I all,
I want to build a high availability radius plateform based on OpenSource
software.
To do so I've patched /usr/sbin/ldirectod with Matteo Bertato Horms'
patch found here
http://lists.community.tummy.com/pipermail/linux-ha-dev/2005-September/011662.html
It works fine, I make the
freeradius-1.1.0-pre0 crashes, when sending an Sending Access-Accept:
Program received signal SIGSEGV, Segmentation fault.
0x4027ae77 in memset () from /lib/i686/libc.so.6
(gdb) bt
#0 0x4027ae77 in memset () from /lib/i686/libc.so.6
#1 0x0020 in ?? ()
#2 0x401f83eb in rad_vp2attr
A little modification of that patch seems to be neccessary, as the patch
applies, but compiling fails:
Compiling this patch gives:
rlm_ldap.c: In function `ldap_groupcmp':
rlm_ldap.c:879: warning: initialization discards qualifiers from pointer
target type
rlm_ldap.c:1010: warning: comparison
Can somebody explain howto use rlm_passwd and a textfile with this setup:
name:password:group
and so on
the order can be any way around, spaces can also be present.
Any pointers will be gladly excepted. A sweet tutorial will result in a free night out in Borås, Sweden
/Alex-- When there is no
I've been fighting with this problem for a couple of days. Searched
everywhere I can think of on the net. According to the docs it should just
work.
Anyway, I've installed the latest, MySQL, seams to be working. FreeRadius,
No errors with the -X option. Made a link from the dialupadmin htdocs
Let's say I have 2 groups: students and faculty.
I want to authorize authenticated members of the LDAP group
cn=students,ou=Groups IFF their Access-Request Called-Station-ID =~
/:StudentWLAN$/
I want to authorize authenticated members of the LDAP group
cn=faculty,ou=Groups IFF their
yes
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of debik
Sent: Wednesday, December 14, 2005 1:15 AM
To: FreeRadius users mailing list
Subject: (no subject)
Isit posible to authenicate users on LAN with freeradius, without any Access
Point ?
-
List
Stefan Adams [EMAIL PROTECTED] wrote:
I have read all the man pages and /docs and am having a difficult time
understanding the authorization. I keep wanting to write
if...elseif...else stuff but I'm pretty sure that doesn't apply to
FreeRADIUS config files.
Unfortunately, yes.
How would
Norbert Wegener [EMAIL PROTECTED] wrote:
freeradius-1.1.0-pre0 crashes, when sending an Sending Access-Accept:
Program received signal SIGSEGV, Segmentation fault.
0x4027ae77 in memset () from /lib/i686/libc.so.6
(gdb) bt
#0 0x4027ae77 in memset () from /lib/i686/libc.so.6
#1 0x0020
Yes (using 802.1x or some other protocol)
Chad
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
debik
Sent: Tuesday, December 13, 2005 6:15 PM
To: FreeRadius users mailing list
Subject: (no subject)
Isit posible to authenicate users on LAN with
On 19/12/05, Phil Mayers [EMAIL PROTECTED] wrote:
Alexander Lund wrote: Can somebody explain howto use rlm_passwd and a textfile with this setup: name:password:group and so on the order can be any way around, spaces can also be present.
Wait: Are you saying that the file you *supply* freeradius
hello,
I have recently upgraded from CVS version as of 2005-02-19 with the one
from 2005-12-17 and I no longer get the Client-IP-Address attribute in
the files produced by the detail module.
on the other hand the Client-IP-Address attribute is expanded
correctly in sql querys.
is there
Hey, guys! Thanks for the great replies!! I like what you suggested
better than what I've come up with in the mean time. I think what I
came up with will work, it just seems messy/wrong/inefficient. What
do you think?
modules {
ldap {
:
filter =
-Password = 0x7e842a573cd6363e06fe53a93a7b8d9e94
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
radius_xlat:
'/var/log/radius/radacct/##ClientIPwasHere##/auth-detail-20051219'
rlm_detail
You want to allow any client that matches what is in the clients.conf file
in, correct?
Well, sort of.. I want to allow any authentication request which comes in
from a client which is contained in the clients.conf file.
