What date/time formats allowed for Expiration attribute? Is it possible to
use UNIX timestamp format (number of seconds since UNIX epoch)?
For exampe 'January 28 2005 12:00:00' in radcheck table works fine but
'2005-01-28 12:00:00' doesn't.
mysql select * from radcheck;
Hi,
i'm using FreeRadius with MySQL and i want to revoke user after 3 failed
login attempts.
Is there an easy way to do that?
Thanks in advance if you have links to docs.
Morgan SIZUN
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello Freeradius users,
Have anyone a good example of failover mysql config (radiusd.conf)?
I want to use SQL1, if it's down, try SQL2.
I reed the configurable_failover document but it don't work, or not
understanding.
If now one of my mysql server go down, radius server work slow and failt
Pe 28 Jan 2005, la 05:59, =?iso-8859-1?Q?Fabio_Vira=E7=E3o?= [EMAIL
PROTECTED] a scris:
Hello Manda;
Thank you very much for your help... Now i am using postgrep and I can send
the CDR to the DB. But now I have another question ... :-) how can I get
tha Callduration ?? I know thar I have to
Hello all
I want to allow only three values of Reply Message from a
specific realm.
I have read the doc rlm_attr_filter but I haven't find any
information.In attr_filter i have tested that
Reply-Message == ok
Reply-Message == remote
than that
Reply-Message == ok,
Reply-Message == remoteor
Hi,
I want to allow only three values of Reply Message from a
specific realm.
Reply-Message == ok
Reply-Message == remote
Nothing work. how to allow three different values ? Is it
possible ?
Have you tried the regex matching operator =~ yet? If you want to allow the
three distinct
Hi all,
I want to know if there is any method to add
attributes in a proxy reply based on realm.
I have tried adding an attribute
Tunnel-Type:= VLAN
in attrs file, but when the proxy reply comes the
attr_filter only adds this attribute in newly built
proxy reply and doesn't keep all other
We have made a trivial patch to the attr_filter that changes the dafault
behaviour from reject to accept, that is we accept and pass over all
attributes which are not listed in the attrs file and apply the usual rules
to the ones that are listed.
In particular an entry:
Ok I have tested
company.com
Reply-Message =~ (ValA|ValB)
it doens't work
(freeradius crash ans say :
Parse error (reply) for entry company.com: Expected end of
line or comma
Errors reading /etc/freeradius/attrs
radiusd.conf[1253]: attr_filter: Module instantiation failed.)
then i have
Ok I have tested
company.com
Reply-Message =~ (ValA|ValB)
it doens't work
(freeradius crash ans say :
Parse error (reply) for entry company.com: Expected end of
line or comma
Errors reading /etc/freeradius/attrs
radiusd.conf[1253]: attr_filter: Module instantiation failed.)
then i have
What date/time formats allowed for Expiration attribute? Is it possible to
use UNIX timestamp format (number of seconds since UNIX epoch) or any
date/time format supported by MySQL?
For exampe 'January 28 2005 12:00:00' in radcheck table works fine but
'2005-01-28 12:00:00' doesn't.
mysql select
Hi,
I am a newbie when it comes to radius. I need more security, eg: setting up
vpns for each authenticated groups. How do we set it up. The reason is , that
each group gets the same iprange, and then they can get into each others
personal files. Please Help
Regards
Zaine
-
List
Alan DeKok schrieb:
Yes please see the existing TTLS and
PEAP code which does exactly this. You have
working examples in front of you.
Use them.
Thanks, that put me on the right track again...
I stupidly was searching for a configuration
error and missed the (now obvious) error in
my
Here is some information I hope will help in narrowing down my problem:
I am using as the server freeradius-0.9.3-106.6.rpm from SuSE 9.1 64 bit.
Here are the packet captures I grabbed from the network. I'm hoping someone
has some simple code already written that can reverse the password fields
On Fri, 28 Jan 2005, [EMAIL PROTECTED] wrote:
Hi,
i'm using FreeRadius with MySQL and i want to revoke user after 3 failed
login attempts.
Is there an easy way to do that?
Use the postauth table in sql to log failed logins and then use a cron job to
find all users with more than 3 failed logins
Hello Freeradius users,
Have anyone a good example of failover mysql config (radiusd.conf)?
I want to use SQL1, if it's down, try SQL2.
I reed the configurable_failover document but it don't work, or not
understanding.
If now one of my mysql server go down, radius server work slow and
Hi,
I am a newbie when it comes to radius. I need more security, eg: setting up
vpns for each authenticated groups. How do we set it up. The reason is , that
each group gets the same iprange, and then they can get into each others
personal files. Please Help
Regards
Zaine
Since you
Hi, All:
I am now writting a RADIUS client program to leverage FreeRadius server. I
am determining the client's thread mode for handling the authentication
requests. There are two options I have.
