Re: web based admin

Hey Michael, On 10/31/07, Hawkins, Michael <[EMAIL PROTECTED]> wrote: > > Why would I pick ldap over mysql? Is it because ldap is geared around > user entities as well as an organizational hierarchy? Does phpLDAPadmin Well in general, LDAP is considered as a more enterprise-environment because of

Re: Basic usage: What do I do next to get this to work?

On 10/31/07, Doc. Caliban <[EMAIL PROTECTED]> wrote: > > > <[EMAIL PROTECTED]> > > IPCop is actually pretty good for this as it uses one of it's > interfaces for wireless access based on granting each node specific > access by MAC, but it can be any network node, it doesn't have to be a > wireless

Re: radiusd deadlock on recvfrom on port 1814

Ryan Melendez wrote: > recvfrom() blocks on datagram sockets just like any other type of socket > unless it gets a S0_RCVTIMEO or the O_NONBLOCK is set (in which case you > would receive an error). Hmm... I guess I hadn't run into that before, because select() never lied about data being availa

Re: Basic usage: What do I do next to get this to work?

Doc. Caliban wrote: > All of our public workstations are on this interface so the machines are > verified at the proxy. Now I just need to get the RADIUS piece in place > to validate the users. IPCop can require RADIUS authentication on top > of the MAC filter. So... how does it do that? EAP?

Re: The best encryption/access control scheme

Ian Truelsen wrote: > The major stumbling block is that we have clients with equipment that > cannot deal with WPA encryption, Wireless cards that support WPA are cheap. > and so, I think, I am forced to use WEP > key. Now, the main concern is access control, as in the past there have > been th

Re: Basic usage: What do I do next to get this to work?

[EMAIL PROTECTED] wrote: PS. Time to go to bed. Clear the "Automatically use Windows logon blah, blah" box. Confirm everything and you are done. Ivan Kalik Kalik Informatika ISP Also, uncheck the "Authenticate as computer when information is available" and "Enable Fast Reconnect", the latte

Re: Basic usage: What do I do next to get this to work?

PS. Time to go to bed. Clear the "Automatically use Windows logon blah, blah" box. Confirm everything and you are done. Ivan Kalik Kalik Informatika ISP Dana 31/10/2007, "Doc. Caliban" <[EMAIL PROTECTED]> piše: >[EMAIL PROTECTED] wrote: >> Hm, don't know much about IPCop but I would have so

Re: Basic usage: What do I do next to get this to work?

PS. Oops, sent mail too early. Authentication method should be EAP-MSCHAPv2/click on Configure button/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Basic usage: What do I do next to get this to work?

>IPCop can require RADIUS authentication on top of the MAC filter. Fine. Enable it then. I assume it uses 802.1x for wired too. >I just need to find the easiest way possible for my users to deal with the >RADIUS piece of the model. Simplest thing for your users with Win XP/Vista would be PEAP.

Re: Basic usage: What do I do next to get this to work?

[EMAIL PROTECTED] wrote: Hm, don't know much about IPCop but I would have some doubts about it authenticating wired users on a local network. IPCop is actually pretty good for this as it uses one of it's interfaces for wireless access based on granting each node specific access by MAC, but i

Re: Configure authentication via LDAP Group membership issue [sec=unclassified]

Frank, Thank you - greatly appreciated. This made me realise that my thinking was foggy when I had defined group memberships. All working now. Cheers, David - Original Message - From: "Frank MR Ranner" <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" Sent: Wednesday, 31 Oc

Re: Turn of user acc - MySQL

Deleting user from the database - bad idea. You do want him back? Auth-Type Reject is a check item so it would go into rad(group)check table. It's better to create a group for suspended users and swithch user to it than to add the attribute to each user. Think about using sqlcounters and/or Epir

RE: web based admin

Peter, Thanks for your responses. As is common with newbies, the answers usually spawn another 4 questions (at least). Why would I pick ldap over mysql? Is it because ldap is geared around user entities as well as an organizational hierarchy? Does phpLDAPadmin already know about the requirements

Re: Basic usage: What do I do next to get this to work?

>This is my goal: > >Wireless users and desktop computers on the same subnet (IPCop Blue, for >those keeping score at home) will need to log in with a user name and >password, which are kept on the MySQL server. > Hm, don't know much about IPCop but I would have some doubts about it authenticating

RE: Configure authentication via LDAP Group membership issue [sec=unclassified]

___ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Hobley Sent: Wednesday, 31 October 2007 10:50 To: FreeRadius users mailing list Subject: Re: Configure authentication via LDAP Group membership issue

Re: Configure authentication via LDAP Group membership issue

All, I have still not been able to find a solution for this, it looks like I might be able to use an xlat rule for it, but I can't get my head around how to write it. Can anyone point me to suitable documentation for xlat - while I have read all the docco that comes with the FreeRadius (in /us

problem with proxying

I wrote a little module for freeradius that is forwarding the incoming authentication requests to another server (to do the authentication). However I have to support proxying (in case there is a 3rd party RADIUS server). I can not take advantage of realms, because the users are login without any

