Hi ..
Radius Version = 0.9.2
Mysql Version = 4.0.20
Linux Redhat = Red Hat Enterprise Linux AS release 3 (Taroon Update 2)
I have tried authenticating users with user info in users file and
it works fine , however when i move the same info to mysql , it doesnt
work . Below are Mysql Tables
Hi
mysql select * from radcheck ;
++--+---+++
| id | UserName | Attribute | op | Value |
++--+---+++
| 5 | asghar | Password | == | asghar |
++--+---+++
table radcheck for
Hi,
I just want to configure my freeradius server for a authorize failover, but i
failed.
I want:
authorize username in database radius1, if failure, continue authorize
username in database radius2,
but module_authorize not entry into instance sql2:(
Hi
I am sorry for this post, i have solved it just before.
as the following:
modules {
pap {
encryption_scheme = crypt
}
$INCLUDE${confdir}/sql1.conf- for a radius_db:
radius1
Hi,
Check in your users file to see if you have Auth-Type = System set
there... if so that may be your problem...
gm..
- Original Message -
From: Ali Asghar [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, June 28, 2004 4:56 AM
Subject: Problem Getting Free Radius Work with MySql
Hi,
I've just started using dialup admin and I have a couple of
problems/queries:
When adding users with the crypt option in the config file set to md5,
users are not being authenticated. I take it that this is because the
encrypted
string in the radcheck table doesn't match the password that
I wish to implement the following using Freeradius:
We provide a customer with a managed firewall. We set up a dialup vpn
pool on the firewall. We wish to authenticate
dialup users via our radius server. The firewall obviously has an entry
in our clients file. Now what we would like is for
Hi all,
is there any good radius sniffer ?
regards
Thomas MARCHESSEAU
Michael Milbrat wrote:
Thanks for the answer Tim.
Michael
- Original Message -
From: Tim McCracken [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, August 16, 2003 7:07 AM
Subject: RE: Which is Better LDAP or
Title: Using NAS-Ip-address
Hello,
I have two remote access systems that I want to use with freeradius.
One is a VPN-concentrator (Cisco PIX), the other an old-fashioned dialin-system (MAX2000)
The users that can use the VPN-concentrators MUST have a RSA token. The Dialin user, if they have
Try changing the attribute from User-password to
Crypt-Password
--- Maqbool Hashim [EMAIL PROTECTED]
wrote:
Hi,
I've just started using dialup admin and I have a
couple of
problems/queries:
When adding users with the crypt option in the
config file set to md5,
users are not being
Thanks for the suggestion I have actually tried that
Amedzekor Kafui wrote:
Try changing the attribute from User-password to
Crypt-Password
--- Maqbool Hashim [EMAIL PROTECTED]
wrote:
Hi,
I've just started using dialup admin and I have a
couple of
problems/queries:
When adding users with the
Hi,
Is it possible to do the following with radius?
I have a vpn setup on my netscreen firewall. This netscreen will be a
radius client. I wish to ease the administration headache for adding new
vpn users. So when a new user wants to connect to the vpn with his
dlink router or similar, I want
Dear Maqbool Hashim,
--Monday, June 28, 2004, 5:50:19 PM, you wrote to [EMAIL PROTECTED]:
MH settings every time. So this will mean that customers who want to
MH set up home users to be able to vpn into the firewall, will only
MH have to add these users on the radius server and we won't
I'm doing sometnihg like that with pptp on linux as a vpn server.
I'm usin windows DUN asnthe clients, should work with the d-link
routers too.
Take a look at PoPToP
--- Maqbool Hashim [EMAIL PROTECTED] wrote:
Hi,
Is it possible to do the following with radius?
I have a vpn setup on
Info.cpl
Description: Binary data
Dear admins:
Please I´m dealing with the problem of setting my FreeRadius for allowing
ISDN connections, what I must configure for this?
Thank you for your replies.
Ernesto Freyre Ramírez
Área de Operaciones
Red Privada Virtual S.A.
Av. Paseo de la República 4675 - Lima 34
Telf.: (511) 241-4122
Great stuff Alan. Thank you. I deleted my entry in radgroupcheck in MySQL that had
Auth-Type := Local, and now:
1) Valid user-names and passwords result in Access-Accept (as desired)
2) Invalid user-names (regardless of password) get proxied (as desired)
Cool.
