Title: Message
-Original Message-From: John H - ACI Technologies, LLC
[mailto:[EMAIL PROTECTED] Sent: Tuesday, May 24, 2005 11:53
PMTo: 'freeradius-users@lists.freeradius.org'Subject: RE:
Would like Someone to setup radius + API
where would i find
someone to setup freeradius.org f
Hi,
> For some reason, it's seeing the requests coming from "NAS-IP-Address =
> 255.255.255.255" versus the ip address I think it should be coming from.
you could try checking Client-IP-Address instead of NAS-IP-Address. NAS... is
unreliable since the client can put into it whatever he likes.
C
Hi all,
I try to modify rlm_example.c to implement challenge/response authentication,
but i dont' know how to code it, i know i have to modify example_authenitcate
function , but when i install it to my freeradius server , it cannot return
RLM_MODULE_OK, anyone can help me with that, here is m
"Ming-Ching Tiew" <[EMAIL PROTECTED]> wrote:
> I am certainly grateful of development along this direction and I hope
> there will be sufficient retries and/or connection re-establishment
> mechanism built into these relays.
Since the relay program will be "radiusd", it till get all of the
retry
From: "Alan DeKok" <[EMAIL PROTECTED]>
>
> In any case, radsqlrelay is about to be deleted from the CVS head.
> Radrelay, too. They're being replaced with minor changes to the
> server core which means that radiusd can now do everything those two
> programs did, and more.
>
> Wait a few week
"Jon Mansey" <[EMAIL PROTECTED]> wrote:
> I just upgraded to 1.0.2 from 0.93, and now Im seeing my acct exec
> program being left in a zombie state after being fired by acct_users
> file.
>
> Is there something I can do to prevent this, its eating all my server's
> threads.
We will be releasing
Carl Davis <[EMAIL PROTECTED]> wrote:
> Is there another good option for checking the conf files before doing an
> HUP?
No, sorry.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi
I just upgraded to 1.0.2 from 0.93, and now Im seeing my acct exec program
being left in a zombie state after being fired by acct_users file.
Is there something I can do to prevent this, its eating all my server's
threads.
Is this related to "rlm_exec: Wait=yes but no output defined. Did you
Is there another good option for checking the conf files before doing an
HUP?
On Tue, 2005-05-24 at 15:32 -0400, Alan DeKok wrote:
> Carl Davis <[EMAIL PROTECTED]> wrote:
> > The FAQ says 1.6.4 and later, but the latest version that can be
> > downloaded is only 1.0.2?
>
> Hmm... the FAQ is rea
th basic installation of freeradius-snapshot-20050524.tar.gz:
>
> ./configure
> make
> make install
>
> but don´t work. Is there a document to install freeradius in a Red Hat 9 box??
>
> Thanks¡
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.or
King, Michael a écrit :
On Behalf Of Lorel hardy
I've read in previous post that it is only possible with an
Active Directory (AD) server, and as you well think I don't
want an AD server...
Actually, it hasn't been figured out yet, people are just proxieing it
off to a mac
Carl Davis <[EMAIL PROTECTED]> wrote:
> The FAQ says 1.6.4 and later, but the latest version that can be
> downloaded is only 1.0.2?
Hmm... the FAQ is really old. That option isn't supported, and the
1.6.4 thing is for Cistron, not FreeRADIUS.
Alan DeKok.
-
List info/subscribe/unsubscribe
I'm having a problem authenticating myclient, Windows XP, to the server, SUSE Linux.Everytime I run radiusd -X -A I get the followingmessages: Processing the authorize section of radiusd.confmodcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns okfor reques
The FAQ says I can use radiusd -C to check the files before a HUP, it
also gives a nice sample script to use to check for necessary updating
of the users file. However, I get
radiusd: invalid option -- C
The FAQ says 1.6.4 and later, but the latest version that can be
downloaded is only 1.0.2?
On Tue, May 24, 2005, jay macias wrote:
>i've successfuly set up windows xp supplicants; however, i'm stumped on
>getting win2k to work. thank you in advance!!!
