrote: Bandwidth Limit greatly depends on NAS. If yous NAS supports it then it can be done ! On Wed, Sep 14, 2011 at 7:29 PM, Luke Hammond l...@dezignbrasil.com mailto:l...@dezignbrasil.com wrote: Hey al, iread that i can rate limit on a per user basis with the WISPr-Bandwidth-Max-Down and Up.. correct? Can someone please tell me how i can do this? I have freeradius running on Ubuntu server, with mysql atabase and daloradius for web management. My users connect to the freeradius through the captive portal on my pfSense firewall. Thanks in advance - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? Seehttp://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Unique Identifier
Can someone please let me know if FreeRADIUS can assign a certain unique ID per client added to the database? I want my client numbers to automatically increment as i add them. i am guessing this is possible? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Default tables
Thanks Alan, i have another question regarding this. I have inported the schema.sql and i get 7 tables in the database. Am i to assume that this is all working? Just that i remeber a while ago i followed a tutorial for using Freeradius2 with daloRADIUS for management, and i had around 20 tables, many to do with Biling and userinfo.. What am i doing wrong here? On 30/06/2011 3:08 AM, Alan DeKok wrote: Luke Hammond wrote: Sorry if this question is deemed as bein g silly, but i cant find a straight answer for this anywhere.. What are the default tables that are installed with FreeRADIUS when i use MySQL for the database? None. You need to install them manually. See raddb/sql/mysql/ Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Default tables
Ah ok, thanks for the reply Alan. I was trying a tutorial that used daloradius for administration, and that had a sql schema file that inmported some tables, it just that it didn't have a whole bunch of billing tables that i got from a previous install so wasnt sure what was going wrong. On 30/06/2011 3:08 AM, Alan DeKok wrote: Luke Hammond wrote: Sorry if this question is deemed as bein g silly, but i cant find a straight answer for this anywhere.. What are the default tables that are installed with FreeRADIUS when i use MySQL for the database? None. You need to install them manually. See raddb/sql/mysql/ Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Default tables
Sorry if this question is deemed as bein g silly, but i cant find a straight answer for this anywhere.. What are the default tables that are installed with FreeRADIUS when i use MySQL for the database? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to test raduis is working.. can't find radtest
I have just installed FreeRADIUS 2.07 i think it is.. anyways. i followed a tutorial on how to install in with MySQL on Centos 5 and when i get to the part about testing the database using radtest.. it doesnt work. radtest is not where it should be, have looked on google to try and work out where esactly this 'radtest' lives, but all the locations it i supposed to be.. it isnt! So, where should it be and why isnt it there? do i have to install it separately? Also, how do i test that my radius is working and accepting logins without it? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to test raduis is working.. can't find radtest
Thanks for the reply, i installed it from the Package Manager in Gnome, centos 5.6. Ill try what you suggested, thankyou. On 25/05/2011 6:28 PM, Phil Mayers wrote: On 05/25/2011 10:06 PM, Luke Hammond wrote: I have just installed FreeRADIUS 2.07 i think it is.. anyways. i followed a tutorial on how to install in with MySQL on Centos 5 and when i get to the part about testing the database using radtest.. it doesnt work. radtest is not where it should be, have looked on google to try and work out where esactly this 'radtest' lives, but all the locations it i supposed to be.. it isnt! So, where should it be and why isnt it there? do i have to install it separately? Also, how do i test that my radius is working and accepting logins without it? This isn't really a FreeRADIUS question; it's either a basic unix question, or one specific to the distribution of Linux you're using. Anyway: How did you install FreeRADIUS. If you installed it from the RPM, are you sure you installed all the RPMs you needed? Perhaps the server and client tools are split into separate RPMs? I see Fedora has freeradius-utils RPM - maybe Centos has that too? If you installed it from source - have you looked into the directory you installed it into (/usr/local usually) Try: locate radtest Or : find / | fgrep radtest Try: yum provides '*/radtest' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Using Freeradius2
