-Status-Type == 'Stop') - TRUE
++- entering if (Acct-Status-Type == 'Stop') {...}
[detail]expand:
/usr/local/fnmt/freeradius2//var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
- /usr/local/fnmt/freeradius2//var/log/radius/radacct/
10.77.202.78/detail-20090820
[detail]
/usr/local/fnmt
Look at the radcheck table. Attribute name Calling-Station-Id.
Magui wrote:
Hello, i want to know how combine user,password and telephone number
for to authenticate an user in order to give acces to my network.
Please I only need an superficial orientation ,not to detail
Hi,
can anybody give me an example working configuration for buffered-sql
accounting with detail module.
I'm using the following configuration but it's not working.
/
sites-available{
default{
preacct {
preprocess
acct_unique
suffix
Kanwar Ranbir Sandhu wrote:
. ... So, effectively, freeradius shows TWO live sessions for
the same user. When we check the NASes, we see two sessions for the
same user there as well.
Then the user has logged in twice. There really ARE two sessions.
I've run radius in debug mode, reviewed
Alexander Clouter wrote:
Only me...again doing things I probably should not do with FreeRADIUS.
It shouldn't crash...
So I decided to slap in unwisely placed 'handled' and the attr_filter on
the proxying server (in post-proxy) exploded. The backtrace is below
and I also slipped in a
Rakotomandimby Mihamina wrote:
I am on the way to migrate a freeRadius V1 to a V2.
I would like to log the queries submitted to the running V1,
so thaht I could test them via 'radclient' to the V2, before
switching to production stage.
So, on a V1.4, what kind of loggin should I enable in
Hello,
It has been stated in release notes for FR 2.1.6 that loosing of tags
for tagged attributes is fixed in rlm_perl in this version, but it is
not.
Look at the example below:
$ radiusd -v | head -1
radiusd: FreeRADIUS Version 2.1.6, for host i386-portbld-freebsd7.2,
built on Aug 18
Joe Maimon wrote:
Certain systems need copies of accounting data, but I only want to send
a subset of accounting to the appropriate system. I dont want to change
the way the server updates the sql accounting and local detail files.
If you need *multiple* copies, then the detail write/reader
Hi,
I'm using the following configuration but it's not working.
^^
whats not working? whats the symptoms? wheres the radiusd -X ?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi list.
This is my first message to the list. I have read a lot before send
this message.
I have freeradius version 2.1.6 and want to for every accounting
packet exec a script.
I have configured the ${confdir}/modules/files file with:
acctusersfile = ${confdir}/acct_users
and my acct_users
RANDRIAMAMPIONONA José Johnny wrote:
Here are the debug from the radius server:
You have firewall rules that are blocking the packets.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Your sql should be changed.
Check any post on 24hours login. That logic will resolve this 2 days thread.
Goksie
Sent from my BlackBerry® smartphone from Etisalat
-Original Message-
From: Alexandre Chapellon alexandre.chapel...@mana.pf
Date: Wed, 19 Aug 2009 07:55:47
To: FreeRadius
hi ,
when i run radiusd -X
facing below problem.
Could not link driver rlm_sql_oracle: ld.so.1: radiusd: fatal:
rlm_sql_oracle.so
Make sure it (and all its dependent libraries!) are in the search path of
your s
/usr/local/etc/raddb/sql.conf[22]: Instantiation failed for module sql
Hi All,
does anyone can authenticate users with double quotes in their password
with MS-CHAP ?
No problem with TTLS/pap.
Thanks.
--
Richard Timsit richard.tim...@epfl.ch
EPFL DIT-TI
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Hi All,
does anyone can authenticate users with double quotes in their password
with MS-CHAP ?
No problem with TTLS/pap.
check the password and escape dodgy characters ?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 08/19/2009 06:37 PM, ganesh nagpure wrote:
Hi Jonathan,
Thanks fo your reply.
BRAS is 7206 cisco brodband RAS we are integrating with free radius.
We have two type of user prepaid and post paid .
I am just worndering how can i define this in cisco-avpair += parameter.
I'm afraid I can't
Hi,
I have lived the same problem depicted here.
Alan De kok suggested to prevent the thread creation
http://lists.cistron.nl/pipermail/freeradius-users/2007-October/msg00257.html .
Is there another solution for that (maybe changing a sysctl value ) since
machine has lots of memory and very
Alan DeKok wrote:
Joe Maimon wrote:
Certain systems need copies of accounting data, but I only want to send
a subset of accounting to the appropriate system. I dont want to change
the way the server updates the sql accounting and local detail files.
