Store them how, where, and for what purposes?
On 9/19/2011 23:07, Rajkumar balaji wrote:
Hi All,
I just want to store user details like, The user name is ABC and the user
belongs to XYZ group and PQR group.
Thanks
Regards
Rajkumar Balaji
--
View this message in context:
On Tue, Sep 20, 2011 at 1:07 PM, Rajkumar balaji
rajkumar.balaj...@gmail.com wrote:
Hi All,
I just want to store user details like, The user name is ABC and the user
belongs to XYZ group and PQR group.
LDAP/files/SQL/whatever? e.g.
Purpose is After the authentication i need to retrieve the group details
associated with this user and according to them I need to Authorize the
user.
Store it in FreeRADIUS (text file also fine) ( and I want to retrieve it
using JRADIUS API)
I am new to RADIUS concepts so, Please guide me to
uselessidbr wrote:
People, i've read a lot about the WIFI/AP authentication over Freeradius
using LDAP but it seems i cannot make it work unless i use clear-text
password or Nt/Lmpassword which as far as i know implies in Samba + LDAP
integration.
Christ Schlacta wrote:
I thought if you had a certificate signed by a trusted root CA, you were
good and didn't need to install anything on the client.
It's true that you don't need to install anything on the client. It's
*not* true that it's a good idea.
Alan DeKok.
-
List
Hello,
I need two FreeRadius Servers which have the same data consisted.
I'm testing on two Ubuntu 10.4 with freeradius 2.1.8.
My Cisco# asks the first and if the first is not available it asks the
second.
Is there any Information on this topic?
I use freeradius with mysql. is
Just ensure that they have the same config. If you want to use mysql then
master/slave replication would be a way of achieving that
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi All,
Thanks for helped me to Authenticate with FreeRADIUS. Now I am able to
authenticate successfully.
Please help me to resole with the following issue,
How to get authorize with FreeRADIUS?
Where to store the user group details and his permissions? (which file i
have to store it)
Thanks
Hello Guys
i have inherited the administration of a radius server, that
authenticate 900 PPPoE user on mikrotik box.
i've noticed that there is some performance problem, mikrotik box show
that last request RTT in some cases is up to 1000ms, there is some
resend request and also some timeouts,
I can not see its giving this error while starting. Do I have to change
installation directory or the library dirctory in the radiusd.conf?
[10:15:39.9] gmake[11]: Entering directory
`/home/network/Downloads/freeradius-server-2.1.12/src/modules/rlm_sql/drivers/rlm_sql_postgresql'
[10:15:39.9]
On 20/09/2011 11:38, denizaydin wrote:
I can not see its giving this error while starting. Do I have to change
installation directory or the library dirctory in the radiusd.conf?
[10:15:39.9] gmake[11]: Entering directory
Hello,
I have a script using radzap to zap clients. This script with
freeradius 1.1.7 worked, but since I updated to 2.1.10 it didn't work.
The command I run is:
root@vulpes21:~/scripts/radius# radzap -P 9937 -u user -N 10.57.112.8
localhost secret
radclient: Nothing to send.
Hi,
We are successfully running the following version on our network for our DSL
users.
FreeRADIUS Version 2.1.7, for host i686-redhat-linux-gnu, built on Mar 31 2010
at 00:25:31
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
FreeRADIUS was compiled with MySQL and
Giuseppe Marocchio wrote:
i have inherited the administration of a radius server, that
authenticate 900 PPPoE user on mikrotik box.
i've noticed that there is some performance problem, mikrotik box show
that last request RTT in some cases is up to 1000ms, there is some
resend request and
Sorry for that, I havent check the config output that's my fault. But 2.1.11
was working fine. Nevermind 2.1.12 is working now.
-
Deniz AYDIN
Senior Network Engineer
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/2-1-12-potential-problem-tp4811959p4822190.html
Sent
Thanks a lot James, thats solved my problem with the version 2.1.12
authorize {
Autz-Type PPPOE_SUBSCRIBER {
sql
if (notfound) {
update control {
Auth-Type := Accept
}
}
}
}
[sql] User ccotesist06adsl not found
Hi,
We have configured EAP-PEAP with freeradius, and forward MS-CHAP-V2 request
to a Microsoft NPS server. This works fine, but we now want to implement one
more Microsoft NPS server, so how do we define a second radius client. So
that if the first one fails, it will automatically try the next ?
