an idea:
turn log_auth_badpass = on and write a shellscript which read out the logfile
and delete the user who tried to login with a bad pazzword.
i wrote a similar script to delete users by expiring date, using sed.
ciao marc werner
Am Dienstag, 23. März 2004 08:47 schrieb Tim Bots:
As I am
we have installed radius 0.9 on linux box and it works fine with
cisco AS5200 and AS5300.
WE tried to install a new AS5400 to work with radius but we have
problem with the authorize section.
The configuration in AS5400 is the following:
aaa authentication login default local group tacacs+ group
Hi Kostas,
how could i get the patch? I saerched the developer list and did not find it.
which patch do you mean - the one for rlm_ldap or that for configurable failover?
regards,
Arne
Message: 1
Date: Fri, 19 Mar 2004 18:17:19 +0200 (EET)
From: Kostas Kalevras [EMAIL PROTECTED]
To:
I guess this is a bad idea, because I can't write shell-script's ant I don't like the
idea of deleting users when their time is over. An example:
I want to have a few users that have 1 hour the time and they log in with their
browser.
Some other users may have 2 hours and some may have another
Hi All,
I have a FreeRADIUS box setup on OSX 10.3.3. I have it doing basic MAC
address authentication at the moment, using MySQL to retrieve its data
from. This part works fine.
My only problem, is that after loads of fiddling, I can't get it to
startup at boot (daemonize) unless I include -X
Hello!
I'm trying to configure LDAP authentication to work with the user supplied
credentials. ACLs don't allow
me to browse the LDAP directory so I'd like to authenticate the user based on a
successfull connection to
LDAP server with his user/pass.
I've come up with this configuration but
I am using freeradius as a proxy for another radius. Everything works
perfectly when trying to authenticate a prepaid calling card, but when the
user dials, the primary radius rejects all the calls on the ground of null
portname error. As far as I see, freeRadius sends forth what was sent to
it. I
hi!
we have freeradius 0.9.3 installed and running i can run successful
radtest's from the local machine, and from another (both are redhat
enterprise...) in the same class c block, but when i try to test or reach it
from outside that class c block, i get a 'no response from server'
Hi Joseph,
Just
a question from urs mail ? When u say Auth-Type = example then
the authentication for that user will go to a module named example,
similarly
Auth-Type=CHAP
means the same
The thing is i want to configure the
Server for challenge response, please can u let me know how ?
Hello,
i compiled snapshot freeradius-snapshot-20040318 with OpenSSL 0.9.7d 17
Mar 2004 like this :
./configure --with-experimental-modules
--with-openssl-libraries=/usr/local/ssl/lib
--with-openssl-includes=/usr/local/ssl/include
In my user file, i have tis user :
criup Auth-Type := EAP,
Sorry, the same message without signature.
Hello,
i compiled snapshot freeradius-snapshot-20040318 with OpenSSL 0.9.7d 17
Mar 2004 like this :
./configure --with-experimental-modules
--with-openssl-libraries=/usr/local/ssl/lib
--with-openssl-includes=/usr/local/ssl/include
In my user file, i
Hello
I use freeradius-snapshot-20040314 and inserted the following on top of
the users file:
#---
DEFAULT Proxy-To-Realm := dbzone
Fall-Through = Yes
DEFAULT EAP-Type == PEAP, Proxy-To-Realm := LOCAL
Fall-Through = Yes
DEFAULT EAP-Type == EAP-TTLS, Proxy-To-Realm := LOCAL
Fall-Through
Hi all,
I want to cross compiler "freeradius-snapshot-20040318" to MIPS.
I hadcross compiler Openssl-0.9.7-stable-SNAP-20040318 and put libcrypto.a and libssl.a to /usr/local/openssl/lib.
Iuse ./configure --enable-shared=no --localstatedir=/var --sysconfdir=/etc --build=i686-pc-linux-gnu
I sniffed both interfaces (the one on the FreeRadius machine and the WiFi on
the client).
The sequence is this:
packet sent from the AP to the NIC (identify)
packet sent to the AP from the NIC (I am username)
packet sent from the AP to FreeRadius (auth-request for username)
packet sent from the
Alex Barsky [EMAIL PROTECTED] wrote:
This is an absolutely incredible discussion group!
I was able to setup 802.1x / PEAP Authentication for the Windows XP
Supplicant just following some of the discussions.
Nice to know it's useful.
Now, I want to be able to drop users from WLAN when
Don't use the AP-3 if you want to use the Session-Timeout attribute.
They've been unable to get this right for as long as I can remember,
even though their release notes say that they support it.
From my experience, there *is* no other option other than rebooting the
AP. With the latest
Hi everyone,
Iam trying to build a Hotspot
systemusing FreeRADIUS, I have a Colubris CN3000 NAS and it
works great with the FreeRADIUS, but now I need a billing system integrated to
theFreeRADIUS so users when enter the hotspot can pay with
credit cardusing theexplorer/mozilla to get
xaeon [EMAIL PROTECTED] wrote:
- And at the Login
modcall: group authenticate returns reject for request 8
auth: Failed to validate the user.
Login incorrect: [alex/no User-Password attribute] (from client
Wlan-AP port 0 cli 00-02-72-02-86-73)
The whole point of debugging
Bernie Dolan [EMAIL PROTECTED] wrote:
We now find that if a username is sent with a suffixed Realm then
the users group (readonly) is bypassed and the DEFAULT group is
used.
Groups and realms don't interact well in 0.9.3. It should work in
the latest CVS snapshot.
Alan DeKok.
