here is another suggestion:
dont use ippools on radius, use it on the nacs. Then you let the
radius decide wich ippool to use on the nac by name.
The bad thing is you have to care about pools on nacs, the good one is
you haven't to care about pool snyc.
That is an excellent suggestion,
The NAS list in the FreeRADIUS shows some typical NAS's like Cisco,
Portslave etc with which the FreeRADIUS works.
I was wondering if the FreeRADIUS Server only works with the NAS's listed or
the type of NAS doesn't matter?
I ask this because I am having problems getting my 802.1X Supplicant
Hi,
I'm using ip pools to manage my client ips from the radius side.
Here's my conf:
* users file :
DEFAULT Service-Type == Framed-User, Pool-Name := main_pool
Framed-Protocol = PPP,
Framed-MTU = 576
* radiusd.conf file:
ippool main_pool {
range-start =
On Thu, 31 Mar 2005, Sbastien Cantos wrote:
Hi,
I'm using ip pools to manage my client ips from the radius side.
Here's my conf:
* users file :
DEFAULT Service-Type == Framed-User, Pool-Name := main_pool
Framed-Protocol = PPP,
Framed-MTU = 576
* radiusd.conf file:
ippool
Hi,
The main_pool line in the accounting section of the radiusd.conf file was
commented ... Maybe that was my mistake.
Ok for the rlm_ippool_tool I'm gonna use it to see if my modification of
radiusd.conf is working or not. I was not using accounting at all so I forgot
about it but it seems
router which acts as a NAS forwarding
NAS requests).
[EMAIL PROTECTED]:/usr/local/var/log/radius/radacct/192.168.10.8# cat
auth-detail-20050331
Packet-Type = Access-Request
Thu Mar 31 14:31:55 2005
Framed-Protocol = PPP
User-Name = masqued
CHAP-Password = masqued
NAS
Any suggestion, how to authenticate only by username?
(any password should be valid).
I want to migrate from internal base to Radius.
There is no any possibilities to retrive passwords,
only by auth_log, but I want it to be transparent to users.
Any idea?
--
Zbigniew Zych
-
List
Hi,
(f'up to freeradius-users, -devel is the wrong place)
Is there a program which can test RADIUS with EAP TLS and TTLS from the
unix command line. I've read about Xsupplicant but I don't think that
it is really what I'm looking for.
XSupplicant can speak TLS, TTLS and lots of others. But
Hi!
Any suggestion, how to authenticate only by username?
(any password should be valid).
Any idea?
Auth-Type := Accept
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur réseau et système
6, rue Richard Coudenhove-Kalergi
Stefan,
Don't specify a password in the users file for that user. If you are
using MYSQL don't specify any password in the radcheck table.
ie. (users file example)
Before: - test123 Password=test123
After: - test123
In the above case (After:) any password would be allowed.
Adrian
Stefan Winter [EMAIL PROTECTED] wrote:
Hi!
Any suggestion, how to authenticate only by username?
(any password should be valid).
Any idea?
Auth-Type := Accept
Btw, a nit-pick: That's not authentication. It's identification,
at best. And since it's not authenticated, it's not
Alan DeKok [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] (Jim Seymour) wrote:
[snip]
Hmm... the reason the hints thing didn't work is that the regex
function expects '\' to be escaped, too. This works for me:
DEFAULTUser-Name =~ (.*)$
My-Local-User-Name = %{1}
smacks
Stefan Winter [EMAIL PROTECTED] wrote:
[snip]
Hope you haven't given up yet. In a later message you write:
Nah, I'm not that easy ;).
[snip]
Which makes me think that both suffix and ntdomain are active in=20
rlm_realms. Try turning off suffix, because suffix operates only on names=20
I apologize if this is a double post, I was a non-member to the list
previously:
I am trying to compile freeradius-1.0.2 on a 64bit s390 running SLES9.
I have done it successfully on SLES8 64bit, same machine. But I
continually arrive at this error on 'make' on SLES9:
gmake[6]: Entering
Denis Shaposhnikov [EMAIL PROTECTED] wrote:
I'am trying to rewrite -- to just with
radtest but got:
Thu Mar 31 11:41:27 2005 : Auth: Login incorrect: [-/12345678]
(from client localhost port 0)
It's a bug in attr_rewrite. It's fixed in the latest CVS
Bilal Shahid [EMAIL PROTECTED] wrote:
I was wondering if the FreeRADIUS Server only works with the NAS's listed or
the type of NAS doesn't matter?
The NAS doesn't matter.
AP keeps on sending Request-ID to the Supplicant. Supplicant replies with
its ID, which the AP passes on to the
Sébastien Cantos [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED]:/usr/local/var/log/radius/radacct/192.168.10.8# cat
reply-detail-20050331
Packet-Type = Access-Accept
Does this means that accounting is working ?
