I need to configure freeradius to send specific attributes in accounting-response packet! I use a MySQL database that's why it would be nice to configure freeradius to send these attributes(in VSA ) from the database! In sql.conf there are auth_reply configuration queries but i couldn't find a way
[EMAIL PROTECTED] wrote:
Can't use that as an argument, mickeysoft strongly recommends to leave
it disabled, and i'm not the windows admin.
Don't send HTML to the list.
As Alan has tried to explain, the Reversible Encryption flag in AD is
not needed. So you don't need to change anything.
Phil Mayers wrote:
At least on RHEL4 with glibc 2.3.4-2.13, a double-free in the above file
causes a crash on HUP in some circumstances. I've confirmed that
removing this fixes the issue.
459
460 free(conf-check_cert_cn);
461
Hi, everyone,
I face a very strange problem right now when I configure a freeradius server with PEAP + LDAP.
I can start the radius in debug mode properly. I get following lines:
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
Then I did test by
I guess you didn't type " radtest username password localhost 0 sharedsecret" but " radtest username password localhost 1812 sharedsecret" why send it to the port 0?richard Bai [EMAIL PROTECTED] wrote: Hi, everyone, I face a very strange problem right now when I configure a freeradius server
Hello all,
How must I configure my freeradius server to include in the
Access-Accept response to the AP several radius attributes such as
Session-Timeout or Framed-IP-Address?
Thanks in advance.
--
-
Manuel Sanchez Cuenca
Departamento de Ingenieria de la
Hi,
Actually, the 0 in the radtest command means NAS-Port. Since 1812 is the default port for radiusdefined in/etc/service, the Access-Request isalways sent to port 1812.
I can see the samemessege as follow when I type both 0 or 1812:
Sending Access-Request of id 40 to IP of server port 1812
Sounds like you may be running iptables or other similar filter software
on your server which is blocking the packet from reaching RADIUS.
Owen
On Oct 26, 2006, at 4:38 AM, richard Bai wrote:
Hi, everyone,
I face a very strange problem right now when I configure a
freeradius server with
Richard, to be sure about the packet
arriving at the radius machine and see the content of the packet you can
use netcat.
@radius-server : nc -l -u -p 1812 -vv
-o /tmp/dump_hex_packet (will use UDP and dump hex info)
@client_machine : radtest as usual
hope it helps
[EMAIL PROTECTED]
wrote on
On Thu, Oct 26, 2006 at 12:22:48AM +0100, Phil Mayers wrote:
B Thompson wrote:
On Wed, Oct 25, 2006 at 10:57:55AM +0100, Phil Mayers wrote:
B Thompson wrote:
I cannot continue to use 1.1.3 as we are regularly using HUP to re-read
the configs and there appears to be a problem with this in
Hi, Everyone,
Thanks for helping. I think I find out the problem. The damn Firewall is running automatically with the system.
After I disable it, RADIUS starts responding.
So, although I can see the request packet arrived at the interface and port from tcpdum command, it doesn't mean the RADIUS
All,
I am trying to authenticate my wifi
users via our AD. I'm finding bits and pieces on the internet to configure
things, but no completely usable howto.
Can someone of the users look at the
ouput below and point me to the correct solution/howto?
I setup smb.conf,krb5.conf and freeradius.
I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
The debugging output is exactly saying whats wrong
Exec-Program output: winbind client not authorized to use
winbindd_pam_auth_crap. Ensure permissions on
/var/cache/samba/winbindd_privileged are set correctly.
Vasea Marii [EMAIL PROTECTED] wrote:
I need to configure freeradius to send specific attributes in
accounting-response packet!
Why? (Or should I say Why!)
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List
Phil Mayers [EMAIL PROTECTED] wrote:
Submitted to bugs.freeradius.org as bug 404
I'll commit a fix in a few hours. This means we should release
another 1.1.x...
The bug tracker is insanely slow...
As is www.freeradius.org occasionally. I'm in the process of moving
them, in between
B Thompson [EMAIL PROTECTED] wrote:
http://lists.freeradius.org/mailman/htdig/freeradius-users/2006-March/051856.html
A short work-around (i.e. hack) may be to not reload everything on HUP.
