On Fri, Sep 24, 2004 at 10:24:09AM -0400, Alan DeKok wrote:
Oliver Graf [EMAIL PROTECTED] wrote:
I've upgraded recently from 0.9.3 to 1.0.1. There seems to be one
small problem in the sql module: a Username seems to be quoted two
times, first when setting sql_user_name, then when doing the
On Wed, Sep 29, 2004 at 08:10:45AM +0200, Oliver Graf wrote:
On Fri, Sep 24, 2004 at 10:24:09AM -0400, Alan DeKok wrote:
Oliver Graf [EMAIL PROTECTED] wrote:
Something is escaping '#' to '=23', probably in the SQL module.
Yeah. The Problem is that the allowed_chars string in 0.9.3
Hello.
My setup for my testbed is like this:
Radius Client(Linux Based PC)-Radius Server-mysql DB
Is there any simulation program that create session
from multiple user for freeradius?
Or, is there a way to make radius server to do
accounting with the radacct tables first empty then
when the
On Wed, Sep 29, 2004 at 08:10:45AM +0200, Oliver Graf wrote:
On Fri, Sep 24, 2004 at 10:24:09AM -0400, Alan DeKok wrote:
Oliver Graf [EMAIL PROTECTED] wrote:
I've upgraded recently from 0.9.3 to 1.0.1. There seems to be one
small problem in the sql module: a Username seems to be quoted
hi all,
that's my configuration.
users file:
Max Max-Daily-Session := 3600, Password = Max, NAS-IP-Address
= 192.168.1.4, Simultaneous-Use = 1
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-MTU = 1500,
Idle-Timeout = 3600,
Port-Limit = 1
I can't seem to get beyond this problem -- and it is
strange since I am simply moving from one server to
another. Both are SuSE 9.1 and yet it works on one, but not
on the second. Of course, I am cheating and copying all
files over. Although I have fully recompiled freeradius
1.0.1
Any
hi all,
that's my configuration. Sorry for the mistakes.
users file:
Max Max-Daily-Session := 3600, Password = Max, NAS-IP-Address
= 192.168.1.4, Simultaneous-Use = 1
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
I have just compiled
and installed a FreeRadius V1.0.1, with all the experimental modules (and esp.
simtriplets).
I have configured it
to use EAP-SIM authentication for one user.
Ihave
triedto run the eam-sim test number 6 using "radeapclient" and I am now
stuck on two problems:
1)
On Tue, 28 Sep 2004, Paul wrote:
What i need is failover for accounting and session tracking.
Auth will be done using LDAP.
Mirroring the DB is not possibe because accounting has alot of inserts,
that would need to have multi-master replication.
I would like to use application data
On Tue, 28 Sep 2004, Chris Stith wrote:
We're currently using ICRADIUS. One of the things we like about it is
that we can use one MySQL database server for the radcheck and radreply
information while we use another for accounting.
I don't see in the documentation for rlm_sql any options for
Hello,
First, you should place Auth-Type := Accept in your radcheck not radreply
Second, please show us your configuration files.
Best Regards,
Brian Ammons wrote:
I am a radius rookie. I have FreeRadius 1.0.0 installed on Slack 9.1 and
have the mySql compatibility working as well. I ran the
I may have seen something similar. I have FreeBSD 4.10 with gcc 2.95.4, and
I am trying to migrate from freeradius 0.9.3 to 1.0.1 but I get this segfault
at about the same point in startup when running in debug mode too. When not
in debug mode, the daemon just starts and hangs. I have provided
Thanks it worked. [EMAIL PROTECTED] 9/28/2004 11:33:27 PM
I am trying to install/compile freeRADIUS 1.0.1 version on SUSE Ent 9.0. without success.This is what I get when I do./configuremake..In file included from x99_rlm.c:54:x99.h:26:42: openssl/des.h: No such file or directoryIn file
I'm having a problem getting freeradius to build under solaris 9.
Fresh install of Solaris 9, compilers from the companion cd.
the gmake fails in rlm_ldap when it is trying to do the ld. It
complains that it can't find the libraries
liblber, libldap_r, and libldap_ra. I tried linking to them from
I'm trying to setup a network where each AP on the network must
authenticate to a radius server before being assigned an IP address
and then joining the network. Using a commercial radius package, I had
to specify that the APs were Cisco APs to get everything to work.