-
List
Hmm, I don't get any TLS TRACE messages
in my debug. Do we have the same debug tls settings?
ldap_debug = 0x
ldap_debug = 0x0001
ldap_debug = 0x0028
start_tls = no
tls_cacertfile = /usr/local/etc/openldap/cacertder.pem
tls_cacertdir = /usr/local/etc/openldap/demoCA
#tls_mode = no
Hi,
I hope, you can help me with an idea, how to filter/strip the
Framed-IP-Address of customers from the accounting data.
At the moment, I delete the these lines in the detail logs, but I'd like
to know, if there is a more elegant way to achieve this.
Has freeradius-0.9.3 a feature, to
If you have the accounting compatible version of attr_filter, you
should be able to do this. Instantiate attr_filter before detail in the
accounting config, and whatever pairs you decide to strip should not
make it into the detail file.
HTH,
Chris
On Mar 23, 2004, at 9:58 AM, Oliver
Ionut Nistor [EMAIL PROTECTED] wrote:
I sniffed both interfaces (the one on the FreeRadius machine and the WiFi on
the client).
The sequence is this:
...
packet sent from the FreeRadius to the AP (auth-challenge)
silence :-)
Then the AP is broken.
Alan DeKok.
-
List
[EMAIL PROTECTED] wrote:
I use freeradius-snapshot-20040314 and inserted the following on top of
the users file:
#---
DEFAULT Proxy-To-Realm := dbzone
Fall-Through = Yes
...
I don't think so.
Tue Mar 23 13:52:05 2004 : Debug: users: Matched DEFAULT at 66
Line 66 doesn't look
Jim Warren [EMAIL PROTECTED] wrote:
we have freeradius 0.9.3 installed and running i can run successful
radtest's from the local machine, and from another (both are redhat
enterprise...) in the same class c block, but when i try to test or reach it
from outside that class c block, i get a
I wrote a program that reads detail files and produces CVS or Tab
delimited data as
well it can connect to a PostgreSQL database and insert records
directly. I have not
compiled the program in quite a while, but use it to pull data out of
detail records
that I don't collect currently.
Example:
Hi Everybody,
I am new to freeradius, and am Curious to your
thoughts of the requirements such as processor, memory, and Disk space for a
radius server that will be used for no more than 100 Clients.
I don't have a problem building to big of a
machine, but I don't want to build one that
Almost anything 386DX and up could be used, you will probably
need at least a 1GB Hard drive and ethernet controller. :-)
All kidding aside, it will depend on the volume of radius traffic and
the ammount of 'live' data you will keep on the server.
I have about 1000 lines on about 40 clients. I am
I have like many I am sure, developed a full system in php
with registration linked to VeriSign for CC processing. If
the card transaction is accepted VeriSign can send all the
data to a form which posts the UID / password into MySQL
or LDAP for instant authentication. It is very basic but
Costin Manda [EMAIL PROTECTED] wrote:
I am using freeradius as a proxy for another radius. Everything works
perfectly when trying to authenticate a prepaid calling card, but when the
user dials, the primary radius rejects all the calls on the ground of null
portname error. As far as I see,
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Read the radius.log file, it may say why the detail file is not being
created.
Note: The detail file will only be created if an accounting record is
accepted.
Pavol Zibrita wrote:
Hi!
A small problem I hope. I just have the detail log configured as it was
in the installed radius.conf, but
Yes please send !!! Thanks !!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kirti S.
Bajwa
Sent: Tuesday, March 23, 2004 12:01 PM
To: '[EMAIL PROTECTED]'
Subject: RE: Using FreeRadius for a HotSpot with a PrePaid Billing System
Yes, I do. I am going
Hi John, thanks for that !!!
Can I ask you a few other questions
What equipments are you using ??? ( NAS, Bridges, APs, Antennas )
thanks.
- Original Message -
From: John Kiehnle [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 4:03 PM
Subject: Re: Using
Am using Orinoco 1100 ROR 1 watt smart amp 15 dbi omni on a 30ft pole on
the roof of my house I am setting up wifi or have setup wifi for the
neighborhood I have a rack o servers am running UNIX and windows servers I
plan on using free radius for authentication etc ... Not yet implemented I
have
Steve
You only need one of these:
ldap_debug = 0x
ldap_debug = 0x0001
ldap_debug = 0x0028
The 0x covers all the others. I have no other special TLS debug set
- I just set it to 0x0001 normally, and 0x when more detail is
needed, but TLS debug is available on either, IIRC.
Also,
thanks for the information John,
where are you going to post the php files ???
and one other question:
I am planning to make a hotspot for a residential condo, and I would like
your opinion in my equipment list:
FreeRADIUS on a dedicated ROOT server with 1and1 hosting (and hopefully a
You will need this too...
Have fun
JK
On Tue, 23 Mar 2004 15:15:50 -0800
John Overman [EMAIL PROTECTED] wrote:
*This message was transferred with a trial version of
CommuniGate(tm) Pro*
Am using Orinoco 1100 ROR 1 watt smart amp 15 dbi omni
on a 30ft pole on
the roof of my house I am
thanks John
can you please take a look to my last post ??? I would like your opinion
about the equipments I am planning to use,
thanks again.
Oswin.
- Original Message -
From: John Kiehnle [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 7:50 PM
Subject:
On Tue, Mar 23, 2004 at 08:42:44PM -0500, Alex Redden wrote:
Thank you for your time. I need to authenticate my PM3 NAS with more
than 8 characters. The request is being authenticated by the
freeradius 0.9.3 and the user structure /etc/passwd shadow file on
the Linux box. formerly was using 8
Probably - thanks.
I already written to SMC support - hopefully I'll get a response.
cheers,
i
- Original Message -
From: Alan DeKok [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 6:24 PM
Subject: Re: SMC 2804WBR PEAP not working
Ionut Nistor [EMAIL PROTECTED]
41 matches
Mail list logo