When I try to monitor radius server with SNMP Manager I find
1. When the radius server goes down the snmp agent generates the trap
which is seen by the SNMP manager (snmp management console).
2. When the snmp agent comes up it generates a trap ( Cold start LINK UP
trap ).
How should I
You can use LDAP in the authorize section to accomplish this. Is the
group name you are checking against static? Is it
sometimes/always/never the primary group for the user?
Group name is static, never the primary group for the user. What is
added to the user file for this? Is it similar to
Hi All,
I am new to FreeRadius and in fact Radius. Having spent some time
playing with FreeRadius (Windows ver) I need to call an external program
in the preacct, authorize authenticate sections. While the code
comment in the piece prior to the exec module states the following:
# If
Hi,
On 10/12/06, Norbert Wegener [EMAIL PROTECTED] wrote:
What do I have to change to make that work?
Sorry, that's a bit too much at the moment. But for starters: setting
Auth-Type (assuming that this is one of the cases it actually makes
sense) as a reply item (i.e. by virtue of coming from
Hi to all;
I'm setting up GPRS with radius authentication.
Authentication accepted when using the GPRS phone as
modem for internet connections(PPP). Authentication
fails when using GPRS WAP applications. GPRS phones
security features was enabled including the username
and password but the radius
Hi,
maybe a few helpful notes:
On 10/12/06, Giuseppina Venezia [EMAIL PROTECTED] wrote:
I've seen that in the firts request, TLS give an error (
TLS_accept:error in SSLv3 read client certificate A ) but in the third
request (whit the same login) it works.
What's wrong?
TLS_accept:error isn't
On 10/13/06, Les Brinkworth [EMAIL PROTECTED] wrote:
I am lost as to where or maybe how this definition is done. If I
duplicate the exec module in the actual section, RadiusD complains about
'wait' not being defined.
Just a guess (as you didn't provide any output):
The error (more of a
Hi,
On 10/13/06, nsuralullec [EMAIL PROTECTED] wrote:
Is there any similar cases thats being resolved?
Probably.
If you are interested in answers with a little more content you should
provide more data than the equivalent of It doesn't work as
mentioned in the FAQ, INSTALL (provided you even
in sql.conf I use something like:
usergroup.GroupName like 'v%y'
and radius -AX tells me:
WARNING: Unknown variable '%y': See 'doc/variables.txt'
How would I escape that kind of variable to pass it to the sql query?
The usual \ did not work.
Thanks
Norbert Wegener
-
List
Hi K
Thanks for the reply. My apologies for including the code and trace. I
have done so below. The error I think is more serious as the server
fails to load. I am obviously understanding the define incorrectly.
How does one define two instances of exec with different names that can
be called
Here is something else I found.
I run radius in debug mode, radiusd -X, after altering the line in sql.conf
to:
sqltrace = yes
sqltracefile = ${logdir}/sqltrace.sql
So that it would create the sql trace logfile as it does on my other radius
server.
But the logfile did not get
On Fri 13 Oct 2006 11:20, nsuralullec wrote:
Hi to all;
I'm setting up GPRS with radius authentication.
Authentication accepted when using the GPRS phone as
modem for internet connections(PPP). Authentication
fails when using GPRS WAP applications. GPRS phones
security features was enabled
I’m getting a lot of entries in my radius log on one of our radius servers
like the following:
Error: Reply from home server 10.0.0.1:1646 - ID: 172 arrived too late for
request 5280. Try increasing 'retry_delay' or 'max_request_time'
Error: Reply from home server 10.0.0.2:1646 - ID: 150
Why would I see more than one start entry in the radacct table for a user
all with the same session id?
+-+---+-+-+
| UserName| AccStatus | AcctStartTime | AcctStopTime|
Correct me if my concept are wrong. I successfully
configured the radius.conf and proxy.conf to
authenticate my WAP mobile phone in the freeradius,
MOBILE- NAS - RADIUS - WAP Gateway
but after successfully authenticated it does not go
directly to my WAP gateway server which is a Kannel
Wap
On Fri 13 Oct 2006 14:51, nsuralullec wrote:
Correct me if my concept are wrong. I successfully
configured the radius.conf and proxy.conf to
authenticate my WAP mobile phone in the freeradius,
MOBILE- NAS - RADIUS - WAP Gateway
but after successfully authenticated it does not go
directly
Ok solved this one.
