authorize for request 0
radius_xlat: '/usr/local/var/log/radius/radacct//auth-detail-20050524'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct//auth-detail-20050524
modcall[authorize]: module auth_log returns ok
I could not get the snapshot to compile/install - properly.
I see from the google there are a few others also have the same
compile difficulty with the eap modules.
But I managed to compile the program radsqlrelay, it is a command line tool
but how am I going to tell it all those
I'm having a problem authenticating my
client, Windows XP, to the server, SUSE Linux.
Everytime I run radiusd -X -A I get the following
messages:
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module preprocess returns ok
for
Hi everyone.
I am trying to set up my FreeRadius server for use with multiple
vendors simultaneously, namely Cisco and Quintum. Currently we have
everything working fine with Quintum boxes and are trying to add
support for Cisco.
We are using FreeRadius to call a SQL Server back end. Here is
Well, if you have different vendor attributes for the same thing then
you should be able to do for example:
%{Quintum-h323-call-origin:-%{Cisco-h323-call-origin}}
That will use Quintum-h323-call-origin if it exists, otherwise
Cisco-h323-call-origin
See variables.txt in the doc directory for
Date: Mon, 23 May 2005 17:44:33 +0200
From: Alex Moreno [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Subject: Re: Kick users offline
Reply-To: freeradius-users@lists.freeradius.org
I do it using the Time-Out=3Dtime variable. Read the documentation for
more information.
On
Fantastic! That is exactly what I was looking for.
The only downside to this is that we will have to reconfigure the
system for each additional manufacturer we want to add. Is there a
more general way of doing it? Or is this just the nature of VSAs?
Thanks,
Mike
On 5/24/05, Mitchell,
:1812
User-Name = test
User-Password = test
NAS-IP-Address = euler
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=241, length=20
[EMAIL PROTECTED]tail -f
/var/log/radius/radacct/localhost/auth-detail-20050524
Packet-Type = Access-Request
Tue
Hi all,I try to modify rlm_example.c toimplement challenge/response authentication, but i dont' know how to code it, i know i have to modify example_authenitcate function , but when i install it to my freeradius server , it cannot return RLM_MODULE_OK, anyone can help me with that, here is my
Fantastic! That is exactly what I was looking for.
The only downside to this is that we will have to reconfigure
the system for each additional manufacturer we want to add.
Is there a more general way of doing it? Or is this just the
nature of VSAs?
Hmm, can't think of one. But there are
On Mon, May 23, 2005 at 03:29:33PM -0400, Chris Carver wrote:
Date: Mon, 23 May 2005 15:29:33 -0400
From: Chris Carver [EMAIL PROTECTED]
Subject: ldap attribute, checkItem, and the users file
I'm still struggling with a problem I wrote in about in the past. I
will explain what I am trying
Terry lee [EMAIL PROTECTED] wrote:
You might have better luck if you turned off the HTML and posted in
straight text.
Jim
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Mon, 23 May 2005, Chris Carver wrote:
Hello,
I'm still struggling with a problem I wrote in about in the past. I will
explain what I am trying to do as well as possible.
We have customers authenticating through our radius server which uses an
openldap backend. Each user has an entry
from dialup_admin web interface i can clear sessions but i cannot
disconnect users. when i press disconnect user nothing happens. i use
latest cvs dialup admin , freeradius with mysql and pptp.
any clue ?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Tue, 24 May 2005, Florin Samareanu wrote:
from dialup_admin web interface i can clear sessions but i cannot
disconnect users. when i press disconnect user nothing happens. i use
latest cvs dialup admin , freeradius with mysql and pptp.
any clue ?
The disconnect facility will work only for
Hello freeRADIUS mailing list readers,
Is it possible to configure a freeRADIUS server running on a UNIX
machine to also accept MS-CHAP? If so, is it complicated? is there
documentation for it? how can I do that (in a fairly simple way)?
