Mordechai T. Abzug wrote:
On Tue, Jun 08, 2004 at 09:20:36AM -0400, Asif Iqbal wrote:
Hi All
I am using pam_radius in Solaris 8 to allow my users login with their
radius accounts. However I would like *only* the root account to be able
to login with local unix account.
Well, what is
On Thu, Jun 10, 2004 at 02:12:52AM -0400, Asif Iqbal wrote:
I have the radius client, Solaris 8, setup like this on /etc/pam.conf
login auth required /usr/lib/security/pam_radius_auth.so.1
sshd auth required /usr/lib/security/pam_radius_auth.so.1
So when user logs in, he/she gets
--- Nagesh Boyina [EMAIL PROTECTED] wrote:
Dear Mr.Kiran,
Where can I create the usernames and passwords for
authentication in the
database.
in two two tables - radcheck and radreply
And also send example of cisco av pairs.
mysql select * from radcheck limit 1;
Try any other user than root - freebsd denies remote root login by default,
this may be your problem.
problem solved :) - thanks to Roy Hooper :)
Because FreeBSD doesn't support shadow passwords, if I remember the
code correctly, you have to comment out passwd= and shadow= to get
system password
Thank you,
I will try and let you know results I will be trying on RedHat.
Thank you,
Sathish Challa.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jawhar
TAZI
Sent: Thursday, June 10, 2004 1:31 AM
To: [EMAIL PROTECTED]
Subject: Re: EAP-TTLS :
hello
I have installed freeradius-1.0.0-pre1 + cisco 2950T + a client
windows2000SP4
I sucess to configure TTLS and PEAP
but I have a question :
can I, on the radius server, not permit the fast connect option ?
bye
--
Dominique Dalponte
Utbm, Centre de Ressource en informatique
Hello,
Can you please tell us how you did configure Freeradius to use peap ? What
changes did you maje tp eap.conf ? And in the client plateforme ?
It woud be nice of you to attach us your config files.
Merci
_
MSN Search, le moteur
Hi, I'm working on a software that shall use PEAPv0 to communicate
with a radius server, in my case freeradius. Which version of freeradius
should I use, 0.8.1, 0.9.3, 1.0.0pre1? Is the PEAP implementation
stable enough or should I use a different server?
TIA and best regards, Axel
-
List
On Thu, Jun 10, 2004 at 03:12:23PM +0400, Victor Belous wrote:
I was trying to install freeradius-1.0.0-pre1 and get the error messages
gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5
-Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align
hi all,
i have installed freeradius-1.0.0-pre1.
when i start the radius server using radiusd -x i get the following error
Starting - reading configuration files ...
Unable to open file DIR/radiusd.conf: No such file or directory
Errors reading radiusd.conf
the radiusd.conf is in
Hi,
Does anybody know how I can add NAS-ID instead of
NAS-IP Address for identification?
In other words if NAS-ID and secret matches then its
as good as matching NAS-IP Address and secret.
Thanks.
With regards,
Prabh
__
Clients aren't matched on any attributes (such as NAS-IP-Address).
They're matched on the source IP address of the RADIUS packet.
--Mike
On Thu, 2004-06-10 at 07:49, Prabhdeep wrote:
Hi,
Does anybody know how I can add NAS-ID instead of
NAS-IP Address for identification?
In other words
Hello, freeradius-users.
Is there some way to use CLID (Calling-Station-Id attribute) to determine wich
server to proxy access-request to?
Do not ask why not using realms. We do use realms too.
But the only way to validate that the user comes from our network is to check
his CLID. Because
Why can't I do this:
exec myscript {
program = '/path/to/myscript.sh %{Packet-Type}'
...
}
The first argument presented to the script is null :-/. I'm running FR
0.9.3.
josh.
--
---
Josh Howlett, Networking
Hello,
My overall plan is to authenticate from my Draytek 2600W ADSL router to a RSA
ACE/Server which provides one-time passwords using a hardware SecurID keyfob.
The RSA ACE/Server supports authentication via SecurID (UDP/5500) or via RADIUS, but
the RADIUS server only supports PAP and EAP
how do i adjust certs.sh to run in freebsd? since openssl is already
installed and i dont have a /usr/local/ssl directory. ive just edited
certs.sh openssl location from /bin/openssl to /usr/bin/openssl and
SSL=/usr/local/ssl to SSL=/usr/src/crypto/openssl/ssl but no luck.
thanks.
-
List
Since you didn't post your radiusd.conf, I'm going to have to assume
based on your output that your preprocess line in the authorize
section is *after* your files line. Why did you do this? This is not
the default. The preprocess module is first for a reason (also why it's
called *pre*process.
