yes, they're MikroTik's attributes
Thank you!
Edgars
Alan DeKok wrote:
Edgars [EMAIL PROTECTED] wrote:
with timeouts it is a good helper but how to proceed with Recv-Limit and
X-Limit attributes (the tota download and upload bits)?
There are no such attributes define in RADIUS.
Your NAS
yes, machap is enabled.
When the user is connecting using mschapv2 without encryption everything
is fine but as soon as the encryption is enabled following errors appear
in the logs:
Wed Aug 25 10:06:05 2004 : Error: No memory
Wed Aug 25 10:06:05 2004 : Auth: Login OK: [uldis/no User-Password
it's a function of your access point. freeradius delivers the necessary
keying data. your access point (authenticator) has to use it to produce
the wep keys. similarly, your wireless client (supplicant) produces its
keying data and the both latter can negotiate the wep keys together.
thus,
Hiya
having a real good go at optimising our radius servers these last few
days :)
I have a requirement where for a request from a particular pool of
NASes I need to return 3 entries identical every time, and the 4th entry
needs to be one from a list of 10, chosen randomly (or in
Hi,
When I try to compile freeradius, it show:
(snipp)
Somebody can help me?
If you provide some more information (e.g. what system are you
compiling on? Which openssl version are you using?) somebody _might_
be able to help.
Stefan
-
List info/subscribe/unsubscribe? See
On Mon, Aug 23, 2004 at 10:15:00PM +0200, Adam KOSA wrote:
I had asked the same question months ago and I was told that it is not
possible...
Hi List
I'm sorry if this is a basic question here. I just set up freeradius,
using it to authenticate to network devices (instead local auth). I
I'm sorry if this is a basic question here. I just set up freeradius,
using it to authenticate to network devices (instead local auth). I got
it up almost fine. In my raddb/users file, i have the following:
test Auth-Type := Local, User-Password == test, Simultaneous-Use :=
10,
i have instaled freeradius1.0.0.0 and configure my
localhost as a client (just to test):
client 127.0.0.1 {
secret = test
shortname = localhost
}
and i make one user in the users file :
mobile Auth-Type := EAP
test Auth-Type := Local, User-Password ==test
but when i try
hi all,
i am using freeradius-1.0 version.
I connect to the Rad server from my NAS,which has a radclient.
I begin with a accounting start request.
With the accounting stop request the AcctStopTime
and AcctSessionTime are updated in Mysql and the response is sent back to my
NAS.
I want to access
i folloed the steps written isn the rlm_sqlcounter doc file (using
freeradius 1.0.0 with postgre). Inserted in the radreply table entry
which is giving some user the total session time to 60s. But in the
logs i received such an error:
Error: rlm_sql: unknown attribute Max-All-Session
Wed Aug
Thanks everyone for your responses to my questions and thanks to Greg
for the valuable links he provided. After some more research I decided
that I would use mpthrill as I don't have the time for extensive
development.
Also, I appologize to the list for the digital sig... I forgot to turn
it
Edgars [EMAIL PROTECTED] wrote:
When the user is connecting using mschapv2 without encryption everything
is fine but as soon as the encryption is enabled following errors appear
in the logs:
Wed Aug 25 10:06:05 2004 : Error: No memory
If the server is running out of memory, that's
=?iso-8859-1?q?oulaika=20abdelfattah?= [EMAIL PROTECTED] wrote:
and i make one user in the users file :
mobile Auth-Type := EAP
test Auth-Type := Local, User-Password ==test
but when i try to connect as user test i have this
message : invalid sigature
what can i do
Post debug
Manjunath M Prabhu [EMAIL PROTECTED] wrote:
I want to access this AcctSeesionTime on my NAS box.
Preferably i would want this attribute to be sent with the accounting
response.
Accounting responses don't contain any attributes. See the RFC's.
Can someone tell me how we can send back
[EMAIL PROTECTED],
i´ve download and compile the mod_auth_radius-2.0.c how is described here
http://www.freeradius.org/mod_auth_radius/ with apxs -i -a -c mod_auth_radius.c. All
finished and the httpd.conf has my entries:
LoadModule radius_auth_module modules/mod_auth_radius-2.0.so
..
