I get the following errors upon make :
gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE
-DNDEBUG -I../../../../include -I../.. -I/usr/local/ssl/include -o
rlm_eap_tls rlm_eap_tls.o eap_tls.o cb.o tls.o mppe_keys.o rlm_eap_tls.o
eap_tls.o cb.o tls.o
ppe_keys.o
Hello all, I have insalled the CVS version of Freeradius and I have
configured it to use peap. I'm using Xsupplicant as client and a
DWL-900AP+ as Access Point.
The problem is that the connect proccess fails, and lookig the radius
log I have seen that the first phase is correct, but in the
Hello All,
Is it possible to forward an authentication request to another radius
server based on the domain in the user name?
Richard
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How?
Milver S. Nisay wrote:
Hello All,
Is it possible to forward an authentication request to another radius
server based on the domain in the user name?
yes
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
If you have it setup in radiusd.conf to
look for @ to determine realms, then all you need to do is add that information
to users and acct_users.
[EMAIL PROTECTED]
you would set up
realm domain.com {
type = radius
authhost = ipaddressHere:1645
accthost = ipaddressHere:1645
Are you using the latest CVS snapshot? An issue causing the same
symptoms that you are seeing was recently fixed. Try compiling the
latest snapshot and see if that fixes the error.
--Mike
On Fri, 2004-05-07 at 08:55, Manuel Sánchez Cuenca wrote:
Hello all, I have insalled the CVS version of
We'll try it. Thanks.
Anson Rinesmith wrote:
If you have
it setup in radiusd.conf to
look for @ to determine realms, then all you need to do is add that
information
to users and acct_users.
[EMAIL PROTECTED]
you would
set up
realm
domain.com {
type = radius
authhost
I need to set up a Freeradius server proxying certain requests to another
radius server (Safeword Premier Access) in other to authenticate users with
tokens. All other users are to be authenticated locally.
My problem is: If I supply a correct password, the thread serving the
request gets into
I would check on the accounting. You have it set as port 1813, whereas it
would usually be 1646 on a system with authentication at port 1645.
If you have access to swpa.sbs.sk, try running radiusd in the foreground
(radiusd -X) and watch what it tells you when you send the request.
All The
Thanks for the suggestion. I was also suspicious about accounting. The ports
are correct. That's the idiocracy of Safeword Premier Access. In fact one of
the reasons for using freeradius is to log accounting packets into a SQL
database, so I have removed the accthost attribute from proxy.conf.
How?
Hello All,
Is it possible to forward an authentication request to another radius
server based on the domain in the user name?
there are several way:1. if your company is willing to sponsor another NAS device/machine and several phone lines/E1s etc, that would beone way.2.
Hello all,
I am seeing some curious behavior with Huntgroups and how it relates to the
NAS-IP-Address attribute. This behavior is noticable in a certain RADIUS
test utility I have used. This tool sends a NAS-IP-Address attribute inside
of an Authentication request. What I see is that FreeRADIUS
I'm evaluating the use of freeRadius and wondering whether it
will be possible to return valid check pairs to the upstream NAS
from info in MySQL, without using a typical users file entry like
this example...
DEFAULT Realm = abc.org, Login-Time = Al0555-1805
Session-Timeout = 14400,
I'm evaluating the use of freeRadius and wondering whether it
will be possible to return valid check pairs to the upstream NAS
from info in MySQL, without using a typical users file entry like
this example...
DEFAULT Realm = abc.org, Login-Time = Al0555-1805
Session-Timeout =
Certainly, just put them in the radreply or radgroupreply table (if you are
using the tables suggested).
All The Best,
Brian Andrus
Millenia Internet Services, Inc.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mark
Constable
Sent: Friday, May
=?ISO-8859-1?Q?Manuel_S=E1nchez_Cuenca?= [EMAIL PROTECTED] wrote:
Hello all, I have insalled the CVS version of Freeradius and I have
configured it to use peap. I'm using Xsupplicant as client and a
DWL-900AP+ as Access Point.
Upgrade xsupplicant. They had a bug in an older version.
The problem seems to be in the attributes the home server returns to the
freeradius proxy. When I reconfigured the home server to authenticate only
and not to send any attributes whatsover, everything worked as it should.
The attributes that caused the proxy to get into an infinite loop were:
iMark Constable [EMAIL PROTECTED] wrote:
I'm evaluating the use of freeRadius and wondering whether it
will be possible to return valid check pairs to the upstream NAS
from info in MySQL, without using a typical users file entry like
this example...
DEFAULT Realm = abc.org, Login-Time =
I am having trouble
with a proxy request in that it is timing out because it takes so long. I
actually need to set the timeout to something along the lines of 30-45 seconds,
preferably just for that realm. (this is because the system is actually making a
phone call for verification).