If you need *multiple* copies, then
Hi,
I have freeradius with proxy configuration i want to do following setup.
Some user will get aucc and auth by proxy radius and some will be locally.
1) Free radius server will accept request from RAS server ( Cisco) and forward
to proxy radius and reply of proxy radius will be send back to
HelloI
I have been testing with my freeradius and cisco devices, such as
switches, firewalls, acces points, ...
Now, I´m able to configure users validation through freeradius with
Access Points and Peap.
Get shell acces to cisco devices and establish the level privilege of
them with freeradius.
Alan DeKok wrote:
Joe Maimon wrote:
Certain systems need copies of accounting data, but I only want to send
a subset of accounting to the appropriate system. I dont want to change
the way the server updates the sql accounting and local detail files.
If you need *multiple* copies, then
Hello,
Could someone let me know if I can insert a new NAS in the
following format
insert into nas
values('','xx.xx.xx.112/29','shortname',)
Or do I have to insert each IP individually
insert into nas values('','xx.xx.xx.112','shortname',)
insert into nas
On Thu, 2009-08-20 at 08:55 +0200, Alan DeKok wrote:
. ... So, effectively, freeradius shows TWO live sessions for
the same user. When we check the NASes, we see two sessions for the
same user there as well.
Then the user has logged in twice. There really ARE two sessions.
Ok, fair
If you're asking if you can use classless masks to represent a block of
IP's, yes you can. If you're asking if you can use wildcards in the
IP addresses - I don't know... I doubt it.
-Original Message-
From: freeradius-users-bounces+ggatten=waddell@lists.freeradius.org
Joe Maimon wrote:
So I define multiple home servers as the potential destinations for the
copied accounting in proxy.conf
Yes. AND you write to multiple detail files.
How do I specify where to send the accounting in the detail-reader?
Either of these?
ATTRIBUTE Proxy-To-Realm
Hello Gary,
thank you very much for your reply.
No, not the wildcards.
Few IPs within the same class. I was not sure if I could
use /29.
Thanks again.
Irina
===
If you're asking if you can use classless masks to
represent a block of IP's, yes you can. If you're asking
Good Morning All;
I am looking for direction into correcting an issue with FR 2.X authenticating
against a Krb5 directory with Hardware Pre-Auth enabled. Currently I am not
finding any luck in getting this off the ground.
Thank you
Larry Ross
Network Operations
University California Davis
Got it. I was specifying detail file path incorrect and it's not finding
it.one more question regarding this.
sites-available/default have preprocess section. and same section in
sites-enabled/buffered-sql present. Does preprocess section in buffered-sql
needs to be commented out?
Thanks.
Hi,
Got it. I was specifying detail file path incorrect and it's not finding
it.one more question regarding this.
sites-available/default have preprocess section. and same section in
sites-enabled/buffered-sql present. Does preprocess section in buffered-sql
needs to be commented out?
that
Hi,
Hello,
Could someone let me know if I can insert a new NAS in the following
format
insert into nas values('','xx.xx.xx.112/29','shortname',)
you can use sucha netmask to cover a rangebut they'll all
then use the same secret and be identified by the same shortname.
...jyst
hi,
in my proxy.conf I have a FQDN for a proxy destination.
that FQDN has a record (and all other operations to
it from the server us IPv6 for transit). however, FreeRADIUS
doesnt want to talk to that remote proxy via IPv6
anyone else successfully SENDING proxied packets from FreeRADIUS
Of course it implies you have installed the oracle instantclient
provided by oracle in /opt/oracle...
If not point to where the oracle libs are depending on your unix
flavour.
As far as i remember the post you quoted in your mail was about ubuntu
Linux radius server with no oracle instance
Hello Rokkhan,
I was curious if you could send me the configuration you have on your Cisco
AP's for telnet/ssh access? I'm having some trouble with mine, but I'm able to
authentication my routers and switches just fine.
I would ask the mailing lists, but they sometimes aren't very helpful. ;)
Hello Allan,
Thank you for your reply.
ensure your netmask etc are correct
:-)) I hope so. I was giving it like this (IP address
plus slash 29: 10.1.1.112/29)
My trouble was I did not know if I could use 10.1.1.112/29
as nasname.
Thank you all.
Cheers
Irina
==
Hi,
Hello,
I'm relatively new to FR, unlang, etc. - so bear with me.
Trying to use M$ XP 802.1x supplicant to auth to a Cisco switch. I've
gotten MD5 to work no prob (also vty login to the switch itself using
NTLM-Auth) - but can't seem to get EAP-TLS (certs) or PEAP to work.
