Andreas Kalb (akalb) wrote:
Now I'm back to my original problem, where I wanted to use an
Ascend-filter with entries matching IP-address from pool. I still don't
know, how to change order of modules to make the IP-address known to the
files-module and appreciated your uidance again.
You
Mikhail Novikov wrote:
You have to configure the server to log to the detail file (or
multiple detail files), and then read that, and proxy those requests
to another server.
How can I confugure the server to read the log file and proxy the
requests to another server?
Hello Alan,
as I see your result I better understand unlang and the mighty of it.
Thx for your patience. All working perfectly well now.
Kind Regards,
Andreas
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Alan DeKok
Sent: Mittwoch, 2. April 2008
Thanks Ivan
So if i understand clear a i need to name and configure ip pool parts in
radius.conf and than use this name as a Pool-Name in LDAp P? Is there a
chance to specify range directly in LDAP and not in ip pool?
Thanks!
D.
2008/3/26 Ivan Kalik [EMAIL PROTECTED]:
Pool-Name. Have a look
Their DUN password is empty.
Ivan Kalik
Kalik Informatika ISP
Dana 2/4/2008, Andrew D (Webzone) [EMAIL PROTECTED] piše:
Hi there,
We are using freeradius 1.1.4 on fbsd5.5 for auth as an ISP.
We occasionally have dialup users that auth with a windows domain login
(without the domain set)
It
Hi,
Hi,
for wpa2 integration in our wireless network i have installed freeradius
1.1.7 und mysql 5.0 under ubuntu and for PEAP/MSCHAPV2 every things
working fine.
you've configured SQL to use the group stuff too - do you
have the required group tables setup and configured? if not,
ONLY use
So if i understand clear a i need to name and configure ip pool parts in
radius.conf and than use this name as a Pool-Name in LDAp P?
Yes.
Is there a
chance to specify range directly in LDAP and not in ip pool?
No, but there is sqlippool. Or use DHCP on your NAS. Or define IP pools
on the NAS
Hi,
for wpa2 integration in our wireless network i have installed freeradius
1.1.7 und mysql 5.0 under ubuntu and for PEAP/MSCHAPV2 every things
working fine.
mysql-db:
10| test | NT-Password| := | 7C53CFA5EA7D0F9B3B968AA0FB51A3F5
when i change the db connection to the database with the
hi,
i want to disconnect user at midnight. So I've read the April 2004's forum
and found some solutions. But there isn't anything about where to put
Session-Timeout attribute. I've tried to put into users file.
DEFAULT Group := 'static', Session-Timeout := `%{expr: ((%l + 86399) %%
86400) - %l}`
Try SQL-Group == static in user file entry. You are not using Unix
groups.
Ivan Kalik
Kalik Informatika ISP
Dana 2/4/2008, [EMAIL PROTECTED]
[EMAIL PROTECTED] piše:
hi,
i want to disconnect user at midnight. So I've read the April 2004's forum
and found some solutions. But there isn't
Phil Mayers wrote:
server vmps {
... stuff
vmps {
... stuff
mac2vlan.authorize
If (!ok) {
update reply {
VMPS-VLAN-Name = Public
}
}
}
}
If is wrong - it should be if
-
List info/subscribe/unsubscribe?
hi,
I am trying to used the rlm_perl for authentication, I've found reading
all the perl modules, but wouldn't able to handle the username from the
client. For the testing purpose I've put this simple script in the perl
program
if ($RAD_REQUEST{'User-Name'} eq john)
{
Hi,
I'm using Freeradius 2.0, I configurated it with an sql database and the
principal job of the radius server is to authorize and authenticate my
wireless user over my network. What I want to do is to give some
attribute to the user when is connected. Like Session-Timeout, bandwith
and some
Alan DeKok wrote:
Dmitry A. Sysoev wrote:
Good afternoon!
Why the radiusd (ver 2.0.3+ cvs) with
killall -HUP radiusd is not reload configuration files?
Because it doesn't. It's hard to do right. And no, Apache doesn't
handle HUP, either. It just *looks* like it handles HUP. It really
What is in the Access-Accept packet?
