Hi,
of course, a a GPLed, ActiveX / Java / other browser-based endpoint
posture assessment client, for use in fallback non-802.1x (walled-garden)
mode. could also work after 802.1x
It is actually quite important. If you are in a roaming scenario where your
EAP session goes to your home ISP,
Stefan Winter wrote:
It is actually quite important. If you are in a roaming scenario where your
EAP session goes to your home ISP, it makes no sense to tie the posture
information into the EAP session - it's the *access network* at the roaming
place that needs to know how healthy your
Thomas Dagonnier wrote:
Would you agree to close that part of the discussion ?
Fine.
sorry, this was a late email and I forgot important details like had in
mind with additionnal (NAC) features and the for windows is implied
by the vast majority of windows-based computers.
We have a working FreeRADIUS 1.1.4 running since a lot of months.
Now we have to proxy the requests for a realm (gtenet.it) to a given
RADIUS server, but our server seems to ignore the proxy configuration!
I have set proxy_requests = yes and included the proxy.conf file
(I'm sure of these,
Hi Federico!
Check default radiusd.conf and search for realm and suffix. It
looks like you're not calling rlm_realm in authorize.
th.
On 7/11/07, Federico Giannici [EMAIL PROTECTED] wrote:
We have a working FreeRADIUS 1.1.4 running since a lot of months.
Now we have to proxy the requests
On Wed, Jul 11, 2007 at 09:22:32AM +0200, Federico Giannici wrote:
We have a working FreeRADIUS 1.1.4 running since a lot of months.
Now we have to proxy the requests for a realm (gtenet.it) to a given
RADIUS server, but our server seems to ignore the proxy configuration!
I have set
Hi there,
I would like to ask if where in my cisco configuration has a problem. First
i used MPD as my LNS and no encountered problem authenticating to the
freeradius but when i change my LNS to Cisco it seems i can't log in. What
are possible problem in my configuration? Is it in the Cisco or
if my RADIUS send me one Access Request packet from Mera softswitch with :
User-Name ="192.168.10.10"
User-Password=\123\321\324\["
my question is hwo can i find my User Password witch password means ?
because i becom one warning :
auth: No authenticate method (auth-type)configuration found
You've misconfigured your FreeRadius server to send attribute the Cisco
can't obey, specifically the Filter-Id
The cisco sees the reply:
*May 22 15:43:52.088: RADIUS: Filter-Id [11] 9
then says
*May 22 15:43:52.088: RADIUS/DECODE: invalid ACL type; FAIL
and sure enough, the ACL
Phil,
YES! it works
Thank you very much.
--coroy
On 7/11/07, Phil Mayers [EMAIL PROTECTED] wrote:
You've misconfigured your FreeRadius server to send attribute the Cisco
can't obey, specifically the Filter-Id
The cisco sees the reply:
*May 22 15:43:52.088: RADIUS: Filter-Id
There is (probably) nothing wrong with your password. Debug points to the
problem with shared secret. Fix that.
Ivan Kalik
Kalik Informatika ISP
Dana 11/7/2007, E. abdelghani [EMAIL PROTECTED] piše:
if my RADIUS send me one Access Request packet from Mera softswitch with :
User-Name
Tomas Hoger wrote:
Hi Federico!
Check default radiusd.conf and search for realm and suffix. It
looks like you're not calling rlm_realm in authorize.
Yes, that was the problem!
I thought that the realms were handled by some kind of internal magic...
Thanks.
On 7/11/07, Federico Giannici
Hello
I hav one authentificate problem between my Freeradius and NAT(for VOIP)
what means that i have : No authenticate method (Auth-Type)
so here is my debug : radiusd -X
rad_recv: Access-Request packet from host 192.168.100.238:1912, id=2, length=684
User-Name = 192.168.100.180
Nobody understood my question.
I want to know how to custom a specific account with an specific sh exec. One different for each group of accounts. And I want to do using my database.
From: Santiago Balaguer García[EMAIL PROTECTED]Reply-To: FreeRadius users mailing list
You can ask a hundred times in different ways. Answer will still be the
same:
WARNING: Unprintable characters in the password. ? Double-check the
shared secret on the server and the NAS!
Ivan Kalik
Kalik Informatika ISP
Dana 11/7/2007, E A [EMAIL PROTECTED] piše:
Hello
I hav one
Probably because your approach is not good. How about writing a *single*
sh exec and passing parameters (Acct-Status-Type and SQL-Group) to it.
Format would be the same for every user/group and the program sorts out
which path is taken.
Ivan Kalik
Kalik Informatika ISP
Dana 11/7/2007, Santiago
Thanks...
I've got both working now. File-based logging and mysql too
Regards
Ackbar
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: 10 July 2007 21:32
To: FreeRadius users mailing list
Subject: Re: Logging failed
Is version 1.1.6 missing the db_mysql.sql script?
Is it possible to use the one from 1.0.1 or some other version?
Or is there a link I've missed somewhere to get it?
By the way I APPRECIATE all that you programmers are doing.
I can only imagine the long hours put in to make this product work.
http://wiki.freeradius.org/MySQL_DDL_script
Ivan Kalik
Kalik Informatika ISP
Dana 11/7/2007, Joel Eddy [EMAIL PROTECTED] piše:
Is version 1.1.6 missing the db_mysql.sql script?
Is it possible to use the one from 1.0.1 or some other version?
Or is there a link I've missed somewhere to get it?
