Re: 802.1x
On Wed, Nov 02, 2005 at 11:10:20AM -0500, Alex M wrote: > Now im totally lost... > Can u give me an example what 802.1x does? Can u use google? Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 802.1x
On Tue, Nov 01, 2005 at 09:27:57PM -0500, Alex M wrote: > What is the difference between plain Radius identification compare to > 802.1x? Basically 802.1x is between client and NAS, and radius is between NAS and AAA server. So how would you compare them? Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: OT: Freeradius and Redback SMS 1800
On Tue, Oct 18, 2005 at 05:11:54PM +0200, Dominik Sennfelder wrote: > We are using Freeradius with two Redback SMS 1800 > Authorizing and accounting works with mysql. > > Is it possible to log the IP-Address at > the beginging of the accounting? see AOS Command Reference, AAA and Radius commands. aaa delay-start-record Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + MySQL not working after upgrade from 1.0.1
On Tue, Aug 23, 2005 at 06:30:16PM -0700, [EMAIL PROTECTED] wrote: > Problem solved. I had been compiling versions > 1.0.1 without enabling > Ascend binary support. > > > Are you sure you didn't edit the dictionaries? Are you sure there's > > no other attribute 242, of type "octets"? Are you sure you're using > > the 1.0.4 dictionaries with 1.0.4? > > I was in the process of removing and reinstalling freeradius, on what was > already a fresh install on a new sever. to make absolute sure of all of > that when I noticed a Gentoo local use flag, "frascend", which appears to > have been introduced in Gentoo freeradius ebuilds after version 1.0.1 > which changed the "default" behavior for later versions to not enable what > was previously enabled "by default". frascend in the 1.0.4 ebuild seems to behave the same way as in my freeradius 0.9.0 ebuilds. I don't see that they changed the meaning of that use flag from my submitted ebuild over the 1.0.X versions to the 1.0.4 version. The defualt behavior is and was to only compile with-ascend-binary if the frascend use flag is present. Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Colubris-AVPairs
On Wed, Jul 27, 2005 at 03:07:00PM -0400, Andrey wrote: > When I attempt to authenticate the AP, the Access-Accept response has only the > first Colubris-AVPair, whichever it might be (i've tried different orders). > Is there any reason for this kind of behaviour? Do attributes have to have > unique names? (since all three are called Colubris-AVPair). Try the += operator. Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Defining whole networks for huntgroups matching!
On Mon, Jul 25, 2005 at 01:36:19PM +0200, Erling Paulsen wrote: > I'm using huntgroups to group our NAS-boxes, and I'm wondering if it is > possible to designate whole networks ala. A.B.C.D/24 - instead of listing > all boxes with multiple NAS-IP-Address statements? If you can write the network as regex, it should be possible to match all your NASes in one check. Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error getting data from database
On Fri, Jul 22, 2005 at 04:32:56AM -0700, Nirmal wrote: > Thanks for your help > > which file i should look into in order to remove this space ? It's in your SQL database. Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error getting data from database
On Thu, Jul 21, 2005 at 11:34:17PM -0700, Nirmal wrote: > > Hi, > > i have installed freeradius 1.0.4 on linux 7.3 with postgresql i m > getting following error !! > > what could be the reason ? > > rlm_sql: Failed to create the pair: Unknown attribute "User-Password " Perhaps that space at the end of the attribute string? Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MAX_PACKET_LEN setting limiting number of Cisco- Avpair's
On Tue, Jun 28, 2005 at 03:10:51PM -0700, Niall Browne wrote: > Apart from this is there any other way to increase the number of > Cisco-Avpair's within freeradius to be pushed to a firewall or is this the > maximum ? You already seem to know the way for creating acl via radius: inacl#X An input access list definition. For IP, standard or extended access list syntax can be used, though you cannot mix them within a single list. For IPX, only extended syntax is recognized. The value of this attribute is the text that comprises the body of a named access list definition. outacl#X An output access list definition. For IP, standard or extended access list syntax can be used. For IPX, only extended syntax is recognized. The value of this attribute is the text that comprises the body of a named access list definition. But you might also use the ip:inacl/outacl without a rule number to assign a named ip access-list which is defined on the router: router: ip access-list extended No-EIGRP remark Filters EIGRP Traffic remark used with dynamic ADSL deny eigrp any any permit ip any any radius: Cisco-AVPair += "ip:inacl=No-EIGRP", Cisco-AVPair += "ip:outacl=No-EIGRP" If you have a CCO (I think you need one for that) you could take a look at ciscos Dial Solutions Configuration Guide, which helps you with such stuff. Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and max4000
On Wed, Jun 01, 2005 at 02:37:04PM +0300, Dmitriy Milashenko wrote: > When I try to connect using MAX4000, I get ip address = > Framed-IP-Address+NAS-Port, but MAX4000 sends NAS-Port like 20102, > so my ip address is 195.68.222.64+20102=195.69.44.198. > In the same time I have analog modem pool, working with portslave that > sends NAS-Port attribute in range 1-16. > > So the question is how to make MAX4000 send NAS-Port attribute with > lower values or make freeradius to calculate ip in another way. I guess the freeradius expression syntax could help you in that case. > I've heard that there is a patch for freeradius to work with MAX4000, > if it is so, please tell me where can I get it. Anyway: why don't just use pools on the MAX? The MAX learns them via radius and assigns a cetrain pool to the connection. Easy, no radius magic required... Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radclient??
