On Tue, 19 Sep 2006, Alan DeKok wrote:
|->Keith Woodworth <[EMAIL PROTECTED]> wrote:
|->> This has been uncommented in radiusd.conf since the start. Which part of
|->> the SQL module needs to be configured? I'm not grokking that part.
|->
|-> See *all* references to "sql" in radiusd.conf. See do
,
> >
> > Thank you very much for lending me your time.
>
> That's ok. Thank you for testing the software...
>
> > I'm downloading freeradius-snapshot-20060919.tar.gz right now.
> >
> > Yes, my allocate-clear is configured exactly as Tuyan's
The radius server only has one interface and we do see the reply being
sent by the server to the switch. An ip has been set to VLAN 1 and the
radius server is part of that vlan. Switch ip is 10.9.19.5 and server
ip is 10.9.19.16, netmask is /24.
JF
-Original Message-
From:
[EMAIL PROTEC
Dan Geist <[EMAIL PROTECTED]> wrote:
> 1) check an SQL db for the encryption key and tokenize everything (if
> so, continue, else exit)
What do you mean by that?
> Now, I know that's a lot of info, but does FreeRadius have the
> flexibility to be able to do something like this?
So far as I c
This should all be possible natively in FreeRADIUS. If you wish you can of
course also use perl as well :-)
Cheers
Peter
On Wed 20 Sep 2006 00:57, Dan Geist wrote:
> Greetings, all. I'm a new user that's looking at FreeRadius because of
> some of it's features, but I'd like to figure out if it
Keith Woodworth <[EMAIL PROTECTED]> wrote:
> This has been uncommented in radiusd.conf since the start. Which part of
> the SQL module needs to be configured? I'm not grokking that part.
See *all* references to "sql" in radiusd.conf. See doc/rlm_sql.
Alan DeKok.
--
http://deployingradius.c
Hi, I am trying to figure out how can i support two sets of users on same DB (radius/MySQL), where one set of users are able to bank the time, and others not. For example. User A buys a plan that is good for 2 hour he/she logs in and after
1 hour logs out. One day after User A is again
ther than
> creating the pool in the BRAS)? I'm kinda stuck here with this.
>
> Thank you very much.
>
> On 9/19/06, Peter Nixon <[EMAIL PROTECTED]> wrote:
> > Hi Guilherme
> >
> > A couple of things.
> >
> > I just updated the cvs so freeradiu
Thank you very much, I will test it out
In the mean time I figured out to use radgroupcheck with values
Auth-Type=Reject and some users associated to that usergroup.
Thanks again!
06, Alan DeKok <[EMAIL PROTECTED]> wrote:
"Guilherme Franco" <[EMAIL PROTECTED]> wrote:
> The problem is, If PAID
Scott Lambert <[EMAIL PROTECTED]> wrote:
> /usr/local/etc/raddb/users[148]: Parse error (check) for entry DEFAULT:
> Unknown value Crypt for attribute Auth-Type
$ grep Crypt /usr/share/freeradius/dictionary*
Looks to be "Crypt-Local"
Alan DeKok.
--
http://deployingradius.com - The w
Greetings, all. I'm a new user that's looking at FreeRadius because of
some of it's features, but I'd like to figure out if it can replicate
what I'm currently doing before I start looking into a migration. My
current setup does the following (with openradius, mysql, perl, and a
PAM-securID module)
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Any harm in the above message?
-
List
On Mon, 18 Sep 2006, Alan DeKok wrote:
|->Keith Woodworth <[EMAIL PROTECTED]> wrote:
|->> While this is ok, how does radius get configured to use the sql table to
|->> send the replies, not the users file?
|->
|-> Look in radiusd.conf for "sql". You have to configure the SQL
|->module.
Snip fro
"Cliff Hayes" <[EMAIL PROTECTED]> wrote:
> No reponse. Allow me to restate the question.
Allow me to re-state the answer:
https://list.xs4all.nl/pipermail/freeradius-users/2006-September/056760.html
Please read the list, especially responses to your questions.
Alan DeKok.
--
http://dep
On Tuesday 19 September 2006 15:25, Garber, Neal wrote:
> I need to conditionally add a reply pair based upon Huntgroup-Name and a
> custom attribute. Pseudocode follows for what I'm trying to accomplish:
>
>
> If Huntgroup-Name == NetSensory then
>if LDAP-Group-Requirement == "NP-Admin" then
> Thank you very much.
>
> On 9/19/06, Peter Nixon <[EMAIL PROTECTED]> wrote:
> > Hi Guilherme
> >
> > A couple of things.
