On Fri, 17 Jun 2005, Graham, Robert wrote:
Dustin,
Thanks for the response. I was kind of wondering if the location of the
group in Active Directory was an issue. But that brings up another
question. Doesn't a ldapsearch use the basedn as a starting point? If
instance, I have the basedn
rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=mem
users,dc=mem-ins,dc=com' radius_xlat:
'(|((objectClass=GroupOfNames)(member=CN=Rgraham,OU=Columbia,OU=MEM
Users,DC=mem-ins,DC=com))((objectClass=GroupOfUniqueNames)(uniquemember=CN=Rgraham,OU=Columbia,OU=MEM
On Thu, 16 Jun 2005, Lucas Aimaretto wrote:
Ok, but ... my sql server is a Pentium IV with 512MB of
RAM. How can it be possible ?!
shrug Go figure it out. I don't run your SQL server, so
I don't know.
I know you are not running my SQL server. I was just asking because some
may
If you control the Cisco modem bank and the RADIUS server, then you
can configure the RADIUS server to send the right attributes back to
the Cisco bank.
It SHOULD do this by default. Also, consult the Cisco documentation
to see what attributes it needs to establish a PPP
Never used EAP, but perhaps this will be helpful.
rlm_ldap: - authorize
rlm_ldap: performing user authorization for unrzwlan1
radius_xlat: '(Userid=unrzwlan1)'
radius_xlat: 'ou=AAAuser,o=Universitaet Erlangen-Nuernberg,c=DE'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got
Correct, it is unable to find the user. When set at a higher context I
receive the following error:
rlm_ldap: performing search in o=wheaton, with filter (cn=testacct)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
My ldap config is as follows. If I
Correct, it is unable to find the user. When set at a
higher context I receive the following error:
rlm_ldap: performing search in o=wheaton, with filter (cn=testacct)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
My ldap config is as
Try this.
huntgroups
diegem NAS-IP-Address == 10.5.x.x
diegem NAS-IP-Address == 10.5.x.x
diegem NAS-IP-Address == 10.5.x.x
brusselsNAS-IP-Address == 10.2.x.x
users file
#note: there is no default auth-type = system here
DEFAULT Group ==
I have a second issue with this in that the users file has a defulat
reject if the group is not matched. This also is not being used
correctly by freeradius. The user defaults into that if there group does
not match but does not get rejected.
I have never noticed any problems like that
Hello RADIUS-people!
In my radius server I have a certain NAS defined in the clients.conf
file as (example) :
client 1.1.1.1{
shortname = one
secret = oneone
}
and the same NAS in the proxy.conf file like this :
realm one{
type = radius
authhost = 1.1.1.1:1812
On Wed, 8 Jun 2005, Matt McFarlane wrote:
Is it possible to specify the basedn above where the users are actually
located and have freeradius find the user in a subcontext? For instance
if my ldap is setup as ou=users1,ou=loc1,o=org and
ou=users2,ou=loc2,ou=o=org can I specify basedn=o=org
On Fri, 10 Jun 2005, [ISO-8859-1] José Berenguer wrote:
Hello! Anyone can tell me where can I find some instructions about how
to configure the default LDAP-GROUP option in the file USERS?
Thanks.
doc/rlm_ldap
doc/ldap_howto.txt
-
List info/subscribe/unsubscribe? See
On Tue, 7 Jun 2005, Simone Giovanardi wrote:
Hi,
How can I configure FreeRADIUS to assign IP address dinamically with Ip
Pool when there is a successful authentication from Cisco 7200 access
server with FreeRADIUS 1.0.0?
Like this it works sending out only 2 ip address...always
On Tue, 7 Jun 2005, N White wrote:
Well, thanks for the input. With MySQL, 1500 users is easier to
maintain. Perhaps I should just run a second FreeRADIUS server for the
second NAS. It means more equipment, but whatever it takes.