No.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
[EMAIL PROTECTED] wrote:
/home/ducprgg/rpms/BUILD/freeradius-1.0.2/libtool --mode=link gcc
rlm_ippool_tool.o -lnsl -lresolv -lpthread -lcrypto -lssl -lgdbm -o
rlm_ippool_tool
gcc rlm_ippool_tool.o -o rlm_ippool_tool -lnsl -lresolv -lpthread
-lcrypto -lssl /usr/lib/libgdbm.so
And how about freeradius configuration and function description?
This remembers me the response of the CA-Tool TinyCA when klicking on the
help-button - the following popup say Your are kidding, are you?? ;-)
There is none - why don't start something like a Wiki (such as mediawiki.org)
for
Alan DeKok [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] (Jim Seymour) wrote:
[snip]
Now, if possible, is there a way to persuade FreeRADIUS to try
My-Local-User-Name, if available, Stripped-User-Name it it's not, and
User-Name if Stripped-User-Name is not available?
Sure. But you'll
Hi again,
I'm sorry to post twice but as I'm not an english person I was
wondering wether what I asked was really clear. I'm not looking for a
complicated solution of any kind, but I'd like to know wether setting
an Expiration attribute in radcheck normally implies a Session-Timeout
to be added
On Mar 30, 2005 5:02 AM, Peter Nixon [EMAIL PROTECTED] wrote:
Yes. Huntgroups is exactly what you what...
I'm trying to get this working now. Our current setup uses sql, so I
created the Huntgroup in the /etc/raddb/huntgroups file, then
specified Huntgroup-Name == testgroup in the radgroupcheck
[EMAIL PROTECTED] (Jim Seymour) wrote:
Alan DeKok [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] (Jim Seymour) wrote:
[snip]
Now, if possible, is there a way to persuade FreeRADIUS to try
My-Local-User-Name, if available, Stripped-User-Name it it's not, and
User-Name if
On Mar 31, 2005 11:49 AM, Jason Frisvold [EMAIL PROTECTED] wrote:
Is == correct, or should I be using := in the database (I tried both
and neither seems to have an effect) ...
Nevermind... I changed the operator for the wrong item... :) This
is working as expected now..
I'm off to drink
[EMAIL PROTECTED] (Jim Seymour) wrote:
Clarification: Giving the server ADMINNB\jseymour works. Giving it
just jseymour does not.
Because the regex on the line above doesn't match. So, do:
DEFAULT User-Name =~ blah
My-Local-User-Name = %{1}
DEFAULT
My-Local-User-Name
Joachim Bloche [EMAIL PROTECTED] wrote:
I'm sorry to post twice but as I'm not an english person I was
wondering wether what I asked was really clear. I'm not looking for a
complicated solution of any kind, but I'd like to know wether setting
an Expiration attribute in radcheck normally
Alan DeKok [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] (Jim Seymour) wrote:
Clarification: Giving the server ADMINNB\jseymour works. Giving it
just jseymour does not.
Because the regex on the line above doesn't match. So, do:
DEFAULT User-Name =~ blah
would you mind writing down a small doc with your experiences?
i'm sure it would be nice to know for everyone.
Jim Seymour wrote:
Alan DeKok [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] (Jim Seymour) wrote:
Clarification: Giving the server ADMINNB\jseymour works. Giving it
just jseymour does not.
Artur Hecker [EMAIL PROTECTED] wrote:
would you mind writing down a small doc with your experiences?
i'm sure it would be nice to know for everyone.
[snip]
Actually, I had planned to do just that :).
First I need to find out why my MS-WinXP Pro laptop is prepending
WindowsName\ to
Any way to make radius check a diff system username than the one the request
came in on?
Thanks,
Matthew Opoka
Heya all,
I'm getting this warning when running. The longer version, in debuggin
mode, is this:
Module: Loaded exec
exec: wait = yes
exec: program = (null)
exec: input_pairs = request
exec: output_pairs = (null)
exec: packet_type = (null)
rlm_exec: Wait=yes but no output defined. Did you
Hello,
How can I use the ldflag fail_over in my freeradius ??
My proxy.conf
realm NULL {
type= radius
authhost= AAA01:1645
accthost= AAA01:1646
secret = 0lh0viv0
nostrip
}
realm NULL {
type= radius
Rangel, Luciano [EMAIL PROTECTED] wrote:
How can I use the ldflag fail_over in my freeradius ??
Read proxy.conf
My proxy.conf
...
You didn't configure fail-over.
When I stop my AAA01 the freeradius request is not send to
AAA02Why
You didn't configure
What should I do to configure fail-over in my freeradius ?
Thanks
-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 31, 2005 5:59 PM
To: freeradius-users@lists.freeradius.org
Subject: Re: Fail_over
Rangel, Luciano [EMAIL PROTECTED] wrote:
Rangel, Luciano [EMAIL PROTECTED] wrote:
What should I do to configure fail-over in my freeradius ?
