Hi,
I was thinking that freeradius provide the wap2 encryption. I have a pci
card with atheros chipset working in AP mode. But i still have a question, I
made a simple configuration with freeradius that worked with radtest, but
how can I block the access to the wireless lan for users who does
Hello all,
I am a newbie with freeradius and I have a very newbie question. How do
I check the return code of a module? What I am trying to do is the
following:
sql {
ok = 1
fail = 1
}
if (sql returned ok) {
detail_success
...
}
elsif (sql returned fail) {
detail_fail
Hi,
SQLIPPOOL requires, maintenance of an IP address table carrying individual IPs
Is there a way to handle IP prefixes (prefix/range format) so that in
large networks having many different networks could main and utilze
this effectively.
For example it would be cumbersome if it happens to
Papadopoulos Georgios wrote:
I am a newbie with freeradius and I have a very newbie question. How do
I check the return code of a module?
$ man unlang
What I am trying to do is the
following:
sql {
ok = 1
fail = 1
}
if (sql returned ok) {
This should be if (ok) {
It's
Hi,
Here´s my problem: I need to create some user - group memebr model to
authenticate with Juniper Netscreen firewalls. Lets say i ve 10 users and 10
different customers with Firewalls. Now i need to give user 1 access to
customer 1,2,3 user 2 access to customer 5.7,8 and so on.
My idea is to
rsg wrote:
Hi,
SQLIPPOOL requires, maintenance of an IP address table carrying individual IPs
Is there a way to handle IP prefixes (prefix/range format) so that in
large networks having many different networks could main and utilze
this effectively.
Sure; write an allocate-find SQL query
Thanks a lot for the reply and valuable suggestions Phil.
Sorry for the mistyped IP prefix: 10.0.0.0/16 would make sense I
guess. Could you think of the trouble if we are to have tables with
different subnets allocated to different networks.
Regards,
rg
On Mon, Mar 31, 2008 at 12:31 PM, Phil
Goodmoorning to everybody:
I want to mount a EAP-TTLS authentication platform, with a LDAP
directory in the autenticationautorization server.
I have read that having a LDAP directory for autenticating users could
determine the autentication methods to use.
So can't I use EAP-MD5 inside a
Hello,
is there any expert of freeradius who can come to morocco for auditing a
freeradius installation?
Thanks in advance,
_
Envoyez avec Yahoo! Mail. Plus de moyens pour rester en contact.
Hello,
Where is Moroco ?
Cordialement,
Patrice OLIVER
Chef du Projet Ville Hôpital
Responsable Réseaux Sécurité
HOSPICES CIVILS DE BEAUNE
Service Informatique
BP 104
21203 BEAUNE CEDEX
Tél. 33 3 80 24 44 09
Fax
mel wrote:
I've managed to setup FreeRadius with OpenLDAP. The passwords however,
are hashed (e.g. {SHA}) in LDAP. Authenticating directly to LDAP
works, but it failed with Freeradius.
What does that mean?
If the password is in plain-text,
authentication is successful.
Well, yes.
[EMAIL PROTECTED] wrote:
I want to mount a EAP-TTLS authentication platform, with a LDAP
directory in the autenticationautorization server.
And... the passwords are stored in what format?
The database doesn't really matter. The password format *does* matter.
I have read that having a
Group devices in huntgroups and then use Huntgroup-Name, not individual
NAS-IP-Address.
Ivan Kalik
Kalik Informatika ISP
Dana 31/3/2008, it00x32 [EMAIL PROTECTED] piše:
Hi,
Here´s my problem: I need to create some user - group memebr model to
authenticate with Juniper Netscreen firewalls.
But ist not possible to use the same nas-ip in different huntgroups (i would
need that to use a huntgroup like a access group for each user)?!
Thx
regards
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Ivan Kalik
Gesendet: Montag, 31. März 2008
So you want user1 to have access to devices 1, 2 and 3, user2 to 2, 3 and
4 etc.? This can be done with the database. You can extend the usergroup
table to have NASIPAddress field as well and add AND NASIPAddress =
'%{NAS-IP-Address}' to group_membership_query. In that way user-NAS
pair will
Hello,
I'm trying to use Ascend-data-filters together with IP-pool
DEFAULT Pool-Name := test_pool
Fall-Through = Yes
DEFAULT User-Name := test_..., Cleartext-Password := test
Service-Type = Framed-User,
Framed-Protocol = PPP,
Session-Timeout = 65000,
Andreas Kalb (akalb) wrote:
I'm trying to use Ascend-data-filters together with IP-pool
...
DEFAULT User-Name := test_..., Cleartext-Password := test
...
Ascend-Data-Filter := ip in forward srcip
%{Framed-IP-Address}/32 dstip 1.1.1.2/32
The pool is working well, but the filter
Hello Alan,
pls see my response inline akalb. Thx for your quick feedback.