Under 0.9.3, everything just
I need assistance configuring my Free Radius
install. Is anyone available to assist me for a small fee?
I would post my questions one by one but I feel it
would take forever and gum up this resource. I have been following the posts
with great interest but I still have some fundamental
We are trying to setup the following system:
1)Wireless users ask Wireless gateway for authentication
2)Gateway (BlueSocket) asks Suse(SLES 9.0)freeRadius server
for authentication.
3)freeRadius uses LDAP module to talk to LDAP running on Novell Server with eDirectory (NDS)
to get user info
Andrew Werbowy [EMAIL PROTECTED] wrote:
Did anyone came across this issue?
...
Yes. A search on google would have found similar problems.
If you're not using rlm_x99_token, delete the whole directory.
We want to use RADIUS to talk to LDAP server running Novell Netware
platform for
Nour Omar [EMAIL PROTECTED] wrote:
I wanted to write VOIP billing software( with prepaid, post-paid and
advanced routing features, etc, etc) as FreeRADIUS plugin
module. And I'm not sure if I want to make my module Open Source or
not(Not decided yet).
If you are planning on distributing
Stephen Donovan [EMAIL PROTECTED] wrote:
Under 1.0.1, I edited the radiusd.conf, eap.conf, and other files so
that they are similiar but the APs will not authenticate.
Does anybody have any suggestion? Here is a copy of the output that I
receive under 1.0.1.
You're running on Solaris, and
i'm also trying to make this configuration. But something doesn't stick
together.
i've added the following lines in the modules section:
sql sql1 {
}
sql sql2 {
}
but when starting the server the following appears:
Module: Instantiated preprocess (preprocess)
radiusd.conf[11]
Mahesh S Kudva [EMAIL PROTECTED] wrote:
I have been trying to setup WPA Enterprise in windows 2000 professional.
It works perfectly fine with Mac OS X. In windows, the OS accepts the
certificate initially and that's it.
What do you mean The OS accepts the certificate?
It never tries to
Elad Kugman [EMAIL PROTECTED] wrote:
I have a problem to define a Vendor-Specific Attribute in MYSql freeradius.
I define it by MYSql Control Center in the radreply table.
Are you willing to say how, or is that a secret?
When i check my user with the radtest i get the following msg:
Raphael Clifford [EMAIL PROTECTED] wrote:
a) Does the radius server have to be physically connected to the access
point/on the same subnet/anywhere on the network?
The AP has to be able to send packets to the RADIUS server.
c) Is there some simple step by step guide to setting up
Josh Howlett [EMAIL PROTECTED] wrote:
I have some very noisy NASes generating a lot of spurious
Acct-Status-Type=Alive requests. There's no way to turn these off at the
NAS.
Am I right in thinking that there's no way to drop a request on the basis
of the value of Acct-Status-Type?
You
David [EMAIL PROTECTED] wrote:
Is it possible in FR 1.0.0 to check the database for
[EMAIL PROTECTED] and then if it is not present, proxy
the request to abc.com ?
Yes.
authorize {
group {
sql {
notfound = 1
}
Cris Boisvert [EMAIL PROTECTED] wrote:
I have been trying to do the same thing I have the references in the
radius.conf as notated in the Doc's although I cannot get it to
Connect to the second sql server
I have this in the radius.conf
$INCLUDE ${confdir}/sql.conf
$INCLUDE
Yup thats what I'm getting also... now..
I'm glad I'm not alone
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Edgars
Sent: Wednesday, September 29, 2004 11:30 AM
To: [EMAIL PROTECTED]
Subject: Re: SQL db failover
i'm also trying to make this
zack musa [EMAIL PROTECTED] wrote:
Is there any simulation program that create session
from multiple user for freeradius?
