Hi,
I have seen the Changelog of release freeradiusd-2.1.7.
It says there is full support of 'CoA and Disconnect messages'.
My question is:
(i) Is it possible to send disconnect/COA message
internally from code?
(ii)If yes then how?
(iii)
Vijay Badola wrote:
I have seen the Changelog of release freeradiusd-2.1.7.
It says there is full support of ‘CoA and Disconnect messages’.
My question is:
(i) Is it possible to send disconnect/COA message
internally from code?
From C? Yes. The rest
Anoop C wrote:
Hi
We are running EAP-TLS authentication for office users using WiFi
network. This is a certificate based authentication and we are using Free
RADIUS.
I would like to know whether we can assign IP address dynamically to the
users through FREE RADIUS server ie RADIUS
Doc Phillips wrote:
I'm trying to prevent rogue devices from connecting to production and
obviously only allow valid users devices. The current setup states
members of domain computers or domain users are allowed to auth against
the radius server. Do you know if its possible through
You need additional attributes if you use vendor attributes. Special attributes
are related to the NAS you use.
The migration from MySQL to PostgreSQL is easy since there is th postgresql DB
schema in the instalacion sources (find some file with sql extension).
The use of a DHCP server
Okay, perfect that was part of the answer I needed, Thanks!
I guess I now have two more questions:
1. Is there a way to manually specify a proxy or Realm in the authorize
section?
2. Is there a way to modify the Realms file to find a realm find the realm
domain.name in from within
Hi,
Okay, perfect that was part of the answer I needed, Thanks!
I guess I now have two more questions:
1. Is there a way to manually specify a proxy or Realm in the authorize
section?
2. Is there a way to modify the Realms file to find a realm find the realm
domain.name in from within
1. Is there a way to manually specify a proxy or Realm in the authorize
section?
Yes.
update control {
Proxy-To-Realm := some_realm
}
2. Is there a way to modify the Realms file to find a realm find the realm
domain.name in from within user.domain.name. Whenever I try I only get
the
Alan Thanks for the quick reply.
I would like to have one more clarification.
Can we use IP addrss as Attribute value pair so that the RADIUS server
throws IPs dynamically to users after authentication.
Regards
Anoop
Anoop C wrote:
Hi
We are running EAP-TLS authentication for office users
Great I'll try the update control..
As for Realms file, I did try using prefix instead of suffix, but in the
case of username.domain.name, it says that the Realm is username and the
Stripped User name is domain.name
Thanks
Bob
On Tue, Oct 20, 2009 at 10:21 AM, Ivan Kalik t...@kalik.net wrote:
Alan Thanks for the quick reply.
I would like to have one more clarification.
Can we use IP addrss as Attribute value pair so that the RADIUS server
throws IPs dynamically to users after authentication.
Did you actually read the reply?
For WiFi authentication, you need a DHCP server.
Okay, just to update everyone and for others that might search this
mail-listing:
I have finally gotten it, using the code below in the authorize section I
can send host authentication to multiple proxies based on domain name
if ( User-Name =~ /^host\//i ) {
if ( User-Name =~
Hi,
if ( User-Name =~ /^host\//i ) {
if ( User-Name =~ /\\.first\\.domain$/i ) {
update control {
Proxy-To-Realm := first.domain
}
}
if ( User-Name =~ /\\.second\\.domain$/i ) {
update control {
Subject: RE: Ldap search and AD operations error
Leighton,
Try using ldapsearch in verbose mode (and debug mode) to get
more info from AD.
ldapsearch -v -h AD Server -D cn=account to bind dc=ad,
dc=hud, dc=ac, dc=uk -w password -x -b dc=ad, dc=hud,
dc=ac, dc=uk
Thanks Santiago and Ivan,
The schema of the database is in the source of instalation and I have create my
database in MySQL.
I think that lack documentation to work with freeRADIUS. The new version 2.x is
very different from early 1.x. So, how I said in the last post, the HOW_TO
about SQL is
INACIO ALVES wrote:
I think that lack documentation to work with freeRADIUS. The new version
2.x is very different from early 1.x.
And it contains a lot more documentation than 1.x.
So, how I said in the last post,
the HOW_TO about SQL is out-of-date. The tables has name/schema changed.
Radius 2.1.7 disponible for freebsd?
--
Att.
Alisson F. Gonçalves
Sistemas de Informação - UFGD
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I was going through FreeRadius1.1.8 code when i saw that unlike the SRC code
which is LGPL, EAP code is under GPL.
As per my understanding LGPL (and not GPL) is applicable to be freely
distributes as statically linked libraries and the files in ‘module’ folder
are protected by GPL as against
Divyank Rastogi wrote:
I was going through FreeRadius1.1.8 code when i saw that unlike the SRC
code which is LGPL, EAP code is under GPL.
You need to read the licenses to the source code you are using. In
this case, you haven't read them carefully enough.
The src/lib directory is LGPL.
