Hi~
My radius server isrunning freeradius-0.9.3 right now, and I wish
that could support the EAP-SIM.
What should I do? Using the snapshot version to take place the 0.9.3? or
just only need to add a new module?
In addition, when the authencation mechanism is EAP-SIM,isthere
any
I want to connect the RAdius server to Active
directory for doing authentication, but I encountered a problem
in passing the Password to the Active
directory server.
The following is part of the radiusd.conf
file:
ldap
{
server =
"192.168.250.25"
identity =
Hi,
i'm using FreeRADIUS Version 0.9.3on FreeBSD 4.9
i'm using with a Cisco PIX to AAA internet access
it works fine, but i need to store the Cisco-AVPair info in radacct SQL
table.
As i can see in the detail accounting freeradius store Cisco-AVPair info
-snip-
Cisco-AVPair =
That was the problem, I solved last night reading an old post. I really
apreciate your help.
But this is not documented in module`s doc file. What is sqlacc3???
Thankyou all!!!
apellido dijo:
To to change the following :
Try to change the following in your sqlcounter dailycounter and
Hi!
I have a generally question. Is it possible to have
more than one authentication method. I know, that the freeradius
have multiple possibilities to authenticate, but is it possible to have
one as backup. For examble:
There is one freeradius Server which have two Authentication Methods:
I wonder if there are existing benchmarks of freeradius performance compared
with other radius servers.
Or even non-comparative benchmarks.
Also, I'm having trouble finding information about what is unique to
freeradius in terms of performance. The website suggests that freeradiius is
high
Am Sonntag, 21. März 2004 13:53 schrieb Peter Stamfest:
Hello,
The problem is that there is no connection between the certificate and the
id / User-Name:
* The User-Name can be freely chosen by the supplicant. This username is
then used for authorization (NOT authentication)
* The
Hello Juan, i dont know why and i already ask that in the mailing list. And
if you read old question you've got the answer. rlm_sqlcounter is not yet
stable (experimental). If you want to setup prepaid internet then use
rlm_counter.
question
- Original Message -
From: Juan Pablo Fava
Hi Folks,
i have following Problem with my Freeradius:
The Network:
# Laptop
Windows 2000
IP: 192.168.10.23
|
|
# Access Point (W-Lan)
It's a Fujitsu Siemens Connect2Air 2000RDS
IP: 192.168.10.100
|
|
# Freeradius-Server
IP: 192.168.10.1
Version 1.0.0-pre0
no, that's wrong. DON'T force the Auth-Type. do it as i said before.
ciao
artur
Mihai RUSU wrote:
Hi again
Sorry for the SPAM, I solved my problem after a while, the solution was to
have a line like this in users:
dizzy Auth-Type := EAP, User-Password = parola
On Mon, 22 Mar 2004, Mihai RUSU
On Mon, 22 Mar 2004, Artur Hecker wrote:
hi
something to do with radius running as radiusd/radiusd)
(it's not related but yes, it can't read the shadow file as user
'radiusd'. deactivate the caching if wou want it back.)
But caching is disabled (as in the default config, cache = no)
On Mon, 22 Mar 2004, Artur Hecker wrote:
no, that's wrong. DON'T force the Auth-Type. do it as i said before.
Thanks! I did as you said and it works fine.
ciao
artur
--
Mihai RUSUEmail: [EMAIL PROTECTED]
GPG : http://dizzy.roedu.net/dizzy-gpg.txtWWW:
hi
But caching is disabled (as in the default config, cache = no) and still
unix module fails to load on server startup or check config (the last
lines):
Module: Loaded Pam
pam: pam_auth = radiusd
Module: Instantiated pam (pam)
radiusd.conf[545] Failed to link to module 'rlm_unix': file not
hi
Acording to strace -s is not enough to execute with root rights, I had to
comment the user/group entries from radiusd.conf. Anyway, even running as
root it fails the same way :-/
hmm? if you execute it in debug mode as root, it runs as root. it reads
but should ignore the rights you set in
Alex Wang [EMAIL PROTECTED] wrote:
My radius server is running freeradius-0.9.3 right now, and I wish that
could support the EAP-SIM.
What should I do? Using the snapshot version to take place the 0.9.3? or
just only need to add a new module?
