Hi All,
Does any one have FreeRadius EAP/TLS - WinXP HOWTP by Raymond McKay.
It is currently unreacheable through Google. I need the snapshots of
WinXP client setup screens.
--
Regards,
S.Suresh Babu
' You must be the change you wish to see in the world.'
-M.K.Gandhi.
-
List
On Thu, Sep 02, 2004 at 01:24:19PM +0800, ElHassan, Omar wrote:
I have been experiencing the exact same problem - a crash with repeated
start packets. I have the same environment (O.S., gcc and freeradius).
I have found that as a test, a slight modification to sql_oracle.c to not
return
Title: RE: freeradius 1.0.0 crashes on oracle errors
More info. On this bug:
I have discovered that this problem occurs with or without using threads (i.e. radiusd -xx or radiusd -X).
Regards,
OeH
-Original Message-
From: ElHassan, Omar
Sent: Thursday, September 02, 2004 3:24
I got the cvs snapshot and found an issue with rlm_eap / there was a
./../../ typo in the attempt to create rlm_eap.o and also when it was
made after removing the typo the make install didnt move it to the
right directory. I had to move it and then the cvs worked. I had to
remove the leading ./
Christian Balzer schrieb:
user User-Password == '%u'
(let alone that rewriting the quoting as suggested would
require quite more effort than some global config option
somewhere).
1. sed something suitable to escape quotes old_file tmp_file
2. sed s/\(User-Password *==
Stefan wrote:
[sed magic]
Oh, I did that of course today, once it was clear what the problem was.
My beef is that interpretation of the users file should not have changed.
Esp. not when it's not stated such in the Changelog and the resulting
problem can be very subtle and hard to diagnose.
Hi!
for example, i want some clients to give access to the internet at
certain hours (9-17). How can i do that?
I'm using DB for accounting.
Edgars
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
is there a way to do subj. from the freeradius - i'll use this when some
time is reached.
Edgars
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dear List,
I only find Q's that PAP works and not CHAP.
Perhaps it's to easy that it works for me cause CHAP works? :)
I use version 1.0.0, User created with dialup admin
and stored in MySQL. Here's a log entry.
Works:
Packet-Type = Access-Request
Thu Sep 2 14:35:11 2004
NAS-IP-Address
Brad Dixon [EMAIL PROTECTED] wrote:
Of course, Informix returns a 64 char field each time, so Password would have 58
white spaces after it...
Set the char field to 8 chars and presto.
I'll have to have a think how this can be rectified permenantly.
Update the sql code so that it
Christian Balzer [EMAIL PROTECTED] wrote:
Which of course breaks (at the import/parse stage) the moment you hit the
first user who has a single-quote in their password (large number of them
here as well).
You have a choice:
a) use double quotes, and escape double-quotes in passwords
b)
On Wed, 1 Sep 2004, Herbert Maosa wrote:
I am running freeradius 1.0.0 intergrated with mysql 4.0 for
authentication and accounting. I have installed and configured the
dialup_admin package to allow for web interface management of the
server, but it does not seem to work. I am able to test
Muenz, Michael [EMAIL PROTECTED] wrote:
I only find Q's that PAP works and not CHAP.
...
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type System
auth: type System
Please read the FAQ. CHAP doesn't work with system passwords.
...
On Thu, 26 Aug 2004, Cris Boisvert wrote:
Running Freeradius with Mysql.
Just to Confirm by running this script monthly it cleans the accounting
table so that it doesn't get to big?
No you should use the truncate_radacct script for that. clean_radacct just
clears any open sessions from the
On Fri, 20 Aug 2004, Coates Carter wrote:
Thanks Alan DeKok for pointing out the obvious that the Autz-Type
directive is meaningless until the authorize section has had a hit at
'files'. You got me over that hurdle.
However, I am now experiencing a problem that I saw Kostas Kalevras and
On Thu, 19 Aug 2004, Alan DeKok wrote:
kevin J [EMAIL PROTECTED] wrote:
Is it true? So, PAP and some other module can't work with ldap-authorize???
No.
What about persistant connection in my question below? Is it that
radius binds ldap per authentication?
The server re-binds to
Hello Alan,
thanks for your help all the time. Proxying works fine now.
