Hi,
Is this fix available now ? (freeradius server to read the change in
nas-table without restart)
Thanks.
what is your issue/problem - are you dealing with updated details of existing
NAS or NEW NAS devices
being added?
alan
-
List info/subscribe/unsubscribe? See
Hi,
hello freeradius.
I used my radius by using authentication type EAP-MD5, which is based on the
use of login and password.
Then I tried to use EAP-TLS. So I created the certificates and I modified the
file eap.con as follows:
surely eap.conf
yes, you have a missing closing bracket
I'd love to use inner-tunnel if I could get it to work.
so..whats the error then - radiusd -X - it should be quite obvious
Alan: I believe I posted the errors I have been getting. I have posted
the debug output in previous posts in this thread. If there is more
information that you think I
Matt Madrid wrote:
Alan: I believe I posted the errors I have been getting. I have posted
the debug output in previous posts in this thread. If there is more
information that you think I should be giving pleas le me know.
You were told what the problem is:
...
server inner-tunnel {
+-
Hello
I'm using freeradius 2.1.9
Trying to setup dhcp server. There is no problem with dhcp + rlm_perl.
But i want to speed up the server - do all the things with dhcp+rlm_sql. But
i'm complicated doing this.
For example, i need to parse several conditions, regarding to sql queries
results.
Hi,
Alan: I believe I posted the errors I have been getting. I have posted
no. ou just posted the debug output when a packet was received...not
the full debug output from server startup. big difference
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Rameshbabu Ragothaman rameshbabu.ragotha...@ibec.net writes:
Is this fix available now ? (freeradius server to read the change in
nas-table without restart)
Looks like I've expired the rest of this thread so this might have been
brought up before, but did you check out the
I thought I might share a configuration part that has proven useful for
us...
Based on the howto at http://wiki.freeradius.org/SQL_Huntgroup_HOWTO ,
we found that we might as well add the huntgroup name to the NAS table
when adding new NASes. No need to maintain two separate tables with the
NAS
i want to limit user's behavior, such as a username can login only once at
the same time...
1、modifiy default and inner-tunnel in
# Session database, used for checking Simultaneous-Use. Either the radutmp
# or rlm_sql module can handle this.
# The rlm_sql module is *much* faster
session {
I already wrote about this problem on this list. Please search before
asking...
Spacelee wrote:
i want to limit user's behavior, such as a username can login only
once at the same time...
1、modifiy default and inner-tunnel in
# Session database, used for checking Simultaneous-Use.
It should be done by NAS. For example PPPoE and PPTP have lcp packets, If no
response for some time from
client to NAS then NAS decides that session is down and sends acct-stop packet
to radius server. Radius
server sets the corresponding record to SQL session table.
Or there is another method:
Thanks for your help Alan
Although your hint was not quite right (the correct operator is :=) it
did point me in the right direction. The value stored in the database
for the check was in MB and the sql query in the counter.conf file was
summing accounting records which are stored in octets
sorry, does the radcheck.pl included in freeradius now? does you mean
/usr/sbin/checkrad ?
and i search the keywords Simultaneous mysql radius down , but found no
results i need.
2010/6/1 Anton w...@stack.ru
It should be done by NAS. For example PPPoE and PPTP have lcp packets, If
no
Hello all,
I encounter difficulties to check for a radiusgroupname via LDAP by not
using file /etc/raddb/users, as this seems to be difficult to avoid ldap
checks for anonymous identities if default config is modified.
I must service eap-peap and eap-ttls with mschapv2.
How can i make checks on
Yes, this is /usr/sbin/checkrad. Sorry for mistake.
You should read this script ...
Radiusd can be down or unrichable or packet can be loss. If You have NAS one of
this type You can specify
this type in clients.conf (nastype = cisco). After than radiusd should use
/usr/sbin/checkrad to check
Here we go again
1. add datetime column at the end of radacct table (name it for example
last_update_column)
2. edit queries in dialup.conf (for 2.x FR) or sql.conf (for 1.x FR) so
every update will update this column to (for example update radacct set
, last_update_column = NOW() ).
On Thu, 20 May 2010 10:43:14 +0300
Nikita Koshikov wrote:
Hello freeradius users/admins,
I'm trying to implement EAP-TLS authorization with freeradius and Active
Directory Certificates Service, but I'm stuck here...
With keys/certificates, generated with freeradius
Hi,
Although your hint was not quite right (the correct operator is :=) it
did point me in the right direction. The value stored in the database
for the check was in MB and the sql query in the counter.conf file was
summing accounting records which are stored in octets (bytes).
ah! well,
On Sat, May 29, 2010 at 10:42:06AM +0200, Alan DeKok wrote:
Even Apache reads the entire directory:
...
# Include the virtual host configurations:
Include /etc/apache2/sites-enabled/
...
So what's the solution? Why isn't this a problem for Apache, and is a
problem here?
It stands
On Tue, Jun 01, 2010 at 12:41:38PM +0200, Fred MAISON wrote:
I have not been able to place somthing like this in the post-auth
section of inner-tunnel ...
if ( %{control:Ldap-Group} == wireless ) {
noop
} else {
Fred MAISON wrote:
How can i make checks on ldap radiusgroupnale without using the user
file ?
Use attribute comparisons just like the users file.
I have not been able to place somthing like this in the post-auth
section of inner-tunnel ...
if ( %{control:Ldap-Group} ==
I surely misunderstand something : in my test :
User is found on ldap in group wireless, but (Ldap-Group != wireless)
evaluates to TRUE ...
NOTE : user has multiple radiusgroupname
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap]
Fred MAISON wrote:
I surely misunderstand something : in my test :
User is found on ldap in group wireless, but (Ldap-Group != wireless)
evaluates to TRUE ...
Err that's fairly broken right now. Try:
if (!(LDAP-Group == wireless)) {
...
The reasons for this
Thanks, Alan.
It seems to work with the following :
in sites-enabled/default :
post-auth {
if ( EAP-Type == Cisco-LEAP ) {
if (!(Ldap-Group == wireless)) {
fail
}
}
.
in sites-anabled/inner-tunnel :
post-auth {
Hi
My company has purchased a radius server for our hotpspot solution. What I
am trying to in my free time is put together freeradius to do what out
current server does plus small things here and there that would make our
lives a little better.
What I am struggling with are time based cards. I
Hi,
I am trying to set up freeradius 2.1.8 to authorize an user using LDAP
and to authenticate him using EAP. Every user in the LDAP-database and a
valid EAP-certificate should get access. If not in the LDAP-database the
user should be rejected.
If I only use EAP for authentication and
26 matches
Mail list logo