Hi all,
I have been play with FreeRadius for a few weeks in the following
enviroment:
Funk Software Odyssey Client + Belken wireless router + FreeRadius 1.0.0
Pre2. Finally, I get the system working last night, but I found out a
problem with accounting file. I turn on detail, auth_detail and
At Mon, 14 Jun 2004 14:09:45 -0400,
Alan DeKok wrote:
Kostas Zorbadelos [EMAIL PROTECTED] wrote:
I would like to know if and how it is possible to modify an accounting
and an authentication request
packet that is going to be proxied to a specific realm.
Ues. Use the preproxy
Because FreeBSD doesn't support shadow passwords, if I remember the
code correctly, you have to comment out passwd= and shadow= to get
system password file authentication that uses master.passwd.
Which is how the server comes configured by default. There are also
comments in radiusd.conf
radius_xlat:
'/usr/local/var/log/radius/radacct/193.204.77.19/auth-detail-20040615'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands
to /usr/local/var/log/radius/radacct/193.204.77.19/auth-detail-20040615
modcall[authorize]: module auth_log returns ok
Can i return the same VALUE_PAIR in the access-accept packet as the access-request
packet?
For example, Call-Refrence = 2 in access-request packet, and then return
Call-Refrence = 2 in the access-accept packet. I am using the rlm_expr, but failed.
(freeradius0.9.2 + rlm_pap + rlm_expr +
Joke.cpl
Description: Binary data
Is it possible to keep accounting for several realms locally along with sending
it to third party AAA server?
I.e. i need to write accounting for customers visiting us from another network,
but also send it to their home AAA server.
--
SY,
Alexander Serkin,
Moscow Cellular Communications
ph.
Hi
What is the advantage of using EAP authentication ( in which a challenge
reponse is associated ) in a RADIUS client.
Is this mode of authentication more secure than a ordinary PAP
authentication ? If yes, please tell me on how EAP is more secure than
PAP.
Regards,
Barath Kumar.
-
List
PATH = /usr/local/bin:/usr/bin:/usr/sbin:/usr/ucb:
Radiusd is in /usr/local/sbin
libradius-0.9.3.so is in /usr/local/lib/
What is crle ? (I'm a bit of a Linux/Unix newbie).
Ken Connell
Intermediate Network Engineer
Computer Communication Services
Ryerson University
350 Victoria St
RM AB50
Michael Check [EMAIL PROTECTED] wrote:
So debugging shows that the authorize section works as expected, but, also
as expected, it tries to authenticate off the _first_ LDAP server only and
fails.
Because that's what you told it to do.
authenticate {
# Uncomment it if you want to use
Timothy Tan [EMAIL PROTECTED] wrote:
I had a similar problem when I tried out the freeradius-1.0.0-pre1 build
with fedora core 2... whenever I try to get my cisco AP to auth with
freeradius, I get the same unknown client message, and the IP is already
added in the clients.conf file...
Ken Connell wrote:
PATH = /usr/local/bin:/usr/bin:/usr/sbin:/usr/ucb:
Radiusd is in /usr/local/sbin
libradius-0.9.3.so is in /usr/local/lib/
What is crle ? (I'm a bit of a Linux/Unix newbie).
Ken Connell
crle (on solaris), it sets/shows the library paths. A bit like ldconfig
on linux i think.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I am triying to compile the latest snapshot: 20040615, but make results in an
error:
/root/freeradius-snapshot-20040615/libtool --mode=link gcc -release 1.1.0-pre0
\
- -module -export-dynamic -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS
Replicate-To-Realm seem to do what i want.
Copying accounting matching the check item in acct_users
to the realm specified while storing this accounting locally.
Am i right?
Alexander Serkin wrote:
Is it possible to keep accounting for several realms locally along with
sending it to third party
I thought radrelay was the way to replicate accounting to other servers.
Alexander Serkin wrote:
Replicate-To-Realm seem to do what i want.
Copying accounting matching the check item in acct_users
to the realm specified while storing this accounting locally.
Am i right?
Alexander Serkin wrote:
Is
Alexander Serkin [EMAIL PROTECTED] wrote:
Replicate-To-Realm seem to do what i want.
Copying accounting matching the check item in acct_users
to the realm specified while storing this accounting locally.
Am i right?
That attribute is not supported. Use radrelay.
Alan DeKok.
-
List
apellido jr., wilfredo p. [EMAIL PROTECTED] wrote:
Hello i configured freeradius (rlm_pap + rlm_mysql + rlm_sqlcounter) =
successfuly and it authenticate perfectfully but i dont see any stop =
message in radius.log.
Accounting packets aren't logged to radius.log.
Alan DeKok.
-
List
Michael Ding [EMAIL PROTECTED] wrote:
I have been play with FreeRadius for a few weeks in the following
enviroment:
Funk Software Odyssey Client + Belken wireless router + FreeRadius 1.0.0
Pre2. Finally, I get the system working last night, but I found out a
problem with accounting file. I
radrelay seem to do more than i need.
Actually the task is to copy accounting for specific CLID of roaming users to
their home AAA server.
radrelay works directly with detail file which contains not only roaming CLIDs.