On Wed, Jun 01, 2005 at 11:44:07AM +0200, Sylvain Clerc wrote: > On 6/1/05, Oliver Graf <[EMAIL PROTECTED]> wrote: > > On Wed, Jun 01, 2005 at 11:07:13AM +0200, Sylvain Clerc wrote: > > > I have to use radclient with another soft but I can't arrive to run it > > > . When I do : > > > > > > radclient 192.168.1.1 auth secret > > > > > > nothing happens, it stays always empty. radtest works successful and > > > depends of radclient, that's why I don't understand why radclient > > > doesn't work. Is my syntax is wrong for radclient?? > > > > What key/value pairs do you send through radclient? radclient waits > > for kv pairs to send on stdin and outputs the result on stdout. > > It must be my problem. I don't understand this concept of "key/value > pairs" to use with radclient. I have to create a file with its but how > do I write them in this file?? Can you give me an example of this file > ??? echo "Some-Attribute = Value" | radclient 192.168.1.1 auth secret Just study radtest, and you see what it does. Its a shell script... Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radclient??
On Wed, Jun 01, 2005 at 11:07:13AM +0200, Sylvain Clerc wrote: > I have to use radclient with another soft but I can't arrive to run it > . When I do : > > radclient 192.168.1.1 auth secret > > nothing happens, it stays always empty. radtest works successful and > depends of radclient, that's why I don't understand why radclient > doesn't work. Is my syntax is wrong for radclient?? What key/value pairs do you send through radclient? radclient waits for kv pairs to send on stdin and outputs the result on stdout. Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: What is X-Ascend-Data-Rate Attributes represent?
On Mon, Jan 10, 2005 at 09:27:53PM -0500, Marendra Nutriaji wrote: > hi all, > What is X-Ascend-Data-Rate Attributes represents? does it represent > the connection speed of the dial in connection? What's the difference > between attribute Ascend-Xmit-Rate ? > i hope somebody could help me My Ascend RADIUS Configuration Guide says: Ascend-Data-Rate: The Ascend-Data-Rate Attribute specifies the receive baud rate of the connection in bits per second. Ascend-Xmit-Rate: Specifies the transmit baud rate for the connection. You can download the manuals from support.lucent.com. For example: https://support.lucent.com/portal/getContentItem.do/Live/Product/max6000/8.0/Manuals_and_Guides/0900940380005f1f.pdf Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius logs Connections 4 times with Acct-Delay-Time
On Thu, Nov 11, 2004 at 12:48:38PM +0100, Dominik Sennfelder wrote: > the connecion Start and Stop ist logged 4 Times. > That means the the Start is listed 4 times with the same > Acct-Session-Id and the Stop is listet 4 times with the same > for example a part of the log and my radiusd.conf > > Does anyone have an idea what the problem could be ? Your redback does not receive the responses of the radius server that it has received the accounting packet, so the redback resends it. This can be an ip mismatch (i.e. redback sends to x, but radius answers with y). Try to dump the packets to see whats the difference. Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius client
On Wed, Oct 13, 2004 at 03:52:08PM +0800, Yyc wrote: > hi all, > i will write a radius client which will be embeded in some NAS device. > some one know about what program environment will be offered to me? Does the > radclient of freeradius can run there? If you want to write something for an embdedded device, why don't you know its capabilities? Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: NAS-Identifier check