Unfortunately, there is no integrated WPA supplicant in
Windows 2000. You will have to use an external supplicant.
Until now, i
On Tue, 24 May 2005, Dustin Doris wrote:
> printf "User-Name = myusername\nUser-Password = mypasswd\nNAS-IP-Address =
> 10.0.0.1\nNAS-Port = 0\n" | radclient localhost auth yoursecret
>
> Actually, I think you can do it with radtest adding nasname as well. This
> will make sure it sends over the
glanzel <[EMAIL PROTECTED]> wrote:
> i need a solution where freeradius accepts clients from any ip but with
> different shared secrets
> (because i want to authenticate users behind a dsl flatrate or something
> like this)
>
> is there any possiblity to do something like that ?
No. You may
do you have documentation on setting up a windows 2000 wifi-supplicants
against a FreeRADIUS server that queries LDAP for authentication?
ie.:
windows 2000 notebook >> wi-fi connection to FreeRADIUS
server >> FreeRADIUS server to LDAP server for authenication
>> LDAP back to FreeRADIUS >>
hello ...
i need a solution where freeradius accepts clients from any ip but with
different shared secrets
(because i want to authenticate users behind a dsl flatrate or something
like this)
is there any possiblity to do something like that ?
greeting grischan
-
List info/subscribe/unsubsc
I do have /usr/lib/oracle/10.1.0.3/client set for ORACLE_HOME
ok, here's the config.log of rlm_sql_oracle for configure --with-rlm-
sql_oracle-include-dir=/usr/include/oracle/10.1.0.3/client
This file contains any messages produced by compilers while
running configure, to aid debugging if con
On Tue, 24 May 2005 [EMAIL PROTECTED] wrote:
> On Tue, 24 May 2005, Dustin Doris wrote:
>
> > DEFAULT NAS-IP-Address == 10.0.0.1, Huntgroup-Name != testgroup,
> > Auth-Type := Reject
> > Fall-Through = no
> >
> > DEFAULT Auth-Type := Kerberos
> > ...
>
> Thanks for your quick reply, D
Kostas Kalevras wrote:
On Mon, 23 May 2005, Chris Carver wrote:
Hello,
I'm still struggling with a problem I wrote in about in the past. I
will explain what I am trying to do as well as possible.
We have customers authenticating through our radius server which uses
an openldap backend.
On Tue, 24 May 2005, Dustin Doris wrote:
> DEFAULT NAS-IP-Address == 10.0.0.1, Huntgroup-Name != testgroup,
> Auth-Type := Reject
> Fall-Through = no
>
> DEFAULT Auth-Type := Kerberos
> ...
Thanks for your quick reply, Dustin. I gave the above a try, and
unfortunately it still
Ignacio Siles <[EMAIL PROTECTED]> wrote:
> I've checked both freeradius logs and the only difference I see is this:
>
> With the proxim card:
> -
> auth: type "MSCHAP"
>
> With Zyxel Adapter:
> ---
> auth: type "System"
So... Don't set "Auth-Type = System"
Juanjo Lopez <[EMAIL PROTECTED]> wrote:
> ./configure
> make
> make install
>
> but don't work. Is there a document to install freeradius in a Red Hat 9
> box??
Yes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 5/23/05, Thomas Boutell <[EMAIL PROTECTED]> wrote:
> As also suggested here I am attempting to drive radclient as a poor man's
> proxy connection from a custom script.
>
> Unfortunately attribute names are apparently case-sensitive and
> the environment variables lose case information from thei
Thomas Boutell <[EMAIL PROTECTED]> wrote:
> S close. I have no trouble fetching a cheerful response from
> the IAS radius server with my simple proxy. I print its output to
> standard output and return with exit code 0. FreeRADIUS reports
> the whole thing as a success. And I get:
>
> Error 77
On Tue, 24 May 2005, Seferovic Edvin wrote:
Hi,
take a look at www.poptop.org it is a *nix implementation of MS PPTP VPN
Server that uses MS-CHAP. There is also a very good how-to about CHAP auth,
and freeRadius.
