hi all,
i am using mikrotik hotspot + freeradius , i have weird issue that
radius send Stop Packet but the user still logged in in mikrotik. it
happened in random time. is there any idea what config or issue for this
problem ?
regards,
kris
-
List info/subscribe/unsubscribe? See http
i`m using Mikrotik (Hotspot) + Freeradius + Mysql + perl postscript to
check auth , on perl script i do check quota based on radacct table. if
quota more than xxx Gb then you cant login.
the problem are like this what the result of accounting different with
value that send to NAS. like this
how much are 32-bit number ?
any possible way to configure it larger than 32-bit number ?
Alan DeKok wrote:
Kris wrote:
i`m using Mikrotik (Hotspot) + Freeradius + Mysql + perl postscript to
check auth , on perl script i do check quota based on radacct table. if
quota more than xxx Gb
it is not mikrotik issue cause freeradius send incorret values , that
mean i must configure freeradius to support more than 32-bit right ?
[EMAIL PROTECTED] wrote:
how much are 32-bit number ?
2 times 2 times 2 times etc. 32 times. If that's the numer of bytes than
4GB.
any
into a space it can't fit.
Ivan Kalik
Kalik Informatika ISP
Dana 11/10/2007, Kris [EMAIL PROTECTED] piše:
it is not mikrotik issue cause freeradius send incorret values , that
mean i must configure freeradius to support more than 32-bit right ?
[EMAIL PROTECTED] wrote:
how much are 32
I'm having issues with getting SLES 9 build (0.9.3) of Freeradius to
authorize.
I've configured freeradius to use users file and mysql to authorize users.
Radtesting works locally for both a file account and a SQL account, but when
I attempt radtest from another server, I get failures such as
on the
server and not anything with Freeradius. Is that correct?
Thanks,
Kris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
So sorry, I'm using SLES 9 for x86_64
--Kris
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Seferovic
Edvin
Sent: Tuesday, May 24, 2005 10:50 AM
To: freeradius-users@lists.freeradius.org
Subject: RE: shared secret problem
Hi,
can you tell us what
Novell/SuSE development has an updated package in testing that fixed my
problem. I would assume it will be available shortly.
While I do not have a continuing support package with them yet, they took
care of this problem promptly. Consider me one satisfied user.
--Kris
-Original Message
When I run this script I get
[EMAIL PROTECTED] bin]# ./log_badlogins
Could not open file none
[EMAIL PROTECTED] bin]#
What can I do to fix this?
You must specify the location of the radius.log to get the bad login
information from.
-
List info/subscribe/unsubscribe? See
In the tuning guide, where it states Tune the num_sql_socks to be larger
than the
number
of simultaneous authentication/accounting requests does this mean if I have
6700 user
accounts, I would want to set the num_sql_socks to be larger than that since
it is
possible that all will try to
Hi,
Not sure about it but I think you might be able to use regex to do that.
It may be something like:
if(%{NAS-Port-Id} =~ / \b[1-4][0-9]{3}/) { #this to extract the vlan
switch %{1} { #this to refer to the matched vlan tag substring
case 1000 {
= ${cadir}/2048ca.pem
CA_file = ${cadir}/4096ca.pem
Thanks,
Kris Armstrong
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the postgres driver? I've gotten configure to see mysql, iodbc, unixodbc but I want (need) a native postgres driver. Any help would be _greatly_ appreciated.
Thanks in advance,
Kris
statements into the radcheck sql table. Do I have to write these myself? or is it more simplistic than that? Can you do this when seperating the authentication mechanism from sql? Thanks in advance.
Kris
ing clever in the sql.conf file?
Thanks again,
Kris
Nicolas Baradakis [EMAIL PROTECTED] wrote:
Kris Efland wrote: Packet-Type = Access-Request Sat Mar 5 15:04:02 2005 User-Name = "user" User-Password = "password" NAS-IP-Address = 1.2.3.4 Client-IP-Address = 1.3.4.5 Module-Fai
not sure if this is a Windows issue or a FreeRadius issue at this
point -- the noop seems odd, but perhaps it's what is being sent that is
causing it.
If someone could offer some suggestions, it would be greatly appreciated.
Kindest regards,
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District
Kris Benson [EMAIL PROTECTED] wrote:
I have self-compiled the EAP module on Debian due to the binary
distribution restrictions, and the error I'm getting is:
module eap returns noop for request [number]
And what does the *rest* of the debug output say?
Hi Alan,
I was thinking I'd save
Kris Benson [EMAIL PROTECTED] wrote:
I have self-compiled the EAP module on Debian due to the binary
distribution restrictions, and the error I'm getting is:
module eap returns noop for request [number]
And what does the *rest* of the debug output say?
Hi Alan,
I was thinking I'd save
with OpenLDAP practically
out-of-the-box.
