i m trying to set up freeradius 2.1.1 for wireless authentication with login
time
but it ignores the time span. what did i do wrong, below is the radiusd -X
output
and /raddb/users attr
eeRADIUS Version 2.1.1, for host i686-pc-linux-gnu, built on Dec 3 2008 at
19:20:03
Copyright (C)
Alan DeKok wrote:
Padam J Singh wrote:
The attributes I want to send are VSAs anyway, so I fail to see how this
violates the RFC.
It doesn't. Technically. But it's a bad idea.
Can you explain why you need to send the attributes, and what the NAS
does with them?
The reason I would
jerry kwajaffa wrote:
i m trying to set up freeradius 2.1.1 for wireless authentication with
login time
but it ignores the time span.
What does that mean?
what did i do wrong, below is the radiusd
-X output
Which shows the server starting... and doing nothing. i.e. not
sending or
2008/12/15 a.l.m.bu...@lboro.ac.uk:
hi,
why go backwards when you have the right wireless
technology in place? you need to look at the windows
client end of things. I'd suggest looking at automating
the setup..the best thing would be to have another
wireless SSID (eg 'setup for XYZ' -
Result of UDP Scan Port:
r...@xx:~# nmap -sU localhost
Starting Nmap 4.53 ( http://insecure.org ) at 2008-12-15 14:48 WET
Interesting ports on localhost (127.0.0.1):
Not shown: 1483 closed ports
PORT STATE SERVICE
67/udp open|filtered dhcps
68/udp open|filtered dhcpc
1812/udp
Greets,
Using freeradius 2.0.5 and rlm_perl.
Let's say we have a username which is locked in /etc/shadow.
Normal authentication will prevent this user from logging in.
I would like to override this behaviour in either authorize() or
post_auth() and allow the user to login (but with modified
Lech Karol Pawłaszek wrote:
Hello.
I've encountered a weird problem. Tested on the newest stable (2.1.3)
too. Well it's not a problem anymore since I found out a way to make my
unlangish things work but:
I wanted to check some things in post-auth. I am passing some arguments
to my script and I
Hi,
I've just installed Freeradius 2.1.3 on a Debian Lenny, but I'm getting
the following error with radwho:
server:~# radwho
radwho: Error reading /var/log/freeradius/sradutmp: No such file or
directory
Radlast works. There is no sradutmp, but there is a radutmp file. How do
I set radwho to
Saeed Akhtar wrote:
Hi all,
I want to use perl for authorize and accounting function in
freeradius. I have successfully configured perl. Now I have a little
problem, I don't know how to tell freeradius that reply with
Access-Accept message. Because rlm_module_ok tells that this module
Hello.
I've encountered a weird problem. Tested on the newest stable (2.1.3)
too. Well it's not a problem anymore since I found out a way to make my
unlangish things work but:
I wanted to check some things in post-auth. I am passing some arguments
to my script and I want to do something based on
Is there a way to change the reply from Access-Reject, to Access-Accept?
There is a way to change the packet type but it is a bad idea. Placing
unauthorized users in something like a guest VLAN should be the part of
your NAS functionality, rather than (deliberately) breaking
authentication on
Lech Karol Pawłaszek wrote:
Argh! True. However I still have the same symptoms even if I'll put the
missing brace like this:
The exec module converts all carriage returns to spaces. This is
likely what's happening here.
Maybe it should do that for all carriage returns *except* for the
Uncomment sradutmp in accounting section of the virtual server you are
using (probably default) for accounting.
