Hi
can u tell me how run radius with pam?
thanks
On 4/19/07, daniel [EMAIL PROTECTED] wrote:
Ok, I have gotten pam_radius_auth.so to work and it is working well,
however, is there any way to get it to create a UID when it receives an auth
accept?
At the moment I have to run adduser every time
Jacob Jarick wrote:
The deps have incorrect names, ie requests apache2-devel but fedora
calls it httpd2-devel and so on.
The Redhat freeradius.spec file distributed with FreeRADIUS doesn't
reference apache2-devel. If you're using the Redhat spec file, please
ask them about fixing it.
* The
Hi,
Notes:
* The wiki glosses over a little and gives u an incorrect dir
* the spec file expects 1.1.5 tar.gz
yes, that has already been noted. simply edit the spec file
to use the correct value.
# tar zxvf /root/Desktop/freeradius-1.1.6.tar.gz
# cp /root/Desktop/freeradius-1.1.6.tar.gz
Hi,
The deps have incorrect names, ie requests apache2-devel but fedora
calls it httpd2-devel and so on.
argh!!!
now it all makes sense. from your previous email you said
cp freeradius-1.1.6/suse/freeradius.spec /usr/src/redhat/SPECS/
why the ** would you be trying to use a SUSE
hahaha sorry alan.
Big mistake of mine, I am dsylexic and yer well there u go.
I was reading suse as fedors (dont ask why).
Sorry for the false alarm, I did check and double check but sometimes
I never see the words right once I have mis-read them until some1 else
points it out.
So I should be
Thanks again for the reply.
Yes it was a mistake on my behalf no1 elses (Im dsylexic and misread
the suse as fedora).
Thanks for catching me on that,
Keep up the good work guys.
On 4/19/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hi,
Notes:
* The wiki glosses over a little and gives u
Hi,
So I should be using the redhat spec file for fedora correct ? - will
correct. SUSE is a very different beast to RedHat - as you have
discovered
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Here is my updated Install (now the same as the wikis) and yes works
the way I expected. Swapping to 1.1.6 now, then back to figuring out
LDAP :)
# cd /usr/src
# tar zxvf /root/Desktop/freeradius-1.1.6.tar.gz
# cp /root/Desktop/freeradius-1.1.6.tar.gz
/usr/src/redhat/SOURCES/
# cp
Hi Alan,
On Wed, Apr 18, 2007 at 05:09:11PM +0200, Alan DeKok wrote:
Ah. client_add() doesn't create the necessary structure. I've just
fixed that.
== I can confirm it works (cool!)
However here is another bug report:):
* cvs head
* all NASes in nas table(clients.conf not used)
* sending
Freeradius 1.1.3 installed via YUM on Fedora (not suse :P)
radiusd.conf: http://pastebin.ca/447690
radiusd -X -A output: http://pastebin.ca/447693
domain: tfxschool.internal
ADS: tfxschoolfs01.tfxschool.internal
Hi again people,
I have been pouring through the oreillys LDAP book (quite
Hi all,
I'm using cvs head on debian woody(historical reasons). I'm using
rlm_perl module with perl 5.6:
`dpkg -l '*perl*'`
...
ii libperl-dev5.6.1-8.9
ii libperl5.6 5.6.1-8.9
ii libsnmp-perl 4.2.3-2
...
This version of perl is without ithreads and does not
Jason Chan wrote:
Is it possible for FreeRadius to perform grouping after Kerberos
authentication accepted?
You can configure things in the post-authentication phase.
My company has many switches and servers and we use kerberos 5 for
RADIUS authentication. Once the user is authenticated,
Hi all,
here is another bug report(but don't worry; I'm running out of my
bugreports):
I used to have following attr_rewrite in modules section:
attr_rewrite fix_sqlcounter_reply {
attribute = Reply-Message
searchin = reply
searchfor =
Milan Holub wrote:
However here is another bug report:):
* cvs head
* all NASes in nas table(clients.conf not used)
* sending HUP results in segmentation fault when re-building up internal
clients structure:
Ok... I've added more code to re-set pointers on cleanup, and create
them on
Jacob Jarick wrote:
I have been pouring through the oreillys LDAP book (quite informative
so far to btw). I got the example of using freeradius against the
linux passwd file working fine. I tried their Freeradius and OpenLDAP
(now I know ADS isnt OpenLDAP btw) and it fails with the following
daniel wrote:
If I use LDAP to authenticate with PAM and freeradius authenticates against
LDAP as well am I able to still store session details with LDAP?
I believe so, yes.
I am trying to integrate my current hotspot database with my terminals so
that users can authenticate on either
On Thu 19 Apr 2007, [EMAIL PROTECTED] wrote:
Hi,
So I should be using the redhat spec file for fedora correct ? - will
correct. SUSE is a very different beast to RedHat - as you have
discovered
Erm.. Having said that, the SUSE spec file should and DOES build on Fedora as
well. I have gone
i need to configure my freeradius server in proxy server to use it with
windows IAS! i want the configuration of the files of freeradius which can
permit me to do that!
my last coonfiguration of these files is:
radiusd.conf
proxy_request = yes
proxy.conf
realm gie.local {
After more research yet again (google/ oriellys/ FR mailing list
archives) I think its one of these 2 scenarios.
