Hi, here is the current scenario:
* school with wireless access
* allready uses radius (soon to be freeradius)
* freeradius auth's via a win2k3 Active Directory Server
* teachers need to be able to log into WAP's a,b,c etc and be
automatically assigned to the teachers vlan
* priv students need to
Hi,
Thanks to the people who helped me figure this out (big thanks to
Alan), this works perfectly on a fresh Fedora system.
Download, compile and install openssl
download freeradius 1.1.6
unpack in usr/src
cd freeradius-1.1.6
./configure --prefix=/usr
I personally hate rpms and will compile all apps so no, I try rpms as
a last resort and Im not surprised when they fail with a big list of
dependancies.
I will look into it though and test on the next machine and report back.
On 4/16/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hi,
Thanks
Great, it does the trick :)
It was simplier than I thought.
Another question: is it safe to write into the same sql
server\database\table by 2 radius servers authenticating the same realm?
--
Andrea Cerrito
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I should be more specific, I will compile all specially needed apps
after doing a norm installation.
Generic stuff like X etc, I dont care about unless it doesnt work.
On 4/16/07, Jacob Jarick [EMAIL PROTECTED] wrote:
I personally hate rpms and will compile all apps so no, I try rpms as
a last
Hi, Im just getting started with freeradius (trying to nut out dynamic
vlans atm) and I was wondering if this book would be a worth while
purchase.
I had a great experience with O'reillys bind and perl cookbook books.
Have any FR users used this book and if so your comments would be
appreciated.
Jacob Jarick wrote:
Hi, Im just getting started with freeradius (trying to nut out dynamic
vlans atm) and I was wondering if this book would be a worth while
purchase.
Maybe.
I had a great experience with O'reillys bind and perl cookbook books.
Have any FR users used this book and if so
Jacob Jarick wrote:
* school with wireless access
* allready uses radius (soon to be freeradius)
* freeradius auth's via a win2k3 Active Directory Server
* teachers need to be able to log into WAP's a,b,c etc and be
automatically assigned to the teachers vlan
* priv students need to be able
Alan DeKok wrote:
Jacob Jarick wrote:
Hi, Im just getting started with freeradius (trying to nut out dynamic
vlans atm) and I was wondering if this book would be a worth while
purchase.
Maybe.
I had a great experience with O'reillys bind and perl cookbook books.
Have any
Hi,
I receive the same broken pipe error when the smuxpeer pass and
smux_password aren't the same, though there is probably a more complex
cause. Are there any non-standard characters in either config file?
Is Net-SNMP configured with ucd-snmp compatibility?
Thanks for the tip. Looking up
Arran Cudbard-Bell wrote:
I just got this one
http://books.theregister.co.uk/catalog/browse.asp?id=746814group=9880subcat=8cat=B
Initial flickings through, suggest it's quite indepth .
I've seen that. It has 300+ pages, and 40 pages on RADIUS. I had a
hard time reading it, to be
Alan DeKok wrote:
Arran Cudbard-Bell wrote:
I just got this one
http://books.theregister.co.uk/catalog/browse.asp?id=746814group=9880subcat=8cat=B
Initial flickings through, suggest it's quite indepth .
I've seen that. It has 300+ pages, and 40 pages on RADIUS. I had a
hard time
Arran Cudbard-Bell wrote:
What put me off the O'Rielly book was it's age.. Although I only started
using FreeRADIUS with 1.1.4 , i've seen pretty rapid development.
So I was concerned about how much relevance a book published in 2002 has
today.
It covers RADIUS. It's good for people who
daniel wrote:
Apr 15 22:03:51 bill sshd[7861]: PAM unable to
dlopen(/lib/security/pam_radius_auth.so)
Apr 15 22:03:51 bill sshd[7861]: PAM [dlerror:
/lib/security/pam_radius_auth.so: undefined symbol: __stack_chk_fail_local]
You've built the module with stack overflow checking turned on,
Jacob Jarick wrote:
I personally hate rpms and will compile all apps so no, I try rpms as
a last resort and Im not surprised when they fail with a big list of
dependancies.