On Tue, Oct 12, 2004 at 07:10:47AM -0700, Alex wrote: > OK, I defined a huntgroup "testNAS-Identifier == "my_nas"" in huntgroups > file and added | eap_user| Huntgroup-Name | == | test | to radcheck table. > It says "No matching entry in the database for request from user [eap_user]" and > "auth: No authenticate method (Auth-Type) configuration found for the request" > When op for Huntgroup-Name changes to := int radcheck, user gets authenticated no > matter what it is sent in NAS-Identifier. := is assignment, it cannot work. I check NAS-IP-Address in huntgroups. Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: NAS-Identifier check
On Tue, Oct 12, 2004 at 02:11:02AM -0700, Alex wrote: > If Auth-Type is Accept, no EAP negociation occurs. What I want is TTLS established > and user credentials checked and also NAS-Identifier value checked. Thai is, block > some TTLS users from connecting from behind other NAS than its own. > I get users accepted if TTLS user has only 'User-Password' and '==' in the > radcheck. As soon as I add 'NAS-Identifier, '==', 'my_nas', it says Auth-Type not > found. Ah, ok. I use huntgroups for a semiliar thing (restriction certain accounts to certain NASes). Perhaps this is something that might help you, too? Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: NAS-Identifier check
On Mon, Oct 11, 2004 at 06:56:01AM -0700, Alex wrote: > Hello, > > I want TTLS users to be authenticated using their login/pwd _AND_ the NAS-Identifier > attribute from the Access-Req packet. It works fine with User-Password, but when I > add NAS-Identifier == 'my_router' to radcheck table, freeradius says 'Auth-Type > notfound'. The debug shows that 'my_router' sends the correct value for this > attribute. > When I change to :=, users can login even if the value is completely changed (i.e. I > put his_router instead) Use AuthType := Accept Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Ascend MAX 6000 Problems
On Sun, Oct 10, 2004 at 06:07:43PM -0400, Corey Jarvis wrote: > If anyone has experienced something similar or can help it would be > appreciated. I get those packets too. I just ignore them. Works like a charm. Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Double quoting in sql?
On Wed, Sep 29, 2004 at 08:10:45AM +0200, Oliver Graf wrote:
> On Fri, Sep 24, 2004 at 10:24:09AM -0400, Alan DeKok wrote:
> > Oliver Graf <[EMAIL PROTECTED]> wrote:
> > Something is escaping '#' to '=23', probably in the SQL module.
>
> Yeah. The Problem is that the allowed_chars string in 0.9.3 included
> '=', but the one in 1.0.1 does not.
>
> But cause radius_xlat (or whatever else...) does not know if a value
> of a pair is already escaped (as SQL-User-Name is), this creates some
> ugly double escaping.
>
> So the correct solution is to change the sql.conf and remove
> SQL-User-Name from it, cause freeradius 1.0.1 will escape pairs used
> inside queries always correctly, as it seems.
Wrong.
Correct is: sql_set_user does NOT need to use sql_escape_func in
radius_xlat. That way the SQL-User-Name pair is unescaped, as any
other pair, and the radius_xlat (with sql_escape_func) that is run on
the query will escape that pair correctly, as it does it for any other
pair.
Diff vs 1.0.1 attached.
Oliver.
--- freeradius-1.0.1/src/modules/rlm_sql/rlm_sql.c.orig 2004-09-29 08:15:55.0
+0200
+++ freeradius-1.0.1/src/modules/rlm_sql/rlm_sql.c 2004-09-29 08:16:37.0
+0200
@@ -459,7 +459,7 @@
if (username != NULL) {
strNcpy(tmpuser, username, MAX_STRING_LEN);
} else if (strlen(inst->config->query_user)) {
- radius_xlat(tmpuser, sizeof(tmpuser), inst->config->query_user,
request, sql_escape_func);
+ radius_xlat(tmpuser, sizeof(tmpuser), inst->config->query_user,
request, NULL);
} else {
return 0;
}
Re: Double quoting in sql?
