hello list,
i'm using freeradius 1.1.0 with mysql 5.0.x and dialup_admin
i want to use the monthly counter function of the sqlcounter module.
I've added
checkItem MaxMonthlySession MaxMonthlySession to sql.attrmap
also added: MaxMonthlySession to user_edit.attrs
in the radiusd.conf
Can anyone tell me why I am getting trashed passwords when attempting to
authenticate?
Login incorrect: [nickm/d\313f`\247+4\203\360/\367]
Nick Marino - IT Solutions
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
what does radiusd.conf says about encryption lines?
it is not really trashes, it is encrypted.
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
.org] On Behalf Of Nick Marino
Sent: Tuesday, February 07, 2006 10:39 AM
To: freeradius-users@lists.freeradius.org
Can anyone tell me why I am getting trashed passwords when attempting to
authenticate?
Login incorrect: [nickm/d\313f`\247+4\203\360/\367]
Looks like your secrets in clients.conf don't match what your NAS has.
--
Lewis Bergman
Texas Communications
4309 Maple St.
Abilene, TX 79602-8044
Off.
Hi
Some time ago there was a question about rlm_ippool and if it was
possible to group them ie
ippool main_pool_1 {}
ippool main_pool_2 {}
accounting {
group main_pool {
main_pool_1
main_pool_2
}
sql
}
post-auth {
group main_pool {
main_pool_1
Hypothetically situation:
You have users logged into a NAS. the NAS goes down without warning (power failure...) Users who where logged in now have sessions which are not complete (acctstoptime is set to NULL). In my case Simultaneous logins is disabled and need to be so. Therefore once the NAS
We have the following problem arising form the eduroam project.
Our university radius server sets VLAN information based on user
attributes form the LDAP directory.
This works fine when the system is used internally. However when our
user authenticates while visiting another institution, this VLAN
Thank you very much for your reply.
Let me phrase my question differently.
In particular, we have a problem that when a NAS goes down, we get a stale session in radacct. It stays there indefinitely.
How can we clean this up?
View this message in context: RE: NAS online/offline?
Sent from the
A stale session in radacct could happen simply due to the loss of a
udp packet with the accounting information in it. RADIUS is totally
stateless and has no reliable mechanism for deciding if a user is
present or not.
If simultaneous use relies entirely upon the contents of radacct, it's
very
Nick Marino - IT Solutions
- Original Message -
From: Lewis Bergman [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Tuesday, February 07, 2006 5:56 AM
Subject: [radius] Re: Auth question
Can anyone tell me why I am getting trashed
Title: Using STORED PROCEDURE with Freeradius
Hi,
For some reasons I've to use Stored procedure With Freeradius but I am getting following error from mysql:
Error: 1312 SQLSTATE: 0A000 (ER_SP_BADSELECT)
Message: PROCEDURE %s can't return a result set in the given context
You can
Maybe you are not loading the right dictionary for your NAS?
On Feb 7, 2006, at 4:36 PM, Nick Marino wrote:
Nick Marino - IT Solutions
- Original Message - From: Lewis Bergman [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-
[EMAIL PROTECTED]
Sent: Tuesday, February
if you cannot ping the NAS, probably it is
down.
however, when your NAS updates its accounting, radius will
no be aware to remove its stale sessions,
i believe, the time taken here depends on how your NAS
updates accounting packets to your RAS.
with my case it is from 2 minutes to 10
Nick Marino - IT Solutions
- Original Message -
From: futhwo [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Tuesday, February 07, 2006 9:57 AM
Subject: Re: [radius] Re: Auth question
Maybe you are not loading the right dictionary for
Ladies and gents... We have lift off. Thanks!
--joeyOn 2/6/06, Alan DeKok [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] wrote: I've taken out the LDAP section in users - so it's exactly the same as the default users file. ldap is now listed after mschap in authorize {}. Trying again, I get the
Use sql radius accounting logging
modify the table to have a timestamp field
modify the server queries if neccessary
run an external script/process that checks for all acctstoptime=0 and
timestamp (current_time - (expected_update_interval*2))
updates them all with acctstoptime = timestamp.
nikwan (sent by Nabble.com) wrote:
Hypothetically situation:
You have users logged into a NAS. the NAS goes down without warning
(power failure...) Users who where logged in now have sessions which are
not complete (acctstoptime is set to NULL). In my case Simultaneous
logins is disabled and
Tomasz Wolniewicz [EMAIL PROTECTED] wrote:
Our university radius server sets VLAN information based on user
attributes form the LDAP directory.
This works fine when the system is used internally. However when our
user authenticates while visiting another institution, this VLAN
information
Nick Marino [EMAIL PROTECTED] wrote:
that could be possible, the only one that is being included is the compat
and freeradius and other than whats in the main dictionary file itself.
The dictionaries have nothing to do with the passwords or shared secrets.