1 - Anonymous Searches in Active Directory isnt working
2 - When I set:
# identity = cn=root,o=tfxschool,c=AU
# password = pass
the password should be
Milan Holub wrote:
here is another bug report(but don't worry; I'm running out of my
bugreports):
That's good to hear.
I couldn't reproduce it, but I did track down and fix the underlying
problem.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
i need to configure my freeradius server in proxy server to use it with
windows IAS! i want the configuration of the files of freeradius which can
permit me to do that!
We all want lots of things. Asking a bit more polite might help.
my last coonfiguration of these files is:
radiusd.conf
Unless I did something wrong mate it def doesnt build (dependancies
have diff names).
On the topic though. 1.1.6 built fine from the redhat spec file, I am
going to trial it once Im done with testing this ldap search problem.
On 4/19/07, Peter Nixon [EMAIL PROTECTED] wrote:
On Thu 19 Apr 2007,
Hi Alan,
On Thu, Apr 19, 2007 at 10:46:51AM +0200, Alan DeKok wrote:
I couldn't reproduce it, but I did track down and fix the underlying
problem.
== And I can confirm it's fixed.
Milan Holub
holub (at) thenet (dot) ch
--
TheNet-Internet Services AG,
Hi Alan,
On Thu, Apr 19, 2007 at 10:26:36AM +0200, Alan DeKok wrote:
Ok... I've added more code to re-set pointers on cleanup, and create
them on creation.
== and yes it helped! no segmentation fault anymore
Milan Holub
holub (at) thenet (dot) ch
--
On Thu 19 Apr 2007, Jacob Jarick wrote:
Unless I did something wrong mate it def doesnt build (dependancies
have diff names).
Well, sorry. to be more clear, the latest version of the spec file which is
used to build the rpms in opensuse does. I may have forgotten to commit this
back to cvs.
it's true! i had configure my FreeRADIUS server as a client on the IAS box,
but my server freeradius which i need it toi be server proxy don't transmit
the request of my switch. when i learned freeradius, i begun it by
configurate it with users file, and after with MySQL database. then i want
Hi Alan,
snmp querying works great now. Thanks for that!
However I've tried also to query some MIBS from
RADIUS-ACC-SERVER-MIB.txt or RADIUS-STAT-MIB.txt files and it looks like
freeradius does not react on it at all(no DEBUG activity with -X).
(cvs head)
Working query (using MIBs from
Milan Holub wrote:
I remember all MIBs worked a week before or so...
There was a missing bracket in smux.c.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See
You already have those files. What you need to do (if you really want
help on this list) is to paste the output from radiusd -X so people can
see what has gone wrong and tell you how to fix it. freeradius reject
the packets can mean loads of things.
Ivan Kalik
Kalik Informatika ISP
Dana
Hi Alan,
On Thu, Apr 19, 2007 at 12:26:46PM +0200, Alan DeKok wrote:
There was a missing bracket in smux.c.
== accounting MIBs now working:
main: smux_password = verysecret
main: snmp_write_access = yes
SMUX connect try 1
SMUX SMUX open oid: 1.3.6.1.4.1.3317.1.3.1
SMUX open progname:
Milan Holub wrote:
but statistics MIBs not registered/working yet...
It's not implemented. It's also not a standard. It was added on the
theory that we might do it one day, but perhaps not.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
On 4/19/07, Alan DeKok [EMAIL PROTECTED] wrote:
Rick Macdougall wrote:
Recompiled with --without-threads and it locks up hard on the first
accounting request. And when I say locks up hard, I mean not even a kill
-9 will stop it, I have to reboot the server.
Are you sure your OS isn't
It works!!! Thank you very much!
Kevin Bonner wrote:
html
I almost ignored your message, as I don't parse HTML well. =)
On Wednesday 18 April 2007 18:06:28 Sebastian Firpo wrote:
Thank you Kevin, but it didn't work now my entire users file is:
sebas
Hi,
We'd like to use FR to assign users on our wired network to one of 30
different vlans on campus, based on an LDAP field. Currently, we are doing
this with huntgroups. Namely, we create a huntgroup for the NAS (in our
case, a network switch), and then in the users file, we put the following:
you could extend your ldap schema and add a field for the vlan a user should
belong too.
then all you would need is to query that field and propogate the variable.
Tunnel-Private-Group-Id=`%{private-vlan}`
On 4/19/07, Matt Ashfield [EMAIL PROTECTED] wrote:
Hi,
We'd like to use FR to assign
On the topic of password encryption.
