Ing. Alfonso Reyes wrote:
I'm having some issues with the configuration of the radius server, I'm
getting the following: Error Initializing Modules.
The thing is that my radius server has no issues with the configuration
(eap.conf), and the instalation was succesful with mysql.
I don't
piston wrote:
And the reason is? i thought nasidentifier is quite important attribute.
Anyway thanks for reply.
This is the first time in almost 10 years that anyone has said it's
important. And if it is important for you, you can edit the
configuration to add it.
Alan DeKok.
-
List
Hi,
This is the first time in almost 10 years that anyone has said it's
important.
There may be (few) places where it is important. E.g. we get accouting
tickets from a DSL provider through a NAT on their side, and all
accounting tickets have the same Client-IP-Address and no
NAS-IP-Address.
Hello ;
I need authenticate local /etc/passwd users with FreeRadius for wired and
wireless network 802.1x authentication ?
Is it posible ?
Or i can migrate all local users to ldap server in this case is it posible ?
Because i dare say 802.1x authentication not correctly work with encrypted
Hi,
i have 2 questions and i hope you'll help me.
I use the freeradius in combination with mysql-server for accounting and
authorizing.
The first:
how do i use the Acct-Input-Gigawords and Acct-Output-Gigawords Attributes
with FreeRADIUS Version 1.1.3 and FreeRADIUS Version 1.0.2 and PPP
how do i use the Acct-Input-Gigawords and Acct-Output-Gigawords Attributes
with FreeRADIUS Version 1.1.3 and FreeRADIUS Version 1.0.2 and PPP
2.4.4? I set up the fields in the mysql-table but they do not get filled
with data.
Those will be filled when the connection goes over the limit of the
Hi,
I set up the fields in the mysql-table but they do not get filled with data.
http://wiki.freeradius.org/FAQ#Why_do_Acct-Input-Octets_and_Acct-Output-Octets_wrap_at_4_GB.3F
(you need to modify the SQL queries as well, updating the database
schema alone isn't enough)
Greetings,
Stefan
Upgrade.
Ivan Kalik
Kalik Informatika ISP
Dana 24/9/2008, Oscar Trejo [EMAIL PROTECTED] piše:
The version of the freeradius is v 1.1.0
I hope these is what you ask me.
Thanks !!!
What freeradius version is this?
Ivan Kalik
Kalik Informatika ISP
Dana 23/9/2008, Oscar Trejo [EMAIL
Gurus,
in my radiusd.log, I can see lots of these errors:
Wed Sep 24 09:40:54 2008 : Info: rlm_sql (sql_accounting): There are no DB
handles to use! skipped 0, tried to connect 0
Wed Sep 24 09:40:55 2008 : Info: rlm_sql (sql_accounting): There are no DB
handles to use! skipped 0, tried to connect
1 .Maybe max_connections in the MySQL config file should also be
increased and Mysql be restarted.
2. No idea except upgrading.
Norbert Wegener
Stefan A. schrieb:
Gurus,
in my radiusd.log, I can see lots of these errors:
Wed Sep 24 09:40:54 2008 : Info: rlm_sql (sql_accounting): There are no
Stefan A. wrote:
in my radiusd.log, I can see lots of these errors:
Wed Sep 24 09:40:54 2008 : Info: rlm_sql (sql_accounting): There are no DB
handles to use! skipped 0, tried to connect 0
Your database is probably slow. Do you have indexes?
FR is eating Memory and I do not know how to
Hi,
I need to authenticate employees at my lab onto our wireless network
using a Captive Portal and our corporate database (Active Directory).
The Access-Request from the Captive Portal contains a cleartext password
but our Active Directory does not store cleartext passwords. Can someone
please
Leese, MJ (Mark) wrote:
I need to authenticate employees at my lab onto our wireless network
using a Captive Portal and our corporate database (Active Directory).
The Access-Request from the Captive Portal contains a cleartext password
but our Active Directory does not store cleartext
Hello Dear Ivan Kalik;
Thank you for your response ;
From following link that you send indicate if i use eap-gtc everything is ok.
But our switches does not support this protocol.
http://deployingradius.com/documents/protocols/compatibility.html
I think Finaly i can use EAP-MSCHAPv2 and NT
Is there a way (radius or ppp) to get the Accounting-Data on-the-fly
(realtime) or maybe all 2 hours without disconnection the actual session
of
the user?
Depending on your NAS, you can send Accounting updates every 5 minutes !
The
attribute that NAS has to accept is called Acct-Interim-Interval.
Hi everybody.
I installed Freeradius 2.1.0 on a Fedora 9 server.
I installed dialup_admin to manage it: it partially works. I have some
troubles in 2 sections:
1. Check Server.
When I click on the menu, I see
Wednesday, 24 September 2008, 12:36:31 CEST
Server: 10.0.1.128:1812
(test user
Where can i set it up? I use rp-pppoe-server and ppp 2.4.4 on debian
That attribute should be replied by the server in access-accept RADIUS
packet. You can define it for each user in your user DB ( SQL, LDAP ) and
freeradius should be able to add it to the above mentioned packet.
Regards,
E:S
-
SecureW2 supports EAP-TTLS PAP.
Ivan Kalik
Kalik Informatika ISP
Dana 24/9/2008, Aydýn KOÇAK [EMAIL PROTECTED] piše:
Hello Dear Ivan Kalik;
Thank you for your response ;
From following link that you send indicate if i use eap-gtc everything is ok.
But our switches does not support this
Hello Dear Ivan Kalik;
Thank you for your help . Yes i install and i saw eap-ttls pap support
Our problem theoricaly solved i will try install freeradius + LDAP and pap
authentication
support...
Thank You,
SecureW2 supports EAP-TTLS PAP.