US users should be aware that to run PPTP with Windows clients and have
any secu
Hello,
I'm using freeradius 1.0.2 with Red Hat Enterprise Server 3 and MySql.
I have the following problem with EAP-TTLS:
authentication is succesful using a Proxim 8470-WD a/b/g PCMCIA card,
but fails with a Zyxel G-405 802.11g Wireless LAN Ethernet Adapter.
I've checked both freeradius logs a
At authorization stage FreeRADIUS calculates and sends proper
Session-Timeout attribute to Access Server that tells him how long user can
stay online. This calculations done using attributes such as Login-Time,
Expiration, Session-Timeout and current time. If user's time is over limit
but he still
vicky <[EMAIL PROTECTED]> wrote:
> Is it possible to configure a freeRADIUS server running on a UNIX
> machine to also accept MS-CHAP? If so, is it complicated? is there
> documentation for it? how can I do that (in a fairly simple way)?
Install the server. It will work.
Did you try readin
Hi,
you welcome ;) If you contact Novell/SuSE and get an answer about this topic
( or maybe a solution ) I would be thankful if you could mail it to this
mailing list. I intend to move on SLES shortly, and now when I know the fact
that freeRadius is not working ( on x86_64 ) whis move could be del
"Ming-Ching Tiew" <[EMAIL PROTECTED]> wrote:
> Hate to border you folks who are non-programmers here, but
> I think the code is questionable here,
Hmm... you're right.
In any case, radsqlrelay is about to be deleted from the CVS head.
Radrelay, too. They're being replaced with minor changes
Hi all:
We´re tryng to install freeradius in a base RedHat 9.
We try with basic installation of freeradius-snapshot-20050524.tar.gz:
./configure
make
make install
but don´t work. Is there a document to install freeradius in a Red Hat 9 box??
Thanks¡
-
List info/subscribe/unsubscribe? See
"Ming-Ching Tiew" <[EMAIL PROTECTED]> wrote:
> My testing revealed that it does not work. Maybe it is because
> I am not using mysql ? I am using unixODBC/freetds, wonder
> if that matters.
It shouldn't.
> I could not get the snapshot to compile/install - properly.
It's still in the process
> On Behalf Of Lorel hardy
> I've read in previous post that it is only possible with an
> Active Directory (AD) server, and as you well think I don't
> want an AD server...
Actually, it hasn't been figured out yet, people are just proxieing it
off to a machine that can do machine authenticati
"Mitchell, Michael J" <[EMAIL PROTECTED]> wrote:
> >The only downside to this is that we will have to reconfigure
> >the system for each additional manufacturer we want to add.
The good news is that few vendors do the annoying "AVPair" stuff that
Cisco does.
> >Is there a more general way of do
Hi,
Since few days I succeed in PEAP auth with freeradius, but I've a
biggest problem.
I would like to check the "authenticate as computer when information is
available" box so my computer should be reachable even if nobody is
logged in.
I've read in previous post that it is only possible with
Hi,
take a look at www.poptop.org it is a *nix implementation of MS PPTP VPN
Server that uses MS-CHAP. There is also a very good how-to about CHAP auth,
and freeRadius.
Regards,
Edvin Seferovic
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jonathan
De
Thanks so much for the information and quick response. I'll attempt to
contact Novell/SuSE. I tried the procedure below without much success over
the last week or two.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Seferovic
Edvin
Sent: Tuesday, May 2
Hello,
I've found a pretty good howto at
http://www.tldp.org/HOWTO/8021X-HOWTO/intro.html
Take a look
Jonathan
vicky wrote:
Hello freeRADIUS mailing list readers,
Is it possible to configure a freeRADIUS server running on a UNIX
machine to also accept MS-CHAP? If so, is it complicated? is
BINGO... there u go ;)
I was using SuSE PRO 9.1 on x86_64 WHICH WAS BROKEN !! SuSE changed this in
the next version 9.2. Aparently SLES 9 has the same problem. You could try
contacting Novell/SuSe about this ;)
Here is a part of a friendly person from this list which encountered the
same problem,
Hi,
I'm using Exec-Program-Wait for user validation.