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
melvin [EMAIL PROTECTED] on July 24, 2005 at 02:47 -0800 wrote:
Hi Kris,
Thanks for your reply. I will be very grateful if you could post your
config
entries to me. Many tks.
Hi Melvin,
Please see attached.
I have included the certs, passwords, etc. as they are currently testing
only ones
other instructions that *broke* our certificate use.
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
. Since AD
is available via LDAP, why couldn't this FreeRadius install just use
rlm_ldap to access the machine account info in AD?
The Microsoft side of things isn't my greatest strength, least of all the
AD/LDAP stuff, but it seems as though this *should* work.
:-)
-kb
--
Kris Benson, CCP
information?
Any help would be appreciated -- thanks in advance.
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
for
auth-failed, thus the browser thinks it's OK to use the old credentials.
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
to the client. This is a bit
of a pain, however.
Hope that helps,
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
of writing our
own now, and anything that might have some more gotchas is good.
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
there...
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
?
Hi Dusty and Kris,
The ip address I am using for the ldap is correct, when using ldapsearch
ldapsearch -h 198.100.0.18 -b ou=people,o=marymount.edu,o=marymount.edu
-D
cn=directory manager -W
I can connect and get prompted for the password, after which I get a
complete dump of the LDAP
, at least not in the
standard OpenLDAP w/FreeRadius extensions schema that I have.
What if you start by removing that part of the filter and just searching
for the uid?
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)
-
List info/subscribe
a
different set of ports, or one to each IP, you could have separate configs.
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
due to some legal issue.
This includes eap_tls, eap_ttls, eap_peap, etc.
The compile-from-source solution works well -- you just need to apt-get
install these:
libmysqlclient14-dev
libldap2-dev (if you want LDAP support)
libssl-dev
HTH,
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District
is generally a better choice than any Linux
variant, YMMV.
You are right about outdated packages -- the Debian Freeradius package is
v1.0.2... and comes without EAP-TLS and anything that requires it.
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince
dn: uid=kbenson,ou=techstaff,dc=sd57,dc=bc,dc=ca
sn: Benson
mail: [EMAIL PROTECTED]
cn: Kris Benson
gidNumber: 100
homeDirectory: /home/staff/kbenson
objectClass: inetOrgPerson
objectClass: posixAccount
uidNumber: 3
userPassword: {CRYPT}*
uid: kbenson
Let me know if there's anything else
is plaintext.
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
, 100)) {
// the usual md5(time+pid)
}
printf(Random : %s\n, buf);
}
8 cut---
Compile it like this: gcc random.c -o random -lcrypto
I will generate 32-bit LSB executable named random, try it with ./random.
Move this file to /etc/mycerts/:
mv random /etc/mycerts/.
-kb
--
Kris Benson, CCP, I.S.P
FreeRadius users mailing list freeradius-users@lists.freeradius.org on
August 9, 2005 at 19:03 -0800 wrote:
Kris,
Thanks for your help.
Do you think that (1) and (2) in my previous message could be the
reason that freeradius will not authenticate the client?
No, not now. Judging from
FreeRadius users mailing list freeradius-users@lists.freeradius.org on
August 10, 2005 at 05:34 -0800 wrote:
Kris,
Aug 10 07:06:21 2005 : Debug: rlm_ldap: bind as
uid=sbarnes,ou=people,o=marymount.edu.o=marymount.edu/cortina to
info.marymount.edu:389
Wed Aug 10 07:06:21 2005 : Error: rlm_ldap
... with this you get different random numbers every time.
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
|
- o=marymount.edu
should this maybe be o=marymount.edu,o=marymount.edu ?
Just a thought... your original looks like a typo, based on the fact that
the two fields are not being joined by a comma.
HTH,
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince
really though. :-)
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
You don't need client certs with EAP-TTLS.
The MacOS X.2 (or better) with latest patches will do TTLS builtin.
There is a supplicant available for Linux, too -- Xsupplicant, courtesy of
the Open1x project.
Let me know if you need any other tips or tricks.
-kb
--
Kris Benson, CCP, I.S.P
of LEAP (e.g. simple username/password),
your best bet is to look at EAP-TTLS/PAP. If you want the hashing
functions (whereby CHAP of some sort is used), PEAP will work, given the
right subtype.
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George
work, let me know and I can help you further -- this is where I
solved my problem. :-)
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius users mailing list freeradius-users@lists.freeradius.org on
August 16, 2005 at 18:18 -0800 wrote:
Thanks Kris!
Everything appeared to compile, install and run without any errors.
If you have any tips or good links for up to date information on how
to set freeradius up to talk
of.
The best bet is to use the LDAP posixgroup objectclass -- then you can
force certain radius clients to require a specific group membership.
Let me know when you get closer to implementation and I can help you with
some config files.
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
FreeRadius config isn't understanding your
tunnel.
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
47 matches
Mail list logo