On 02/21/2013 07:56 PM, Alan DeKok wrote:
2. Is freeradius ready to work as dhcp server for IPv6? Would it be
enough to insert some new words into dictionary and change configuration
appropriately?
It doesn't do DHCPv6. It's possible, but a lot of work.
Any plans to implement ipv6 support
I am not able to compile from git. It ends with error:
version.c:71: warning: no previous prototype for 'ssl_version_check'
version.c: In function 'ssl_version':
version.c:78: error: expected ';' before '}' token
gmake[4]: *** [version.lo] Error 1
gmake[4]: Leaving directory
On 03/28/2013 10:57 AM, Olivier Beytrison wrote:
Btw, are you aware that your are compiling freeradius without ssl
support ? this mean no eap, no tls, ect ? You should first install the
openssl development files before compiling freeradius Olivier
Yes, i know. This freeradius will only serve
On 03/04/2013 11:03 PM, Phil Mayers wrote:
There are a bunch of subtleties in this whole area - some devices
offer knobs to control giaddr in the case of multinettings, and some
devices offer knobs to control srcip - but, in my experience, you are
asking for trouble if giaddr is not valid
On 03/01/2013 04:12 PM, Alan DeKok wrote:
Can you supply the debug output?
When set that freeradius sends IP, NETMASK, DNS... *WITHOUT DEFAULT
GATEWAY*:
*This packet is sent to RELAY_IP*
*$RAD_REPLY{'DHCP-Gateway-IP-Address'} NOT SENT*
On 03/04/2013 04:54 PM, Alan DeKok wrote:
The point of asking for debug output is to see what the server is doing.
I'm not sure what the rest of your message means. The server defaults
to copying the giaddr from the request to the reply. This is so that
the reply can use the giaddr as
In case when freeradius is talking to a DHCP relay it should *always*
send answears to a initiating relay IP. But, it doesn't.
Cisco CMTS is using 10.10.10.1 as his giaddr for all requests made by
CM's, MTA's and CPE's.
All replies should go to 10.10.10.1.
But, currently, if CPE gets public
I've added two new fields into radippool table that i am using for DHCP
dynamic pools.
`gateway` varchar(15) NOT NULL DEFAULT '',
`netmask` varchar(15) NOT NULL DEFAULT '',
in ippool-dhcp.conf i've added new fields:
allocate-find = SELECT framedipaddress,gateway,netmask FROM
Server: up2date Centos 6.3 x64
Software: freeradius 2.2.0
configured by ./configure, generated by GNU Autoconf 2.61,
with options \'--prefix=/usr/local/freeradius' '--with-dhcp'
'--with-rlm_mysql=no' '--with-rlm_perl=no' --enable-ltdl-install\
radiusd -X starts OK, and then, after first
On 02/21/2013 10:23 AM, Igor Smitran wrote:
Received DHCP-Discover of id 08f11b15 from 10.21.192.1:67 to 0.0.0.0:67
Parse error Parse error or name in attributein attributein ode
Dropping packet without response.
Going to the next request
Waking up in 0.9 seconds.
My bad, sorry everyone, i
1. In sqlippool.conf is stated:
#
# WARNING: MySQL has certain limitations that means it can
# hand out the same IP address to 2 different users.
#
# We suggest using an SQL DB with proper transaction
#
During debug session (radiusd -X) beside other things i can see this:
DHCP-Parameter-Request-List = DHCP-Subnet-Mask
DHCP-Parameter-Request-List = DHCP-Router-Address
DHCP-Parameter-Request-List = DHCP-NTP-Servers
DHCP-Parameter-Request-List = DHCP-Domain-Name-Server
On 02/19/2013 03:41 PM, Alan DeKok wrote:
Use +=, not =
Alan DeKok.
Request from client is this:
DHCP-Parameter-Request-List = DHCP-Subnet-Mask
DHCP-Parameter-Request-List = DHCP-Router-Address
DHCP-Parameter-Request-List = DHCP-NTP-Servers
Freeradius puts everything into
What would need to be done in dhcp setup in order to have
radusergroup/radcheck/radreply/radacct-alike behavior?
I am trying to make it work with cable equipment (CM,MTA,CPE) but i am
not sure how to start. CM and MTA would have static IP addresses (sql
prefered because of additional replies:
It is my first time to setup Juniper ERX-1440 with freeradius. All my
other NAS's are cisco.
I was trying to setup checkrad to check for simultaneous connections and
realized that juniper is not listed in nas type list.
Can someone help me with getting chekrad to work with Juniper ERX?
Thank
Alan DeKok wrote:
What does the ISG documentation say?
Ask the vendor how their product works...
I am sking here because i wasn't able to find any answears on cisco
site. Maybe someone here has enough experience to point me to right
direction.
