Hi,
still fighting with ldap :-)
If I authenticate the user local without an ldap-entry in the
radiusd.conf everything works fine,
but if I uncomment the ldap-entry, nothing works anymore!
I thought the users file is inspected first?
my log:
see attachment
Thanks
Florian
--
Alan DeKok wrote:
Florian Prester [EMAIL PROTECTED] wrote:
authorize: If I place the users-word before anything else, the
authorization should take place by the users-file, which means if an
user exists in the users-file it is authoized? correct?
It means that the users file is
Hi all!
I have a huge problem. When executing an external script I get strange
error messages and my server shuts down. I find this strange because the
script is tested a side and it works. Plus I have other similar scripts
running and they run perfectly.
I get this in the log (radiusd.log)
Thank you Dustin this works!!
I'll be making a detailled description on how it works now. Maybe it can be
posted? if not just send me an email and I will send it to anyone who wants
it.
Maybe I can contribute back this way
Thanks again!!!
Martial
From: Dustin Doris [EMAIL PROTECTED]
Hi,
How can I controll if the radius should take the nt-Password or the
cleartext-Password?
I mapped an cleartext-Entry in ldap to the User-Password radius entry in
ldap.attrmap.
The request is looking in the directory for the checkItem:
User-Password -- found!
But for authentication it
Hi All,
I'm trying to get hints and huntgroups working with PPTP using MPPE
MSCHAPv2.
I want users to be able to login with uname or uname.suffix. When
logging in with uname.suffix, the suffix is stripped and a hint is set
using the hints file. They are also set in a huntgroup.
The users
Hello group,
Due to a recent catastrophic hardware failure on one of our
radius servers I've had to install a new machine. In the process we also
upgraded freeradius from 0.9.3 to 1.0.2-4, and somehow the radius server
now refuses to accept anything other than a User-Password attribute --
I use Cisco AP 1230 and I set on the authentication for MAC and EAP
authentication. On client side (Centrino/Windows XP), I set as mentioned in
the HOW-TO for EAP-TLS. On Freeradius, I only see EAP authentication but no
MAC authentication. Am I missing something? Please help.
Thanks.
-
still fighting with test configuration..
I have created two rlm_passwd modules. Afterwards, have put them under
'authorize' section one by one. Why the deamon is accepting the request
depending only on the rlm_passwd file where User-Password is present and
ignoring the one which should check
Title: Mutliple Authentication REALMS
Hi,
Its been a long time, as the freeRADIUS software Ive being using for the last 3 years hasnt needed looking at since installation.
So a big thank you to the development team J
However, as with most things its so good Ive now got to redesign and
I'm having some trouble getting FreeRADIUS to use the SQL tables for
determining Simultaneous-Use. I've reviewed the doc/Simultaneous-Use
file. I've uncommented the simul_count_query line in sql.conf. I'm
already successfully using SQL authentication and accounting. I've
entered
Hi @all,
i read some HowTo's for installing FreeRadius/PEAP and they have used the
CA.all script to create the certificats. But i can't find this script after
installing FreeRadius deb version 1.0.2 on my PC. I have to install other
packets ? Openssl is already installed. (After installing
Hi all,
Is there any way of logging the MSSQL queries ( with values ) to the
radius.log file ?
I can see the following in the radius.log file ...
Tue Jun 14 00:53:53 2005 : Error: rlm_sql (sql): Couldn't update SQL
accounting STOP record - HY019 [unixODBC][FreeTDS][SQL Se
rver]Arithmetic
Never used EAP, but perhaps this will be helpful.
rlm_ldap: - authorize
rlm_ldap: performing user authorization for unrzwlan1
radius_xlat: '(Userid=unrzwlan1)'
radius_xlat: 'ou=AAAuser,o=Universitaet Erlangen-Nuernberg,c=DE'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got
Hi,
It's been a long time, as the freeRADIUS software I've being using for
the last 3 years hasn't needed looking at since installation.
So a big thank you to the development team J
However, as with most things it's so good I've now got to redesign and
re-implement to encompass more of
HI,
I am trying to setup pam_radius_auth on my RHEL WS v4. I followed
the direction from the pam_radius_app pkg which I downloaded from
freeradius.org. I copy the appropriate files in the right location.
I configured the pam_radius_auth.conf in /etc/raddb/server folder to talk to
radius
Lucas Aimaretto wrote:
Is there any way of logging the MSSQL queries ( with values ) to the
radius.log file ?
Read rlm_sql(5) manpage and search for the sqltrace option.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi, i want to change my current setup (eap-tls) to eap-ttls so that i
don't need the client certificates.
I really not understanding how to use the options and if should i use them:
copy_request_to_tunnel = no
use_tunneled_reply = no
Can somebody give some hints on configuring Win XP with
You can't do RADIUS-assigned VLANs unless you're doing EAP
authentication. It won't work with MAC authentication.