Hi,
my problem: I use RADA on 2 lines of 3com switches:
- those with ComWare 5 expect Radius to return Tunnel-Medium-Type =
IEEE-802
- those with ComWare 3 expect Tunnel-Medium-Type = 802
Of course, in users, I can use only one of those values, as follows:
f0-0f-de-ad-f0-01 Cleartext-Password
Stanisław Kamiński wrote:
After looking at unlang man page - explains the basics, but show no
examples; radiusd.conf - still no examples; and googling - some
examples, but I counted 4 of them (maybe I searched the wrong way, but
see for yourself what does unlang examples yield) I decided to
oleaweel wrote:
Hi,
We have configured EAP-PEAP with freeradius, and forward MS-CHAP-V2 request
to a Microsoft NPS server. This works fine, but we now want to implement one
more Microsoft NPS server, so how do we define a second radius client. So
that if the first one fails, it will
On 20 Sep 2011, at 19:59, Stanisław Kamiński wrote:
Hi,
my problem: I use RADA on 2 lines of 3com switches:
- those with ComWare 5 expect Radius to return Tunnel-Medium-Type = IEEE-802
- those with ComWare 3 expect Tunnel-Medium-Type = 802
Oh wow, that's exceptionally retarded. Can you
Hi
I ma looking for an example to compare of a rad accept request for telkom
adsl as All of a sudden I have routers that do not auth and have throuput
issues.
regards
Hilton
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Don't. Fix the database so that it isn't too slow.
See the logs. If the DB is slow, the logs will usually say.
I have no slow queries on mysql-slow.log.
thanks
--
Lorenzo Milesi - lorenzo.mil...@yetopen.it
YetOpen S.r.l. - http://www.yetopen.it/
Via Carlo Torri Tarelli 19 - 23900 Lecco -
is the db on the same server as freeradius?
yes
there should be something on FR log file. If not, then run the server
in debug mode and see which part is slow or spitting out errors.
will try to look for something
--
Lorenzo Milesi - lorenzo.mil...@yetopen.it
YetOpen S.r.l. -
Lorenzo Milesi wrote:
Don't. Fix the database so that it isn't too slow.
See the logs. If the DB is slow, the logs will usually say.
I have no slow queries on mysql-slow.log.
Then it must be magic. Hire a wizard to fix the problem.
Something *you did* broke the server. Either say what
Then it must be magic. Hire a wizard to fix the problem.
Thanks, your sarcasm is really helpful!
Something *you did* broke the server. Either say what you did, or
good luck solving it yourself.
i.e. See the FAQ for useless comments like it doesn't work, which is
what your messages amount
there should be something on FR log file. If not, then run the server
in debug mode and see which part is slow or spitting out errors.
I ran in debug, and saw something which maybe could be wrong:
User-Name = MYUSERNAME
User-Password =
Lorenzo Milesi wrote:
Then it must be magic. Hire a wizard to fix the problem.
Thanks, your sarcasm is really helpful!
It seems to work better than honest suggestions. You've ignored those.
I *DID* say what I did: increased the amount of accounted users, nothing else.
The *default
Lorenzo Milesi wrote:
there should be something on FR log file. If not, then run the server
in debug mode and see which part is slow or spitting out errors.
I ran in debug, and saw something which maybe could be wrong:
User-Name = MYUSERNAME
User-Password =
On Tue, Sep 20, 2011 at 8:23 PM, Lorenzo Milesi
lorenzo.mil...@yetopen.it wrote:
there should be something on FR log file. If not, then run the server
in debug mode and see which part is slow or spitting out errors.
There are several reasons why I suggest you run the server in debug
mode (as
Hello.
Thanks for the answers.
I got no AD integrated with LDAP.
Is there any way i can convert an LDAP MD5/SHA hash to a NT hash password?
Thanks!
Alan DeKok al...@deployingradius.com escreveu:
uselessidbr wrote:
People, i've read a lot about the WIFI/AP authentication over Freeradius
On 09/20/2011 11:03 AM, GUSTAVO VIEIRA OLIVEIRA wrote:
Is there any way i can convert an LDAP MD5/SHA hash to a NT hash password?
one-way password hashes are called one-way for a reason :-)
To produce a password hash you must start with a cleartext password.
see also:
For one, it can show you which part is slow (is it really the db, or
is it something else). Another one is it can show relevant parts of
the config which can help others pinpoint the problem. Pasting only
PART of the debug log will only get you (at best) partial guesses.
Ok, I missed this, I
On Tue, Sep 20, 2011 at 10:22 PM, Lorenzo Milesi
lorenzo.mil...@yetopen.it wrote:
For one, it can show you which part is slow (is it really the db, or
is it something else). Another one is it can show relevant parts of
the config which can help others pinpoint the problem. Pasting only
PART of
The *default configuration* doesn't have the problem you described.
So... what did you change? adding users is *not* the answer I'm
looking for.
This radius has been successfully running for 4y now.
Problems raised since when we increased the number of users.
You edited radiusd.conf to
Your output does not look llike it comes from FR2's debug log.
This first debug log was a -x.
And yes, it's FR 1.1.7! (yes, could have said that before)
Let's say most of the problems come from a newly deployed nas.
Then start from there.
If the db is slow and FR is late to respond,
Lorenzo Milesi wrote:
Ok, I missed this, I thought was a suggestion to me :-)
http://paste.ubuntu.com/693812/
Ugh. Upgrade to 2.1.x.