Asif Iqbal [EMAIL PROTECTED] wrote:
Can you please help? I am really looking for a solution/tip to allow
root skip the radius authentication while force other users to go
through this auth
It's a PAM question, and has nothing to do with RADIUS.
Alan DeKok.
-
List
Victor Belous [EMAIL PROTECTED] wrote:
I was trying to install freeradius-1.0.0-pre1 and get the error messages
...
../include/md4.h:72: parse error before u_int32_t
It's fixed, and will be in 1.0.0-pre2, probably tomorrow.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
[EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
can I, on the radius server, not permit the fast connect option ?
FreeRADIUS doesn't support fast reconnect.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Josh Howlett [EMAIL PROTECTED] wrote:
exec myscript {
program = '/path/to/myscript.sh %{Packet-Type}'
...
}
The first argument presented to the script is null :-/. I'm running FR
0.9.3.
I'm not sure that's supported in 0.9.3.
Alan DeKok.
-
List
On Thu, 2004-06-10 at 15:52, Alan DeKok wrote:
Josh Howlett [EMAIL PROTECTED] wrote:
exec myscript {
program = '/path/to/myscript.sh %{Packet-Type}'
...
}
The first argument presented to the script is null :-/. I'm running FR
0.9.3.
I'm not sure that's supported in
hi all,
i have installed freeradius-1.0.0-pre1.
when i start the radius server using radiusd -x i get the following error
Starting - reading configuration files ...
Unable to open file DIR/radiusd.conf: No such file or directory
Errors reading radiusd.conf
the radiusd.conf is in
Josh Howlett [EMAIL PROTECTED] wrote:
I saw this and assumed it was...
http://lists.cistron.nl/pipermail/freeradius-devel/2003-September/006023.html
That's September. 0.9.3 was from the 0.9 branch, which was forked
in June.
Should I try FR 1.0?
Yes. Try 1.0.0-pre2, which I'm hoping
Jon Bebeau [EMAIL PROTECTED] wrote:
I'm searching for a flexible, open Radius for a Windows (2003 server) to
run Ascend MAX-TXT RAS boxes. It's a small implementation with 2-4048s
and maybe 100 users. I'd like to position to authenticate WLAN uses and
have the user data in MS/SQL on
Alan DeKok wrote:
Asif Iqbal [EMAIL PROTECTED] wrote:
Can you please help? I am really looking for a solution/tip to allow
root skip the radius authentication while force other users to go
through this auth
It's a PAM question, and has nothing to do with RADIUS.
Alan DeKok.
Hi
hello the team
thank for your differents answers, after some searchs, I found that fast
connect is a way to speed up the connexion between the server an the client ; I
found this in microsoft :
PEAP Fast Reconnect
You can also use PEAP to quickly resume a TLS session. If PEAP Part 2 is
eturns ok for request 27
Thu Jun 10 10:57:34 2004 : Debug: modsingle[authorize]: calling auth_log
(rlm_detail) for request 27
Thu Jun 10 10:57:34 2004 : Debug: radius_xlat:
'/usr/local/radius/var/log/radius/radacct/192.168.1.1/auth-detail-20040610'
Thu Jun 10 10:57:34 2004 : Debug: rlm_detail:
H.. You are right. I don't know why i cahnged that.
I've been stearinf at it for 2 hours. Sometimes it's hard to spot own mistakes :-)
Thanx
Paul
Michael Griego wrote:
Since you didn't post your radiusd.conf, I'm going to have to assume
based on your output that your preprocess line in
Asif Iqbal [EMAIL PROTECTED] wrote:
Is there a mailing list that discusses about pam_radius?
This list.
But your question was how to get PAM to NOT call pam_radius. That
question has nothing to do with pam_radius, and nothing to do with
RADIUS. It's a simple PAM question.
The question
Bragg Mario-mbragg1 [EMAIL PROTECTED] wrote:
I am unable to get PEAP working with WinXP (using MSChapV2) on my
wireless network. I am using Freeradius Version 1.0.0-pre1. For
authentication I am using etc_smbpassword.
Ok...
I saw an earlier message in the archive stating that MSChap wasn't
I just setup a Global pops account and I'm not sure how to get the
Slipstream attribute into freeradius.
This is the directions I got from globalpops
This is a vendor specific attribute we numbered as 7000. The attribute is
Slipstream-Auth 1 string.
The value must be set as true.
Has
- Original Message -
From: Manjunath M Prabhu [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, June 10, 2004 2:31 PM
Subject: radiusd -x gives error
hi all,
i have installed freeradius-1.0.0-pre1.
when i start the radius server using radiusd -x i get the following error
- Original Message -
From: Michael Griego [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, June 10, 2004 2:52 PM
Subject: Re: NAS Id and clients.conf
Clients aren't matched on any attributes (such as NAS-IP-Address).