On Fri, Sep 24, 2004 at 10:24:09AM -0400, Alan DeKok wrote: > Oliver Graf <[EMAIL PROTECTED]> wrote: > > I've upgraded recently from 0.9.3 to 1.0.1. There seems to be one > > small problem in the sql module: a Username seems to be quoted two > > times, first when setting sql_user_name, then when doing the xlat on > > the whole query. > > > > Debug output: > > radius_xlat: 'test=23test' > > Something is escaping '#' to '=23', probably in the SQL module. Yeah. The Problem is that the allowed_chars string in 0.9.3 included '=', but the one in 1.0.1 does not. The pitty is that omitting '=' from allowed chars is obviously correct, cause its the char used to quote stuff. Like you need to use %% to get one %, an unescaped = should become a =3D. But cause radius_xlat (or whatever else...) does not know if a value of a pair is already escaped (as SQL-User-Name is), this creates some ugly double escaping. So the correct solution is to change the sql.conf and remove SQL-User-Name from it, cause freeradius 1.0.1 will escape pairs used inside queries always correctly, as it seems. Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Double quoting in sql?
On Fri, Sep 24, 2004 at 03:04:56PM +0400, Alexander M. Pravking wrote: > On Fri, Sep 24, 2004 at 12:39:09PM +0200, Oliver Graf wrote: > > It does not seem that the change which causes this is in rlm_sql.c. I > > guess it is to search in variable expansion of main/xlat.c. But I > > currently fail to see the change between 0.9.3 and 1.0.1 where this > > happened... perhaps I will take a deeper look later. > > Hmm... 0.9.3 did escaping for anything except: > "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: =/", > and the default setting of safe-characters is the same now, so the '#' > char should have been escaped in 0.9.3 too. Didn't you patch rlm_sql.c > of 0.9.3 to modify safe char list? ;-) Nope. I have a database with test=23test instead of test#test... :) Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Double quoting in sql?
On Fri, Sep 24, 2004 at 02:31:47PM +0400, Alexander M. Pravking wrote:
> On Fri, Sep 24, 2004 at 09:39:07AM +0200, Oliver Graf wrote:
> > Hi!
> >
> > I've upgraded recently from 0.9.3 to 1.0.1. There seems to be one
> > small problem in the sql module: a Username seems to be quoted two
> > times, first when setting sql_user_name, then when doing the xlat on
> > the whole query.
>
> IIRC this behavour is here since SQL-User-Name attribute is handled by
> rlm_sql, because it's being escaped twice. Two ways I see:
> 1. avoid using %{SQL-User-Name} in queries.
> 2. patch rlm_sql.c::sql_set_user to pass func=NULL to radius_xlat.
It does not seem that the change which causes this is in rlm_sql.c. I
guess it is to search in variable expansion of main/xlat.c. But I
currently fail to see the change between 0.9.3 and 1.0.1 where this
happened... perhaps I will take a deeper look later.
Oliver.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Double quoting in sql?
On Fri, Sep 24, 2004 at 09:39:07AM +0200, Oliver Graf wrote:
> I've upgraded recently from 0.9.3 to 1.0.1. There seems to be one
> small problem in the sql module: a Username seems to be quoted two
> times, first when setting sql_user_name, then when doing the xlat on
> the whole query.
>
> Am I just missing a config change? From the sample config I can see no
> difference.
>
> Fix: I use %{User-Name} in the queries instead of %{SQL-User-Name}
Test Command:
/usr/bin/radtest test#test test localhost 1 testing123 1 127.0.0.1
> Config:
> sql_user_name = "%{User-Name}"
> authorize_check_query = "SELECT id,name,attr,value,op FROM ${authcheck_table} WHERE
> name = '%{SQL-User-Name}' AND kind = 'user' AND type = 'check' ORDER BY id"
>
> Debug output:
> radius_xlat: 'test=23test'
> rlm_sql (sql): sql_set_user escaped user --> 'test=23test'
> radius_xlat: 'SELECT id,name,attr,value,op FROM radiususers WHERE name =
> 'test=3D23test' AND kind = 'user' AND type = 'check' ORDER BY id'
> rlm_sql (sql): Reserving sql socket id: 9
> rlm_sql_mysql: query: SELECT id,name,attr,value,op FROM radiususers WHERE name =
> 'test=3D23test' AND kind = 'user' AND type = 'check' ORDER BY id
> rlm_sql (sql): User test=23test not found in radcheck
>
> Oliver.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Double quoting in sql?
Hi!
I've upgraded recently from 0.9.3 to 1.0.1. There seems to be one
small problem in the sql module: a Username seems to be quoted two
times, first when setting sql_user_name, then when doing the xlat on
the whole query.
