When a user logs in 23 hours and 59 minutes after the first
connection, I expected freeradius to return the Session-Timeout
attribute in the access-accept (with value 60).
Actually it does not, so the user can stay connected well after the 24
hours limit.
So... what does the
Hello all,
I have read a lot of docs in making the postgresql works with freeradius v
1.0.2 however, all my effort proves abortive.
I will be glad if I can be directed to a mail on the list or docs to read to
get freeradius work with postgresql.
Thanks
Adegoke
-
List
On Tuesday 29 March 2005 13:49, [EMAIL PROTECTED] wrote:
Hello all,
I have read a lot of docs in making the postgresql works with freeradius v
1.0.2 however, all my effort proves abortive.
I will be glad if I can be directed to a mail on the list or docs to read
to get freeradius work with
Hi
I'm trying to proxy just the tunneled part of my PEAP authentication.
The user is to log in as [EMAIL PROTECTED]. The tunnel is decoded
locally and then the tunneled authentication is proxied to a remote
server.
I've added the following lines to the users file to configure this:
# Proxy
On Mon, 28 Mar 2005, Jarred Cleem wrote:
I am setting up a test environment and I am having some problems. Any help
would be great. I have the servers build very similarly to what is document
at
http://www.freeradius.org/radiusd/doc/ldap_howto.txt. I have created a few
profiles like dialup,
Hi all,
Up until now, we've used freeradius to authenticate a pool of RAS
units. Moving forward, we want to authenticate some users on some RAS
units, but deny them on others. What is the proper way to do this?
Is this a function of the RAS or a function of the radius server?
Any help would
Called-Station-Id ?
--
Chris.
I love deadlines. I especially love the whooshing sound they make as they
fly by... - Douglas Adams, 'Hitchhiker's Guide to the Galaxy'
- Original Message -
From: Jason Frisvold [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Sent: Tuesday,
On Tue, 29 Mar 2005 16:23:43 +0200, Chris Knipe [EMAIL PROTECTED] wrote:
Called-Station-Id ?
Radius checks this and allows/denies appropriately? Do you have a
link to documentation on how to set something like this up?
Thanks!
--
Chris.
--
Jason 'XenoPhage' Frisvold
[EMAIL PROTECTED]
-
One way to do it is to add the users allowed to the huntgroups. Example:
huntgroups...
NAS1NAS-IP-Address == 1.2.3.4
User-Name == user1,
User-Name == user2
NAS2NAS-IP-Address == 2.3.4.5
User-Name == user3,
User-Name == user4
users...
user1 Huntgroup-Name
On Tue, 29 Mar 2005 07:51:41 -0700, Kenneth Grady [EMAIL PROTECTED] wrote:
One way to do it is to add the users allowed to the huntgroups. Example:
huntgroups...
Ok, so now what happens when you start dealing with other devices like
a redback? Can those be added into the huntgroups as well?
Hello,
I want to make an authentification with PEAP TLS.
I think that my tls tunnel works fine, but i can't authenticate any user
from my windows XP SP2. I have an AP netgear WG302, and my freeradius
run on Mandrake 10.1.
I read the FAQ and the news but, i am always in black ...
My conf.
users
Yes, it does.
A sample from our users file
#testy Auth-Type := Local, Simultaneous-Use := 1, Max-All-Session := 10800,
Pool-Name := ippool-prepaid, Called-Station-Id = wcore-nasgw01,
NAS-Port-Type == Ethernet
# Acct-Interim-Interval = 300,
# Rate-Limit = 256k/256k,
#
On Tue, 29 Mar 2005 17:13:33 +0200, Chris Knipe [EMAIL PROTECTED] wrote:
What the value of Called-Station-Id is supposed to be, is up to what your
NAS sends to FR though. As the other reply also stated, huntgroups is
another way to do this but it may not be a viable option to have all your
Cisco sends $enable15$ as a user name to radius for enable authentications
is there a way not to store the password in etc/raddb/users? I don't think
linux will allow a username to start with a $. Or can I encrypt the
password some how in the users files?