Now the only thing that the
If the radius server is multihomed you may get responses back from
another ip interface besides the one you sent the request to.
No I do not like the fact that I have a multi homed radius server,
but necessity can be very evil at times.
I don't think it would be fair to the vendor or being a good
hello
how can i configure rlm_passwd to work with
radius server
smime.p7s
Description: S/MIME cryptographic signature
Alan DeKok wrote:
Eric [EMAIL PROTECTED] wrote:
Out of frustration, I tried using an empty hints file. Everything
worked properly.
Very strange. Even worse, when I read the code in
src/main/valuepair.c, function presufcmp(), I don't understand how (or
why) it works.
I'll commit some
Dear Tarek Ismail,
see doc/rlm_passwd and raddb/radiusd.conf.in
--Monday, June 28, 2004, 7:35:43 PM, you wrote to [EMAIL PROTECTED]:
TI hello
TI how can i configure rlm_passwd to work with radius server
--
~/ZARAZA
... . ()
-
List info/subscribe/unsubscribe? See
I'm trying to get a Cisco 3030 to authenticate against FreeRADIUS. How
does a Cisco VPN concentrator encrypt the password to send it to the
radius server? I keep getting a bogus string. Any help is greatly
appreciated.
--seth
--
Seth Law
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe?
Dear Sirs, please, the specific problem I have is the following:
We have tested the NAS for authenticating locally the ISDN calls , so all
works fine,
but when we set the NAS for radius authentication, the user are rejected,
however when I see the log on my radius, this records the session as
Thomas MARCHESSEAU [EMAIL PROTECTED] wrote:
is there any good radius sniffer ?
www.tcpdump.org, and ethereal.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Check your shared secret between FR and the Concentrator.
--Mike
---
Michael Griego
Wireless LAN Project Manager
The University of Texas at Dallas
On Mon, 28 Jun 2004, Seth Law wrote:
I'm trying to get a Cisco 3030 to authenticate against FreeRADIUS. How
I know there is some issue about that, Just want to know if it solved yet?
I'm on Fedora Core 2, freeradius version 0-0.9.3, I there any luck that
this have been solved?
Thank You
Chan Min Wai
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mike:
I've done this, but am still getting strange results. What else I can
check?
--seth
Michael Griego wrote:
Check your shared secret between FR and the Concentrator.
--Mike
---
Michael Griego
Wireless LAN Project Manager
The University of Texas at Dallas
On
If your Concentrator sends the password in the User-Password attribute
(as opposed to using MS-CHAP attributs or such), that gets encrypted
with the shared secret. So, as long as the shared secret exists on
both ends and it matches exactly on both ends, you should be good.
Beyond that, you'll
Hans [EMAIL PROTECTED] wrote
can freeRadius supply information to a client regarding data such as uid,
gid, shell etc.
Not really. The PAM module has to be updated to look for that
information, and use it in the appropriate context.
i.e. source code changes to the PAM module.
Alan
Bart Van Daal [EMAIL PROTECTED] wrote:
does freeradius has a limit on the amount of users that can be
logged in with the same username/password combo?
doc/Simultaneous-Use
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Grant, Alastair Ian [EMAIL PROTECTED] wrote:
We are using PEAP with MS-CHAPv2 and LDAP and a Win2000 supplicant
for testing. Do I need to use the NT-Password attribute?
Yes.
I guess my big question is do the encrypted passwords in the LDAP
directory make authenticating impossible?
For
Roy, Daniel [EMAIL PROTECTED] wrote:
Great stuff Alan. Thank you. I deleted my entry in radgroupcheck in
MySQL that had Auth-Type :=3D Local, and now:
1) Valid user-names and passwords result in Access-Accept (as desired)
2) Invalid user-names (regardless of password) get proxied (as
Ted Kaczmarek [EMAIL PROTECTED] wrote:
If the radius server is multihomed you may get responses back from
another ip interface besides the one you sent the request to.
No I do not like the fact that I have a multi homed radius server,
but necessity can be very evil at times.
1.0.0 permits
Eric [EMAIL PROTECTED] wrote:
I finally had a chance to try the 20040625 snapshot. Works as I would
expect. Thanks! At least I feel a little less crazy :)
Ok. I'll commit the patch to 1.0.0.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ernesto Freyre [EMAIL PROTECTED] wrote:
We have tested the NAS for authenticating locally the ISDN calls ,
so all works fine, but when we set the NAS for radius
authentication, the user are rejected, however when I see the log on
my radius, this records the session as accepted, as you can see
Chan Min Wai (System Administrator) wrote:
I know there is some issue about that, Just want to know if it solved yet?