Re: delayed Access Reject response

Hi, > It was set to 1, but the actual delay is clearly bigger than that. In > fact, it doesn't seem to be constant, it seems to wait until a new > request was sent, and then it unleashes the reject. > > I set reject_delay to 0 and now there's no delay, but I'm not sure I > like it that way, du

The best encryption/access control scheme

I have become in charge of a small wireless ISP at my local marina and am looking for the best way to control access and encrypt for security. Currently I have a Linksys WRT54G router running DD-WRT firmware and a PC that I have now converted over to a linux box for freeradius, etc. The major stum

Re: Basic usage: What do I do next to get this to work?

Hmm... All good info, but it makes me wonder if I'm going about this the best way. This is my goal: Wireless users and desktop computers on the same subnet (IPCop Blue, for those keeping score at home) will need to log in with a user name and password, which are kept on the MySQL server. I

Re: radiusd deadlock on recvfrom on port 1814

On Thu, 2007-10-18 at 01:10 +0200, Alan DeKok wrote: > Ryan Melendez wrote: > > I've had FreeRADIUS Version 1.1.0 hang twice recently. The core dumps > > are very similar in that it appears that main is waiting on some stuff > > from port 1814. Honestly I don't know what 1814 is really for (prox

Re: delayed Access Reject response

manIP wrote: On 10/30/07, *Florin Andrei* <[EMAIL PROTECTED] > wrote: If the password is incorrect, the Access Reject reply is delayed until the user enters the password the second time. It's like the server waits for the next auth attempt to send back the

Re: delayed Access Reject response

On 10/30/07, Florin Andrei <[EMAIL PROTECTED]> wrote: > > Using freeradius-1.1.7 on Linux Fedora 7. Authentication backend is > "unix". > Clients so far are Cisco and pam_radius_auth > > If authentication is correct, the reply from server is sent back to the > client quick enough. > > If the passwo

Re: Basic usage: What do I do next to get this to work?

Doc. Caliban wrote: > I hate to ask this, but I'm running out of time on this project and I'm > completely new to RADIUS. I would be really happy if someone could just > point me to a detailed HOW TO for what I need. http://www.freeradius.org/doc/EAPTLS.pdf You need EAP-TLS to do PEAP. > I

Re: Basic usage: What do I do next to get this to work?

You haven't configured PEAP in eap.conf. You need to configure tls and peap sections. You will also need a server certificate and to export root certificate to XP clients (if you are signing them yourself). Read instructions in eap.conf, /scripts, wiki (about EAP) and howto for AD integration befor

Basic usage: What do I do next to get this to work?

Hello, I hate to ask this, but I'm running out of time on this project and I'm completely new to RADIUS. I would be really happy if someone could just point me to a detailed HOW TO for what I need. I have freeRADIUS set up with an external MySQL user database and it's successfully authorizi

Re: Freeradius-Users Digest, Vol 30, Issue 110

Hola: [EMAIL PROTECTED] wrote: Send Freeradius-Users mailing list submissions to freeradius-users@lists.freeradius.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help'

Re: Freeradius-Users Digest, Vol 30, Issue 108

Hola: [EMAIL PROTECTED] wrote: Send Freeradius-Users mailing list submissions to freeradius-users@lists.freeradius.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help'

Re: Freeradius-Users Digest, Vol 30, Issue 107

Hola: [EMAIL PROTECTED] wrote: Send Freeradius-Users mailing list submissions to freeradius-users@lists.freeradius.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help

Re: Freeradius-Users Digest, Vol 30, Issue 106

Hola [EMAIL PROTECTED] wrote: Send Freeradius-Users mailing list submissions to freeradius-users@lists.freeradius.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help'

Re: Freeradius-Users Digest, Vol 30, Issue 105

Hola: [EMAIL PROTECTED] wrote: Send Freeradius-Users mailing list submissions to freeradius-users@lists.freeradius.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help'

delayed Access Reject response

Using freeradius-1.1.7 on Linux Fedora 7. Authentication backend is "unix". Clients so far are Cisco and pam_radius_auth If authentication is correct, the reply from server is sent back to the client quick enough. If the password is incorrect, the Access Reject reply is delayed until the user

Re: Cert Problem with EAP-TTSL, SecureW2 (1.0.5-->1.1.7)

Martin Pauly wrote: > I'm trying to upgrade form 1.0.5 to 1.1.7. > For a test run, I copied all the cert and key files > (only server-side, it's TTLS) from the production server, > and 1.1.7 starts up fine (well, almost, see below). So... did you run the command to set the DH parameters? > W

Re: PAM_RADIUS_AUTH

Sobanbabu Bakthavathsalu wrote: > Thank you for the response. There is no firewall in between the RADIUS server > and Solaris server (RADIUS client), only an Cisco router with standard ACL. I > have verified the ACL matches counter and found that the request from the > clinet itself is not reach