Thanks,
Matthew
- Original Message -
From: Jason Frisvold [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Sent: Tuesday, March 29, 2005 5:51 PM
Subject: Re: Authenticating and Blocking per client
On Tue, 29 Mar 2005 17:13:33 +0200, Chris Knipe [EMAIL PROTECTED]
wrote:
What the value of
On Tue, 29 Mar 2005 09:54:42 -0600, Matthew Opoka [EMAIL PROTECTED] wrote:
Cisco sends $enable15$ as a user name to radius for enable authentications
is there a way not to store the password in etc/raddb/users? I don't think
linux will allow a username to start with a $. Or can I encrypt the
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Jason Frisvold
Sent: Tuesday, March 29, 2005 9:59 AM
To: freeradius-users@lists.freeradius.org
Subject: Re: aaa authentication enable on cisco
On Tue, 29 Mar 2005 09:54:42 -0600, Matthew Opoka
I would like to know if it is possible to set up freeradius to first
authenticate against the local database and if not found proxy the request
off to another radius server. I am running freeradius 0.9.3 on a postgres
database
Jaco van Tonder
-
List info/subscribe/unsubscribe? See
kolargol [EMAIL PROTECTED] wrote:
I have problem with Calling-Station-Id set up in user file:
kolargol User-Password == xxx, Calling-Station-Id == 000ce5475611
during auth debug log shows:
Not much of anything useful.
As a hint: reading the last little bit of the debug log isn't
Mametz Laurent [EMAIL PROTECTED] wrote:
I want to make an authentification with PEAP TLS.
I think that my tls tunnel works fine, but i can't authenticate any user
from my windows XP SP2.
SP2 doesn't work with non-MS RADIUS servers. There is a fix. Read
their knowledge base, or search the
On Tue, Mar 29, 2005, Mametz Laurent wrote:
Hello,
I want to make an authentification with PEAP TLS.
I think that my tls tunnel works fine, but i can't authenticate any user
from my windows XP SP2. I have an AP netgear WG302, and my freeradius
run on Mandrake 10.1.
I read the FAQ and the
On Tue, 29 Mar 2005 17:59:13 +0200, Chris Knipe [EMAIL PROTECTED] wrote:
Yep. Should work. Multiple addresses... Hmmm... try adding it multiple
times?
Ok, so I added multiple NAS-IP-Address entries in the database.
Tested it from a RAS that wasn't in that list, and got on without a
problem.
On Tue, 29 Mar 2005 12:09:46 -0500, Jason Frisvold [EMAIL PROTECTED] wrote:
Ok, so I added multiple NAS-IP-Address entries in the database.
Tested it from a RAS that wasn't in that list, and got on without a
problem. So... I'm missing something. Is there some special module
that needs to be
Hi,
Environment:
FreeRADIUS 1.0.2
WinXP Pro (patched)
I'm almost there. I've got FreeRADIUS authenticating the WinXP Pro
client (Intel PRO/Wireless 2915 and NetGear FWAG114, btw) using the
smbpasswd file on the server *if* I configure XP *not* to use my
Windows login name and password,
* Jason Ornstein [EMAIL PROTECTED] [2005-03-25 17:11:57 -0700]:
Fri Mar 25 09:01:45 2005 : Debug: auth: type Crypt
Segmentation Fault - core dumped
radiusd
(gdb) where
#0 0xff257590 in DES_ncbc_encrypt () from /usr/local/ssl/lib/libcrypto.so
#1 0xff259b4c in
Not sure how to ask my next question so I will try my best. We have
some users who receive static IP addresses and other special attributes
that are unique to only that user. Then we have some who receive the
same attributes and attribute values as the next person. The big
difference is
Hi there,
Am I right in that the checkrad program needs to be customized per
environment? It appears, at least thus far, that the checkrad program
doesn't check the naspasswd file for patton RAS units...
Is this accurate?
--
Jason 'XenoPhage' Frisvold
[EMAIL PROTECTED]
-
List
Can someone send me a sample of a php login page that hits the freeradius
server? I have the server running with mysql as the db backend and it is
working just fine. Now I need the php code calls the radiusd process and
returns the results (which I will forward to an Access Point).
Never
Wow.. today seems to be the day I sent a lot of mail to the freeradius
list.. :)
Hopefully an answer to this will finish off what I need to accomplish... :)
In my radiusd.conf file, I have enabled sql for simultaneous use checking :
session {
sql
}
I don't have radutmp enabled. I
I don't have radutmp enabled. I noticed, however, in the radutmp
module definition, the check_with_nas option. It appears that this
causes the checkrad program to be called. If radutmp is not enabled,
checkrad isn't called.. I think.
To my knowledge, checkrad is never called if utmp isn't
On Tue, 29 Mar 2005 20:58:45 +0200, Chris Knipe [EMAIL PROTECTED] wrote:
You must run utmp. Even if it is just for simul. use. You can stil have
all your accounting in SQL instead of detailed files, but utmp must be there
for checkrad.
Ugh.. So, if my primary radius server fails to backup,
It may actually be a good idea to get checkrad to be called if utmp *OR*
SQL
thinks a user is loged in twice But that will require some source
hacking I think.