On some cases, I want to send back the Session-Timeout
According to what I've seen, on the script I execute on
Exec-Program-Wait, I can send back this value like this:
print "Session-Timeout=$timeout\n";
exit 0; # Grant Access
Now, on this t
> > >
> > > huntgroups:
> > >
> > > testgroup NAS-IP-Address == 10.0.0.1 (for the purpose of this
> > > exercise, my test client)
> > > User-Name = randomuser,
> >
> Sorry for the confusion. I'm wanting it so that only users in the
> huntgroups file are able to
So sorry, I'm using SLES 9 for x86_64
--Kris
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Seferovic
Edvin
Sent: Tuesday, May 24, 2005 10:50 AM
To: freeradius-users@lists.freeradius.org
Subject: RE: shared secret problem
Hi,
can you tell us what opera
Hi,
what are you actually using to start-up a connection? PPP or something else?
I am using Poptop/PPP combination and I get kicked out "right on time". But
I only use Session-Timeout attribute. Where did you read that about
Login-Time, it is really interesting for my next project, and maybe I cou
Hi,
can you tell us what operating system are you using?
I had recently problems with SuSE 9.1 where some packages were broken and
therefore the shared secret auth wasn't functioning.
Regards,
Edvin Seferovic
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
If I'm getting a incorrect checksum error on the UDP packet sent from the
client to the server, would that be the cause of my "Shared secret is
incorrect" error? I've removed/readded the secret on both sides many
times...
If that is the case, I'm assuming the problem is with the md5 hash on the
s
On Tue, 24 May 2005, Dustin Doris wrote:
> >
> > huntgroups:
> >
> > testgroup NAS-IP-Address == 10.0.0.1 (for the purpose of this
> > exercise, my test client)
> > User-Name = randomuser,
>
> Not sure if it matters, but you don't need this comma since its the la
> Hello friends --
>
> We've been steadily running a kerberos-enabled freeradius server here for
> several years now and everything has been working perfectly. We have
> several devices that use it for authentication, such as the VPN and modem
> pool. These are services where anyone with an accou
Hello there,
since I am in the pre-test part of my wifi project, I would like to know if
some of you know a pcmcia wifi card able to deal with :
- linux and/or BSD (and windows)
- WPA 2 (WPA +AES)
- PEAP
- 802.11 b & g
- running in master mode (aka "hostap")
I saw a lot of cards having the sam
Hola Igor,
mi proyecto final de carrera usa, entre otras muchas cosas,
freeradius. No se exactamente que quieres hacer pero quizá nocat o
chillispot te sirva de algo para el tema de autentificación, en
conjunción con radius (es como lo tengo yo).
Otra cosa, esta lista es de habla inglesa así que
Hello friends --
We've been steadily running a kerberos-enabled freeradius server here for
several years now and everything has been working perfectly. We have
several devices that use it for authentication, such as the VPN and modem
pool. These are services where anyone with an account in our k
I think this depends if your NAS supports it or not - Freeradius just sends the
request and the NAS deals with it
>>> [EMAIL PROTECTED] 24/05/2005 12:36 >>>
from dialup_admin web interface i can clear sessions but i cannot
disconnect users. when i press disconnect user nothing happens. i use
late
S close. I have no trouble fetching a cheerful response from
the IAS radius server with my simple proxy. I print its output to
standard output and return with exit code 0. FreeRADIUS reports
the whole thing as a success. And I get:
Error 778: It was not possible to verify the identity of the
Hola a todos, soy un chico de Bilbao que quiere
implantar una arquitectura de red Wi-Fi segura
mediante 802.11i usando WPA-Enterprise con un servidor
de autenticación RADIUS y un router (Linksys WRT54G)
que haga de authenticator.
