Hi all. Thanks for your reply gunther. Can you explain a bit of what might happen when radius start duplicating/recording/receiving the same user information 3 times in a row and some cases might be more, maximum i got is 7 times in mysql database. what brings u to that solution? Or is there anyo
Hello all
Can I have multiple authentication queries in sql.conf file. There are
different ways by which we want to autheticate the users. I will let you
know what I exactly want. I want to authenticate users based on the CLID
and the remote ip address. The problem is that the remote address has to
"King, Michael" <[EMAIL PROTECTED]> wrote:
> I wonder if this has something to do with this bug that got squashed
>
> 2006.03.20 v1.0.5, and v1.1.0 - A validation issue exists with the
> EAP-MSCHAPv2 module
No. EAP-MSCHAP doesn't do TLS, and that code change cannot affect
anything but peop
Hi,
I'm just posting my experiences in building v1.1.1 in case it is of use
to anyone else with similar problems. My system is Solaris 10 Sparc,
Freeradius v1.1.1, OpenSSL 0.9.8a, Sun compiler version 5.7 (SunStudio 10).
I ran configure like this:
./configure --with-raddbdir=/usr/local/etc/
Hi again guys,
Sorry for my previous mail but I've had a mistake in my radclient
command line !!
echo "User-Password = tata, User-Name = tata, *Accounting-Status-Type =
Start*" | radclient -x -d /usr/local/etc/raddb/ radius:1813 acct whatever
=> BAD
echo "User-Password = tata, User-Name = t
Hi,
I've always got the same problem with accounting informations...sorry to
query you one more time !!
But I've made a new test with radclient and I have this log (maybe it
will be helpfull)
> echo "User-Password = tata, User-Name = tata, Accounting-Status-Type
= Start" | radclient -x -d
[EMAIL PROTECTED] wrote:
> I am running a version of FreeRadius < 1.0.0. Is there a patch path
> to upgrade to v1.1.1? Or must I rebuild completely from source?
You must rebuild completely from source. There is no patch path.
You will probably also have to update your config files, too.
Norman Elton <[EMAIL PROTECTED]> wrote:
> Looking at the documentation and proxy.conf, I see that FreeRadius
> can do all sorts of proxying based on the username. Can it determine
> the correct proxy server by checking the value (or existence) of a
> particular attribute?
Yes.
DEFAULT Som
gARetH baBB <[EMAIL PROTECTED]> wrote:
> I'm going to be just as unhelpful for the moment, but I can confirm
> something weird is going on with HUP and eap_tls.
If it works in 1.1.0 and not 1.1.1, then there's a bug in the server.
I have no idea how to track it down, though.
Alan DeKok.
"Duane Cox" <[EMAIL PROTECTED]> wrote:
> can ANYONE provide some advise on this?
You should be able to use regular expressions to do this.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Mon, 27 Mar 2006, Alan DeKok wrote:
> That is singularly unhelpful.
>
> I'm not sure what else to suggest at this point. Maybe the server
> doesn't have permission to read the file?
I'm going to be just as unhelpful for the moment, but I can confirm
something weird is going on with HUP
can ANYONE provide some advise on this?
Thanks
Duane Cox
Hello List
I've just replaced our previous radius server with freeRADIUS 1.1.1
Apparently the previous server had the ability to "trim the username"
with
a
pre "\" and post "@" character
So if someone passed the User-Name as "[EMAIL
"King, Michael" <[EMAIL PROTECTED]> wrote:
> How would I create those traces? (I'm looking for a suggested command
> line, since I don't normally use those programs)
I'd suggest gdb, and do it in a testing environment if at all
possible, to avoid hitting your main server. Also, you *must* have
> -Original Message-
> From:
> adius.org] On Behalf Of Alan DeKok
>
> Until we can get more information about what's happening
> (strace/ktrace, or gdb backtrace), there isn't much anyone
> can do to fix it.
How would I create those traces? (I'm looking for a suggested command
line,
Hello,
Looking at the documentation and proxy.conf, I see that FreeRadius
can do all sorts of proxying based on the username. Can it determine
the correct proxy server by checking the value (or existence) of a
particular attribute? I'd like to forward all PEAP requests to one
server, and
I am running a version of FreeRadius < 1.0.0. Is there a patch path
to upgrade to v1.1.1? Or must I rebuild completely from source?
--johnk
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Atkins, Dwane P wrote:
> 1.) Since I attempting to use the sql database for authentication
> purpose,
No you are not. You are trying to use sql for AUTHORIZATION.