/the girl that wonders why Microsoft had to complicate
S close. I have no trouble fetching a cheerful response from
the IAS radius server with my simple proxy. I print its output to
standard output and return with exit code 0. FreeRADIUS reports
the whole thing as a success. And I get:
Error 778: It was not possible to verify the identity of the
I think this depends if your NAS supports it or not - Freeradius just sends the
request and the NAS deals with it
[EMAIL PROTECTED] 24/05/2005 12:36
from dialup_admin web interface i can clear sessions but i cannot
disconnect users. when i press disconnect user nothing happens. i use
latest
Hello friends --
We've been steadily running a kerberos-enabled freeradius server here for
several years now and everything has been working perfectly. We have
several devices that use it for authentication, such as the VPN and modem
pool. These are services where anyone with an account in our
Hola Igor,
mi proyecto final de carrera usa, entre otras muchas cosas,
freeradius. No se exactamente que quieres hacer pero quizá nocat o
chillispot te sirva de algo para el tema de autentificación, en
conjunción con radius (es como lo tengo yo).
Otra cosa, esta lista es de habla inglesa así que
Hello there,
since I am in the pre-test part of my wifi project, I would like to know if
some of you know a pcmcia wifi card able to deal with :
- linux and/or BSD (and windows)
- WPA 2 (WPA +AES)
- PEAP
- 802.11 b g
- running in master mode (aka hostap)
I saw a lot of cards having the same
Hello friends --
We've been steadily running a kerberos-enabled freeradius server here for
several years now and everything has been working perfectly. We have
several devices that use it for authentication, such as the VPN and modem
pool. These are services where anyone with an account in
On Tue, 24 May 2005, Dustin Doris wrote:
huntgroups:
testgroup NAS-IP-Address == 10.0.0.1 (for the purpose of this
exercise, my test client)
User-Name = randomuser,
Not sure if it matters, but you don't need this comma since its the last
value.
If I'm getting a incorrect checksum error on the UDP packet sent from the
client to the server, would that be the cause of my Shared secret is
incorrect error? I've removed/readded the secret on both sides many
times...
If that is the case, I'm assuming the problem is with the md5 hash on the
Hi,
can you tell us what operating system are you using?
I had recently problems with SuSE 9.1 where some packages were broken and
therefore the shared secret auth wasn't functioning.
Regards,
Edvin Seferovic
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Hi,
what are you actually using to start-up a connection? PPP or something else?
I am using Poptop/PPP combination and I get kicked out right on time. But
I only use Session-Timeout attribute. Where did you read that about
Login-Time, it is really interesting for my next project, and maybe I
So sorry, I'm using SLES 9 for x86_64
--Kris
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Seferovic
Edvin
Sent: Tuesday, May 24, 2005 10:50 AM
To: freeradius-users@lists.freeradius.org
Subject: RE: shared secret problem
Hi,
can you tell us what
huntgroups:
testgroup NAS-IP-Address == 10.0.0.1 (for the purpose of this
exercise, my test client)
User-Name = randomuser,
Sorry for the confusion. I'm wanting it so that only users in the
huntgroups file are able to authenticate from a
Hi,
I'm using Exec-Program-Wait for user validation.
On some cases, I want to send back the Session-Timeout
According to what I've seen, on the script I execute on
Exec-Program-Wait, I can send back this value like this:
print Session-Timeout=$timeout\n;
exit 0; # Grant Access
Now, on this
Hello,
I've found a pretty good howto at
http://www.tldp.org/HOWTO/8021X-HOWTO/intro.html
Take a look
Jonathan
vicky wrote:
Hello freeRADIUS mailing list readers,
Is it possible to configure a freeRADIUS server running on a UNIX
machine to also accept MS-CHAP? If so, is it complicated?
Hi,
take a look at www.poptop.org it is a *nix implementation of MS PPTP VPN
Server that uses MS-CHAP. There is also a very good how-to about CHAP auth,
and freeRadius.
Regards,
Edvin Seferovic
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jonathan
Hi,
Since few days I succeed in PEAP auth with freeradius, but I've a
biggest problem.
I would like to check the authenticate as computer when information is
available box so my computer should be reachable even if nobody is
logged in.
