I run freeradius with :
user = freerad
group = freerad
I reinitialized my freeradius (by deleting all log and counter files),
and when i started, the radius.log file was created but was owned by
root, so i had to chown freerad.freerad. Is it normal or not ?
The same questions for counter
Also the log files radutmp and radwtmp are not being generated. Hence
radwho does not show any logged in users.
shrug Look at the debug messages to see why.
The debug messages show :
Module: Loaded radutmp
radutmp: filename = /usr/local/var/log/radius/radutmp
radutmp: username =
On Thu, 14 Mar 2002, wheatly wrote:
hi,everyone
if I want to authentication and authorization with openldap, how can i do
except for changing the radiusd.conf correctly. should i map the radius
attribute to ldap attribute ,and should I change the source code?
wheatlyshi
tel:
Your $PATH is probably preferring the system (BSD) make.
What does 'make -v' say?
make - v
Makefile, line 10: Could not find Make.inc
make: fatal errors encountered -- cannont continue
it seems line 10 of Makefile is looking for Make.inc - which doesnt exist,
only Make.inc.in
duncan
-
Hi all,
I have to say that I had exactly the same problem (same suze and same
freeradius).
Compiling on redhat6.2 worked fine.
Benoit
-Original Message-
From: Frank Cusack [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 14, 2002 1:14 PM
To: Paul Crittenden
Cc: [EMAIL PROTECTED]
Here is the output of my ./configure
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 14, 2002 3:03 PM
To: [EMAIL PROTECTED]
Subject: RE: error compiling freeradius 0.4
Hi all,
I have to say that I had exactly the same problem (same suze and
Hello all, I'm Mr song from Korea.
I'm a graduate student majoring in Computer
Science.
I study AAA protocol like RADIUS and Diameter.
First I studied RADIUS spec(RFC 2865) and I want to study about
RADIUS
Iinstalled Wow Linux 7.1(Paran) and I
installed FreeRadius according to the
Hello All,
I took Andrew's advice on the 'cache = yes' parameter, but no joy. I
have included the radiusd -X debug output for your perusal.
Cheers,
Tom
Begin Debug Output
--
ahost# /usr/local/sbin/radiusd -X
Starting - reading configuration
Yury Bokhoncovich [EMAIL PROTECTED] wrote:
Does anybody know is FR vulnerable to Zlib free bug?
The server doesn't link to libz, so it isn't vulnerable.
However, one of it's modules (mysql, ldap, etc) MAY link to libz,
but I don't know for sure.
Alan DeKok.
-
List
duncan [EMAIL PROTECTED] wrote:
What does 'make -v' say?
make - v
Please try again.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Do-Risika RAFIEFERANTSIARONJY [EMAIL PROTECTED] wrote:
I reinitialized my freeradius (by deleting all log and counter files),
and when i started, the radius.log file was created but was owned by
root, so i had to chown freerad.freerad. Is it normal or not ?
Hmmm... the server SHOULD open
This is a pre-release announcement for 0.5. Anyone who has had
problems with the CVS snapshot should announce any bugs they've
encountered. If there are no problems, then 0.5 will be released in a
day or so.
Here is the change log:
FreeRADIUS 0.5.0 ; $Date: 2002/03/11 18:47:08 $,
Try portslave. http://www.sourceforge.net/projects/portslave
Simulates a NAS with dial-in modems (and handy to set up an extra
console for testing), can set up on the same machine if you like.
Sorry, not much more detail than that - read the docs, install,
configure, test, search for any
=?ks_c_5601-1987?B?vNvDorfE?= [EMAIL PROTECTED] wrote:
What can I do with RADIUS?=20
Authentication, authorization, and accounting.
Read the RFC's.
How must I do ? Do I have a program for RADIUS?
Read the RFC's, it will become clearer.
Alan DeKok.
-
List
Hello All,
Is there an FAQ or doc that references how to use freeradius with
routers? In particular, I am looking for a way to use freeradius to
control enable access on a foundry switch. Right now, if I set up the
foundry to use radius to authenticate the enable command, any user who
I am now running the snapshot from the 14th with exactly the same
results: Still broken. Keep the ideas rolling in because I'll probably
try them all!