They're matched on the source IP address of the RADIUS
i have made the change in the /sbin/rc.radiusd file
now i try again with radiusd -x but still get the same error.
do i have to change someother script or path variable...if so please tell me
which one??
regards,
manjunath
-Original Message-
From: Milver S. Nisay [mailto:[EMAIL
Tuc [EMAIL PROTECTED] wrote:
We've started to see things like :
Mon Jun 7 11:00:13 2004 : Info: The maximum number of threads (32) are active,
cannot spawn new thread to handle request
Mon Jun 7 11:00:14 2004 : Error: Dropping packet from client L3-LasVegas:58096 -
ID:
220 due
Try using -d option.
For example,
Radiusd -X -d /usr/local/etc/raddb
Or just reconfigure with the right path.
Htin
-Original Message-
From: [EMAIL PROTECTED] [mailto:freeradius-
[EMAIL PROTECTED] On Behalf Of Manjunath M Prabhu
Sent: Thursday, June 10, 2004 8:52 AM
To: '[EMAIL
- Original Message -
From: Simon Bond [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, June 10, 2004 3:17 PM
Subject: Proxying MS-CHAP request to a PAP RADIUS server. 0.9.3
Hello,
My overall plan is to authenticate from my Draytek 2600W ADSL router to a
RSA ACE/Server which
- Original Message -
From: Manjunath M Prabhu [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, June 10, 2004 5:51 PM
Subject: RE: radiusd -x gives error
i have made the change in the /sbin/rc.radiusd file
Try this:
# radiusd -d yourraddbdir
You'll have to know how the
Veerabhushan Hatte [EMAIL PROTECTED] wrote:
Does freeRADIUS running on Linux box works with WINDOWS systems using
MSCHAP V2?
Using PEAP, which has support for tunneled EAP-MSCHAPv2.
Is there any place to find vendors suuported by freeRADIUS?
FreeRADIUS supports all vendors which
Tuc [EMAIL PROTECTED] wrote:
When it starts to chew CPU, I see alot of :
poll(0x81c7c00,0x3,0x0) = 0 (0x0)
gettimeofday(0xbfbfeabc,0x0) = 0 (0x0)
...
Does this seem odd?
Yes. It looks like the main loop which reads requests is
Hello Kostas,
ia have installed freeradius 1.0, ia have tried to
configure failover with ippool, to asign IPs from
two
Pools. I have configure the users:
userUser-Password == password, Pool-
Name := PoolA
Service-Type = Framed-User,
Framed-Protocol = PPP,
Tuc [EMAIL PROTECTED] wrote:
BEGIN failed--compilation aborted at /usr/local/radius/etc/raddb/scripts/login.p
l line 15.
Could this be related to the Perl issue your seeing in GNA?
I'm not sure what you mean by that.
Sorry, faded out there for a second. This was
If there is someone out there with the time and the inclination, I would appreciate
some help getting freeRadius 0.9.2 up and running on a Solaris 2.7 platform.
Please drop me a line off list if you can help.
Thanks.
--
Clint Hauser
ATT/Merrill Lynch
-
List info/subscribe/unsubscribe? See
Hauser, Dewitt C, IV (Clint), WCS [EMAIL PROTECTED] wrote:
If there is someone out there with the time and the inclination, I would
appreciate some help getting freeRadius 0.9.2 up and running on a
Solaris 2.7 platform.
FreeRADIUS 0.9.3 has some issues on Solaris, and on 64-bit platforms.
Tuc [EMAIL PROTECTED] wrote:
Still, is there something if I do run the debug mode again that
we need to look for about these threads that seem to get used up, or
unresponsive children?
Look for pauses. If a thread is dead, that means it's blocking for
more than 5 seconds. If you run
I've recently installed freeradius-1.0.0-pre1
and need to configure it to support authentication
for users of Baystack 450's and other Baystack
devices.
It is planned to run on the same servers as tacacs,
and I'd like to authenticate against the passwd/shadow
files. Is this doable? If so, I need
yup.thanx a lot it works!!
giving the path works perfectly fine even if i messed up the paths while
./configure
thanx,
regards,
manjunath
-Original Message-
From: Thor Spruyt [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 10, 2004 9:33 PM
To: [EMAIL PROTECTED]
Subject: Re:
Hi,
every body i am newly joinded in group.
Now i want to setup Radius server with EAP_TLS.
for that i downloaded openssl-0.9.7-stable-SNAP-20040609.t...
it is compiled and installed successfully and i created certificates
also. after this i downloaded freeradius-0.8.1.tar.gz and
Hello,
I am testing the pre version 1.0 release and get this error whenever I
receive an account record. We proxy accounting records to another server
to be logged and processed:
realm NULL {
type= radius
authhost= LOCAL
accthost=
50 matches
Mail list logo