Option 1, the RADIUS client maintians a datagram socket pool, whenever an
authentication request
Madhu Dubey [EMAIL PROTECTED] wrote:
As per man radiusd,
When testing, start off by configuring a user and password in the users file.
So long as the server knows about a user, and has a clear-text password for
that user, almost all ofthe authentication methods will just work.
BUT ,
When i shutdown mysql (sql1) he get slow on starting (240 seconds) and after
20 times i get a response.
Both mysql servers are working! I test it on a single db radius config.
I do this in radiusd.conf
$INCLUDE ${confdir}/sql1.conf # sql sql1 { server 1 options }
$INCLUDE ${confdir}/sql2.conf
On Thu, 27 Jan 2005, Alan DeKok wrote:
Joe H [EMAIL PROTECTED] wrote:
I am new to using gdb so if I did something wrong let me know.
See doc/bugs
I did read the bugs and it looked like it was only for core files, this
doesn't generate a core file.
Type 'bt' in gdb, which will tell you
On Thu, 27 Jan 2005, Dean Michaels wrote:
To support radius assigned vlans, you need to supply the AP with
Tunnel-Type, Tunnel-Medium-Type, and Tunnel-Private-Group-ID replies.
For wireless networks, use these values in the radius profiles.
Tunnel-Medium-Type = 802
Tunnel-Type = VLAN
I'm sorry to Bring this up again... somehow I'm not getting this to work.
I have this in the huntgroup and users file.
When I check off either of the 2 nas's I get an good authentication but no
Attributes back.???
This is all I have in each file Nothing else.
Huntgoup File
Michel van Dop wrote:
When i shutdown mysql (sql1) he get slow on starting (240 seconds) and
after 20 times i get a response.
Both mysql servers are working! I test it on a single db radius config.
[...]
accounting {
redundant {
sql1
sql2
}
}
redundant stanza doesn't work
Hi;
I am using a Freeradius Server with a Quintum-RAS that is sending VSA
attributes
with the attribute name *again* in the string, like:
H323-Attribute = h323-attribute=value
Cisco I can use with_cisco_vsa_hack = yes , but with Quintum this is not
working , any ideia that how
/auth-detail-20050128'
rlm_detail:
/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/radius/var/log/radius/radacct/172.22.2.32/auth-detail-20050128
modcall[authorize]: module auth_log returns ok for request 0
modcall[authorize]: module chap
Title: Message
Hi,
I'm testing PEAP
using the Cisco WLSE 2.9, which has a client to test PEAP server
connectivity. I'm posting the freeradius 1.0.1 debug output below, and I
could use a hand in evaluating what I should expect.
The radiusd.conf
file is configured for a local dbm file for
Israel Fabio Alves [EMAIL PROTECTED] wrote:
I try to do 802.1x with proxy autentication, when user loggin from
Windows XP, he put username, password and domain. The Switch will send a
request authentication for a freeradius server, that will proxy the
request conform user domain. When a try
Mensaje citado por Cris Boisvert [EMAIL PROTECTED]:
I'm sorry to Bring this up again... somehow I'm not getting this to work.
I have this in the huntgroup and users file.
When I check off either of the 2 nas's I get an good authentication but no
Attributes back.???
This is all I have in each
I just changed it to that.. and same effect .. It authenticated .. but no
attributes are passed back?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Roger Peña
Escobio
Sent: Friday, January 28, 2005 1:22 PM
To: freeradius-users@lists.freeradius.org
Use mod_auth_radius. That's how I got Apache to talk to RADIUS.
Mod_auth_PAM doesn't seem to work with the RADIUS package.
From: Rizwan Khan [EMAIL PROTECTED]
Reply-To: freeradius-users@lists.freeradius.org
To: freeradius-users@lists.freeradius.org
Subject: Re: Setup apache2 with
Thank you Stefan,
Im on the line now :-)
Chris
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Stefan Winter
Sent: Friday, January 28, 2005 8:28 AM
To: freeradius-users@lists.freeradius.org
Subject: Re: AW: Allways 10 Times to authenticate
Mensaje citado por Cris Boisvert [EMAIL PROTECTED]:
I just changed it to that.. and same effect .. It authenticated .. but no
attributes are passed back?
so, the problem is _not_ with the huntgroup file, is with the attibutes that
you use
and i don't have much experience with attributes so
I do not know right if is a problem of freeradius, it is possible that
is my configuration.
When I do a test using just the user and password, I loggin OK, but when
using username, password and domain, occurr the login failed.
If somebody have information taht help me, I will very happy.
Alan
Dudley Atkinson [EMAIL PROTECTED] wrote:
The User-Name = PEAP-ABBAABBAABBA is generated by the Cisco WLSE,
and isn't a valid name - perhaps I need to work around this somehow?