-Nick
You don't need to do that, you can do it with SQL in
On Mon, 6 Jun 2005, Simone Giovanardi wrote:
Hi,
How can I configure FreeRADIUS to assign IP address dinamically with Ip
Pool when there is a successful authentication from Cisco 7200 access
server with FreeRADIUS 1.0.0?
Like this it works sending out only 2 ip address...always the
On Wed, 25 May 2005, alan walters wrote:
So I have groups working fine now if the client is in a group all is ok.
as per the example below the client is not in a group. At the bottom is
the users file.
Is there a reason why the client does not get a accept-reject
rlm_ldap: Entering
Hello friends --
We've been steadily running a kerberos-enabled freeradius server here for
several years now and everything has been working perfectly. We have
several devices that use it for authentication, such as the VPN and modem
pool. These are services where anyone with an account in
huntgroups:
testgroup NAS-IP-Address == 10.0.0.1 (for the purpose of this
exercise, my test client)
User-Name = randomuser,
Sorry for the confusion. I'm wanting it so that only users in the
huntgroups file are able to authenticate from a
On Tue, 24 May 2005 [EMAIL PROTECTED] wrote:
On Tue, 24 May 2005, Dustin Doris wrote:
DEFAULT NAS-IP-Address == 10.0.0.1, Huntgroup-Name != testgroup,
Auth-Type := Reject
Fall-Through = no
DEFAULT Auth-Type := Kerberos
...
Thanks for your quick reply, Dustin. I gave
On Thu, 19 May 2005, alan walters wrote:
Please post radiusd -X output. Specifically the part on ldap searches and
where the USERS file is matched.
Relevant part of radius -X
(auth is successful and group correct)
clipping most of it for readability
rad_recv: Access-Request packet
On Thu, 19 May 2005, alan walters wrote:
I am attempting to work this out. I have the following set in my modules in
ldap of the radiusd.conf
groupname_attribute = cn
groupmembership_attribute = radiusGroupName
I have this in my users file.
DEFAULT Ldap-Group == lisdoonvarna
On Thu, 19 May 2005, Thomas Boutell wrote:
Dustin Doris wrote:
Check out exec echo in radiusd.conf. That is an example using exec to run
a script.
Read variables.txt in doc/
For your first script, make it this.
#!/bin/sh
printenv /tmp/example
It passes all the variables
On Wed, 18 May 2005, John Sorel wrote:
I was able to get both the group and user authenticated on
the Radius server now but there is no matching of the user
to the group.
This user can login using any group, not just the one I want
them to use.
How does the radius server match / check the
On Wed, 18 May 2005, Dustin Doris wrote:
On Wed, 18 May 2005, John Sorel wrote:
I was able to get both the group and user authenticated on
the Radius server now but there is no matching of the user
to the group.
This user can login using any group, not just the one I want
them
On Tue, 17 May 2005, Angel L. Mateo wrote:
Hello,
I run freeradius server (1.0.2) with ldap support in a debian sarge
server. Last days I'm having the error message Error: Dropping
conflicting packet due to unfinished request a lot of times and the
server dies too frequently.
On Tue, 17 May 2005, vicky wrote:
Hello guys and girls,
I have a small quick question. Is the attribute Acct-Session-Id (number
44) modifiable manually (can I set it to what I want)? If so where
should it be modified (in witch file)?
What do you mean by modifiable?
Acct-Session-Id is sent
On Mon, 16 May 2005, Bartosz Jozwiak wrote:
Hello,
Is it possible to restrict users to login only to
specific nas client?
So if they use different nas their login should be rejected.
Thank you in advance.
Bartosz
users file could look like this.
someuserNAS-IP-Address ==
not have
matched according to your huntgroup definition.
Or just try this.
$ printf User-Name = mytestusername\nUser-Password =
\nNAS-IP-Address = 192.168.2.1\n | radclient localhost auth
yoursecret
Dustin Doris wrote:
On Wed, 11 May 2005, Julien freeradius wrote:
Hello,
I
on and whether or not that
was set.
