Yes it is. Read instructions in users file and:
http://wiki.freeradius.org/Operators
Ivan Kalik
Kalik Informatika ISP
Dana 6/12/2007, ajay raut [EMAIL PROTECTED] piše:
Hi,
I want to use nas-ip address of the radius-request to be checked in
users.conf file for the users authorization to
How about multiple pools - one for each subnet. If I recall well, you add
all the ippools to post-auth section of radiusd.conf and use Pool-Name
:= DEFAULT. That worked some years ago. Haven't tried it lately.
Ivan Kalik
Kalik Informatika ISP
Dana 6/12/2007, Marcelus Trojahn [EMAIL PROTECTED]
http://www.freeradius.org/radiusd/doc/rlm_passwd
Deny access after one month - Expiration attribute.
Ivan Kalik
Kalik Informatika ISP
Dana 7/12/2007, Monah Baki [EMAIL PROTECTED] piše:
Hi all,
I am new to freeradius and I want to know if it's possible to perform the
following.
I provide for
Yes. Static - Framed-IP-Address attribute, dynamic - set up ippool in
radiusd.conf.
Ivan Kalik
Kalik Informatika ISP
Dana 10/12/2007, Marc delavaud [EMAIL PROTECTED] piše:
Hello,
Can freeradius assign ip to users connecting to cisco VPN 3000 ?
-
List info/subscribe/unsubscribe? See
Default users file has DEFAULT entries for that Service-Type and
protocol. Default radiusd.conf uses files. You have changed the defaults
and it's not working anymore. In default configuration make changes
only to the ldap section and leave the rest as it was.
Ivan Kalik
Kalik Informatika ISP
Yes indeed, I changed the default entries of the users.conf because
freeradius wasn't replying with the attributes
Why? Are you sure that server didn't respont the way it was supposed to?
Send the output from radiusd -X from the request.
Ivan Kalik
Kalik Informatika ISP
-
List
http://wiki.freeradius.org/index.php/Rlm_eap
Configure clients.conf and users file. EAP-SIM will work with default
radiusd and eap settings.
Ivan Kalik
Kalik Informatika ISP
Dana 11/12/2007, Raghavendra. S [EMAIL PROTECTED] piše:
Hi All,
I want to use RADIUS server to test EAP-SIM. I
http://wiki.freeradius.org/Rlm_sql
Ivan Kalik
Kalik Informatika ISP
Dana 11/12/2007, rgreiner [EMAIL PROTECTED] piše:
Hi,
is there any reference text I could use to see how to configure a
Freeradius server to use two different mysql databases? What I need is,
depending on the realm of the
Framed-IP-Address
Just make sure that address is not in the pool.
Ivan Kalik
Kalik Informatika ISP
Dana 11/12/2007, hadi golestani [EMAIL PROTECTED] piše:
Hello,
I need to assign static ips to serveral users but not all of theme,
and I feel it's a bad way to define an ip pool for each of
Example is fine. Reply items apply only to the huntgroup under which
they are listed. They won't apply to others even with the same name.
Try this (not sure if Huntgroup-Name works in preprocess):
alphen NAS-IP-Address == 192.168.2.5
alphen NAS-IP-Address == 192.168.2.6
let_in
And that address is coming from ... ? Are you assigning ippool through
the group? Remove him from that group.
Ivan Kalik
Kalik Informatika ISP
Dana 11/12/2007, hadi golestani [EMAIL PROTECTED] piše:
I've inserted this record to my radius db:
insert into radcheck ( username , attribute , op ,
So you are using DHCP to assign ip addresses as well. Find out what's
dhcp reservation. This is nothing to do with radius. And use one method
to assign addresses: dhcp or radius - don't use both at the same time.
Ivan Kalik
Kalik Informatika ISP
Dana 12/12/2007, hadi golestani [EMAIL PROTECTED]
Don't use EAP-TLS. Use PEAP or EAP-TTLS.
Ivan Kalik
Kalik Informatika ISP
Dana 12/12/2007, Hangjun He [EMAIL PROTECTED] piše:
Hi,
I am using freeRADIUS 1.1.6.
And I use EAP-TLS and with correct certs. Even if I set wrong username
in Odessey Client, freeRADIUS will return
MAC address in mac auth is sent as User-Name not Calling-Station-Id.
So, for mac auth:
some-mac-add-ress Auth-Type := Accept
For a user:
username Clertext-Password := hispassword
Ivan Kalik
Kalik Informatika ISP
Dana 12/12/2007, CoMeC [EMAIL PROTECTED] piše:
Hi,
I try to configure
No, radcheck.