You were not told to pick up a random RPM on the net. The wiki
explains how to build yourself a RPM from sources. The
Hi Alan,
On Sat, Apr 14, 2007 at 03:26:11AM +0200, Alan DeKok wrote:
Milan Holub wrote:
Unfortunately I'm getting the output stripped by last character(byte):
instead of getting 37 for session_count I get 3, instead of getting 1563
for noresetcounterflat I get 156, instead of getting S3H
Please someone can post a working configuration for a 3COM switch(4500) to
authenticate against freeradius?
Thanks in advance
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
It wasnt a random rpm and at the time I was unaware that the wiki had
been updated to list the latest rpms etc. So binarys are fairly well
supported by freeradius I take it.
On 4/16/07, Nicolas Baradakis [EMAIL PROTECTED] wrote:
Jacob Jarick wrote:
I personally hate rpms and will compile all
I will put it on order as reference is better than nothing :) I have
used radius before but not for ages (2000) I will be using it alot at
this new job so I will need all the good references I can get.
On 4/16/07, Alan DeKok [EMAIL PROTECTED] wrote:
Arran Cudbard-Bell wrote:
What put me off
Kevin Bonner wrote:
Try http://bugs.freeradius.org/show_bug.cgi?id=150
I doubt that patch will still apply cleanly due to the many recent changes.
I'll see if I can test the CVS head later today and submit a newer patch.
Please try the latest CVS. I've added a patch based on yours.
Alan,
Thankyou, how do I build the module with stack overflow checking turned off,
also what library do I need to link it to?
Regards,
Daniel Davis
On Mon, 16 Apr 2007 11:15:59 +0200, Alan DeKok [EMAIL PROTECTED] wrote:
daniel wrote:
Apr 15 22:03:51 bill sshd[7861]: PAM unable to
daniel wrote:
Thankyou, how do I build the module with stack overflow checking
turned off, also what library do I need to link it to?
I have no idea. Stack checking is part of your local system, not part
of the module.
Alan DeKok.
--
http://deployingradius.com - The web site of
Nope, Client-IP-Address / Packet-Src-IP-Address don't work as check
items in huntgroups or hints .
Well, all I can say is that they Client-IP-Address currently works for
me within the huntgroup (haven't tried the hints file). I use it for
matching devices and applying policy thereafter from
Alan,
I dont know if someone could help me, i got FR working and authenticating
in my AD. Here in my core switch a (Cisco 4507R) i have around 7 vlans, i
was wondering if someone could explain to me how could i use FR and my
switch to use a different vlan based in the user, and if is a guest
On Mon 16 Apr 2007, Jacob Jarick wrote:
It wasnt a random rpm and at the time I was unaware that the wiki had
been updated to list the latest rpms etc. So binarys are fairly well
supported by freeradius I take it.
Yep. The general plan is that we spend the time once building an rpm, and
then
Hi,
currently in the process of migrating to 1.1.6 and the User-Password
replacements. We used to have several entries, and for some of them I'm not
really sure what to do with... if someone could add some clarity to that it
would be highly appreciated!
User-Password := something =
Hi all,
Has anyone a sample configuration of 3Com 4500 switch to work with Freeradius?
THX in adv.
Riccardo
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Peter Nixon wrote:
Yep. The general plan is that we spend the time once building an rpm, and
then have much less questions on random build problems on various OS'
Ideally, we should have packages on the web site. This is sometimes
difficult to do...
Alan DeKok.
--
Stefan Winter wrote:
User-Password := something = Cleartext-Password := something
Crypt-Password := unixcrypt = Crypt-Password := unixcrypt
Yes.
Crypt-Password := $1$somethingveryweird = SMD5-Password := somethingveryweird
(stripping the header, and $1$ meands MD5 with 12-character
Alan,
I am trying to set up unix authentication using radius. Does the pam module
support the maximum session times. I am trying to set up a system where linux
users authenticate against my existing radius hotspot system and they are
forced to log out when their session expires.
