I am quite pleased to report I have, with minimal discomfort, version 1.1.3
running on Solaris 10.
The source actually compiles perfectly once OS dependencies etc. are met.
I will share a few tips here for any who may be attempting the same.
My main goal was LDAP functionality. Other
On Tue 29 Aug 2006 00:45, Lin Richardson wrote:
I am quite pleased to report I have, with minimal discomfort, version
1.1.3running on Solaris 10.
The source actually compiles perfectly once OS dependencies etc. are met.
I will share a few tips here for any who may be attempting the same.
My
Hi,
So my question, and I know that there is a caveat about a cleartext
password being required for LDAP authentication, is:
Can I make a request to freeradius that gets passed to LDAP but only
requires the password to be checked against an attribute of the username,
NOT the real LDAP
Hi,
I have problems starting the SNMP part of FreeRADIUS.
Setup:
FR 1.0.4, SuSE 10.0
radiusd.conf:
snmp = yes
$INCLUDE ${confdir}/snmp.conf
snmp.conf:
smux_password = verysecret
Also my net-snmp is configured according to the docs. When I start both demons
snmpwalk does not give any answer
Michael Schwartzkopff [EMAIL PROTECTED] wrote:
Any hints? Should there be packets on the interface at all? What am I doing
wrong?
Run the server in debugging mode. It will tell you if it's doing SNMP.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
Pshem Kowalczyk [EMAIL PROTECTED] wrote:
So I've compiled the source and gave it a try, but it behaved exactly
as the stable version - didn't replace nor removed any attributes. Is
this supposed to work?
I tested the pre and post proxy methods:
...
# Function to handle pre_proxy
sub
Modify ldap.attrmap so that _your_ attribute is mapped into User-Name, not
the default one.
User-Password of course.
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche - Ingénieur de recherche
6, rue Richard Coudenhove-Kalergi
L-1359
Am Dienstag, 29. August 2006 11:18 schrieb Alan DeKok:
Michael Schwartzkopff [EMAIL PROTECTED] wrote:
Any hints? Should there be packets on the interface at all? What am I
doing wrong?
Run the server in debugging mode. It will tell you if it's doing SNMP.
Alan DeKok.
hi,
the only
Michael Schwartzkopff [EMAIL PROTECTED] wrote:
What should radiusd say, if snmp does work?
It *should* print out that it's doing SNMP. If it doesn't, it's a
bug.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
Title: EAP-TLS multi clients
Hi, I do not succeed to authenticate others client in mine system.
I have used three scripts to generate certs root, server and client (with xpextension).
They exist of the certs for multi clients to use for eap-tls?
Somebody it has of the councils on like
FreeNAC provides easy to use VLAN assignment and LAN access control for Cisco
Switches and all kind of network devices (Servers, Workstations, Printers,
IP-Phones, Webcams...).
FreeNAC can be considered as having two phases.
Initially, we have taken OpenVMPS (which provides MAC based access
Anyway, in some aspect freeradius can improve.
I use nas table and it works fine. Obviously, I must reboot my RADIAS
servers when I insert a new NAS client and it is a problem.
I afirm that 'realm' table is userless. I trid to configure lot of times
without success.
From: Gregory J. Marsh
Am Dienstag, 29. August 2006 12:35 schrieb Alan DeKok:
Michael Schwartzkopff [EMAIL PROTECTED] wrote:
What should radiusd say, if snmp does work?
It *should* print out that it's doing SNMP. If it doesn't, it's a
bug.
Alan DeKok.
Hi,
I recompiled the latest version (1.1.3) explicitly
On 8/27/06, Alan DeKok [EMAIL PROTECTED] wrote:
Read the NAS documentation to see what magic is required to get it
to accept the IP address from FreeRADIUS.
Alan, excuse me for a question, I have read documentation but i think
that it's impossible to do it with chillispot, it's real? There
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the dictionary.rfc3162 on a fresh compiled freeradius 1.1.3 on CentOS
4.3 x86_64 shows support for attribute 97
- 8
ATTRIBUTE Framed-IPv6-Prefix 97 ipv6prefix
- 8
but if I start the server it failes with
Requests prior to #4 are missing becouse i tried to connect multiple
times, and i didn't want to paste same thing twice. Then everything got
corrupted, becouse i had to paste it by pieces in the gmail and it
really got messed up. So here is the example of full (pasted with care
:p) radius log:
On 8/29/06, Lazzarini Matteo [EMAIL PROTECTED] wrote:
I have used three scripts to generate certs root, server and client (with
xpextension).
They exist of the certs for multi clients to use for eap-tls?
Hi,
Which scripts? I'm not sure what your last sentence means. Afaik you
should give out
Hi people,
I use freeradius 1.1.0 in a debian servers for several years. Now I use my
radius server more than before. So in my DB it appears some strange
duplicate registers which have the same inforrmation.