Thank you all
-
List
Ok,
I really don't understand why noone wants to help. After all, i am using
freeradius together with cisco. I just asked if anyone has any
experience in ISG+FreeRadius because i am trying to find a solution for
my problem for more than 15 days. Does it really matter what kind of NAS
i am
Yes, it is definitley my bad english.
I am not using freeradius as DHCP, i am using freeradius as mac address
checker. That part is working ok. I am using freeradius for long time
and it is a great product. But, cisco ISG is new to me.
I have setup cisco ISG as a DHCP server. when cisco
Nice.
Alexander Clouter wrote:
Igor Smitran si...@blic.net wrote:
I really don't understand why noone wants to help. After all, i am using
freeradius together with cisco.
Hey there, I'm trying to ping 217.23.192.1 from my laptop at work, but
it seems I need 802.1X configured
I am sorry for contacting list for my problem, but i have searched for
more than 15 days trying to find the solution with no success:
1. i have a cisco ISG with DHCP relay that points to freeradius
2. freeradius will send access accept or access reject based on mac
address, nas ip etc.
this
Alan DeKok wrote:
Hmm... the code in rlm_preprocess checks if the attribute is string
type. I don't see why this is necessary. See line 155 (or so) in
src/modules/rlm_preprocess/rlm_preprocess.c.
I've saw the source and now i understand, but, i don't know much of C
and don't know if
Alan DeKok wrote:
Yes. Delete the line containing PW_TYPE_STRING, and change the
previous line to:
if ((dattr = dict_attrbyname(newattr)) != NULL) {
Then re-compile install.
Just what i thought bu wasn't sure.
Can we expect this to be changed permanently in future releases?
Hello,
I am trying to rewrite some custom AVPairs that cisco sends me.
In order to do that i've created cusatom dictionary:
ATTRIBUTE disc-cause-ext 507 integer
VALUE disc-cause-ext Unknown 1002
VALUE disc-cause-ext CLID-Auth-Fail 1004
VALUE
Bandwidth is needed on your router. Between your router and your radius
server you will only have authentication and accounting packets which
are small and do not consume much of a bandwidth.
Radius server will not do any rate limiting, radius server will only
send rate limit data to router,
Look at the radcheck table. Attribute name Calling-Station-Id.
Magui wrote:
Hello, i want to know how combine user,password and telephone number
for to authenticate an user in order to give acces to my network.
Please I only need an superficial orientation ,not to detail
Define group in your database. In radgroupreply put Auth-Type := Reject
hashim zayed wrote:
Hi all:
I am using freeradius with mysql I want to want to create a group
that with default reject response . so when I put a user in this
group he gets access-reject from freeradius.
-
List
|
+++---++---+
| 1 | locked | Auth-Type | == | Reject|
Didn't have morning coffee at the time of my first post:)
Igor Smitran wrote:
Define group in your database. In radgroupreply put Auth-Type := Reject
hashim zayed wrote:
Hi all:
I am
Garber, Neal wrote:
Igor: I hope you weren't offended by my assumption - I wasn't sure, based
upon your comment, and I was just trying to help. If I offended you, I
apologize. By the way, out of curiosity, did the patch work for you on 2.1.7
also?
Don't worry, i wasn't offended at
Ivan Kalik wrote:
Why? Alan is not the only developer. Read the copyright for rlm_perl code.
I know that Boian is responsible for making our life easier :) I was
asking if this patch is going to be included in next release. That is
the comment i was expecting. Sorry for misunderstanding.
Igor
Garber, Neal wrote:
The error is in rlm_perl and appears related to thread data management, not
the O/S and not perl (I run FreeBSD and you run CentOS; we even have
different versions of perl). Boian can explain the change far better than I
can; but, my interpretation of the change is that
Boian Jordanov wrote:
On Jul 26, 2009, at 12:59 AM, si...@blic.net si...@blic.net wrote:
Igor wrote:
I have tried 2.1.7 and got same error. I will try to compile it with
--enable-developer and see if i can find out anything from gdb output.
I realy don't know why would this happen because
I am using Freeradius 2.1.6.
I have a working setup of freeradius with perl scripts inside authorize
and accounting sections.
Everything works great when i am using only one script.
But. if i add another script to do some other stuff for example in
post-auth section i get errors in log and
Ivan Kalik wrote:
Have you defined func_post_auth?
Ivan Kalik
Kalik Informatika ISP
Left everything by default. Made script by using example.pl as template.