Why are you HUPing it so often?
Alan DeKok.
--
http://deployingradius.com - The web site
[EMAIL PROTECTED] wrote:
I am trying to authenticate my wifi users via our AD. I'm finding bits and
pieces on the internet to configure things, but no completely usable
howto.
What's missing from any of the HOWTO's? There's some on the Wiki,
and one on my site.
Exec-Program-Wait:
I'm sory..i didn' understand the tone of the answer but hopping for best i say that i try to make routing on Radius, i mean that a conversation between NAS and Radius(where the routes are stored in MySQL) and using a VSA i could sendto the NAS the needed route ! Thanks in advance!Alan DeKok
Alan DeKok wrote:
B Thompson [EMAIL PROTECTED] wrote:
http://lists.freeradius.org/mailman/htdig/freeradius-users/2006-March/051856.html
A short work-around (i.e. hack) may be to not reload everything on HUP.
Why are you HUPing it so often?
I realise this question wasn't directed to me,
B Thompson wrote:
On Thu, Oct 26, 2006 at 12:22:48AM +0100, Phil Mayers wrote:
B Thompson wrote:
On Wed, Oct 25, 2006 at 10:57:55AM +0100, Phil Mayers wrote:
B Thompson wrote:
I cannot continue to use 1.1.3 as we are regularly using HUP to re-read
the configs and there appears to be a
Hi evreybody.
I need to get the attribute Caller-Station-ID and then
include in the where section of the query that
access the table radreply. This is because i have only
1 user to access the IP net from PSTN but i need send
back different values to the device dependeing what
station is calling.
Expensive friends,
I am with authentication problem, being that I opted to using the
FreeRadius. I ask for the gentility you to answer if the FreeRadius has
support to catch the base of users of a server NIS. It forgives for my
English, therefore I am Brazilian.
Until more, and thanks.
Am running freeradius on a RHELv3 box, to authenticate802.11 usersagainstAD.All of sudden the802.11 users cant get authenticated against AD, unless i reboot the radius service on linux box.It looks like radius serviceget hangs atleast weekly once for no reason, i couldnt findanything in the log
Phil Mayers [EMAIL PROTECTED] wrote:
I realise this question wasn't directed to me, but the reason we HUP it
so often is to reload a *large* rlm_passwd map in response to users
registering and de-registering for things, and users being blocked and
unblocked.
Ok. I think in the CVS head,
Vasea Marii [EMAIL PROTECTED] wrote:
I'm sory..i didn' understand the tone of the answer
sigh All of your sentences end with exclamation marks! You seem
very excited! Always!
but hopping for best i say that i try to make routing on Radius, i
mean that a conversation between NAS and
Hi,
my freeradius 1.1.1 with CentOS 4.4 have a big problem
with more than 6 concurrencies requests...
Is possible this?
How to increase or caching input requests?
Italo Morellato...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Karthik,
I used to have the same problem in 2 different
cases:
- WhenFreeradius was installed on Redhat 9,
it used to hang every 3 or 4 days as well but you're on Redhat Ent3 so you
should be fine
- When the connectionto the MySQL server was
dropping
Are you sure your connection to AD
On Thu, Oct 26, 2006 at 12:03:37PM -0500, Karthik R wrote:
Am running freeradius on a RHEL v3 box, to authenticate 802.11users
against AD. All of sudden the
802.11 users cant get authenticated against AD, unless i reboot the radius
service on linux box. It looks like radius service get hangs
Hi all,
I'm setting up a wireless network where users use login details provided
by OpenDirectory + certificate. The goal is that user of the WiFi
network must provide certificate and username with password. If the user
is disabled in OD (via WGM - access account thick box), user must not
Italo Morellato [EMAIL PROTECTED] wrote:
my freeradius 1.1.1 with CentOS 4.4 have a big problem with more than 6
concurrencies requests...
What's the problem?
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List
How can I determine that version of freeRadius that is
currently running?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Am Donnerstag, 26. Oktober 2006 20:56 schrieb Mike May:
How can I determine that version of freeRadius that is currently running?
radiusd -v
RTFM
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello everybody,
I'm implementing a environment for secure my wireless lan with radius.