Ivan Kalik
Kalik Informatika ISP
Dana 15/12/2008, rgreiner mrgrei...@gmail.com piše:
Hi,
I've just installed Freeradius 2.1.3 on a Debian Lenny, but I'm getting
the following error
Jason Wittlin-Cohen wrote:
When authenticating via PEAP or TTLS with an anonymous identity, the log
shows both the anonymous identity and the real identity tunneled through
the TLS tunnel. However, when TLS session resumption (caching) is
enabled, only the anonymous identity is logged. This is
Hello guys, I am a little bit scared how hard can be to deploy the FreeRADIUS,
I found this in the internet: (aradial.com) this guys claim to have a very
convenient and professional AAA server with a convenient price, does anybody
here have experience with that aradial radius server? What would
Alan DeKok wrote:
Padam J Singh wrote:
The reason I would like to use this is because the NAS I am building is
a network controller which offers advance features like speed select in
the same session, add new IP filter policies applied live on an update.
I do not want to implement an out of
Hello all,
Am using freeradius as my network AAA. For now it is working fine
but now I get into a need that I could not solve. I have an small WISP
and I use radius do authenticate/account my PPPoE/Hotspot clientes. This
works fine using MySQL.
My problem is that I need to control
Hi all,
I want to use perl for authorize and accounting function in freeradius. I
have successfully configured perl. Now I have a little problem, I don't know
how to tell freeradius that reply with Access-Accept message. Because
rlm_module_ok tells that this module executed successfully. Now I
Hi everyone,
I have a problem when I want to pass attributes for radgroupreply to the
NAS.
My NAS is a Linksys with chillispot installed, and I've installed
Freeradius-2.1.3 with his dictionary:
# The filename given here should be an absolute path.
#
$INCLUDE
Phil Mayers wrote:
Lech Karol Pawłaszek wrote:
[...]
switch %{exec:/script %{User-Name}
%{outer.request:Calling-Station-Id} {
You're missing a closing }
I suspect this is adding a trailing to the output
[...]
if (%{Calling-Station-Id} == %{exec:/script2
%{Calling-Station-Id}) {
Mon Dec 15 10:38:11 2008 : Info: No Pool-Name defined (did cli port
user us...@without_ip)
Tecnically the authentication works fine, I want only understand if I can
avoid this message.
Don't log it. You will need to alter the code for that.
Ivan Kalik
Kalik Informatika ISP
-
List
-Messaggio originale-
Da: freeradius-users-bounces+a.savio=bascom...@lists.freeradius.org
[mailto:freeradius-users-bounces+a.savio=bascom...@lists.freeradius.org] Per
conto di t...@kalik.net
Inviato: venerdì 12 dicembre 2008 18.00
A: FreeRadius users mailing list
Oggetto: Re: R: freeradius
Padam J Singh wrote:
The reason I would like to use this is because the NAS I am building is
a network controller which offers advance features like speed select in
the same session, add new IP filter policies applied live on an update.
I do not want to implement an out of band service
Hi Aldo,
Posting this type of question to a support mailing list will generally
result in some sort of all out war on why X and Y are different and why Y is
better than X to do the same thing.
A solution that involves radius will come with certain business model
decisions that need to be
/raddb/users
steve Cleartext-Password := testing
Login-Time = Al1900-2000,
Expiration := 23 Dec 2008,
Session-Timeout = 200,
Simultaneous-Use = 1,
Service-Type = Framed-User,
# Framed-Protocol = PPP,
Most of these attributes are placed
right ! =/
I think the problem is the mt SMC don't send accounting packets. =/
2008/12/15 YvesDM ydm...@gmail.com
On Fri, Dec 12, 2008 at 5:33 PM, Diogo Teixeira diogo@gmail.comwrote:
and i done everything i it still don't work.
You do have port 1813 open on your radius right?
It is working now.
Thank you very much.
Roberto
t...@kalik.net wrote:
Uncomment sradutmp in accounting section of the virtual server you are
using (probably default) for accounting.
Ivan Kalik
Kalik Informatika ISP
Dana 15/12/2008, rgreiner mrgrei...@gmail.com pi¹e:
Hi,
I've just
Hello all,
Just to tell that I had this working. I was not reading sites-avaible as I
should. Now it is working... Now I will start editing mysql/dialup.conf to
use my system... Thanks all!
