On Thu, Apr 18, 2013 at 05:52:16PM +1200, Peter Lambrechtsen wrote:
When I setup the post-auth policy to send a update disconnect it works fine
if the response is an access accept. But if I update the control to access
reject the disconnect module gives me a noop.
As a guess:
The Post-Auth
- policy do_not_respond returns handled
+++- if (ADSL-Agent-Remote-Id !~ xxx ) returns handled
Whereas all I send back is:
Sending Access-Reject of id 165 to 172.25.1.1 port 62037
ERX-Virtual-Router-Name = default:voiplm1
Waking up in 4.9 seconds.
The Disconnect never get sent.
I even
I think I may be doing something wrong but perhaps it is working as
designed.
When I setup the post-auth policy to send a update disconnect it works fine
if the response is an access accept. But if I update the control to access
reject the disconnect module gives me a noop.
Is this supposed
Dear ALL
How change Access-Reject output of module with unlang in sites-enable to
Access-Accept and do some update control ?
I can not find what is the replay attribute of reject or accept to check
in If condition and change them in update replay.
and Do we have any reference
Hi,
How change Access-Reject output of module with unlang in sites-enable to
Access-Accept and do some update control ?
what method? you cant just 'Access-Accept' an EAP method that relies on the
agreement
between client and authentication server for the cipher keys etc
alan
-
List
On 03/25/2013 09:14 AM, Mehdi Ravanbakhsh wrote:
Dear ALL
How change Access-Reject output of module with unlang in sites-enable
to Access-Accept and do some update control ?
I don't think you can. And as AlanB says, it probably won't work anyway
- you can't force accept on challenge
PM, Phil Mayers p.may...@imperial.ac.ukwrote:
On 03/25/2013 09:14 AM, Mehdi Ravanbakhsh wrote:
Dear ALL
How change Access-Reject output of module with unlang in sites-enable
to Access-Accept and do some update control ?
I don't think you can. And as AlanB says, it probably won't work
On 25/03/13 11:16, Mehdi Ravanbakhsh wrote:
You means that if modules such as SQL module in session section return
reject i can not change that to accept and then update some control
attribute ?
I don't think so.
and
can i change sql module ?( i know SQL.conf but in that file i just
can
thanks
On Mon, Mar 25, 2013 at 4:40 PM, Phil Mayers p.may...@imperial.ac.ukwrote:
On 25/03/13 11:16, Mehdi Ravanbakhsh wrote:
You means that if modules such as SQL module in session section return
reject i can not change that to accept and then update some control
attribute ?
I don't
Hi all,
I want to configure the free radius to return access-reject based on the
value in stored procedure in oracle database( i have configured oracle database
to free radius)
How do i do that ??? please help
Lakshmi narayana | Prod Engineering | Tech Mahindra
#9/7 Hosur Road
On 05/02/13 10:44, Lakshmi Narayana Baliah wrote:
Hi all,
I want to configure the free radius to return access-reject based on the
value in stored procedure in oracle database( i have configured oracle database
to free radius)
How do i do that ??? please help
On Tue, Feb 5, 2013 at 9:44 PM, Lakshmi Narayana Baliah
lb0074...@techmahindra.com wrote:
Hi all,
I want to configure the free radius to return access-reject based on the
value in stored procedure in oracle database( i have configured oracle
database to free radius)
How do i do
Hi again.
Has anyone found a solution to this (always sending Access-Reject to
users not matching any group)?
Thanks!
Pe 15.01.2013 13:37, Bogdan Enache a scris:
Hi list,
I have managed to solve the last problem by replacing Group with
SQL-Group, like so:
DEFAULT SQL-Group == disabled
check requirement the files module
matches (and sends Access-Reject), so the file is processed. But clearly
the Group check isn't working...
Thanks!
Pe 14.01.2013 15:43, Bogdan Enache a scris:
Hi,
Pe 14.01.2013 15:17, a.l.m.bu...@lboro.ac.uk a scris:
Hi,
As you can see, it matches
Hi list,
I have managed to solve the last problem by replacing Group with
SQL-Group, like so:
DEFAULT SQL-Group == disabled, Auth-Type := Reject
Reply-Message := Your account is disabled.,
Fall-Through := No
Now users which are in the disabled group get Access-Reject, which
Hi,
Hi,
Is there a way to configure FreeRadius 2.1.10 to send Access-Reject
on users which don't match any of the defined groups?