> >
> > I just updated the cvs so freeradius-snapshot-20060919.tar.gz is not
> > current enough. You need to get freeradius-snaps
"Guilherme Franco" <[EMAIL PROTECTED]> wrote:
> The problem is, If PAID != YES, the user is not found by the SELECT
> (correctly) but the request is still proxied to the ISP (normal proxy
> behaviour).
>
> What can I do to reject the request and not proxy it?
Configure an SQL module instance *j
On Tue, Sep 19, 2006 at 11:05:56AM -0400, Alan DeKok wrote:
> Scott Lambert <[EMAIL PROTECTED]> wrote:
> > I am trying to get the ability to authenticate users from a few
> > different password databases on the same server.
>
> But the database doesn't actually perform the authentication...
>
> >
f it works.
Is there any other way to success with 2 radius servers (other than
creating the pool in the BRAS)? I'm kinda stuck here with this.
Thank you very much.
On 9/19/06, Peter Nixon <[EMAIL PROTECTED]> wrote:
Hi Guilherme
A couple of things.
I just updated the cvs so fr
Hi Guilherme
A couple of things.
I just updated the cvs so freeradius-snapshot-20060919.tar.gz is not current
enough. You need to get freeradius-snapshot-20060920.tar.gz once it is rolled
latter tonight, or get the latest code from the repository using "cvs"
Secondly, Tuyan work
No reponse. Allow me to restate the question.
There in instructions in radiusd.conf that say
# To disable proxying, change the "yes" to "no", and comment the
# $INCLUDE line.
But, it appears that the $INCLUDE for proxy.conf is mandatory regardless of
whether proxying is done because it contai
I need to conditionally add a reply pair based upon Huntgroup-Name
and a custom attribute. Pseudocode follows for what I’m trying to
accomplish:
If Huntgroup-Name == NetSensory then
if LDAP-Group-Requirement == “NP-Admin”
then
pairadd(reply,
NetSensory-Permission, “np
On Tue 19 Sep 2006 19:48, Guilherme Franco wrote:
> Hello,
>
> I work in a Carrier and have an important question regarding SQL query
> check:
>
> I need to check a value in authorize_check_query (oracle-dialup.conf)
> to see if the user has paid his ADSL service. If he did paid the
> service, the
Le Tue, Sep 19, 2006 at 05:42:53PM +0200, Thibault Le Meur ecrivait:
> Hi All,
>
> Just an email to say that I had difficulties in finding on the web the
> pgp key used to make the release signature: maybe I have bad eyes...
> anyway, I think such an important information should be obvious to
>
Gentlemen,
Thank you very much for lending me your time.
I'm downloading freeradius-snapshot-20060919.tar.gz right now.
Yes, my allocate-clear is configured exactly as Tuyan's and that's why
I stated before that "regardless of my configuration in sqlippool.conf
and radius
Thibault Le Meur <[EMAIL PROTECTED]> wrote:
> Should it be possible to have a "quick" link in the web site home page
> (and in the download page) to the PGP key (available at the following
> URL http://www.freeradius.org/pgp/[EMAIL PROTECTED]).
I've added a link in the download page.
Alan D
HI, The freeradius is comunicate with the IAS through a proxy, but dont authenticate. The windows show me this error: "Event type: Error Source: IAS A malformed request was received from client . The data is the packet." The freeradius debug: modcall[authorize]: module "auth_log" returns ok
Do you have multiple interfaces in your radius server? Maybe you are replying
from a different IP..
-Peter
On Tue 19 Sep 2006 16:22, Jean-Francois Fortin wrote:
> We did what is mentioned in the doc but still doesn't work. It is like
> if the answer from the radius doesn't reach back the switch
It turns out that sqlippool.conf was in the Makefile for 1.1.x but not for CVS
head. It didnt affect us because we use an rpm.
Guilherme can you please test a new cvs checkout?
Also, because sqlippool is still experimental you need to explicitly enable it
with
./configure --with-modules="rlm_s
hey,
Alan DeKok wrote:
> "Michael Messner" <[EMAIL PROTECTED]> wrote:
>> DEFAULT LDAP-Group == "CN=adminrole,CN=users,DC=isalab,DC=local",
>> Huntgroup-Name := "cisco"
>
> You can't assign the huntgroup attribute. You have to use '=='.
but it works good and I thought that if the first entry d
Hello,
I work in a Carrier and have an important question regarding SQL query check:
I need to check a value in authorize_check_query (oracle-dialup.conf)
to see if the user has paid his ADSL service. If he did paid the
service, the request would be proxied to the ISP radius to
authenticate the
thanks for this hint ... now it's working!
ca mIke
Michael Schwartzkopff wrote:
> Am Montag, 18. September 2006 10:59 schrieb Michael Messner:
>> hey list,
>>
>> we have switches from enterasys and access points from cisco, now we have
>> configured the parameters like this example in the users
thanks!