Quoting Dustin Doris [EMAIL PROTECTED]:
On Tue, 10 May 2005, Andrey wrote:
Hi List,
I have a question about Auth-Type = System. I have several accounts that
need to be authenticated through System and it works great as long as
the IP is assigned
Great.
On Thu, 12 May 2005, Andrey Furukin wrote:
Dustin, I appreciate your help, but everything is working fine now, so you can
drop the issue, okay?
Thanks.
Andrey
Quoting Dustin Doris [EMAIL PROTECTED]:
On Thu, 12 May 2005, Andrey wrote:
Not to be mean or anything, but you
On Tue, 10 May 2005, Andrey wrote:
Hi List,
I have a question about Auth-Type = System. I have several accounts that
need to be authenticated through System and it works great as long as
the IP is assigned dynamically. As soon as I switch an account to static
IP, it authenticates but does
On Wed, 11 May 2005, Julien freeradius wrote:
Hello,
I would like to set freeradius to send a PPP like configuration if the
request come from a nas and a VPN style configuration if coming from
another NAS. More or less like that :
huntgroups file:
PPPNAS-IP-Address == 192.168.2.1
Hello,
when trying to execute some script on each user login attempt using
local DB everythings works as it supposed to do. But if using another
RADIUS server as specifying to use the previously mentioned DB (like
remote DB), getting the following errors in the log file:
Error:
On Mon, 2 May 2005, Vladimir Vuksan wrote:
I have a set up with LDAP backend and a Chillispot run unencrypted
network and WPA running off a WRT54G wireless router. Accounting works
like a champ coming from the Chillispot network however it doesn't work
at all coming from WRT54G. I look
On Mon, 2 May 2005, Sarkis Gabriel wrote:
Hello All,
At the moment i am running a local radius server on one of my pops, and
the business is expanding steadily and we are going to have multiple pops.
All pops are linked to a Satellite Dish with a 550ms Delay to the provider,
I am looking
On Mon, 2 May 2005, Sarkis Gabriel wrote:
Hello All,
At the moment i am running a local radius server on one of my pops, and
the business is expanding steadily and we are going to have multiple pops.
All pops are linked to a Satellite Dish with a 550ms Delay to the provider,
I am looking
On Mon, 25 Apr 2005, Mike Cisar wrote:
I have been trying to troubleshoot a RADIUS issue with my upstream provider.
We've recently started seeing places in our accounting logs where we are
receiving 5 start and 5 stop packets for each caller.
They have told us... ... This proves, at least
Hi all,
I have a freeradius configured with postgresql , both are work well.
Because we have two groups of users in two different authentication tables
in the DB, and I want freeradius will check both table when it get
access-request.
My question is in the configure file
On Fri, 22 Apr 2005, richard lucassen wrote:
I have a simple RADIUS auth server with an LDAP as backend on the same
machine for some realms. When authenticating with a BAD password, the
LDAP rejects the authentication, but the radius sends its reject after
the max_request_time (5 secs)
Why
Hi,
I really don't know what i'm doing wrong. Probably I have misunderstood
something. I'm using ttls/md5 authentication it's working fine and I get an
ip address from a dhcp server.
To get the ip address from an ippool I have made the following
configurations:
- user file:
user_name
On Wed, 20 Apr 2005, Andre Herkenrath wrote:
Hi,
I looked at a few things:
1. the authorize section contains ldap
2. I bind with an existing user
3. I want to return Filter-Id and this is in teh ldap.attrmap
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
Thanks for the help! Once I created the file and just add the secret my
command executed and is now populating my secondary accounting server with
data. The key for me was finding out that I need the file with the secret in
it instead of trying to pull it from a clients.conf file on either
Hi!
I am using freeradius 1.0.1 with an openldap backend (2.1.30). Therefor
I am using the ldap.attrmap for mapping ldapentries to radiusattributes.