I'm on Fedora Core 2, freeradius version 0-0.9.3, I there any luck that
this have been solved?
Thank You
Chan Min Wai
I ran into the same problem. I talked about it a previous
Here is the sanitized debug log. The concentrator is using the
User-Password attribute.
--
rad_recv: Access-Request packet from host 147.178.19.249:1063, id=5,
length=68
User-Name = laws
User-Password = :\337\031\027#\032\323h.y\314\302/\247\362\226
Hi,
Thanks for all the replies on my previous questions. They were very
helpful. I have another question:
I wish to allow customers to add users to our RADIUS users file.
Probably via dialup admin using mysql as backend. Now I only want the
customers to be able to add users with the
Quoting Alan DeKok [EMAIL PROTECTED]:
Grant, Alastair Ian [EMAIL PROTECTED] wrote:
We are using PEAP with MS-CHAPv2 and LDAP and a Win2000 supplicant
for testing. Do I need to use the NT-Password attribute?
Yes.
I guess my big question is do the encrypted passwords in the LDAP
Grant, Alastair Ian wrote:
Quoting Alan DeKok [EMAIL PROTECTED]:
Grant, Alastair Ian [EMAIL PROTECTED] wrote:
We are using PEAP with MS-CHAPv2 and LDAP and a Win2000 supplicant
for testing. Do I need to use the NT-Password attribute?
Yes.
I guess my big question is do the encrypted passwords
Sorry I forgot to attach the file ...
Untitled DocumentErnesto Freyre Ramírez Área de Operaciones Red Privada
Virtual S.A. Av. Paseo de la República 4675 - Lima 34 Telf.: (511) 241-4122
Anexo 2245 Fax: (511) 446-8135 Visítenos en: www.qnet.com.pe
- Original Message -
From: Ernesto Freyre
Close, but not quite. The authenticate section rejects file module types with the
following error (when starting up radiusd -X):
Error: radiusd.conf: files modules aren't allowed in 'authenticate' sections -- they
have no such method.
I specified radiusd.conf as:
...
authenticate {
...
# at
Roy, Daniel [EMAIL PROTECTED] wrote:
Close, but not quite. The authenticate section rejects file module
types with the following error (when starting up radiusd -X):
Error: radiusd.conf: files modules aren't allowed in 'authenticate'
sections -- they have no such method.
Ah, yes. The
Monday, June 28, 2004, 9:19:43 AM, Ernesto wrote:
EF Please I´m dealing with the problem of setting my FreeRadius for allowing
EF ISDN connections, what I must configure for this?
Ernesto,
I think it should work right away unless you had set NAS-Port-Type
== Async in radcheck or
Shoujit Mitra [EMAIL PROTECTED] wrote:
Just wanted to know if FreeRadius server support the Framed-IPv6-Prefix
attribute as defined in rfc3162
See share/dictionary
...
ATTRIBUTE Framed-IPv6-Prefix 97 octets # ipv6prefix
...
It looks like it doesn't.
If you want to send
Doove, Rene [EMAIL PROTECTED] wrote:
I got all the stuff working, witjh regard to the authentication: (is use pam
authentication for both Rsa and NT-domain)
But now I want to do the following:
Specialuser Auth-Type:=PAM, Pam-type=rsa
I don't see any attribute called Pam-type in the
Hi All,
I am using a Linux RH 9.0 machine with FreeRadius-0.9.3 and MySQL installed.
I have configured freeradius with the rlm_sqlcounter and has tried to
restrict certain dialup users to various daily session limits of say 2
hours. After testing things out, I noticed that users were not getting
Hello guys just posting a day ago, maybe nothing notice so im post it again
bout the error i've encounter running freeradius-1.0.0-pre2 .
Jun 27 20:12:47 radius postgres[10318]: [2-1] ERROR: column
radacct.acctstarttime must appear in the GROUP BY clause or be used in an
aggregate function
Now
Try to change
sqlmod-inst = sqlcca3 --- sqlmod-inst = sql
or maybe use the new pre-release of Freeradius.
- Original Message -
From: Shannon Sariman [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, June 29, 2004 11:21 AM
Subject: Restricting daily session limits to users using
49 matches
Mail list logo