Dear All,
Could any one of you explain me about Challenge-Response in Radius
Server. It would be great, if you could point me to any approproite link
that explains about Challenge-Response.
I need to implement and process the Challenge-Response in my application.
Regards,
Barath Kumar.
-
--- [EMAIL PROTECTED] a
écrit : Send Freeradius-Users mailing list
submissions to
[EMAIL PROTECTED]
To subscribe or unsubscribe via the World Wide Web,
visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body
'help' to
Hi all
Now, when my NAS is dead (at last:) I need a replacement.
Can anyone advise me something not so e as CISCO , but that is able to
work reliably and with good RADIUS support ?
I need and NAS with approxim. 16 dialup ports(not less), which connects
directly to
Try setting:
use_mppe = no
with_nt_domain_hack = no
in the mschap configuration in section modules of radiusd.conf
I had the same problem, that tweak fixed it.
Hope this helps,
Rinaldo Bergamini
Antonio Fernandes wrote:
Hi!
I've installed
Hello to the list
I'm running FreeRadius 0.9.3+LDAP.
Somebody know if is it possible to configure in the LDAP user entry
more radiusProfileDN values?
Checking the logs it seems possible:
rlm_ldap: performing search in dc=csp,dc=it, with filter
([EMAIL PROTECTED])
rlm_ldap: checking if remote
hi alan,
i am planning to add a new attribute say something like MAC-address which is
not present right now in the attribute list.
now i add the attribute in the dictionary using the line
step 1--ATTRIBUTE MAC-Address 250 octets
i am sure nothing is to be modified in 'sql.conf' as i want this
Hi,
first of all thank you for your answer.
reading my post, i noticed that i was not so clear so i try to describe in
more detail my problem.
Let suppose we have two companies, A and B, with some traffic agreement.
Now, an user belonging to the network A moves into the network B.
Network B can
have edited the dictionary.cisco file and removed other entry and added
ATTRIBUTE pre-session-time198 integer Cisco
Still coming out
Cisco-AVPair = pre-session-time=7
Am I still missing something?
On Wed, 28 Apr 2004, Alan DeKok wrote:
Brent Geach
I've just copied the queries from the CVS-snapshot in sql.conf to my running (0.9.3)
for getting updated acct-session time etc and noticed one possible wrong query in the
sql.conf of the CVS-snapshot/sql.conf, maybe something to correct:
it reads (DATE_SUB for starttime):
hi alan,
i am planning to add a new attribute say something like MAC-address which is
not present right now in the attribute list.
now i add the attribute in the dictionary using the line
step 1--ATTRIBUTE MAC-Address 250 octets
i am sure nothing is to be modified in 'sql.conf' as i want this
On Thu, Apr 29, 2004 at 12:29:28PM +0200, Michael Markstaller wrote:
I've just copied the queries from the CVS-snapshot in sql.conf to my running (0.9.3)
for getting updated acct-session time etc and noticed one possible wrong query in
the sql.conf of the CVS-snapshot/sql.conf, maybe
Hello all,
In 802.1x configuration, I need to use Vlan assignment on Enterasys switch
from Freeradius server, and Enterasys doesn't accept standarts attributes
like Tunnel-type etc...
Then I have to use Filter-Id attribute in users file:
Filter-ID = Enterasys:Version=1:policy=nameofpolicy
Have
Sending this e-mail in behalf of Florent Bersani:
Hi Alan,
Aurelien forwarded me your remark on the identity
attribute format. Many
thanks for taking the time to read it and giving some
feedback.
The main difference between EAP-SIM (as well as
EAP-PSK) and EAP-TTLS
attribute format (as
I have a tigris which is sending in the racacct the ports in its own
format: from j1.1 to j3.120 (Ericcson way to call its ports)
but in the detail I get the NAS-port as a integer with different numbers
I have not found a valid relation between what the tigris sends and what
the radius shows.
I
An Ascend MAX2000 will handle 1 T1, and has been a very reliable NAS for me
in the past.
-Original Message-
From: [EMAIL PROTECTED] [mailto:freeradius-
[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, April 29, 2004 2:17 AM
To: [EMAIL PROTECTED]
Subject: any NAS with
These messages are being loged to my Freeradius 0.9.3. Don't care what number I put in the
ldap_connections_number.
If I put 10, when it arrives 10 auths it starts to show that message. (And fail to auth users)
I receive 5 or 6 auths / minute. So radius isn't overloaded.
While I cant find a
On Thu, 29 Apr 2004, [ISO-8859-1] Jefferson D?mes wrote:
These messages are being loged to my Freeradius 0.9.3. Don't care what number I put
in the
ldap_connections_number.
