Problem compiling freeradius 1.1.7
Hello, I have a problem compiling freeradius 1.1.7 When I use the make command, just after ./configure, I get the following error message : *** Warning: Linking the shared library rlm_perl.la against the *** static library /usr/lib/perl/5.8/auto/DynaLoader/DynaLoader.a is not portable! gcc -shared .libs/rlm_perl.o -Wl,--rpath -Wl,/home/admin/freeradius/freeradius-1.1.7/src/lib/.libs -Wl,--rpath -Wl,/usr/local/lib /home/admin/freeradius/freeradius-1.1.7/src/lib/.libs/libradius.so -L/usr/local/lib /usr/lib/perl/5.8/auto/DynaLoader/DynaLoader.a -L/usr/lib/perl/5.8/CORE -lperl -ldl -lm -lc -lcrypt -lnsl -lresolv -lpthread -Wl,-E -Wl,-soname -Wl,rlm_perl-1.1.7.so -o .libs/rlm_perl-1.1.7.so What's wrong ? Regards. -- *Hospices Civils de Beaune* *Patrice OLIVER* /Chef de Projet Ville Hôpital/ /Responsable Réseau Sécurité/ BP 104 21203 BEAUNE Cedex Tél. 03 80 24 44 09 Fax. 03 80 24 45 90 Ce message, y compris les pièces jointes, est établi à l'attention exclusive de son ou ses destinataires et est confidentiel. Toute utilisation non conforme à sa destination, toute diffusion ou publication, totale ou partielle, est interdite sauf autorisation expresse de l'expéditeur. Si vous n'êtes pas le destinataire de ce message, merci d'avertir l'expéditeur de l'erreur de distribution puis de le détruire. Tout message électronique est susceptible d'altération et son intégrité ne peut être assurée. L'expéditeur décline toute responsabilité dans l'hypothèse où il aurait été modifié ou falsifié. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius-pre2 .. unknown client appears in log !
Hi, Ive just installed freeradius-pre2 and configured it for MAC auth... when I define my clients in the virtual host file like server mac-auth { client IP { name... } ... } I get following in the log Login OK: [00:e0:7d:75:ca:31] (from client UNKNOWN-CLIENT port 14 cli 00-e0-7d-75-ca-31) ! After I enter the same client IP { ... } stuff into clients.conf I get the expected Login OK: [00:01:6c:a0:93:57] (from client switch_1stock port 23 cli 00-01-6c-a0-93-57) ! Is it supposed to be like this ( broken ?? ) ? Would it be possible to have the name of the virtual server in the log too ? Something like Servername: Auth: Login OK: [00:01:6c:a0:93:57] (from client switch_1stock port 23 cli 00-01-6c-a0-93-57) Thanks, E:S - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius support eap-fast?
[EMAIL PROTECTED] wrote: iirc, there was a small patch submitted to the devel list a few weeks back...but it needed some formatting changes etc and a re-posting. I don't think I saw that. Do you have a link? In other news... I've added EAP-TNC. It's a little rough, but the concept is there. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius-pre2 .. unknown client appears in log !
Edvin Seferovic wrote: Ive just installed freeradius-pre2 Please try the CVS head. It has large numbers of fixes over -pre2. Would it be possible to have the name of the virtual server in the log too ? Something like Servername: Auth: Login OK: [00:01:6c:a0:93:57] (from client switch_1stock port 23 cli 00-01-6c-a0-93-57) Not a bad idea. That should really be configurable in radiusd.conf. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem compiling freeradius 1.1.7
Patrice Oliver wrote: I have a problem compiling freeradius 1.1.7 When I use the make command, just after ./configure, I get the following error message : *** Warning: Linking the shared library rlm_perl.la against the *** static library /usr/lib/perl/5.8/auto/DynaLoader/DynaLoader.a is not portable! Does it break the build? If not, ignore it. What's wrong ? libtool / perl interaction effects. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius support eap-fast?
