Yohoo!
This is done via simple LDAP bind, which AD supports.
Yes, thought so.
It works for PAP authentication. It doesn't work for CHAP, MSCHAP,
or PEAP.
THX for the information. I'm just writing a little howto. For completeness
could you explain in short words the disadvantage when using
Hi all
I have a Cisco AS5350 and I writed a custom TCL IVR script for voice
application. When a call occures, then my script collects a 10 digit
number and sends it to my freeRadius for authorization. my freeRadius
configured with MySql db. I inserted (VENDOR: CISCO) and (ATTRIBUTE:
Cisco-AVPair)
Dear All,
We are making a new Radius Server for our billing
purpose so please kindly send me the installation
procedure of new radius and necessary requirements of
system.
Waiting for your reply
Thanks Regards,
Amit
__
Yahoo! FareChase:
Lay a 150$ bucks on the table and I'll install it for ya ;)
Sure.. the configuration will cost you probably another 150$ ;)
Regards,
Edvin
PS: should mailing lists not be a place where you come to share your
knowledge or ask for a help on specific topic and problems... besides I
think that
Hello,
I've checked out the exec.c fixes, but now there seem to be problems
with variables passwed to ntlm_auth.
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 30
rlm_mschap: No User-Password configured. Cannot create LM-Password.
On Monday 07 November 2005 16:31, Gustave Nylander wrote:
You can see that we never get a 'hello', because it nevers enters the
for loop in the log function since %RAD_REQUEST is empty.
I'm not sure what I've done to make it disappear. Thanks for the response!
Try it again with example.pl
Fernando Brito wrote:
Hi, I'm trying to use the next exec module:
radius.conf ---
modules {
exec {
wait = yes
input_pairs = request
}
exec echo {
wait = yes
program = /bin/echo %{Autz-Type}
Hi All
I have the following in the users and acct_users files
DEFAULT Called-Station-Id == 0198334115, Proxy-To-Realm :=
.com
I would like to match on 198334115 with a possibility of about 4 to 6
more number on the front of this number.
I have tried a number of difference regx's
Hello !
Short question
--
My FR 1.0 doesn't send Accounting-Response when sql module fail. Is it
correct?
I think it must always send response packets as an indication that acct
packet just recieved.
My NAS send acct-request packets in infinity loop until response pkt
recived.
Hi Tarun,
I've written a how to for FreeRadius that might help you, You will find
it here http://swarmhotspots.com/faq.html BTW You should be very
explicit with questions posted to the mailing list. You will find people
very helpful but don't ask questions if the answer can be found in the
docs.
Your cheap I'd do the install and config for $500
I agree this is the first time I've posted to the list because I've found
all my answers in the documentation, or in the archives.
Bill
-
Bill Beaudet| [EMAIL
Oh cmon.. I was just kidding actually. I didn't expect someone to hire an
admin for 150$. Sure.. maybe for a ./configure | make | make install stuff
:P
Besides - you don't just install RADIUS server... how about planning etc..
Regards,
Edvin
PS: sorry for going OT
-Original Message-
Joe Maimon wrote:
Apparently freeradius developers have managed to build a system
comparable to one that just sold for $122 M
Is that the take away?
Not exactly... Funk also developed a number of supplicants for various
platforms. I think the point is the heightened interest in 802.1x
Luca Corti wrote:
Here is my ntlm_auth configuration:
ntlm_auth = /usr/bin/ntlm_auth --request-nt-key
--username={Stripped-User-Name:-%{User-Name:-None}}
--challenge={mschap:Challenge:-00}
--nt-response={mschap:NT-Response:-00}
IIRC, with the changes to the xlat stuff a while back for module
TK Lew [EMAIL PROTECTED] wrote:
Ahthat why but all the NAS are using the same port !
Ask your NAS vendor.
I understand that session index is based on NAS port . Any chance
for it to be based on session id ? Is there a patch for it ??
No. That simply won't work.
If you're doing
Joe Maimon [EMAIL PROTECTED] wrote:
Apparently freeradius developers have managed to build a system
comparable to one that just sold for $122 M
For the RADIUS server, I'd say FreeRADIUS might just do more than Funk.
Funk has a revenue steam, though...
Alan DeKok.