--Mike
Matthew Sweet wrote:
Hello,
I am looking at setting up a group of Proxim AP-4000 wireless gateways. I
want to be able to authenticate via the MAC address of each user's
Artur Hecker [EMAIL PROTECTED] wrote:
implementing EAP or MAC authentication, meaning that one of both would
work, is a huge security hole and requiring both is useless since EAP
authentication implicitly filters away everything unauthenticated...
Doing *both* ensures that known users only
From what you've provided, I believe what is happening is that your
requests that you *want* to go to local LDAP are still being proxied to
your IAS server, and for some reason IAS isn't sending an Access-Reject
so you get that error about a dead request.
Realm NULL is a special realm that means
Jefri bin Dahari [EMAIL PROTECTED] wrote:
authentication. On client side (Centrino/Windows XP), I set as mentioned in
the HOW-TO for EAP-TLS. On Freeradius, I only see EAP authentication but no
MAC authentication. Am I missing something? Please help.
Read your NAS documentation.
There's
Edgars Klavinskis [EMAIL PROTECTED] wrote:
I have created two rlm_passwd modules. Afterwards, have put them under
'authorize' section one by one. Why the deamon is accepting the request
depending only on the rlm_passwd file where User-Password is present and
ignoring the one which should
Aaron Paetznick [EMAIL PROTECTED] wrote:
I'm having some trouble getting FreeRADIUS to use the SQL tables for
determining Simultaneous-Use. I've reviewed the doc/Simultaneous-Use
file. I've uncommented the simul_count_query line in sql.conf. I'm
already successfully using SQL
Lucas Aimaretto [EMAIL PROTECTED] wrote:
Is there any way of logging the MSSQL queries ( with values ) to the
radius.log file ?
There's the sqltrace file.
rver]Arithmetic overflow error converting numeric to data type numeric.
... but I do not know which values in the
Talwar, Puneet (NIH/NIAID) [EMAIL PROTECTED] wrote:
I was able to get the vsftpd working, I can
authenticate but when I go check to the /var/log/messages I see the
following message.
vsftpd[X]: pam_radius_auth: No RADIUS server found in configuration file
/etc/raddb/server
So...
Hello,
I am getting the following error when running freeradius -X:
radiusd.conf[2] Failed to link to module
'rlm_sqlcounter': /usr/lib/freeradius/rlm_sqlcounter.a: invalid ELF
header
Anyone can help?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Here is the content of the pam_radius_auth.conf file and yes it does exist
in /etc/raddb/server folder.
# server[:port] shared_secret timeout (s)
#127.0.0.1 secret 1
IP Address XXX.XXX.XXX.XXX Secret_Key3
-Original Message-
From: Alan DeKok
Correct, it is unable to find the user. When set at a higher context I receive
the following error:
rlm_ldap: performing search in o=wheaton, with filter (cn=testacct)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
My ldap config is as follows. If I change
Alan,
well, unfortunately not really. and most importantly: it does not
assure the users use the known SOFTware to access the net.
imho, hardware has never ever represented a problem so far.
ciao
artur
On 6/14/05, Alan DeKok [EMAIL PROTECTED] wrote:
Artur Hecker [EMAIL PROTECTED] wrote:
I have downloaded the latest CVS snapshot (the 12th of June) and am running
it on Redhat 9 with Postgresql.
I have configured the expiration module and added an entry in the
radgroupcheck table. If I send a radius request to my server for a valid
user and the expiration date is set to later than
Talwar, Puneet (NIH/NIAID) [EMAIL PROTECTED] wrote:
Here is the content of the pam_radius_auth.conf file and yes it does exist
in /etc/raddb/server folder.
# server[:port] shared_secret timeout (s)
#127.0.0.1 secret 1
IP Address XXX.XXX.XXX.XXX Secret_Key3
Correct, it is unable to find the user. When set at a higher context I
receive the following error:
rlm_ldap: performing search in o=wheaton, with filter (cn=testacct)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
My ldap config is as follows. If I
Jaco van Tonder [EMAIL PROTECTED] wrote:
if the expiration date/time has been reached - the
server traps this - but NO reply message is sent.
...
Delaying request 1 for 1 seconds
So... is it delayed for 1 second, or is it *never* sent?
My tests show it's only delayed for reject_delay
Shepherd, Dave [EMAIL PROTECTED] wrote:
realm SPECIAL {
type= radius
authhost= LOCAL
accthost= LOCAL
}
In the latest versions, this is realm LOCAL, but that doesn't make
too much difference.
Auth-Type {
mschap
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Dustin Doris
Sent: Tuesday, June 14, 2005 12:51 PM
To: FreeRadius users mailing list
Subject: Re:LDAP basedn context
Correct, it is unable to find the user. When set at a
higher context I
[EMAIL PROTECTED] (Rens Houben) wrote:
The literal same configuration works fine on another machine running
0.9.3 and retrieving its data from the same database server. Can anyone
suggest what I might be missing?