Another weird thing I noticed is that as you can see at line 155 in the
middle of an Access-Accept report there's another rad_recv, like it's mixing
up
So, there's no other option to use LDAP database for radius authentication
for WIFI users (windows users) without the use of an AD or a 3rd party
supplicant?
Also, is there any howto that explains how i can get my setup to work with
NtPassword?
If i change my radius setup to work with
You can use LDAP without needing AD or some 3rd party supplicant on the OS ,
but as already said, you will need to have the password as nthash or cleartext.
Read the compatibility matrix
alan
--
Message may be brief as it has been sent from my mobile
-
List info/subscribe/unsubscribe? See
Hi Phil,
It's been a while since we did not receive feedbacks about that SoH and
DHCP enforcement. I am just wandering if you had some news about it.
Thanks!
On 11-07-20 2:36 PM, Phil Mayers wrote:
On 07/20/2011 06:07 PM, Francois Gaudreault wrote:
Hi,
I am trying to make the SoH
On 2011/09/20 05:22 PM, Lorenzo Milesi wrote:
Ok, I missed this, I thought was a suggestion to me :-)
http://paste.ubuntu.com/693812/
What is:
Can't connect to SNMP agent with SMUX: Connection refused
Is an SNMP connetion of some sorts not maybe slowing it down while
authenticating?
--
Hi,
I thought it might be useful for some users to add the
dictionnary.symbol file below :
VENDOR Symbol388
BEGIN-VENDORSymbol
ATTRIBUTESymbol-Admin-Role1integer
VALUESymbol-Admin-RoleMonitor1
VALUE
On 09/20/2011 06:15 PM, Francois Gaudreault wrote:
Hi Phil,
It's been a while since we did not receive feedbacks about that SoH and
DHCP enforcement. I am just wandering if you had some news about it.
Sorry; I've no time to look into it at the moment. Personal real-life
issues are consuming
Francois Gaudreault wrote:
I thought it might be useful for some users to add the
dictionnary.symbol file below :
Added, thanks.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
That's fine, I understand that.
On 11-09-20 1:56 PM, Phil Mayers wrote:
On 09/20/2011 06:15 PM, Francois Gaudreault wrote:
Hi Phil,
It's been a while since we did not receive feedbacks about that SoH and
DHCP enforcement. I am just wandering if you had some news about it.
Sorry; I've no
Hi,
Thanks for fast reply.
Just for information, I have not been working to much with FreeRadius:). I
have read the proxy.conf file but im having problems understanding the
configuration. When it say home_server is this a general name ?
If I understand correct i need to configure a
Hi,
Configure freeradius with his ldap module and a ldap server as openldap.
http://wiki.freeradius.org/Rlm_ldap could be a good start.
Fred,
2011/9/20, Rajkumar balaji rajkumar.balaj...@gmail.com:
Hi All,
I just want to store user details like, The user name is ABC and the user
belongs to
http://wiki.freeradius.org/Clients.conf
2011/9/20, Dagia Dorjsuren dagmi...@yahoo.com:
Hello all,
How to configure
multiple NAS (NAS-IP-Address) in freeradius? Which radius database's
table should I add NAS-IP-Address attributes?
Anyone advise me?
-
List info/subscribe/unsubscribe?
On Tue, Sep 20, 2011 at 1:47 PM, Rajkumar balaji
rajkumar.balaj...@gmail.com wrote:
Purpose is After the authentication i need to retrieve the group details
associated with this user and according to them I need to Authorize the
user.
Store it in FreeRADIUS (text file also fine) ( and I want
Hi,
I try to figure out how to make following configuration:
1. Three clients. (Two access points. NAS1, NAS2 and NAS3)
2. There is one, central freeradius server holding all acounts, for both
locations.
Now, what I try to do is to create accounts that are location
dependant... so account
Hi,
I try to figure out how to make following configuration:
1. Three clients. (Three access points. NAS1, NAS2 and NAS3)
2. There is one, central freeradius server holding all acounts, for three
locations.
Now, what I try to do is to create accounts that are location
dependant... so
Very true, thank you for pointing that out as well.
Note to anyone following:
If you use a certificate signed by a general authority (verisign for
example) then anyone with a verisign cert will be trusted in your place,
and able to authenticate your users, IE as a man in the middle.
They'll
nas1 == localhost
nas2 == 200.300.xxx.1
sqlippool
UserName NASIPAddress CallingStationID pool_key
user1 127.0.0.1 111.111.111.225
user2 127.0.0.1 222.222.222.224
user3 127.0.0.1 333.333.333.227
user4 login ...
user3
If you've got sufficient control over CPE and CPE is all sufficiently
capable, you should be doing EAP-TLS authentication anyway. if CPE is
compromised, you can simply reflash, replace the credentials, and revoke
the old ones.
On 9/20/2011 04:18, Raz Muhammad wrote:
Hi,
We are
54 matches
Mail list logo