Hi Guys,
Im not sure which forum to post this to, freeradius or poptop?.
i've been using poptop and freeradius now for a while and it works
great, im using dynamic ip addresses for clients via poptop, so trying
to keep everything dynamic.
My problem is that i want to have diffrent ip pools for
Alexander Serkin wrote:
Edit oraclesql.conf to use the query you want. That's why the
queries are configurable.
Shure i will. I've seen them occasionally :-)
The question was to guys who may did the trick already. Because in Oracle
You can parse the string May 18 2005 12:08:18 +0400 easily,
Hi all.
I'm using Linux RedHat 8, installed with NoCAT
authentication server and gateway operating in ONE
machine. I'm using Mysql as Accounting server and
database. RADIUS server and MySQL server operates
within the same machine (but saperate machine from
NOCAT). We are using Sun Sparc 5 with
Hi guys,
I try to implement EAP-TLS for wireless users. My
server is Redhat 7.3. I use Freeradius 1.0.0 and Openssl 0.9.7b. I have been
trying and reading Freeradius archive e-mails for a couple of month but my
system still doesn't up. I compile with ./configure
Hello,
I would like to perform some control over the attributes returned post-proxy
in a realm but let any attribute return for the other realms.
my ${confdir}/attrs is:
realm1
Service-Type == Framed-User,
Login-Service =* ANY,
Login-TCP-Port =* ANY,
Hi all
I'd like to set up monthly bandwidth limits per user. I've see a few
questions about this, but few answers and there doesn't seem to be any
documentation on it. I'm assuming this could be done by modifying the
counter module to use bandwidth instead of time values? Has anyone got a
working
On Wed, 18 May 2005, Matthew Hunter wrote:
How do I get freeradius to check both ldap servers for a user. I have
ldap configured already for redundency but I want it to look at the
first ldap server and if the user is not found then check the second
ldap server.
Yes. See doc/configurable_failover
it doesen't work with this options. without check_crl = yes it works fine.
the tls section looks like that:
tls {
private_key_password = **
private_key_file =
${raddbdir}/certs/[EMAIL PROTECTED]
Alan DeKok wrote:
You can always have a shell script do the authentication for you.
It can run ntlm_auth, and if that returns notfound, it can then run
radclient to send the request to another RADIUS server. It's ugly,
but it will work.
Actually that would be very sraightforward for me. But how
The function infotag get aaa_avpair x returns the value
of the x atribute from the radius' reply attributes, you
can use it for any attribute of the radius' reply string,
they're defined by the tcl/ivr standard api from cisco, i
mean, it's included in the IOS of the NAS, this
Sent: Tuesday, May 17, 2005 3:50 PM
FreeRADIUS' use of groups in the sql module is not the same as
using Unix groups in the users file. You cannot create
separate check conditions in separate SQL groups and then
send only the reply elements from that same group.
Mike:
Thanks for the
I am attempting to work this out. I have the following set in my modules in
ldap of the radiusd.conf
groupname_attribute = cn
groupmembership_attribute = radiusGroupName
I have this in my users file.
DEFAULT Ldap-Group == lisdoonvarna
Huntgroup-Name == internet,
User-Profile :=
On Thu, 19 May 2005, alan walters wrote:
I am attempting to work this out. I have the following set in my modules in
ldap of the radiusd.conf
groupname_attribute = cn
groupmembership_attribute = radiusGroupName
I have this in my users file.
DEFAULT Ldap-Group == lisdoonvarna
Hi,
Could someone tell me if it's possible to use Freeradius to proxy radius
requests to different radius servers depending on a combination of a user's
realm and the originating NAS-IP-Address; or any other distinguishable NAS
variable for that matter.
I have two types of NAS and what I'm
Hi,
I have downloaded a trial version of the Cryptocard software from the
website. This comes with 10 software tokens. I am trying to get these
tokens to work with the x99 module in freeradius.
Anyone have any ideas on how to extract the key for the Software
tokens? The cryptocard software
Dustin Doris wrote:
Check out exec echo in radiusd.conf. That is an example using exec to run
a script.
Read variables.txt in doc/
For your first script, make it this.
#!/bin/sh
printenv /tmp/example
It passes all the variables to your script as environmental variables.
This will show you.
Okay,
Hi Maqbool,
It's easier to use PAP and simply proxy the requests to the (very
trivial) RADIUS frontend on the CRYPTOCard server. I've got that
working with EAP-TTLS/PAP. The inner PAP auth carries the username/otp
generated from the CRYPTOCard EUS.
Rgds,
Guy
-Original Message-
On Thu, 19 May 2005, Thomas Boutell wrote:
Dustin Doris wrote:
Check out exec echo in radiusd.conf. That is an example using exec to run
a script.
Read variables.txt in doc/
For your first script, make it this.
