Have you tried putting the process under truss (truss -fp PID) to see
what kind of system calls are being made by radius? This may give you an
idea of what is going on.
Robert
On Wed, Oct 06, 2004 at 01:33:34AM +0100, Stungo, Jamie wrote:
-Original Message-
From: Kostas Kalevras
be that the high CPU load is due to the pattern
matching going on inbetween these calls.
I'd like to understand why only one CPU shows at full load and the other idling. Is
it prstat reporting incorrectly?
JS
-Original Message-
From: Robert Banniza [mailto:[EMAIL PROTECTED]
Sent: Wed
I ended up using the huntgroups file to do this (i.e.):
Juniper-M-SeriesNAS-IP-Address == 10.1.1.20
User-Name = sally
Then in my users file:
DEFAULT Huntgroup-Name == Juniper-M-Series
Auth-Type := LDAP,
Fall-Through = No
Run 'radiusd -X -A' and report back where it seems to be hanging up.
Robert
On Tue, Aug 10, 2004 at 03:38:17PM -0600, Oscar Caballero Chavanel wrote:
Hello,
I started using and configuring FreeRADIUS 0.9.3 on SuSE Linux
Enterprise Server 8.
I need to authenticate RADIUS users to
On Wed, Aug 04, 2004 at 10:52:28AM -0400, Alan DeKok wrote:
Geoffrey Cauchi [EMAIL PROTECTED] wrote:
Did you have any reply re. this? We are facing a very similar problem and
it would be greatly appreciated if you could tell us how you solved the
problem.
So far, I don't think he has.
On Wed, Aug 04, 2004 at 02:14:41PM +0300, Kostas Kalevras wrote:
On Tue, 3 Aug 2004, Robert Banniza wrote:
Guys,
I'm using Freeradius-0.9.3 with the rlm_ldap module (OpenLDAP backend)
and have most everything configured except this last little bit. I would
like to allow only certain
On Wed, Aug 04, 2004 at 02:41:09PM -0400, Alan DeKok wrote:
Robert Banniza [EMAIL PROTECTED] wrote:
1) In the users file, I have the following (pay attention to the
Ldap-Group entry):
DEFAULT Huntgroup-Name == Cisco
Auth-Type := LDAP,
Service
Is there a way to set the Service-Type by the device you are logging
into? i.e. I want Service-Type := Administrative User for Cisco and
Service-Type := Shell-User for Juniper devices. Can this be done
according to the IP of each device?
Thanks
Robert
-
List info/subscribe/unsubscribe? See
On Tue, Jul 20, 2004 at 12:49:55PM +1000, Paul Hampson wrote:
On Mon, Jul 19, 2004 at 08:05:28PM -0500, Robert Banniza wrote:
I'm trying to set the Cli-Initial-Access-Level on a Juniper E-Series.
However, the Juniper is not understanding:
radiusReplyItem: ERX-Cli-Initial-Access-Level := 5
Here's an odd one...Is there any way of getting around having to set
Service-Type = Administrative-User in order to get the Cisco-AVPair :=
shell:priv-lvl=15 to work correctly? The reason I ask is b/c when I
set Service-Type = Administrative-User as the DEFAULT in the users file
or through a
On Wed, Jul 21, 2004 at 12:14:59PM +1000, Paul Hampson wrote:
On Tue, Jul 20, 2004 at 08:35:59AM -0500, Robert Banniza wrote:
On Tue, Jul 20, 2004 at 11:00:18PM +1000, Paul Hampson wrote:
On Tue, Jul 20, 2004 at 06:35:32AM -0500, Robert Banniza wrote:
This we have done. They mentioned
Anyone have any ideas on this? I have Googled to no avail. Anyone else
using Juniper ERX dixtionary to auth. and set CLI access levels? Any
information would be appreciated.
Robert
On Thu, Jul 15, 2004 at 02:08:57PM -0500, Robert Banniza wrote:
Guys,
Per the original email (below), here
Not sure if this is the same issue you are having but I had to set the
Administrative-User line to get AVPair to work correctly with
radiusReplyItem: Cisco-AVPair := shell:priv-lvl=15. Here is what I
have in my users file:
DEFAULT Auth-Type := LDAP
Service-Type =
, 10.1.1.162
Is there something else I need to do?
