Hi,
Is there any way to make freeradius check against multiple passwords for
the same user in a mysql database ?
In the case of an OTP, there are multiple passwords to check, because of
time difference between server and client, therefore I need freeradius
to try auth on multiple passwords in
Hi,
I’m trying to set up Freeradius to use the LDAP module for the authorization
and process authentication with MSCHAPv2.
My goal is to assign vlans from some Organizational Units in AD.
I wanted to use into the users files the argument “huntgroups” because it
could check OU.
Last time I tried
Hi,
I am trying to configure free radius to work with our 28 NASs.
These NASs are split into two groups, at different locations (equal
split 14-14).
ll NASs report NAS-IP-Address correctly (ie uniquely)
Any device requesting authentication randomly connects to any one of the
28 NASs.
All
Sorry should have given this email a title...
Simon Earthrowl wrote:
Hi,
I am trying to configure free radius to work with our 28 NASs.
These NASs are split into two groups, at different locations (equal
split 14-14).
ll NASs report NAS-IP-Address correctly (ie uniquely)
Any device requesting
For start record I have
Tue Feb 17 00:21:11 2009
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 416808
NAS-Port-Type = Ethernet
User-Name = branka
Calling-Station-Id = 00:4F:62:09:3C:C9
NAS-Port-Id = konc-javne
Acct-Session-Id = 8135a552
My goal is to assign vlans from some Organizational Units in AD.
So do it. You don't need to force any Auth or Autz types. Set up the
group membership filter in ldap module. It will give you Ldap-Group
which you can use to assign vlans:
DEFAULT Ldap-Group == something
some
I am trying to configure free radius to work with our 28 NASs.
These NASs are split into two groups, at different locations (equal
split 14-14).
ll NASs report NAS-IP-Address correctly (ie uniquely)
Any device requesting authentication randomly connects to any one of the
28 NASs.
All devices are
Damjan wrote:
I've noticed that the check that ./configure script does in order to
find out if gdbm si used only tries to link with gdbm_compat.
The rlm_dbm module is deprecated, and should not be used.
All of the functionality is has is now available in the files
module. That module was
Dear all,
I'm trying to setup my FreeRADIUS to verify user credentials from
windows AD (at the moment I'm using users file). I have no experience in
joining Linux based machine to windows domain, I had a look at few
guides and found that the easiest way is to use likewise-open. I've
joined my
For start record I have
Tue Feb 17 00:21:11 2009
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 416808
NAS-Port-Type = Ethernet
User-Name = branka
Calling-Station-Id = 00:4F:62:09:3C:C9
NAS-Port-Id = konc-javne
Acct-Session-Id = 8135a552
I have at
Tue Feb 17 11:22:44 2009 and
Tue Feb 17 11:24:14 2009 which is OK because the updates are set to every 90
seconds.
According to database the session was closed at 2009-02-17 11:23:16
After Tue Feb 17 11:24:14 2009, radius still receives regular updates.
acctterminatecause is empty and
Hi Ivan,
Many many thanks! Having put 'files' back into authorize, this has given
me a solution.
is there anyway this can be implemented with just sql?
Kind regards
Simon
t...@kalik.net wrote:
I am trying to configure free radius to work with our 28 NASs.
These NASs are split into two
Many many thanks! Having put 'files' back into authorize, this has given
me a solution.
is there anyway this can be implemented with just sql?
Yes. Create radgroupcheck entries where each DEFAULT entry will belong to
a different group. Add each user to all 4 groups.
Ivan Kalik
Kalik
tnt-4 wrote:
So do it. You don't need to force any Auth or Autz types. Set up the
group membership filter in ldap module. It will give you Ldap-Group
which you can use to assign vlans:
DEFAULT Ldap-Group == something
some tunnel attributes
DEFAULT Ldap-Group ==
Hi Ivan,
Many thanks for your suggestion. However, (using 2.1.3) my
sqlippool.conf file is now:
sqlippool {
#
## SQL instance to use (from sql.conf) ##
#
sql-instance-name = sql
Install samba and winbind. That's the proper way to pass auth to AD.
Forget likewise-open.
It works quite well the way that's documented in the wiki. You'll
probably waste a lot of time doing it any other way.
Mearl
-Original Message-
From: freeradius-users-
- User file new looks like :
DEFAULT Ldap-Group == cn=vlan1,ou=vlans,dc=test,dc=fr, Autz-Type := LDAP
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-Id = 2,
Reply-Message = ok
Remove that Autz-Type := Ldap
- Into the sites-enabled/default inner-tunnel :
Thanks for that, I'll get samba and winbind working from freeradius
wiki.
Cheers,
Tomas
On Wed, 2009-02-18 at 08:54 -0600, Danner, Mearl wrote:
Install samba and winbind. That's the proper way to pass auth to AD.
Forget likewise-open.
It works quite well the way that's documented in the
Remove that Autz-Type := Ldap
Done.
preprocess
Autz-Type LDAP {
ldap
}
Removed too.
And the debug (a little bit long...) :
Wed Feb 18 16:19:31 2009 : Debug: Listening on authentication address * port
1812
Wed Feb 18 16:19:31 2009 : Debug: Listening on accounting address * port
1813
Hello,
I'm trying to authenticate users using CHAP and store the passwords in the SQL,
but I'm having a hard time.
I checked past messages, but I still couldn't get it to work ... Below is my
Access-Request packet
Wed Feb 18 12:31:04 2009
Packet-Type = Access-Request
Am 18.02.2009 um 16:39 schrieb Marcelo Freitas:
Hello,
I'm trying to authenticate users using CHAP and store the passwords
in the SQL, but I'm having a hard time.
I checked past messages, but I still couldn't get it to work ...
Below is my Access-Request packet
Wed Feb 18 12:31:04
Many thanks for your suggestion. However, (using 2.1.3) my
sqlippool.conf file is now:
sqlippool {
#
## SQL instance to use (from sql.conf) ##
#
sql-instance-name = sql
Hi Ivan,
t...@kalik.net wrote:
Many thanks for your suggestion. However, (using 2.1.3) my
sqlippool.conf file is now:
sqlippool {
#
## SQL instance to use (from sql.conf) ##
#
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: performing search in
cn=vlan1,dc=test,dc=fr, with filter (samaccountname=uservlan1)
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap: object not found or got
ambiguous search result
Wed Feb 18 16:19:43 2009 : Debug: rlm_ldap::ldap_groupcmp: search failed
User
I've tried adding to the radcheck table ( INSERT into `radcheck` SET
`id` = 0, `username` = '447', `op` = ':=', `value` =
'%{control:Huntgroup-Name}`; )
Typo. It should be ' not ` at the end.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
Hi Ivan,
t...@kalik.net wrote:
I've tried adding to the radcheck table ( INSERT into `radcheck` SET
`id` = 0, `username` = '447', `attribute` = 'Pool-Name' `op` = ':=',
`value` =
'%{control:Huntgroup-Name}`; )
Sorry The result is still the same:
Wed Feb 18 16:53:34 2009 : Debug:
I've tried adding to the radcheck table ( INSERT into `radcheck` SET
`id` = 0, `username` = '447', `attribute` = 'Pool-Name' `op` =
':=', `value` =
'%{control:Huntgroup-Name}`; )
Sorry The result is still the same:
OK. sql safe characters in play. Then use unlang:
update control {
27 matches
Mail list logo