-
List
Mike O'Connor [EMAIL PROTECTED] wrote:
I have tried a number of difference regx's but non of them have worked
so I must have something wrong :)
The O'Reilly book helps a lot.
Reading the man page for the users file would help, too. You're
not doing regular expression matching at all.
We have the exact same configuration working on another system, but
have been unable to get it to work correctly on this Fedora Core 3
system. We are using rlm_sql to have FreeRadius talk to our MSSQL
2000 database. That works.
The odd part is on the Fedora Core 3 system it seems to be having
hi alan ::
Thanks but changing the NAS port is not an options for me :( since i
am actually using Freeradius for a streaming projects where there are
so many NAS's around.
Based on the Freeradius mailing list , I think i came across a similar
posting (i think your reply is there too).
On Tue, 2005-11-15 at 09:38 -0600, Michael Griego wrote:
ntlm_auth = /usr/bin/ntlm_auth --request-nt-key
--username=%{mschap:User-Name} --challenge=%{mschap:Challenge}
--nt-response=%{mschap:NT-Response} --domain=%{mschap:NT-Domain}
Thanks a lot, this makes ntlm_auth work. Unfotunately now
El mar, 15-11-2005 a las 12:00 +0100, Nicolas Baradakis escribió:
%{check:Autz-Type}
Thanks for the advice, I just tryed it and the error is gone but the
variable appears to be empty. I'll keep trying but if you have another
idea I'll be too glad to hear about it. Thanks and bye!!
NanO
-
Sorry, but I had tryed that out and it didn't work. In the second run of
the authorize section radiusd never touch the subsections, but my
guess is that the Autz-Type variable is always empty, even after running
the files module:
users file
DEFAULT Auth-Type := System, Realm
TK Lew [EMAIL PROTECTED] wrote:
This guys basically hacks the rlm_radutmp to use session id.
If that's all you want, it may work for you.
a. Is possible to use the hacks for session id if NAS port is not an option ?
If it works for you.
b. For high performance site , is radumtp perform
Ruslan A Dautkhanov [EMAIL PROTECTED] wrote:
My FR 1.0 doesn't send Accounting-Response when sql module fail. Is it
correct?
Yes.
I think it must always send response packets as an indication that acct
packet just recieved.
No, it sends a response packet when it's logged the data.
what do you think if we try to use a Perl module inside of the autorize
section?!?!. I want the Perl module to decide between my two sql servers
depending of the incoming realm, I think this can be a possible way to
take. If you have any idea please let me know. Thanks!!
That should work too.
Luca Corti wrote:
On Tue, 2005-11-15 at 09:38 -0600, Michael Griego wrote:
ntlm_auth = /usr/bin/ntlm_auth --request-nt-key
--username=%{mschap:User-Name} --challenge=%{mschap:Challenge}
--nt-response=%{mschap:NT-Response} --domain=%{mschap:NT-Domain}
Thanks a lot, this makes ntlm_auth
That was it. It works perfectly. Thanks!
Mike Mitchell wrote:
Hi Christopher,
I do something like this (YMMV as I've made changes to the code to support
stuff I want to do, this could have been one of those changes? ;-) )
In acct_users:
DEFAULT Acct-Status-Type == Alive, Acct-Type := ACK
/Radius/acct//auth-detail-20051115'
rlm_detail: /home/fbrito/Radius/acct/%{Client-IP-Address}/auth-detail-%Y
%m%d expands to /home/fbrito/Radius/acct//auth-detail-20051115
modcall[authorize]: module auth_log returns ok for request 0
modcall: group authorize returns ok for request 0
auth
On Tue, 2005-11-15 at 19:25 +0100, Nicolas Baradakis wrote:
segfaults while sending Access-Accept:
Please post the output of gdb, as explained here:
http://freeradius.org/radiusd/doc/bugs
Ok, please forgive my newbieness on debugging. I've read the link you
posted, issued ulimit -c unlimited
On Tue, 15 Nov 2005, Luca Corti wrote:
freeradius -X (also tried -x and init.d script)
and reproduced the problem. I can't find the core file though... were is
it supposed to be saved?
Luca, are you on a Linux/Unixish type system? If so, and if worst comes to
worst, you may be able to find
Hi, I'm trying to make a simple authorization using the mssql module but
when Radius execute all the querys No matching entry... is the answer.
