, one of the ethernet interfaces,
a ppp interface, whatever. Whatever other ports you have listening on
the box will probably look similar.
- --
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690
this.
Cheers,
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866 International: +61 3 5227 8866
E-mail: [EMAIL PROTECTED]
Website: http
to the authorize { } section further down in radiusd.conf.
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866 International: +61 3 5227 8866
E-mail
is wrong?
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
G'day Mike,
Fire up wireshark or tcpdump and have a look what's actually in the packets.
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong
that does, I guess you could periodically run a script from
cron to log into the AP's web interface and grab the list of MAC
addresses and compare against what your accounting database thinks are
open sessions...
--
James Wakefield,
Unix Administrator, Information Technology Services Division
/messages?
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866 International: +61 3 5227 8866
E-mail: [EMAIL PROTECTED]
Website: http
Francisco
Hi Francisco,
The users file is used for specifying attribute/value pairs send to the
client, and the dictionary file is used for mapping attribute names to
numbers and types.
Was that the info you were after?
Cheers,
--
James Wakefield,
Unix Administrator, Information
normalboy wrote:
Hello,
is there a free Radius server running somewhere on the internet which i
could use? I need to create just 2 accounts, but it has to be a Radius
server, and i do not have machine 24/7 on the internet.
How about http://radiuz.net ?
--
James Wakefield,
Unix
in
your users file, or whatever you happen to use.
Cheers,
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866 International: +61 3 5227 8866
E-mail
Auth-Type := REJECT, Calling-Station-Id !~
008012323244|002938475473|and many other macs...
Is there any reason you shouldn't have a separate stanza accepting each
valid MAC address, then implicitly reject all other MAC addresses?
--
James Wakefield,
Unix Administrator, Information Technology
Hani
Hi Elie,
I suppose it's possible if your NAS supports it, but don't your modems
automatically negotiate that?
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227
module, one to search
one ou and the other to search the other ou, then invoke them one after
the other wherever you currently invoke the single ldap instance.
Cheers,
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217
and used on the NAS)
Depends on your NAS...what do you have?
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866 International: +61 3 5227 8866
E
you may be able to use another method to
provide accounting. Chillispot (http://www.chillispot.org/) might do
what you want. You might even be able to use the iptables byte counters
on your Linux server and route traffic through it if you have no other
options.
--
James Wakefield,
Unix
- is that it?
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866 International: +61 3 5227 8866
E-mail: [EMAIL PROTECTED]
Website: http://www.deakin.edu.au
Ariel VIVES wrote:
James Wakefield wrote:
Ariel VIVES wrote:
Hello the list,
I'm starting with freeradius.
Authentication works fine !
But the informations I get is only the username (le login name in
/etc/passwd).
How do I get the Fullname ? Or others informations (like mail, home
functions are pretty easy to use, you'd be better
off using those.
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866 International: +61 3 5227
/unsubscribe? See
http://www.freeradius.org/list/users.html
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866 International: +61 3 5227 8866
E-mail
that may apply is max-acct-age. I am
pretty new to this, so any detail is most appreciated.
The NAS should support Session-Timeout, which is the most common method
of time-limiting sessions. If not, hit the vendor with a big cluebat,
as it's in the RFC.
--
James Wakefield,
Unix Administrator
(default) timeout?
Yes, we tried that. The access-accept packets aren't arriving at all!
Does it work if you temporarily disable the Simultaneous-Use check?
No, that doesn't work either.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
James Wakefield
?
Does it work if you temporarily disable the Simultaneous-Use check?
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866 International: +61 3
. If this is not important to you, then you're
pretty much all set.
Cheers,
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866 International: +61 3 5227 8866
E-mail
(mailto:[EMAIL PROTECTED]) in the hope that your
posting is brought to the attention of clueful Comindico people.
Cheers,
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3
where they
need to be made, if you're not sure of something, check it to the best
of your ability, ask the list, etc. Other people will contribute their
knowledge, too.
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217
sql.conf so that
freeradius can connect to your MySQL server (username, password,
database name) and so that the accounting queries match the schema on
your billing server.
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217
of that data at a particular instance, or
something similar. If you have usage meters or other such software,
you'd have those querying the accounting table.
Did that help, or am I way off?
Cheers,
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin
to mysql, it failles... ?!
dunno is there some bug, or incomplete code, for the mysql backend ?
G'day Collen,
Can you post any and all SQL queries you see in the output of radiusd -X?
Cheers,
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong
| 3072BY256 | Huntgroup-Name | == | wireless |
| 7 | 3072BY256 | Auth-Type | += | local |
| 9 | netmaster | Auth-Type | += | local |
Any reason you're setting values for Auth-Type?
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin
Ali Jawad wrote:
Hi
How can I limit one connection per username..I.e. I do not want to
allow multiple users to login using the same username password
combination.
Hi Ali,
Your NAS will have to support it, but the Simultaneous-Use attribute may
allow you to do this.
Cheers,
--
James
the IPs and timestamps in the netflow data against the timestamps,
IPs and usernames in your radius accounting.