Regards,
Hi Alan,
On Mon, Apr 16, 2007 at 01:52:43PM +0200, Alan DeKok wrote:
Kevin Bonner wrote:
Try http://bugs.freeradius.org/show_bug.cgi?id=150
I doubt that patch will still apply cleanly due to the many recent changes.
I'll see if I can test the CVS head later today and submit a newer
daniel wrote:
I am trying to set up unix authentication using radius.
Does the pam module support the maximum session times.
No, because PAM has no provisions for enforcing maximum session times.
The setrlimit function call can enforce CPU time restrictions, but
that is *not* clock time.
Milan Holub wrote:
- snmp works until 1st reload(HUP or snmp-write)
- then it behaves the same as with Kevin's old patch (described in this
thread) == snmp not working after reload
Hmm... OK.
- debug flags survive reload (good!)
- with my config each reload eats additional 620k of
Hi Alan,
with the latest cvs head I've experienced following serious bug:
radiusd.conf:
...
listen {
ipaddr = *
port = 0
type = auth
}
listen {
ipaddr = *
port = 0
type = acct
}
...
clients.conf:
client 127.0.0.1 {
secret =
Hi Alan,
On Mon, Apr 16, 2007 at 03:18:24PM +0200, Alan DeKok wrote:
That memory will be cleaned up after a few more HUPs.
== Are you sure about that?
ps axu | grep rad:
freerad 16235 2.2 1.9 9448 4916 pts/0S15:31 0:00
freeradius -X
== initially we have 9448kb of memory used by
Milan Holub wrote:
Hi Alan,
with the latest cvs head I've experienced following serious bug:
radiusd.conf:
...
listen {
ipaddr = *
port = 0
type = auth
}
listen {
ipaddr = *
port = 0
type = acct
}
...
clients.conf:
client
Hi all,
just wondering whether everyone is happy with current processing of
radcheck radgroupcheck tables. I just wanted to raise a discussion
about the rlm_sql module since on wiki
http://wiki.freeradius.org/Development_Roadmap
we can read that there are some plans with this (really useful)
Hi Arran,
On Mon, Apr 16, 2007 at 02:50:19PM +0100, Arran Cudbard-Bell wrote:
Thats weird, i'm using cvs head from this morning and all is fine.
== I'm using latest cvs head(at the time of writing). I have my own few minor
patches against cvs head but these really should not have any
Hi,
Hi, Im just getting started with freeradius (trying to nut out dynamic
vlans atm) and I was wondering if this book would be a worth while
purchase.
I had a great experience with O'reillys bind and perl cookbook books.
Have any FR users used this book and if so your comments would be
Milan Holub wrote:
Hi Alan,
On Mon, Apr 16, 2007 at 03:18:24PM +0200, Alan DeKok wrote:
That memory will be cleaned up after a few more HUPs.
== Are you sure about that?
Yes.
After 10 HUPs:
for i in `seq 10`; do echo HUP $i; kill -HUP 16235; sleep 1; done
Try 32 HUPs. The memory
Milan Holub wrote:
Hi Alan,
with the latest cvs head I've experienced following serious bug:
...
You're using SNMP. You ran into an assertion. Try cvs update.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
Milan Holub wrote:
== I've tested latest cvs head:
- snmp works until 1st reload(HUP or snmp-write)
- then it behaves the same as with Kevin's old patch (described in this
thread) == snmp not working after reload
Ok, try now. After some fighting with getting SNMPD to work, I can
now see
Arran Cudbard-Bell wrote:
[EMAIL PROTECTED] wrote:
Hi,
Trying to use Client-Ip-Address is huntgroups and hints doesn't seem to
work,
if this because the Client-Ip-Address is written to the request packet
at the end of pre-process
and not the beginning ? Or is there more strangeness
Sorry,
Another one for the list.
Dynamic expansion of reply items in SQL is broken
in current cvs head.