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Fritz,
Look at checkrad. It's mentioned several times in doc/Simultaneous-Use.
- - Kevin
On Wednesday 25 August 2004 07:54, Fritz Reichmann wrote:
Hello,
I have set up Freeradius to authenticate against LDAP and with a
Simultaneous-Use:=1
Stephan Pfeiffer [EMAIL PROTECTED] wrote:
If i connect now to the server it asked me for user and passwort, but
after press enter i get the default error page. The apache2 log writes:
configuration error: couldn't check user. no user file?: /index.shtml
You haven't told Apache *when* to
still the subj. is the problem for me.
maybe there is already some doc ready to understand where to put what to
get this to work?
I put readclients=yes and nas_table parameters respectively in
radiusd.conf and postgresql.conf.
The table structure also seems to be correct. But when connecting,
Subject: Setting Up a Freeradius Server
Date: Wednesday 25 August 2004 16:17
From: Marco Garro [EMAIL PROTECTED]
To: FreeRadius [EMAIL PROTECTED]
Hi all,
i'm new to freeradius world. I'm trying to set up a FreeRadius server because
I need eap-tls authentication in my WLAN.
I'm using a BUFFALO
Hi,
Here is my problem:
If different computer send the same request(same
user/pass) to the radius server, I would like it to
reply differently.
More precisly I'd like to assign Ip to a specifyed
group, so if the request came from a computer of a
group or another one, the radius server would
Hand, Chris [EMAIL PROTECTED] wrote:
I'm still not seeing it.
If it's listed in the authorize section, it will be printed out in
debugging mode.
Are you willing to provide debug logs?
Let's start over. What is the best way of authenticating users to an
NT domain over PEAP? Am I even on
Title: Segmentation Fault
Okay, this may be a configuration problem but I cannot seem to find it. When I run radiusd in debug mode, I get a segmentation fault. Please see below.
[EMAIL PROTECTED] raddb]# /usr/local/sbin/radiusd -X
Starting - reading configuration files ...
reread_config:
What version of freeradius are you using?
I am using freeradius 1.0.0 on FreeBSD 4.10 with MySQL 4.0.20 and I get the
following debug output on startup (see segfault at the bottom):
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file:
SPROUSE Troy F [EMAIL PROTECTED] wrote:
Okay, this may be a configuration problem but I cannot seem to find it.
When I run radiusd in debug mode, I get a segmentation fault. Please see
below.
Ok... try this:
$ gdb /usr/local/sbin/radiusd
...
(gdb) set args -X
(gdb) run
...
(gdb) bt
and
[EMAIL PROTECTED] wrote:
Using XP supplicant I install cert-clt.p12 and root.der on the client, and
trying to use Odissey as client. But the authentication never go on. In fact
does not start EAP conversation, in spite of a request in received by server.
So... run the server in debugging
=?iso-8859-1?q?jeff=20x?= [EMAIL PROTECTED] wrote:
If different computer send the same request(same
user/pass) to the radius server, I would like it to
reply differently.
Ok...
Is it possible using the shortname, or anything else?
Client-IP-Address
Alan DeKok.
-
List
Anders Karlsson [EMAIL PROTECTED] wrote:
I'm wondering if there's a way to log all the error logs ( like failed
logins and so on ) into a mysql table instead of the standard radius
logfile ?
Not at this time.
As always, patches are welcome.
Alan DeKok.
-
List
When you say freeradius delivers the necessary keying data, do you
mean these two following keys?
MS-MPPE-Recv-Key =
0xc0eb6159c1ccc924b524d39c21f3c41588c60dd41945a1480b9119ef809c3060
MS-MPPE-Send-Key =
0xd9e5ca0d05d2430c4e8abea402d47d742bf80ff361945a76f0d0b14e6b84a656
the values in
hi
When you say freeradius delivers the necessary keying data, do you
mean these two following keys?