I show a snapshoot with an account where the problem happens:
On Tue 29 Aug 2006 15:52, Santiago Balaguer García wrote:
Hi people,
I use freeradius 1.1.0 in a debian servers for several years. Now I use my
radius server more than before. So in my DB it appears some strange
duplicate registers which have the same inforrmation.
I show a snapshoot with
Hi Peter,
Well the databse is configured, and I made some tests and it's working.
But what I need to know is what changes should I do in the radiusd.conf file
and especially in the users file, to oblige the users to use the
authentication from the database not locally.
Secondly, what is the
OK.
First of all I make excuses myself for my little precise English. :-(
The scripts about which I speak they are those inside of the scripts
directory of freeradius sources. (CA.all)
I use the client's certificate (cert-clt.p12) for my user who connects itself
correctly to the wlan,
Giuseppina Venezia [EMAIL PROTECTED] wrote:
Alan, excuse me for a question, I have read documentation but i think
that it's impossible to do it with chillispot, it's real? There isn't
opensource NAS that can do it?
No idea, sorry.
Alan DeKok.
--
http://deployingradius.com - The
Christian Hahn [EMAIL PROTECTED] wrote:
hextest Auth-Type := Local, User-Password == secret
Service-Type = Framed-User,
NAS-IP-Address = xx.xx.xx.xx,
Framed-IPv6-Prefix = 2001:db8::::/64,
The value for the prefix should be in quotes. The parser for the
users
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Alan DeKok wrote:
Christian Hahn [EMAIL PROTECTED] wrote:
hextest Auth-Type := Local, User-Password == secret
Service-Type = Framed-User,
NAS-IP-Address = xx.xx.xx.xx,
Framed-IPv6-Prefix = 2001:db8::::/64,
Title: EAP-TLS multi clients
OK.
First of all I excuseme for my English. :-(
The scripts about which I speak they are those inside of the scripts directory of freeradius sources. (CA.all)
I use the client's certificate (cert-clt.p12) for my user who connects itself correctly to the wlan,
Hello,
I'm trying to setup FreeRADIUS in a testing setup where the IP address
to which it binds needs to be set. The RADIUS server is loaded on-demand
on a number of machines, where almost all configuration is the same,
except for the IP address to which it needs to listen.
Normally this
On Tue 29 Aug 2006 18:40, [EMAIL PROTECTED] wrote:
Hello,
I'm trying to setup FreeRADIUS in a testing setup where the IP address
to which it binds needs to be set. The RADIUS server is loaded on-demand
on a number of machines, where almost all configuration is the same,
except for the IP
Hi,
/usr/local/etc/raddb/users[227]: Parse error (reply) for entry
hextest: unknown attribute type 8
Errors reading /usr/local/etc/raddb/users
thsi works with the 2.0pre CVS code.. so theres something not quite right
in the 1.1.3 code. and yes, theres no IPV6PREFIX handler in
Hi all,
could you help me? I am using freeradius version 1.0.2. There is some
possibilities, how to do proxing based on attribute Nas-Port-Id (no only
based on realm)?
Thanks
Martin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
as I'm trying to configure FreeRadius to use MySQL, I downloaded v1.1.3 but I
cannot find file 'db_mysql.sql' (use to create needed tables) in related
directory src/modules/rlm_sql/drivers/rlm_sql_mysql/ as it is mentionned in
the doc.
Where can I find db_mysql.sql ?
Thanks.
Bye,
On 8/29/06, Tilen [EMAIL PROTECTED] wrote:
So here comes something really weird:
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:3072, id=0,
length=147
User-Name = test
NAS-IP-Address = 192.168.1.1
Called-Station-Id = 00401013
Hi all,
How do you prevent a user from authenticating after
three unsucessful attempts in freeradius. I am
currently having this issue where a mac adress is
constantly trying to authenticate after getting login
incorrect. Any help is appreciated.. Thanks in
advance ...
On Tuesday 29 August 2006 07:25, Michael Schwartzkopff wrote:
I recompiled the latest version (1.1.3) explicitly telling configure
--with-snmp and everything seems to be ok. Debug output from radius:
Looks like everything should work fine based on the output.
Now:
snmpwalk (...) mib-2.67
Hi,
as I'm trying to configure FreeRadius to use MySQL, I downloaded v1.1.3 but I
cannot find file 'db_mysql.sql' (use to create needed tables) in related
directory src/modules/rlm_sql/drivers/rlm_sql_mysql/ as it is mentionned in
the doc.
the document is out of date and the .sql file has
Hi All!!
I would like to know if someone knows some DOC about sqlcounter
implementation.
I've benn searching with no sucess about this... It's frustrating...
there is no documents about.
