NTRadPing may be useful, too: http://www.dialways.com/download/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi again,
Thanks a stack for your responses, I have a much better understanding of
how it works now! Yes I do have the acct_unique_id setup as below, and
have managed to weed out a lot of the duplication now.
Dennis Skinner wrote:
No. Look in the radius.conf for a section that looks like
Patric wrote:
I am getting duplicate update's for that user from the NAS, where
everything is identical including the input and output octets, which
leads me to believe that the traffic is being combined and I actually
only need 1 of the records.
If I then make my unique_id column unique
Hi guys,
The NAS maintainer was nice enough to get back to me, and problem has
been sorted out. This is what was happening:
Their proxy servers are behind a load sharing device, which is why the
retransmission of one of the records had a different client_ip_address,
but both entries came from
Patric wrote:
made the unique_id column unique in my database
Careful with that last bit. Some NAS's can and do reuse their
unique_id's. Especially if they are reloaded.
Making sure the port is part of the key will help some, but I was still
getting dupes in my db after several months of
Alan, thinking about upcoming upgrade from 1.1.5 to 2.0 i tried 2.0 with
my configuration from 1.1.5.
There seem to be some difference which i hope you can explain.
proxy.conf configuration is
realm NULL {
type= radius
authhost= LOCAL
accthost
Hi Alan.
Is there any way in freeradius, where freeradius server can invoke a java
program in response to some event.
eg if some user is logged out , this event should be propagated to java prog
or to some other component.
On 3/29/07, Alan DeKok [EMAIL PROTECTED] wrote:
deepak kumar wrote:
Mac connects but ms windows does not. I am doing server side cert. Error from
ms windows.
User-Name = testgeneral
NAS-IP-Address = 10.1.5.26
Called-Station-Id = 0016014d9158
Calling-Station-Id = 0019e3034ceb
NAS-Identifier = 0016014d9158
NAS-Port = 36
Hi,
I need help/advise with te following scenario:
1. I have a freeradius server, this server is not part of Active Directory
Domain, server is able to perform ldapsearch for user account.
2. the workstation is a windows 2000 pc, need to be authenticated thru Cisco
catalyst switch to the
Windows 2000 is not supported, only windows XP
On 4/4/07, wenny wang [EMAIL PROTECTED] wrote:
Hi,
I need help/advise with te following scenario:
1. I have a freeradius server, this server is not part of Active Directory
Domain, server is able to perform ldapsearch for user account.
2. the
1) Microsoft LDAP isn't like normal ldap, you don't get access to the
password. To have freeradius touch the password at any point, it needs to
be on the domain and do a ntlm_auth instead of ldap.
On 4/4/07, wenny wang [EMAIL PROTECTED] wrote:
Hi,
I need help/advise with te following
Eshun Benjamin wrote:
Mac connects but ms windows does not. I am doing server side cert.
Error from ms windows.
User-Name = testgeneral
NAS-IP-Address = 10.1.5.26
Called-Station-Id = 0016014d9158
Calling-Station-Id = 0019e3034ceb
NAS-Identifier =
Hi,
I'm learning how to use freeradius. Does anyone have a working conf that
works for cisco devices?
Regards,
Norman Zhang
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Norman Zhang wrote:
I'm learning how to use freeradius. Does anyone have a working conf that
works for cisco devices?
Did you try the default one?
--
Dennis Skinner
Systems Administrator
BlueFrog Internet
http://www.bluefrog.com
-
List info/subscribe/unsubscribe? See
On Wednesday 04 April 2007 14:01:31 Norman Zhang wrote:
Hi,
I'm learning how to use freeradius. Does anyone have a working conf that
works for cisco devices?
Regards,
Norman Zhang
DEFAULT Auth-Type := Accept
... but seriously, what are you trying to do? Authenticate PPPoX sessions,
during authorize phase, client doesn't have an IP (configure to DHCP), so the
Access-Point fills the Client-IP-Addess with its own IP(NAS-IP-Address -
10.10.10.1).
Note that during authorize FreeRADIUS sends 10.10.10.1(NAS-IP) as Client-IP,
and during Post-Auth, 127.0.0.1 ...
I'm sure that
Eshun Benjamin wrote:
Hello Arran, Which specific OID? I also think it has to do with the
certificate. Could you please be specific if possible with example. I
trried to use another certificate and I am getting 2 issues;
1. is before access challenge ;
Wed Apr 4 21:33:09 2007 : Debug:
On Wed, 2007-04-04 at 20:58 +0100, Arran Cudbard-Bell wrote:
According to the microsoft support article
(http://support.microsoft.com/kb/814394/en-us)
The IAS or the VPN server computer certificate is configured with the
Server Authentication purpose. The object identifier for Server
Ian Truelsen wrote:
On Wed, 2007-04-04 at 20:58 +0100, Arran Cudbard-Bell wrote:
According to the microsoft support article
(http://support.microsoft.com/kb/814394/en-us)
The IAS or the VPN server computer certificate is configured with the
Server Authentication purpose. The object
Erico Augusto wrote:
during authorize phase, client doesn't have an IP (configure to DHCP),
so the Access-Point fills the Client-IP-Addess with its own
IP(NAS-IP-Address - 10.10.10.1).
No.
Client-IP-Address is the address of the RADIUS client that sent the
UDP packet. It is added by
deepak kumar wrote:
Is there any way in freeradius, where freeradius server can invoke a
java program in response to some event.
eg if some user is logged out , this event should be propagated to java
prog or to some other component.
jradius.
Alan DeKok.
--
http://deployingradius.com
Alexander Serkin wrote:
Alan, thinking about upcoming upgrade from 1.1.5 to 2.0 i tried 2.0 with
my configuration from 1.1.5.
There seem to be some difference which i hope you can explain.
proxy.conf configuration is
realm NULL {
type= radius
authhost
In 2.0 we lack the group checks:
I thought group checks were slightly broken since 1.1.3 anyway if
not can someone please close the bug report :)
At least in 1.1.5 it doesn't fall through properly if a user belongs to
multiple groups and the check items in the first group partially
On Wed, 2007-04-04 at 22:16 +0100, Arran Cudbard-Bell wrote:
Is it really just as simple as creating the certificate, signing it with
the right extensions, installing the proper rootCA on the windows
machines , and configuring the windows supplicant correctly ?
Pretty much. As long as you
Pretty much. As long as you have the proper IP address for the AP in
your clients.conf, which was my particular stupidity :) Still, it seems
to work for me.
Hehe, yeah same for me first time round ! Now it's all done via sql with
a modified version of 1.1.5 to allow user NAS queries :)
Arran Cudbard-Bell wrote:
In 2.0 we lack the group checks:
I thought group checks were slightly broken since 1.1.3 anyway if
not can someone please close the bug report :)
At least in 1.1.5 it doesn't fall through properly if a user belongs to
multiple groups and the check items
26 matches
Mail list logo