Hey all, is there any good resources on how to actually use Freeradius2 once its installed? I have it running along with CoovaChilli as my captive portal, and daloRADIUS for the GUI (As i wil have people inputting users that have no idea about how to use command..). My problem is this: we have clients that are people in teh ir houses that connect to our wireless network, COoca login page appears and they login with the username and password that i input into daloRADIUS. I have a few clients that are small Lan Houses that want to use our system, but i am unsure if i can have them not need to login through the CoovaChilli portal, and they just get authenticated via MAC address of their Antenna? I can't find any good documentation on how to do anything with Freeradius. Thanks in Advance - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using Freeradius2
Hey thanks for the reply.. Probably should have mentioned that i know pretty much nothing about Linux, apart from using with a GUI.. Yes what you said is right, would like some people login with username/password, and some qith MAC. Ill take a look at some of those things you mentioned. Thanks. On 18/03/2011 9:19 PM, Gary Gatten wrote: Dude, you are SO gonna get flamed - put your flame suit on! Hopefully Mr. DeKok is in a good mood! ;-) So you want some users to auth with username/passwd; and others with MAC or some other means? There's been numerous posts about similar requirements, plus: Man unlang, man radiusd, etc. Also, some good info and examples embedded in the various config files and samples in the various dirs. Also wiki's... And I think. www.supportingradius.org? Not sure on the url. Dig around a bit and you'll find a $hit load of doc, and probably some good examples of others that did exactly what you want. - Original Message - From: Luke Hammond [mailto:l...@dezignbrasil.com] Sent: Friday, March 18, 2011 03:24 PM To: FreeRadius users mailing listfreeradius-users@lists.freeradius.org Subject: Using Freeradius2 Hey all, is there any good resources on how to actually use Freeradius2 once its installed? I have it running along with CoovaChilli as my captive portal, and daloRADIUS for the GUI (As i wil have people inputting users that have no idea about how to use command..). My problem is this: we have clients that are people in teh ir houses that connect to our wireless network, COoca login page appears and they login with the username and password that i input into daloRADIUS. I have a few clients that are small Lan Houses that want to use our system, but i am unsure if i can have them not need to login through the CoovaChilli portal, and they just get authenticated via MAC address of their Antenna? I can't find any good documentation on how to do anything with Freeradius. Thanks in Advance - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html font size=1 div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in' /div This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. /font - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius2 and OSX clients no TLS
Just a side question, how did you get Freedradius to give you a login window? i tried this and couldn't see how to get it to work.. so had to use another portal for this. On 5/03/2011 2:10 PM, Gary Gatten wrote: FR just does what its told. I think the settings need to be changed on your wireless gear. - Original Message - From: Guy [mailto:g...@britewhite.net] Sent: Saturday, March 05, 2011 10:46 AM To: freeradius-users@lists.freeradius.orgfreeradius-users@lists.freeradius.org Subject: Freeradius2 and OSX clients no TLS -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I'm setting up Freeradius2 (FreeRADIUS Version 2.1.7) for WPA Enterprise 2, and I have it basically working. my iPhone/iPad are able to authenticate and connect via the base station. However my Mac (OSX 10.6 Snow leopard) Laptops are having issues. I do not want to push out Client certificates to the laptops. I also do not want people to have to perform any customisations on the clients. When the laptop attempts to join the network I get a nice login window, with username/password. This is fine. However without playing with the network settings (802.1x settings). I'm not able to join the network because I do not have a client Cert: Sat Mar 5 16:21:28 2011 : Error: -- verify error:num=19:self signed certificate in certificate chain Sat Mar 5 16:21:28 2011 : Error: TLS Alert write:fatal:unknown CA Sat Mar 5 16:21:28 2011 : Error: TLS_accept:error in SSLv3 read client certificate B Sat Mar 5 16:21:28 2011 : Error: rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned Sat Mar 5 16:21:28 2011 : Error: SSL: SSL_read failed in a system call (-1), TLS session fails. Sat Mar 5 16:21:28 2011 : Auth: Login incorrect: [guy/via Auth-Type = EAP] (from client extreme port 0 cli 00-19-E3-E1-BA-C5) However if I do change the 802.1x settings on the mac to not try and to TLS then I'm able to connect just fine. either by PEAP, or TTLS.. So finally my question... How can I reconfigure Radius to not try and offer TLS or if it does offer TLS to not die if a cert is not presented?? I have tried some suggestions such as commenting out the CA in the eap.conf file, but still I fail to pass the TLS. Thanks - ---Guy -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) iEYEARECAAYFAk1yaQcACgkQDc8ue1+sfKEcAQCfYRVtzNb1UcRa9hf+PM3ipToT zCgAn2TGSTOAjigyWLYwTm4HDcy12l9L =JyX7 -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html font size=1 div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in' /div This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. /font - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius2 and OSX clients no TLS
Ahh ok. thanks. THought you were talking about a captive portal. On 5/03/2011 2:39 PM, Guy wrote: it wasn't Freeradius providing the login window, it was OSX... trying to logon to the WiFi Network --Guy On 5 Mar 2011, at 17:26, Luke Hammond wrote: Just a side question, how did you get Freedradius to give you a login window? i tried this and couldn't see how to get it to work.. so had to use another portal for this. On 5/03/2011 2:10 PM, Gary Gatten wrote: FR just does what its told. I think the settings need to be changed on your wireless gear. - Original Message - From: Guy [mailto:g...@britewhite.net] Sent: Saturday, March 05, 2011 10:46 AM To: freeradius-users@lists.freeradius.orgfreeradius-users@lists.freeradius.org Subject: Freeradius2 and OSX clients no TLS -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I'm setting up Freeradius2 (FreeRADIUS Version 2.1.7) for WPA Enterprise 2, and I have it basically working. my iPhone/iPad are able to authenticate and connect via the base station. However my Mac (OSX 10.6 Snow leopard) Laptops are having issues. I do not want to push out Client certificates to the laptops. I also do not want people to have to perform any customisations on the clients. When the laptop attempts to join the network I get a nice login window, with username/password. This is fine. However without playing with the network settings (802.1x settings). I'm not able to join the network because I do not have a client Cert: Sat Mar 5 16:21:28 2011 : Error: -- verify error:num=19:self signed certificate in certificate chain Sat Mar 5 16:21:28 2011 : Error: TLS Alert write:fatal:unknown CA Sat Mar 5 16:21:28 2011 : Error: TLS_accept:error in SSLv3 read client certificate B Sat Mar 5 16:21:28 2011 : Error: rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned Sat Mar 5 16:21:28 2011 : Error: SSL: SSL_read failed in a system call (-1), TLS session fails. Sat Mar 5 16:21:28 2011 : Auth: Login incorrect: [guy/via Auth-Type = EAP] (from client extreme port 0 cli 00-19-E3-E1-BA-C5) However if I do change the 802.1x settings on the mac to not try and to TLS then I'm able to connect just fine. either by PEAP, or TTLS.. So finally my question... How can I reconfigure Radius to not try and offer TLS or if it does offer TLS to not die if a cert is not presented?? I have tried some suggestions such as commenting out the CA in the eap.conf file, but still I fail to pass the TLS. Thanks - ---Guy -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) iEYEARECAAYFAk1yaQcACgkQDc8ue1+sfKEcAQCfYRVtzNb1UcRa9hf+PM3ipToT zCgAn2TGSTOAjigyWLYwTm4HDcy12l9L =JyX7 -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html font size=1 div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in' /div This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. /font - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius2 and OSX clients no TLS