I'm trying to put it to run on my freeradius server...
If someone knows how to give me some hint, it
Bruno,
In my version Freeradius 1.1.1 the mentioned file is located in
/usr/share/doc/freeradius/examples/db_mysql.sql.gz
Unpack the .gz file and the .sql file with querys to create the
freeradius database will be ready to use.
Regards
Fabiano
Bruno Costacurta wrote:
Hello,
as I'm
On 8/29/06, Alan DeKok [EMAIL PROTECTED] wrote:
Pshem Kowalczyk [EMAIL PROTECTED] wrote:
So I've compiled the source and gave it a try, but it behaved exactly
as the stable version - didn't replace nor removed any attributes. Is
this supposed to work?
I tested the pre and post proxy methods:
Pshem Kowalczyk [EMAIL PROTECTED] wrote:
$RAD_REQUEST{'User-Name'} = 'testuser';
You're re-writing the request packet (i.e. the one from the NAS),
not the packet that's about to be sent to the home server.
Try: $RAD_PROXY_REQUEST{'User-Name'} = 'testuser';
I added:
use
On 8/30/06, Alan DeKok [EMAIL PROTECTED] wrote:
Pshem Kowalczyk [EMAIL PROTECTED] wrote:
$RAD_REQUEST{'User-Name'} = 'testuser';
You're re-writing the request packet (i.e. the one from the NAS),
not the packet that's about to be sent to the home server.
Try:
fvt3 wrote:
How do you prevent a user from authenticating after
three unsucessful attempts in freeradius. I am
In short, you can't. There is very little (nothing?) you can do to prevent
someone from attempting to authenticate. Is this behaviour causing you
particular problems though? Load
On 8/29/06, Fabiano Martins [EMAIL PROTECTED] wrote:
I've benn searching with no sucess about this... It's frustrating...
there is no documents about.
Perhaps the looking into the very obscure doc/rlm_sqlcounter file
helps, although it' not DOC for some strange reason.
regards
K. Hoercher
-
On 8/22/06, Michael Check [EMAIL PROTECTED] wrote:
We tried googling around and we're happy to hear that freeradius will
be a part of 10.5, but we'd like to get it running now... There
really is no other docs we've found on getting it compiled (after
difficulty like the above) and installed.
Is it possible to set up an Apache 1.3 server with WebDAV to
authenticate to a freeRADIUS?
Ideally, I would like to tell the Apache directives to look at
freeRADIUS for authentication using the httpd.conf file.
Has anyone ever done this or able to point me in a direction? Is it
even possible?
We're trying to build FreeRADIUS 1.1.3 into a RPM to install on our
RedHat ES 4.0 servers.
Following the directions in the Wiki
http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ#How_do_I_build_
a_RPM_package_from_sources.3F
I get the following error(s) and I've attached the referenced
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wednesday, 30 August 2006 9:32 AM, Michael King wrote:
We're trying to build FreeRADIUS 1.1.3 into a RPM to install on
our
RedHat ES 4.0 servers.
snip
Requires(rpmlib): rpmlib(CompressedFileNames) = 3.0.4-1
rpmlib(PayloadFilesHavePrefix) =
Please, anybody can help me?Thanks.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-Original Message-
I saw this last week building 1.1.3 on RHEL 4.0 ES (Update 3) too.
Was fixed
by just applying the latest patches from Redhat. Appears to
be due to a mismatch between various software levels. With
the latest fixes, it is all OK.
Which patches? Just run
From: Guilherme FrancoSent:
Wednesday, 30 August 2006 10:05 AMTo:
freeradius-users@lists.freeradius.orgSubject: 4 servers
implementation
Please, anybody can help me?
Help you
with what? You'll need to be a bit more
specific.
-
List info/subscribe/unsubscribe? See
Sorry Mike,I was refering to my earlier post (just forgot to forward it):Hello,Currently, I'm trying to implement Freeradius in 2 servers, and it's working.The
problem is, I need to use an Oracle database that is in another server.
That's quite ok as I've copied the contents of $ORACLE_HOME to the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wednesday, 30 August 2006 10:19 AM, Michael King wrote:
-Original Message-
I saw this last week building 1.1.3 on RHEL 4.0 ES (Update 3)
too.
Was fixed
by just applying the latest patches from Redhat. Appears to
be due to a
Hello,
In 1.1.3 version Access-Reject doesn't return in reply
VSA attributes but it is works well in 1.0.1.
Something was changed?
Thanks in advance,
Yervand
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
Hi
All,
Could some body help
me to know how to return values from the exec program ?
I can understand
thatI need to use the output-pairs or reply list .But do not really know
how to use that any sample code or document would really help
me.
Thanks and
regards
Shankar
ganesh
-
List
52 matches
Mail list logo