Hello again.
While replicating accounting info to secondary server with radrelay i see the
following message in radius.log:
Thu Sep 30 10:48:51 2004 : Error: rlm_detail: Failed to aquire filelock for
/opt/fr/radacct/detail, giving up
Does it mean that i'm losing some accounting records when
ok, thanks for the input.
So, what can someone suggest what configuration should i add only for
such a case: if sql1 is down then go and search for the user to sql2?
Edgars
Alan DeKok wrote:
Cris Boisvert [EMAIL PROTECTED] wrote:
$INCLUDE ${confdir}/sql.conf
$INCLUDE ${confdir}/sql2.conf
for me Max-Daily-Session and Max-Monthly-Session acts as simple
Session-Timeout (someone has got them to work as they are made for?),
but Max-All-Session works as it should.
Edgars
Alan DeKok wrote:
[EMAIL PROTECTED] wrote:
Processing the autenticate section of radiusd.conf
modcall: entering
Problem is solved. It's the problem with the shared library include.
Thanks,
lara
Alan DeKok [EMAIL PROTECTED] wrote:
Lara Adianto <[EMAIL PROTECTED]>wrote: Anyway, I've tried using freeradius-1.0.1 like what you have suggested, this time it complained about openssl/des.h: Making static dynamic
Dear List,
Following is my configuration:
freeRadius ver: 0.9.3
OS: debian woody
NAS: (Total control) USRHiper
My users file has a block for default user
DEFAULT Auth-Type := Accept, Simultaneous-Use := 1
Exec-Program-Wait = my_radius_auth_check -t auth,
Framed-IP-Address =
Hi all,
I have a problem with rlm_eap_tls. The radius server doesn't seem to accept the access request from the access point, though the log file in the access point indicates that it has indeed sent an access request.
First of all,
$ldd radiusd libcrypt.so.1 = /lib/libcrypt.so.1 (0x4001b000)
Hello,
this topic is maybe some OT, but I assume that some of you are
familiar with Cisco's SSG feature and maybe could help me and answer
for some key questions. We are preparing network configuration which
core is based on FreeRADIUS (1.0) and Cisco 2651 router (IOS
12.3(8)). Our main
I've found my pb and solve it :)
In your example you have this line :
sqlmod-inst = sql
So in my config I've a redundant {} group between two mysql server
I changed the sql to sql1 (which is one module of redundant group) and
it works perfectly
I've tried to chanque again sql1 to redundant for
I want to know if freeradius v 1.0.0 need some millisecond to
send an access-accept message by default.
I have a script that needs only 67 ms and when i run it
in Radius client test , i see that do more than 500ms to send me an
access-accept message! Does anyone know if needs some ms to
hi there!
i just installed freeradius-1.0.1 (not from pkgsrc) for the first time
on a netbsd-1.6.2 box, and took my first steps in figuring out, how to
configure radiusd to let it talk to a ldap-db. well, i was not very
successful so far. radiusd stops before talking to the ldap-server with
Hi,
I've put in the radgroupreply table (mysql) some reply item like
idle-timeout. But in the radius accept response there is none of those
items.
If I put those same items on the radreply itworks.
So anyone any idea ?
-
List info/subscribe/unsubscribe? See
On Thu, 30 Sep 2004, EROS wrote:
Hi,
I've put in the radgroupreply table (mysql) some reply item like
idle-timeout. But in the radius accept response there is none of those
items.
If I put those same items on the radreply itworks.
So anyone any idea ?
Have you also configured group
hi again!
that seems to be a netbsd specific problem. tried the same radiusd.conf
with a 'out-of-the-ports' freeradius-1.0.1 on a freebsd system: works
fine...
any clue anyone?
greetinx
thomas
thomas fritz wrote:
hi there!
i just installed freeradius-1.0.1 (not from pkgsrc) for the first time
Hello,
We are using 802.1x authentication based on EAP-TLS
(with FreeRadius 1.0.0).