La verdad estoy empezando a mirar cosillas, pero no se
por donde em
Hello freeRADIUS mailing list readers,
Is it possible to configure a freeRADIUS server running on a UNIX
machine to also accept MS-CHAP? If so, is it complicated? is there
documentation for it? how can I do that (in a fairly simple way)?
/the girl that wonders why Microsoft had to complicate
On Tue, 24 May 2005, Florin Samareanu wrote:
from dialup_admin web interface i can clear sessions but i cannot
disconnect users. when i press disconnect user nothing happens. i use
latest cvs dialup admin , freeradius with mysql and pptp.
any clue ?
The disconnect facility will work only for c
from dialup_admin web interface i can clear sessions but i cannot
disconnect users. when i press disconnect user nothing happens. i use
latest cvs dialup admin , freeradius with mysql and pptp.
any clue ?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Mon, 23 May 2005, Chris Carver wrote:
Hello,
I'm still struggling with a problem I wrote in about in the past. I will
explain what I am trying to do as well as possible.
We have customers authenticating through our radius server which uses an
openldap backend. Each user has an entry in
Terry lee <[EMAIL PROTECTED]> wrote:
You might have better luck if you turned off the HTML and posted in
straight text.
Jim
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Mon, May 23, 2005 at 03:29:33PM -0400, Chris Carver wrote:
> Date: Mon, 23 May 2005 15:29:33 -0400
> From: Chris Carver <[EMAIL PROTECTED]>
> Subject: ldap attribute, checkItem, and the users file
>
> I'm still struggling with a problem I wrote in about in the past. I
> will explain what I am
>
>Fantastic! That is exactly what I was looking for.
>
>The only downside to this is that we will have to reconfigure
>the system for each additional manufacturer we want to add.
>Is there a more general way of doing it? Or is this just the
>nature of VSAs?
Hmm, can't think of one. But ther
Hi all,I try to modify rlm_example.c to implement challenge/response authentication, but i dont' know how to code it, i know i have to modify example_authenitcate function , but when i install it to my freeradius server , it cannot return RLM_MODULE_OK, anyone can help me with that, here is my imp
27.0.0.1:1812
User-Name = "test"
User-Password = "test"
NAS-IP-Address = euler
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=241, length=20
[EMAIL PROTECTED]>tail -f
/var/log/radius/radacct/localhost/auth-detail
Fantastic! That is exactly what I was looking for.
The only downside to this is that we will have to reconfigure the
system for each additional manufacturer we want to add. Is there a
more general way of doing it? Or is this just the nature of VSAs?
Thanks,
Mike
On 5/24/05, Mitchell, Michael
Date: Mon, 23 May 2005 17:44:33 +0200
From: Alex Moreno <[EMAIL PROTECTED]>
To: freeradius-users@lists.freeradius.org
Subject: Re: Kick users offline
Reply-To: freeradius-users@lists.freeradius.org
I do it using the Time-Out=3D variable. Read the documentation for
more information.
On 5/23/05, S
Well, if you have different vendor attributes for the same thing then
you should be able to do for example:
%{Quintum-h323-call-origin:-%{Cisco-h323-call-origin}}
That will use Quintum-h323-call-origin if it exists, otherwise
Cisco-h323-call-origin
See variables.txt in the doc directory for more
Hi everyone.
I am trying to set up my FreeRadius server for use with multiple
vendors simultaneously, namely Cisco and Quintum. Currently we have
everything working fine with Quintum boxes and are trying to add
support for Cisco.
We are using FreeRadius to call a SQL Server back end. Here is th
>
> I also have a tough time try to persuade 'radsqlrelay' to do anything closer
> to sensable,
>
> # radsqlrelay -d /etc/raddb detail-20050520
> Tue May 24 14:49:12 2005 : Error: Unable to open file "Ðë?": No such file or
> directory
> radsqlrelay: Error reading radiusd.conf
> radsqlrelay: SQL mo
I'm having a problem authenticating my
client, Windows XP, to the server, SUSE Linux.
Everytime I run radiusd -X -A I get the following
messages:
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok
fo
71 matches
Mail list logo