Am I just missing a config change? From the sample config I can see no
difference.
Fix: I use %{User-Name} in the queries instead of %{SQL-User-Name}
Config:
sql_user_name = "%{User-Name}"
authorize_check_query = "SELECT id,name,attr,value,op FROM ${authcheck_table} WHERE
name = '%{SQL-User-Name}' AND kind = 'user' AND type = 'check' ORDER BY id"
Debug output:
radius_xlat: 'test=23test'
rlm_sql (sql): sql_set_user escaped user --> 'test=23test'
radius_xlat: 'SELECT id,name,attr,value,op FROM radiususers WHERE name =
'test=3D23test' AND kind = 'user' AND type = 'check' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 9
rlm_sql_mysql: query: SELECT id,name,attr,value,op FROM radiususers WHERE name =
'test=3D23test' AND kind = 'user' AND type = 'check' ORDER BY id
rlm_sql (sql): User test=23test not found in radcheck
Oliver.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Antwort: Re: Antwort: Re: Open Radius and Novell Certification Server
On Tue, Jul 20, 2004 at 11:26:41AM +0200, [EMAIL PROTECTED] wrote: > Ok i like to use http://www.xs4all.nl/~evbergen/openradius/index.html ;) > Is it possible that it works with Novell Certificate Server . > I think thats a very heavy scenario ... ;) The Server manage and create > Certifactes and radius work with it that is my problem about the interface > beetwen the two servers. Ok, now you know the webpage of OpenRadius. Next step: try to send your question to the OPENradius mailingslist, cause this here is the FREEradius mailinglist. Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Antwort: Re: Open Radius and Novell Certification Server
On Tue, Jul 20, 2004 at 10:11:17AM +0200, [EMAIL PROTECTED] wrote: > Excuse me which is the right one ? It's no good sign if you don't know the radius server you want to use... ;) Google thinks this is openradius: http://www.xs4all.nl/~evbergen/openradius/index.html Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP and CHAP
On Thu, Jul 15, 2004 at 03:07:44PM +0200, Oliver Graf wrote: > On Thu, Jul 15, 2004 at 02:35:03PM +0200, Daniel Eyholzer wrote: > > "Mitchell, Michael" <[EMAIL PROTECTED]> wrote: > > > Well its not a standard "feature" of freeRADIUS, and quite possibly > > > shouldn't be, so probably never will be. ;-) > > > > Why isn't it a standard "feature"? Is there an obvious reason? Are you all > > storing your password in clear text in LDAP or whatever backend you use? Or > > are you just not using CHAP for authentication? > > I use such a thing for our mysql store. Just put the encrypted stuff > in the database and change rad_ktk_decodepw in lib/radius.c to decrypt > the password (I just check the length of the encryted password, cause > this clearly identifies them in my case). > > I can give a more concrete example, but I won't expose my reversible > crypt algorithm :) I could also provide a stub freeradius auth rlm as example. Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP and CHAP
On Thu, Jul 15, 2004 at 02:35:03PM +0200, Daniel Eyholzer wrote: > "Mitchell, Michael" <[EMAIL PROTECTED]> wrote: > > Well its not a standard "feature" of freeRADIUS, and quite possibly > > shouldn't be, so probably never will be. ;-) > > Why isn't it a standard "feature"? Is there an obvious reason? Are you all > storing your password in clear text in LDAP or whatever backend you use? Or > are you just not using CHAP for authentication? I use such a thing for our mysql store. Just put the encrypted stuff in the database and change rad_ktk_decodepw in lib/radius.c to decrypt the password (I just check the length of the encryted password, cause this clearly identifies them in my case). I can give a more concrete example, but I won't expose my reversible crypt algorithm :) Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to setup radius for ADSL
On Wed, Feb 18, 2004 at 01:11:30PM +0800, [EMAIL PROTECTED] wrote: > Does anyone have any experience with confirgure radius and ADSL. Where can > I get specific intruction of setting up radius and mysql for ADSL. Normally you would configure your radius server for your access equipment. It makes no big difference if this equipment terminates analog, isdn or dsl calls... Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: I have MySql. Do I need CHAP, PAP, EAP or rlm_unix??