Ivan Kalik
Kalik Informatika ISP
Dana 2/4/2008, Guillaume Chartrand
[EMAIL PROTECTED] piše:
Hi,
I'm using Freeradius 2.0, I configurated it with an sql database and the
principal job of the radius server is to authorize and authenticate my
wireless user
Giovanni Lovato wrote:
How can I check for syntax errors on configuration files without
starting FreeRADIUS? There exists something like ISC DHCPD -T option?
Read the man radiusd documentation.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Guillaume Chartrand wrote:
...
I have access but my session didn’t disconnect after 30 sec. So can I do
that with wireless configuration? My goal is to give some « guest user »
a limited time and an expiration date.
Many systems won't support a Session-Timeout less than 10 minutes.
Some
Hi,
client. For the testing purpose I've put this simple script in the perl
program
if ($RAD_REQUEST{'User-Name'} eq john)
{
$RAD_REPLY{'A message'} = Accepting John;
return RLM_MODULE_OK;
}
else
Greetings,
Can someone please assist me with Freeradius 2.0.3 crashes on FreeBSD
7.0 .
Below is the outputs from radiusd -X and backtraces from the core files
Crash 1
Wed Apr 2 15:22:44 2008 : Debug: Going to the next request
Wed Apr 2 15:22:44 2008 : Debug:
How can I confugure the server to read the log file and proxy the
requests to another server?
raddb/sites-available/copy-acct-to-home-server
freeradius proxy server has to send all requests to 2 radius servers but
proxy server has to modify attributes (by rule in hints file) in
requests
Mikhail Novikov wrote:
freeradius proxy server has to send all requests to 2 radius servers but
proxy server has to modify attributes (by rule in hints file) in
requests to 1 server and hasn't to modify attributes in requests to 2
server.
Is this possible?
Yes. You can run the
Vikash Badal wrote:
Greetings,
Can someone please assist me with Freeradius 2.0.3 crashes on FreeBSD
7.0 .
It seems to be crashing in the same place, but it's not clear why.
Did you have an earlier version of FreeRADIUS installed on that machine?
Alan DeKok.
-
List
-Original Message-
From:
[EMAIL PROTECTED]
s.org
[mailto:[EMAIL PROTECTED]
reeradius.org] On Behalf Of Alan DeKok
Sent: 02 April 2008 04:50 PM
To: FreeRadius users mailing list
Subject: Re: Please advise : Freeradius 2.0.3 on FreeBSD 7.0
Crashing ...Signal 11 ...
Vikash
Hi Alan,
Can you please reply me about LDAP multiple attributes in the radius reply
response on this? Will really appreciated.
I searched the following thread for ldap multiple attributes but it did not
have right logic without changing data.
Hi,
I had radius 2.0.1 installed and then removed ( via the ports tree )
s'cuse my ignorance - been a while since i dipped into the world of
BSD ports - does the uninstall remove libraries that have been installed
and unlink them etc?
alan
-
List info/subscribe/unsubscribe? See
-Original Message-
From:
[EMAIL PROTECTED]
s.org
[mailto:[EMAIL PROTECTED]
reeradius.org] On Behalf Of [EMAIL PROTECTED]
Sent: 02 April 2008 05:11 PM
To: FreeRadius users mailing list
Subject: Re: Please advise : Freeradius 2.0.3 on FreeBSD 7.0
Crashing...Signal 11 ...
Hi,
[i'm not subscribed to this list, so, please, put me on CC]
I've just setup a 'test installation' of freeradius in a debian etch
box (using freeradius with 1.1.3 recompiled by me to support EAP-TLS).
In my environments there's ever a LDAP server that serve, among other
thinks, also a samba3
Hello,
After installation freeradius server 2.0.3 on Ubuntu 7.10 with:
./configure
./make
./make install
I got this message:
$ radiusd x
radiusd: error while loading shared libraries:
libfreeradius-radius-2.0.3.so: cannot open shared object file: No such
file or directory
How can I fix that?
Am 02.04.2008 um 18:28 schrieb Mikhail Novikov:
Hello,
After installation freeradius server 2.0.3 on Ubuntu 7.10 with:
./configure
./make
./make install
I got this message:
$ radiusd x
radiusd: error while loading shared libraries:
libfreeradius-radius-2.0.3.so: cannot open shared object
Marco Gaiarin wrote:
[i'm not subscribed to this list, so, please, put me on CC]
I've just setup a 'test installation' of freeradius in a debian etch
box (using freeradius with 1.1.3 recompiled by me to support EAP-TLS).
