Hi all,
I have done basic setup of freeradius and tested in my old PC (PIII).
Now I want to do the real thing but I need some estimation regarding
this. Can somebody share their knowledge on this?
What is the bandwidth requirement for dedicated radius service based
on numbers of user or
Bandwidth is needed on your router. Between your router and your radius
server you will only have authentication and accounting packets which
are small and do not consume much of a bandwidth.
Radius server will not do any rate limiting, radius server will only
send rate limit data to router,
Kanwar Ranbir Sandhu wrote:
Ok, fair enough. But, I've set up freeradius to not allow more than one
session. How is a new row being added to radacct when the first one for
the same user still has acctstoptime as NULL? I thought the sql
queries were designed to stop that when using
Alan Buxey wrote:
in my proxy.conf I have a FQDN for a proxy destination.
That's generally a bad idea, but OK...
that FQDN has a record (and all other operations to
it from the server us IPv6 for transit). however, FreeRADIUS
doesnt want to talk to that remote proxy via IPv6
What
Larry Ross wrote:
It appears though that there may be a bug in the string copy function of
the rlm_ldap function (or whatever is responsible for copying the
attributes from LDAP to Server core for MSCHAP challenge compare) We
noticed the truncation upon 00 and 3d in the NT-Password hash (so
Joe Maimon wrote:
So I write all accounting coming into the server duplicated into
multiple detail files, one per potential destination.
Yes.
Then I have a reader which while reading filters only what I want to
send to the destination.
Yes.
I have multiple readers.
I think I get
Gary Gatten wrote:
If I understand you correctly – I respectfully submit you are
incorrect. When using VLSM / classless masks to define a NETWORK, you
are correct (I haven’t checked the math – just assuming you are
correct). However, when defining ACL type stuff, the proposed /29 would
be
Hi,
I need help for radius proxy configurations.
I have following setup
RAS -- Free radius- Proxy radius
1) I want freeradius should proxy the request coming with gan...@domain1.com to
proxy server but this user's accounting and authentication should be done
locally.
2)Freeradius should
I am using FR v2.1.6.
I tried to use clause like `%{sql: SELECT ...}`. But length of SQL-query is so
large for using as field of SQL-table.
And I thought that I can create variable like myquery = SELECT ... as entry
of configuration file,
and to use this as `%{sql:${myquery}}`. But it didn't
Hi,
in my proxy.conf I have a FQDN for a proxy destination.
That's generally a bad idea, but OK...
ah really? okay - I can dig that (no pun intended honest!) - it
best practice is to use the IPv4/IPv6 address instead then I can go
that way.
What does that mean? It *prefers* IPv4.
hi,
I have installed freeradius2.1.6 recently. Radius server was started
successfully. But when i sent a packet using NTRadping its stored in file
but not writing in oracle.
when i run radiusd-X
--few lines here --
[sql] expand: %{User-Name} - free
[sql] sql_set_user escaped user --
08/21/2009 12:14 PM, shivashankar::
rlm_sql_oracle: execute query failed in sql_query: ORA-01400: cannot insert
NULL into (RADIUSUSER.RADACCT.GROUPNAME)
[...]
in radacct table we have GROUPNAME is not null..
Alow it (GROUPNAME) to be NULL?
--
Architecte Informatique chez
Hello,
I have a strange problem with CoA-Ack receive
I send test Coa packet to nas (juniper erx), the nas sees the packet and do
corresponding action as well, and sends Coa-Ack back
Nothing strange in nas debug or tcpdump
But radclient says:
some# /usr/local/bin/radclient -t20 -r 1 -c 1 -f
Anton G. wrote:
I have a strange problem with CoA-Ack receive
Which version of the software are you using?
It works for me with the latest git stable tree...
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Does anyone know how to configure the following things.
RAS --- Free radius Proxy Radius
1) I want to echo the free radius accounting request with modified two radius
attributes to another proxy radius server.
2) but another radius server will not send any aknowledgement back to
Agreed. Since the OP was presented with conflicting info I simply provided a
little training to let the OP know that I actually know WTF I'm talking about
(sometimes) and that /29 will work. When all else fails, try it and see what
happens!
- Original Message -
From:
Hello Johan and everyone else.
Thank you very much Johan for your short answer. Some
posts have confused me even more than I was when posted to
the list. I was blaming on my English, could be I was
asking it a wrong way.
Anyway, thank you all again. I am pretty sure you know
what you
On Fri, Aug 21, 2009 at 2:27 PM, Igor Smitransi...@blic.net wrote:
Bandwidth is needed on your router. Between your router and your radius
server you will only have authentication and accounting packets which
are small and do not consume much of a bandwidth.
Radius server will not do any rate
Depends a lot on NASs implementation of accounting. Some NAS send
accounting packets every X minutes. Some do it based on accounting
timers per session... so bandwidth utilization is quite different.
From a live server having 2000 users online, with NASs sending
accounting updates every 5
Deepak wrote:
Thanks for info I needed. I got the hardware part. Regarding the
bandwidth in router, how much bandwidth is needed (rough estimate)
given that thousands of users are online and radius is continuously
getting accounting packets from various APs?