I've read in previous post that it is only possible with
Mitchell, Michael J [EMAIL PROTECTED] wrote:
The only downside to this is that we will have to reconfigure
the system for each additional manufacturer we want to add.
The good news is that few vendors do the annoying AVPair stuff that
Cisco does.
Is there a more general way of doing it? Or
Hi all:
We´re tryng to install freeradius in a base RedHat 9.
We try with basic installation of freeradius-snapshot-20050524.tar.gz:
./configure
make
make install
but don´t work. Is there a document to install freeradius in a Red Hat 9 box??
Thanks¡
-
List info/subscribe/unsubscribe? See
Ming-Ching Tiew [EMAIL PROTECTED] wrote:
Hate to border you folks who are non-programmers here, but
I think the code is questionable here,
Hmm... you're right.
In any case, radsqlrelay is about to be deleted from the CVS head.
Radrelay, too. They're being replaced with minor changes to
Hi,
you welcome ;) If you contact Novell/SuSE and get an answer about this topic
( or maybe a solution ) I would be thankful if you could mail it to this
mailing list. I intend to move on SLES shortly, and now when I know the fact
that freeRadius is not working ( on x86_64 ) whis move could be
vicky [EMAIL PROTECTED] wrote:
Is it possible to configure a freeRADIUS server running on a UNIX
machine to also accept MS-CHAP? If so, is it complicated? is there
documentation for it? how can I do that (in a fairly simple way)?
Install the server. It will work.
Did you try reading
At authorization stage FreeRADIUS calculates and sends proper
Session-Timeout attribute to Access Server that tells him how long user can
stay online. This calculations done using attributes such as Login-Time,
Expiration, Session-Timeout and current time. If user's time is over limit
but he still
Hello,
I'm using freeradius 1.0.2 with Red Hat Enterprise Server 3 and MySql.
I have the following problem with EAP-TTLS:
authentication is succesful using a Proxim 8470-WD a/b/g PCMCIA card,
but fails with a Zyxel G-405 802.11g Wireless LAN Ethernet Adapter.
I've checked both freeradius logs
On Tue, 24 May 2005, Seferovic Edvin wrote:
Hi,
take a look at www.poptop.org it is a *nix implementation of MS PPTP VPN
Server that uses MS-CHAP. There is also a very good how-to about CHAP auth,
and freeRadius.
US users should be aware that to run PPTP with Windows clients and have
any
On 5/23/05, Thomas Boutell [EMAIL PROTECTED] wrote:
As also suggested here I am attempting to drive radclient as a poor man's
proxy connection from a custom script.
Unfortunately attribute names are apparently case-sensitive and
the environment variables lose case information from their
Juanjo Lopez [EMAIL PROTECTED] wrote:
./configure
make
make install
but don't work. Is there a document to install freeradius in a Red Hat 9
box??
Yes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ignacio Siles [EMAIL PROTECTED] wrote:
I've checked both freeradius logs and the only difference I see is this:
With the proxim card:
-
auth: type MSCHAP
With Zyxel Adapter:
---
auth: type System
So... Don't set Auth-Type = System.
Alan DeKok.
On Tue, 24 May 2005, Dustin Doris wrote:
DEFAULT NAS-IP-Address == 10.0.0.1, Huntgroup-Name != testgroup,
Auth-Type := Reject
Fall-Through = no
DEFAULT Auth-Type := Kerberos
...
Thanks for your quick reply, Dustin. I gave the above a try, and
unfortunately it still
Kostas Kalevras wrote:
On Mon, 23 May 2005, Chris Carver wrote:
Hello,
I'm still struggling with a problem I wrote in about in the past. I
will explain what I am trying to do as well as possible.
We have customers authenticating through our radius server which uses
an openldap backend.
On Tue, 24 May 2005 [EMAIL PROTECTED] wrote:
On Tue, 24 May 2005, Dustin Doris wrote:
DEFAULT NAS-IP-Address == 10.0.0.1, Huntgroup-Name != testgroup,
Auth-Type := Reject
Fall-Through = no
DEFAULT Auth-Type := Kerberos
...
