Ok, let me try to get that straight - i can't use ldap in authorization section of radiusd.conf (or in users file) and connect to radius with WinXP client. But i can use something else instead and still connect to radius with ldap accounts, right?
John wrote:However, in my LDAP directory, it
Okey i tried some things out and noticed, that what John pasted definitly
isn't .ldif file. And if i set Auth-Type to LDAP in users file or if i
uncomment it in authorize section of radiusd.conf -- isn't the same! If i
set ldap in radiusd.conf i get rlm_ldap: no dialupAccess attribute - access
Anyone got any ideas on this? I'm a little stuck as to where to start..
-- joe.
On 1 Aug 2006, at 13:42, Joe Warren-Meeks wrote:
Oops, should point out that I'm currently using the following line
to get the URL into the access-request:
echo User-Name = joe, Password = testing,
Hi all.
We have some trouble with fr-1.1.2 Oracle-9.2.0.6 Solaris 9.
The process dies periodically with the error:
Thu Aug 3 14:27:43 2006 : Error: Assertion failed in request_list.c,
line 1012
FR is built with the following configuration:
./configure \
--with-ltdl-lib=libltdl \
Joe Warren-Meeks wrote:
Anyone got any ideas on this? I'm a little stuck as to where to start..
I don't know how you'd do it with a database, but with the users file,
it'd be something like:
username incoming-req-uri != http://foo.com/bar;, Auth-Type := Reject
Reply-Message = You
Tilen wrote:
Ok, let me try to get that straight - i can't use ldap in authorization
section of radiusd.conf (or in users file) and connect to radius with
WinXP client. But i can use something else instead and still connect to
radius with ldap accounts, right?
Wrong. You're very confused
This puts it into the access-request and the radius server sees it
rad_recv: Access-Request packet from host 127.0.0.1:32770, id=106,
length=79
User-Name = joe
User-Password = testing
incoming-req-uri = http://www.blibble.net/path_to;
Processing the authorize
Phil Mayers wrote:
Wrong. You're very confused about how this work.
Your original mail states you want to do EAP-PEAP+MS-CHAP for wireless
auth.
Unless your LDAP directory contains the plaintext password or the NT
hash, what you want to do is impossible. If it does contain the
Stuckzor wrote:
Thank you, your reply was very usefull, and yes, i am confused about how
this things work and i am not ashamed to admit it, but it's getting clearer
pretty rapidly :) Now i have one last question (or at least i hope so) -
which choice is more viable, using EAP-PEAP+MS-CHAP for
Hi,
I am currently
trying to setup a bandwidth prepaid realm, Whereby clients buy 1G, 2G, 10Gigs,
or watever. Then I need my radius server to disconnect these people as soon as
this number is hit, is there anyway to do this.
I am running a cisco
PDSN as my NAS, I've already looked at
On 3 Aug 2006, at 11:50, Phil Mayers wrote:
Hey Phil,
Basically, there are lots of ways of doing what you want to do.
From what I remember about the SQL backend, it should just be a
case of putting:
insert into radchech (username,attribute,op,value) values (
'username',
I don't know about cisco PDSN but Mikrotik supports Recv-Limit and Xmit-Limit. Check if your NAS supports something similar. I don't know about the possibility or using rlm_sql_counter for something similar to Max-All-Session-Time (Max-All-Session-Bytes?).Michael da Silva Pereira [EMAIL
Thank you again, you were very helpful, but still i have issues. That's
bugging me:
Only under these circumstances:
1.)I have ldap in authenticate section
2.)AUTH-TYPE set ot LDAP in users fileand
3.)MUST NOT have ldap under authorize section of radiusd.conf.
Only with this config i get
Thak you Alan for the answer.
--- Alan DeKok [EMAIL PROTECTED] escribió:
Alejandro Sanchez [EMAIL PROTECTED] wrote:
I need return an attribute in bcd format (binary
code
decimal) anybody knows is freeradius has a
mechanism
to do this?