Bloody sys admin hadn't opened the firewall for UDP packets on port 1646.
But he had opened TCP on port 1646, fat lot of good.
Sorry for taking up everyone's time with something that was easily solved if
I hadn't taken someone's word about the firewall.
Thanks
John
On 10/13/06, Les Brinkworth [EMAIL PROTECTED] wrote:
How does one define two instances of exec with different names that can
be called from other sections?
Aaah, now it gets a bit more clear to me. You should take into account
the comments at the beginning of the modules{} section. That would
I try to get chillispot to work with freeradius.I can't authenticate. Log files show me this entry:Fri Oct 13 14:38:28 2006 : Error: Received packet from 192.168.2.165 with invalid Message-Authenticator! (Shared secret is incorrect.) Dropping packet without response.
radius2:/var/log/freeradius#
I posted this to the list back in September, but was unable to chase it
then.
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg294
52.html
But it has returned with a vengeance. It only seems to affect the 1.1.3
server. I have not tried any other versions, other than the
K. Many thanks for clarifying...
Les
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
rg] On Behalf Of K. Hoercher
Sent: 13 October 2006 14:44 PM
To: FreeRadius users mailing list
Subject: Re: Multiple instances of the exec module
On 10/13/06, Les Brinkworth [EMAIL
I wonder if its possible to do ldap lookups when handling accounting (start)
packets? This would likely mean adding an ldap entry to the accounting{}
section of the radiusd.conf file.
At the moment I am calling an external script from the acct-users file usingg:
DEFAULT
What is added to the user file for this? Is it similar to below:
Do you need those reply attributes returned? If not, you may not need
anything in the users file. I don't have anything in mine, but I'm not
using radius for dial-up/PPP.
Can I simply use the:
Hi,
On 10/13/06, YvesDM [EMAIL PROTECTED] wrote:
Looks pretty obvious, though, I'm sure the shared secret is correct in my
clients.conf and in the chillispot configuration.
Any hints?
Well, as you said yourself, it looks pretty obvious. But as it would
be extremely unlikely for both
Hi,Have you checked your authentication protocol on the shared secret? Are you sending with CHAP when freeradius is not expecting it or vice versa?Have you tried testing with a radius test client - this should allow you determine if the problem is in the Client or the Server config... or just a
Title: Re:Re:Help: How to authenticate additional attribute
The location coordinate is a value e.g. 10,10 100,100 input by a system or the user and it serves as another set of authentication parameters in addition to the password. So whenever the user is authenticated, he has to input the
Greetings,
We have been using freeradius for a couple years now and have been
very satisfied with it.
One issue I have is we change the default session time based on the
time the connection is made.
The accounts are all system accounts ( not my doing ) and we are now
using mysql as a
On 10/13/06, Paul Lambert [EMAIL PROTECTED] wrote:
Hi,Have you checked your authentication protocol on the shared
secret? Are you sending with CHAP when freeradius is not expecting it
or vice versa?Have you tried testing with a radius test client
- this should allow you determine if the problem is
Hello everyone,
I'm on chillispot, freebsd6.1R, mysql 4.1, phpmyprepaid
I have been told that I would do this in chilli.conf file (macallowed
mac_adrs_here)
will allow this specific mac address to pass the athintication.
but also have been told to add it, in freeradius users
Hello list,
I need a good documentation+example to understand
how I configure the NAS administration.
Tnx
Abel
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi all,
I'm using freeradius 1.1.3 with PEAP and EAP-TTLS,the authentication
using MacOS works but the time spent from when the client insert
username and password until the moment when the user is authenticated
(and obtains the IP address) is very long, about 2 minutes. Is normal
that
On Friday 13 October 2006 10:14, Abel Monzon wrote:
Hello list,
I need a good documentation+example to understand how I configure the NAS
administration.
Tnx
Abel
What NAS hardware you are using?
What NAS administration are you expecting FreeRADIUS to provide (auth admins
for console
Message: 5
Date: Fri, 13 Oct 2006 23:38:54 +0200
From: Giuseppina Venezia [EMAIL PROTECTED]
Subject: WPA authentication works but take very log time
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Message-ID:
[EMAIL PROTECTED]
Content-Type: text/plain;
33 matches
Mail list logo