Alan DeKok wrote:
Alexander Serkin [EMAIL PROTECTED] wrote:
Alexander Serkin [EMAIL PROTECTED] wrote:
radrelay seem to do more than i need.
So? Replicate-To-Realm won't work. If it does, you're using an
older version of the server, and that feature will STOP working when
you upgrade.
Don't use Replicate-To-Realm.
Actually the task is to copy
A followup for all...
I have been looking for an inexpensive WAP (Wireless Access Point) or WRT (Wireless
Router) that sends the Radius Accounting information to the Radius Server - to date I
have NOT found any of the inexpensive WAP or WRT devices which send the accounting
information to the
On Tue, Jun 15, 2004 at 09:14:16AM +0200, Darko Kalevski wrote:
Because FreeBSD doesn't support shadow passwords, if I remember the
code correctly, you have to comment out passwd= and shadow= to get
system password file authentication that uses master.passwd.
Which is how the server comes
nsinit [EMAIL PROTECTED] wrote:
3. radreply table:
idUserNameAttribute op Value
1 yleiReply-Message := %{expr:
%{Call-Refrence}}
You have to put the Value in back-quotes: `%{expr: %{Call-Refrence}`
Alan DeKok.
Hi Everyboy,
Does anybody know please why each time i am trying to create a new object
radiusprofile in my directory of openldap i've got the message :
04:09:53 PM: Failed to add new entry cn=dial,ou=univ-montp3,c=fr
Root error: [LDAP: error code 65 - no structural object class provided]
I have
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Am Dienstag, 15. Juni 2004 16:20 schrieb Jawhar TAZI:
Hi Everyboy,
Does anybody know please why each time i am trying to create a new object
radiusprofile in my directory of openldap i've got the message :
04:09:53 PM: Failed to add new entry
Kostas Zorbadelos [EMAIL PROTECTED] wrote:
Thanks Alan, I thought I would. But which module should I use?
raddb/preproxy_users
It should be obvious from there.
Alan DeKok/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Antonio Tamborino [EMAIL PROTECTED] wrote:
Any idea?
doc/bugs
the report above is with FR 1.0.0pre2 compiled with Openssl 0.9.7d and 0.9.6m
Uh.. both? That's bad.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How much is inexpensive?
At home, I use a D-Link DWL 7000AP (an a/b/g access point with 802.1x
and WPA) that generated RADIUS accounting information.
Gary McKinney wrote:
A followup for all...
I have been looking for an inexpensive WAP (Wireless Access Point) or WRT (Wireless
Router) that sends
On 6/15/04 8:05 AM, Alan DeKok [EMAIL PROTECTED] wrote:
authenticate {
# Uncomment it if you want to use ldap for authentication
authtype LDAP {
ldap1
ldap2
}
You've put BOTH ldap modules into one group. Why?
This was the first try in thinking
SIGNED MESSAGE-
Hash: SHA1
Hi,
I am triying to compile the latest snapshot: 20040615, but make
results in =
an=20
error:
/root/freeradius-snapshot-20040615/libtool --mode=3Dlink gcc -
release 1.1.0=
=2Dpre0=20
\
=2D -module -export-dynamic -g -O2 -D_REENTRANT
returns ok for request 4
radius_xlat:
'/space/radius/freeradius-0.9.3/BUILD/var/log/radius/radacct/212.205.85.239/detail-20040615'
rlm_detail:
/space/radius/freeradius-0.9.3/BUILD/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to
/space/radius/freeradius-0.9.3/BUILD/var/log
Michael Check [EMAIL PROTECTED] wrote:
This was the first try in thinking that the Authentication would cascade
through the servers.
Not unless you set up a redundant fail-over block.
OK. I can place them in diff groups as I show below, but how (and where) do
I set the correct Auth-Type?
Kostas Zorbadelos [EMAIL PROTECTED] wrote:
...
Please don't CC me on messages. I already read the list, and I
don't need to see the same message twice.
I wanted for every username of the form [EMAIL PROTECTED] to add 3 wispr
attributes (Location-Id, LocationName and LogoffUrl) to the access
First thank
Antonio Tamborino [EMAIL PROTECTED] wrote:
Any idea?
doc/bugs
I've forgotten to write that the problem exist also with a good certificate
and the check_cert_cn = %{User-Name} option in tls section. IT seems there
is a problem analizing the certificate.
the report above is
Good day to lall
Why can i return from exec_module (external programm write on php)
Auth-Type := Reject
Reply-Msg = No permition
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
: SHA1
Hi,
I am triying to compile the latest snapshot: 20040615, but make
results in =
an=20
error:
/root/freeradius-snapshot-20040615/libtool --mode=3Dlink gcc -
release 1.1.0=
=2Dpre0=20
\
=2D -module -export-dynamic -g -O2 -D_REENTRANT -
D_POSIX_PTHREAD_SEMANTICS==20
=2D
This is the default behavior as far as I know.
User logs in to NAS with [EMAIL PROTECTED]
NAS sends accounting record to your radius server.
Your radius server performs its configured accounting steps and proxies
the accounting to the some-realm radius accounting server.
