Hi,
I want to assign users to a certain VLAN depending on an attribute stocked
in LDAP.
At the time, I use files module to do that and it works in a first test but
don't take care about the attribute.
How can I use the attribute I create?
In the ldap.attrmap file I add this line:
Hello,
I'm usinq freeradius + mysql. I should want that users use mschap protocol
and I should want that freeradius uses unix shadow to authenticate them.
tests return in radius.log : no user password configured
Any ideas please
Regards
Jean Frontin
-
List info/subscribe/unsubscribe? See
Hi!
Ive installed Freeradius, its working great. I use it to verify users,
im running a PPTPD server. I have a question though.
When i do radwho it lists current users. The output is the following:
userlogin usernamePPP S122 Tue 21:27 127.0.0.1
givenIPadress
The question i
Jean Frontin wrote:
Hello,
I'm usinq freeradius + mysql. I should want that users use mschap protocol
and I should want that freeradius uses unix shadow to authenticate them.
http://deployingradius.com/documents/protocols/compatibility.html
It's impossible.
Alan DeKok.
--
Michael Griego wrote:
The fix for this is in the CVS HEAD and probably should be backported
to the latest release branch. There was a race condition in the code
where the server could clean up an accounting request before a thread
actually got to it to process it.
Remind me again
Hi Oxiel!
I've added the Alcatel-Auth-Group attribute to dictionary.alcatel like these:
ATTRIBUTE Alcatel-Auth-Group 134 integer
and modified users file like these:
Tunnel-Type += 13,
Tunnel-Medium-Type += 6,
Alcatel-Auth-Group += 3
I'm afraid you added
Francisco Gimeno wrote:
hello.. Thanks for your answer!...
then, how could I put the IP there?
Is the post-auth hook the right place?
Yes, if you execute an SQL query in the post-auth section it can use
%{reply:Framed-IP-Address}
2007/2/12, Phil Mayers [EMAIL PROTECTED]
mailto:[EMAIL
Hi, I want to use counter module in free radius. Where can I find the
reference to use it? What is the difference between counter and
sqlcounter? Is there a kind of bandwidth limiter in freeradius? For
example, I want to limit each client connection transfer rate about
300 Kbps. How can I do it?
Im sorry I didnt search far enough into the mail archive of
freeradius-users.
I have search a bit more and find my answer in a subject called:
Assigning VLAN based on LDAP attribute
Romain Mercier
_
De :
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
ius.org] De la part de Romain
Am Mittwoch, 14. Februar 2007 14:54 schrieb Romain Mercier:
Im sorry I didnt search far enough into the mail archive of
freeradius-users.
I have search a bit more and find my answer in a subject called:
Assigning VLAN based on LDAP attribute
Romain Mercier
See:
Hello Oxiel,
Are you doing AVLAN or 802.1x?
1. I created a new file - dictionary.alcatel
#
# dictionary.alcatel
#
# Alcatel VSAs
#
VENDORAlcatel800
#
# Standard attribute
#
ATTRIBUTEAlcatel-Auth-Group1integerAlcatel
ATTRIBUTE
Hi!!
I'd like to ask You If it is possible to set up radius in such way that
whenever there will be an Access Request send from the NAS for a user which in
a member of the particular group in database the reply will be attached with
the reply parameter of thed value equal to the User-Name
I had the unfortunate experience for my radius daemon to die when it
couldn't
resolve one client in clients.conf
Is there any particular reason for radius not to spew out error message
to the logs and declare the client dead or unresolvable
and continue to function or is this just bad
Jóhann B. Guðmundsson wrote:
I had the unfortunate experience for my radius daemon to die when it
couldn't
resolve one client in clients.conf
Yes. The answer is to not use DNS names for clients. Use IP addresses.
Is there any particular reason for radius not to spew out error message
Revision 1.79 to src/main/request_list.c
--Mike
On Feb 14, 2007, at 3:46 AM, Alan DeKok wrote:
Michael Griego wrote:
The fix for this is in the CVS HEAD and probably should be backported
to the latest release branch. There was a race condition in the code
where the server could clean up
Alan DeKok wrote:
Jóhann B. Guðmundsson wrote:
I had the unfortunate experience for my radius daemon to die when it
couldn't
resolve one client in clients.conf
Yes. The answer is to not use DNS names for clients. Use IP addresses.
Or list them in /etc/hosts
--
Dennis Skinner
Systems
I need help using TinyCA to manage certificates with FreeRadius. I keep
getting this.
modcall[authorize]: module suffix returns noop for request 1
rlm_eap: EAP packet type response id 144 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module
I'm pouring through the alphabet soup of all of this and have a few
questions that keep popping up.
During a pap conversation, the radius server ends up with the
username/password passed to it from the client. It then encrypts the
password to match the encryption of the stored password in ldap
I have friend that want some light security on the small network they have
(15-25 PCs).
What is the best way to secure his network so that someone can't just plug in
his laptop and be on the network? He would prefer to make this seamless to his
users.
Thanks
-
List
Matt Ashfield wrote:
During a pap conversation, the radius server ends up with the
username/password passed to it from the client. It then encrypts the
password to match the encryption of the stored password in ldap (or other
directory) and tries a bind. Correct?
No. LDAP bind is done
On Feb 14, 2007, at 2:05 PM, Matt Ashfield wrote:
During a pap conversation, the radius server ends up with the
username/password passed to it from the client. It then encrypts the
password to match the encryption of the stored password in ldap (or
other
directory) and tries a bind.