On Tue, Oct 20, 2009 at 2:46 AM, Alan DeKok al...@deployingradius.comwrote:
Doc Phillips wrote:
I'm trying to prevent rogue devices from connecting to production and
obviously only allow valid users devices. The current setup states
members of domain computers or domain users are allowed
Oops, just a typo :)
Anyway I have tested it with one domains, (I will have more in the future)
but in theory it should work and my testing using RADNTPING and RADIUS -X
shows that it should.
Thanks
Bob
On Tue, Oct 20, 2009 at 12:36 PM, Alan Buxey a.l.m.bu...@lboro.ac.ukwrote:
Hi,
Just because RADIUS has an attribute defined, doesn't mean the NAS supports it for your use.
In general, the IP address assignment attributes are intended for use with NAS's that are point-to-point access routers where the address will be for an "unnumbered" connection, where the link level
Doc Phillips wrote:
I was thinking something along the lines of
--require-membership-of=domain\\ computers
--require-membership-of=domain\\ users. You can only access the
network if you're logging on from a valid machine with valid
credentials. Does that make sense or am I totally off?
Hello!
My user is inserted in group = my_pool in sql DB.
I try to use in my sites-enabled/default something like this
post-auth {
...
...
if ( SQL-Group == my_pool ) {
...
...
}
}
when my user comes I can see it :
Tue Oct 20 18:49:23 2009 : Info: [sqlauth]
user password i guess is same as System?
On Mon, Oct 19, 2009 at 11:49 AM, Alan Buxey a.l.m.bu...@lboro.ac.ukwrote:
Hi,
But I still got small problem, when i run in de debug mode i saw this
warning. I'm not fully sure what it asks me to do? Any advice on this?
its fairly clear isnt it?
I have a successful wifi captured portal system running with FreeRadius and
HP Procurve equipment. When I originally started learning how to build it,
I used WiFiGator as my first test case. When they set up that system, they
used both the Max-All-Session and the Expiration attributes for all
hello,
please i need to know how to call an external script one the users is
expired.
I got radius call an external script once the user is authenticated with
success by using the echo module, but now I need to call another script when
the user tries to connect after expiration date.
Any
hello,
please i need to know how to call an external script one the users is
expired.
I got radius call an external script once the user is authenticated with
success by using the echo module, but now I need to call another script when
the user tries to connect after expiration date.
Any
Alan DeKok wrote:
David Mitchell wrote:
I was searching back in the archives, and in September there was a user
who reported a problem with session resumption. I'm seeing the exact
same symptoms I believe, also on Debian 5.0 with OpenSSL 0.9.8g. I never
saw any follow up? Is there a fix known
Don't use User-Password at all. See man rlm_pap.
Ivan Kalik
Kalik Informatika ISP
user password i guess is same as System?
On Mon, Oct 19, 2009 at 11:49 AM, Alan Buxey
a.l.m.bu...@lboro.ac.ukwrote:
Hi,
But I still got small problem, when i run in de debug mode i saw this
warning. I'm
We sell our time in Day, Week and Month
increments, and the users are free to used the system as much as they want
during their time. My Question is, do I really need to use
Max-All-Session
if all I really need is a hard expiration date for my users?
You don't need Max-All-Session then.
please i need to know how to call an external script one the users is
expired.
I got radius call an external script once the user is authenticated with
success by using the echo module, but now I need to call another script
when
the user tries to connect after expiration date.
Where do you
Ok, we can see that because ###if ( SQL-Group == my_pool ) ### - so,
radius try to use new SQL query to sql DB.. But why? In this point
radius knows that user had been found in group my_pool - see ###point
1###.
And what if user belongs to more than one group? What value should
SQL-Group have
Hello
I store the expiration date as a radius attribute inside the LDAP (radius
profile object class).
But where I check this value and where i call the script? in which module?
The think is clear i do not know where to configure it, in which file. For
example, the echo module is clear, if
David Mitchell mitch...@ucar.edu wrote:
Alan DeKok wrote:
David Mitchell wrote:
I was searching back in the archives, and in September there was a user
who reported a problem with session resumption. I'm seeing the exact
same symptoms I believe, also on Debian 5.0 with OpenSSL 0.9.8g. I
Alexander Clouter wrote:
Make sure you 'git cherry-pick' the patches related to:
https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=15
https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=21
...if you are using a vanilla 2.1.7.
Thanks for the heads up. I'm currently in a testing phase,
Thanks Alan DeKok, but I have some questions.
So, how I said in the last post,
the HOW_TO about SQL is out-of-date. The tables has name/schema changed.
But I will have success.
All of this is documented in the config files.
I search in the config files but I don't find nothing about this
LinkedIn
Nelson Acero Fino requested to add you as a connection on LinkedIn:
--
Glen,
I'd like to add you to my professional network on LinkedIn.
- Nelson
Accept invitation from Nelson Acero Fino
But, how I said, I don't need proxy, Then I have commented the line proxy
proxy_requests = no
#$INCLUDE proxy.conf
... and broke the server (inner-tunnel processing). Well done! Now put it
back the way it was.
I read in the radiusd.conf
# The server has proxying turned on by default. If
39 matches
Mail list logo