It's up to YOU.
You can set
Hello, so for the BASIC question! First, is there any docs that explain
the concepts of how all the various pieces of FR tie together? I've
read a bunch of stuff and am making some headway, but some of the
architecture and process flow still escapes me. If I can gain a better
understanding of
Sorry! s/so/sorry in OP
From: freeradius-users-bounces+ggatten=waddell@lists.freeradius.org
[mailto:freeradius-users-bounces+ggatten=waddell@lists.freeradius.or
g] On Behalf Of Gary Gatten
Sent: Friday, August 21, 2009 10:34 AM
To: FreeRadius
I have installed freeradius2.1.6 recently. Radius server was started
successfully. But when i sent a packet using NTRadping its stored in file
but not writing in oracle.
when i run radiusd-X
...
rlm_sql_oracle: execute query failed in sql_query: ORA-01400: cannot
insert
NULL into
Hello, so for the BASIC question! First, is there any docs that explain
the concepts of how all the various pieces of FR tie together?
Read the debug - it will tell you what server does when it starts and when
it processes the request.
We have various environments that need to authenticate
RAS --- Free radius Proxy Radius
1) I want to echo the free radius accounting request with modified two
radius attributes to another proxy radius server.
See copy-acct-to-home-server virtual server.
2) but another radius server will not send any aknowledgement back to
freeradius
Check this out... I entered the Domain Name manually and it worked!
So, now I have no freaking clue... I thought it was something with the
// in the DomainName//UserName - but doesn't look like it.
Here's some debug output. I snipped all the stuff before this output -
from what I can
I've tried MANY different confs, including those in docs and suggested here. I
have new debug output that leads me to believe its a bug in the Xsupplicant.
Ill post that output after lunch. And ill try Alans conf again. BUT, if my
conf was wrong why does it work when I manually enter the exact
On 08/21/2009 11:33 AM, Gary Gatten wrote:
Hello, so for the BASIC question! First, is there any docs that explain
the concepts of how all the various pieces of FR tie together? I’ve read
a bunch of stuff and am making some headway, but some of the
architecture and process flow still escapes
On 8/20/09, Nicholas Cappelletti n...@switchtower.org wrote:
Hello Rokkhan,
I was curious if you could send me the configuration you have on your Cisco
AP's for telnet/ssh access? I'm having some trouble with mine, but I'm able
to authentication my routers and switches just fine.
I would
users:
DEFAULT SQL-Group == 'Group1'
...
But files chooses sql_acct (alphabetic first) as sql entry.
How to choose sql_auth?
http://wiki.freeradius.org/Rlm_ldap#Group_Support
Same applies to sql groups.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
Hi all,
I'm using Freeradius 2.1.6 talking to an LDAP server. I am able to do
basic LDAP authentication and everything is fine from that point of view.
What I am trying to do is retrieve some additional values from the LDAP
server, I'm sure it should be a simple thing to do but I can't work out
On Sun, Aug 16, 2009 at 10:11:02AM +0200, Alan DeKok wrote:
vol...@ufamts.ru wrote:
If home server does not respond, FR does not respond too - NAS repeats
request - FR writes request data to SQL again.
So... configure the server to respond. See the file
On Fri, Aug 21, 2009 at 08:36:58PM +0100, John Smith wrote:
I'm using Freeradius 2.1.6 talking to an LDAP server. I am able to do
basic LDAP authentication and everything is fine from that point of view.
What I am trying to do is retrieve some additional values from the LDAP
server, I'm sure
What I am trying to do is retrieve some additional values from the LDAP
server, I'm sure it should be a simple thing to do but I can't work out
how to do it.
e.g. running ldapsearch -h ldap.server -x -bou=auth,dc=uni,dc=co,dc=uk
(uid=a3) returns
dn:
Hmm interesting, how were you able to divine that that is how we are storing
the has values...
-Original Message-
From: freeradius-users-bounces+lfross=ucdavis@lists.freeradius.org
[mailto:freeradius-users-bounces+lfross=ucdavis@lists.freeradius.org] On
Behalf Of Alan DeKok
To being with I'd like to put 'mail' or 'ou' into the Reply-Message
attribute - does anyone have any suggestions? (This is the first time
I'm
using LDAP, so please go easy if I've missed something obvious).
Map the attributes in ldap.attrmap.
Thanks for the prompt reply. I have put
Map the attributes in ldap.attrmap.
Thanks for the prompt reply. I have put something in there:
replyItem My-Email mail
and I've tried things like %{My-Email} ... but that didn't work.
If you have defined My-Email in freeradius then it will be
%{reply:My-Email}.
In
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 21/08/2009 21:15, John Morrissey wrote:
On Sun, Aug 16, 2009 at 10:11:02AM +0200, Alan DeKok wrote:
vol...@ufamts.ru wrote:
If home server does not respond, FR does not respond too - NAS repeats
request - FR writes request data to SQL again.
38 matches
Mail list logo