Upgrade to the CVS snapshot. A lot more than
Juan Pablo Fava [EMAIL PROTECTED] wrote:
But this is not documented in module`s doc file. What is sqlacc3???
Nothing. It's fixed in the latest CVS snapshot.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Tariq Rashid [EMAIL PROTECTED] wrote:
I wonder if there are existing benchmarks of freeradius performance compared
with other radius servers.
Only messages posted to the list. Search the archives for details.
Also, I'm having trouble finding information about what is unique to
freeradius
Dear List,
I'm trying to use mod_auth_radius-2.0.c
http://www.freeradius.org/mod_auth_radius/mod_auth_radius-2.0.c with
apache httpd-2.0.4.
The problem is, that the module doesn't set any cookies.
Is there anybody out, who has a working installation of the both apps
above? With apache_1.3.29
Please Note: Radius does NOT disconnect users, only the NAS can
disconnect the
user.
You will need to figure out how to send a command to your NAS to
disconnect the
user, and run that program in order to trigger a user disconnect.
Graeme Hinchliffe wrote:
On Tue, 16 Mar 2004 16:17:03 +0100
Hello,
I am trying to configure a SMC 2804WBR (european
V2) AP and an internal WiFi NIC on my laptop for WPA/PEAP network
access.
No matter what I tried, the login would fail. After
dumping some network packets, it seems that, after the identity is sent
Freeradius (in an access-request
Artur Hecker [EMAIL PROTECTED] wrote:
second: the problem is now that radiusd can't link the unix module.
thus, it seems to be a compilation/installation/system and not a
configuration problem, so perhaps we should wait till Alan wakes up and
see what he says :-) should be against 16h00 CET
Ugur GUNCER wrote:
Hi
Im my radius server gives Mysql check_error : 1054 received message after
user authorization procc.
What is it mean
My usergroup table is empty !!!
modcall: entering group authorize
modcall[authorize]: module preprocess returns ok
radius_xlat: 'dark'
rlm_sql (sql):
Hi Alan,
I assumed Freeradius is expecting an answer from the supplicant.
Unfortunatelly, there's no option (or I do not know about it) to increase
the verbosity and no error message whatsoever is logged.
I really do not know what to do - the strange thing is that - apparently -
EAP/TLS does
Reinaldo Silva [EMAIL PROTECTED] wrote:
radiusd: FreeRADIUS Version 0.8.1, for host i386-redhat-linux-gnu, built
Upgrade to 0.9.3.
My users file:
...
ricbasto Auth-Type := Local, User-Password == vex12ab
benjamim Auth-Type := Local, User-Password == aeco9eek
...
I'am using freeradius from CVS (as of Mar 15) and I'am getting:
users: Matched teste at 90 // It finds the user 'teste'.. Ok
modcall[authorize]: module files returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type
Federico Giannici [EMAIL PROTECTED] wrote:
I have noticed that the lower_pass = after configuration command is
implemented simply executing a second time the entire sequence of
authorization/authentication operations.
Yes. The feature is a hack, and should be removed from the server.
i am trying to use freeradius as a proxy between a Cisco gateway and a
billing software. Everything worked fine, but then I couldn't dial anything.
The billing software returns the error Null portname error.
Any insight? Thanks!
-
List info/subscribe/unsubscribe? See
Nuno Morgadinho [EMAIL PROTECTED] wrote:
I'am using freeradius from CVS (as of Mar 15) and I'am getting:
users: Matched teste at 90 // It finds the user 'teste'.. Ok
modcall[authorize]: module files returns ok for request 1
modcall: group authorize returns updated for request 1
Hi,
Does anybody out there have a quck radius monitor script they'd be willing
to share?
I have radius/AAA servers behind a CSS. I would like to monitor AAA
services and conditionally-act on a failure.
I am using radclient to successfully test the service.
Thanks a bunch,
Ken.
returns ok for request
2
radius_xlat:
'/usr/local/var/log/radius/radacct/132.146.197.111/detail-20040322'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/var/log/
radius/radacct/132.146.197.111/detail-20040322
modcall[accounting]:
module
OK Tarun, everything looks OK from LDP.exe,
at least I am able to connect and browse. But with ldapbrowse I am
getting CA certificate is not in server certificate chain.