Freeradius List,
I have Freeradius 1.1.3 running on a Fedora Core 6 box, and it works
great in the current setup.
My question has to do with a configuration change that I'm having
trouble implementing. Right now, I have an in-house CA Cert that was
generated for our servers that sit behind a
Matt Ashfield wrote:
I'm pouring through the alphabet soup of all of this and have a few
questions that keep popping up.
During a pap conversation, the radius server ends up with the
username/password passed to it from the client. It then encrypts the
password to match the encryption of the
Dudes, i have this piece of configuration on radiusd.conf:
...
counter {
filename = ${raddbdir}/db.counter
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
counter-name = Daily-Session-Time
Alan DeKok.
Yes. The answer is to not use DNS names for clients. Use IP addresses.
True if the radiusd daemon doesnt die if cant reach the IP addresses :)
Will test it tomorrow when I get back to work, and switch immidiedly
if that's the case. If not then it's just bind on a *nix platform
Dennis Skinner
Or list them in /etc/hosts
Wouldnt recommend it...
Best regards
Johann B.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi there,
I'm new to Freeradius and have been bashing my head against this for
the last week now, I've read the FAQ and now feel really silly not
being able to work this out.
Specs:
RedHat 9 server (yes - I know prehistoric)
Linksys WRT54GL router, running DD-WRT (embedded Linux OS)
Freeradius
Jóhann B. Guðmundsson wrote:
Dennis Skinner
Or list them in /etc/hosts
Wouldnt recommend it...
If you are obsessed with using names instead of IP's in the clients.conf
file and you don't want to depend on DNS, this is your other option.
It may be beneficial for some people. For instance,
Richard Hamilton-Frost wrote:
What I want:
To be able to authenticate wireless users via the /etc/passwd and
/etc/shadow files. I've setup the WRT54GL to talk to the Radius
server, this all seems fine and dandy. The WRT54GL is using WPA TKIP,
it has the option of WPA AES too, and WPA
Michael Courtney wrote:
I would like to have two SSL certs on the Radius box: one, for the
internal connections to our servers, and two, an SSL cert that one can
verify as a trusted Root Authority for the TTLS connections.
This is causing an issue right now on the server.
No, many people
Enrique Llanos V. wrote:
And of course in my raddb (freeradius) path:
bash-2.05b# locate db.counter
/usr/local/etc/raddb/db.counter
locate uses a database that is updated daily. So if the file
disappears, locate doesn't notice.
Use ls instead.
Yet when i start freeradius i obtain
Hello Marcel.
I'm afraid you added it in the wrong place, dictionary.alcatel does not
contain the VSAs for Omniswitches (Alcatel-Lucent has multiple
dictionaries for different products, dictionary.alcatel appears to be
for a BRAS, not for an enterprise switch).
The dictionary you're looking
Hello Santa.
This worked great!!!
I was doing 802.1x only, no AVLAN.
For any soul out there trying to implement 802.1x with FreeRadius on
OpenSuSE10.1 and Omniswitch 7800 and Active Directory as taught on:
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO
Take note of
On Wed, 14 Feb 2007, Scott Hughes wrote:
I have friend that want some light security on the small network they have
(15-25 PCs).
What is the best way to secure his network so that someone can't just plug in
his laptop and be on the network? He would prefer to make this seamless to
his
Hi guys After doing some tests, I just discovered that I cant have more then
one NAS-IP-Address in radgroupcheck (it seems to ignore the others) does
anyone know of a work around as i dont want to use the huntgroup file (makes
it kinda anonying since im doing a web frontend for administration).
On Thu, 15 Feb 2007, VeNoMouS wrote:
Hi guys After doing some tests, I just discovered that I cant have more then
one NAS-IP-Address in radgroupcheck (it seems to ignore the others) does
anyone know of a work around as i dont want to use the huntgroup file (makes
it kinda anonying since im
I have failed logins being dumped into a table in myslq and am getting a lot
of unwanted characters.
IE: Password Has Expired=5Cr=5Cn
Is there a way I can tell it to only supply the textual content
Thanks
Cory
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi
Sorry for too many mails. Problem solved by setting identity and password in
radius.conf with proper user in ldap. I managed to get User-Password from
ldap at the end as shown below.
rlm_ldap: Added password ramazan in check items
rlm_ldap: looking for check items in directory...
rlm_ldap:
ldap queries are working fine, below is the log..
Plz just explain the overview of how to enable mac address based
authentication where all the three parameters (uid, userPassword and
radiusCallingStationId are matched from the ldap database)..
PS: A paper presentation contest is to begin from
Hi Oxiel
Please update the HOWTO and possibly the FAQ with your comments.
Regards
Peter
On Thu 15 Feb 2007 04:30, Oxiel Contreras wrote:
Hello Santa.
This worked great!!!
I was doing 802.1x only, no AVLAN.
For any soul out there trying to implement 802.1x with FreeRadius on
On Thu 15 Feb 2007 08:09, Dan Mahoney, System Admin wrote:
On Thu, 15 Feb 2007, VeNoMouS wrote:
Hi guys After doing some tests, I just discovered that I cant have more
then one NAS-IP-Address in radgroupcheck (it seems to ignore the others)
does anyone know of a work around as i dont want
41 matches
Mail list logo