Given that in my cert
I've been playing around with conf/module files trying to strip the
DOMAIN out of my login request - but no luck!
Have you tried with_ntdomain_hack = yes in the mschap module config?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
If in my PEAP conf I uncheck Automatically use my Windows logon name
and password and enter my username/password manually - I auth fine.
I've been playing around with conf/module files trying to strip the
DOMAIN out of my login request - but no luck!
this pretty muhc works out of the
Yup, that line is there. Much of the doc online is WAY out of date, so I'm
wondering if by actually RTFM first I broke something?
- Original Message -
From: freeradius-users-bounces+ggatten=waddell@lists.freeradius.org
Here are my sites-enabled/default and sites-enabled/inner-tunnel files.
Thanks,
Anton
2009/8/19 Alan Buxey a.l.m.bu...@lboro.ac.uk:
Hi,
I have another freeradius host (freeradius 2.1.3) with the same
authentication scheme.
I look at debug output on it:
Found Auth-Type = MSCHAP
+-
On 08/20/2009 01:05 PM, Larry Ross wrote:
Good Morning All;
I am looking for direction into correcting an issue with FR 2.X
authenticating against a Krb5 directory with Hardware Pre-Auth enabled.
Currently I am not finding any luck in getting this off the ground.
I don't know what Hardware
Nope - no love! I'll capture a successful PEAP login when I manually
enter the credentials, and the failed login when using the windows
credentials.
Standby.
Gary
-Original Message-
From: freeradius-users-bounces+ggatten=waddell@lists.freeradius.org
you can not to use /29 for 8 IPs because 3 bits have exactly 8 combination
,..x000 is the network and ...x111 is the difusion ,then really you have 6 IPs
with /29, you need /28 16 combinations minus two,min 14 IPs for 8 numbers.
--
Este mensaje le ha llegado mediante el servicio de correo
If I understand you correctly - I respectfully submit you are incorrect.
When using VLSM / classless masks to define a NETWORK, you are correct
(I haven't checked the math - just assuming you are correct). However,
when defining ACL type stuff, the proposed /29 would be perfectly OK.
That said,
Whoops! I tried the change you mentioned and now can't get manual auth
to work either. I commented out the working lines and restored them,
but still no love! $hit.
-Original Message-
From: freeradius-users-bounces+ggatten=waddell@lists.freeradius.org
OK, got manual PEAP auth working again.
-Original Message-
From: Gary Gatten
Sent: Thursday, August 20, 2009 3:55 PM
To: 'FreeRadius users mailing list'
Subject: RE: MS 8021.x PEAP failing
Whoops! I tried the change you mentioned and now can't get manual auth
to work either. I
Yup, that line is there. Much of the doc online is WAY out of date, so I'm
wondering if by actually RTFM first I broke something?
Ok. This may sound crazy and it may not be your problem, but, I thought I'd
mention it anyway.. Look at the samAccountName attribute in A/D for a user
that is
Maybe, but I'm thinking it's the whole Domain Name thing being prepended
to my user name. When I login manually the user name is simply
ggatten and everything is happy. When I choose use windows logon
name and password my username becomes WADDELL\ggatten.
If I can strip off the domain name I
Check this out... I entered the Domain Name manually and it worked!
So, now I have no freaking clue... I thought it was something with the
// in the DomainName//UserName - but doesn't look like it.
Here's some debug output. I snipped all the stuff before this output -
from what I can tell
Le jeudi 20 août 2009 à 01:07 +0100, Neville a écrit :
Hi Alex,
You are expecting an interim update to send session-timeout to your nas
so it disconnect your user?
If so, two things seems incorrect to me.
1- You're measuring traffic volume and want disconnection to set
based on
Hi
I am running FreeRADIUS v2.1.6.
Problem is found when SQL works in 'users'.
sql.conf:
sql sql_auth {
Some auth-queries...
}
sql sql_acct {
Some acct-queries...
}
radiusd.conf:
authorize {
files
sql_auth
}
users:
DEFAULT SQL-Group == 'Group1'
...
But files
escuse me, you are correct .is only to range, for 8 IPs is OK, then the network
for this (stuff /29) must be = /27.the signification of /x in VLSM and ACL
type stuff is the same ,no changes in the
x first bits.
--
Este mensaje le ha llegado mediante el servicio de correo electronico que
I am experiencing the following oddness I am hoping someone can shed some light
on...
We are using FR 2.X and LDAP for MSCHAPv2 authentication. We are storing the
NT-Password Hash within LDAP, utilizing ldap.attrmap to map our LDAP variable
to NT-Password
So when an MSCHAPv2 based Auth comes
52 matches
Mail list logo