I'm completely sure that all the data store in my database is correct,
but I always had the same responce:
radiusd -X -
On Tue, 15 Nov 2005, Fernando Brito wrote:
query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username =
'00:11:7C:00:01:57' ORDER BY id
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM
Hi, here is another question. In the first case I'm using an mssql
module to connect to my database and the radiusd -X command tell me
something like this:
radiusd -X ---
rlm_sql (mssql): Driver rlm_sql_unixodbc (module rlm_sql_unixodbc)
loaded and linked
rlm_sql (mssql):
Look at this Thread:
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg00284.html
I think that's the same problem.
Axel
- Original Message -
Radius Server: Freeradius 1.0.5 on Solaris 8 (Sparc)
Client:Windows XP (SP2), Intel PRO/Wireless 2915 (a/b/g)
Access
If I get yelled at for asking this here, so be it; it will be just one
more stumbling block in a long research project.
What I want to do, in a nutshell, is use the rlm_x99_token module to
authenticate users with Cryptocards. But everything I've tried so far
comes down to needing to know the DES
Cisco AP1200 + OpenLDAP + MS-CHAPv2 + EAP configuration (WPA2, basically,
right?)
So obviously, everyone's userPassword attribute cannot be maintained in
cleartext in the LDAP database. If I modify my schema and create a
weakPassword attribute using the following template:
#attributetype
Greg Woods [EMAIL PROTECTED] wrote:
This isn't really a freeradius question (which is why I might get
yelled at), but it is clearly relevant to anyone who wants to use
freeradius to authenticate via Cryptocards. This list is a likely
source of people who have successfully done this.
Not
Gah!
Of course this isn't explained or documented anywhere and it's complete
guess-work, but authorize {} should be module LDAP (and presumably it
caches the LDIF for the user, including whtever the heck
password_attribute your arbitrate).
Then set authenticate {} to eap.
hi,
I am trying to make work
anRAS(lucent-max6000) with the freeRADIUS,Iconfigure the MAX6000,
and the radius obtains an authentication order from the RAS, but as result
I obtain alogin error message.
somebody could help
me?
this is the
result:
Ready to process requests.
rad_recv:
-Mensaje original-De: Danny Zenzano
[mailto:[EMAIL PROTECTED]Enviado el: martes, 15 de
noviembre de 2005 19:57Para:
'freeradius-users@lists.freeradius.org'Asunto: Login incorrect- RAS
autentication
hi,
I am trying to make work
anRAS(lucent-max6000) with the
hi,
I am trying to make work
anRAS(lucent-max6000) with the freeRADIUS,Iconfigure the MAX6000,
and the radius obtains an authentication order from the RAS, but as result
I obtain alogin error message.
somebody could help
me?
this is the
result:
Ready to process requests.
rad_recv:
Why did you send this three times? It's normal for the TNT line to try and
download configuration settings via radius unless you have turned it off.
I don't remember the name of the setting but it's listed in the
documentation and google can find it.
On Tue, 15 Nov 2005, Danny Zenzano
Thanks Alan
Reading the man page for the users file would help, too. You're
not doing regular expression matching at all.
DEFAULT Called-Station-Id =~ 198334115$, Proxy-To-Realm :=
.com
I did not give any examples of what I had tried which I suppose I should
have.
Below are
Yes, but you missed one important little detail...
use =~
not ==
and as Alan suggested, read the man page where you'll find all sorts of
usefull information like:
Attribute =~ Expression
As a check item, it matches if the request contains an
attribute which matches
You using a Database backend or user file?
Nick Marino - IT Solutions
- Original Message -
From: Dave Weis [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Tuesday, November 15, 2005 8:42 PM
Subject: [radius] Re: Login incorrect- RAS
Dear All,
I have installed radius server Version 1.0.5 on linux 9. I would like to
use feeradius server following usage.
(1) Intranet desktop client authentication for internet access with limited no
of ports as outgoing destination ports.
(2) Few users on cable modem. Can i setup
Mike Mitchell wrote:
Yes, but you missed one important little detail...
use =~
not ==
Hi Mike, Alan
Did read the manual just did not see that one :(
I'll go check that out now
Cheers
Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
47 matches
Mail list logo