Kevin J wrote:
... Is there a way that we can rotate radius.log then?
$ mv radius.log radius.log.old
That's it. The server will automatically re-create radius.log.
There's no need to HUP it.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
Martin Budi wrote:
sorry for the stupid question
any body could help me
how to configure freeradius with ldap and using it as wireless
authentification
Configure the server to do PEAP with passwords in the users file.
There are howto's. See the Wiki.
Then, configure the server to
Arran Cudbard-Bell wrote:
update request {
NAS-IP-Address := %{Packet-Src-IP-Address}
}
Results in bus error
Not for me. Do you have a larger config?
Alan DeKok.
--
http://deployingradius.com - The web site of the book
Hugh Messenger wrote:
I've never used valgrind before, not sure if it handles daemonized and/pr
threaded services, so I'm not sure if I'd need to run radiusd with -s or -X.
My inclination is to use 'valgrind radiusd -xx' ...
Yes. For simplicity:
$ script valgrind.log
$ valgrind radiusd
George Embrey wrote:
Has anybody published any FreeRadius 2.0 Debian (.deb) Packages yet ?
The wiki explains how to build a Debian package yourself from
a FreeRADIUS tarball.
http://wiki.freeradius.org/index.php?title=Build#Building_Debian_packages
--
Nicolas Baradakis
-
List
Arran Cudbard-Bell wrote:
Control instead of config ?
...
Both appear to work and do the same thing when updating things...
I didn't want to break existing 2.0.0-pre systems. But config will
be removed before 2.0.0-final.
It appears that either update request is broken,
or something else
Alan Dekok wrote:
Jaume wrote:
Can my machine run 2 FreeRadius at the same time? Each FreeRadius in a
diferent IP but simultanously in the same CPU and O.S.? Somebody tell
me thats possible if each radius is reading from a diferent PATH...
As Josh said, yes.
But why? The server can
Alan Dekok wrote:
Arran Cudbard-Bell wrote:
Control instead of config ?
...
Both appear to work and do the same thing when updating things...
I didn't want to break existing 2.0.0-pre systems. But config will
be removed before 2.0.0-final.
It appears that either update request is
On Tue, 12 Jun 2007 07:56:28 +0100
Ruslan N. Marchenko [EMAIL PROTECTED] wrote:
It seems to be not a particular question, but...
client - winxp wireless, ap - AIR-AP1131AG-E-K9, server
1.1.6. fresh install.
certificates generated according to CA.all (with
xp-extension and conversion
Hi,
when the FreeRADIUS is configured as a proxy is there any way to
modify the authorization replies (Access-Accept packets) before
sending them to the NAS? I need to add there a few attributes
(purchased connection speed etc.).
Reply attributes in the 'users' file of the proxy seem to be
Hi,
We have three different models of NAS, each with their own weirdnesses...
Apple airports send Ethernet as their medium type ...
even with latest firmware? if so, nasty!
HP530s Don't send a service-type in the request, they also send their
loopback address as NAS-IP-Address ?! And
Martin Horcicka wrote:
when the FreeRADIUS is configured as a proxy is there any way to
modify the authorization replies (Access-Accept packets) before
sending them to the NAS? I need to add there a few attributes
(purchased connection speed etc.).
Yes. The post-auth section is executed
On Thu, 14 Jun 2007 12:44:42 +0100
[EMAIL PROTECTED] wrote:
Hi,
radius_xlat:
'--nt-response=52471b2a1db2fa3a00a03c182551317e48acea4a4f30f393'
Exec-Program output: Logon failure (0xc06d)
Exec-Program-Wait: plaintext: Logon failure (0xc06d)
ta-da! either you arent running
On Thu, 14 Jun 2007 12:44:42 +0100
[EMAIL PROTECTED] wrote:
Hi,
radius_xlat:
'--nt-response=52471b2a1db2fa3a00a03c182551317e48acea4a4f30f393'
Exec-Program output: Logon failure (0xc06d)
Exec-Program-Wait: plaintext: Logon failure (0xc06d)
ta-da! either you arent running
On 6/14/07, Alan Dekok [EMAIL PROTECTED] wrote:
Martin Horcicka wrote:
when the FreeRADIUS is configured as a proxy is there any way to
modify the authorization replies (Access-Accept packets) before
sending them to the NAS? I need to add there a few attributes
(purchased connection speed
Arran Cudbard-Bell wrote:
...
if((%{2} == ) || (%{2} == sussex.ac.uk)){
You don't need to check if strings are empty like that. You can do:
if (!%{2} || ...
which may be easier to read.