When I try to include the ascend
When a client try to log in with an valid certificate it works. But I
get this error:
TLS_accept:error in SSLv3 read client certificate A
Tue Feb 7 18:34:53 2006 : Info: rlm_eap_tls: Received EAP-TLS ACK message
Tue Feb 7 18:34:53 2006 : Info: rlm_eap_tls: Received EAP-TLS ACK message
Tue Feb
Nick Marino [EMAIL PROTECTED] wrote:
Only when NAS send the request to FR does it generate that garbled password.
Then the shared secret is wrong.
Or, there's a bug in the server that mangles the password only for that NAS.
Which is more likely?
Alan DeKok.
-
List
Alan DeKok napisał(a):
Tomasz Wolniewicz [EMAIL PROTECTED] wrote:
Our university radius server sets VLAN information based on user
attributes form the LDAP directory.
This works fine when the system is used internally. However when our
user authenticates while visiting another
Mike O'Connor [EMAIL PROTECTED] wrote:
Do any one have any idea of how this could be made to work and/or have I
not got this configuration correct.
I think it may work in the CVS head.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
=?ISO-8859-15?Q?Frank_B=FCttner?= [EMAIL PROTECTED] wrote:
When a client try to log in with an valid certificate it works. But I
get this error:
TLS_accept:error in SSLv3 read client certificate A
Ignore it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
System hangs with Apache SSL mod_auth_radius sending authentication
information to a radius - mysql server.
Hi everyone,
I am having a problem with my apache web server hanging and am looking for
help. I have check the log files and am finding nothing to indicate the cause of
the system
Nick Marino - IT Solutions
- Original Message -
From: Alan DeKok [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Tuesday, February 07, 2006 11:49 AM
Subject: Re: [radius] Re: Auth question
Nick Marino [EMAIL PROTECTED] wrote:
that
Nick Marino - IT Solutions
- Original Message -
From: Alan DeKok [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Tuesday, February 07, 2006 11:50 AM
Subject: Re: [radius] Re: Auth question
Nick Marino [EMAIL PROTECTED] wrote:
Only when
Alan DeKok wrote:
Can you not key off of the NAS information, and *not* add VLAN data,
then?
I am not sure what you mean by that. Using NAS information is the only
thing that came to our minds, that is we create a large hunt group
containing all local NASes and add VLAN data only when this
Nick Marino [EMAIL PROTECTED] wrote:
Its more likely that the password is wrong but, I am sure that they are the
same.
If the password is wrong, then you'll see the wrong password, rather
than ranbom binary nonsense.
Shared secret has been the same in the nas for 3 years now and it has
The only files I know of that use the secret password are clients.conf
and proxy.conf. Make sure your clients.conf has an entry for your NAS
with the correct IP address and the correct secret. I don't think
you'll need to touch the proxy.conf file; its used for proxying RADIUS
requests that
Hi guys.
When building FreeRADIUS on Solaris, which compiler should i use ?
Has anyone built FR with the Sun compiler ?
Thanx
Paul
signature.asc
Description: This is a digitally signed message part
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Is there an easy way to see what password is being sent to FR when the pass is sent as Chap-Password ?-- respectfully, Joseph
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Yes I dont think its a NAS problem at all.
The garbled password you are seeing that I sent is the users actual
password. When that request comes from the nas and rlm_pap tries you auth
it, the password is showing up like that. if you look at what I posted you
will see it is a
Joseph [EMAIL PROTECTED] wrote:
Is there an easy way to see what password is being sent to FR when the pass
is sent as Chap-Password ?
No. It's a one-way transformation.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Tomasz Wolniewicz [EMAIL PROTECTED] wrote:
I am not sure what you mean by that. Using NAS information is the only
thing that came to our minds, that is we create a large hunt group
containing all local NASes and add VLAN data only when this is hit. But
we did not manage to make any comparison
Alan DeKok wrote:
Mike O'Connor [EMAIL PROTECTED] wrote:
Do any one have any idea of how this could be made to work and/or have I
not got this configuration correct.
I think it may work in the CVS head.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
I been told that I need to configure ascend-data-filters to pass ADF's
to make port 25 work for our dialup users. Does he mean something like
this?
Ascend-Data-Filter = ip in forward destport = 25
**
Computer problems? ...
Hi,
Thanks for the answers. Well after testing a while and checking the dusty
radkill script, I´d like to comment, for the mailing list archive, about
what I tested/found:
- For the record: Freeradius can´t kick a logged user. There's no
configuration option on radiusd.conf or something to kick
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all
In the 'users' file, I have the following lines:
DEFAULT Huntgroup-Name == Security-Devices, LDAP-Group ==
group1, Proxy-To-Realm := 'innerradius'
Class:=OU=vpngroupa;,
Fall-Through = No
DEFAULT Huntgroup-Name ==
2006/2/7, Saeed Ahmed [EMAIL PROTECTED]:
Hi,
For some reasons I've
to use Stored procedure
With Freeradius but I am getting following error from mysql:
Error: 1312 SQLSTATE: 0A000 (ER_SP_BADSELECT)
Message: PROCEDURE %s can't return a result set in the given context
You can
40 matches
Mail list logo