On Sun, Jan 25, 2004 at 03:24:50PM +0100, Ciolo_-^DusT^-_WebMaster wrote: > the secret... > the secret word is given or I have to create it on my own... > and if I have have to create it or declare it... > where... there are some particular suggestions in how to create a secret > key... Well... Let your head smash down on your keyboard and roll it to the left or to the right. Works well for me. Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: I have MySql. Do I need CHAP, PAP, EAP or rlm_unix??
On Sat, Jan 24, 2004 at 10:07:11AM -0800, Jeff wrote: > I have Freeradius 0.9.3 up and running with Gentoo > Linux on x86 hardware. I had to comment out every > instance of the unix module in radiusd.conf to get > Freeradius to compile on Gentoo (for some reason > 'rlm_unix' module doesn't compile on Gentoo). > Authentication is done with encrypted passwords in > MySql. did you use the 0.9.3 ebuild or did you do it on your own? I made the ebuild, and I see no problems on any of my systems, so a more complete description would be helpful. > 2) Since I authenticate thru MySql, do I need CHAP, > PAP or EAP? If you need PAP, CHAP or EAP depends on the type of auth you want to do, not on the type of storage backend... Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem assigning static IP
On Wed, Jan 14, 2004 at 01:41:53AM +0100, Albert Silva Gibert wrote: > > I need to configure static IP for the WinXP supplicant from the FreeRadius > through a Cisco 3550 switch. > > I don't know what I'm missing!!! All the authentication works correct with > EAP MD5, the only think that fails is de assignement of the user IP. My > users file looks like this: > > user Auth-Type := EAP, User-Password == "userpsw" > Reply-Message = "Hi user!!!", > Service-Type = Framed-User, > Framed-Protocol = PPP, > Framed-IP-Address = 33.33.33.2, > Framed-IP-Netmask = 255.255.255.0, Here you assign the network 33.33.33.0/24 to the user. His interface gets 33.33.33.2 as ip in this network, which gets routed to this IP. > interface Vlan1 > ip address 33.33.33.1 255.255.255.0 But wait! Your cisco has an interface in this network! Won't work. The cisco will not accept the routing information you did send in your radius paket. So the user should get droppen. If you just want to try to assign one IP, please read the FAQ and do not use a netmask, cause this is propably not what you want... Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CISCO PIX and RADIUS
On Tue, Jan 06, 2004 at 05:56:41PM +0100, Ing. Milan Cygal wrote: > Does CISCO PIX support a RADIUS authorization? > >From command reference of "aaa": > authorization - Enable or disable TACACS+ user authorization for services (PIX > Firewall does not support RADIUS authorization). Did you try to search cisco CCO for it? PIX 500 should do radius as far as I know. But you did not give much information... Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SPAM [was: Re: VXAMCECD, the whistle made]
On Mon, Jan 05, 2004 at 12:33:38AM +, Miquel van Smoorenburg wrote: > >http://www.mail-archive.com/[EMAIL PROTECTED]/msg02849.html > >) It made absolutely no sense then why someone who wasn't a reader could > >post to it, and still doesn't now. (grumble) > > I did make sense then, and it still makes sense now. People who > don't grok this [1] have been a major reason for me _not_ to change > the list to subscriber-only posting. Hmmm why should someone who can not subscribe to a mailinglist be more able to install and run a radius server? I vote for closed lists. Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Could you help on freeradius..
On Sun, Dec 28, 2003 at 12:56:50PM +0700, [EMAIL PROTECTED] wrote: > users file - > > mydial Auth-Type := Local, User-Password == "dial" > Service-Type = Framed-User, > Framed-Protocol = PPP, > Framed-IP-Address = 202.xxx.xx.12, > Framed-IP-Netmask = 255.255.255.192, > Framed-Routing = Broadcast-Listen, > Framed-MTU = 1500, > Framed-Compression = Van-Jacobsen-TCP-IP > > DEFAULT Group = radius > Pool-Name := "my_dial", > > -- > The result is my assigned-ip is always 202.xxx.xx.12 , not between 202.xxx.xx.30 - > 202.xxx.xx.59. As you tell it in the entry for mydial (Framed-IP-Address and Framed-IP-Netmask). > Can you help me solved this ? If you don't give the user mydial a fixed IP via Framed-IP-Address and Framed-IP-Netmask it should get one from the pool. Through the DEFAULT entry looks not quite correct... take a look at the sample radiusd.conf there are examples in the comments before the pool definition. Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