Cheers,
Tom
Alan DeKok wrote:
Thomas Keitel [EMAIL PROTECTED] wrote:
I took Andrew's advice on the 'cache = yes' parameter, but no joy. I
Eric John Seneca [EMAIL PROTECTED] wrote:
Where do I get the module rlm_eap for freeradius? I get the following
message
...
It was not included in the tarball for freeradius-0.4.
Try grabbing the latest CVS snapshot.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Eric Dean [EMAIL PROTECTED] wrote:
I found the problem. The customer firewalls accounting which results in
the proxy client being disabled. There's a DEAD_TIME variable that can be
changed as well.
raddb/proxy.conf has a dead_time variable. The only DEAD_TIME in
the tar file is in the
Thomas Keitel [EMAIL PROTECTED] wrote:
Is there an FAQ or doc that references how to use freeradius with
routers?
I don't think so. But if the router speaks RADIUS, then it doesn't
matter if it's a router, a NAS, or a desktop box. It's just a RADIUS
client.
In particular, I am looking
At 10:24 AM 3/14/2002 -0500, Alan DeKok wrote:
This is a pre-release announcement for 0.5. Anyone who has had
problems with the CVS snapshot should announce any bugs they've
encountered. If there are no problems, then 0.5 will be released in a
day or so.
I'm committing a fix today for
What does 'make -v' say?
make - v
Please try again.
Alan DeKok.
i tried again (this time with make -v) and its the same...
Makefile, line 10: Could not find Make.inc
Make: fatal errors encountered -- cannot continue
duncan
-
List info/subscribe/unsubscribe? See
Hi,
I'm running FreeRadius 0.4 on Sparc/Solaris 8 (latest patches) for
some testing i'm conducting with 3Com/Cisco L2TP tunnels - please
bear with me i'm a radius newbie and have only been running FR for a
week.
I have FR up and running nicely, sending back attributes to the nas's
in question
Try grabbing the latest CVS snapshot.
After compiling the CVS snapshot and configuring the /etc/raddb/radius.conf,
I still get authentification failure.
I sniffed the session traffic and I see the following information
192.168.100.170 - 64.95.221.220 UDP D=1812 S=1812 LEN=75
AND THE RADIUS
At 04:47 PM 3/14/2002 +, [EMAIL PROTECTED] wrote:
Hi,
I have FR up and running nicely, sending back attributes to the nas's
in question to setup tunnels.
I've heard about a tunnel feature that allows the nas to receive
multiple
tunnel-endpoint attributes and then load balance the tunnels it
* Fix a bug which would hang the server when many SQL
connections were open. Found by Cvetan Ivanov [EMAIL PROTECTED]
Sweet. I had this problem on sunday. heh
* Password = UNIX or PAM backwards compatibility removed.
Ok, help! I use PAM autentication, what should I do now?
NOW I ASSUME THE MESSAGE BEING SENT BACK IT MY SECOND PACKET IN THE SNIFFER
LOG.
64.95.221.220- 192.168.100.170 UDP D=1812 S=1812 LEN=108
Sending Access-Challenge of id 62 to 64.214.69.230:4916
EAP-Message =
\001\000\026\004\020#\237\300j\320\225\376\2639\262\265\340\333F\243
Ok .. what would the corresponding entry in the users file look like?
The attribute reported in radacct details is Attr-130482178, but I don't
see any attribute style information in the debug output during the auth
phase when I enable radius authentication on the router.
Cheers,
Tom
Alan
Thomas Keitel [EMAIL PROTECTED] wrote:
Mayhaps this should be added to the docs and/or the comments of the
.conf file?
Done.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thomas Keitel [EMAIL PROTECTED] wrote:
Ok .. what would the corresponding entry in the users file look like?
That really depends on what you want to do. Read the 'users' file
for examples. There's no point in me posting the same examples here.
The attribute reported in radacct details is
Edgard Castro [EMAIL PROTECTED] wrote:
* Password = UNIX or PAM backwards compatibility removed.
Ok, help! I use PAM autentication, what should I do now?
If your 'users' file has:
DEFAULT Password == PAM
...
Then change it to:
DEFAULT Auth-Type := PAM
...
At 06:48 PM 3/14/2002 +, [EMAIL PROTECTED] wrote:
Hi Chris, thanks for the help! I'll give it a go right now and take a
look at the RFC you mentioned.
This may seen a naive question but i only have 5 days worth of radius
experience under my belt, when should i/should not use VSA (like
the
duncan [EMAIL PROTECTED] wrote:
i tried again (this time with make -v) and its the same...