In other news... I've added EAP-TNC. It's a little rough, but the concept is there. I saw this :-). I had a question: EAP-TNC is intended to be bound to any tunneled EAP method but the last time I looked at the code the FreeRADIUS EAP state machine did not appear to support binding consecutive EAP methods in sequence to an arbitrary tunneled EAP method. Does this EAP-TNC implementation therefore require the use of a specific tunneled EAP method, or have there been some improvements to the EAP state machine to support this flexibility? josh. JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius support eap-fast?
Josh Howlett wrote: I saw this :-). I had a question: EAP-TNC is intended to be bound to any tunneled EAP method but the last time I looked at the code the FreeRADIUS EAP state machine did not appear to support binding consecutive EAP methods in sequence to an arbitrary tunneled EAP method. I'm not sure what that means... Does EAP-TNC go inside of a tunneled method, or does it tunnel other methods? If it goes inside of a tunneled method, then there's no problem. PEAP and TTLS already support tunneling EAP types. PEAP is just EAP-TLS with EAP-MSCHAPv2 inside of the tunnel. I have also successfully tested PEAP/EAP-GTC, and TTLS/EAP-MSCHAPv2. Does this EAP-TNC implementation therefore require the use of a specific tunneled EAP method, or have there been some improvements to the EAP state machine to support this flexibility? If EAP-TNC can go only inside of TTLS/PEAP, then the code likely needs to be updated to check for that, and enforce that requirement. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dynamic Realm
I wonder if somebody else has managed to get this kind of thing right, I want to eliminate the need for usernames in my authentication process, I want to work with the callerid instead. Now thats not very hard, except now I want to be able to classify a user/callerid into a specific realm, a realm of which is declared in a SQL table. I've tried creating a Perl module with rlm_perl but it doesn't seem to classify the user into a realm. I don't really want to create a custom module for it, as I like to keep this kind of thing config based and not modular. Any Ideas? Thanks, Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dynamic Realm
Hi, I don't really want to create a custom module for it, as I like to keep this kind of thing config based and not modular. Any Ideas? at least in the users file, Proxy-To-Realm := realmname as a reply item works. No idea if it will also do in SQL radcheck, but it's worth a try. Stefan -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 signature.asc Description: This is a digitally signed message part. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius support eap-fast?
Alan wrote: Josh Howlett wrote: I saw this :-). I had a question: EAP-TNC is intended to be bound to any tunneled EAP method but the last time I looked at the code the FreeRADIUS EAP state machine did not appear to support binding consecutive EAP methods in sequence to an arbitrary tunneled EAP method. I'm not sure what that means... Does EAP-TNC go inside of a tunneled method, or does it tunnel other methods? It normally tunnels inside other methods. If it goes inside of a tunneled method, then there's no problem. PEAP and TTLS already support tunneling EAP types. Sure, but do the FreeRADIUS PEAP and TTLS implementation support running an EAP method for AuthN followed immediately by EAP-TNC within the same tunnel? The original EAP RFC (2284) didn't explicitly prohibit method sequencing. However, this was obseleted by RFC 3748 which does prohibit sequencing authentication methods (where this is defined as Type 4, excepting Notification). Of course, an EAP method itself is free to do what it likes; so both PEAP and TTLS support sequencing (although this isn't implemented much). The difficulty that I saw when I looked at the code, IIRC, is that FreeRADIUS re-uses the same functions (and therefore the same assumptions of what is permitted and what isn't) for the 'outer' EAP session as it does for the 'inner' session. Did that make sense :-) ? Does this EAP-TNC implementation therefore require the use of a specific tunneled EAP method, or have there been some improvements to the EAP state machine to support this flexibility? If EAP-TNC can go only inside of TTLS/PEAP, then the code likely needs to be updated to check for that, and enforce that requirement. That's not a requirement, but a likely deployment scenario. EAP-TNC has no transport security, and depends on the transport layer for confidentiality, etc. josh. JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP-TNC