Kind Regards,
Andreas
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent: Montag, 31. März 2008 16:29
To: FreeRadius users mailing list
Subject: Re:
Ok, that info helped me out but not all the way. I created another virtual
server 'vmps' in the sites available folder and linked the file to
sites-enabled. I got this code off of another post here that uses a sql
db...
vmps {
# the mac address can be in several places...
if
Le Mon, Mar 31, 2008 at 01:15:50PM +0200, OLIVER Patrice ecrivait:
Hello,
Where is Moroco ?
http://en.wikipedia.org/wiki/Morocco
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I mapped my ldap attribute in the ldap.attrmap file as
replyItem rCidx roleid
And in the dictionary file I mapped it as
ATTRIBUTE rCidx 3000string
I am using NTRadPing to test the authorization.
I see in the log, radius
Hi,
FreeRADIUS does that automatically... IF it receives a password in the
Access-Request. If it doesn't receive a password in the Access-Request,
what you want to do is impossible.
See the web page for more explanations.
A bit clearer now. So you're saying that I should use:
radtest
Hi everybody,
I use freeradius 2.0.0 on red hat enterprise 3 AS and I set the authorize
section to check the user credential with an sql database. This configuration
works.
But I want to know and how to do that if it's possible, if the user isn't the
sql database, can freeradius check another
Hello,
sorry for my ignorance, I'm still a novice on FreeRadius :-( After installing
2.0.3 I'm even facing more trouble (most likely because parts of radiusd.conf
are split now and I'm unsure how to get the ippool called).
Where was the related functionality moved to?
Kind Regards,
Andreas Kalb (akalb) wrote:
Hello,
sorry for my ignorance, I'm still a novice on FreeRadius :-( After installing
2.0.3 I'm even facing more trouble (most likely because parts of radiusd.conf
are split now and I'm unsure how to get the ippool called).
Where was the related functionality
mel wrote:
A bit clearer now. So you're saying that I should use:
radtest testuser {SHA}... radiusserver 0 secret
No. The *client* is not the *server*. The client sends a clear-text
password to the server. The server looks up the user in a database, and
(perhaps) finds a SHA hashed
Guillaume Chartrand wrote:
I use freeradius 2.0.0 on red hat enterprise 3 AS and I set the authorize
section to check the user credential with an sql database. This configuration
works.
But I want to know and how to do that if it's possible, if the user isn't the
sql database, can
Eric Martell wrote:
I am using NTRadPing to test the authorization.
I see in the log, radius attribute is mapped to ldap attribute and
returning valid value
rlm_ldap: LDAP attribute roleid as RADIUS attribute rCidx = 11
but I did not see it in the Sending Access-Accept reply to NAS.
Thanks so much Alan. Really Appreciated your help.
It did work for single return value. Please check the log. I searched the
following thread for multiple attributes but it did not have right logic
without changing data.
Hi.
I'm setting up a LAC for L2TP tunneling users to a remote LNS.
On the LAC side I want it to obtain the tunneling parameters only based
on the realm.
What would be the simplest way to setup FreeRADIUS to only match the
realm and return tunneling attributes.
If the realm is not configured,
Hi all.
have been enjoying radius for a while now. Had to make a severupgrade
and move over to Fedora 8 for HW support. Still using 1.1.7 because it
rocks. Well not quite any more, i moved over the configfiles i had on
Debian and everything seems ok except for no users can login anymore
bmccorkle wrote:
Ok, that info helped me out but not all the way. I created another virtual
server 'vmps' in the sites available folder and linked the file to
sites-enabled. I got this code off of another post here that uses a sql
db...
vmps {
# the mac address can be in several places...
Yes, since you are not checking usernames/passwords you need to add
Auth-Type := Accept on the check line.
Ivan Kalik
Kalik Informatika ISP
Dana 31/3/2008, Paul Khavkine [EMAIL PROTECTED] piše:
Hi.
I'm setting up a LAC for L2TP tunneling users to a remote LNS.
On the LAC side I want it to
So here's the problem, the firewall doesn't like the response it gets,
isn't valid for some reason. I'm using the exact same configs as in
the working Debian version (same radius, 1.1.7), so in theory these
should work just as fine in my Fedora setup right?
Any clues or tip is greatly
Alan DeKok wrote:
password to the server. The server looks up the user in a database, and
(perhaps) finds a SHA hashed password. The server then SHA hashes the
password supplied by the client, and compares it to the SHA password
from the database.
In that case, something is *really* wrong
Hello,
I'm unfortunately still not getting it to work anymore after upgrade to 2.0.3.
I added the following to sites-available/default at top of document:
server bb-10k {
client 172.16.1.6 {
...
...
accounting {
detail
unix
radutmp
test_pool
}
...
post-auth {
36 matches
Mail list logo