Oh and empty case statements screw things up in strange and weird ways...
I think
Hi,
radius_xlat:
'--nt-response=52471b2a1db2fa3a00a03c182551317e48acea4a4f30f393'
Exec-Program output: Logon failure (0xc06d)
Exec-Program-Wait: plaintext: Logon failure (0xc06d)
ta-da! either you arent running winbindd, or the permissions for
it are wrong (eg winbind_priviledged
Martin Horcicka wrote:
Well, but is there an existing module which I could use in that
section to modify the packets on a per user basis? (E.g. something
with a 'users'-style configuration.)
Not really. 2.0.0-pre2 has a new configuration language, which makes
this kind of thing infinitely
Hi,
the accounting queries in sql.conf and the sample sql_log module in
radiusd.conf are not identical. For consistency, I'd expect to find the same
things there. Any specific reason, or can I just copy over the usual queries
from sql.conf into that module and expect them to work?
Greetings,
Phil Mayers wrote:
Running redundant servers doesn't help much in this case for 2 reasons:
first, we've found that Cisco APs are very, very poor at detecting dead
radius servers and moving to the backup; second, it seems to be
malformed data coming from a certain client so if the APs do
Alan Dekok wrote:
Arran Cudbard-Bell wrote:
...
if((%{2} == ) || (%{2} == sussex.ac.uk)){
You don't need to check if strings are empty like that. You can do:
if (!%{2} || ...
which may be easier to read.
Oh and empty case statements screw things up in strange and
rad_recv: Access-Request packet from host 139.184.6.42 port 1141, id=42,
length=151
User-Name = ac221
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
Called-Station-Id = 00-14-C2-B6-7D-32:eduroam
Calling-Station-Id = 00-19-E3-0C-CD-58
expand: %{Supplicant-Flags} - 00
??? Evaluating 00 - FALSE
?? Converting !FALSE - TRUE
A string of 0 evaluates to false ?
This is where you begin to need typed variables.
INT(0) - FALSE
INT(1) - TRUE
STRING(0) - TRUE
STRING(1) - TRUE
--
Arran Cudbard-Bell ([EMAIL
Alan Dekok wrote:
Another thing for 2.0.0 (maybe) is to have per-socket configuration.
i.e. socket X can have authorization section X, and socket Y can have
authorization section Y.
It may not be too hard to add, in fact.
Yup. 300 lines of code.
The listener sections already had
From: Alan Dekok [EMAIL PROTECTED]
Oh, and -= works. With the users file, it didn't. And there are
other corner-case bugs fixed, too.
Any luck fixing this stuff:
DEFAULT Called-Station-Id =~ ^([A-z0-9]+_[0-9]+)$, Pool-Name := `%{0}`
Framed-IP-Netmask = 255.255.0.0,
Stefan Winter wrote:
the accounting queries in sql.conf and the sample sql_log module in
radiusd.conf are not identical. For consistency, I'd expect to find the same
things there. Any specific reason, or can I just copy over the usual queries
from sql.conf into that module and expect them
Arran Cudbard-Bell wrote:
expand: %{Supplicant-Flags} - 00
??? Evaluating 00 - FALSE
?? Converting !FALSE - TRUE
A string of 0 evaluates to false ?
It's treated as an integer.
This is where you begin to need typed variables.
It's not a language. You can work
On 6/14/07, Martin Horcicka [EMAIL PROTECTED] wrote:
On 6/14/07, Alan Dekok [EMAIL PROTECTED] wrote:
Martin Horcicka wrote:
when the FreeRADIUS is configured as a proxy is there any way to
modify the authorization replies (Access-Accept packets) before
sending them to the NAS? I need
Hugh Messenger wrote:
Any luck fixing this stuff:
DEFAULT Called-Station-Id =~ ^([A-z0-9]+_[0-9]+)$, Pool-Name := `%{0}`
Framed-IP-Netmask = 255.255.0.0,
Fall-Through = 1
... in either users or hints?