I tried with:
DEFAULT Group-Name !* , Auth-Type := Reject
Reply-Message = Account rejected.,
Fall-Through
Hello again,
Hi,
Hi,
Is there a way to configure FreeRadius 2.1.10 to send Access-Reject
on users which don't match any of the defined groups?
I tried with:
DEFAULT Group-Name !* , Auth-Type := Reject
Reply-Message = Account rejected.,
Fall-Through
Hi,
As you can see, it matches the rule in users first, and then the
group named login in MySQL. There is no other match.
because thats the order that you have them run in how can the users
file know anything about the groups if you are doing the groups AFTER
the users file? change the
Hi,
Pe 14.01.2013 15:17, a.l.m.bu...@lboro.ac.uk a scris:
Hi,
As you can see, it matches the rule in users first, and then the
group named login in MySQL. There is no other match.
because thats the order that you have them run in how can the users
file know anything about the groups if
Hi,
Is there a way to configure FreeRadius 2.1.10 to send Access-Reject on
users which don't match any of the defined groups?
I tried with:
DEFAULT Group-Name !* , Auth-Type := Reject
Reply-Message = Account rejected.,
Fall-Through = No
and
DEFAULT
2012/06/04 15:52:41:686525 : FREERADIUS LOG rlm_eap_tls: TLS 1.0
Alert [length 0002], fatal unknown_ca
This means WiMAX supplicant sends TLS Alert message. This is because
supplicant do not trust CA that have issued AAA server certificate.
CA certificate of the CA that have issued AAA
Rathod Subhashchandra wrote:
This issue is coming consistently for multiple clients during Network Entry.
So read the debug log. It isn't hard.
2012/06/04 15:52:41:686559 : FREERADIUS LOG TLS_accept:failed in
SSLv3 read client certificate A
2012/06/04 15:52:41:686579 : FREERADIUS LOG
Hi...
just check the mail with subject: *generating ssl certs in debian squeeze*
, it may help
Thank You
On 20 October 2012 18:42, Alan DeKok al...@deployingradius.com wrote:
Rathod Subhashchandra wrote:
This issue is coming consistently for multiple clients during Network
Entry.
So
Ana Gallardo Gómez wrote:
I would like to return diferent values of a personal atribute
(Codigo-Reject) in a Access-Reject. I would like to do this in PEAPv0,
EAP-TTLS-PAP and EAP-TTLS-MsCHAPv2
With my configuration I can return Codigo-Reject in EAP-TTLS-PAP and
EAP-TTLS-MsCHAPv2 but I
in free-radius client
framework, but getting access reject error. I verified that what user I am
using to authenticate is available in groups which is configured there.
I am not getting any idea that why I am getting access reject
(PW_ACCESS_REJECT) error.
any help in this issue will be very helpful
Arvind Gupta wrote:
I am not getting any idea that why I am getting access reject
(PW_ACCESS_REJECT) error.
Then you're not looking at the debug output.
Run the server in debugging mode, as suggested in the man page, FAQ,
web page, README, and daily on this list.
Alan DeKok.
-
List info
too low.
Delaying reject of request 4 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.100 port 35710,
id=86, length=145
Waiting to send Access-Reject to client teste port 35710 - ID: 86
seconds
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.100 port 35710, id=86,
length=145
Waiting to send Access-Reject to client teste port 35710 - ID: 86
Waking up in 0.6 seconds.
rad_recv: Access-Request packet from host 192.168.2.100 port
low.
Delaying reject of request 4 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.100 port 35710,
id=86, length=145
Waiting to send Access-Reject to client teste port 35710 - ID: 86
i.e. the NAS didn't see a reply
, length=145
Waiting to send Access-Reject to client teste port 35710 - ID: 86
i.e. the NAS didn't see a reply, and retransmitted.
Waking up in 0.6 seconds.
rad_recv: Access-Request packet from host 192.168.2.100 port 35710,
id=86, length=145
Waiting to send Access-Reject to client teste
Hi all,
i am connecting network-manager to freeradius server. It showing access
reject. I am using server.crt which is provided by freeradius it self.
Please check and reply.
error paste below
rad_recv: Access-Request packet from host 192.168.21.2 port 32768, id=0,
length=153
Cleaning up request
Harish Mandowara wrote:
i am connecting network-manager to freeradius server. It showing access
reject. I am using server.crt which is provided by freeradius it self.
Please check and reply.
error paste below
Read it. The CA cert isn't known.