Hi,
Is version 1.1.6 missing the db_mysql.sql script?
Is it possible to use the one from 1.0.1 or some other version?
Or is there a link I've missed somewhere to get it?
By the way I APPRECIATE all that you programmers are doing.
I can only imagine the long hours put in to make this product
On Wed 11 Jul 2007, Joel Eddy wrote:
Is version 1.1.6 missing the db_mysql.sql script?
Is it possible to use the one from 1.0.1 or some other version?
Or is there a link I've missed somewhere to get it?
its under doc/example
--
Peter Nixon
http://peternixon.net/
-
List
Is it possible to use the one from 1.0.1 or some other version?
Yes, if you use the mathing sql.conf you can use any db schema (so you don't
have to convert old databases to new schemas).
Joel
HTH,
Francesco.
-
List info/subscribe/unsubscribe? See
To update, turning on interim updates on my NAS, fixed my problem...
Thanks for all your help.
Peter Nixon wrote:
On Tue 10 Jul 2007, Dave wrote:
My NAS is currently NOT sending interm updates, but there is an option
to use that, just wasn't sure what it did, or how it would apply to me,
You are welcome. I suppose we should update the docs/wiki to make this
clearer..
-Peter
On Wed 11 Jul 2007, Dave wrote:
To update, turning on interim updates on my NAS, fixed my problem...
Thanks for all your help.
Peter Nixon wrote:
On Tue 10 Jul 2007, Dave wrote:
My NAS is currently
-snip-
that wasn't my understanding of how the expiration works in sqlippool.
The 'allocate-clear' query looks like this:
allocate-clear = UPDATE radippool \
SET NASIPAddress = '', pool_key = 0, CallingStationId = '', \
expiry_time = NOW() - INTERVAL 1 SECOND \
WHERE pool_key
Hello all,
We enabled Cisco NAS to send Interim-Updates to the radius server, once an
hour. Everything is great except for the following.
There are users that use a lot of bandwidth. Seems, NAS wraps
Acct-Input-Octets and Acct-Output-Octets at 4 GB. We have few users that
may have their
For those that need it, like I did you can add this to the end of
http://wiki.freeradius.org/MySQL_DDL_script to get your database
to create the userinfo table also
#
# Table structure for table 'userinfo'
#
CREATE TABLE userinfo (
id int(10) NOT NULL auto_increment,
UserName varchar(30),
Irina said:
There are users that use a lot of bandwidth. Seems, NAS wraps
Acct-Input-Octets and Acct-Output-Octets at 4 GB. We have few users that
may have their bandwidth reset to 0 within hour. When next Interim-
Updates
is sent, we don't have a proper number.
Do I miss something in
Joel Eddy said:
KEY Departmet (Department)
Departmet?
-- hugh
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Wed 11 Jul 2007, Peter Nixon wrote:
-snip-
that wasn't my understanding of how the expiration works in sqlippool.
The 'allocate-clear' query looks like this:
allocate-clear = UPDATE radippool \
SET NASIPAddress = '', pool_key = 0, CallingStationId = '', \
expiry_time =
On Wed 11 Jul 2007, Irina wrote:
Hello all,
We enabled Cisco NAS to send Interim-Updates to the radius server, once
an hour. Everything is great except for the following.
There are users that use a lot of bandwidth. Seems, NAS wraps
Acct-Input-Octets and Acct-Output-Octets at 4 GB. We
Peter Nixon said:
I take that back. It seems like a good idea, but that will break things
for ISPs who have multiple NAS in failover or OSPF groups and therefore
can happily assign the same IP to the same user even if they are
connected
to a different physical NAS.
I changed my mind
On Wed 11 Jul 2007, Hugh Messenger wrote:
Peter Nixon said:
I take that back. It seems like a good idea, but that will break
things for ISPs who have multiple NAS in failover or OSPF groups and
therefore can happily assign the same IP to the same user even if they
are
connected
Thank you very much for quick replies. Our NAS does send Gigawords, great.
I am reading the link Stephan pointed out.
I need to apply it on a live radius server. Just to be safe, I will ask few
questions, if you don't mind.
1. Can I issue mysql queries while radius is running?
2. Can I
Is it possible to have radius listen on multiple (but not all) ip's /
interfaces on a server?
Joe Vieira
UNIX Systems Administrator
Clark University - ITS
508.793.7287
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
HI,
I have a question regarding the rlm_sql module and the := operator. In going
through the documentation, the rlm_sql module goes through the radcheck
table, then pulls the reply items from the radreply table. Then the
usergroup, radgroupcheck and radgroupreply table. So if I specify for
Peter Nixon wrote:
Great. Looks like rlm_sqlippool is ready to take over the world :-)
My latest tests look promising. Stock clients work.
No, there's no secret agenda. The agenda is public, but the
implementation details are secret.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Joe Vieira wrote:
Is it possible to have radius listen on multiple (but not all) ip's /
interfaces on a server?
Yes. Use multiple listen directives.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Joe Vieira wrote:
Is it possible to have radius listen on multiple (but not all) ip's /
interfaces on a server?
Yes. Use multiple listen directives.
thanks
Joe
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Mon 09 Jul 2007, Hugh Messenger wrote:
On Behalf Of Dave said:
Yes accounting is working well from the NAS
Are you sure the NAS is sending 'interim update' accounting packets, not
just start/stop?
Here's my understanding of how it works (I'm sure Peter will correct me if
I'm wrong!):
40 matches
Mail list logo