No. You can use radclient, and create test packets by hand. It
isn't hard.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
[EMAIL PROTECTED] wrote:
Processing the autenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
rlm_chap: login attempt by Max with CHAP password
rlm_chap: Could not find clear text password for user Max
So... tell the server what the user's correct password
anonymous [EMAIL PROTECTED] wrote:
1) During authentication, the server says that it does not recognize the
Autz-Type attribute set on my user in the users file (as recommended in
the test documentation). I had to remove this attribute to go further.
Are you willing to post the exact error
Andrew Werbowy [EMAIL PROTECTED] wrote:
rlm_ldap: performing search in o=cbcsrc, with filter (uid=tor_sysop_2)
rlm_ldap: no dialupAccess attribute - access denied by default
Look at access_attr in the ldap{} configuration in radiusd.conf.
You probably want to delete/comment out that line.
On Wed, 2004-09-29 at 08:55, Kostas Kalevras wrote:
On Tue, 28 Sep 2004, Paul wrote:
What i need is failover for accounting and session tracking.
Auth will be done using LDAP.
Mirroring the DB is not possibe because accounting has alot of inserts,
that would need to have
On Wed, 29 Sep 2004, Paul wrote:
On Wed, 2004-09-29 at 08:55, Kostas Kalevras wrote:
On Tue, 28 Sep 2004, Paul wrote:
What i need is failover for accounting and session tracking.
Auth will be done using LDAP.
Mirroring the DB is not possibe because accounting has alot of
I have this in my radiusd.conf now. I get this error when I try to start
radius
Wed Sep 29 12:00:27 2004 : Info: rlm_sql_mysql: Starting connect to MySQL
server for #0
Wed Sep 29 12:00:27 2004 : Info: rlm_sql_mysql: Starting connect to MySQL
server for #1
Wed Sep 29 12:00:27 2004 : Info:
I removed this line and now I get this:
...
..
.
rlm_ldap: looking for check items in directory...rlm_ldap: looking for reply items in directory...rlm_ldap: user tor_sysop_2 authorized to use remote accessrlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for
On Wed, 29 Sep 2004, Cris Boisvert wrote:
I have this in my radiusd.conf now. I get this error when I try to start
radius
Wed Sep 29 12:00:27 2004 : Info: rlm_sql_mysql: Starting connect to MySQL
server for #0
Wed Sep 29 12:00:27 2004 : Info: rlm_sql_mysql: Starting connect to MySQL
Cris Boisvert [EMAIL PROTECTED] wrote:
$INCLUDE ${confdir}/sql.conf
$INCLUDE ${confdir}/sql2.conf
modules {
sql sql {
}
sql sql2 {
}
The $INCLUDE ${confdir}/sql.conf should be INSIDE of the modules{}
section, which means you don't need to have TWO definitions
Andrew Werbowy [EMAIL PROTECTED] wrote:
...
I'm on the list. Please don't CC me on mail. I get too much mail
as it is.
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type LDAP
auth: type LDAP
ERROR: Unknown value specified for Auth-Type. Cannot
hello,
I'm trying to assign wireless users connecting to Cisco Aironet 1230 to VLAN
thanks to Freeradius.
Here's the situation :
- Cisco Aironet 1200 with 12.2(15)JA IOS with 3 VLAN :
...
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 1 mode wep mandatory
!
hello,
SORRY, THE FIRST MAIL WAS UNCOMPLETE.
I'm trying to assign wireless users connecting to Cisco Aironet 1230 to VLAN
thanks to Freeradius.
Here's the situation :
- Cisco Aironet 1200 with 12.2(15)JA IOS with 3 VLAN :
...
interface Dot11Radio0
no ip address
no ip route-cache
!
Dear List,
Following is my configuration:
freeRadius ver: 0.9.3
OS: debian woody
NAS: (Total control) USRHiper
My users file has a block for default user
DEFAULT Auth-Type := Accept, Simultaneous-Use := 1
Exec-Program-Wait = my_radius_auth_check -t auth,
Framed-IP-Address =
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sep 29, 2004, at 11:30 AM, Alan DeKok wrote:
Nour Omar [EMAIL PROTECTED] wrote:
My guess is that since it is seperate .so
module(dynamically loaded module) that is not part of FreeRADIUS
binary, It would not need the same licence as FreeRADIUS but
It looks like its working... YEEEA!!!
Thanx Very much...