Upgrade to 1.1.7 at least
In my environments there's ever a LDAP
Hi to all.
Firstly, i have to install a new server and my freeradius 2.0.2 it's running
now.
Bur I have a new problem.
With last version, my freeradius work fine, but with this new version, the
users can't connect.
I'm attaching the raddiusd -X
Please help me.
LOG
Description: Binary
Mandi! Phil Mayers
In chel di` si favelave...
box (using freeradius with 1.1.3 recompiled by me to support EAP-TLS).
Upgrade to 1.1.7 at least
...as a debian user, i prefer to keep on 'debian stable' ad using the
offical packet, even if repackaged...
But users file was 'no match, no
Eric Martell wrote:
Can you please reply me about LDAP multiple attributes in the radius
reply response on this? Will really appreciated.
raddb/ldap.attrmap See the operator field, which is an operator
just like in the users file.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Marco Gaiarin wrote:
...as a debian user, i prefer to keep on 'debian stable' ad using the
offical packet, even if repackaged...
... with all of the bugs that were found fixed in a later version.
(so no match imply deny, that imply no WLAN-party ;).
Please don't be cute. It just makes
On users file, last line say:
# On no match, the user is denied access.
In the default config, that's correct, since the default config says:
authorize {
preprocess
chap
mschap
suffix
eap
files
pap
}
i.e. files is the only
after
$ ldconfig
it works fine now.
On Wed, Apr 2, 2008 at 8:38 PM, Nicolas Goutte
[EMAIL PROTECTED] wrote:
Am 02.04.2008 um 18:28 schrieb Mikhail Novikov:
Hello,
After installation freeradius server 2.0.3 on Ubuntu 7.10 with:
./configure
./make
./make install
I got this
I found example:
listen {
...
}
client one {
...
virtual_server = server_one
}
client two {
...
virtual_server = server_two
}
server server_one {
authorize {
...
}
...
}
server server_two {
authorize {
I'm back. Small reminder, since it appears that list members are
helping a sufficient number of folks that remembering my particular
setup would be non-trivial:
- I'm running FreeRADIUS-2.0.3 (rlm_pap is patched as was discussed on
this mailing list), with TTLS/PAP using OpenLDAP as the
Hi,
Firstly, i have to install a new server and my freeradius 2.0.2 it's running
now.
Bur I have a new problem.
With last version, my freeradius work fine, but with this new version, the
users can't connect.
I'm attaching the raddiusd -X
so, you've just installed 2.0.2 (why not
Hi,
How can I check for syntax errors on configuration files without
starting FreeRADIUS? There exists something like ISC DHCPD -T option?
with FreeRADIUS 2.0.2
[EMAIL PROTECTED] ~]$ radiusd -h
Usage: radiusd [-d db_dir] [-l log_dir] [-i address] [-n name] [-fsvXx]
Options:
-C
Hi Alan,
Thanks so much. Really appreciated. It works !
One more simple/stupid question regarding duplicate entries in the LDAP.
We have scenarios when one PC gets transfered to other user, we don't delete
the registered MAC address of the previous PC. The other new user still able to
Hi Alan.
My old version is 1.1.3-1.2 and it's installed in other server.
I think that 2.0.2 version is the newest but i have try to install 2.0.3
I don't use the same config files, i was to configure all files again.
Regards.
Message: 8
Date: Wed, 2 Apr 2008 19:05:47 +0100
From: [EMAIL
Hi,
How can I specify:
1) server_one has to modify and proxy requests to 192.168.0.10:1812
2) server_two has to proxy requests to 192.168.0.11:1812
put the required attribute filters and rewrites into
each server section. then they'll do the right thing. I'd use
unlang to write the Proxy
How can I specify:
1) server_one has to modify and proxy requests to 192.168.0.10:1812
2) server_two has to proxy requests to 192.168.0.11:1812
put the required attribute filters and rewrites into
each server section. then they'll do the right thing. I'd use
unlang to write the
Hi,
Iserver_one and server_two have to process all requests.