Is it possible to authenticate the users checking the
Certificate Subject (or other Certificate fields), instead of the
Common Name?
Can we redirect the authentication to an external radius
server upon the
On Thu, 30 Sep 2004, thomas fritz wrote:
hi again!
that seems to be a netbsd specific problem. tried the same radiusd.conf
with a 'out-of-the-ports' freeradius-1.0.1 on a freebsd system: works
fine...
any clue anyone?
Check that you have pthreads and they work correctly (the library file
Yes I have it
I have the user test001 with group1 in usergroup
And group1 Idle-Timeout = 600 in radgroupreply
I have some items in radreply for this user but none about idle-timeout
So...
-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la part de
Kostas
On Thu, 30 Sep 2004, EROS wrote:
Yes I have it
I have the user test001 with group1 in usergroup
And group1 Idle-Timeout = 600 in radgroupreply
I have some items in radreply for this user but none about idle-timeout
So...
...so run the server in debug to see what happens
On Thu, 30 Sep 2004, Edgars wrote:
ok, thanks for the input.
So, what can someone suggest what configuration should i add only for
such a case: if sql1 is down then go and search for the user to sql2?
Your question has already been answered. Just replace accounting with authorize.
authorize{
On Wed, 29 Sep 2004, Andrew Werbowy wrote:
Do I have to do this to all users?
I thought that LDAP server would give me a password.
Please read doc/rlm_ldap about how to configure the ldap module to extract user
passwords.
[EMAIL PROTECTED] 09/29/04 4:04 PM
Andrew Werbowy [EMAIL
On Thu, 30 Sep 2004, Alexander Serkin wrote:
Hello again.
While replicating accounting info to secondary server with radrelay i see the
following message in radius.log:
Thu Sep 30 10:48:51 2004 : Error: rlm_detail: Failed to aquire filelock for
/opt/fr/radacct/detail, giving up
Does it
Hello everybody,
I wanted to only use nas table in the database in lieu of clients.conf, so,
I comment out the line in radiusd.conf :
#$include ...clients.conf
The server says nothing when it starts but it doesn't run
Do I make a mistake ?
Jean Frontin
System team
I R I T
Université
yep, that was it!
thx for the help!
greetinx
thomas
Kostas Kalevras wrote:
On Thu, 30 Sep 2004, thomas fritz wrote:
hi again!
that seems to be a netbsd specific problem. tried the same radiusd.conf
with a 'out-of-the-ports' freeradius-1.0.1 on a freebsd system: works
fine...
any clue anyone?
Josh Howlett [EMAIL PROTECTED] wrote:
I understand that I can use attr_rewrite in the preacct section to set
Acct-Type. How do I define the 'handled' sub-section that does nothing?
See doc/configurable_failover for an example of a handled module.
Then, in accounting, do:
accounting {
Lara Adianto [EMAIL PROTECTED] wrote:
I have a problem with rlm_eap_tls. The radius server doesn't seem to
accept the access request from the access point, though the log file
in the access point indicates that it has indeed sent an access
request.
I have no idea why you're looking in the
You must have in your nas table the nas-user (IP,type etc) and in
clients.conf you must have it like this
client 194.219.120.83 {
secret = ugabuga
shortname = GNUGK
nastype = cisco
}
the radiusd.conf need to include the client.conf
Kyriaki Gali,
IT Applications
thomas fritz [EMAIL PROTECTED] wrote:
/usr/local/lib/rlm_ldap-1.0.1.so: Undefined PLT symbol
pthread_mutex_trylock (reloc type = 7, symnum = 91)
i am really new to freeradius, and would appreciate it a lot, if someone
could point me in the right direction for solving this problem.
$
it's preferable to use the integer values instead of ASCII strings.
