Hello Helen,
thank you for your informative answer!
It's possible, but I don't think RADIUS is the right tool.
Which one or which technics do you think ist the right solution for my problem?
Greetings,
Tom Stieglitz
FreeRadius users mailing list freeradius-users@lists.freeradius.org
System pocztowy Galtex S.A. informuje, iz Twoja wiadomosc zostala dostarczona
Wiadomosc wygenerowana automatycznie przez system pocztowy uzytkownika belskia
Prosze na ta wiadomosc nie odpowiadac.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
System pocztowy Galtex S.A. informuje, iz Twoja wiadomosc zostala dostarczona
Wiadomosc wygenerowana automatycznie przez system pocztowy uzytkownika belskia
Prosze na ta wiadomosc nie odpowiadac.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Jason Clifford wrote:
On Mon, 7 Nov 2005, Nicolas Baradakis wrote:
If you are going to make a change in freeradius to cope with this don't
waste time trying to read the my.cnf file as you wont know where it is
with any certainty.
This is a one-line-change in FreeRADIUS: we just
Hello
I have some problems with dialup_admin1.62.
i use freeradius-1.0.1 with mysql on Fermi Linux LTS Release 3.0.1
- first, I have a problem in showing the online user in dialup_admin.
in fact, when i use a telnet user to connect on NAS , it appears in
online user but when it 's a ppp
Sorry for the late reply.
Thanks for the info, i'll give it a try.
Best Regards,
Pedro Marcolino
On Mon, 07 Nov 2005 14:27:28 +0100
Nicolas Baradakis [EMAIL PROTECTED] wrote:
Pedro Marcolino wrote:
Ldapsearch show the following:
(...)
ispRadiusCiscoAVPair: lcp:interface-config#1=ip
Jason Frisvold wrote:
Hi there,
I'm looking for a way to force certain users through a proxy. I
*think* Framed-Routes are the way to go. Can someone help me out a
little?
Framed-Route instructs the NAS to install a route as described by the
value, to the dialed up user. (at least that
A while ago I upgraded our freeradius server to 1.0.2 from a 0.9.x
version, and ever since our ISDN dial-up users can not gain access when
their login type in radcheck is Crypt-Password. If I change them to a
User-Password attribute and the cleartext password, it works.
I've compiled a debug log
Title: Nachricht
Yohoo!
I've a (for me)
strange problem mit ntlm_auth.
I want to use
freeradius as an proxy for authentication against ActiveDirectory. So I've
installed winbind. "wbinfo -u" and "wbinfo -g" shows me the User and Grouplists.
Nice :)
I've configured
freeradius like Alan
i use radwatch to check the status of the radiusd, but it keeps sending
Radius died, restarting mail to me, but radiusd runs well if i donnot
run radwatch. pls tell why, thanks.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 11/8/05, Joe Maimon [EMAIL PROTECTED] wrote:
Framed-Route instructs the NAS to install a route as described by the
value, to the dialed up user. (at least that what my nas's do)
So in and of itself, I do not think it will accomplish any sort of
forced proxying.
Right.. the framed route
Hi,
Can anyone tell me if it's possible to proxy EAP-PEAP from a Cisco Aironet
to an IAS server via FreeRADIUS (I can do this bit), then, set the user's
VLAN information within FreeRADIUS in the access-accept packet returned to
the AP?
Also, is there a way to return an access-accept with a
Hi Jezz,
Palmer J.D.F. wrote:
Hi,
Can anyone tell me if it's possible to proxy EAP-PEAP from a Cisco Aironet
to an IAS server via FreeRADIUS (I can do this bit), then, set the user's
VLAN information within FreeRADIUS in the access-accept packet returned to
the AP?
Yes - write a script that
Thomas Stieglitz [EMAIL PROTECTED] wrote:
Hello Helen,
?
It's possible, but I don't think RADIUS is the right tool.
Which one or which technics do you think ist the right solution for my
problem?
?
Did you read the text you quoted?
Alan DeKok.
-
List
Jason Frisvold [EMAIL PROTECTED] wrote:
I *think* that's more what I'm looking for.. The idea is to put a
user in a suspended group that will only allow them to go to the
payment server. By using a proxy, I can intercept all port 80 traffic
and redirect them to the proper location.
That's
Cheers Josh. :)
That's pretty much the way we do the Roanmode stuff.
Just wasn't sure being EAP whether you could mess around with the return
packet.
Do you have any cunning solutions to how you might get around the reject
issue?
I'd imagine it's quite a common scenario, IE wanting to let
I finally got freeradius to make without errors. However
to do this I had to manually change the Makefile (in src/modules/rlm_sql/drivers/rlm_sql_mysql)and take
out these options -x03 -mt and -xarch=v8, but I am not sure if this will
affect the stability or useage of freeradius.