So to back up a bit the certificate that I need on the freeradius
box is the one you can retrieve via the web interface on the
Would it also matter if my certificate
was self-signed as we do not have a need for a third party signed certificate
at this time.
Steve O'Brien
City of Bend
Network Administrator
[EMAIL PROTECTED]
541-322-6393
Tarun Bhushan
[EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
03/21/2004 04:56 PM
/local/var/log/radius/radacct/132.146.197.111/detail-20040322'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /usr/local/var/log/
radius/radacct/132.146.197.111/detail-20040322
modcall[accounting]: module detail returns ok for request 2
modcall
Anson,
You
need to look at how pool chaining works with the APX. You might also look
into the virtual routers.
-- Troy Settle Pulaski Networks http://www.psknet.com 540.994.4254 ~
866.477.5638
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Anson
have been
running FreeRadius at our installation for some time toauthenticate user
access to routers.We recently introduced a number of Radius servers for
various parts of thenetwork and started using Realms.Also introduced a
raddb/users group called "readonly" which gets read onlyservice
Steve
What you need is the Windows root CA cert that you placed on to the
FreeRadius box. Use the same PEM file as input on the box you are
executing the LDAP/Browser/Editor (LBE) from - this is the
c:\temp\somedc.ca.pem file I refer to in the documentation below. I used
LBE from a Windows box
Alan,
Thanks very much. I'll pull down the files from CVS first chance I get
and let you know how things go.
Alan DeKok wrote:
...
The latest CVS snapshot has had all references to inet_pton() and
inet_ntop() removed. Until the server supports IPv6 completely,
they're not needed.
...
-
- Original Message -
From: Alexei Vasilyev [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, March 22, 2004 6:34 PM
Subject: Re: How to pass password via password of radiusd.conf
Hey
c
c password=%{User-Password}
c
Here must be cleartext password for AD. E.g.
password=cbhoh123
Is
Hello, Ive been havin problems with the ippool, the freeradius seems to authorize the dialer client but my NAS doesnt.
What could be wrong?
Rogelio Alvarado Anchisi
Ing. de Sistemas
Galaxy Communications Corp.
Tel. +507-2000128
Cel. +507-6744093
OK I got it going here too, just some
login syntax issues with the ldabrowser. Now I can login with ssl
there but am still getting errors with freeradius radtest. On a side
note radtest is now working with identical radiusd.conf without ssl. To
roll this out I need SSL to work. Here's Debug:
Alex Wang [EMAIL PROTECTED] wrote:
my radius server is running 0.9.3 now, and I wish that can support EAP-SIM
proxy.
If you mean proxying EAP-SIM to another RADIUS server, sure. But to
do that, it means you probably won't be able to use EAP at all.
The latest CVS snapshot allows a little
Frank Seesink [EMAIL PROTECTED] wrote:
I have downloaded the CVS files and tried building FreeRADIUS under
Cygwin, and I'm all the way down to the build step where it attempts to
make radiusd.exe (the daemon itself). Unfortunately, it blows up on
something quite simple: undefined _crypt
On Fri, Mar 19, 2004 at 06:35:17PM +0200, Kostas Kalevras wrote:
On Fri, 19 Mar 2004, Robert Banniza wrote:
In looking at the dictionary.juniper file, I notice there are 5
attributes in this file:
ATTRIBUTE Juniper-Local-User-Name 1 string
Juniper
ATTRIBUTE
On Mon, 22 Mar 2004, Robert Banniza wrote:
I'm not sure I'm following you...Let's say I want to add the
Juniper-Allow-Commands and Juniper-Deny-Commands to my user's profile
within OpenLDAP. Wouldn't I have to define these attributes within some
LDAP schema whether it be in the
c
c password=%{User-Password}
c
c Here must be cleartext password for AD. E.g.
c password=cbhoh123
c Is there a way to pass dynamic password from different users? The problem is
c that the user a/c in AD is having a different password.
c Thank!
This password is for user (dn) which your radius
Alan,
I have downloaded the CVS files and tried building FreeRADIUS under
Cygwin, and I'm all the way down to the build step where it attempts to
make radiusd.exe (the daemon itself). Unfortunately, it blows up on
something quite simple: undefined _crypt reference. Now, there's a
-crypt
46 matches
Mail list logo