Alan DeKok wrote:
Alexander Serkin [EMAIL PROTECTED] wrote:
I'm still trying to investigate the problem with one of my AAA servers.
It's a problem with the DB, not with the server.
I understand this, Alan. My experiments with hiding assertion strings in
request_list.c came into failure.
Hello Members,
I am using FR-1.0.1, unixODBC 2.2.11, Sybase ODBC-12_5 drivers on FC5. I
have problem version of FR because of I couldn't upgrade it. New
versions of FR does not send cisco attributes in access reject replies.
I can only work with FR-1.0.1. I want to the attribute Cisco AVPair +=
IEEE 802.11f was a Recommended Practice (not a Standard) issued by IEEE Standards Association, 802.11 group.I know it was deprecated due to reading minutes of recent meetings, accessible to participants.
They are the ones that maintain it's status. They have websites, but none dedicated to it in
I know that this question was answered so many times cause i read almost all the q/a but i am very a beginner to all Linux world and especially custom configuration , compiling editing and so on ... but i am very interested in learning all of this new technic but i need some help ... can u guys
Hi all
We’ve just upgraded to a Cisco 7304 from a Cisco 7204 and are seeing some
problems
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.405 / Virus Database: 268.10.9/417 - Release Date: 11/08/2006
-
List info/subscribe/unsubscribe? See
hi guys
i have problem and hope u help me if u can and i'll be really so thankfull.
i have to use free radius on linux to connect to switch and do authentication and authorization
so please can any one tell me the steps of doing this mission cuz i didn't treat it before
as soon as possible .
Hi, I have implemented freeradius for PIX525as a authentication server. Radius is running fine in authenticating users, who wants theconsole access of PIX. In AAA Authentication i have configured FALLTHROUGH for RADIUS as a LOCAL Database means whenever RADIUS service goes down
Hi,
I have a cisco PDSN
sending me accouting update packets every 10minutes, This packet is also sent to
the servers which I have realms with. I don't want these update accounting
packets to be send to the realm server. Is there any way only to allow the start
and start accounting packets
On Tue 15 Aug 2006 10:15, John Williams wrote:
Hi all
We’ve just upgraded to a Cisco 7304 from a Cisco 7204 and are seeing some
problems
We are sorry to hear that. Have you tried asking someone for help with your
problem?
--
Peter Nixon
http://www.peternixon.net/
PGP Key:
(Hopefully this one will go through)
Hi, I've been playing around with FreeRadius for a bit and was
wondering if it is possible to have an authorisation chain,
something like:
My first Auth method is using certificates, if this method fails,
try to auth using login/passwd with mysql, and if this
On Monday 14 August 2006 21:27, Alex French wrote:
Boian,
Thanks, if you have a patch that actually implements the hash for the
operator etc, that would be great (in fact, why not just submit it as a
feature). If it's just to c-
List info/subscribe/unsubscribe? See
On Monday 14 August 2006 21:27, Alex French wrote:
Boian,
Thanks, if you have a patch that actually implements the hash for the
operator etc, that would be great (in fact, why not just submit it as a
feature). If it's just to change the operator hardcoded in rlm_perl.c,
that's fine, I have
Igor Smitran [EMAIL PROTECTED] wrote:
I have Mikrotik. It can export netflow data but i am not sure what
freeradius can do with that?
Nothing. You will need a netflow server.
Is it possible to have all netflow for that
client inserted into database somehow? Please provide some URL because
Ok for some reason the whole email I typed didn't send, just the first line.
Lets try again.
Right we have just upgraded our 7204 to a 7304.
We just copied the config across to the 7304 more or less.
We send a Radius attribute to certain users that will assign a route map to
direct their web
Step 1, Read!!!
http://wiki.freeradius.org/index.php/Main_Page
http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ
http://www.onlamp.com/pub/a/onlamp/excerpt/radius_5/index1.html --this
is a good read.
Do a google search for radius install howto for your distro.
Once installed read through
Hi John
This looks like something you should take up with Cisco TAC as the cisco quite
clearly says thats its not applying the attribute you are sending it.
Cheers
Peter
On Tue 15 Aug 2006 16:18, John Williams wrote:
Ok for some reason the whole email I typed didn't send, just the first
Hello,
I have problems when I comment the file huntgroups like this: (comments
on the third column)
Switchs NAS-IP-Address == 10.195.132.7 # test
Switchs NAS-IP-Address == 10.195.132.8 # testbps2000
Switchs NAS-IP-Address == 10.195.132.9 # test450
I get
Yes I would agree normally.
But we don't currently have a valid support contract for the Cisco so I'm
hoping someone may have come across this before or maybe familiar with the
7304.
John
-Original Message-
From: freeradius-users-
[EMAIL PROTECTED]
[mailto:freeradius-users-
[EMAIL
Igor Smitran wrote:
netflow server ?