-xarch=v8
Nicholas Thompson [EMAIL PROTECTED] wrote:
I finally got freeradius to make without errors. However
to do this I had to manually change the Makefile (in
src/modules/rlm_sql/drivers/rlm_sql_mysql)and take
out these options -x03 -mt and -xarch=v8, but I am not sure if this will
affect the
[EMAIL PROTECTED] (Rens Houben) wrote:
A while ago I upgraded our freeradius server to 1.0.2 from a 0.9.x
version, and ever since our ISDN dial-up users can not gain access when
their login type in radcheck is Crypt-Password. If I change them to a
User-Password attribute and the cleartext
Hello
Does anyone have ever tried JRadius (jradius.sf.net)?
As I'm more familiar whith Java than C, I
wonder if I'm not going to use it to handle
EAP-SIM (I am not completly sure I can do so, but if
it is possible I will do so).
Any experience is welcome.
Jason Frisvold wrote:
I *think* that's more what I'm looking for.. The idea is to put a
user in a suspended group that will only allow them to go to the
payment server. By using a proxy, I can intercept all port 80 traffic
and redirect them to the proper location.
Does that make more
Hello,
I was having problems compiling freeradius-1.0.5
on Solaris 10 (sparc) that were rather difficult to troubleshoot. I
managed to get the compilation completed successfully, but it seems that
maybe there could be some changes to improve the experience others have
with compiling freeradius
Hi all.I've done my best to try and figure this out myself, but am
really stuck.
First the basics: An enterasys C2 switch setup to do 802.1x
authentication. This switch points to my freeradius server. Attached
to the swich is my XP notebook, which is setup to do 802.1x via PEAP.
On
[EMAIL PROTECTED] wrote:
Should md5 be added to the list of libraries automatically defined during
the configure process for the above?
No. src/lib/md5.c includes an MD5 implementation. The build SHOULD
use it. It's used on all other platforms, anfd I don't know why
Solaris doesn't work.
Okay...one step closer. I had been using a debian version of freeradius
1.0.2 and hacked in the eap-tls. I have since followed Ben Kenobi's
advice and use the source. It appears to be sending packets to the
IAS box now, and I can cut the stuff out and use radclient and have IAS
respond,
On 11/8/05, Michael Griego [EMAIL PROTECTED] wrote:
Ben Walding wrote: We've found in testing that the XP supplicant (with certain patches) will read the certificate and send a User-Name that is constructed from the certificate CN (host/ + cert CN); thus rendering the whole
checking the CN
On 11/9/05, Raoul Demour [EMAIL PROTECTED] wrote:
Does anyone have ever tried JRadius (jradius.sf.net)?As I'm more familiar whith Java than C, Iwonder if I'm not going to use it to handleEAP-SIM (I am not completly sure I can do so, but if
it is possible I will do so).As I understand it, JRADIUS
Lenir wrote:
Can anyone please help me with this?
Thanks,
Lenir
Just a thought. Create a 3rd group with the attributes you need?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Lenir
Sent: Wednesday, November 02, 2005 7:34 PM
To: 'FreeRadius
Hi Dusty,
Now, I'm running freeradius 1.0.5 on freebsd 5.4. We handle about
75,000 logins per day between 3 servers and are using openldap as a
backend, which stores about 400,000 users. We use radrelay to push all
the accounting into a mysql db.
Can you comment on the accounting record
Hi Dusty,
Now, I'm running freeradius 1.0.5 on freebsd 5.4. We handle about 75,000
logins per day between 3 servers and are using openldap as a backend, which
stores about 400,000 users. We use radrelay to push all the accounting
into a mysql db.
Can you comment on the accounting record
Dan Newcombe [EMAIL PROTECTED] wrote:
The short of it is I'm trying to get 802.1x with PEAP to be proxied by
freeradius to an ias radius server.
Start simple. Use PAP, and radtest to send the packets. If that
makes FreeRADIUS proxy the packets, then go to PEAP. Otherwise,
you're test is
Dusty Doris [EMAIL PROTECTED] wrote:
Our authentication structure is quite different as we are looking more for
availability. But in the accounting world, we can afford to delay the
records if needed.
That's a great description. It should be a howto, or whitepaper.
In the CVS head,
Matthew Horoschun [EMAIL PROTECTED] wrote:
Can you comment on the accounting record rate that you're achieving?
We're currently testing FreeRadius and I'm seeing a performance ceiling
of about 200 accounting records per second.
That's really a function of the back-end database. If you
33 matches
Mail list logo