Install GNU make.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SNIP
Yes. You can use something like this for your users file:
tunneluser Auth-Type := Local, Password == foobar
Tunnel-Type:1 = L2TP
Tunnel-Medium-Type:1 = IP
Tunnel-Server-Endpoint:1 = 10.20.30.2
Tunnel-Password:1 = secret
Tunnel-Preference:1 = 1
Hi!
I tried to setup freeradius to proxy based on prefix and suffix the
same time, where prefix has preference. There are accounts like:
[EMAIL PROTECTED] (should go to isp 1)
[EMAIL PROTECTED] (should go to GRIC)
username (should go to our own radiusd on another machine)
In radiusd.conf
Radius Server has sent an Access-Challenge with EAP-MD5 challenge value
for which the client should respond back.
Based on the response received, Radius Server authenticates the user.
The reason there is not response back is because the 3com access point
interprets challenge as a failure.
Eric John Seneca [EMAIL PROTECTED] wrote:
The reason there is not response back is because the 3com access point
interprets challenge as a failure.
Then it doesn't do EAP properly.
Is there any special setting I must define for the user? The access point
and client only has one setting
Bernd Sontheimer [EMAIL PROTECTED] wrote:
A second point:
To overcome the problem above myself i removed the prefix-
checking from radiusd.conf, so that only suffix-checking remains,
and put a entry in the users-file like
No i was happy first, because authentication works now for all
Chris Parker wrote:
SNIP
If there is a standard attribute ( non-VSA ) that does what you want,
I highly urge the use of that, over the VSA, as it will be more portable.
If there isn't a standard attribute to accomplish it, then you don't have
a choice, so you have to use the VSA.
I come
Well, if we're supposed to be reporting bugs:
(I've encountered this problem from 0.2 all the way up to the most recent
CVS)
I have proxying configured and working, but the accounting is kind of
strange.
The accounting packets are propery proxied to the end server, but the copies
that are
I have found the following URL very useful:
http://www.missl.cs.umd.edu/~adam/802/
jsl
--
John Lindsay - Engineering Services Manager
Internode Professional Access
ph +61 8 8223 2999 fx +61 8 8223 1777
31 York St Adelaide, PO BOX 284 Rundle Mall SA 5000
-
List info/subscribe/unsubscribe?
Hello All,
Here is the entries for the foundry dictionary file that I whipped up.
It is for the 3 attributes that I was able to reference in the documentation
VENDOR Foundry 1991
ATTRIBUTE foundry-privilege-level 1
integerFoundry
Thomas Keitel [EMAIL PROTECTED] wrote:
Here is the entries for the foundry dictionary file that I whipped up.
It is for the 3 attributes that I was able to reference in the documentation
OK, I've added them as 'raddb/dictionary.foundry'
Alan DeKok.
-
List info/subscribe/unsubscribe?
Nope. Triple-checked the shared secret. They match.
Only one RADIUS server in this setup, not separate auth and
acct (or did I
misunderstand your suggestion?).
If shared secret is right then we need to figure out, where
the problem
is.
Can you send the radius logs.
As Alan
According to the dictionary.foundry file the ATTRIBUTE id's for the
attributes I set in the DEFAULT user configuration should be values 1 2
and 3 repectively, however it looks to me that the foundry is recieving
a authentication reply packet from the server with incorrect ATTRIBUTE
id's (the
I wrote a script in perl at one point to do radius testing, but can't find
it. I think FreeRadius ships with a command line tool to do queries and
dump the results. These kinds of tools would be your best bet for
debugging.
--
Roy Hooper
Project Manager Senior UNIX Consultant
Decisive
Hi,all,
I use freeradius snapshot + oracle database.
I know if I use PPP CHAP , I must put the user password in cleartext in the database.
But I donot want to let the database administrator know the user's password,
so if I use PPP PAP, can I put encoded password in database, what arithmetic does
Alan DeKok wrote:
Do-Risika RAFIEFERANTSIARONJY [EMAIL PROTECTED] wrote:
I reinitialized my freeradius (by deleting all log and counter files),
and when i started, the radius.log file was created but was owned by
root, so i had to chown freerad.freerad. Is it normal or not ?
Hmmm...
47 matches
Mail list logo