Follow the 4 steps on the front page of my
Hi,
Sending Access-Request of id 13 to 127.0.0.1 port 1812
User-Name = usertest
NAS-IP-Address = 10.1.1.28
NAS-Port = 0
MS-CHAP-Challenge = 0x7effa6d1eaf313a9
MS-CHAP-Response =
once again, you are looking at trivial client output. look at the
Access-Request of id 180 to 127.0.0.1 port 1812
User-Name = usertest
User-Password = passtest
NAS-IP-Address = 10.1.1.28
NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=180,
length=20
these are my table's entry :
mysql select * from
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=180,
length=20
dont really care about this - the 'radiusd -X' output is what is needed
for this list.
++--+++--+
| id | username | attribute | op | value
the installation, I tried to test it :
# radtest usertest passtest localhost:1812 0 testing123
Sending Access-Request of id 180 to 127.0.0.1 port 1812
User-Name = usertest
User-Password = passtest
NAS-IP-Address = 10.1.1.28
NAS-Port = 0
rad_recv: Access
On Mon, Nov 28, 2011 at 8:29 AM, Bogi Aditya b...@imtelkom.ac.id wrote:
thanks Alan
I found the problem was in the attribute field
where I put Cleartext-Password based on the wiki :
http://wiki.freeradius.org/SQL-HOWTO
The example should be correct. From
thanks Fajar
I've tried :
# radtest -t mschap usertest passtest localhost:1812 0 testing123
Sending Access-Request of id 13 to 127.0.0.1 port 1812
User-Name = usertest
NAS-IP-Address = 10.1.1.28
NAS-Port = 0
MS-CHAP-Challenge = 0x7effa6d1eaf313a9
on my setup (FR-2.1.12), and got
Access-Reject for both pap and mschap :)
then I change my radcheck table :
mysql select * from radcheck;
++--+++--+
| id | username | attribute | op | value
On Mon, 28 Nov 2011 09:59:16 +0700, Fajar A. Nugraha wrote
Did you know you can use LDAP as backend for FR, thus allowing your
users to use the same user/password combination whether they're using
FR or LDAP directly? :D
yes, I'm fully aware of that :)
but the data in OpenLDAP is based on the
... i.e. an otherwise valid and
correct Access-Accept packet, but with a Code of 3 (Access-Reject) since
the sql module failed.
For the short-term, I wrapped the sql calls in post-auth and
post-auth-type reject in redundant, followed by ok, so that users will
not get rejected because of failed logging
a Reject packet. Since it stops before attr_filter, it's
returning a non-RFC-compliant REJECT..
Hmm... you mean an Access-Reject with a bunch of attributes?
For the short-term, I wrapped the sql calls in post-auth and
post-auth-type reject in redundant, followed by ok, so that users will
not get
at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 186 to 127.0.0.1 port 36827
Waking up in 4.9 seconds.
Cleaning up request 0 ID 186
saeed1803 wrote:
I hope you can help. I am having some problems running with Radius
Authentication. The radius server is running on a debian server.
I have added some users:
test Cleartext-Password := test
Where? In which part of the users file.
i can do radtest and ntrping test and it
Alan DeKok wrote:
Where? In which part of the users file.
yes
Read the debug log you posted. The answer is there.
I'm amateur, so I can not understand debug log.
Please explain to me.
thanks a lot
On Mon, Aug 29, 2011 at 2:52 PM, Alan DeKok al...@deployingradius.comwrote:
saeed1803
to these recipients or distribution lists:*
t...@velociter.net
Subject: Access-Reject in freeradius
This message has not yet been delivered. Microsoft Exchange will continue
to try delivering the message on your behalf.
Delivery of this message will be attempted until 8/31/2011 12:32:15 AM
(GMT-08
I believe that you placed it after the DEFAULT section. Move it above
DEFAULT and test again.
Regards
Sameh Attia
--
- Failure is not an option; it is a built-in feature in Windows.
- The two basic principles of system administration:
* For minor problems, reboot
* For major problems,
saeed1803 wrote:
Alan DeKok wrote:
Where? In which part of the users file.
yes
Read the debug log you posted. The answer is there.
I'm amateur, so I can not understand debug log.
Please explain to me.
The last few lines contain a *CLEAR* description of the problem, and
how to solve
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 186 to 127.0.0.1 port 36827
Waking up in 4.9 seconds.
Cleaning up request 0 ID 186 with timestamp +182
Ready
Alan DeKok wrote:
The last few lines contain a *CLEAR* description of the problem, and
how to solve it.
i can not find the problem and how to solve it (im very amateur)..