Don't use users or hints. Use the new unlanguage.
If you recall, I'm
Can RADIUS policy file in the authentication step reject a few servers to
authenticate and allow all others to authenticate? My understanding is that
RADIUS can only use IP-Framed Protocol to allow a number of systems to
authenticate and reject the rest but can't do the opposite. Any ideas about
Alan Dekok wrote:
Arran Cudbard-Bell wrote:
expand: %{Supplicant-Flags} - 00
??? Evaluating 00 - FALSE
?? Converting !FALSE - TRUE
A string of 0 evaluates to false ?
It's treated as an integer.
This is where you begin to need typed variables.
It's not a
Hello everyone,
I have a problem I have worked on for a couple of days now and just can't get
it to work. Searched the forum really good and actually found a fix for one
issue I was having. I have also searched the Mikrotik forum as well as the web
from one end to the other. Nothing seems to
And then I added something like this to the users file:
00095B23389FUser-Password := password
00095B23389F Auth-Type := Accept
---
Arran Cudbard-Bell ([EMAIL PROTECTED])
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08
University Of Sussex,
Hello everybody!
I need your help. I want generate accounting replication with radrelay, I read
doc/radrelay, but is not clear for me where(in what file configuration) I add
the line that fire up radrelay (radrelay -S secret_file server
detail-combined).
Thank in advance
German
And then I added something like this to the users file:
00095B23389FUser-Password := password
00095B23389F Auth-Type := Accept
Thank you very much. I actually think I tried that, but at the time the
colons in the MAC address was probably doing me in. Then again...maybe not.
I do
Allow everybody (who knows your secret) to use your radius server by
entering 0.0.0.0/0 as client address in clents.conf. Use firewall to
block access to radius ports for those specific IP addresses.
Ivan Kalik
Kalik Informatika ISP
Dana 14/6/2007, nguyenvinht [EMAIL PROTECTED] piše:
Can
What is the easiest way to specify which of two password files a user should
authenticate against based on the client IP address?
--
= The Net That Works!
Archie Hollandhttp://www.blue.net 1(270)735-3553
Bluegrass Network
Jay Banks wrote:
And then I added something like this to the users file:
00095B23389FUser-Password := password
00095B23389F Auth-Type := Accept
Thank you very much. I actually think I tried that, but at the time the
colons in the MAC address was probably doing me in.
Oh does the users
Thanks for replying.
I want to implement this through RADIUS Server.
Looking for some code modification or new attributes to accomplish the task.
Vinh.
tnt wrote:
Allow everybody (who knows your secret) to use your radius server by
entering 0.0.0.0/0 as client address in clents.conf. Use
nguyenvinht wrote:
Thanks for replying.
I want to implement this through RADIUS Server.
Looking for some code modification or new attributes to accomplish the task.
Vinh.
tnt wrote:
Allow everybody (who knows your secret) to use your radius server by
entering 0.0.0.0/0 as client
Thanks Arran.
How and where do I implement those codes in AIX RADIUS? Doable on AIX
RADIUS?
Vinh
Arran Cudbard-Bell wrote:
nguyenvinht wrote:
Thanks for replying.
I want to implement this through RADIUS Server.
Looking for some code modification or new attributes to accomplish the
Thanks for the info, I built them last night and have the FR2-pre1
packages built and working on a test machine.
Nicolas Baradakis wrote:
George Embrey wrote:
Has anybody published any FreeRadius 2.0 Debian (.deb) Packages yet ?
The wiki explains how to build a Debian package
Hi,
I get the following error trying to start freeradius;
daytona:~# freeradius -x
Starting - reading configuration files ...
Errors reading dictionary: dict_init: /etc/freeradius/dictionary[177]:
invalid ATTRIBUTE line
Errors reading radiusd.conf
daytona:~#
Im using the dictionary file
43 matches
Mail list logo