Josh Howlett wrote: It normally tunnels inside other methods. OK. I'll hack the code to force that to be true. Sure, but do the FreeRADIUS PEAP and TTLS implementation support running an EAP method for AuthN followed immediately by EAP-TNC within the same tunnel? Nope. It shouldn't be too hard to add, though. The difficulty that I saw when I looked at the code, IIRC, is that FreeRADIUS re-uses the same functions (and therefore the same assumptions of what is permitted and what isn't) for the 'outer' EAP session as it does for the 'inner' session. That doesn't matter, really. The TTLS/PEAP modules can be hacked again. If first tunneled method returned Access-Accept, run another tunneled method... That's not a requirement, but a likely deployment scenario. EAP-TNC has no transport security, and depends on the transport layer for confidentiality, etc. Ok. I'll hack the code to force that to be true. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem compiling freeradius 1.1.7
Alan DeKok a écrit : Patrice Oliver wrote: I have a problem compiling freeradius 1.1.7 When I use the make command, just after ./configure, I get the following error message : *** Warning: Linking the shared library rlm_perl.la against the *** static library /usr/lib/perl/5.8/auto/DynaLoader/DynaLoader.a is not portable! Does it break the build? If not, ignore it. What's wrong ? libtool / perl interaction effects. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html It breaks the build, so I can't use it from sources. -- *Hospices Civils de Beaune* *Patrice OLIVER* /Chef de Projet Ville Hôpital/ /Responsable Réseau Sécurité/ BP 104 21203 BEAUNE Cedex Tél. 03 80 24 44 09 Fax. 03 80 24 45 90 Ce message, y compris les pièces jointes, est établi à l'attention exclusive de son ou ses destinataires et est confidentiel. Toute utilisation non conforme à sa destination, toute diffusion ou publication, totale ou partielle, est interdite sauf autorisation expresse de l'expéditeur. Si vous n'êtes pas le destinataire de ce message, merci d'avertir l'expéditeur de l'erreur de distribution puis de le détruire. Tout message électronique est susceptible d'altération et son intégrité ne peut être assurée. L'expéditeur décline toute responsabilité dans l'hypothèse où il aurait été modifié ou falsifié. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem compiling freeradius 1.1.7
Patrice Oliver wrote: It breaks the build, so I can't use it from sources. I had similar problems which I could solve by $ ./configure --prefix=/opt/freeradius --with-gnu-ld --without-rlm_perl --without-rlm_sql --without-rlm_sqlippool I still didn't get whar I would need rlm_perl for ... On what platform are you compiling? Regards fw - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem compiling freeradius 1.1.7
Frank Winkler a écrit : Patrice Oliver wrote: It breaks the build, so I can't use it from sources. I had similar problems which I could solve by $ ./configure --prefix=/opt/freeradius --with-gnu-ld --without-rlm_perl --without-rlm_sql --without-rlm_sqlippool I still didn't get whar I would need rlm_perl for ... On what platform are you compiling? Regards fw - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Debian. I will try to build a packet. -- *Hospices Civils de Beaune* *Patrice OLIVER* /Chef de Projet Ville Hôpital/ /Responsable Réseau Sécurité/ BP 104 21203 BEAUNE Cedex Tél. 03 80 24 44 09 Fax. 03 80 24 45 90 Ce message, y compris les pièces jointes, est établi à l'attention exclusive de son ou ses destinataires et est confidentiel. Toute utilisation non conforme à sa destination, toute diffusion ou publication, totale ou partielle, est interdite sauf autorisation expresse de l'expéditeur. Si vous n'êtes pas le destinataire de ce message, merci d'avertir l'expéditeur de l'erreur de distribution puis de le détruire. Tout message électronique est susceptible d'altération et son intégrité ne peut être assurée. L'expéditeur décline toute responsabilité dans l'hypothèse où il aurait été modifié ou falsifié. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
destination unreachable (port unreachable)
