Hi,
User-Name = sujatha
User-Password = test123
NAS-IP-Address = 255.255.255.255
NAS-Port = 1812
rlm_pap: WARNING! No known good password found for the user.
Authentication may fail because of this.
rlm_unix: [sujatha]: invalid password
rad_recv:
Yes, it forbit the access to some site it is easy if you have the correct NAS. You need for instance a mikrotik device where in the walled garden you can allow some site but you can ban others. ;)
From:"Parham Beheshti" [EMAIL PROTECTED]Reply-To:FreeRadius users mailing list
Hi All,
I want to use the Radius Server where the requesting Client are IPv6 Host.
I have changed the clients.conf like :
client 2001:0:0:1::9 {
secret = pass
shortname = admin
}
I have changed the users file:
vikas User-Password == password
Vikas Bagora wrote:
I want to use the Radius Server where the requesting Client are IPv6 Host.
Is this in 2.0.0-pr2?
I have changed the users file:
vikas User-Password == password
No. See the FAQ.
Service-Type = Administrative-User
But, the RADIUS SERVER is showing:
On 8/30/07, Svend Eriksen [EMAIL PROTECTED] wrote:
Hi,
We run freeradius 1.1.6 against postgresql 8.1.
With the current configuration the user can only login one time
simultaneously. What I want is that a user can login only one time per
NAS, but that the user can login on several NASes at
Hi,
(this goes into a Wiki page as well)
Today I fell over some caveat when it comes to handling AcctStopTime in
databases. In mysql, the schema defines
acctstarttime datetime NOT NULL default '-00-00 00:00:00',
acctstoptime datetime NOT NULL default '-00-00 00:00:00',
and the
On 8/30/07, *Svend Eriksen* [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
Hi,
We run freeradius 1.1.6 against postgresql 8.1.
With the current configuration the user can only login one time
simultaneously. What I want is that a user can login only one time per
NAS, but
Hi,
I have taken 1.1.6 version.
why? oh dear why?!? 1.1.7 is the latest 1.1.x release and its
there for many many reasons. i dont grab Linux 0.9 kernel if
i want to run a Linux server.
I am not very clear on configuring the files.
First we are going to do dummy testing.
for very very
Hi,
Ok, using regex matching fixed it. Thanks!
you might also add those client IP addresses to a huntgroup
and use the huntgroup name in your hints...
Hm... thinking of it... is shortname from clients.conf available as an
attribute? Then you could treat all IP addresses equal by their
I am using rlm_ldap (2.0.0-pre2) to check an account for being valid in AD.
This works.
As I am only interested in one attribute from AD, it would be
sufficient, if rlm_ldap would only use filter to dive into AD once.
How could I prevent rlm_ldap from Entering ldap_groupcmp() ?
Setting
Whether the password given in Users file is a Encrypted password or
normal?
Whether the secret which I am configuring in clients.conf should be
configured anywhere else?
All these files should be configured in the path
/usr/local/etc/xxx.conf.
Is this right?
-Original Message-
From:
Whether the password given in Users file is a Encrypted password or
normal?
Clertext-Password is normal.
Whether the secret which I am configuring in clients.conf should be
configured anywhere else?
On a client which is sending radius packets. With servers IP address.
All these files should be
Hello Everybody,
I just want to put several login-service in an access-accept packet. If i try
this in the users file :
login_user Auth-Type := Local, User-Password == pass_user
login-service = 50,
login-service = telnet,
Fall-Through = no
It send an acces-racccept with
Make multiple sql instances - one for each NAS.
Ivan Kalik
Kalik Informatika ISP
Dana 31/8/2007, Svend Eriksen [EMAIL PROTECTED] piše:
On 8/30/07, *Svend Eriksen* [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
Hi,
We run freeradius 1.1.6 against postgresql 8.1.
With the
Norbert Wegener wrote:
As I am only interested in one attribute from AD, it would be
sufficient, if rlm_ldap would only use filter to dive into AD once.
How could I prevent rlm_ldap from Entering ldap_groupcmp() ?
Don't reference the LDAP-Group attribute?
The only time that the
http://wiki.freeradius.org/Operators
+=
Ivan Kalik
Kalik Informatika ISP
Dana 31/8/2007, [EMAIL PROTECTED] [EMAIL PROTECTED] piše:
Hello Everybody,
I just want to put several login-service in an access-accept packet. If i try
this in the users file :
login_user Auth-Type := Local,
[EMAIL PROTECTED] wrote:
I just want to put several login-service in an access-accept packet.
That's not permitted. No NAS will understand that response from a server.
If i try
this in the users file :
login_user Auth-Type := Local, User-Password == pass_user
login-service =
On a radius client device (switch, AP, router, server, ...) which is
trying to authenticate the user.
Ivan Kalik
Kalik Informatika ISP
Dana 31/8/2007, Pelluru Sujatha [EMAIL PROTECTED] piše:
I did not get clearly where to configure the secret other than
/usr/local/etc/raddb/clients.conf file.
I'm sorry, but I dont understand what you mean. Can you please explain?
reg
Svend
[EMAIL PROTECTED] skrev:
Make multiple sql instances - one for each NAS.
Ivan Kalik
Kalik Informatika ISP
Dana 31/8/2007, Svend Eriksen [EMAIL PROTECTED] piše:
On 8/30/07, *Svend Eriksen* [EMAIL
Hi,
Whether the password given in Users file is a Encrypted password or
normal?
your choice!