MS-MPPE-Recv-Key =
0xc0eb6159c1ccc924b524d39c21f3c41588c60dd41945a1480b9119ef809c3060
MS-MPPE-Send-Key =
0xd9e5ca0d05d2430c4e8abea402d47d742bf80ff361945a76f0d0b14e6b84a656
that's exact.
the
ok, whatever a PEAP request means in the original mail :-)
it would be crazy to constantly deliver the same value, what would it be
good for? that's why it's called dynamic WEP...
ciao
artur
Alan DeKok wrote:
Artur Hecker [EMAIL PROTECTED] wrote:
the values in MS-MPPE-Recv-Key and
On Wed, 2004-08-25 at 11:52, Alan DeKok wrote:
Artur Hecker [EMAIL PROTECTED] wrote:
the values in MS-MPPE-Recv-Key and MS-MPPE-Send-Key change in every PEAP
request...
what do you mean by this statement? these attributes are only present in
the Access-Accept message sent by the
I am resending this because I still don't know how to configure two
different DEFAULT lists
for accept and reject. When I add DEFAULT Auth-Type == Reject on
the top of DEAULT lists,
it just fails everything.
Kevin
Kevin J wrote:
Alan DeKok wrote:
kevin J [EMAIL PROTECTED] wrote:
I just
I'd like to know if it is possible to allow external customers limited
access to add users to our RADIUS configuration. We manage many
firewalls for different customers. VPN users on the firewalls can be
authenticated via our Freeradius server. So when another VPN needs to
be setup on the
kevin J [EMAIL PROTECTED] wrote:
I am resending this because I still don't know how to configure two
different DEFAULT lists for accept and reject.
As my original message said, the users file isn't really designed
to do that.
When I add DEFAULT Auth-Type == Reject on the top of DEAULT
kevin J wrote:
I am resending this because I still don't know how to configure two
different DEFAULT lists
for accept and reject. When I add DEFAULT Auth-Type == Reject
on
the top of DEAULT lists,
it just fails everything.
I have radius server that gets the user's password from a
Maqbool Hashim [EMAIL PROTECTED] wrote:
I'd like to know if it is possible to allow external customers limited
access to add users to our RADIUS configuration.
Yes, but it's probably a bad idea.
Is this possible? I know this will involve realms, but how can we get
the customer to update
Thanks Alan and Thor,
Thor, can you show me your auth.pl?
Kevin
Thor Spruyt wrote:
kevin J wrote:
I am resending this because I still don't know how to configure two
different DEFAULT lists
for accept and reject. When I add DEFAULT Auth-Type == Reject
on
the top of DEAULT lists,
it just
at the database level you can create a database user and GRANT them
rights on the users table. That would, howeer, allow them to mess
with users of other external customrs. If you tag vpn users so you
can identify to whom the user belongs, you can use an application
which authenticates the
kevin J wrote:
Thor, can you show me your auth.pl?
It's a perl script.
This is the reject subroutine, which can be called anywhere in the script to
reject the user with a message:
sub auth_reject {
my ($message) = @_;
print LOG Rejecting login: $message\n;
print
just squid would be enouth.
jassim El-mansori wrote:
hi
i've doubt about using freeradius, actually
i have this model
(win2k)-(RH9+radius)(Internet)
I'm wondering if radius implementing freeradius will
be enough
I'm using freeradius as an authentication point that
forces
At least it works! :-)
Ciao,
Marco
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi
If I want to do something like
1) ldapsearch for a-table
1-1) if the user exists in a-table, do pap or chap
2) if any of above fails, ldapsearch for b-table
2-1) if the user exists in b-table, do chap or pap
3) if any of above fails, ldapsearch for c-table
3-1) if the user exists in
I'm trying to get EAP-TTLS working on an Avaya WPA WLAN network, using
LDAP as the user/password database. I'm running FreeRadius version 1.0.0.
In an older version of the doc/rlm_eap documentation, it seems to imply
that you can use both EAP and LDAP, but newer documentation states that
because
i want to know how to use accounting and billing for the freeradius eap-tls thing.ive
already installed it.
srinivasan.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
44 matches
Mail list logo