Cert Problem with EAP-TTSL, SecureW2 (1.0.5-->1.1.7)

Hi everybody, I'm trying to upgrade form 1.0.5 to 1.1.7. For a test run, I copied all the cert and key files (only server-side, it's TTLS) from the production server, and 1.1.7 starts up fine (well, almost, see below). When connecting with a SecureW2 client that goes along well with the 1.0.5 s

Re: pam_radius_auth updated spec file, please include in future releases

Florin Andrei wrote: I attached an updated spec file for pam_radius_auth. No, I didn't. _Now_ I did. :-/ -- Florin Andrei http://florin.myip.org/ %define name pam_radius_auth %define shortname pam_radius %define version 1.3.17 %define release 0 Name: %{name} Summary: PAM Module for RADIUS Au

pam_radius_auth updated spec file, please include in future releases

I attached an updated spec file for pam_radius_auth. The original one fails when building as non-root. I fixed that and made a few other minor changes. It would be nice if the build system could generate this spec file from a template, automatically replace the version number inside the spec

RE: PAM_RADIUS_AUTH

Hi Nick, Thank you for the response. There is no firewall in between the RADIUS server and Solaris server (RADIUS client), only an Cisco router with standard ACL. I have verified the ACL matches counter and found that the request from the clinet itself is not reachign the router. Is that host

Re: PAM_RADIUS_AUTH

On 10/30/07, Sobanbabu Bakthavathsalu <[EMAIL PROTECTED]> wrote: > > Hi > > I am trying install the PAM_RADIUS_AUTH on a Solaris 10 server to use RADIUS > for user authentication. > I have managed to successfully compile and install the pam plugin. > When I tried to telnet to the machine from a di

Re: Access-Reject in a php script

Alan DeKok wrote: Is this even considered a bug? Can we expect this to be changed in the future? Yes. Not sure if you looked at the changes I originally made to rlm_exec.c but if you did, I was curious as to whether those changes contradicted the FreeRadius RFC's at all? I dont *think* so

Re: Access-Reject in a php script

Patric wrote: > Alan DeKok wrote: > Is that src/main/exec.c or src/main/auth.c? Sorry, src/main/auth.c > If I look at src/main/auth.c I see the following : > > int rad_authenticate(REQUEST *request) > { > ... > /* Get the user's authorization information from the database */ > autz_redo: >

Re: Access-Reject in a php script

Alan DeKok wrote: Yes, the debug output helped. It looks like it's an issue with src/main/exec.c. The code calling module_authorize() should treat FAIL the same as REJECT. Is that src/main/exec.c or src/main/auth.c? If I look at src/main/auth.c I see the following : int rad_authenticate(R

Re: Server instability

Nicolai Tejlgaard Hansen wrote: > I'm having the exact same problem as described below, with Freeradius > 1.7 hanging at 99 percent. Also using PEAP, MSCHAPV2, and eDir, and > running 1.7 on a SLES 10 SP1. > I have been using the same configuration since 1.3 without any problems > problems, but s

Re: Access-Reject in a php script

manIP wrote: > Have you find out any solutions to that problem? There are whole hours when I don't read this list. > I'm waiting for an answer before modifying the source code... > May be, there is a bug and the official source code should be modified > as Patric did. Yes, the debug output h

Re: freeRADIUS + Openldap with TLS

Hangjun He wrote: > I use freeradius 1.1.6 and Openldap 2.3.32. And now It can authenticate > success( freeRADIUS + Openldap with TLS TLS encrypt.) > > My question is how to set private-key password in radiusd.conf? Is there > a related variable to set, just like "private_key_password" in eap

Turn of user acc - MySQL

Hello I made small web based application and it uses MySql database. I can add user accounts, create packages, add access points etc and now I need to create script for user control. Question is next. Is it better to remove the username from radcheck table or it is better option to add access-rej

PAM_RADIUS_AUTH

Hi I am trying install the PAM_RADIUS_AUTH on a Solaris 10 server to use RADIUS for user authentication. I have managed to successfully compile and install the pam plugin. When I tried to telnet to the machine from a different server I am getting the following error. Failed looking up IP addre

Re: web based admin

Hey Michael, On 10/29/07, Hawkins, Michael <[EMAIL PROTECTED]> wrote: > What do people recommend I use as a web front end for FreeRadius when > managing AAA on a Cisco network via FreeRadius? > > I've seen daloradius but that is geared to wireless hotspots. I've taken > a quick look at phpRADmin a

Re: web based admin

Dear i need also this kind of setup i want to replace AAA ACS with freeradius but i dont know how accouning work in this case and authorization of cisco LEVEL base can u provide me doucment of URL for this setup "Hawkins, Michael" <[EMAIL PROTECTED]> wrote: Hi all, I am very