Hello: FreeRadius was working perfectly with EAP/MD5 a few weeks ago here. But some providers came here to offer a NAC solution and messed with the network configuration. Authentication stopped working, and by using a sniffer we realised that packets get to the freeRADIUS server, to which it responds with a challenge but apparently that challenge never gets back to the switch and it sends a destination unreachable (port unreachable) message. Any ideas why that might happen? Thanks -- View this message in context: http://www.nabble.com/destination-unreachable-%28port-unreachable%29-tf4883559.html#a13976709 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem compiling freeradius 1.1.7
Hi, I still didn't get whar I would need rlm_perl for ... you obviously dont need to run a PERL script in any of the AAA sections. many people do. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Password Authentication Failing
I'm running Freeradius 1.1.6 on a Solaris 10 platform and have run across a strange problem. My password file contains over 80 thousands entries and it appears that freeradius won't find a user entry beyond line 76665. Is there a buffer that can be bumped up or have I just reached a limitation of using the UNIX style password file within radiusd? Any insight/help would be greatly appreciated. Thanks... Frank | | Frank Everitt | | Systems Administrator :|||: :|||: 7025 Kit Creek Rd. :|: :|: RTP, NC 27709 ..:|||:.:|||: Ph :(919) 392-8885 FAX :(469) 574-5042 CISCO SYSTEMS Cell:(919) 624-6098 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: destination unreachable (port unreachable)
inl2goal wrote: FreeRadius was working perfectly with EAP/MD5 a few weeks ago here. But some providers came here to offer a NAC solution and messed with the network configuration. Isn't NAC great? Authentication stopped working, and by using a sniffer we realised that packets get to the freeRADIUS server, to which it responds with a challenge but apparently that challenge never gets back to the switch and it sends a destination unreachable (port unreachable) message. Any ideas why that might happen? A firewall on the switch is blocking RADIUS traffic. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Password Authentication Failing
Frank Everitt wrote: I'm running Freeradius 1.1.6 on a Solaris 10 platform and have run across a strange problem. My password file contains over 80 thousands entries and it appears that freeradius won't find a user entry beyond line 76665. Is there a buffer that can be bumped up or have I just reached a limitation of using the UNIX style password file within radiusd? Is the password being fetched from the unix module, or the passwd module? If it's passwd, switch to unix. If it's unix, then FreeRADIUS just does 'getpwent', and it's up to the system libraries to return the right entry. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Password Authentication Failing
Hi Alan... This is what I'm getting rad_recv: Access-Request packet from host 10.66.64.41:1645, id=140, length=78 NAS-IP-Address = 10.66.64.41 NAS-Port = 37 NAS-Port-Type = Async User-Name = begomez Calling-Station-Id = 10.66.64.35 User-Password = junk Processing the authorize section of radiusd.conf modcall: entering group authorize for request 14 modcall[authorize]: module preprocess returns ok for request 14 modcall[authorize]: module chap returns noop for request 14 modcall[authorize]: module mschap returns noop for request 14 rlm_realm: No '@' in User-Name = begomez, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 14 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 14 users: Matched entry DEFAULT at line 153 modcall[authorize]: module files returns ok for request 14 rlm_pap: WARNING! No known good password found for the user. Authentication may fail because of this. modcall[authorize]: module pap returns noop for request 14 modcall: leaving group authorize (returns ok) for request 14 rad_check_password: Found Auth-Type System auth: type System Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 14 modcall[authenticate]: module unix returns notfound for request 14 modcall: leaving group authenticate (returns notfound) for request 14 auth: Failed to validate the user. Delaying request 14 for 1 seconds I'm using the UNIX module (see below). Maybe it's a Solaris issue and not freeradius. unix { # # Cache /etc/passwd, /etc/shadow, and /etc/group # # The default is to NOT cache them. # # For FreeBSD and NetBSD, you do NOT want to enable # the cache, as it's password lookups are done via a # database, so set this value to 'no'. # # Some systems (e.g. RedHat Linux with pam_pwbd) can # take *seconds* to check a password, when th passwd # file containing 1000's of entries. For those systems, # you should set the cache value to 'yes', and set # the locations of the 'passwd', 'shadow', and 'group' # files, below. # # allowed values: {no, yes} cache = no # Reload the cache every 600 seconds (10mins). 