Please refer me to main line
Sameh Attia wrote:
I believe that you placed it after the DEFAULT section. Move it above
29, 2011 at 8:37 PM, postmaster@eci.local wrote:
*Delivery is delayed to these recipients or distribution lists:*
t...@velociter.net
Subject: Re: Delivery Delayed: Access-Reject in freeradius
This message has not yet been delivered. Microsoft Exchange will continue
to try delivering
trouble figuring out how to return a Reply-Message from with in
the inner tunnel. Well, to be more specific, returning that
Reply-Message within the final Access-Reject.
So far, I've figured that I can update outer.reply within the inner
tunnel, but this gets sent out in an Access-Challenge follows
is rejected. Unfortunately, I'm
having trouble figuring out how to return a Reply-Message from with in
the inner tunnel. Well, to be more specific, returning that
Reply-Message within the final Access-Reject.
Do you have this in eap.conf:
eap {
peap {
use_tunneled_reply = yes
a (semi)
meaningful reply message when a user is rejected. Unfortunately, I'm
having trouble figuring out how to return a Reply-Message from with in
the inner tunnel. Well, to be more specific, returning that
Reply-Message within the final Access-Reject.
Do you have this in eap.conf:
eap
On 24/05/11 15:23, Martin Goldstone wrote:
Yes, I have this in both the peap stanza and the ttls stanza. This
seems to be fine when access is accepted, for example if I set a
Reply-Message saying Welcome in the post-auth section of the
inner-tunnel config, I see this in the final access-accept
so, in inner-tunnel post-auth, set outer.reply
to be whatever you want.. you can then, in the
outer layer, query/check or use that reply.
There's an additional round trip after the failure
which is why Phil said it needs to be saved. I
had a patch to save/restore it; but, it needs
rework
On 05/24/2011 05:03 PM, Alan Buxey wrote:
so, in inner-tunnel post-auth, set outer.reply to be whatever you want..
you can then, in the outer layer, query/check or use that reply.
Unfortunately, outer.reply is an Access-Challenge.
-
List info/subscribe/unsubscribe? See
You've posted the RADIUS messages. But what about src/dst IP? Have
you verified that the packets you *think* are the same actually match
for src/dst IP, and src/dst port? If not, why not go check? That will
show you WHY the packets are different: they're not the same packet!
You're
Hi,
Using freeradius 1.1.3. Im trying to get freeradius to return a helpful
reply-message in access-rejects to the NAS but the reply-message seems
to get stripped from the access-reject packet. Ive configured the
reply-message as below in /etc/raddb/sites-enabled/default
post-auth {
sql
sbcsgjm...@snkmail.com wrote:
Using freeradius 1.1.3.
Upgrade.
Im trying to get freeradius to return a helpful
reply-message in access-rejects to the NAS but the reply-message seems
to get stripped from the access-reject packet. Ive configured the
reply-message as below in /etc/raddb
On 05/14/2011 11:28 AM, sbcsgjm...@snkmail.com wrote:
Hi,
Using freeradius 1.1.3. Im trying to get freeradius to return a helpful
reply-message in access-rejects to the NAS but the reply-message seems
to get stripped from the access-reject packet. Ive configured the
reply-message as below
-rejects to the NAS but the reply-message seems
to get stripped from the access-reject packet. Ive configured the
reply-message as below in /etc/raddb/sites-enabled/default
Huh? 1.1.3 doesn't have sites-enabled.
Figure out what you're doing. You won't be able to understand
anything until
What is between the radius server and NAS? Something must be, because
it's modifying the packet. Do you have an intermediate proxy server?
No, but the packets are being sent over an OpenVPN tunnel.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sbcsgjm...@snkmail.com wrote:
Im confused, the Packet identifier is the same. Can you explain how you
know this. Thanks, much appreciated!
The packets are different. Go read them.
Find out what is modifying the packet *after* the RADIUS server sends
the reply. Look at the *rest* of the
the ability to send an Access-Reject based on
huntgroups.
Is that correct?
Thanks,
Gene Titus
The Office of Telecommunication Services
The University of Texas at Austin
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/mysql-huntgroups-Access-Reject-tp3306623p3306623.html
Sent
added some SQL logging. I am logging Access-Accept and
Access-Reject. My problem is that access-rejects are appearing
scrambeled.. Example:
| 50 | us...@mydomain.tld | |
Access-Accept | 2010-09-10 10:53:36 |
| 51 | =7bam=3d1=7d917341235f4283123a58e52b623d2
1812
User-Name = testing
User-Password = password
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=248,
length=20
===
On the server terminal:
r...@kartik-laptop:/etc/freeradius
kartik dadwal wrote:
OS: Ubuntu 9.10
Freeradius 2.1.0 (Installed using synaptic packet manager)
On the server terminal:
r...@kartik-laptop:/etc/freeradius# *radiusd -X*
I would suggest reading the debug output. The answer to your question
is in there.