Alan DeKok wrote:
Benedikt Panzer wrote:
I tried with this users file:
DEFAULT Auth-Type := LDAP
DEFAULT Proxy-To-Realm := "students"
You're telling the server to use LDAP *always*, and to *never*
Benedikt Panzer [EMAIL PROTECTED] wrote:
Ok, I assume that a requests isn't proxyed if its Auth-Type is set to
ldap. To prevent this, I could delete the first line and just write:
/DEFAULT Proxy-To-Realm := students/
Then the ldap module is still queried
For the *authorize* section,
In a previous thread I described my scenario:
My scenario is simple. When I receive an authentication request for a
user, I want to run an external program and if everything goes OK,
return access-accept with some attributes, otherwise I want to return
access-reject with other attributes.
This
No, the other php apps do not use mysql. But now how do I check/enable
mysql support in php?
Thanks
Herbert.
Kostas Kalevras wrote:
On Wed, 1 Sep 2004, Herbert Maosa wrote:
I am running freeradius 1.0.0 intergrated with mysql 4.0 for
authentication and accounting. I have installed and
On Thu, 2 Sep 2004, Herbert Maosa wrote:
No, the other php apps do not use mysql. But now how do I check/enable
mysql support in php?
Check your php.ini
Thanks
Herbert.
Kostas Kalevras wrote:
On Wed, 1 Sep 2004, Herbert Maosa wrote:
I am running freeradius 1.0.0 intergrated with
On Fri, 20 Aug 2004, Cris Boisvert wrote:
Is their a way to add NAS Servers using the dialup admin?
The only options are Change delete and Check
Thanx
Cris
Either click on 'Clear Fields' or do a cvs update on the nas_admin.php3 page.
Thanks for the report
---
Outgoing mail is certified
I think this issue has come up on this list before.
Someone posted this solution. I am pasting it down
here. You can search the list for more information
about it too.
Here we go
Alejandro Galue wrote:
To reject users:
Reply-Message := 'You can not login now'
And the exit code is 1
Hi,
I've read the docs but i have a small question. Here goes...
I've installed freeradius 1.0.0 and i would like to make it work with
peap and eap-ttls.
How can make users eap-ttls users go check ldap passwords and peap
users go check mysql?
Thanks
Over
-
List info/subscribe/unsubscribe? See
Kostas Zorbadelos [EMAIL PROTECTED] wrote:
Autz-Type CLID{
callerid {
fail=reject
}
}
In this case when the external script returns a non zero exit code or
fails I get an Access-Reject. However I cannot put any attributes
Alan DeKok wrote:
Make the another_files module a copy of rlm_files, and point it
to different users files. It will then be run ONLY when the
external scrip returns fail, and you can add replay attributes to
the reject packet there.
I hope the rlm_exec module is going to be changed to
I don't follow the list daily, and I do no wish to get in the middle of
this pissing match in the least, however, I am having what I consider to
be a similar problem.
Background: Freeradius 0.9.3 on Fedora Core 1, openldap-2.0.27
We are auth'ing various services off the LDAP, including
Erik Denny [EMAIL PROTECTED] wrote:
I can auth PAP requests all day long, however, I get the following error
when a CHAP term server requests auth.
Thu Sep 2 13:27:40 2004 : Auth: rlm_ldap: Attribute User-Password is
required for authentication. Cannot use CHAP-Password.
Thu Sep 2
Alan DeKok wrote:
You can use doc/configurable_failover to say authorize via ldap,
and if it returns notfound, then use files
authorize {
...
group {
ldap {
ok = return
notfound = 1
}
files
}
...
}
I now have the following in radiusd.conf:
authorize {
Could you explain how to use snmp to disconnect a session, I been told you need to
use snmpwalk and do some configs on NAS to autentificate, also a problem is
knowing what is the channel, ofcourse obtaining it by radius to send to the NAS a line
clear.
I had tried to find a snmp scripts to do
There is a RADIUS disconnect mechanism which is not standardised as far as I
know and not too widely supported. In most cases you need to use SNMP or
other techniques to disconnect sessions. The most standardised way of
disconnecting sessions is to use Session-Timeout attribute to tell the NAS
You could use rlm_exec to call a script which would check the time and return
appropriately. If outside the window it can return 1 which will cause the
user to be rejected. If within the window you can return zero, and also set
an appropriate session limit to disconnect the user at the end of
hello guys
i have freeradius running on RH9 and I'm using pGina
and RADIUS plug-in and they work like a charm
now i need the user that was successfully
authenticated brows the Internet
i believe squid will do and i about to finish
configuring it
the question is how i can point them to each other
33 matches
Mail list logo