Alan DeKok.
Yes, i know about cflowd and similar netflow tools. I was thinking that
maybe there is some solution that can help me to insert flow data for
particular user into database together with total octets in, octets out
upon disconnect.
There
Alexander Serkin [EMAIL PROTECTED] wrote:
And i feel that Oracle is not good production server for radius
accounting. Or the DB structure is not optimal for our application.
I know of Oracle installations with 400k users. And the default
schema works with installations of millions of users.
Hasan Ovuc [EMAIL PROTECTED] wrote:
I am using FR-1.0.1, unixODBC 2.2.11, Sybase ODBC-12_5 drivers on FC5. I
have problem version of FR because of I couldn't upgrade it. New
versions of FR does not send cisco attributes in access reject replies.
See src/main/util.c, function rfc_clean().
ajay raut [EMAIL PROTECTED] wrote:
After 10 min. PIX succefully falling back on RADIUS for
authentication that means there is atleast 10 min. of delay to again
start the Authentciation from RADIUS in PIX.
If there isn't a configuration parameter in PIX to control that,
you're probably better
On Tue 15 Aug 2006 15:51, Igor Smitran wrote:
Igor Smitran [EMAIL PROTECTED] wrote:
I have Mikrotik. It can export netflow data but i am not sure what
freeradius can do with that?
Nothing. You will need a netflow server.
Is it possible to have all netflow for that
client inserted
Hmmm.. Well, as this is clearly a cisco problem and not FreeRADIUS (according
to your logs) you will probably get more love from a cisco mailing list
([EMAIL PROTECTED] for example). I unfortunately have not come across
the problem before.
Cheers
Peter
On Tue 15 Aug 2006 17:37, John
Peter Nixon [EMAIL PROTECTED] wrote:
Aside from tinkering with FreeRADIUS code (and running a large number of
production servers) I also tinker with and run pmacct which I highly
recommend as a netflow/sflow solution. We have a number of deployments of
both on the same Postgresql backend and
Thomas BAUDELET [EMAIL PROTECTED] wrote:
I have problems when I comment the file huntgroups like this: (comments
on the third column)
Switchs NAS-IP-Address == 10.195.132.7 # test
That isn't supported.
How to add comments at the end of a line ? I don't want to have a file
Peter Nixon [EMAIL PROTECTED] wrote:
Aside from tinkering with FreeRADIUS code (and running a large number of
production servers) I also tinker with and run pmacct which I highly
recommend as a netflow/sflow solution. We have a number of deployments of
both on the same Postgresql backend and as
Michael da Silva Pereira [EMAIL PROTECTED] wrote:
I have a cisco PDSN sending me accouting update packets every 10minutes,
This packet is also sent to the servers which I have realms with. I don't
want these update accounting packets to be send to the realm server. Is
there any way only to
On Tue 15 Aug 2006 19:21, Igor Smitran wrote:
Peter Nixon [EMAIL PROTECTED] wrote:
Aside from tinkering with FreeRADIUS code (and running a large number of
production servers) I also tinker with and run pmacct which I highly
recommend as a netflow/sflow solution. We have a number of
Yes Peter, you are right. My fault. I only tried netflow tools, i never used
those in production envrionment. I just checked and saw that i need to pull
data from collector, while collector is receiving data from routers. That
said it is not possible to have accurate data at disconnect. Sorry
Hi,
I have clients constantly trying to authenticate off
of freeradius after being rejected. How do I set
freeradius to deny or timeout a user from
authenticating after three attempts? This is
authenticating off mysql database . I am not exactly
sure if the change is in sql.conf or
I'm running FreeRadius 1.1.0 on Red Hat Linux, and appear to be running into
an issue where heavy load causes rlm_proxy to stop responding. If I restart
radiusd, authentication will be properly proxied for 15-30 seconds, at which
point I see incoming Access-Request messages logged, but I don't
On 02/08/06, Colm Ennis [EMAIL PROTECTED] wrote:
hiya,does anyone know if users/sql authentication based on the NAS-Port-Idfield possible? and if so how?Colm,What are you going to authenticate? If they can use any username/password, then are you just checking whether a port is active or inactive?
Geoff Silver [EMAIL PROTECTED] wrote:
I'm running FreeRadius 1.1.0 on Red Hat Linux, and appear to be
running into an issue where heavy load causes rlm_proxy to stop
responding. If I restart radiusd, authentication will be properly
proxied for 15-30 seconds, at which point I see incoming
Hello,
In my users file I
have rules that link ldap groups to hunt groups, possibly with
suffixes.
They look something
like this:
DEFAULT Ldap-Group
== `%{Huntgroup-Name}`
Access-Level := RW, Service-Type =
Administrative-User, Cisco-AVPair
:= "shell:priv-lvl=15",
35 matches
Mail list logo