Are following realms correct?
realm DEFAULT {
type= radius
authhost= 192.168.0.10:1812
accthost= 192.168.0.10:1813
secret = testing123
}
realm DEFAULT {
realm DEFAULT1 {
type= radius
authhost= 192.168.0.10:1812
accthost= 192.168.0.10:1813
secret = testing123
}
realm DEFAULT2 {
type= radius
authhost= 192.168.0.11:1812
You (probably) haven't configured realm ntdomain {} so your username is
dom_cuernavaca\test and not test.
Ivan Kalik
Kalik InformatikaISP
Dana 2/4/2008, Gustavo Chavelas [EMAIL PROTECTED] piše:
Hi Alan.
My old version is 1.1.3-1.2 and it's installed in other server.
I think that 2.0.2 version
On users file, last line say:
# On no match, the user is denied access.
(so no match imply deny, that imply no WLAN-party ;).
That applies if user details are stored (only) in files. Not if they are
in ldap, sql ...
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe?
Hi,
I have installed the latest freeradius server (version: 2.0.3) on my
Fedora Core 5 i386 PC. Now it can work ok when I use radtest test test
localhost 0 testing123 to test local user from local. And under debug mode
radiusd -X the server can print out relevant handle info. However,
server is silent, and stop Ready to process requests.. That means the
server cannot handle external radius request.
I use Wireshark and can capture the radius request packet. And it is right
request, but server cannot handle it and print anything on termination. I'm
confused. Could you give me
Should I be able to either
1) Set a Huntgroup via the huntgroups file (matching on NAS-IP-Address) and
use that in the Hints file as a match (Huntgroup-Name == blah) or
2) Set a Hint in the hints file and use that to define as the match for the
Huntgroup
Currently testing on FreeRADIUS
I've to set up my FR to let a User telnet into my Cisco Router.
Whithout further contact to my client until Friday, I will test my
environment in advance.
Accepting a session using this attributes will work fine. I'll get an IP and
can connect to the router using telnet.
Session-Timeout : 14400
UNCLASSIFIED
-Original Message-
From:
[EMAIL PROTECTED]
eradius.org [mailto:freeradius-users-
[EMAIL PROTECTED] On
Behalf Of Dean Smith
Sent: Thursday, 3 April 2008 09:20
To: freeradius-users@lists.freeradius.org
Subject: Hints Huntgroups
Should I be able to either
1)
Eric Martell wrote:
If there a way when ldap query (irrespective of how I use) finds
multiple resultset, gets the first result and returns success instead of
sending reject.
Edit the source code to rlm_ldap.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Sylvain Robitaille wrote:
I'm back. Small reminder, since it appears that list members are
helping a sufficient number of folks that remembering my particular
setup would be non-trivial:
I have trouble remembering messages from 10 minutes ago. It's easier
that way.
...
- My
What is in the Access-Accept packet?
Ivan Kalik
Kalik Informatika ISP
Sending Access-Accept of id 98 to 172.20.50.202 port 1037
Session-Timeout := 30
MS-MPPE-Recv-Key =
0x7a1997f1239667f0efeb3c4461711ac3467845bad3fc11db5ceaaae6b4161ec7
MS-MPPE-Send-Key =
The result is still same. It doesn't return Session-Timeout.
How would be the Value field in radgroupreply, if I tried to use mysql
table instead of users file.
Try SQL-Group == static in user file entry. You are not using Unix
groups.
Ivan Kalik
Kalik Informatika ISP
Dana 2/4/2008,
Hi I have set up Free Radius to allows users to set up certificates on their
notebook and get access to the Internet.
When i set EAP i cant sem to allow monowall captiv portal users to login to
the RADIUS Server.
Is there any settings to be done in users.conf file or radiusd .conf file to
allow
On Thu, 3 Apr 2008, Alan DeKok wrote:
I have trouble remembering messages from 10 minutes ago. It's easier
that way.
There were messages 10 minutes ago? ;-)
...
- My configuration files are nearly stock, with the exception of the
necessary configuration to get the ldap module
On Apr 2, 2008, at 5:52 PM, Alan DeKok wrote:
Sylvain Robitaille wrote:
What I'm aiming to accomplish, however, is that the FreeRADIUS server
will authorize users for different services based on a slightly
different LDAP query. The users are in various groups, which can be
checked by
60 matches
Mail list logo