Both scripts are looking exactly the same, except that i don't use
default function names for perl_script_1.
perl perl_script_1 {
Ivan Kalik wrote:
perl perl_script_1 {
module = ${confdir}/config_dialup/perl_script_1.pl
func_authorize = authorize_check_username
func_accounting = accounting_check_username
}
perl perl_script_2 {
module = ${confdir}/config_dialup/perl_script_2.pl
}
Ivan Kalik wrote:
It ends with freeradius crashing. If i disable all other perl calls and
leave only dummy.pl works with no problems. Same goes for other way
around. Basicaly, any combination that involves only one perl script
works without any problems. If i use two perl scripts in any
Garber, Neal wrote:
Igor,
What version of perl and what O/S are you using? I'm using FreeBSD 7.2 with
perl 5.8.9. The reason I hadn't submitted this sooner is I wanted to rule
out an issue with perl (our Productions servers are running an older version
of FreeBSD and perl).
perl, v5.8.8
Frank Ernesto Morales Quiroga wrote:
install in freebsd freeradius friends and when my clients try to
connect this poster draws me, it can be:
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm cdr.cu
Igor Smitran wrote:
As far as i can see, you removed pap from authorize section, which means
that you tried to change default setup...
My bad, pap does exist in authorize, but freeradius doesn't know where
is the password...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
Can i use simultaneous use to limit particular users to use just one channel
ISDN?
And at the same time, to forbid async users multiple logins?
For ISDN users i want to limit only some users, not all.
I know that cisco questions should not be posted here and i am sorry for
that but...
I am
Look at the acct_users file, you can define what to do when receiving START,
STOP and ALIVE packets.
You can call external script if you like.
All you need to do is echo correctly formated string and access server will
receive it.
If you want to put something additional to database, you can do
Igor Smitran [EMAIL PROTECTED] wrote:
I have Mikrotik. It can export netflow data but i am not sure what
freeradius can do with that?
Nothing. You will need a netflow server.
Is it possible to have all netflow for that
client inserted into database somehow? Please provide some URL because
Peter Nixon [EMAIL PROTECTED] wrote:
Aside from tinkering with FreeRADIUS code (and running a large number of
production servers) I also tinker with and run pmacct which I highly
recommend as a netflow/sflow solution. We have a number of deployments of
both on the same Postgresql backend and as
Yes Peter, you are right. My fault. I only tried netflow tools, i never used
those in production envrionment. I just checked and saw that i need to pull
data from collector, while collector is receiving data from routers. That
said it is not possible to have accurate data at disconnect. Sorry
Is there a way to have netflow data per session, instead of just total
octets in and total octets out? I am trying to find a relatively easy
way to charge users per netflow data, for example: local data is 50%
discount, mail is 30% discount etc.
Thank you,
Igor
-
List
From:
c k
To: freeradius-users@lists.freeradius.org
Sent: Tuesday, August 08, 2006 6:33
AM
Subject: (no subject)
I m using EAP-TLS as an authentication protocol.I want to authorize the
clients in my network to access only certain protocol traffics.For some users
i
Is it possible to limit the data transfer rate with freeradius and
mikrotik. If possbile then where should I specify what attribute. For
example I want to authenticate the users with freeradius + mysql and
mikrotik router and limit the Tx/Rx rate to 64Kbps/32Kbps.
How can I do that?
Hello all,
I am quite new to freeradius and I am with a doubt. I have a
PPPoE-Server that authenticate the users into my FreeRadius server. The
problem is that if a client, by some reason, get lost of connection the
freeradius mantain the log about that connection and, if the client try to
- Original Message -
From: Philippe Bacquaert [EMAIL PROTECTED]
To: freeradius-users freeradius-users@lists.freeradius.org
Sent: Wednesday, April 26, 2006 10:46 AM
Subject: assign a value to an attribute via a script
Hello,
I'm searching how to use a script to modify the value of
Is there a way to have netflow data per session, instead of just total
octets in and total octets out? I am trying to find a relatively easy
way to charge users per netflow data, for example: local data is 50%
discount, mail is 30% discount etc.
Consult the NAS documentation. If it doesn't
From: Alan DeKok [EMAIL PROTECTED]
Please post the debug log, as suggested in the FAQ, README, and INSTALL.
I got it up and running. I don't know if anyone before had this problem.
Problem was in nonstandard
fields that Mikrotik sent to freeradius. Preprocess directive inside
Igor Smitran [EMAIL PROTECTED] wrote:
I have a pppoe server on freebsd. I want to setup freeradius to give
different ip address block and gateway to users.
I need two pools, and i have a two gateways. One gateway is more
expensive
than the otherone. So, users that pay less will use chiper
Alan Dekok wrote:
Look at the packets coming from the two gateways, and see how
they're different. Use those differences to write rules that match
those differences, and return the different configurations.
Ok, let us say that we have two users: Alan and Igor
1. when Igor logs in he needs
52 matches
Mail list logo