So for the switching VLAN, I create a local VLAN on Cisco
Aironet with a
speficied SSID. The user configuration questions this SSID
and according to
the user, this one is switched in the VLAN defines in
configuration file.
hello,
I am trying to set a attribute in authorize_check_query to be passed to
authorize_reply_query. authorize_check_query returns:
0 | my_username | Auth-Data | my_value | :=
but when I try to use %{check:Auth-Data} in authorize_reply_query I get
no value.
I have tested my configuration
Hi,
Are there any MS-CHAP howtos out there?
This is what I get and cannot pass this issue:
Any ideas?
Nothing to do. Sleeping until we see a request.rad_recv: Access-Request packet from host 1.155.6.61:32781, id=124, length=139 Service-Type = Framed-User Framed-Protocol = PPP User-Name =
On Thu, 30 Sep 2004, Andrew Werbowy wrote:
Hi,
Are there any MS-CHAP howtos out there?
No, but the same question is posted each day in the users list. Check
doc/rlm_ldap on how to configure rlm_ldap to extract user passwords.
This is what I get and cannot pass this issue:
Any ideas?
nAndrew Werbowy [EMAIL PROTECTED] wrote:
Are there any MS-CHAP howtos out there?
No. If you configure a user clear-text password for that user,
then MS-CHAP will work.
This is what I get and cannot pass this issue:
Any ideas?
Try the users file example I posted yesterday.
i.e. Stop
I did setup what you send me earlier and it does work.
As soon as we try to do connect via wireless windows laptop
(uses MS-CHAP) it does not work.
Looks like LDAP password is in clear text and MS-CHAP encrypted
and Radius cannot compare the two. [EMAIL PROTECTED] 9/30/2004 11:44:01 AM
Andrew Werbowy [EMAIL PROTECTED] wrote:
I did setup what you send me earlier and it does work.
Ok...
As soon as we try to do connect via wireless windows laptop
(uses MS-CHAP) it does not work.
Can you post the *complete* debug log? So far, you've been posting
the final reject message.
Hi,
I am trying to get Radiator to authenticate against LDAP and Open
Directory on an OS X server. Here's what my config file looks like at
this point.
# opendirectory.cfg
#
# Example Radiator configuration file.
# This very simple file will allow you to get started with
# OpenDirectory LDAP.
here it is. Top part is startup in debug mode and below actual MS-CHAP login attempt:
[EMAIL PROTECTED] raddb]# /usr/local/sbin/radiusd -X -AStarting - reading configuration files ...reread_config: reading radiusd.confConfig: including file: /usr/local/etc/raddb/proxy.confConfig: including
Hello.
I am looking to use rlm_ippool to manage my users IPs. The setup we have
here is kind of unique and wondering if rlm_ippool can accomplish what I
need to do.
We will have a block of say /18 assigned to a particular NAS. During the
radius authentication, we will need to send back two
Philip Ershler [EMAIL PROTECTED] wrote:
I am trying to get Radiator to ...
Please un-subscribe from this list. It is not a RADIATOR list.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Andrew Werbowy [EMAIL PROTECTED] wrote:
here it is. Top part is startup in debug mode and below actual MS-CHAP
login attempt:
...
rlm_ldap: performing user authorization for tor_sysop_2
radius_xlat: '(uid=tor_sysop_2)'
radius_xlat: 'o=cbcsrc'
rlm_ldap: ldap_get_conn: Checking Id: 0
I truly apologize. I am subscribed to both lists and accidently picked
up the wrong address.
Sorry to bug everybody,
Phil
On Sep 30, 2004, at 11:04 AM, Alan DeKok wrote:
Philip Ershler [EMAIL PROTECTED] wrote:
I am trying to get Radiator to ...