Cool, well if you need that part, i have Coovachilli running quite nicely.. I thought that Freeradius had its own captive portal, but couldnt see any way to get it working On 5/03/2011 3:08 PM, Guy wrote: That comes later! :) --Guy On 5 Mar 2011, at 17:56, Luke Hammond wrote: Ahh ok. thanks. THought you were talking about a captive portal. On 5/03/2011 2:39 PM, Guy wrote: it wasn't Freeradius providing the login window, it was OSX... trying to logon to the WiFi Network --Guy On 5 Mar 2011, at 17:26, Luke Hammond wrote: Just a side question, how did you get Freedradius to give you a login window? i tried this and couldn't see how to get it to work.. so had to use another portal for this. On 5/03/2011 2:10 PM, Gary Gatten wrote: FR just does what its told. I think the settings need to be changed on your wireless gear. - Original Message - From: Guy [mailto:g...@britewhite.net] Sent: Saturday, March 05, 2011 10:46 AM To: freeradius-users@lists.freeradius.orgfreeradius-users@lists.freeradius.org Subject: Freeradius2 and OSX clients no TLS -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I'm setting up Freeradius2 (FreeRADIUS Version 2.1.7) for WPA Enterprise 2, and I have it basically working. my iPhone/iPad are able to authenticate and connect via the base station. However my Mac (OSX 10.6 Snow leopard) Laptops are having issues. I do not want to push out Client certificates to the laptops. I also do not want people to have to perform any customisations on the clients. When the laptop attempts to join the network I get a nice login window, with username/password. This is fine. However without playing with the network settings (802.1x settings). I'm not able to join the network because I do not have a client Cert: Sat Mar 5 16:21:28 2011 : Error: --verify error:num=19:self signed certificate in certificate chain Sat Mar 5 16:21:28 2011 : Error: TLS Alert write:fatal:unknown CA Sat Mar 5 16:21:28 2011 : Error: TLS_accept:error in SSLv3 read client certificate B Sat Mar 5 16:21:28 2011 : Error: rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned Sat Mar 5 16:21:28 2011 : Error: SSL: SSL_read failed in a system call (-1), TLS session fails. Sat Mar 5 16:21:28 2011 : Auth: Login incorrect: [guy/via Auth-Type = EAP] (from client extreme port 0 cli 00-19-E3-E1-BA-C5) However if I do change the 802.1x settings on the mac to not try and to TLS then I'm able to connect just fine. either by PEAP, or TTLS.. So finally my question... How can I reconfigure Radius to not try and offer TLS or if it does offer TLS to not die if a cert is not presented?? I have tried some suggestions such as commenting out the CA in the eap.conf file, but still I fail to pass the TLS. Thanks - ---Guy -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) iEYEARECAAYFAk1yaQcACgkQDc8ue1+sfKEcAQCfYRVtzNb1UcRa9hf+PM3ipToT zCgAn2TGSTOAjigyWLYwTm4HDcy12l9L =JyX7 -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html font size=1 div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in' /div This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. /font - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed with user authentication
Thanks for that... I dounf coovachilli and installed it, now my freeradius wont start.. when i type: radiusd -X i get a whole lot of errors, any ideas where i could have gone wrong? We have a cisco 2800 or 2850 on its way from the company we have purchased our internet link from, so i am not sure if that can do the captive portal thing? On 19/01/2011 4:24 AM, Fajar A. Nugraha wrote: On Wed, Jan 19, 2011 at 1:52 PM, Johan Meiring jmeir...@pcservices.co.za mailto:jmeir...@pcservices.co.za wrote: On 2011/01/19 04:24 AM, Luke Hammond wrote: I want to have a wireless network, that will be open, and when a user connects and tries to browse they get redirected to a page where they have to login It's called captive portal http://en.wikipedia.org/wiki/Captive_portal Try coova.org/CoovaChilli http://coova.org/CoovaChilli What we usually do: - get a wireless AP which has captive portal feature. I find it easier than having to install a captive portal manually on a server. For example, if you're willing to use third-party firmware, dd-wrt support these devices: http://www.dd-wrt.com/wiki/index.php/Supported_Devices - get a radius server (you already have that) - get a login page. Something like http://net-mai.net/files/hotspotlogin.php.txt - adjust settings as required -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help needed with user authentication
Hey, i am new so sorry that i know nothing about Freeradius. Basically, i found a tutorial and followed it to get Freeradius2, Mysql and Daloradius working together.. that part is ok. But i am confused with this: I want to have a wireless network, that will be open, and when a user connects and tries to browse they get redirected to a page where they have to login, and that will talk to freeradius to make sure the user is authorised, then it will accept them and continue to where they were trying to browse to.. Thats basically what i need, but how does Freeradius do that? Where is that page so i can edit it with my logo or whatever? Or do i need more software to have that login page? Please assist, am desperate here to get this working.. thanks in advance! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html