Kevin would you know how to encode a password for windows 2003 active
directory server. I need a user with permission to do active directory
searchs, it tries atm but fails because the password is not encrypted.
Even if you know what the encryption they use is
Matt, how about the configuration that you have to have in the switch
Can you Help me
Robinson
[EMAIL PROTECTED]
On 4/19/07, Matt Ashfield [EMAIL PROTECTED] wrote:
Hi,
We'd like to use FR to assign users on our wired network to one of 30
different vlans on campus, based on an LDAP
FreeRADIUS Users/Developers,
Does anyone use RADIUS to authenticate Motorola SM's? If so, I'm needing
some information on how to accomplish this.
Thank You In Advanced!,
Matt Neumark
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
We would like to use FreeRADIUS (acting as a proxy server) to set the
Primary-DNS-Server and Secondary-DNS-server attributes in the auth
response to the RADIUS client only if these attributes are not provied
by the end RADIUS server (which we don't control). Is there anyway to
do this
Hi,
Radclient works fine with almost every except when you use the -c flag
to specify that multiple copies of the same packet are sent.
---
./radclient -c 10 -x -f user radius1.susx.ac.uk auth xxx
Sending Access-Request of id 205 to 139.184.14.180 port 1812
User-Name = ac221
Thank you Alan. I read the documentations and now I'm able to use
Kerberos and MySQL along with FreeRadius. Thank you for your help.
However, I'm stuck in the last part of the project which is to reply the
accept request along with assigned attributes.
For example, Kerberos successfully
I was afraid someone would say that! Haha
Matt
-Original Message-
From: Donny Jekels [mailto:[EMAIL PROTECTED]
Sent: April 19, 2007 10:57 AM
To: [EMAIL PROTECTED]; FreeRadius users mailing list
Subject: Re: suggestions for multiple vlans in hundreds of switches
you could extend
Yeah, there's that too. We need to create these vlans within the edge
switches as well. Once created, you shouldn't have to touch them again.
Or you don't create them at the edge, and instead just create them in the
core, however that kind of kills the advantage of extending your vlans to
Hi,
This seems to work. The issue is scale. I have would conceivably have to
have a huntgroup definition in the huntgroups file for each NAS. And if I
wanted 30 vlans, I'd have to have 30 definitions like the ones above in my
users file for EACH one of my NAS's.
that would depend on what
I have been following your thread and am interrested to find out how do d
you get freeradius to do authentication wiht kerberos?
any config examples would be helpfull.
On 4/18/07, Jason Chan [EMAIL PROTECTED] wrote:
Hello,
Is it possible for FreeRadius to perform grouping after Kerberos
On Thursday 19 April 2007 10:42:30 Jacob Jarick wrote:
On the topic of password encryption.
Kevin would you know how to encode a password for windows 2003 active
directory server. I need a user with permission to do active directory
searchs, it tries atm but fails because the password is not
I'm using Redhat Enterprise Linux and here is my steps to setup
FreeRadius
1) Make SURE you have installed MIT Kerberos on your linux (krb5
packages)
2) Configure Realm, KDC servers, etc... for your linux
(system-config-authentication for redhat)
3) Install FreeRadius
4) Make SURE you have
Ok,
I've taken out the SQL accounting completely, left in the SQL authentication
and the problem still persists. On accounting packets with threads
disabled, the accounting process stops completely after one packet, on
accounting packets with threads enabled, the accounts process reports the
Well, I went through everything in the accounting { } and the problems turns
out to be radutmp
Any reason this might be a problem. The file gets created but never written
to. If I comment it out of the accounting { }, then everything, including
mysql records being written, works just fine.
On Thu 19 Apr 2007, Rick Macdougall wrote:
Well, I went through everything in the accounting { } and the problems
turns out to be radutmp
Any reason this might be a problem. The file gets created but never
written to. If I comment it out of the accounting { }, then everything,
including
Arran Cudbard-Bell wrote:
Radclient works fine with almost every except when you use the -c flag
to specify that multiple copies of the same packet are sent.
I have a fix I'll be committing tomorrow.
Was looking forward to doing some crude benchmarking :(
Last week it was slower than
Jason Chan wrote:
For example, Kerberos successfully authenticate admin/admin (yes I don't
use MySQL for authentication), and FreeRadius knows this user has
permission to access. Now, in the postauth part, FreeRadius searches the
radreply table in its MySQL database for the proper attributes
Rick Macdougall wrote:
Well, I went through everything in the accounting { } and the problems
turns out to be radutmp
Any reason this might be a problem. The file gets created but never
written to. If I comment it out of the accounting { }, then everything,
including mysql records being
You are right on with the NFS locking issue.
I believe that is exactly the problem, my only concern now is why it happens
with CentOS 4.x and not with Fedora Core 3.
More info in the morning as I'm currently having a beer (or 4) and watching
the Hockey playoffs.
Thanks for the help.
Regards,
54 matches
Mail list logo