It should work.
Are you using the 1.0.2 dictionary files, or the 0.9.3 ones?
Sorry about that,
Here is the full content of the file.
# cat pam_radius_auth.conf
# pam_radius_auth configuration file. Copy to: /etc/raddb/server
#
# For proper security, this file SHOULD have permissions 0600,
# that is readable by root, and NO ONE else. If anyone other than
# root can
Talwar, Puneet (NIH/NIAID) [EMAIL PROTECTED] wrote:
Here is the full content of the file.
...
IP Address XXX.XXX.XXX.XXX Secret_Key3
That line is NONSENSE. If it's actually in your configuration file,
it WON'T WORK.
You have to list the IP address, not the text IP Address.
Correct, it is unable to find the user. When set at a
higher context I receive the following error:
rlm_ldap: performing search in o=wheaton, with filter (cn=testacct)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
My ldap config is as
Well ok, would it be possible to see some examples of some pam file setting
for RH environment? I think I am not setting the right pam modules.
Thanks,
__
Puneet Talwar
Contractor/CIPS
UNIX Administrator
301-451-9971
( c ) 301-252-5366
That worked! Maybe the docs need to be changed to reflect this fact.
I.e. SQL-based Simultaneous-Use still calls checkrad unless the NAS type
is set to other.
Thanks for the help!
--Aaron
Alan DeKok wrote:
Aaron Paetznick [EMAIL PROTECTED] wrote:
I'm having some trouble getting
Aaron Paetznick [EMAIL PROTECTED] wrote:
That worked! Maybe the docs need to be changed to reflect this fact.
I.e. SQL-based Simultaneous-Use still calls checkrad unless the NAS type
is set to other.
Simultaneous-Use results in checkrad being called, for radutmp and
sql session checking.
Hello erveryone J
Anyone can help-me setting freeradius to count(continuous
time) and disable wireless access for users?
For example:
User1 just allowed for 1hour, and then account
disabled
User2 just allowed for 1hour, and then account
disabled
Thank you
-
List
synackrst [EMAIL PROTECTED] wrote:
Anyone can help-me setting freeradius to count(continuous time) and disable
wireless access for users?
For example:
User1 - just allowed for 1hour, and then account disabled
rlm_counter
Alan DeKok.
-
List info/subscribe/unsubscribe? See
So even though I'm trying to do pure SQL-based Simultaneous-Use
checking, it's going to spawn an external process each time? I wanted
to use SQL like this to avoid the overhead of spawning an external
process in the first place. Hrm...
--Aaron
Alan DeKok wrote:
Aaron Paetznick [EMAIL
Aaron Paetznick [EMAIL PROTECTED] wrote:
So even though I'm trying to do pure SQL-based Simultaneous-Use
checking, it's going to spawn an external process each time?
If you tell it to.
I wanted to use SQL like this to avoid the overhead of spawning an
external process in the first
Hi,
I spent a few days working on a freeradius solution in which I want to
be able to create users whose logins expire 24 hours after their first
login. Since I noticed that many people have been asking for similar
things on this list, I thought I'd explain the solution I have ended up
using.
-Original Message-
From: Matt Cobb
Sent: Tuesday, June 14, 2005 2:07 PM
To: '[EMAIL PROTECTED]'
Subject: How to get Hint to match in users file
What syntax do you use to get Hint to match in the users file?
In Hint I have:
DEFAULT Prefix == LOCKDOWN\\, Strip-User-Name = Yes
Hi, everybody!
I have a problem on having tried to use TTLS with
LDAP. I have seen solutions to this problem in this
mailing list, but I have not had success.
In the following line it seems that ldap realizes
correctly the comparison:
rlm_ldap: user prueba authorized to use remote access
Dear Gurus!
We try to install Freeradius with PostgreSQL but got question
We expect about 100 concurrent calls and our switch sent 3 requests to
radius: Authorization, accounting start and accounting stop or update.
How much max_connections we should configure in a postgresql.conf file?
alfonso celestino [EMAIL PROTECTED] wrote:
rlm_ldap: Attribute User-Password is required for
authentication.
...
users file:
DEFAULT Auth-Type := LDAP
Fall-Through = No
Don't do that. Read eap.conf.
LDAP servers don't do EAP authentication.
Alan DeKok.
-
List
Dear list,
I am using free radius, for authorizing, authenticating and accounting
dial-up connection. I use sql for authorization, but users cannot be
authorized
Here what the log files produced
Info: rlm_sql (sql): No matching entry in the database for request from user
[swan]
Any idea,
It is never sent. I use radtest and get no replyradtest simply sends the
request again and again...
Regards
Jaco van Tonder
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan
DeKok
Sent: 14 June 2005 07:07 PM
To: FreeRadius users mailing list
54 matches
Mail list logo