Everything is configured correctly, mapping works. For example, I added
a radiusAuthType with value REJECT and I couldn't authenticate. Even
Hi
Thxs for the fast reply!!
Ok, user steve (the one with the Auth-Type := Local) exists only for
testing purposes. With user-data in die local users file, the
nas-identifier works
So, I don't know why radius ignores my ldap data ...
Its not ignoring it, I think you just aren't
Dustin any input on this one?
Maqbool Hashim wrote:
Hi there,
I've finally come to a decision as to what sort of backend we're going
to use. Thanks for all the discussion it was very helpful in coming
to the final decision. Heres what I'm going to go with:
Use the UNIX
Hello,
I need to perform a quick test to check the authentication mechanisms
against a simple script written in Perl. Please, could you suggest a
quick config lines to set-up Radius to authenticate against script.pl?
Script.pl takes 3 input parameters (user, passwd and nas-ip) and upon
Ldap will provide that feature for you. An openldap acl might look like
this.
access to attr=userPassword
by self write
by anonymous auth
by * none
access to dn.one=ou=useraccounts,dc=yourdomain,dc=com
by self write
by
Dustin Doris wrote:
If you are going to be using an external perl script, I'd recommend using
rlm_perl. You need to build with experimental modules. Read
experimental.conf and look for the perl section. Then read example.pl in
src/modules/rlm_perl/example.pl
Thanks a lot for your
for us, as it doesn't
require any addtional server software, fast etc.
However I'm not too familiar with db and whether it would be easy to
acheive the same thing, i.e. users be able to change their own record in
the dbm users file.
Any ideas?
Dustin Doris wrote:
Ldap will provide
to have a weak link somewhere huh?
Unfortunately. Anytime something has to be publicly available, there is
bound to be a hole somewhere.
Dustin Doris wrote:
dbm would be very fast and simple. I've never used it directly though, so
I can't provide any help. Openldap does use berkerly db
Juan Nin [EMAIL PROTECTED] wrote:
I have another radius running freeradius-0.9.3 on other server which is
executing external scripts, so I guess the bug wasn't present on
previous versions
would it be to crazy to downgrade?
I would suggest using the fixed code from CVS. You should
On Apr 4, 2005 10:14 PM, Alan DeKok [EMAIL PROTECTED] wrote:
Mon Apr 4 12:15:58 2005 : Error: Dropping conflicting packet from
client XXX:1645 - ID: 103 due to unfinished request 221
Your database is too slow, or your NAS is too fast.
mmhhh, database seems ok, I'm not having
I have quite a few lines in my users file that match based on
Ldap-Group, and for each comparison, I see radius queries the ldap
server. Would it be possible to do one ldap lookup for day
'radiusGroupName' at the beginning of the hints file and store the
result in a variable that can then be
Does someone have a good howto on setting up Radius to make use of an LDAP
group. I read the ldap docs at freeradius.org and that seemed like
overkill I just want to have a group and put the user in the group to give
them access?
Say you have two groups, one that has access to dial and one
On Tue, 29 Mar 2005, Jarred Cleem wrote:
Thanks Dustin Doris for your reply. I seem to be missing something
because I can not get it to work like you mentioned. Let me provide
some data and config info in hopes that you might be able to help
further. What I am hoping
If you are setting session-timeout to .4 minutes, then the NAS will
disconnect the user at that time. However, you'd probably know if you set
that up.
If you don't send a session-timeout, then the problem is either your NAS
is disconnecting the user for some reason, or the modem is dropping
Dustin Doris [EMAIL PROTECTED] wrote:
Kostas is correct, but if you really need to use Client-IP-Address for
some reason, then add it to ldap.attrmap as a reply item.
Where it will do *nothing*. Absolutely and totally *nothing*.