Thanks
Robert
On Wed, Jul 14, 2004 at 10:11:33AM -0500, Robert Banniza wrote:
Guys,
I'm currently setting up Juniper E-Series devices to authenticate
against FreeRadius using rlm_ldap (OpenLDAP). I currently have:
radiusReplyItem: ERX-Cli-Initial
at 13:08, Robert Banniza wrote:
Guys,
Per the original email (below), here is some more information (debug)
output. The symptons are that the radius users are all logging into the
Juniper with priv. level 10 (regardless of what the
ERX-Cli-Initial-Access-Level is set to). Here is what I'm
Guys,
I'm currently setting up Juniper E-Series devices to authenticate
against FreeRadius using rlm_ldap (OpenLDAP). I currently have:
radiusReplyItem: ERX-Cli-Initial-Access-Level := 5
radiusReplyItem: ERX-Alternate-Cli-Access-Level := 15
radiusReplyItem: ERX-Cli-Allow-All-VR-Access := 1
in my
radiusd -x. Run Freeradius in debug mode.
On Sun, 11 Jul 2004, Robert Banniza wrote:
Here is the debug output:
2d04h: AAA/MEMORY: create_user (0x20F7E20) user='' ruser='' port='tty1'
+rem_addr='10.1.1.162' authen_type=ASCII service=
LOGIN priv=1
2d04h: AAA/AUTHEN/START (1821432037
and the NAS!
On Mon, 12 Jul 2004, Robert Banniza wrote:
Here is what radiusd -X -A provides:
rad_recv: Access-Request packet from host 67.106.198.67:1645, id=10,
length=75
NAS-IP-Address = 11.9.67.177
NAS-Port = 1
NAS-Port-Type = Virtual
User-Name
:
Service-Type = Administrative-User,
On Mon, 2004-07-12 at 13:42, Robert Banniza wrote:
Here is what we are seeing nowThe secret has been set and will allow
us to login but we are not getting any privileged level:
rad_recv: Access-Request packet from host 67.106.198.67:1645, id=15
Guys,
We are trying to allow users to authenticate to Cisco 26xx routers using
Freeradius with the rlm_ldap module (OpenLDAP). We would like some of
these users to be able to log in with enable privileges. The following
is what we have done to try this with no avail. The following is a
sample ldif
:05PM -0400, Dustin Doris wrote:
What is the debug output? What happens when you try to login to the
router? User denied?
On Fri, 9 Jul 2004, Robert Banniza wrote:
Guys,
We are trying to allow users to authenticate to Cisco 26xx routers using
Freeradius with the rlm_ldap module
On Fri, Mar 19, 2004 at 06:35:17PM +0200, Kostas Kalevras wrote:
On Fri, 19 Mar 2004, Robert Banniza wrote:
In looking at the dictionary.juniper file, I notice there are 5
attributes in this file:
ATTRIBUTE Juniper-Local-User-Name 1 string
Juniper
ATTRIBUTE
In looking at the dictionary.juniper file, I notice there are 5
attributes in this file:
ATTRIBUTE Juniper-Local-User-Name 1 string
Juniper
ATTRIBUTE Juniper-Allow-Commands 2 string
Juniper
ATTRIBUTE Juniper-Deny-Commands 3 string
Guys,
I've been looking at the Juniper/Radius doc
(http://www.qorbit.net/documents/junos-radius-authentication.pdf) that
details auth'ing off of Steel Belted Radius. However, I'd like to use
Freeradius to do exactly what this doc is stating but don't have any
info. to go by. Is anyone using
Having a problem testing my LDAP authentication. In running 'radiusd -X
-A', I'm trying to debug why uid 'brad' and his password are not being
found. Here is my ldap filter from radiusd.conf:
ldap {
server = somehost.somedomain.net
identity =
On Tue, Mar 16, 2004 at 01:17:19PM -0500, Dustin Doris wrote:
Take a look at ldap search filters
http://www.ietf.org/rfc/rfc2254.txt
On Tue, 16 Mar 2004, Robert Banniza wrote:
Having a problem testing my LDAP authentication. In running 'radiusd -X
-A', I'm trying to debug why uid
Guys,
I'm trying to compile freeradius with LDAP support on Solaris 9 and the
compile is erroring out. I've googled and read the thread
http://lists.cistron.nl/pipermail/freeradius-users/2003-February/016497.html
and I still can get this thing to compile. Here is what I'm using as the
configure
27 matches
Mail list logo