The secret in your clients.conf file is used to encrypt and sign
and something else. where can I find the syntax of the listen directive
? (to remove bind_address and port directives)
It's in radiusd.conf..
Or maybe you are asking for an explanation of the syntax? If so, sorry I
can't help with that.
-
List info/subscribe/unsubscribe? See
Norbert Wegener [EMAIL PROTECTED] wrote:
freeradius-1.1.0-pre0 crashes, when sending an Sending Access-Accept:
The branch_1_1 cvs should be fixed now. I pulled the fix from the
CVS head.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Norbert Wegener [EMAIL PROTECTED] wrote:
With the above changes rlm_ldap.c compiles and runs (at least for me).
Will the patch mentioned at
http://bugs.freeradius.org/show_bug.cgi?id=183 become part of the next
official release?
Something like it, perhaps. The patch as-is isn't
[EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
is there something different ? how can I add Client-IP-Address
attribute back to the detail files ?
For now, source code patches.
and something else. where can I find the syntax of the listen
directive ? (to remove bind_address and port
On Mon, 19 Dec 2005, Stefan Adams wrote:
Hey, guys! Thanks for the great replies!! I like what you suggested
better than what I've come up with in the mean time. I think what I
came up with will work, it just seems messy/wrong/inefficient. What
do you think?
modules {
ldap {
The secret in your clients.conf file is used to encrypt and sign packets
between the clients and the server. It is not used for authentication.
Based on what you mention here and what someone else on the list mentioned
earlier, I think the reason the secret is ignored is because it is used to
for request 0
radius_xlat:
'/var/log/radius/radacct/##ClientIPwasHere##/auth-detail-20051219'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/##ClientIPwasHere##/auth-detail-20051219
modcall[authorize]: module auth_log returns ok for request 0
see in line comments please.
Alan DeKok wrote:
[EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
is there something different ? how can I add Client-IP-Address
attribute back to the detail files ?
For now, source code patches.
I am interested to know if this is the intended
Hugues Lepesant wrote:
I all,
I want to build a high availability radius plateform based on OpenSource
software.
To do so I've patched /usr/sbin/ldirectod with Matteo Bertato Horms'
patch found here
http://lists.community.tummy.com/pipermail/linux-ha-dev/2005-September/011662.html
It
The pam_radius_auth README says It allows ... password change
requests. But the USAGE file says Password changing is not
implemented.
That sounds contradictory.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Comment out everything in authorize except for preprocess and files, so it
would look like this w/out the comments.
authorize {
preprocess
files
}
authenticate {
}
Cool, it worked! I didn't do exactly what you said but close.
I found this section:
###
#
#
Dusty,
Thanks for your fine input and the reminder on the index (I completely
forgot about that). I'll give the ldap module filter a go with the
attr_rewrite. I like keeping attributes with the user object, rather
than spreading usernames around to various other objects. With this
Alexander Lund wrote:
No, the file I supply could have spaces if you needed it to solve my
problem.
Ok that's fine then
This is just the thing I need:
username:plaintextPassword:ASingleGroup
Its perfect, but I´d like to know exactly what Im doing so heres another
question,
The
Thanks for your fine input and the reminder on the index (I completely
forgot about that). I'll give the ldap module filter a go with the
attr_rewrite. I like keeping attributes with the user object, rather
than spreading usernames around to various other objects. With this
implementation, to
I have an issue I want to ask for a little help with.
We need our secondary to authenticate Propel users and I have made sure this
is in my dictionary.propel file:
###
VENDOR Propel 14895
BEGIN-VENDOR Propel
ATTRIBUTE
Just wanted to add to this that I find it strange that when I look at this
at the debug console, it shows that it's sending the info correctly. The
error appears only when testing from a remote client test utility called NT
radping.
#Debug output##
Sending
Hello, We have a problem using mysql. We have defined a group (e.g. admin) in mysql and wanted to assign it a multivalue attribute (e.g. Service-Type) inorder to have different services but it does not work properly. it only accepts requests with smaller id (i.e. 12) and rejects the other one
32 matches
Mail list logo