Please un-subscribe from this list. It is not a
Dustin Doris [EMAIL PROTECTED] wrote:
We will have a block of say /18 assigned to a particular NAS. During the
radius authentication, we will need to send back two radius attributes of
Framed-IP-Address and Framed-IP-Netmask. However, the Framed-IP-Address
that we need to send back will be
Dustin Doris [EMAIL PROTECTED] wrote:
We will have a block of say /18 assigned to a particular NAS. During the
radius authentication, we will need to send back two radius attributes of
Framed-IP-Address and Framed-IP-Netmask. However, the Framed-IP-Address
that we need to send back will
I belive you are right about LDAP query not comming back from LDAP server
I turned on ldap_debug = 1 and shows this:
* msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0** Response Queue: Emptyldap_chkResponseList for msgid=1, all=1ldap_chkResponseList returns NULL
Andrew Werbowy [EMAIL PROTECTED] wrote:
I belive you are right about LDAP query not comming back from LDAP
server
That's not what I meant.
I meant that there's no data which FreeRADIUS can use coming back.
Please configure a clear-text password for the user in the LDAP
entry for that
Brian Ammons [EMAIL PROTECTED] wrote:
I'll make the change re: Auth-Type := Accept in radcheck. What is the
significance of := vs. ==?
man users
And I thought the order was radcheck, then
radreply, is that not the case (see below)?
It should be in that order.
Can anyone point me to
i do know what man pages are, I did set all of this up myself. I'm new (6
months) to Linux but I'm able to figure stuff out with just a push in the
right direction...you could have said RTFM and I would have gotten the
hint. typing man users doesn't bring up anything about radius, it's about
the
Brian Ammons [EMAIL PROTECTED] wrote:
...
You sent me a private message, I sent you a private response.
Posting that response publicly is bad netiquette.
i do know what man pages are, I did set all of this up myself. I'm new (6
months) to Linux but I'm able to figure stuff out with just a
Yes I had it
rad_recv: Access-Request packet from host 192.168.200.1:4395, id=1,
length=48
User-Name = test001
CHAP-Password = 0xb9215f405119e840fdc14e628555747ff2
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
I really wish I could just pass on the flame war, however:
I resent your use of the phrase lied to. I didn't know that you wanted
me to type man users - that may seem obvious to you and possibly
everyone else but not to me, my apologies. In the future, you could
advise type 'man users' and read
Just found this good stuff re: RADIUS and mySQL.
http://www.frontios.com/freeradius.html
Thanks to everyone for their help.
BCA
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I did run the server in debugging mode. What I meant by the log is the debugging statement from running /radiusd -X -A. Alan DeKok [EMAIL PROTECTED] wrote:
Lara Adianto <[EMAIL PROTECTED]>wrote: I have a problem with rlm_eap_tls. The radius server doesn't seem to accept the access request from the
Hi,
I just install a new Freeradius 1.0.1 in my Debian box by source code.
When I tried to run /usr/local/sbin/radiusd -Xxyz -l stdout
Sat Oct 2 00:48:15 2004 : Info: Starting - reading configuration files ...
Sat Oct 2 00:48:15 2004 : Debug: reread_config: reading radiusd.conf
Sat Oct 2
Hello,
We are planning to use Freeradius for a research project. We had already
use it before, with EAP/TLS. My questions are (both using EAP/TLS):
Once RADIUS gets the certificate from the supplicant can it
make checks to the certificate to know who is the certificate subject,
and them do some
[EMAIL PROTECTED] [EMAIL PROTECTED]:
Sorry. I make a mistake.
Actually the problem is I install a GNU radius before.
I remove it and eveything is fine.
Sorry.
Edward
Hi,
I just install a new Freeradius 1.0.1 in my Debian box by source code.
When I tried to run
Kostas Kalevras wrote:
On Thu, 30 Sep 2004, Alexander Serkin wrote:
Hello again.
While replicating accounting info to secondary server with radrelay i see the
following message in radius.log:
Thu Sep 30 10:48:51 2004 : Error: rlm_detail: Failed to aquire filelock for
/opt/fr/radacct/detail,
54 matches
Mail list logo