Re: post-auth problem after update from 2.0.4 to 2.1.10

Am 16.04.2012 22:40, schrieb Matthew Newton: On Mon, Apr 16, 2012 at 10:00:03PM +0200, Gerald Krause wrote: Please use 2.1.12. It's better. I'll check that suggestion. In the moment this is a plain apt-get install/update/upgrade Debian box that comes with 2.1.10 (don't blame me

post-auth problem after update from 2.0.4 to 2.1.10

Hi, after upgrading our server from 2.0.4 to 2.1.10 we see a change in the auth logic - e.g. when processing proxied requests to a home server and their replies. We need this feature to append some special attributes to the accept-packet from the home server before sending it to the NAS. 1) Our

Re: post-auth problem after update from 2.0.4 to 2.1.10

Am 16.04.2012 21:22, schrieb Alan DeKok: Gerald Krause wrote: after upgrading our server from 2.0.4 to 2.1.10 Please use 2.1.12. It's better. I'll check that suggestion. In the moment this is a plain apt-get install/update/upgrade Debian box that comes with 2.1.10 (don't blame me

Re: Cisco VRF + Radius

Francesco Cristofori schrieb: Hi all, anybody has experience in setting up FR to support IP VRF for cisco equipments? Can you point me to some clear and simple configuration guide for doing that? Putting a User into a certain VRF is quite simple: vrfuser User-Password == topsecret

Re: Adding 2 or more Framed-Routes

On Wednesday 29 March 2006 21:15, Brent wrote: Anyone know the correct way to add more then 1 framed-route? Here is what is setup now and this works. af_user Service-Type = Framed-User, Simultaneous-Use=1 Framed-IP-Address = 206.40.yyy.yyy, Framed-Route = 206.40.xxx.xxx/29 206.40.yyy.yyy 1,

Re: Monitoring FreeRadius with WhatsUp! Professional

Am Mittwoch, 28. September 2005 13:57 schrieb Matthew Anderson: Are there any freeradius users out there that are using WhatsUp! to monitor there freeradius server? I am trying to set it up but I am unsure what to use for the send/expect statements. Any help would be greatly appreciated. I

Re: Cisco Privilege Level

Am Dienstag, 20. September 2005 20:13 schrieb Ryan Sharpe: Hello all, I'm having a problem getting users to default to the right privilege level. aaa authentication login default group radius local aaa authorization exec default group radius local radius-server host xx.20.xx.xx auth-port

Re: Service-Type: Outbound vs. Outbound-User

Am Samstag, 9. Juli 2005 01:44 schrieb Alan DeKok: Gerald Krause [EMAIL PROTECTED] wrote: we have only cisco NAS's in production and all the examples on cisco.com using outbound. They also give ACS in their examples. Does that mean you use ACS? do not misunderstood me: i'am not using

Re: Service-Type: Outbound vs. Outbound-User

Am Samstag, 9. Juli 2005 18:31 schrieb Dusty Doris: The names are IRRELEVANT. The dictionaries matter only to the RADIUS server and it's configuration files. I could rename all of the attributes valuess to random words from the dictionary, and it would make *no* difference to the

Service-Type: Outbound vs. Outbound-User

hi, according to rfc2865 value 5 of attr 6 should be named Outbound and not Outbound-User (if i have read the rfc well) and that causes all my dial-out's fail after installing v1.0.4 because all users where configured with Outbound. even though fixing was dead easy - have i misunderstood the

Re: Service-Type: Outbound vs. Outbound-User

hello alan, Am Freitag, 8. Juli 2005 22:37 schrieb Alan DeKok: Gerald Krause [EMAIL PROTECTED] wrote: according to rfc2865 value 5 of attr 6 should be named Outbound and not Outbound-User (if i have read the rfc well) and that causes all my dial-out's fail after installing v1.0.4 because

Re: Cisco 2610 and freeradius-mysql..

[EMAIL PROTECTED] wrote: Hi I'm using freeradius + mysql and two cisco access server (2610 and 5300). I have group default defined on my database with an entry to Called-Station-Id that look like this: ++---+---++-+ | id | GroupName | Attribute | op

Re: Still problems with usernames containing % ?

Alan DeKok wrote: Gerald Krause [EMAIL PROTECTED] wrote: Are there still problems in v1.0.1, when using usernames like user1%test: I've put a fix into CVS, and will also put it into 1.0.2. It's not *perfect*, but it will now avoid 99.999% of the cases people care about. Ok, I'll try it. Thx

authentication logging not working?

Hi, I miss extended authentication logging lines when starting radiusd with -yz (ver 0.9.3): --- snip --- Mon Jun 7 12:53:01 2004 : Info: Using deprecated naslist file. Support for this will go away soon. Mon Jun 7 12:53:01 2004 : Info: Using deprecated clients file. Support for this will go

Re: authentication logging not working?

Gerald Krause wrote: Hi, I miss extended authentication logging lines when starting radiusd with -yz (ver 0.9.3): sorry - please forget this stupid question... radiusd.conf... ;). - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: user with more tha one NAS Server

My question is, is there a better method to do so ? Can I give a user more than one NAS-IP-Address option ? For example: user Auth-Type:= Local, User-Password == **, NAS-IP-Address == 1.1.1.1 , NAS-IP-Address == 1.1.1.2 Maybe you can use one regexp (=~) instead of multiple plain compares (==).

Re: Cisco config to use two radius servers

hi rob, try this: radius-server host [ip-first-auth] auth 1812 acct 0 radius-server host [ip-fallback-auth] auth 1812 acct 0 radius-server host [ip-first-acct] auth 0 acct 1813 radius-server host [ip-fallback-acct] auth 0 acct 1813 -- gerald - List info/subscribe/unsubscribe? See

Simultaneous-Use - checkrad with diff. auth/acct systems

hi, i have search the archive for some informations about an scenario where AUTHing and ACCTing take place on different machines. We have this situation what makes the use of checkrad (which needs a local radutmp on the AUTH-system - or have we here misunderstood someting?) a little bit