2008/12/15 Nataniel Klug n...@cnett.com.br
Hello all,
Am using freeradius as my network AAA. For
My problem is that I need to control my clients MAC address that
will connect into my APs. My AP will send it package like this to radius:
Mon Dec 15 14:38:25 2008 : Auth: Login incorrect:
[00:15:AF:6B:E0:E2/password] (from client ap2000 port 0)
MAC address I already have into my mysql
Hello all,
A new problem on my Radius tryout... Now I cant authorize my MAC
clients. This is how it gets into my server:
Listening on authentication address 172.30.0.27 port 1812 as server ppp
Listening on accounting address 172.30.0.27 port 1813 as server ppp
Listening on
Ivan,
This is not possible becouse of an administrative system that I use. I
have to set two separeted radius servers for this.
t...@kalik.net escreveu:
My problem is that I need to control my clients MAC address that
will connect into my APs. My AP will send it package like this to
Alan,
Honestly I have read this document but I do not see what i need to do.
On Mon, Dec 15, 2008 at 1:37 AM, Alan DeKok al...@deployingradius.comwrote:
Justin A. Williams wrote:
I see that the mac address from the calling-station-id but then it will
not login with the user.
If i
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck
WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT id, username,
attribute, value, op FROM radcheck WHERE username =
'p...@dominio.com' ORDER BY id
WARNING: Found User-Password ==
WARNING: Are you sure you
Ready to process requests.
rad_recv: Access-Request packet from host 172.30.0.165 port 6001, id=3,
length=69
User-Name = 00:19:79:0F:98:3D
User-Password = cnett1298
NAS-IP-Address = 172.30.0.165
NAS-Port = 0
server proxim {
+- entering group authorize {...}
Look again. Hint: have a look at you radcheck entry and the one in the
document.
Ivan Kalik
Kalik Informatika ISP
Dana 15/12/2008, Justin A. Williams jus...@justinawilliams.com
piše:
Alan,
Honestly I have read this document but I do not see what i need to do.
On Mon, Dec 15, 2008 at
PS. You don't need checkval in inner-tunnel or you should copy request
attributes into the tunnel as well (see eap.conf, peap section).
Ivan Kalik
Kalik Informatika ISP
Dana 15/12/2008, Justin A. Williams jus...@justinawilliams.com
piše:
Alan,
Honestly I have read this document but I do not
Ivan,
I can just throw it away... and I still need this to work. There should
be someway to make this happens...
t...@kalik.net escreveu:
Lets try again: put the mac address in to the radcheck table as UserName
field. Without that mac authentication is not going to work. If your
Aldo Zavala wrote:
Hello guys, I am a little bit scared how hard can be to deploy the
FreeRADIUS, I found this in the internet: (aradial.com) this guys claim to
have a very convenient and professional AAA server with a convenient price,
does anybody here have experience with that aradial
Sergio Belkin seb...@gmail.com wrote:
Thanks for ideas,
In fact, some things you suggest I am using right now :) for example:
*Automatized SecureW2 installer (ttls)
*Web Page with secondary password for peap
But even so, some users find somewhat hard to use.
We seem to have no real
I can just throw it away... and I still need this to work. There should
be someway to make this happens...
How many times does someone need to tell you: PUT MAC ADDRESS AS USERNAME
IN RADCHECK TABLE!
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
I am not wanting to do MAC filtering from the ap.. That is why it is not in
the username FIELD
You dont have to be an ass about it
On Mon, Dec 15, 2008 at 2:14 PM, t...@kalik.net wrote:
I can just throw it away... and I still need this to work. There should
be someway to make this
://lists.freeradius.org/pipermail/freeradius-users/attachments/20081215/a73608a8/attachment.html
--
Message: 6
Date: Mon, 15 Dec 2008 21:03:36 +0100
From: Alan DeKok al...@deployingradius.com
Subject: Re: FreeRADIUS vs Aradial RADIUS
To: FreeRadius users mailing list
I am not wanting to do MAC filtering from the ap.. That is why it is not in
the username FIELD
Ahem:
rad_recv: Access-Request packet from host 172.30.0.165 port 6001, id=3,
length=69
User-Name = 00:19:79:0F:98:3D
User-Password = cnett1298
NAS-IP-Address = 172.30.0.165
And how many time I have to say: I CAN'T PUT MAC IN USERNAME FIELD!