Pay someone to configure it for you.
You appear to be unable to read the existing documentation.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
[EMAIL PROTECTED] wrote:
/home/ducprgg/rpms/BUILD/freeradius-1.0.2/libtool --mode=link gcc
rlm_ippool_tool.o -lnsl -lresolv -lpthread -lcrypto -lssl -lgdbm -o
rlm_ippool_tool
gcc rlm_ippool_tool.o -o rlm_ippool_tool -lnsl -lresolv -lpthread
-lcrypto -lssl /usr/lib/libgdbm.so
[EMAIL PROTECTED] wrote:
I was wondering if this had anything to do with the problem. I found
this on the Novell SLES9 website:
libiodbc has been Dropped
People using FreeRADIUS now have to link against unixODBC as libiodbc
has been dropped.
This has nothing to do with the problem.
Help!
Our security team wants radiusd running as a secure user. I've
attempted to run it as nobody by editing radiusd.conf but I get a
bunch of permission denied errors:
[EMAIL PROTECTED] etc]# /etc/init.d/radiusd start
Starting RADIUS server: Thu Mar 31 16:21:27 2005 : Info: Starting -
reading
Dennis Comeaux [EMAIL PROTECTED] wrote:
I've even done chmod a+rwx on cacert.pem but the error still shows.
Make sure that the RADIUS server can read all of the directories
above cacert.pm. And DON'T do chmod a+rwx, that's a very bad idea.
$ cd /etc/raddb
$ chown -R nobody .
At which
Am I right that he'll also need to make /var/log/radius.log writable by
nobody? I'm far from the smartest guy on the list but I think that's
what I see in there.
Eric
Alan DeKok wrote:
Dennis Comeaux [EMAIL PROTECTED] wrote:
I've even done chmod a+rwx on cacert.pem but the error still
Eric Gregory [EMAIL PROTECTED] wrote:
Am I right that he'll also need to make /var/log/radius.log writable by
nobody?
Yes, though there's a bug in 1.0.2 that will make that difficult.
I'm far from the smartest guy on the list but I think that's what I
see in there.
Yup.
Alan DeKok.
I have built a small hotspot at a hotel and have sucessfully found out
all I needed by STF STW so far. I must be using the wrong search
phrases as I haven't come accross anything like what I am trying to do.
Currently using freeradius 1.0.1 with chillispot on my nas with the
following
* Wolfram Schlich [EMAIL PROTECTED] [2005-03-19 13:11]:
* Paul Hampson [EMAIL PROTECTED] [2005-03-19 04:56]:
On Sat, Mar 19, 2005 at 03:52:52AM +0100, Wolfram Schlich wrote:
* Wolfram Schlich [EMAIL PROTECTED] [2005-03-17 00:55]:
[ FreeRADIUS + MySQL + SSL ]
Ok, I have sat down and
Hi,
i get alocation 2network of ip,
the range is :
192.168.2.1 - 192.168.2.14
192.168.5.1 - 192.168.5.14
my conf :
ippool pool1
{
range-start =
192.168.2.1
range-stop =
192.168.2.14
netmask =
255.255.255.0
cache-size
=14
session-db =
${raddbdir}/db.ippool1
ip-index =
On Thu, Mar 31, 2005 at 11:33:00AM -0800, Rick Kunkel wrote:
Heya all,
I'm getting this warning when running. The longer version, in debuggin
mode, is this:
Module: Loaded exec
exec: wait = yes
exec: program = (null)
exec: input_pairs = request
exec: output_pairs = (null)
exec:
On Thu, Mar 31, 2005 at 04:29:28PM -0600, Dennis Comeaux wrote:
Our security team wants radiusd running as a secure user. I've
attempted to run it as nobody by editing radiusd.conf but I get a
bunch of permission denied errors:
The debian build scripts (debian/rules and debian/*.postinst)
On Fri, Apr 01, 2005 at 01:34:37AM +0200, Wolfram Schlich wrote:
* Wolfram Schlich [EMAIL PROTECTED] [2005-03-19 13:11]:
* Paul Hampson [EMAIL PROTECTED] [2005-03-19 04:56]:
On Sat, Mar 19, 2005 at 03:52:52AM +0100, Wolfram Schlich wrote:
* Wolfram Schlich [EMAIL PROTECTED] [2005-03-17
Hi everyone.
I've installed Freeradius 0.9.* on solaris 8 OS and it's installed
successfull. But when i tried to run it using debugginh mode, i've
received this text printed at the end of the textprinted.
rlm_eap: Loaded and initialized the type gtc
rlm_eap: Invalid type name mschapv2 cannot be
i have installed freeradius-snapshot-20050331 that i get from CVS
directory. When i doing ./configuration it's seems ok until i make it,
it's come out with this issues. It's semms that i have a problem with
mysql driver. That's because of my mysql in solaris or somethig
else?. Can anybody tells me
49 matches
Mail list logo