The
always handled {
rcode = handled
}
}
I found in the example in the /doc/configure-failover
Thanx again..
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Hello all,
I am running freeradius 0.9.3 with mysql 4.0.18-standard.
I am trying to setup DNIS map on a cisco AS5300 running IOS ver
(C5300-IS-M), Version 12.2(15)T5
without any luck
Does anybody have any suggestions or know of a better way to do this?
Thanks in advance.
-
List
Terry J Fike Jr [EMAIL PROTECTED] wrote:
Okay, i'm not sure if this is the right place, to ask, but since it is
more or less radius accounting i thought i'd try here. Does anyone know
the difference in the data in the columns inputoctets/outputoctets and
inputoctets64/outputoctets64 and
Jon Moore [EMAIL PROTECTED] wrote:
No. The module will be linked into the server, and will be part of
it. It therefore must be GPL'd.
I don't think this is technically correct. While I agree that he cannot
distribute a binary-only modified FreeRadius, there is nothing stopping
him
Jean-Marie GUILLEMOT [EMAIL PROTECTED] wrote:
I'm trying to assign wireless users connecting to Cisco Aironet 1230 to VLAN
thanks to Freeradius.
I'm not sure that's possible. See the Cisco AP documentation for a
list of what attributes it can understand in an Access-Accept.
Alan DeKok.
I think this more of the IOS configuration
Have you looked this yet
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t1/dtaudnis.htm#xtocid12091
And make sure you are receiving DNIS from the Telco
Kafui Amedzekor.
--- Tim Petersen [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sep 29, 2004, at 2:20 PM, Alan DeKok wrote:
Jon Moore [EMAIL PROTECTED] wrote:
No. The module will be linked into the server, and will be part of
it. It therefore must be GPL'd.
I don't think this is technically correct. While I agree that he
Terry J Fike Jr [EMAIL PROTECTED] wrote:
/ Okay, i'm not sure if this is the right place, to ask, but since it is /
/ more or less radius accounting i thought i'd try here. Does anyone know /
/ the difference in the data in the columns inputoctets/outputoctets and /
/ inputoctets64/outputoctets64
Jon Moore [EMAIL PROTECTED] wrote:
From section 2 of the GPL (regarding the rights to modify the Program):
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and
Sorry... I had Replay To All set on my mailbox options.
I did change and now I get this:
rlm_ldap: performing search in o=cbcsrc, with filter (uid=tor_sysop_2)rlm_ldap: looking for check items in directory...rlm_ldap: looking for reply items in directory...rlm_ldap: user tor_sysop_2 authorized
The Acct_Output_Octets_64 isn't a standard RADIUS attribute. It's
a Redback attribute. (see dictionary.redback)
I suggest asking Redback what it means, and why it's zero.
Alan DeKok.
Okay, will do. Thank you very much!
t-
--
Terry J Fike Jr
System Administrator
MTA Solutions
907-793-4100
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alan,
I completely agree. I went back and re-read the discussion, and
realized that I might have misinterpreted an earlier statement by you.
(I thought you were claiming he could not distribute a closed-source
dynamically loaded module, even if that
Andrew Werbowy [EMAIL PROTECTED] wrote:
I am giving right password.
Yes, I know. That's not the point. The point is that the *server*
doesn't know what the correct password is.
Put the following at the top of the users file:
#---
tor_sysop_2 User-Password ==
I know this seems to be a common question, and I have seen many
replies, but no conclusions on how to actally fix it.
I have setup on a Redhat 9.0 server freeradius-1.0.1.tar.gz and did a
standard compile, with just ./configure make make install.
I also have OpenSSL 0.9.7a Feb 19 2003 on the
Hello group I am running freeRADIUS successfully for
authorization; however, I have recently included a CISCO 5300 into the mix, not
getting a password from the CISCO server
(O/S RH AS 2.1/ freeradius .08)
Line from the log file:
Mon Sep 20 16:10:30 2004 : Auth: Login incorrect:
Tim Rich, Jr. [EMAIL PROTECTED] wrote:
I'm not sure what to send to assist you all in resolving this, but if you
say what to send, I will send it.