1. Enable mac auth in hotspot profile (login-by=mac) - mac address will
be checked first, if there is no match user will be sent to the login
form
2. For mac addresses make such entries in radcheck:
UserName Attribute Op Value
some-mac-address Auth-Type := Accept
3. For
Everything will work with the use of Mikrotik routers :)
I would seriously doubt that. In order to limit aggregate bandwidth on
multiple connections you need either to add them into a bundle (I don't
that Mikrotik supports multilink) or put the user in a VLAN and limit
bandwidth on that
But radeapclient is getting access-reject with Failure EAP-Code from radiusd
(running like ./radiusd -X in another console).
And that's the output you should paste.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
But I guess here is my problem. How do you assign more than one NAS to
a huntgroup?
The way it is shown in the huntgroups file.
But this uses SQL which we are not using and would prefer not to.
Use LDAP then. Or feel free to list (same) users for every huntgroup
entry.
Ivan Kalik
Kalik
what's wrong in my configurations?
Not much.
rlm_sqlippool: Framed-IP-Address already exists
modcall[post-auth]: module sqlippool returns noop for request 8
You have Framed-IP-Address already set, probably by the Service-Type
entry in users file. ippool in radiusd.conf has an option to
Framed-IP-Address with :=
Ivan Kalik
Kalik Informatika ISP
Dana 13/12/2007, hadi golestani [EMAIL PROTECTED] piše:
thanks, it's ok now.
How about assigning a static ip to username without ip-pool.
On Dec 13, 2007 1:54 PM, [EMAIL PROTECTED] wrote:
what's wrong in my configurations?
with this attribute connection fails in registeration section with this
error: connection closed by remote host
Registration section???
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dana 13/12/2007, Nilanjan Sarkar [EMAIL PROTECTED] piše:
Hi Alan, Ivan,
Thanks for the reply. I have posted the log below.
After observing the radiusd log, I guess the authentication failed due to
this
-
rlm_eap_md5: User-Password is required for EAP-MD5 authentication
rlm_eap:
I did, but the user list is not being recognized by more than one.
How can I get that user list to be used for all NAS that are in that
huntgroup? Or is this a bug?
No, it's not a bug. It's a flat file entry. Every entry is matched
separately. i.e. one entry doesn't know what's listed under
Dana 13/12/2007, Reynolds, Walter [EMAIL PROTECTED] piše:
I am looking at that option, but I should not have to. Per the
huntgroups file:
# This file can also be used to define restricted access
# to certain huntgroups. The second and following lines
#
That's ment about the link between APs not between AP and the user.
Ivan Kalik
Kalik Informatika ISP
Dana 13/12/2007, Sergio Belkin [EMAIL PROTECTED] piše:
Hi,
I've configured freeradius with eap-ttls, and is working fine, but I
have one doubt:
Can I use this kind of settings for use several
That's nothing to do with freeradius. Debug PPP and see what's missing.
Netmask?
Ivan Kalik
Kalik Informatika ISP
Dana 13/12/2007, hadi golestani [EMAIL PROTECTED] piše:
in windows xp after verifying username and password.
On Dec 13, 2007 3:02 PM, [EMAIL PROTECTED] wrote:
with this
Delete that Auth-Type entry from the database. You don't need it.
Ivan Kalik
Kalik Informatika ISP
Dana 13/12/2007, ann kok [EMAIL PROTECTED] piše:
Hi all
As the debian upgrade, i also upgrade the freeradius
version to from 1.0.2 to 1.1.3 in debian package
the radius database is migrated to
Send radiusd -X output. Have you done something to sql.conf apart from
database connection details?
Ivan Kalik
Kalik Informatika ISP
Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše:
Hi,
I've a Freeradius on a Debian Etch with Mysql but when I'm triying to
test with NTRadPing always
OK. Capital X == radiusd -X. And send from the point the request is
received - you can skip the server startup.
Ivan Kalik
Kalik Informatika ISP
Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše:
gessuttia:~# freeradius -x
Starting - reading configuration files ...
Using deprecated
Switch on sqltrace in sql.conf and see what happened with the queries.
You do have a password for this user in radcheck table? You have posted
just radreply table.
Ivan Kalik
Kalik Informatika ISP
Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše:
rad_recv: Access-Request packet from
sqltrace = yes?
Ivan Kalik
Kalik Informatika ISP
Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše:
I tuned On sqltrace but nothing occurs :(
mysql select * from radreply;
++---+---++---+
| id | UserName | Attribute | op | Value
Use rlm_perl instead of sqlcounter. That way you can return both gigaword
and octet limiting VSAs.