Ivan Kalik
Kalik Informatika ISP
-
List
Hi,
And I did exactly that. :-) Anyway, it would be a small change to the
schema and queries... I also wouldn't mind having it in by default. But
I don't care enough to submit a patch.
I think the issue is an UPDATE/UPGRADE issue - if the queries are
liek that by default - ie schema change -
Sorry about this long first mail, but I figured I'd try to include as
much information as possible. right away..
I'm trying to set up a rather complicated RADIUS structure that I hope
will be able to support a number of different needs. Anyway, some bit
of background information. Things I need to
Peter Eriksson wrote:
I'm trying to set up a rather complicated RADIUS structure that I hope
will be able to support a number of different needs.
2.1 should be *much* easier than 1.1.x. See the virtual server
configuration. It means that one server can do all of this, while still
keeping
One thing I'd like to achive in the EDUROAM-responsible RADIUS
router (server) is to make sure that *only* EAP-TTLS requests are
forwarded to the RADIUS server doing the real user authentication.
Anyone got something already configured that I could copy?
Ie, I would like to make sure that it
Megan wrote:
Good Day,
I am making an attempt to setup sudo authentication on a Centos 5.2
server to work with pam_radius_auth. I rwant ldap to handle my
regular users (this works already) and I want my privileged users to
authenticate through radius when they use sudo. I put the below in
Hi Everyone,
I have taken the advise and upgraded Radius to 2.0.5 on Ferdora 9.
When I start radius -X it starts up without any errors.
The last few lines as follows;
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port
Hello Peter,
Try to look at attr_filter section and configure it as you wishes:
In your radiusd.conf:
attr_filter attr_filter.post-proxy {
attrsfile = ${some path}/attrs.post-proxy
}
This file may contains similar information:
DEFAULT
User-Name =* ANY,
Reply-Message =*
Use unlang to check that freeradius.internal attribute EAP-Type has value
EAP-TTLS.
Ivan Kalik
Kalik Informatika ISP
Dana 24/9/2008, Peter Eriksson [EMAIL PROTECTED] piše:
One thing I'd like to achive in the EDUROAM-responsible RADIUS
router (server) is to make sure that *only* EAP-TTLS
Is Freeradius support for Disconnect messages under development?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Then I go to the XP system and connect to the Radius server ? And windows
gives a message that it can't find a cert to the network linksys...
There is no further output on the radius -X log.
on the fedora box
tcpdump -eqntl -i eth0 port 1812 or port 1812
check iptables - you might
Hi,
Ie, I would like to make sure that it will reject requests that
come in from the outside with user+password stuff sent in cleartext.
such requests will be missing many attributes. use unlang to check
for the absence of those.
alan
-
List info/subscribe/unsubscribe? See
rsg wrote:
Is Freeradius support for Disconnect messages under development?
It's on the road map. No definite date as to when it will be released.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan good call... I thought that I disabled all the firewall, SElinux during
the install.
Now I am working with the windows box XP Pro. I connects be still can't find a
cert for the network linksys.
Any ideas?
Thanks,
Scott
--- On Wed, 9/24/08, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Thanks for let me know that i'm the first one in 10 years thought that
nasidentifier is important. Cheers.
- Original Message
From: Alan DeKok [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Wednesday, September 24, 2008 2:44:55 PM
Hello all,
I recently got Freeradius with MS SQL to work together. But there is still
one thing to be completed, the IP Pool thing.
I put Pool-Name and it value in radgroupcheck table in MS SQL. I have
Pool-Name set up in radiusd.conf.
I test, user get authenticated by
Hi all,
I am trying to upgrade from an ancient 1.0.5 to 2.1.0, and ran into trouble
where I least expected it. Underneath is Debian Lenny system run as Linux
vserver.
I have a large set of users handled by LDAP, and a small group (admins with
only a few logins) that I used to handle by
Hi,
Alan good call... I thought that I disabled all the firewall, SElinux during
the install.
Now I am working with the windows box XP Pro. I connects be still can't find
a cert for the network linksys.
ful debug log as per the FASQ, docs and countless posts on this ML.
when you
Hi,
One thing I'd like to achive in the EDUROAM-responsible RADIUS
router (server) is to make sure that *only* EAP-TTLS requests are
forwarded to the RADIUS server doing the real user authentication.
the inner, or the whole request? if only the inner, then please
note that this will break
What version is this? In current schema group membership table is
radusergroup not usergroup. Post the whole debug. From this we can only
say that data from radgroupcheck table didn't make it. The bit why is
missing.
Ivan Kalik
Kalik Informatika ISP
Dana 24/9/2008, Xiaochen Jing [EMAIL
I'm using wired 802.1x to authenticate user using eap md5 and eap
peap. the problem rise when using peap, the radius attribute (tunnel
private group id) didn't pass to the switch. but if we use md5, the
server will pass the attribute. I suspect something missing on inner
tunnel config (I only
Thanks Alan,
I am using 2.0.5.
Like I said, I have three tables defined in MSSQL, usergroup table, radcheck
table and radgroupcheck table. I have GroupName and Pool-Name defined in
radgroupcheck table.
If I put two attributes (Cleartext-Password and Pool-Name) in radcheck
table, in two lines,
Hy all, few questions:
Is it possible to use the same sqlippool database for different
freeradius servers that belong to a cluster?
Is there drawback, doing this?
Is there any chance to acheive consistante ip allocation in a cluster of
several freeradius using non sql ippool module?
thx
-
List
Hm, it looks like mssql schema wasn't updated. There is no
group_check_query and authorize_group... queries look like ones in
1.1.x. That's probably why groups are not processed (unless you changed
read_groups to no in sql.conf). Also no priority field in radusergroup.
Try replacing group queries
42 matches
Mail list logo