Run the server in debugging mode, as suggested in the FAQ and README.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Shaun McCloud [EMAIL PROTECTED] wrote:
The touble I seem to be unable to get away from is the no
User-Password attibute.
That message just says that the user was rejected.
I know I must be missing something simple, but having never set up
radius for wireless I can't seem to find what it is
List -
Here is the clip from the output as Alan requested. (and thanks, Alan, I
should have mentioned that I looked in the FAQ, the book, and the archives
before posting the note - thanks for the reminder. I have been on the list
for 17 months or so and realize how much you add to the list -
OK, now i am just more confused.
I changed the line in my users file to read
egnaro Auth-Type := EAP, User-Password == test
And I can login just fine... It works, but I still get the no
User-Password attribute
Any clues then as to what that is refering too?
here again is the complete
Shaun McCloud [EMAIL PROTECTED] wrote:
I changed the line in my users file to read
egnaro Auth-Type := EAP, User-Password == test
You shouldn't have to specify Auth-Type, the server should figure it
out. See eap.conf.
And I can login just fine... It works, but I still get the no
Tim Rich, Jr. [EMAIL PROTECTED] wrote:
Here is the clip from the output as Alan requested. (and thanks, Alan, I
should have mentioned that I looked in the FAQ, the book, and the archives
before posting the note - thanks for the reminder. I have been on the list
for 17 months or so and realize
I am trying to set up eap-tls yadda yadda I have been following these
instructions to a tee:
http://www.broadbandreports.com/forum/remark,9286052~mode=flat
... (kudos to jbibe btw)
I am stuck trying to locate a script on this howto:
http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm
Hmm,
The only way I can seem to login is if I use the line
egnaro Auth-Type := EAP, User-Password == test
I have tried some veriance to that line, such as:
egnaro Auth-Type := Local, User-Password == test
egnaro Auth-Type := Local
egnaro
Alan - Thanks for the quick reply. I am assuming that when you say Don't
set Auth-Type The server will figure it out you mean on the cisco as I
don't know where that would be set in the radiusd.conf; however, I have
followed the book to the t and it has local in it. So you say just remove
the
Hehe,
Ok call me a little thick.
I changed the line to
egnaro User-Password == test
and it logs in just fine.
Though am I asuming correctly that I cannot use the system passwords?
Thanks again Alan, you got great patience.
On Wed, 29 Sep 2004 13:58:48 -0700, Shaun McCloud
Shaun McCloud [EMAIL PROTECTED] wrote:
I have tried some veriance to that line, such as:
egnaro Auth-Type := Local, User-Password == test
egnaro Auth-Type := Local
egnaro Auth-Type := System
No login success with any of those. So if i do not need to
Tim,
Looks like you are having some of the same trouble I am.
The config file that I am working with that I had to remove the
Auth-Type from is the user file.
Shaun
On Wed, 29 Sep 2004 17:04:05 -0400, Tim Rich, Jr.
[EMAIL PROTECTED] wrote:
Alan - Thanks for the quick reply. I am assuming
Alan - so sorry - it was in the MySQL table for a test user that I formerly
used and just used it to try again. I am sorry to waste your time.
Tim
-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 29, 2004 5:02 PM
To: [EMAIL PROTECTED]
Subject:
Do I have to do this to all users?
I thought that LDAP server would give me a password.
[EMAIL PROTECTED] 09/29/04 4:04 PM
Andrew Werbowy [EMAIL PROTECTED] wrote:
I am giving right password.
Yes, I know. That's not the point. The point is that the *server*
doesn't know what the correct
Hi,
It's possible to switch VLAN when the user connecting to Cisco Aironet.
For 802.1x with VLAN switching, three radius attribute-value pairs are
defined.
In the user file for example:
xxx User-Password == xxx
Tunnel-Type:1 = 13,
Tunnel-Medium-Type:1 = 6,
Tunnel-Private-Group-ID:1 = 17
Hi Jean-Marie,
it's preferable to use the integer values instead of ASCII strings.
So for the switching VLAN, I create a local VLAN on Cisco Aironet with a
speficied SSID. The user configuration questions this SSID and according to
the user, this one is switched in the VLAN defines in
74 matches
Mail list logo