0 to disable. cache_reload = 600 # # Define the locations of the normal passwd, shadow, and # group files. # # 'shadow' is commented out by default, because not all # systems have shadow passwords. # # To force the module to use the system password functions, # instead of reading the files, leave the following entries # commented out. # # This is required for some systems, like FreeBSD, # and Mac OSX. # passwd = /export/home1/cms/passwd # shadow = /etc/shadow # group = /etc/group # # The location of the wtmp file. # This should be moved to it's own module soon. # # The only use for 'radlast'. If you don't use # 'radlast', then you can comment out this item. # radwtmp = ${logdir}/radwtmp } What ya think/ Frank | | Frank Everitt | | Systems Administrator :|||: :|||: 7025 Kit Creek Rd. :|: :|: RTP, NC 27709 ..:|||:.:|||: Ph :(919) 392-8885 FAX :(469) 574-5042 CISCO SYSTEMS Cell:(919) 624-6098 On Nov 27, 2007, at 2:34 PM, Alan DeKok wrote: Frank Everitt wrote: I'm running Freeradius 1.1.6 on a Solaris 10 platform and have run across a strange problem. My password file contains over 80 thousands entries and it appears that freeradius won't find a user entry beyond line 76665. Is there a buffer that can be bumped up or have I just reached a limitation of using the UNIX style password file within radiusd? Is the password being fetched from the unix module, or the passwd module? If it's passwd, switch to unix. If it's unix, then FreeRADIUS just does 'getpwent', and it's up to the system libraries to return the right entry.
Re: Password Authentication Failing
Frank Everitt wrote: Hi Alan... This is what I'm getting ... rad_check_password: Found Auth-Type System auth: type System Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 14 modcall[authenticate]: module unix returns notfound for request 14 That's pretty definitive. I'm using the UNIX module (see below). Maybe it's a Solaris issue and not freeradius. ... What ya think/ Looks like a Solaris issue. FreeRADIUS just calls getpwent(). If that returns notfound, it's not the fault of FreeRADIUS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: destination unreachable (port unreachable)
Worked after resetting the switch O_o Should've tried that sooner... Thanks Alan DeKok-4 wrote: inl2goal wrote: FreeRadius was working perfectly with EAP/MD5 a few weeks ago here. But some providers came here to offer a NAC solution and messed with the network configuration. Isn't NAC great? Authentication stopped working, and by using a sniffer we realised that packets get to the freeRADIUS server, to which it responds with a challenge but apparently that challenge never gets back to the switch and it sends a destination unreachable (port unreachable) message. Any ideas why that might happen? A firewall on the switch is blocking RADIUS traffic. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/destination-unreachable-%28port-unreachable%29-tf4883559.html#a13979027 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
vlan assignment
I am having trouble configuring VLAN assignment for CISCO switches, this is the debug output from when the user authenticates, any ideas? thanks rlm_sql (sql): Released sql socket id: 2 modcall[authorize]: module sql returns ok for request 13 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module pap returns noop for request 13 modcall: leaving group authorize (returns updated) for request 13 rad_check_password: Found Auth-Type EAP auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 13 rlm_eap: Request found, released from the list rlm_eap: EAP/md5 rlm_eap: processing type md5 rlm_eap: Freeing handler modcall[authenticate]: module eap returns ok for request 13 modcall: leaving group authenticate (returns ok) for request 13 Processing the post-auth section of radiusd.conf modcall: entering group post-auth for request 13 rlm_sql (sql): Processing sql_postauth radius_xlat: 'tortuga' rlm_sql (sql): sql_set_user escaped user -- 'tortuga' radius_xlat: 'INSERT into radpostauth (user, pass, reply, date) values ('tortuga', 'Chap-Password', 'Access-Accept', NOW())' radius_xlat: '/usr/local/var/log/radius/sqltrace.sql' rlm_sql (sql) in sql_postauth: query is INSERT into radpostauth (user, pass, reply, date) values ('tortuga', 'Chap-Password', 'Access-Accept', NOW()) rlm_sql (sql): Reserving sql socket id: 1 rlm_sql_mysql: query: INSERT into radpostauth (user, pass, reply, date) values ('tortuga', 'Chap-Password', 'Access-Accept', NOW()) rlm_sql (sql): Released sql socket id: 1 modcall[post-auth]: module sql returns ok for request 13 modcall: leaving group post-auth (returns ok) for request 13 Sending Access-Accept of id 17 to 10.19.100.196 port 1645 Framed-Protocol := PPP Service-Type := Framed-User Framed-Compression := Van-Jacobson-TCP-IP Tunnel-Type:0 := VLAN Tunnel-Medium-Type:0 := IEEE-802 Tunnel-Private-Group-Id:0 := 120 EAP-Message = 0x03030004 Message-Authenticator = 0x User-Name = tortuga Finished request 13 the user gets the attribute from a SQL table mysql select * from radgroupreply; ++---+-++-+ | id | GroupName | Attribute | op | Value | ++---+-++-+ | 1 | admin | Framed-Protocol | := | PPP | | 2 | admin | Service-Type| := | Framed-User | | 3 | admin | Framed-Compression | := | Van-Jacobsen-TCP-IP | | 10 | admin | Tunnel-Type | := | VLAN| | 11 | admin | Tunnel-Medium-Type | := | IEEE-802| | 13 | admin | Tunnel-Private-Group-ID | := | 120 | ++---+-++-+ -- View this message in context: http://www.nabble.com/vlan-assignment-tf4884769.html#a13980961 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: vlan assignment
Hi, I am having trouble configuring VLAN assignment for CISCO switches, not suprising as you are doing a comparison check operation. change the operator value for each return attribute to a straight-forward '=' alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: vlan assignment
I am having trouble configuring VLAN assignment for CISCO switches, And the problem is? Tunnel-Type:0 := VLAN Tunnel-Medium-Type:0 := IEEE-802 Tunnel-Private-Group-Id:0 := 120 mysql select * from radgroupreply; ++---+-++-+ | id | GroupName | Attribute | op | Value | ++---+-++-+ | 1 | admin | Framed-Protocol | := | PPP | | 2 | admin | Service-Type| := | Framed-User | | 3 | admin | Framed-Compression | := | Van-Jacobsen-TCP-IP | | 10 | admin | Tunnel-Type | := | VLAN| | 11 | admin | Tunnel-Medium-Type | := | IEEE-802| | 13 | admin | Tunnel-Private-Group-ID | := | 120 | ++---+-++-+ You have assigned VLAN 120 to the user. Just as you configured. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Convert from [EMAIL PROTECTED] to domain\user
Hi all I am a newbie to freeradius and I have searched the internet and all the documentation I can find, however I cannot find a simple solution to the following problem. I want to have the freeradius server act as a proxy and receive radius requests in the form [EMAIL PROTECTED] but then pass these requests to another server that needs to have the request in domain\user format. It would seem to be a simple format issue which you should be able to create an output template or something but I don't have a clue. Running freeradius v 1.188.2.4.2.12 Rob Graham - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Convert from [EMAIL PROTECTED] to domain\user
On Nov 27, 2007 9:40 PM, Robert Graham [EMAIL PROTECTED] wrote: Hi all I am a newbie to freeradius and I have searched the internet and all the documentation I can find, however I cannot find a simple solution to the following problem. I want to have the freeradius server act as a proxy and receive radius requests in the form [EMAIL PROTECTED] but then pass these requests to another server that needs to have the request in domain\user format. It would seem to be a simple format issue which you should be able to create an output template or something but I don't have a clue. Running freeradius v 1.188.2.4.2.12 Rob Graham Hey Rob - I'd first upgrade to 1.1.7. I think you can put: DEFAULT User-Name =~ ^([EMAIL PROTECTED])@realm.com, NAS-IP-Address == 127.0.0.1 User-Name := %{1}\realm.com http://wiki.freeradius.org/Adding%2C_Removing%2C_Modifying_Attributes_for_further_processing -- Nicholas Hall [EMAIL PROTECTED] 262.208.6271 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html