James Wakefield wrote:
> Michael Messner wrote:
>> Here are my new configs, it looks like they are working, but I'm not sure
>> if this is really the correct way:
>>
>>
>
> -- snip (see previous post) --
>
>>
>> is this the correct way?
>
> It looks pretty right to me. Can't see any b
Okay, never mind. Configured old RADIUS server to write to new MySQL server
temporarily to handle any left-over requests.
Thanks anyway,
-michelle.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Michelle Gates
Sent: Tuesday, September 19, 2006 1:30 PM
Hi All,
Just an email to say that I had difficulties in finding on the web the
pgp key used to make the release signature: maybe I have bad eyes...
anyway, I think such an important information should be obvious to
retrieve.
Should it be possible to have a "quick" link in the web site home p
-Original Message-
No, actually you cant. I disabled new user creation as a all the spam
bots appeared to be smart enough to create new users then use them for
spamming.
Peter,
MediaWiki has a captcha extension to prevent this problem.
http://meta.wikimedia.org/wiki/ConfirmEdit_extensi
Indeed, but it's happening, and now, even with ADSL modem, as you can
see in the radiusd -X output below:
This occurs if user mistypes password or if the realm server is down:
rad_recv: Access-Request packet from host 192.168.1.1 port 1385,
id=21, length=60
User-Name = "[EMAIL PROTECTED]"
"Michael Messner" <[EMAIL PROTECTED]> wrote:
> freeradius hangs for this time with the message:
>
> radius_xlat: 'CN=Users,DC=isalab,DC=local'
> radius_xlat: 'sAMAccountName=mmessner'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP recon
Scott Lambert <[EMAIL PROTECTED]> wrote:
> I am trying to get the ability to authenticate users from a few
> different password databases on the same server.
But the database doesn't actually perform the authentication...
> radiusd.conf: "passwd" modules aren't allowed in 'authenticate' section
Collen Blijenberg <[EMAIL PROTECTED]> wrote:
> we use eap+tls (wpa-enterprise). server has certificate, but (as alan
> mentioned) there is no client certificate
> it's also not needed. so you can ignore the error if you use eap+tls
> (peap - mschapv2 + user/pass)
Please be careful with termino
"Michael Messner" <[EMAIL PROTECTED]> wrote:
> DEFAULT LDAP-Group == "CN=adminrole,CN=users,DC=isalab,DC=local",
> Huntgroup-Name := "cisco"
You can't assign the huntgroup attribute. You have to use '=='.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://d
"Tho Nguyen" <[EMAIL PROTECTED]> wrote:
> does any of you get freeradius working with LDAP and AP 1200? Please
> let me know. I have a hard time to get this system working. If you
> don't mind, please forward your configuration to me.
Perhaps you could follow the FAQ, README, etc., and post t
Ami Schieber wrote:
users:
DEFAULT Huntgroup-Name == "t1"
Pool-Name := Pool-t1,
Fall-Through = No
Hi Ami,
You need to assign Pool-Name as a check item rather than a reply item.
In the case of the users file stanza above, this:
DEFAULT Huntg
Solved.Pool-Name is a check item :users:DEFAULT Huntgroup-Name == "t1", Pool-Name := Pool-t1 Fall-Through = No
DEFAULT Huntgroup-Name == "t2", Pool-Name := Pool-t2 Fall-Through = NoDEFAULT Huntgroup-Name == "d1", Pool-Name := Pool-d1
hey Peter,
Peter Nixon sagte:
> Is FreeRADIUS connecting to AD with DNS or IP?
thanks for this hint ... it was the DNS problem, now it works very well!
mIke
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius 1.0.5 WPA/PEAP/LDAP stops answering, if it has problems of communications with the servant|server
LDAP, even to be collapsed. To solve these problems, I have added a couple of daily reinitiation in the crontab.
Can anybody suggest any better solution?.-- josep.colo
Hello everyone,
does any of you get freeradius working with LDAP and AP 1200? Please let me know. I have a hard time to get this system working. If you don't mind, please forward your configuration to me.
Thanks,
Tho-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/use
Hi,I have 3 NAS and want to assign Framed-IP-Address from 3 different IP pools according to the NAS the user logs in from.Config below looks fine to me and I can see that the huntgroup is indeed matched but there seems to be a problem with the postauth definition.
Please advise,AmiMy config has :hu
We did what is mentioned in the doc but still doesn't work. It is like
if the answer from the radius doesn't reach back the switch. But the
switch and the Radius server are on the same network.
>From radius server:
...
modcall: group authorize returns ok for request 3
auth: type Local
auth: us
On Tuesday 19 September 2006 04:19, Michael Messner wrote:
> hello mailinglist,
> /etc/raddb/huntgroups:
>
> enterasys NAS-IP-Address == 141.201.43.115
> enterasys NAS-IP-Address == 141.201.43.116
> enterasys NAS-IP-Address == 141.201.43.117
>
> cisco
Hi Mr. Peter,
Like you told me before, you did some cleanups in the sqlippool.conf.