I
Ok, I have figured
part of my problem out. the delay_retry is what I need,
but.
Is there a way to
specify a different delay_retry and retry_count for each
realm?
Brian
Andrus
AD The Session-Timeout is inappropriate here. The Login-Time
AD attribute is a magic server-side attribute, which will set
AD Session-Timeout, so that the user is automatically kicked off at
AD the end of the time.
I need to return the value of a calculation as the Session-Timeout.
How should
I seem to be missing something. how should the values be defined in the
users file to achieve the specification below. Should I separate the
Cisco routers and the 3Com switches in the huntgroups file? Is it
permissible for there to be multiple Vendors Vendor-Specific values on
a users entry re:
UP If you know how to make this work, a reply with instructions would
UP be very appreciated.
I found the reason why my configuration didn't work. Problem solved
for now, thanks for your time.
Ulrich
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Sat, 8 May 2004 01:33 am, Alan DeKok wrote:
Mark Constable [EMAIL PROTECTED] wrote:
I'm evaluating the use of freeRadius and wondering whether it
will be possible to return valid check pairs to the upstream NAS
from info in MySQL, without using a typical users file entry like
this
Mark Constable [EMAIL PROTECTED] wrote:
In this case I want users to be able to login only during business
hours and to ALSO only have a 4 hour session limit during that time,
and most definately get booted after -1805 if they logged in within
3 hours and 59 minutes of that -1805 time-out.
Craig Huckabee wrote:
attr_rewrite works but breaks EAP for me :(
I've reattempted using the users file again, and double checked that
files does indeed come before the ldap sections in the authorize
section - still get a blank filter.
A debug run shows that files is indeed getting
Kenneth Grady [EMAIL PROTECTED] wrote:
I seem to be missing something. how should the values be defined in the
users file to achieve the specification below.
Use the 3com dictionary from the latest CVS snapshot.
3com = 3Com-Administrator,
That won't work.
See the 3com
Craig Huckabee [EMAIL PROTECTED] wrote:
However, if I use this:
DEFAULT User-Name =~ ^([^/]+)/(.*)
Foo = `%{2}`
...
then attempt to look at Foo using %{reply:Foo}, I get the expected value
and the filter works.
Try the original, but look for foo in %{Foo}, or %{request:Foo}
Mike Lampson [EMAIL PROTECTED] wrote:
I am seeing some curious behavior with Huntgroups and how it relates to the
NAS-IP-Address attribute. This behavior is noticable in a certain RADIUS
test utility I have used. This tool sends a NAS-IP-Address attribute inside
of an Authentication request.
Hello,
I´m using freeradius and the autentication methos by userfile, now i have to
create 2 usergroups, one for 1hour to surf in the internet othre for 6hours.
Can anyone help me about creating these 2 usergroups and setting ups each user
for desired usergroup.
sorry my bad english
thanks
Hi
Thanks for a very helpful response. I downloaded the snapshot and
now it compiles and installs without a hitch (in /usr/local/freeradius).
However, I have a problem running radtest (after running run-radiusd -X
-A (following the procedure at
If you want it to have huntgroups based on the source IP of the
RADIUS packet, edit the huntgroups file, and change NAS-IP-Address
to Client-IP-Address.
Thanks. I missed that attribute when looking through the various examples.
Cheers,
_Mike
-
List info/subscribe/unsubscribe? See
Tyrone Mills [EMAIL PROTECTED] wrote:
I can see how attr_rewrite can be used to modify particular aspects of the
packet, but how would I go about cancelling the proxying of a particular
packet?
Source code modifications, sorry.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
luc millet [EMAIL PROTECTED] wrote:
I have a proxy radius which is connected to several radius clients.
Some of them send several accounting requests with different session id,
for a same customer session.
That's very bad.
The radius clients (NAS) can't be configured, the servers can't be
This problem has been fixed. It was indeed a problem with the path not
being export'ed correctly.
M Singh wrote:
Upon running radtest :
[EMAIL PROTECTED] bin]# ./radtest testing123 testing123 localhost 0 testing123
/usr/local/freeradius/bin/radclient: error while loading shared
libraries:
I can see how attr_rewrite can be used to modify particular
aspects of the
packet, but how would I go about cancelling the proxying of a particular
packet?
Source code modifications, sorry.
Alan DeKok.
Hi Alan,
I'm almost finished writing a module (yet to be tested inside the
I'm just starting out with changing over from xtRadius to
freeRadius and testing things for the next few days. I'll be
looking hard at dialup_admin and just now I've got it up on
my own test box and I can see there are a few basic and obvious
mods that could be made... that I will be doing
37 matches
Mail list logo