#!/bin/sh
printenv /tmp/example
It passes all the variables to
Alexander Serkin [EMAIL PROTECTED] wrote:
And finally i can modify the timezone presentation by Solaris zone
info compiler so that it would be +0400, but radiusd modifies it
into =2B0400, and that confuses oracle completely:
Look for safe in sql.conf.
Alan DeKok.
-
List
Matt McFarlane wrote:
Totally new to radius. I've installed freeradius 1.02 --with-edir on Suse 9. Attempting to use 802.1X auth from wireless user behind HP 420 AP using WinXP to an eDir tree via LDAP. When I use radtest the bind is successful. However when using the 802.1X supplicant I get
Yes. Their demo tokens *are* software tokens. You must install the EUS
to be able to enter your PIN associated with their tokens and obtain a
OTP from the token. You can then enter the OTP as your password in
response to the challenge from the RADIUS server. Some applications
also have plugins
Thomas Boutell [EMAIL PROTECTED] wrote:
Okay, but how do I pass the good or bad news back to radius at the
end of my script? Exit status? Standard output? And how would I
hook this into authorization? A really useful example would
be great,
scripts/exec-program-wait
Alan DeKok.
-
List
Alexander Serkin [EMAIL PROTECTED] wrote:
No. It takes the time that the packet was received. The
Event-Timestamp attribute MAY be a lie.
oops. When and why? Have not seen a lie from cisco NASes yet.
Set the time wrong on the Cisco box, then look at Event-Timestamp.
It happens.
Palmer J.D.F. [EMAIL PROTECTED] wrote:
Could someone tell me if it's possible to use Freeradius to proxy radius
requests to different radius servers depending on a combination of a user's
realm and the originating NAS-IP-Address; or any other distinguishable NAS
variable for that matter.
Hi.
I set up FreeRadius with MySQL backend and sqlcounter to be able to limit
session time of a user.
It works great but I miss one thing.
I'd like a user to be able to login for say 12 hours but the user account
itself would expire after one day after his first login, even if the 12 hours
hey,
I recently installed freeradius 1.0.2 on Ubuntu Warty (kernel 2.6.8).
The idea is to use the radius server with a mysql database to
authenticate users into a wireless network, using a 3com access point.
The configuration seems straightforward (uncomment sql in the
authorize and accounting
-Original Message-
On Behalf Of Joseph Abadi
I then configured the access point, but., when I
try to join the wireless network on a win xp client, it hangs
... no authentication happens, it never prompts me for a
username or a password. It simply hangs stating that windows
What does radius say when you run it in debug mode?
On Thu, 19 May 2005 16:20:35 -0400
Joseph Abadi [EMAIL PROTECTED] wrote:
hey,
I recently installed freeradius 1.0.2 on Ubuntu Warty (kernel 2.6.8).
The idea is to use the radius server with a mysql database to
authenticate users into a
The test user bob seems to work fine on the box with radtest however it
will not work dialing in.
The user name and password
will not authenticate the user. We want to use the linux passwd file for
user and password authentication. I use P%username and Password to log into
the working
Please post radiusd -X output. Specifically the part on ldap searches and
where the USERS file is matched.
Relevant part of radius -X
(auth is successful and group correct)
rad_recv: Access-Request packet from host 10.250.3.1:56020, id=246, length=188
NAS-Identifier =
You can't use PEAP unless you have plaintext passwords stored in the
LDAP or NT/LM password hashes. To use LDAP bind to authenticate you will
need to use TTLS with PAP as inner tunnel authentication. This is how
you can configure your clients to use TTLS+PAP
The passwords are revealed
John Riggs [EMAIL PROTECTED] wrote:
The connect type is a PPP connection. I hope this is enough info
this is my first time configuring a radius server. Thanks
Run the server in debugging mode, as suggested in the README,
INSTALL, and FAQ.
Alan DeKok.
-
List info/subscribe/unsubscribe?
I have observed that some of the accounting records in the detail-mmdd
file contain User-Name value that does not match the ldap user
name that was used in the 802.1x authentication. The details entries correspond
to Mac clients were correct. But the Windows users running SecureW2 were
YOu'll need to run a script to set the 'expiration' when the user first logs
in.
--- Marcin Jessa [EMAIL PROTECTED] wrote:
Hi.
I set up FreeRadius with MySQL backend and sqlcounter to be able to limit
session time of a user.
It works great but I miss one thing.
I'd like a user to be able
CHui [EMAIL PROTECTED] wrote:
Since the Radius accounting start-stop are sent by the access point, does it
mean that the AP (Radius client) uses the outer identity for Radius
accounting records?
Yes. The inner identity is inside of a TLS tunnel, and the NAS
can't see it.
Could this be a
In the next few days we will be moving the freeradius-users and
freeradius-devel lists to a different server. It will still be
mailman, and nobody should notice (famous last words).
This is because Cistron Broadband has been sold to XS4ALL Internet
at the end of last year, and we've been busy
36 matches
Mail list logo