Well, I've tried to install todays freeradius CVS, and it installed
without the sqlippool module, don't know why.
So, I've compiled it manually from
freeradius-snapshot-20060918/src/modules/rlm_sqlippool/
OK, b
Is FreeRADIUS connecting to AD with DNS or IP?
-Peter
On Tue 19 Sep 2006 12:30, Michael Messner wrote:
> hey mailinglist,
>
> I have a little prob. with the first login via the radiusserver, it looks
> like this
>
> MS-Active directory -- freeradius 1.1.2 -- cisco or enterasys switch
>
> If I re
All,
We're migrating from our existing FreeRADIUS/MySQL setup to a new one. The
new config is up and running in a different colo site and I'm looking for
advice as to how I can overlap the two RADIUS servers temporarily without
having two DBs running.
Would it be best to have the old RADIUS serve
Michael Messner wrote:
Here are my new configs, it looks like they are working, but I'm not sure
if this is really the correct way:
-- snip (see previous post) --
is this the correct way?
It looks pretty right to me. Can't see any better way to do it.
--
James Wakefield,
Unix Administ
Peter Nixon wrote:
No, actually you cant. I disabled new user creation as a all the spam bots
appeared to be smart enough to create new users then use them for spamming.
Anyone who wants a wiki account please mail me directly with the username you
would like and I will happily create you an
http://www.squid-cache.org/contrib/squid_radius_auth/
ego seek wrote:
Does anybody know how I can make squid (transparent web proxy) work with
radius?
thank you.
-
List info/subscribe/unsubscribe? See http://www.freer
Hello Alan,
Alan DeKok schrieb:
No. It means that there is NO client cert. The authentication
process continues, so it's obviously not a catastrophic problem.
Is it simply not sent, or somehow not available? Because I know for
sure that there is a cert on the client. And I did nothing els
hey mailinglist,
I have a little prob. with the first login via the radiusserver, it looks
like this
MS-Active directory -- freeradius 1.1.2 -- cisco or enterasys switch
If I restart the radiusd the first try for a login needs about 20 seconds:
[EMAIL PROTECTED] ~]# time echo "User-Name = mmes
I am trying to get the ability to authenticate users from a few
different password databases on the same server. To that end, I have
users in the FreeBSD system password database as well as in a Linux
style shadow passwd file.
>From a stock FreeRADIUS 1.1.2 radius.conf file have have done:
modul
Does anybody know how I can make squid (transparent web proxy) work with radius?thank you.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
We've got the same error here... but it's not terminal
But I don't get this error on a conversation which leads to an
Access-Accept. I think because you're doing a username/password login
for your Wireless-Clients, you need to use as written PEAP and MSCHAPV2.
Usernames and passwords have fo
Petr "Qaxi" Klíma wrote:
Kostas Kalevras napsal(a):
Petr "Qaxi" Klíma wrote:
"filteredgroup"
===
$ ldapsearch cn=gprs_filter
dn: cn=gprs_filter,ou=Groups,dc=myorg
cn: gprs_filter
objectClass: groupofurls
objectClass: groupofuniquenames
object
On Mon 18 Sep 2006 23:38, Jean-Francois Fortin wrote:
> Hi,
>
> We are trying to use freeradius as authentication system to
> allow users to connect to our cisco switch (3750) for management. The
> radius server is running ok, we can authenticate Cisco ASA, BigIP LB
> against it. But
On Tue 19 Sep 2006 00:58, Kevin Bonner wrote:
> On Monday 18 September 2006 01:12, Graham Beneke wrote:
> > Is access to the wiki exclusive??
> > I wanted to start working on a sqlcounter page since the current
> > documentation is rather lacking and I plan to 'journal' my exploits in
> > figuring
Hello Alan,
Alan DeKok schrieb:
No. It means that there is NO client cert. The authentication
process continues, so it's obviously not a catastrophic problem.
Is it simply not sent, or somehow not available? Because I know for sure
that there is a cert on the client. And I did nothing els
hello mailinglist,
in my last mail I got the information to use huntgroups to handle the
parameters for different NAS types, but after some research I have not
found good documentation of this!
Anyone knows some good recources?
Here are my new configs, it looks like they are working, but I'm not
We've got the same error here... but it's not terminal
we use eap+tls (wpa-enterprise). server has certificate, but (as alan
mentioned) there is no client certificate
it's also not needed. so you can ignore the error if you use eap+tls
(peap - mschapv2 + user/pass)
i did use Auth-Type := eap
67 matches
Mail list logo