Le mercredi 06 février 2008, Alan DeKok a écrit :
Thierry CHICH wrote:
However, it the accounting is always done with the outer identity
...
Login OK: [EMAIL PROTECTED]/] (from client
ap-rectorat02 port 0)
+- entering group post-auth
expand: %{request.User-Name} -
Pshem Kowalczyk wrote:
It looks like there is still issue with reading from the file. From
the debugging I did I think that the problem is with freeradius
noticing that it already got to the end of the .work file and should
close it.
What does that mean?
My C foo is not very strong, but
Norbert Wegener wrote:
your answer lets me assume, the problem is with my configuration :-(
The output is at http : //www.wegener-net.de/freeradius/typescript
Wed Feb 6 18:02:23 2008 : Debug: rlm_eap_tls: TLS 1.0 Alert
[length 0002], fatal certificate_expired
Wed Feb 6 18:02:23 2008 :
Joe Vieira wrote:
im running 2.0.1 and i saw those errors at the end of a string of these
errors...
Wed Feb 6 10:43:04 2008 : Error: rlm_eap: Failed to remember handler!
Wed Feb 6 10:43:07 2008 : Error: rlm_eap: Failed to remember handler!
Ugh. That means that something is going very
Alan DeKok schrieb:
Norbert Wegener wrote:
your answer lets me assume, the problem is with my configuration :-(
The output is at http : //www.wegener-net.de/freeradius/typescript
Wed Feb 6 18:02:23 2008 : Debug: rlm_eap_tls: TLS 1.0 Alert
[length 0002], fatal certificate_expired
Thierry CHICH wrote:
You are right. I think this typo is in the original file inner-tunnel
included
in the distrib,
Yes, I've fixed it.
but it work better - but not as I want. Now, I have a good
Access-Accept packet, but it is seems that the accounting-request following
don't care.
Hello,
I use freeradius-1.1.3-1.2.el5 and freeradius-mysql-1.1.3-1.2.el5. the
mysql database (mysql-server-5.0.22-2.1.0.1) is hosted on a remote host
(both centos5).
When I use /etc/init.d/radiusd as root it starts up correctly. But when
the service is launched at boot time, I get this
Hello,
I use freeradius-1.1.3-1.2.el5 and freeradius-mysql-1.1.3-1.2.el5. the mysql
database (mysql-server-5.0.22-2.1.0.1) is hosted on a remote host (both
centos5).
When I use /etc/init.d/radiusd as root it starts up correctly. But when the
service is launched at boot time, I get this
mailinglists wrote:
Hello,
I use freeradius-1.1.3-1.2.el5 and freeradius-mysql-1.1.3-1.2.el5. the
mysql database (mysql-server-5.0.22-2.1.0.1) is hosted on a remote host
(both centos5).
When I use /etc/init.d/radiusd as root it starts up correctly. But when
the service is launched at boot
Norbert Wegener wrote:
But it would be helpful for a service desk to know that an expired
certificate was the reason to refuse access.
My intention was to provide this information in radpostauth.
It seems, this cannot be achived the way I tried. Is there another way
to go for this?
The
Le jeudi 07 février 2008, Alan DeKok a écrit :
Thierry CHICH wrote:
You are right. I think this typo is in the original file inner-tunnel
included in the distrib,
Yes, I've fixed it.
but it work better - but not as I want. Now, I have a good
Access-Accept packet, but it is seems that
Alan DeKok a écrit :
mailinglists wrote:
Hello,
I use freeradius-1.1.3-1.2.el5 and freeradius-mysql-1.1.3-1.2.el5. the
mysql database (mysql-server-5.0.22-2.1.0.1) is hosted on a remote host
(both centos5).
When I use /etc/init.d/radiusd as root it starts up correctly. But when
the service
@Arran Cudbard-Bell
Write a regular expression to strip off the proceeding \
Heres one I did earlier If I remember correctly it's to escape to
one \ in the username ... \\ To escape it in the RegExp string, \\ to make \
literal in the regular expression...
I'm not so familiar with
Hi,
Do you mean that I must allow my user on the mysql server ? I don't think
so, since there is no traffic from the freeradius to mysql at boot time.
And furthermore, the user *is* allowed to connect to database from the
free-radius host
There are perhaps permissions problems on the
Stefan Puch wrote:
@Arran Cudbard-Bell
Write a regular expression to strip off the proceeding \
Heres one I did earlier If I remember correctly it's to escape to
one \ in the username ... \\ To escape it in the RegExp string, \\ to make \
literal in the regular expression...
Hi all
I’m trying to assign a different IP Pool per realm, instead of the IP being
assigned by the NAS.
However after reading some postings and doing some searching I can’t get
this to work.
The realms we want to assign different IP Pools to, we proxy to different
customers.
So we don’t do the
[EMAIL PROTECTED] a écrit :
Hi,
Do you mean that I must allow my user on the mysql server ? I don't think
so, since there is no traffic from the freeradius to mysql at boot time.
And furthermore, the user *is* allowed to connect to database from the
free-radius host
There are perhaps
Hi,
Yes I already check that, SELINUX is disabled
[EMAIL PROTECTED] ~]# cat /etc/selinux/config
SELINUX=disabled
SELINUXTYPE=targeted
SETLOCALDEFS=0
another idea ? perhaps something with permissions on binaries ?
what happens if you start the daemon from the command line
with
Well,
I've writen a patch for realms.c and now, I've a better behaviour:
rlm_realm: Looking up realm extern.realm.com for User-Name =
[EMAIL PROTECTED]
rlm_realm: Found realm DEFAULT
rlm_realm: Proxying request from user anonymous to realm DEFAULT
rlm_realm: Adding Realm =
The virtual_server = inner-tunnel seems to have done the trick. Thanks
for your help.