There is no standard way to do this.
radius_xlat: '/var/log/radius/radacct/192.168.1.35/detail-20060803'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.1.35/detail-20060803
modcall[accounting]: module detail returns ok for request 0
modcall[accounting]: module unix returns
On 8/3/06, Stuckzor [EMAIL PROTECTED] wrote:
1.)I have ldap in authenticate section
2.)AUTH-TYPE set ot LDAP in users fileand
3.)MUST NOT have ldap under authorize section of radiusd.conf.
Only with this config i get access-accept with radtest (i tried all possible
combinations of those 3). I
George,
Thanks for your reply. Unfortunately, the FreeRadius documentation and
support is so abysmal and my experience too limited to make good use of
the advice you gave. Each OSS package has its benefits and weaknesses I
guess. For instance I've used ISC DHCP server for years and it has
P. K. [EMAIL PROTECTED] wrote:
Thanks for your reply. Unfortunately, the FreeRadius documentation and
support is so abysmal and my experience too limited to make good use of
the advice you gave. Each OSS package has its benefits and weaknesses I
guess. For instance I've used ISC DHCP server
Alexander Serkin [EMAIL PROTECTED] wrote:
We have some trouble with fr-1.1.2 Oracle-9.2.0.6 Solaris 9.
The process dies periodically with the error:
Thu Aug 3 14:27:43 2006 : Error: Assertion failed in request_list.c,
line 1012
It's probably because your DB is slow. See the logs for
Hi,
Thanks for your reply. Unfortunately, the FreeRadius documentation and
support is so abysmal and my experience too limited to make good use of
the advice you gave. Each OSS package has its benefits and weaknesses I
thousands of others would disagree with you - perhaps as many would
http://deployingradius.com/documents/configuration/auth_type.html
Many web sites contain all sorts of recommendations about Auth-Type.
This one is correct.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List
Martin Ovenstone [EMAIL PROTECTED] wrote:
Can someone help me to get the erx vsa attributtes into the mysql.
As I can see they are processed correctly, but the sql statement is
empty for this part.
The SQL statement you posted doesn't reference ERX anywhere in it.
Therefore, they won't go
And Mr. Friendly wrote:
Yes. It's clear you're not willing to pay for FreeRADIUS support,
and would rather go with a commercial solution.
Huh? Well, that comment makes no sense but I'll try to squeeze something useful out of it Just so I'm clear, because this would be news to me,
I already sent separate email to P.K. with details of our setup, since
it seems to be close to what he wants to do. A couple of comments on
this discussion:
P. K. [EMAIL PROTECTED] wrote:
Thanks for your reply. Unfortunately, the FreeRadius documentation and
support is so abysmal ...
Alan
Hi Alan
Thanks very much, it is working fine now.
Martin
Martin Ovenstone [EMAIL PROTECTED] wrote:
Can someone help me to get the erx vsa attributtes into the mysql.
As I can see they are processed correctly, but the sql statement is
empty for this part.
The SQL statement you
P. K. [EMAIL PROTECTED] wrote:
And Mr. Friendly wrote:
Yes. It's clear you're not willing to pay for FreeRADIUS support,
and would rather go with a commercial solution.
Huh? Well, that comment makes no sense but I'll try to squeeze
something useful out of it Just so I'm clear,
George C. Kaplan [EMAIL PROTECTED] wrote:
I've never complained on this mailing list about the quality of the
documentation, because I already know the answer I'll get: Write
something better and submit it. When I get time (IF I get time) I'll
do that. Until then, I'll make do with what's
Alan DeKok wrote:
Lawrence Shafer [EMAIL PROTECTED] wrote:
Here is the last part of the debug. If you need it all let me know I
don't see anything wrong, but maybe you do. Am I using the wrong kind of
authentication (rlm_chap: Setting 'Auth-Type := CHAP')? Thanks!
No. You have
Lawrence Shafer [EMAIL PROTECTED] wrote:
I Do not understand how to set this up for chillispot. How do I tell the
server the passwords are crypted?
You already have. And that makes CHAP impossible.
And if I shouldn't use CHAP, what should I use, and how do I change
it? I can't seem to get
29 matches
Mail list logo