Thanks for your quick reply, Dustin. I gave
I do have /usr/lib/oracle/10.1.0.3/client set for ORACLE_HOME
ok, here's the config.log of rlm_sql_oracle for configure --with-rlm-
sql_oracle-include-dir=/usr/include/oracle/10.1.0.3/client
This file contains any messages produced by compilers while
running configure, to aid debugging if
hello ...
i need a solution where freeradius accepts clients from any ip but with
different shared secrets
(because i want to authenticate users behind a dsl flatrate or something
like this)
is there any possiblity to do something like that ?
greeting grischan
-
List
do you have documentation on setting up a windows 2000 wifi-supplicants
against a FreeRADIUS server that queries LDAP for authentication?
ie.:
windows 2000 notebook wi-fi connection to FreeRADIUS
server FreeRADIUS server to LDAP server for authenication
LDAP back to FreeRADIUS
glanzel [EMAIL PROTECTED] wrote:
i need a solution where freeradius accepts clients from any ip but with
different shared secrets
(because i want to authenticate users behind a dsl flatrate or something
like this)
is there any possiblity to do something like that ?
No. You may end up
On Tue, 24 May 2005, Dustin Doris wrote:
printf User-Name = myusername\nUser-Password = mypasswd\nNAS-IP-Address =
10.0.0.1\nNAS-Port = 0\n | radclient localhost auth yoursecret
Actually, I think you can do it with radtest adding nasname as well. This
will make sure it sends over the right
On Tue, May 24, 2005, jay macias wrote:
i've successfuly set up windows xp supplicants; however, i'm stumped on
getting win2k to work. thank you in advance!!!
Unfortunately, there is no integrated WPA supplicant in
Windows 2000. You will have to use an external supplicant.
Until now, i
The FAQ says I can use radiusd -C to check the files before a HUP, it
also gives a nice sample script to use to check for necessary updating
of the users file. However, I get
radiusd: invalid option -- C
The FAQ says 1.6.4 and later, but the latest version that can be
downloaded is only 1.0.2?
I'm having a problem authenticating myclient, Windows XP, to the server, SUSE Linux.Everytime I run radiusd -X -A I get the followingmessages: Processing the authorize section of radiusd.confmodcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns okfor
Carl Davis [EMAIL PROTECTED] wrote:
The FAQ says 1.6.4 and later, but the latest version that can be
downloaded is only 1.0.2?
Hmm... the FAQ is really old. That option isn't supported, and the
1.6.4 thing is for Cistron, not FreeRADIUS.
Alan DeKok.
-
List info/subscribe/unsubscribe?
of freeradius-snapshot-20050524.tar.gz:
./configure
make
make install
but don´t work. Is there a document to install freeradius in a Red Hat 9 box??
Thanks¡
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http
Is there another good option for checking the conf files before doing an
HUP?
On Tue, 2005-05-24 at 15:32 -0400, Alan DeKok wrote:
Carl Davis [EMAIL PROTECTED] wrote:
The FAQ says 1.6.4 and later, but the latest version that can be
downloaded is only 1.0.2?
Hmm... the FAQ is really old.
Hi
I just upgraded to 1.0.2 from 0.93, and now Im seeing my acct exec program
being left in a zombie state after being fired by acct_users file.
Is there something I can do to prevent this, its eating all my server's
threads.
Is this related to rlm_exec: Wait=yes but no output defined. Did you
Carl Davis [EMAIL PROTECTED] wrote:
Is there another good option for checking the conf files before doing an
HUP?
No, sorry.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
From: Alan DeKok [EMAIL PROTECTED]
In any case, radsqlrelay is about to be deleted from the CVS head.
Radrelay, too. They're being replaced with minor changes to the
server core which means that radiusd can now do everything those two
programs did, and more.
Wait a few weeks, and the
Hi,
For some reason, it's seeing the requests coming from NAS-IP-Address =
255.255.255.255 versus the ip address I think it should be coming from.
you could try checking Client-IP-Address instead of NAS-IP-Address. NAS... is
unreliable since the client can put into it whatever he likes.
61 matches
Mail list logo