Also, try pasting the debug output
Hi all!
I need to set up something and I would like your opinion on how to do it.
Freeradius (v2.1.8) asks kerberos/ldap to authenticate and authorize.
What I want to do is if a Radius doesn't find anything (meaning
access-reject) then it asks another Radius located at another host.
Therefore
Peter Lambrechtsen wrote:
Understood, I had just taken examples off the internet about how to
setup LDAP Auth, which was very misleading by having the Auth-Type being
set which caused all of my issues in the first place.
And the documentation (web, manual pages, config files) says in many
10, 2010 at 10:18 AM, Peter Lambrechtsen
plambrecht...@gmail.com wrote:
On Mon, Aug 9, 2010 at 6:31 PM, Alan DeKok al...@deployingradius.comwrote:
Peter Lambrechtsen wrote:
Using FreeRadius 2.1.7 and trying to get the postauth_users to return an
access reject however it always seems
Peter Lambrechtsen wrote:
I have figured out where my mistake was. I needed to have the users
file being used in the authorize section, but I shouldn't have had
Auth-Type := Accept at the end of each line for the Groups, otherwise
if the Auth-Type is set to Accept the authenticate section is
On Wed, Aug 11, 2010 at 12:40 PM, Alan DeKok al...@deployingradius.comwrote:
Peter Lambrechtsen wrote:
I have figured out where my mistake was. I needed to have the users
file being used in the authorize section, but I shouldn't have had
Auth-Type := Accept at the end of each line for the
Peter Lambrechtsen wrote:
Using FreeRadius 2.1.7 and trying to get the postauth_users to return an
access reject however it always seems to return either a noop or ok.
..
And this is what is in my postauth_users file:
DEFAULT Auth-Type := REJECT
Post-Auth-Type = Reject,
Hmm
On Mon, Aug 9, 2010 at 6:31 PM, Alan DeKok al...@deployingradius.comwrote:
Peter Lambrechtsen wrote:
Using FreeRadius 2.1.7 and trying to get the postauth_users to return an
access reject however it always seems to return either a noop or ok.
..
And this is what is in my postauth_users
Using FreeRadius 2.1.7 and trying to get the postauth_users to return an
access reject however it always seems to return either a noop or ok.
This is what I get in my radiusd -X trace:
[files] postauth_users: Matched entry DEFAULT at line 30
++[files] returns ok
Sending Access-Accept of id 53
++- entering if (%{reply:Reply-Message} == Reject) {...}
+++[reject] returns reject
++- if (%{reply:Reply-Message} == Reject) returns reject
Using Post-Auth-Type Reject
+- entering group REJECT {...}
++[reject] returns reject
Sending Access-Reject of id 76 to 192.168.143.72 port 2747
Reply
{} section of inner-tunnel to copy control attribute from
inner-tunnel to default
2. sql query for radpostauth
3. content of authorize section of file /etc/raddb/sites-available/default
4. radiusd -X debug message for access-reject case
Alan's reply
message:
2. sql query for radpostauth
3. content of authorize section of file /etc/raddb/sites-available/default
4. radiusd -X debug message for access-reject case
Alan's reply ---
Fads Afds wrote:
Hi Fellows,
I have configured FreeRadius
Fads Afds wrote:
I tried to get the error-message of inner-tunnel by running sql query in
Post-Auth-Type Reject {} of default. The message field in radpostauth table
is empty. The query seems cannot access %{inner.control:My-Err-Message}
attribute.
My question is: Can sql in
-tunnl is invoked
and logging message is written to radpostauth table as expected.