If I put 10, when it arrives 10 auths it starts to show that message. (And fail to
auth users)
I receive 5 or 6
On Thu, 29 Apr 2004, Alexei Vasilyev wrote:
Hello Jefferson,
Thursday, April 29, 2004, 5:34:21 PM, you wrote:
JD These messages are being loged to my Freeradius 0.9.3. Don't care what number I
put in the
JD ldap_connections_number.
JD If I put 10, when it arrives 10 auths it starts to
Hi all,
If I am not misunderstanding, RADIUS authorizes the user with password
only and not with vendor specific attribute in the packet.
If it can be done then can anyone tell me how to configure the server
for that.Here is the scenario:
I have a cisco router between user
James [EMAIL PROTECTED] wrote:
Let suppose we have two companies, A and B, with some traffic agreement.
Now, an user belonging to the network A moves into the network B.
Network B can not authenticate him, so it proxies the request to the radius
server of the network A.
That's the normal
I have noticed that during my PEAP-MS-CHAPv2
authentication that a user who's username is all capital letters in AD
can sometimes authenticate when they enter their username lowercase but
most of the time not. Is there a way in FR to allow it to try both
upper and lower case? I am guessing that I
Manjunath M Prabhu [EMAIL PROTECTED] wrote:
i am not able to get the MAC-Address in the
access-accept on a remote machine, even when i get it correctly while
running server in debug mode (where i can see the message).
i get Ascend-PW-Lifetime=-1 on my remote machine instead of
[EMAIL PROTECTED] wrote:
Then I have to use Filter-Id attribute in users file:
Filter-ID = Enterasys:Version=1:policy=nameofpolicy
Have I a VALUE to add in a dictionnary file for ATTRIBUTE Filter-Id ??
No. Read the dictionaries. It's a string attribute.
Alan DeKok.
-
List
Steve OBrien [EMAIL PROTECTED] wrote:
I have noticed that during my PEAP-MS-CHAPv2 authentication that a user
who's username is all capital letters in AD can sometimes authenticate
when they enter their username lowercase but most of the time not. Is
there a way in FR to allow it to try
Shah, Nishant B [EMAIL PROTECTED] wrote:
I have a cisco router between user sending access-request and
server. I want router to route the fax request(fax machine on the
network) by authorizing the user's request using RADIUS.
Ok... your terminology is a little wrong, which doesn't
HI All!
I'm are planing to migrate from Radiator to Freeradius, but im finding
much problems
From example:
in radiator in can have diferent querys for each realm
In one realm I only need que the username and password
---8- Pieze of RADIATOR CONFIGURATION
Howdy,
Is there an emerge/ebuild file available for Gentoo that anyone knows of?
Regards,
Clayton Dukes
CCNA, CCDA, CCNP, CCDP
Sr. Network Engineer
E Solutions Corp.
http://www.esnet.com
813.301.2620 (o)
813.545.7373 (c)
-
List info/subscribe/unsubscribe? See
Nevermind...found it :)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Clayton
Dukes
Sent: Thursday, April 29, 2004 11:21 AM
To: [EMAIL PROTECTED]
Subject: Freeradius on Gentoo
Howdy,
Is there an emerge/ebuild file available for Gentoo that anyone
Hrmphnew question...
Has anyone gotten freeradius to emerge sucessfully?
Here's what I am getting:
# emerge /usr/portage/net-dialup/freeradius-0.9.3-r1.ebuild -pv
These are the packages that I would merge, in order:
Calculating dependencies \!!! aux_get(): ebuild for
I don't think this question is suited for this list but I'll bite anyways.
# emerge -pv net-dialup/freeradius
Don't use the full path to the ebuild.
-
Nicholas G Hall
Alexssa Enterprises
mail: [EMAIL PROTECTED]
mobile: (262) 339-7348
-
Hi Kostas,
I did a:
radiusd - | grep _conn
and result in:
Thu Apr 29 13:41:30 2004 : Debug: ldap: ldap_connections_number = 600
Thu Apr 29 13:41:38 2004 : Debug: ldap_get_conn: Got Id: 0
Thu Apr 29 13:41:38 2004 : Debug: ldap_release_conn: Release Id: 0
Thu Apr 29 13:41:47 2004 : Debug:
Clayton it is gentoo policy to report all this gentoo problems to their
bugtraqing system or forums. See bugs.gentoo.org or forums.gentoo.org (and
dont post anything before searching for a similar problem first).
On Thu, 29 Apr 2004, Clayton Dukes wrote:
Hrmphnew question...