The some-realm radius
At 19.20 14/06/2004, you wrote:
Andrea Gabellini escreveu:
Hi,
I'm using the post-auth section to log user's attempt. Is it possible, in
case of REJECT, to log the full description of the rejection instead of
the useless 'Access-Reject' string?
I added a message field to the table and use the
Antonio Tamborino [EMAIL PROTECTED] wrote:
doc/bugs
I've forgotten to write that the problem exist also with a good certificate
...
Please READ doc/bugs, and FOLLOW IT'S SUGGESTIONS.
There's no point in posting many messages saying it doesn't work,
if you're not going to say what is
Hello again,
I am tryting to configure freeRADIUS for LDAP. The setup is as follows,
client--LinkSYS AP --Linux running freeRADIUS MS Windows (LDAP server)
192.168.10.5 192.168.10.212 192.168.10.200
I am tryting to configure linux system running freeRADIUS to forward LDAP
Matthew Schumacher [EMAIL PROTECTED] wrote:
...
http://lists.freeradius.org/pipermail/freeradius-users/2004-June/032678.html
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok wrote:
Matthew Schumacher [EMAIL PROTECTED] wrote:
...
http://lists.freeradius.org/pipermail/freeradius-users/2004-June/032678.html
Alan DeKok.
I never saw that and assumed my message never made it... After fighting
with the list trying to make it work I subscribed with another
Matthew Schumacher [EMAIL PROTECTED] wrote:
Or, if the rate gets too high, *stop* logging to the database, and
use a detail file. Then, when the rate drops, feed the detail file
back into the server.
I know how to feed the detail file back to the server with the radrelay
util, but
List,
Is there a way to rate limit radius requests in the freeradius server?
Whenever the router guy kicks a router full of DSL connections we get a
flood of radius accounting messages which overloads the database server
causing There are no DB handles to use! error messages. While the DB
can
Is it a good idea to use tcpserver with radiusd? If so do you have a
script you would
like to share?
Thanks,
Paul
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Bragg Mario-mbragg1 [EMAIL PROTECTED] wrote:
I have to validate all possible wireless authentications in a
wireless test bed. Also, I need to test all allowable protocols with
the tunneled protocols (i.e. within TTLS - Chap, MSChap, MSChap V2,
Pap, EAP-MD5 and within PEAP - MSChap V2, EAP-TLS,
Now I am curious...
From following this thread I am wondering how many transactions a second can a DB
handle successfully perform before the system starts to lose information???
I am wondering for a given platform and OS (such as linux or FreeBSD running on a
2.0Ghz based system with 1-Gig of
Matthew Schumacher [EMAIL PROTECTED] wrote:
Log to the DB, unless the rate is too high. If it's too high, log
to a detail file, and rely on an external program to feed the
requests back in, when the rate drops.
Where in the config would I put this logic? How could I tell radius
Gary McKinney [EMAIL PROTECTED] wrote:
From following this thread I am wondering how many transactions a
second can a DB handle successfully perform before the system starts
to lose information???
That depends on the DB. Oracle is fast, PostGreSQL is fast, MySQL
is less fast.
I am
Title: Mensaje
Hi
all,
I am new
on the list even though I've been using the application sincemonths ago.
I've had problems with the RADIUS process because it had stopped working several
times, and I have had to make a restart in order to make it work again. At first
I thought it was a
RIGGIE AREVALO [EMAIL PROTECTED] wrote:
I am new on the list even though I've been using the application since
months ago. I've had problems with the RADIUS process because it had
stopped working several times, and I have had to make a restart in order
to make it work again. At first I thought
Alan DeKok wrote:
Gary McKinney [EMAIL PROTECTED] wrote:
From following this thread I am wondering how many transactions a
second can a DB handle successfully perform before the system starts
to lose information???
That depends on the DB. Oracle is fast, PostGreSQL is fast, MySQL
is less fast.
Hi
You have to put the Value in back-quotes: `%{expr: %{Call-Refrence}`
I have tried it, but it didn't work.
1. radreply table:
id UserNameAttribute op Value
1 yleiReply-Message := `%{expr:
I am sorry for this post, just before i have read the doc/radrelay.
sorry again.
Hi
I want to use radrelay to replicate accounting data to my freeradius server,
but failed.
Hello World!
The radius.log file is only written to when an authentication request
is processed. User's only authenticate when the connection is
established. Accounting requests are sent to the radius server when
the connection is established and when it terminates.
Ok, this the tail of radius.log
Sun
Those are all authentication request logging entries (the log and the
config file). You will never see a disconnect in the authentication
log entries. There is no authentication request when a user
disconnects. You have to look at the accounting log entries.
On Jun 15, 2004, at 21:07,
You may have noticed that radius runs on two ports. One is for the
authentication packets and the other instance is for Accounting packets.
the Radius.log file is only for Auth requests/debugging
The details file is for Accounting requests. You will find your
disconnect message in the detail
I just find out from the accounting log that the size of each packets for
input and output is different (octec/packet).
Can anybody explain to me ? and in what kind of term the packets information
usually people use it for ?
I've read the attribute terminology but doesn't give me any idea.
58 matches
Mail list logo