FreeRADIUS will do the AUTHENTICATION based on what it finds in the
database during the AUTHORIZATION phase. Understand that and it w
Alan DeKok wrote:
[EMAIL PROTECTED] wrote:
i would like to use a two-factor authentication.
- all pcs that want to connect to the wireless network need a
certificate signed by CA
- users must authenticate with their user/pass active directory
I don't think th
Uh, huntgroups?
J.
> -Oorspronkelijk bericht-
> Van: freeradius-users-
> [EMAIL PROTECTED]
> [mailto:freeradius-users-
> [EMAIL PROTECTED] Namens John
> Mylchreest
> Verzonden: maandag 27 maart 2006 15:00
> Aan: FreeRadius users mailing list
> Onderwerp: RE: Different user attributes bas
"Andy Coates" <[EMAIL PROTECTED]> wrote:
> Returning unique fields for each user
> based on the NAS-IP-Address doesn't seem possible?
Yes, it's possible. Just key off of the NAS-IP-Address and send
different replies. You don't need huntgroups or anything else.
> That aside, does anyone know i
[EMAIL PROTECTED] wrote:
> i would like to use a two-factor authentication.
> - all pcs that want to connect to the wireless network need a
> certificate signed by CA
> - users must authenticate with their user/pass active directory
I don't think that will work. From what I u
Stefan Winter <[EMAIL PROTECTED]> wrote:
> Interesting. This morning I encountered again that radiusd was claiming to be
> still listening on its ports, but didn't process anything any more. As other
> logs showed, someone logged into an Access Point via TTLS at 8:22 and at 8:25
> the Nagios Mon
"Eliot, Wireless and Server Administrator,
Great Lakes Internet" <[EMAIL PROTECTED]> wrote:
> I am proxying the packets from the Cisco through the FreeRADIUS server
> to the IAS server. EAP messages are exchanged between the supplicant and
> the IAS server; the Cisco AP and FreeRADIUS serve
Ben Thompson <[EMAIL PROTECTED]> wrote:
> Fri Mar 24 15:37:19 2006 : Info: rlm_eap_tls: Loading the certificate
> file as a chain
> Fri Mar 24 15:37:19 2006 : Error: rlm_eap: SSL error error:0906D06C:PEM
> routines:PEM_read_bio:no start line
That is singularly unhelpful.
I'm not sure what els
Hi,
We will try the new version and see if the problem was fixed.
Thanks a lot.
Natalia.
On 3/27/06, Turtiainen, Tero <[EMAIL PROTECTED]> wrote:
>
> Hi,
>
> > From: "Natalia Escalera" <[EMAIL PROTECTED]>
> >
> > I was wondering if someone has any idea of how to solve the problem of
> > special c
I would like to use sqlcounter to limit the max number of bytes a user can
download via a NAS. My NAS supports this, but I need sqlcounter to return a
different attribute (eg. RecvLimit) and not Session-Timeout.
I have also seen that this is possible with the counter module but not
with sqlcount
Does anyone know of any freeRadius training classes?
Thanks
Archana
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> > Since you seem to know something about this, can you either:
> >
> > A) Explain what the "extended key oid nonsense" is?
> > B) Point me to some place I can read about it?
>
> http://www.freeradius.org/doc/
>
> See the EAP-TLS stuff.
>
> Microsoft requires magic stuff in the server ce
Just for some reference (Trying to find commonalities):
What OS/Distro are you?
I'm Debian testing release
How did you Install? (Prebuilt binary / created local package and install /
install from source)
I created a local Debian package, and installed it.
What modules did you enable?
Funnily enough, I asked the very same thing recently. We do it quite crudely at
the moment, but it works.
We add an nshortname field to radreply/anything else necessary, and in sql.conf
we link it to the user reply. Ie:
Something like this would work:
authorize_reply_query = "SELECT radreply.i
Hi,
> From: "Natalia Escalera" <[EMAIL PROTECTED]>
>
> I was wondering if someone has any idea of how to solve the problem of
> special characters(e.g. $) in FreeRadius 1.1.0.
Have you tried FreeRADIUS 1.1. which was released last week?
According to the ChangeLog the bug #261 has been fixed and
Hey,
Is this even possible?
The basic problem is that I have 2 devices that will use the same username.
For example, one device handles dialup, one handles DSL. I'd like the user
to have the same username, and depending on the NAS sending the request the
correct IP/Netmask would be returned.
I
hi
i am trying to configure freeradius to authenticate wireless users.
i would like to use a two-factor authentication.
- all pcs that want to connect to the wireless network need a
certificate signed by CA
- users must authenticate with their user/pass a
33 matches
Mail list logo