-andrew
Dmitry Sergienko wrote:
Hi!
If you still have no luck with 1.1.7 proxying mschapv2, try to move to
2.0.1 with patches in event.c discussed yesterday in freeradius-users.
I'm trying to do the same
JB wrote:
Hi,
I'm afraid I'm currently not seeing the wood for the trees, please help
me out. ;-)
I'm using stored procedures in MySQL to query for check and reply items
for users. I don't need (or want) user groups so there's always a
positive Fall-Through attribute returned.
Be aware
Hi,
I'm afraid I'm currently not seeing the wood for the trees, please
help me out. ;-)
I'm using stored procedures in MySQL to query for check and reply
items for users. I don't need (or want) user groups so there's always
a positive Fall-Through attribute returned.
There are quite a
[EMAIL PROTECTED] wrote:
Hi,
I'm planning a FreeRadius deployment where the same machine will be
running two FreeRADIUS instances, each one listening in different
interfaces with different ip adresses. However, I had been looking in
the documentation forthis possibility and found no
Phil Mayers (07.02.2008 19:27):
JB wrote:
Hi,
I'm afraid I'm currently not seeing the wood for the trees, please
help me out. ;-)
I'm using stored procedures in MySQL to query for check and reply
items for users. I don't need (or want) user groups so there's
always a positive
I need the instructions to start the freeradius server from any user
account of the linux machine other than root. Can anyone help me out?
Thanks,
Deepak
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--On Thursday, February 07, 2008 10:24:11 AM +0100 Alan DeKok
[EMAIL PROTECTED] wrote:
mailinglists wrote:
Hello,
I use freeradius-1.1.3-1.2.el5 and freeradius-mysql-1.1.3-1.2.el5. the
mysql database (mysql-server-5.0.22-2.1.0.1) is hosted on a remote host
(both centos5).
When I use
Hi,
EAP type module in autz sets Auth-Type to be EAP, allowing :
Auth-Type {
eap
... unlang
}
But it appears the eap module releases the tunneled reply into the
current reply list,
then everything skips to post-auth.
#
# Allow EAP authentication.
Auth-Type EAP {
Have you noticed some warnings about password attribute in the debug?
Maybe using appropriate password attribute might help ;-)
Ivan Kalik
Kalik Informatika ISP
Dana 7/2/2008, cxu [EMAIL PROTECTED] piše:
Hi,
I am testing the freeradius server, and try to clarify rules applied in
freeradius.
you could use sudo by editing the /etc/sudoers file. There should be
examples in this file. Then just add all the users allowed to start
radius to a group. and allow that group access to run
/etc/init.d/freeradius or whatever is needed.
On Feb 7, 2008 12:19 PM, Deepak Panigrahy [EMAIL PROTECTED]
Has anyone try this?
Use FreeRadius 2 , yo can instantiate two virtual servers and bind them
to different ip addresses.
Downloading it right now.
Thanks.
Pablo Cuesta
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I'm planning a FreeRadius deployment where the same machine will be
running two FreeRADIUS instances, each one listening in different
interfaces with different ip adresses. However, I had been looking in
the documentation forthis possibility and found no information about it,
so I don't know
{cut}
It looks like there is still issue with reading from the file. From
the debugging I did I think that the problem is with freeradius
noticing that it already got to the end of the .work file and should
close it.
What does that mean?
That freeradius renames the detail file to
Hi Guys, some help please .
I am trying to do a attr rewrite to change an Attribute value then do a
check based on the attribute that is changed, if the check fails do another
attrib rewrite to the next value and do another check, until either the
check fails or passes. There is basically only
Thank you, Ivan! You pointed out the part that I feel confused. A dumb
question. How could I configure freeradius to replace User-Password in
config items with Cleartext-Password?
Thanks again!
!!!
!
!!!
!!!
Me again. I feel pretty stupid now as the listen section was documented
on the radiusd.conf file but i read over it.Anyway,I had checked the
1.1.7 i got installed and it has the listen section which seems to
allow to use the same FreeRADIUS server to listen at different IPs and
ports. However,
Return:
attr = 'Auth-Type'
op = ':='
value = 'Reject'
Of course! How embarrassing. ;-)
I actually tried that before but during the reply-items-query which
has no effect. Returning Auth-Type := Reject from the check-items-
query does the trick. Makes sense, doesn't it?
Ok, now I'm
password_attibute in ldap section. But your password is not clear text.
You might need to create an entry in ldap.attrmap for SHA-Password. You
will be able to do pap requests but not much more with the password you
are storing.
Ivan Kalik
Kalik Informatika ISP
Dana 7/2/2008, cxu [EMAIL
I have not found my way out yet. How does the ldap module in authorize section
to set
Auth-Type attribute to ldap?
My initial thought is the ldap module in authorize section checks the
User-Password
attribute in the incoming Access-Request message, and if the password is in
clear text
then
Pshem Kowalczyk wrote:
As I said - my C skills are not very good. From my understanding -
freeradius can't see that it got to the end of the .work file and it's
time to close it and move on.
Why? That line of code checks if it's at the end of the file.
At this stage the .work file is
My Honest opinion of this news list / user group is that it is not helpful
at all, it seems if you are not in the click, no one helps, does anyone
moderate this or not ? I have posted twice now and no one replies.
Regards
Keith
From: Keith Dovale - HostworX.co.za [mailto:[EMAIL
Keith Dovale - HostworX.co.za wrote:
My Honest opinion of this news list / user group is that it is not
helpful at all, it seems if you are not in the click, no one helps, does
anyone moderate this or not ? I have posted twice now and no one replies…
Is there a contractual obligation
41 matches
Mail list logo