Reply-Message = Welcome %{User-Name} At wherever
Is printed as
Welcome %{User-Name} At wherever
Instead of Welcome Fluffy At Wherever.
Thanks,
Arran
--
Arran Cudbard-Bell ([EMAIL
Arran Cudbard-Bell wrote:
[EMAIL PROTECTED] wrote:
Hi,
Trying to use Client-Ip-Address is huntgroups and hints doesn't seem to
work,
if this because the Client-Ip-Address is written to the request packet
at the end of pre-process
and not the beginning ? Or is there more strangeness
Arran Cudbard-Bell wrote:
Dynamic expansion of reply items in SQL is broken
in current cvs head.
Reply-Message = Welcome %{User-Name} At wherever
I'd suggest to try using back quotes in the table of reply items:
Reply-Message = `Welcome %{User-Name} At wherever`
--
Nicolas Baradakis
-
I will start reading it all ASAP, thanks alot guys :)
On 4/16/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hi,
Hi, Im just getting started with freeradius (trying to nut out dynamic
vlans atm) and I was wondering if this book would be a worth while
purchase.
I had a great experience
No probs guys, will check for bins 1st in future.
On 4/16/07, Alan DeKok [EMAIL PROTECTED] wrote:
Peter Nixon wrote:
Yep. The general plan is that we spend the time once building an rpm, and
then have much less questions on random build problems on various OS'
Ideally, we should have
On Monday 16 April 2007 03:53:52 Stefan Winter wrote:
Thanks for the tip. Looking up the net-snmp.spec file of openSUSE 10.2, it
appears that ucd-snmp compat should be there... the compile
switches --enable-local-smux and --enable-ucd-snmp-compatibility are there.
Any other hints? Otherwise,
Hello everyone,
I'm working on finding a way to define multiple local realms and have
each have a unique ldap profile associated with them.We want one
associated with a particular realm, and the other to be the
catchall/default case. In addition to this, we're also using EAP/TTLS,
which
Alan DeKok wrote:
If you're familiar with RADIUS, it will contain little useful
information.
I can confirm this.
I was pretty disappointed about the value of the book when I bought it 3
years ago.
I doesn't go indepth into anything.
Thor.
-
List info/subscribe/unsubscribe? See
Yea, after reading that book I barely got able to install the FR.
I would say it tells you more about radius protocol then actual FR
-Original Message-
From:
[EMAIL PROTECTED]
.org
[mailto:[EMAIL PROTECTED]
eeradius.org] On Behalf Of Thor Spruyt
Sent: Monday, April 16, 2007 5:06 PM
To:
Sean McNamara wrote:
I'm working on finding a way to define multiple local realms and have
each have a unique ldap profile associated with them.We want one
associated with a particular realm, and the other to be the
catchall/default case. In addition to this, we're also using EAP/TTLS,
Arran Cudbard-Bell wrote:
Aha, so the significance of the back ticks is .
That the string will be sent through radius_xlat ?
Yes. See doc/variables.txt, I believe.
And this is true for reply attributes in all the 'files' processed files ?
Or is this a special feature of rlm_sql ?
Hello,
Im currently trying to configure freeradius to authenticate via a
win2k3 server, check the users group and then return a confirmation/
denial + vlan id for the cisco WAP to process.
Questions:
1: Is ldap the only way of retreiving the users group/s
2 - Can I talk directly to the ADS
Jacob Jarick wrote:
Im not sure what is happening atm, the wireless client trys to
authenticate but fails.
radiusd -X -A output: http://pastebin.ca/444005
The debug output shows an error message from ntlm_auth. Fix that.
Now I am still asumming radius can auth against ADS using ldap (am
Jacob Jarick wrote:
Im currently trying to configure freeradius to authenticate via a
win2k3 server, check the users group and then return a confirmation/
denial + vlan id for the cisco WAP to process.
Questions:
1: Is ldap the only way of retreiving the users group/s
If the users and
57 matches
Mail list logo