You are always helping people here but, if you can't, don't answer being
rude!
t...@kalik.net escreveu:
I can just throw it away... and I still need this to work. There should
be someway to make this happens...
How
2008/12/15 Alexander Clouter a...@digriz.org.uk:
Sergio Belkin seb...@gmail.com wrote:
Thanks for ideas,
In fact, some things you suggest I am using right now :) for example:
*Automatized SecureW2 installer (ttls)
*Web Page with secondary password for peap
But even so, some users find
Ivan,
In my case I can't look for MAC in Username field and I have to look for
that mac in Value field. Hope that have a way to make this happens.
t...@kalik.net escreveu:
I am not wanting to do MAC filtering from the ap.. That is why it is not in
the username FIELD
Ahem:
Hi, I'm wondering if someone can point me in the right direction. I want to
list radius clients with the same IPs (and different shared secrets). This
would let me use freeradius among multiple offices, where each could use the
same IP addresses for the radius clients. I need something very
Well thats not entirely true; you can create an association table(if thats
the right term) which has id,username, mac and then edit your query with
some joins and additional magic...I would not suggest this but it is
possible just very messy. I would highly recommend doing this the
traditional
Hi, I'm wondering if someone can point me in the right direction. I want to
list radius clients with the same IPs (and different shared secrets). This
would let me use freeradius among multiple offices, where each could use the
same IP addresses for the radius clients.
And how is routing going to
Nataniel Klug wrote:
In my case I can't look for MAC in Username field and I have to look for
that mac in Value field. Hope that have a way to make this happens.
t...@kalik.net escreveu:
I am not wanting to do MAC filtering from the ap.. That is why it is not in
the username FIELD
Eric Geier wrote:
Hi, I'm wondering if someone can point me in the right direction. I want to
list radius clients with the same IPs (and different shared secrets). This
would let me use freeradius among multiple offices, where each could use the
same IP addresses for the radius clients. I need
Maybe I don't completely understand the issue, can you give us some
background to why you can't? or a little more detail on your setup. I
originally assumed you had to look in the value you field because of other
authentications you do with that user name...but as I think about it more I
just get
To be fair, there probably is a way to create an unlang hack (are we
going to advocate unlang auth now) that can tie up mac address from the
user entry with the one in the mac auth request (regexp check if
username is mac address; if it is see if there is such mac address in
the database and force
I completely agree with you! I am still curious to why adding a user is not
an option though. Hopefully we will be enlightened as to why it is not an
option.
2008/12/15 t...@kalik.net
To be fair, there probably is a way to create an unlang hack (are we
going to advocate unlang auth now) that
Leigh and Ivan,
I have a system that works on my WISP and this program is not hackable
(economic reasons -- this would cost too much to alter). As I already
have all my clients MAC address into radcheck table (as a value for
Calling-Station-Id) why can't I use this MAC to authenticate it in
Hi, I'm wondering if someone can point me in the right direction. I
want to
list radius clients with the same IPs (and different shared secrets).
This
would let me use freeradius among multiple offices, where each could
use the
same IP addresses for the radius clients.
And how is routing
Does your WISP run off this same instance of FreeRadius or just using a
common database?
To elaborate on the dilemma; if you configure your freeradius to check the
attribute column for the MAC address how would you find the users password
since that is associated with the real username not the
Okay. What you need to do is set ips in the client configuraiton file
for each of the APs that is going to be authenticating by using their
external ip address, which is where the connection will appear to come
from to freeradius. do a freeradius -X and it should be quite
explanatory, when you try
58 matches
Mail list logo