Has anyone
I actually couldn't find anything on it...but I'll take my question to the
gentoo forums -- thanks.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mihai RUSU
Sent: Thursday, April 29, 2004 12:37 PM
To: [EMAIL PROTECTED]
Subject: RE: Freeradius on
Eduard [EMAIL PROTECTED] wrote:
AuthSelect select PASSWORD, MAXUSERS \
from USERS where LOGIN='%U' and REALM ='%W'
and ACTIVEUSER=1
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, Simultaneous-Use, check
FreeRADIUS
[EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Module: Instantiated preprocess (preprocess)
radiusd.conf[502] Failed to link to module 'rlm_smartpass': file not found
You probably want to list it in the top-level Make.inc, under MODULES.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Holger Steppke [EMAIL PROTECTED]wrote:
What about adding a postproxy stage to the files module with 100% copy of
the standart
funtion just anothere filename ?
That may work. You may want to change a few more things, though,
based on testing.
Alan DeKok.
-
List
Are there any good HowTos or FAQs on how to setup FreeRadius with MySQL and
Proxy-State? I am a complete noob to Radius. We are going to start
outsourcing a lot of our dialup customers and the company we are going with
requires us to use Attribute 33 (Proxy-State). Any insight would be
Richard Marriner [EMAIL PROTECTED] wrote:
Are there any good HowTos or FAQs on how to setup FreeRadius with MySQL and
Proxy-State? I am a complete noob to Radius.
There are MySQL Howto's, but nothing for Proxy-State. You're not
supposed to do anything with it, so it can generally be
I reviewed this book in my ISPadmin column for Usenix ;login: in August,
2003. Unfortunately, the review only available to members until August,
2004 when non-members can view it. It is available here:
http://www.usenix.org/publications/login/2003-08/pdfs/haskins.pdf
But I didn't care for the
Alan DeKok [EMAIL PROTECTED] wrote:
Richard Marriner [EMAIL PROTECTED] wrote:
We are going to start outsourcing a lot of our dialup customers
and the company we are going with requires us to use Attribute 33
(Proxy-State). Any insight would be appreciated.
FreeRADIUS handles
Robert Haskins wrote:
But I didn't care for the book, I felt it basically covered only the
basics and rehashed the RFC's. But I still bought it because its the
only reference available.
Thank you, I will take this into consideration.
-
List info/subscribe/unsubscribe? See
Richard Marriner [EMAIL PROTECTED] wrote:
So this statement... P*t requires that you have attribute 33 enabled on
your RADIUS server. Is irrelevant because FreeRADIUS handles this
automatically. Correct?
Exactly. I'd say that the statement is nonsense, because all RADIUS
servers handle
Exactly. I'd say that the statement is nonsense, because all RADIUS
servers handle Proxy-State, except ones which are ~7 years old, and
never updated since then.
Thanks Alan!
Richard Marriner - [EMAIL PROTECTED]
SYIX.COM - Internet Systems Specialist
-
List info/subscribe/unsubscribe?
Hi,
Can anyone tell me how to make the reply_log log the Access-Reject as
well. Same question from previous mail that I sent out.
More questions:
1) question is on the behavior of getting user information. I have
defined files in authorize section, so the user information will be
retreived
Hi,
My module is properly mentionned Make.inc (otherwise it would have not even
been compiled), i just don't understand how a shared module is loaded by
freeradius.
I tried to set some DEBUG statements in the libltdl/ltd.c file (where the
modules seem to get loaded) but it seems that this file
I am trying to compile the PAM module pam_radius-1.3.16 on a Solaris 8 system using
GCC version 2.95.3 20010315 (release) and gmake version 3.79.1. I am getting the
following errors from gmake and have little to no clue as to how to resolve them. Any
help in either getting this to compile
FreeBSD 4.9 Using High or Extreme Security profile
Also, the machine is inaccessible from the network.
Ive read posts that suggest it is a firewall problem with bpf in
kernel config.
Anybodyseen this before??
Ernie Arellanes
-
List info/subscribe/unsubscribe? See
I'm getting some strange leading \000 in some L2tp-attributes within accounting
records like (IPs are changed):
Tunnel-Server-Endpoint:0 = \00010.11.1.1
Tunnel-Client-Endpoint:0 = \00010.1.1.1
Tunnel-Assignment-Id:0 = \0001
Tunnel-Client-Auth-Id:0 = \000lac_xyz
Hello everyone... I'm running freeradius-0.9.3 on Linux Redhat 9. The
freeradius program is working perfectly by itself, but when i try to use it
with Mysql 3.23 i get the error Could not link driver rlm_sql_mysql: file
not found. I have read suggestions all day today on how to fix this. I have
49 matches
Mail list logo