For access-reject cases (username not existed in db, wrong username,
accumulated session time quota exceeded, etc), Post-Auth-Type REJECT {} of
inner-tunnel is never entered. What is wrong? Any help? Thanks
users: Matched entry DEFAULT at line 153
users: Matched entry abc at line 216
modcall[authorize]: module files returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
rlm_pap: Found existing Auth-Type, not changing it.
rad_check_password: Found Auth-Type
Hi,
I found in users file that line:
DEFAULTAuth-Type = System
comment this line out and restart the daemon
remove calls to 'unix' from your configuration
if you dont want to even think about /etc/passwd
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Date: Thu, 13 May 2010 11:01:10 +0100
From: a.l.m.bu...@lboro.ac.uk
To: freeradius-users@lists.freeradius.org
Subject: Re: Access request-access reject
Hi,
I found in users file that line:
DEFAULTAuth-Type = System
comment this line out and restart the daemon
remove calls
Hi,
comment this line out and restart the daemon
remove calls to 'unix' from your configuration
if you dont want to even think about /etc/passwd
i commented it like that:
#DEFAULT Auth-Type = System
Fall-Through = 1
comment out both lines.the DEFAULT line and the fall-through
NAS-Port = 1812
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=185, length=20
thakkksss
Date: Thu, 13 May 2010 13:07:45 +0100
From: a.l.m.bu...@lboro.ac.uk
To: freeradius-users@lists.freeradius.org
Subject: Re: Access request-access reject
Hi,
comment
-Address = 255.255.255.255
NAS-Port = 1812
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=48, length=20
and this is the output of deamon:
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:41804, id=48, length=55
User-Name = abc
User-Password
On 05/12/2010 08:01 PM, dorra aa wrote:
hi can someone help me in that
i add a users :
abc cleartext-password:=123
It's right there in the debug output
users: Matched entry DEFAULT at line 153
users: Matched entry abc at line 216
modcall[authorize]: module files returns ok for request 0
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=11, length=20
3/The result of output radiusd -X is:
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 38590, id=135,
length=57
User-Name = sonia
Hi,
Hi. im used freeradius 2.1.8. Please can somebody give me an example of
configuration of files to do na simple test with radiusd -X.
because i'm testing now a local client and the result is reject. I modify
onlu users and clients.conf.is that anought?
1/I add on Users:
sonia
= 1812
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=76, length=20
plz can you give me the steps that i may to do more then that.
plz help me. I am a beginner in that
Date: Wed, 5 May 2010 11:19:29 +0100
From: a.l.m.bu...@lboro.ac.uk
To: freeradius-users@lists.freeradius.org
On 05/05/2010 06:38 AM, dorra aa wrote:
Mr Alan i do it but always the same result:
The definition of insanity is doing the same thing over and over and
expecting different results.
-Benjamin Franklin
plz can you give me the steps that i may to do more then that.
plz help me. I am a
NAS-Port = 1812
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=76, length=20
are you SURE you are editing the right users file? you havent got two copies
of FR installed have you ? (eg self-build and RPM) - check that
you dont have eg /etc/raddn/users AND /usr/local/etc/raddb
= salut
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=76, length=20
are you SURE you are editing the right users file? you havent got two copies
of FR installed have you ? (eg self-build and RPM) - check that
you dont have eg
Date: Wed, 5 May 2010 11:08:28 -0400
From: jden...@redhat.com
To: freeradius-users@lists.freeradius.org
Subject: Re: plz help me: access-reject
CC: a.l.m.bu...@lboro.ac.uk
On 05/05/2010 11:01 AM, Alan Buxey wrote:
Hi,
Mr Alan i do it but always the same result:
r...@pfe-laptop
Hello freeradius-users,
Standard freeradius 2.1.8 setup suggest to reference reply_log in
post-auth section of the (default) site.
With this setup, access-accept are logged, but access-reject does not
seems to be logged.
Is this the normal behaviour ?
Is there any way to have access-reject
Fred MAISON wrote:
With this setup, access-accept are logged, but access-reject does not
seems to be logged.
Is this the normal behaviour ?
Yes. See Post-Auth-Type Reject. This is documented in the same file:
sites-available/default.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Le lundi 03 mai 2010 à 16:58 +0200, Alan DeKok a écrit :
Fred MAISON wrote:
With this setup, access-accept are logged, but access-reject does not
seems to be logged.
Is this the normal behaviour ?
Yes. See Post-Auth-Type Reject. This is documented in the same file:
sites
Aaron Paetznick wrote:
Huh. Then it should be working but it isn't.
radiusd -X says:
...
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
Failed to authenticate the user.
Login incorrect: [username/badpass] (from client
Aaron Paetznick wrote:
I'm sorry, your explanation wasn't clear to me. How can I expose
Module-Failure-Message to or reference Module-Failure-Message within
rlm_sql?
This, also, didn't work for me:
post-auth {
...
Post-Auth-Type REJECT {
update reply {
1 - 100 of 312 matches
Mail list logo