It's not a real RADIUS attribute, so it will never go
Not sure how to ask my next question so I will try my best. We have
some users who receive static IP addresses and other special attributes
that are unique to only that user. Then we have some who receive the
same attributes and attribute values as the next person. The big
difference is
Can someone send me a sample of a php login page that hits the freeradius
server? I have the server running with mysql as the db backend and it is
working just fine. Now I need the php code calls the radiusd process and
returns the results (which I will forward to an Access Point).
Never
On Tue, 15 Mar 2005, [iso-8859-1] Ernesto Freyre Ramírez wrote:
Hi, Please I would want to consult about the use of NAS-Port-Id parameter
coming from the NAS, my NAS Server is not sending this parameter, I would
want to know If I could to replace this with the NAS-Port for using this in
the
On Mon, 14 Mar 2005, [iso-8859-1] Benoît Bianchi wrote:
Im desperately trying to get LDAP attributes sent back to NAS without any
success...
I've add RADIUS-LDAPv3.schema to my LDAP schema, and set radiusClass
attribute for my test user.
I can do successful authentication but the value of
On Mon, 14 Mar 2005, Jeff wrote:
Ever since using freeradius on our FreeBSD machine, we have had
problems with what appears to be a caching issue with the users
file. For example.
#put on hold for non-payment. 12/7/04
user1 Auth-Type := Reject
#put on hold for non-payment.
Post radiusd -X
On Tue, 15 Mar 2005, Peter Nitschke wrote:
Anyone?
*** REPLY SEPARATOR ***
On 9/03/2005 at 10:13 AM Peter Nitschke wrote:
I have an old Freeradius 0.8.1-1 server on RH 7.2 which I wish to upgrade
to 1.02 on Whitebox EL3.1
Freeradius is just being used
Hi,
I have a problem with Accounting-script-execution in raddb/acct_users :
--
DEFAULT Acct-Status-Type == Stop
Exec-Program = echo PRUEBA /home/pru.txt
--
I don't know if you can do it like that. You could try writing a script
such as this.
#!/bin/sh
/bin/echo PRUEBA
On Sun, 6 Mar 2005, Jarred Cleem wrote:
Hello all;
I am tying to put together an openLDAP/FreeRadius implementation for a
multitude of services we provide. We are currently providing high speed
cable modem services, local dial-up, national dial-up, Motorola Canopy
Wireless, DSL,
On Wed, 2 Mar 2005, Nick Bright wrote:
Although I just had a thought. I can put the unix Crypt()'d password in
the database if I use Password-Crypt (I think that's the flag, I'll look
in the docs, I know I've seen it).
If you have access to the /etc/passwd and can get the crypt passwords
On Mon, 28 Feb 2005, Chan Min Wai wrote:
Greeting,
If any of you can remember, I do say that once, would like to user
omshell + freeradius so that freeradius can control the dhcp server to
control the ip address allocation and release.
I know the place to put such shell script is in post
On Sat, 26 Feb 2005, Alexander M. Pravking wrote:
On Fri, Feb 25, 2005 at 02:26:12PM -0500, Dustin Doris wrote:
Is there a way to specify different operators when adding something to the
$RAD_REPLY hash?
Such as.
$RAD_REPLY{'Attribute'} = += Value;
Currently, no. But you can try
On Fri, 25 Feb 2005, Vincent Chen wrote:
I do have the following configuration in postgresql.conf
default_user_profile = DEFAULT
query_on_not_found = yes
Do I need other options?
In /etc/raddb/users, I have this profile:
Presario 2135AD EAP-Type := EAP-TLS,
I am having issues with customers dialing up, connecting, and going
through the whole process. It appears as if they connect, but 1 second
later, they are disconnected. Ive stopped and started FR. Ive rebooted
the server. Ive rebooted the RAS. Looks like about 50% of my users are
having
Is there a way to specify different operators when adding something to the
$RAD_REPLY hash?
Such as.
$RAD_REPLY{'Attribute'} = += Value;
Thanks
Dusty Doris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi, Dustin
You are absolutely right. There are no matched profile in /etc/raddb/users
file
after NAS-IP-Address changed to 10.1.3.5. In my case, freeradius let user in.