Whether the secret which I am configuring in clients.conf should be
configured anywhere else?
yes - on the NAS itself. but if you're using radtest or radclient
then that software is a virtual NAS
Hi,
I did not get clearly where to configure the secret other than
/usr/local/etc/raddb/clients.conf file.
unless (UNLESS) you are using some other NAS authentication method
- eg sticking them into an SQL table for checking, clients.conf
is the ONLY place where the NAS secret needs to be
Hi,
Ok, using regex matching fixed it. Thanks!
you might also add those client IP addresses to a huntgroup
and use the huntgroup name in your hints...
Hm... thinking of it... is shortname from clients.conf available as an
attribute? Then you could treat all IP addresses equal by
Hi all,
I have installed a freeradius server and it works perfectly...
Now, I want to play with the Session-Timeout attribute. I want to set that
value according to the NAS in which the client is connected.
For instance, let us assume a user connect himself to a Group1 NAS and
have X seconds
http://wiki.freeradius.org/Rlm_sql
Ivan Kalik
Kalik Informatika ISP
Dana 31/8/2007, Svend Eriksen [EMAIL PROTECTED] piše:
I'm sorry, but I dont understand what you mean. Can you please explain?
reg
Svend
[EMAIL PROTECTED] skrev:
Make multiple sql instances - one for each NAS.
Ivan Kalik
Hi,
Today I fell over some caveat when it comes to handling AcctStopTime in
databases. In mysql, the schema defines
acctstarttime datetime NOT NULL default '-00-00 00:00:00',
acctstoptime datetime NOT NULL default '-00-00 00:00:00',
..and we've already has a discussion last
Hi All,
Sending Clear Information...
1. I am using freeradius-server-2.0.0-pre1 Version(which support for IPv6
also).
2. My Objective is ( Radius Client Information):
Make Radius Server to accept the request from the IPv6 client(Embedded
System).
- My Client has
Vikas Bagora wrote:
1. I am using freeradius-server-2.0.0-pre1
Please use 2.0.0-pre2.
- *users* file is modified in only with this lines :
vikas User-Password == password
Change that line to:
vikas Cleartext-Password := password
Alan DeKok.
-
List
I've got through the same problem, and based in some help I got here
from the list I managed to solve the problem with a simple change to
sql.conf, modifying the simul_count_query.
The original entry:
simul_count_query = SELECT COUNT(*) FROM ${acct_table1} WHERE
UserName='%{SQL-User-Name}' AND
Alexsander wrote:
alan, do you already saw freeradius work with active directory??
do you have some example file?
http://deployingradius.com/documents/configuration/active_directory.html
BUT if you have ntlm_auth working from the command line, 99% of the
work is done.
Again, If ntlm_auth
alan, do you already saw freeradius work with active directory??
do you have some example file?
tkx
On 8/31/07, Alan DeKok [EMAIL PROTECTED] wrote:
Alexsander wrote:
yes, i took it from the site freeradius.org, version 1.1.7, is correct?
Yes... the changes in 1.1.2 (or so) mean that the
I get an attribute/value from ad via freeradius and want this as a
checkitem in another module.
Therefore I added
checkItem User-Password primaryGroupID :=
to ldap.attrmap
and have the following users:
DEFAULT User-Password == wrong”
Service-Type = Framed-User,
Tunnel-Type:1 = VLAN,
Norbert Wegener wrote:
DEFAULT User-Password == wrong”
Repeat after me: Cleartext-Password :=
Fix this everywhere. Then try it again.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok wrote:
...
Repeat after me: Cleartext-Password :=
If it helps :-)
Before posting I tried nearly everything, including the use of
Cleartext-Password :=
in ldap.attrmap and the users file.
Unfortunately the result was always the same ...
add
checkItem Cleartext-Password
Hi Gents,
I've configured successfully MOTP with xtradius.
This way I can do a otp check with a password generated on my mobile
(with a java script).
see http://motp.sourceforge.net for more information
Now I would like to build this functionality with freeradius.
I've read that
Hi all,
I have installed a freeradius server and it works perfectly...
Now, I want to play with the Session-Timeout attribute. I want to set that
value according to the NAS in which the client is connected.
For instance, let us assume a user connect himself to a Group1 NAS and
have X seconds
You can set up DEFAULT entries in users file:
DEFAULT NAS-IP-Address == NAS1IP
Session-Timeout = X
Same thing for NAS2.
Ivan Kalik
Kalik Informatika ISP
Dana 31/8/2007, Khaldon manIP [EMAIL PROTECTED] piše:
Hi all,
I have installed a freeradius server and it works
How do you configure freeradius to receive accounting information from a proxy
radius server ? Is it possible to store this accounting information in a
different table in postgresql database?
Thanks
-
Choose the right car based on your needs. Check out
Hi,
I just want to put several login-service in an access-accept packet. If i try
this in the users file :
login_user Auth-Type := Local, User-Password == pass_user
login-service = 50,
login-service = telnet,
Fall-Through = no
It send an acces-racccept with only
I did not get clearly where to configure the secret other than
/usr/local/etc/raddb/clients.conf file.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, August 31, 2007 2:39 PM
To: FreeRadius users mailing list
Subject: RE:
I have taken 1.1.6 version.
I am not very clear on configuring the files.
First we are going to do dummy testing.
What are the changes to be done on client and server configurations?
Can we give a file name as the argument in the command line while using
radtest? If so How to use?
40 matches
Mail list logo