If it's only used for testing, list it in the users file.
I've read the docs but can't interpret what I'm seeing.
I'm sorry to Bring this up again... somehow I'm not getting this to work.
I have this in the huntgroup and users file.
When I check off either of the 2 nas's I get an good authentication but no
Attributes back.???
This is all I have in each file Nothing else.
Huntgoup File
Do you have nostrip setup in proxy.conf to not strip the username? Please
post debug info (radiusd -X).
On Fri, 28 Jan 2005, Israel Fabio Alves wrote:
I do not know right if is a problem of freeradius, it is possible that
is my configuration.
When I do a test using just the user and
Strange! But thank you, for linking me the bug!
I reed in the bug report a solutions, i change this:
$INCLUDE ${confdir}/sql1.conf
$INCLUDE ${confdir}/sql2.conf
authorize {
redundant {
sql1 {
ok = return
}
modcall[authorize]: module preprocess returns ok for request 0
radius_xlat:
'/usr/local/radius/var/log/radius/radacct/172.22.0.47/auth-detail-20050128'
rlm_detail:
/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/radius/var/log/radius/radacct
VICTORY!! The Fall through DID it!!
Thank you ever so much for the Help.. I've been fighting with this for over
a month...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dustin
Doris
Sent: Friday, January 28, 2005 2:16 PM
To:
On Thu, 2005-27-01 at 21:56 +0100, Sebastian Wild wrote:
Hello list,
I've just joined in here. My name is Sebastian and I am from Germany. I
work as adminstrator at an ISP and I also am a maintainer of a private
wlan project called wlan-r.
Now wlan-r uses chillispot to authenticate
Dudley Atkinson [EMAIL PROTECTED] wrote:
The User-Name = PEAP-ABBAABBAABBA is generated by the Cisco WLSE,
and isn't a valid name - perhaps I need to work around this somehow?
If it's only used for testing, list it in the users file.
I've read the docs but can't interpret what I'm
On Thu, 27 Jan 2005, freeradius-users wrote:
(In my special case I don't want to deal with user-certificates, but
with machine-based certificates. It is just a registry hack and already
done.)
Do you mean that when the PC starts up it will connect to the WLAN without
having to have someone log
/172.22.0.47/auth-detail-20050128'
rlm_detail: /usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/radius/var/log/radius/radacct/172.22.0.47/auth-detail-20050128
modcall[authorize]: module auth_log returns ok for request 0
rlm_realm: No '@' in User
What config file do you have to add the Readcleints=yes line into?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Manda
Costin
Sent: Wednesday, January 26, 2005 9:50 AM
To: freeradius-users@lists.freeradius.org;
[EMAIL PROTECTED]
Subject: Re: nas table
Proxy-State = 0x323534
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
radius_xlat:
'/usr/local/radius/var/log/radius/radacct/172.22.0.47/auth-detail-20050128'
rlm_detail
Hi
I want to authenticate user's domain nt with
freeradius but i don't know what is the procedure?
I read in the FAQ that i have to use PAM or
ntlm_auth or ntlm_smb.
So what i have to choose and please can you give me
an example. I would like use to peap, ttls method.
Regards,
durale
Now, I need to use RADIUS with TLS. But I am have problem.
I don´t know RADIUS+TLS speak with LDAP+TLS.
When I use ldapsearch the comunication with LDAP Server+TLS is OKAY in
port LDAPS (636).
In the Radius I put:
---
start_tls = yes
tls_mode = yes
Currently I have the huntgroup attribute reply's in the users file and the
actual users in a mysql database..
Based on the nas a user comes in from the huntgroup info is passed .
How would I get the huntgroup reply info into the database also.
I think their would need to be a Huntgroupreply
High CPU load, on accounting only server.
It using all available CPU, and not keeping up with what's being sent to
it.
It's a P3 900Mhz. Fedora Core 3, freeradius 1.0.1 installed from yum
install.
I'm accepting radius accounting data from several Redback SMS1800s (7 in
total)
I'm just logging to
-Original Message-
From: Dudley Atkinson [mailto:[EMAIL PROTECTED]
Sent: Friday, January 28, 2005 1:57 PM
To: 'freeradius-users@lists.freeradius.org'
Subject: RE: FW: Testing PEAP with cisco WLSE
Dudley Atkinson [EMAIL PROTECTED] wrote:
The User-Name = PEAP-ABBAABBAABBA
On Fri, 28 Jan 2005 19:25:56 -0800, Justin LaVelle
[EMAIL PROTECTED] wrote:
High CPU load, on accounting only server.
It using all available CPU, and not keeping up with what's being sent to
it.
It's a P3 900Mhz. Fedora Core 3, freeradius 1.0.1 installed from yum
install.
I'm accepting
52 matches
Mail list logo