It solve after I add the following DEFAULT profile to /etc/raddb/users file.
DEFAULT Auth-Type := Reject
I
On Wed, 23 Feb 2005, Vincent Chen wrote:
Thanks for your response. I am sorry that I didn't make myself clear. For
account Presario 2135AD, I first created this profile:
Presario 2135AD Auth-Type := EAP, NAS-IP-Address == 10.1.2.5
Session-Timeout = 300
As we
On Wed, 23 Feb 2005, Peter Kolbe wrote:
Hi I currently have clients on a wireless connection to us. I wish for
their traffic to be passed through a linux box (or cisco), and it will
ask them for their username and pass, which will be compared with
freeradius, and if accepted, then they will
On Wed, Feb 23, 2005 at 08:22:21AM +1100, Michael Mitchell wrote:
From: Michael Mitchell [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Subject: Re: Grouping accounts
Date: Wed, 23 Feb 2005 08:22:21 +1100
I'm not sure that Steven ever mentioned that his user database is
On Fri, Feb 18, 2005 at 12:32:54PM -0500, Alan DeKok wrote:
From: Alan DeKok [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Subject: Re: Grouping accounts
Date: Fri, 18 Feb 2005 12:32:54 -0500
Steven Wayne [EMAIL PROTECTED] wrote:
joeuser logs into the system and is
Hi, all
I don't want my user get a certificate from me and have access to all of
our AP. I already tried to add NAS-IP-Address,NAS-Identifier as check
item but none works. No mater which AP I assign as check item for
certificate, They still have access to all our access points. It is not
Hi,
Currently our users log on to our system and are authenticated by the
Radius server. Then, when they access a server, they log in with local
user accounts.
Sometimes these accounts are the same name as the Radius account they
logged into originally, but not always.
Is it possible,
On Fri, 18 Feb 2005, E L wrote:
I'm new to LDAP and Freeradius.
I'm trying to find out if there is a way to configure Freeradius to get
information from the LDAP database and assign it to one of the radius
atributes(like Framed-IP-Address and Framed-IP-Netmask) for a uids that have
any of
On Wed, 16 Feb 2005, Drew Weaver wrote:
Ack, I got this all working then I realized that freeradius doesn't log
proxy requests..
...
Actually, it can.
Download the most recent version of freeradius. In the radiusd.conf file,
check out the section on detail pre_proxy_log. That will do
I was wondering if you can add multiple check-items to huntgroup lines,
besides Nas-Port-Id. Right now, it appears to be working for me, with
Nas-Port-Type.
Using something like this
dialNAS-IP-Address == 127.0.0.1, Nas-Port-Type == Async
isdnNAS-IP-Address == 127.0.0.1, Nas-Port-Type
Greeting,
I've been trying to work out a way to disable unpaid users with a
single disable radiusGroupName. But the doc and the resources is limited
and I don't even see radiusGroupName in the log so I think it is not
working with my configuration.
I would like to know how to
On Tue, 15 Feb 2005 [EMAIL PROTECTED] wrote:
Hi List,
It is possible to configure freeradius like that, that all successful
authetication will be captured in a file (with username and if it is possible
also the pw or other informations)?
Thanks for your help.
Best regards,
Daniel
On Mon, 14 Feb 2005, Joe H wrote:
On Sat, 12 Feb 2005, energy wrote:
Sorry, I'm just a lurker on this list and certainly no expert. However, last
time I saw someone mention this issue it had to do with log rotation. Check
to make sure logs are not being rotated every hour.
Anyway,
On Mon, 14 Feb 2005, Dustin Doris wrote:
On Mon, 14 Feb 2005, Joe H wrote:
On Sat, 12 Feb 2005, energy wrote:
Sorry, I'm just a lurker on this list and certainly no expert. However,
last
time I saw someone mention this issue it had to do with log rotation.