I guess I don't understand the purpose of the simul checks in the
sql.conf file then.. If utmp is the only thing that checks for
On Tue, 29 Mar 2005 21:18:06 +0200, Chris Knipe [EMAIL PROTECTED] wrote:
Again, I am guessing this is incomplete code (at this stage).
snip
you manually reset all the SQL acocunting records)... I hope I'm making
sense...
Yup.. seems clear anough..
Again, IMHO checkrad should be called
Chris Knipe [EMAIL PROTECTED] wrote:
In this situation, the correct approach would be for checkrad to be
called from FR yes - something, which for some reason it is not
doing.
It should, but I'm not sure why.
If a utmp is in place, in the above occurance, checkrad would be called
which
If a utmp is in place, in the above occurance, checkrad would be called
which will verify that the user is NOT logged into the NAS, and thus will
allow the auth. You will however still sit with the stale accounting
records in SQL
No. See src/main/session.c. If the user is no longer logged in,
Hi
I'm having some problems getting Session_Timeout to function - when thetime limit is reached nothing happens (I assume it is suposed to sendsome sort of disconnect message). Is there anything else that needs setalongside this to have it function? because when the user is connected there isn't a
On Tue, 29 Mar 2005 14:36:42 -0500, Alan DeKok [EMAIL PROTECTED] wrote:
I believe it is. See src/modules/rlm_sql/rlm_sql.c, which calls
rad_check_ts().
Yup, I definitely see that.. And now that I'm digging deeper, I'm
seeing the problem..
*sigh*
So here's what I'm guessing is going on...
Janet [EMAIL PROTECTED] wrote:
I'm having some problems getting Session_Timeout to function - when the
time limit is reached nothing happens (I assume it is suposed to send
some sort of disconnect message).
No.
The NAS is supposed to disconnect the user.
I'm using Alchemy
On the FreeRADIUS website, it says that it supports load balancing, but
I cannot find any documentation at all on how to set it up. I found some
stuff on module failovers, but nothing on load balancing. Does anyone
have any more information on this?
I'm not really that interested in load
Does someone have a good howto on setting
up Radius to make use of an LDAP group. I read the ldap docs at freeradius.org
and that seemed like overkill I just want to have a group and put the user
in the group to give them access?
Douglas Sterner
I try to use my linux server with a wireless router to setup
a WPA + RADIUS wireless network. If I use static IP on the wireless client, WPA
+ RADIUS works. If I dont use RADIUS, and only use WEP or WPA-PSK with
open authentication, the wireless client can get IP from my DHCP server on my
* Jason Ornstein [EMAIL PROTECTED] [2005-03-29 11:10:32 -0700]:
(gdb) where
#0 0xff257590 in DES_ncbc_encrypt () from
/usr/local/ssl/lib/libcrypto.so
#1 0xff259b4c in _des_crypt () from /usr/local/ssl/lib/libcrypto.so
#2 0xff33fcb4 in lrad_crypt_check (key=0xffbeda00
Eliot, GLI wireless tech support [EMAIL PROTECTED] wrote:
On the FreeRADIUS website, it says that it supports load balancing, but
I cannot find any documentation at all on how to set it up. I found some
stuff on module failovers, but nothing on load balancing. Does anyone
have any more
Jason Ornstein [EMAIL PROTECTED] wrote:
All of my issues with crypt were caused by this line in the rc.radiusd
startup script:
LD_PRELOAD=/usr/local/ssl/lib/libcrypto.so
I removed that line and now everything is working as it should be.
sigh OpenSSL implements a version of
each time i connect to the server,the adsl-connect only keep 0.4
minutes,and then the modem hangup,and the auto reconnect.
is there some attribute i didn't set a right value in mysql or other
problem?
thanks.
_
MSN Messenger:
Hello!
I've searched and searched, and tried every hint I could find, and
cannot seem to make it work using the Windows login name and
password. Is it possible?
Make your users set a password for their login on the XP machine. That is the
username/password combination XP will use for
Dear All,
Simultaneous
Could any one tell us how many users/requests can be
connected/transferred to FreeRADIUS at the same time through NASs for different
issues (Authentication, Authorization, and Accounting purposes).
Thanks,
JT
On Tue, 29 Mar 2005 09:41:50 +0200, Sebastian Wild [EMAIL PROTECTED] wrote:
Mark Nichols wrote:
Can someone send me a sample of a php login page that hits the freeradius
server? I have the server running with mysql as the db backend and it is
working just fine. Now I need the php code calls
48 matches
Mail list logo