For this I choose WAP with EAP-TLS.
But I have some questions to do.
Is there a way to Authenticate/Authorizate:
- Per machine certificate AND
- Per user certificate AND
- Per user password mapped on a
Hi Karthik,I used to have the same problem in 2 different cases:- When Freeradius was installed on Redhat 9, it used to hang every 3 or 4 days as well but you're on Redhat Ent3 so you should be fine- When the connection to the MySQL server was dropping
Are you sure your connection to AD is
Stepan Raichl [EMAIL PROTECTED] wrote:
However, when a client from WiFi logs in, username and certificate are
the only criteria which are checked to grant access. If you can help,
please read the debug dump below.
if you're using EAP-TLS, then there is *no* password to check.
Alan
Hi,
authenticate correctly and he'd be given access at this point. But if we
could get Radius to check and LDAP field which say which vlan he has access
to, and allow or deny access to the network if the user is not currently in
that vlan, then I guess that would be the ideal solution.
thats
Hi,
We've built a radius-proxy using freeradius and rlm_perl (with
ithreads). Currently we have the following settings:
thread pool {
start_servers = 20
max_servers = 100
min_spare_servers = 20
max_spare_servers = 50
max_requests_per_server = 500
}
When I deselect more than 6 user in my Mikrotik PPPoE
HotSpot I see this situation:
- user send accounting request correctly vs radius
server
- radius reply with OK (sql database)
- in mikrotik log I see "radius timeout"
I try to increase timeout up to 3000ms (300ms is the
default
Italo Morellato [EMAIL PROTECTED] wrote:
When I deselect more than 6 user in my Mikrotik PPPoE HotSpot I see this =
situation:
- user send accounting request correctly vs radius server
- radius reply with OK (sql database)
- in mikrotik log I see radius timeout
Does the RADIUS server
Hi,
This is very important, please.
In ippool module I can use two or more pools just by setting
ippool POOL1{...}
ippool POOL2{...}
In SQLIPPOOL, I know that I can create as many pools as I wan't but I
need to treat that pools differently, say, POOL1 assigns static IPs
and POOL2 dynamic
Using freeradius v1.1.1 on a RHEL 4 box trying to authenticate users against Windows 2003 Active directory. I was able to bind linux box to Windows domain successfully and able to read the active directory users and groups using
wbinfo - uR1\AdministratorR1\Guest
and wbinfo -g.
Using ntlm_auth
in radiusd -X I see:
Going to the next requestrad_recv: Accounting-Request
packet from host 10.10.0.50:4216, id=84,
length=153 Service-Type =
Framed-User Framed-Protocol =
PPP NAS-Port =
1788 NAS-Port-Type =
Ethernet User-Name =
"cesar.paredes" Calling-Station-Id
= "00:15:D6:02:34:94"
Using freeradius v1.1.1 on a RHEL 4 box trying to authenticate users against Windows 2003 Active directory. I was able to bind linux box to Windows domain successfully and able to read the active directory users and groups using
wbinfo - uR1\AdministratorR1\Guest
and wbinfo -g.
Using ntlm_auth
-Original Message-
But while using radtest tool with the same logon credentials
as above it rejects the user and here is the log message.
Please paste the entire debug log. It looks like you missed a few bits
in the cut and paste.
-
List info/subscribe/unsubscribe? See
I am running freeradius 1.0.5 version. I know this is old.ldap is used in authorization and pap is usually used in authentication. We made a client tool which can send 1000 packets per second (from data file) to freeradius. What we noticed that in multi-thread, there was a race condition which
Hello all, I am trying to configure freeradius with mysql. I
did the relevent changes in radiusd.conf and when i start the server in
debug mode, it is giving an error:"rlm_sql (sql): Could not link driver rlm_sql_mysq: file not foundrlm_sql (sql): Make sure it (all its dependent libraries) are in
Alan DeKok wrote:
Stepan Raichl [EMAIL PROTECTED] wrote:
However, when a client from WiFi logs in, username and certificate are
the only criteria which are checked to grant access. If you can help,
please read the debug dump below.
if you're using EAP-TLS, then there is *no* password to
47 matches
Mail list logo