Check
That line below means if the client is not 1.2.3.4, then reject.
On Tue, 1 Feb 2005, Cris Boisvert wrote:
Does this mean... the client ip has to be 1.2.3.4 if not reject
Or if the client ip is this reject?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
rlm_ippool requires that the packet contain NAS-IP-Address and NAS-Port.
Are you sending those attributes?
If not, you may need to modify rlm_ippool to uniquely identify a user by
something else.
On Wed, 2 Feb 2005, Michael Kopp wrote:
Hi all,
sorry to bother you, I searched all on google
how to use it. You will set it
up to send to a certain server, so in your case you just point it at your
master accounting server. The replication setup between your master and
slave sql database will take care of replicating the data to the slave.
- Original Message -
From: Dustin
Hello,
I have problems on FC1 freeradius 0.9.3 on failover and mysql db's. I use two
mysql db's replication. One master db and slave db.
So when master is down freeradius server go on on the second slave db whit
accounting.
So i think there is a bug in version 0.9.3 or
Hello Freeradius users,
Have anyone a good example of failover mysql config (radiusd.conf)?
I want to use SQL1, if it's down, try SQL2.
I reed the configurable_failover document but it don't work, or not
understanding.
If now one of my mysql server go down, radius server work slow and
Hi,
I am a newbie when it comes to radius. I need more security, eg: setting up
vpns for each authenticated groups. How do we set it up. The reason is , that
each group gets the same iprange, and then they can get into each others
personal files. Please Help
Regards
Zaine
Since you
I'm sorry to Bring this up again... somehow I'm not getting this to work.
I have this in the huntgroup and users file.
When I check off either of the 2 nas's I get an good authentication but no
Attributes back.???
This is all I have in each file Nothing else.
Huntgoup File
Do you have nostrip setup in proxy.conf to not strip the username? Please
post debug info (radiusd -X).
On Fri, 28 Jan 2005, Israel Fabio Alves wrote:
I do not know right if is a problem of freeradius, it is possible that
is my configuration.
When I do a test using just the user and
.
Dustin Doris wrote:
Do you have nostrip setup in proxy.conf to not strip the username?
Please
post debug info (radiusd -X).
On Fri, 28 Jan 2005, Israel Fabio Alves wrote:
I do not know right if is a problem of freeradius, it is possible that
is my configuration
assistance,
~Brandon
-Original Message-
From: Dustin Doris [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 25, 2005 6:53 PM
To: freeradius-users@lists.freeradius.org
Subject: Re: Active Directory and FreeRadius
Hello all,
I am trying to configure FreeRadius to auth against
Hello all,
I am trying to configure FreeRadius to auth against Active
Directory. I was wondering if anyone on the list has done this successfully.
I thought the best way to go was to connect to A.D. as if it was an LDAP
server, (please let me know if there is a better way).
Any
Hello, freeradius-users.
I have following entry in the users file:
bob User-Password == bob
Cisco-AVpair = access-list 188 deny ip any any,
Fall-Through = YES
radreply log saying that all ok:
Packet-Type = Access-Accept
Fri Jan 21 17:55:56 2005
Service-Type =
On Thu, 20 Jan 2005, Rad Adm wrote:
I want to limit the users so that multiple logins are not allowed
using a single account.
At our company we have ( proprietary ) server which forwards
authentication requests to radius which is configured to query Mysql
and confirm the user credentials.
Why doesn't everyone just setup redundant radius servers so you can afford
to HUP a server or even take one offline for a bit? It seems that would
be best practice anyway. Freeradius is very stable from my experiences,
but I can't say the same for some of the hard drives I've had in our
Hi,
how can i manage to accept two kind of users:
the first:
premium, may login from serverA and serverB
the second:
normal, may only login from serverB
I thought to manage this by huntgroup-file:
huntgroup-file:
premiumNAS-IP-Address ==
1 - 100 of 228 matches
Mail list logo