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax
?
Cheers,
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866 International: +61 3 5227 8866
E-mail: [EMAIL PROTECTED]
Website: http
there, then there's something you've missed in your
freeradius config. Is there any chance the subnet mask is specified on
your NAS and it's overriding what you send it?
Cheers,
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria
DSLCustomer 192.168.172.51 192.168.172.125
Original message
Date: Mon, 02 Oct 2006 09:18:59 +1000
From: James Wakefield [EMAIL PROTECTED]
Subject: Re: only work with 5 users or clients
To: [EMAIL PROTECTED], FreeRadius users mailing list
freeradius-users
damaged the config, but you may find that it doesn't behave
in the future. I would recommend spending the time getting groups and
group checks to work, then reverting any SQL queries you've altered back
to their defaults. It'll be much less painful in the long run.
Cheers,
--
James Wakefield
James Wakefield wrote:
isidoros wrote:
Thanks James for your answer,
I'm fairly new to freeradius I know the package only 14 days. (or
radius in general for that matter)
The group configuration is a mystery to me. It is unclear for me how
this separates the users. This is how I think
1
wouldn't check User-Password in
the group checks. radcheck is for user-specific checks (like
User-Password).
Cheers,
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227
attributes or your NAS is misconfigured or both.
Cheers,
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866 International: +61 3 5227 8866
E-mail
://wiki.freeradius.org/Rlm_sql should provide the info you need to
do the above.
Cheers,
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866 International: +61 3
.
Howdy Jason,
Might you get any useful info by running radiusd with strace?
Cheers,
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866
== 00166f980e78
Reply-Item = value
Other-Reply-Item = other value
testcase1 User-Password == 12345, Calling-Station-Id == 00166f97d99d
Reply-Item = value
Other-Reply-Item = other value
Cheers,
--
James Wakefield,
Unix Administrator, Information Technology Services
running on suse 10.1-x86_64 and apache is compiled from source.Any
suggestions? Help?
G'day William,
What do you get when you run ldd
/usr/local/apache/modules/mod_auth_radius-2.0.so ?
Cheers,
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University
://www.freeradius.org/list/users.html
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866 International: +61 3 5227 8866
E-mail: [EMAIL PROTECTED
Michael Messner wrote:
Here are my new configs, it looks like they are working, but I'm not sure
if this is really the correct way:
-- snip (see previous post) --
is this the correct way?
It looks pretty right to me. Can't see any better way to do it.
--
James Wakefield,
Unix
Huntgroup-Name == t1, Pool-Name := Pool-t1
Fall-Through = No
should work.
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866
value of seconds, eg: Session-Timeout=600 for a 10
minute timeout.
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866 International: +61 3 5227
it? Store the users and passwords in SQL and have the
Users file supply the rest?
If the check and reply items needed for your setup don't result in a
users file that's unmanageable, it's acceptable.
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin
://www.freeradius.org/list/users.html
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866 International: +61 3 5227 8866
E-mail: [EMAIL PROTECTED]
Website
10 Dialin Reply-Message = Access
Hi Elie,
Try putting rows with ids 1, 6, 8, and 9 in radgroupcheck rather than
radgroupreply.
Cheers,
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone
defined for your radacct table? If I recall correctly, MySQL by
default doesn't, are you using MySQL?
Cheers,
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax
/Radiusd.conf
look for the listen { } section.
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866 International: +61 3 5227 8866
E-mail: [EMAIL
of configuration of free radius over linux
and really i'll appreciate u.
thanks
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866 International
Elie Hani wrote:
Rlm_ippool: Failed to open file /etc/raddb/db.ippool/db.ippool:
permission denied
Hi Elie,
What does ls -l /etc/raddb/db.ippool/db.ippool say?
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217
Elie Hani wrote:
Hi James;
The folder db.ippool does not exist in /etc/raddb.
And I can't locate it using the locate db.ippool in the root directory.
Thanks
Can you post your radiusd.conf?
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University
is the default value for that column.
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.
Phone: 03 5227 8690 International: +61 3 5227 8690
Fax: 03 5227 8866 International: +61 3 5227 8866
E-mail: [EMAIL PROTECTED
-existent attribute.
Has anyone managed to do this? If so, what is the correct syntax to use
these in SQL accounting statements?
Cheers,
--
James Wakefield
Systems Administrator
+61 03 5227 6888
We have now moved head office to 8-12 Pakington Street,
Geelong West.
-
List info/subscribe
; Expire
60 ; Min TTL
)
; Authoritive Nameservers [NS]
NS walled-garden-server-hostname
IN A aaa.bbb.ccc.ddd
* IN A aaa.bbb.ccc.ddd
--
Hope that helped,
James Wakefield
Systems Administrator
+61 03 5227 6888
We have
a similar thing with email by setting up a mailserver
on the wildcarded IP and bouncing everything with your walled garden
message. Personally, I think sending your customers an email and then
putting in the web-based walled garden is enough.
Cheers,
James Wakefield
Systems Administrator
+61 03
57 matches
Mail list logo