Ivan Kalik
Kalik Informatika ISP
Dana 13/12/2007, Russell Tester [EMAIL PROTECTED] piše:
CoMeC,
Thanks for your reply, Yes I have read the FAQ, and understand why we
need to wrap at 4GB, just
Is that the whole sql.conf? Where are the queries?
Ivan Kalik
Kalik Informatika ISP
Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše:
gessuttia:/etc/freeradius# vim sql.conf
sql {
driver = rlm_sql_mysql
server = 127.0.0.1
login = dbuser
password =
No. This is how default sql.conf looks like:
http://www.freeradius.org/radiusd/raddb/sql.conf
You have deleted all that makes this module function.
Ivan Kalik
Kalik Informatika ISP
Dana 13/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše:
That's all Ivan.
[EMAIL PROTECTED] wrote:
Is that the
No. But you can create a script that monitors accounting data and alerts
you when there are multiple CallingStationIds per username. You can then
ban those users (CRL) or discipline them in any way you see fit.
Ivan Kalik
Kalik Informatika ISP
Dana 14/12/2007, [EMAIL PROTECTED] [EMAIL
Uncomment ntdomain in authorize section. And proxy ntdomain to LOCAL.
Ivan Kalik
Kalik Informatika ISP
Dana 14/12/2007, Hangjun He [EMAIL PROTECTED] piše:
Hi,
FreeRADIUS 1.1.6.
Use users file as user store. When I use username/password, It can work.
When I user username/password/domain,
No. More. This goes on top of any encryption of user data.
Ivan Kalik
Kalik Informatika ISP
Dana 14/12/2007, Sergio Belkin [EMAIL PROTECTED] piše:
Fix me if I'm wrong: As you say, data between APs base and repeaters
are less protected?
Thanks.
2007/12/13, [EMAIL PROTECTED] [EMAIL PROTECTED]:
What client would that be? Windows will accept .p12 certificates.
Ivan Kalik
Kalik Informatika ISP
Dana 14/12/2007, Gaurav Bandekar [EMAIL PROTECTED]
piše:
Hi,
I followed the steps provided at
http://wiki.freeradius.org/WPA_HOWTO
The certificate files are .pem files but my client requires a
Users file is the only place of these where something like that can go to.
Ivan Kalik
Kalik Informatika ISP
Dana 15/12/2007, Dave Gibelli [EMAIL PROTECTED] piše:
On 11/12/2007, joe vieira [EMAIL PROTECTED] wrote:
i do the exact same thing like this.
DEFAULT Prefix == domainnameinputted,
The only
difficulty is that there doesn't seem to be an .sql script included with
FreeRADIUS to create the Oracle table structure, triggers, etc. so I had
to rely on an old version I found.
If it's of any help now:
http://wiki.freeradius.org/Oracle_DDL_script
Ivan Kalik
Kalik Informatika ISP
Operator for Cleartext-Password is :=
Ivan Kalik
Kalik Informatika ISP
Dana 16/12/2007, Stuart Kendrick [EMAIL PROTECTED] piše:
hi,
i'm trying to migrate from a flat 'users' file to postgres, and i'm seeing No
'known good' password found for the user from rlm_pap. freeradius-2.0.0-pre2
No passworrd for that user was found in Ldap or anywhere else in step 1.
The fact that there is a password in the request is irrelevant. Server
won't go back to Ldap in step 2 - no point, it looked in Ldap and there
was no password.
Ivan Kalik
Kalik Informatika ISP
Dana 17/12/2007, Martin Pauly
If that client is Windows you can select a type of certificate to import.
just click on the drop down list and select .p12.
Ivan Kalik
Kalik Informatika ISP
Dana 18/12/2007, Gaurav Bandekar [EMAIL PROTECTED]
piše:
Hi,
I have followed the steps specified in
http://www.ietf.org/rfc/rfc4186.txt
Ivan Kalik
Kalik Informatika ISP
Dana 18/12/2007, Raghavendra. S [EMAIL PROTECTED] piše:
Hi,
I added following lines in eap.conf inside eap block.
sim {
}
I added following lines to users file.
eapsim Auth-Type := EAP, EAP-Type := SIM
During testing period, I add an DEFAULT section that allow access.
And it works.
But, when I made a test with a valid user in the LDAP, even if the
password is valid the users file is also checked. How could I avoid that?
Remove (comment out) Auth-Type Accept entry. You can try using = instead
modcall[authorize]: module ldap1 returns ok for request 0
modcall: leaving group redundant (returns ok) for request 0
rlm_pap: WARNING! No known good password found for the user. Authentication
may fail because of this.
modcall[authorize]: module pap returns noop for request 0
You said
Have you configured sql server connection details in sql.conf?
Ivan Kalik
Kalik Informatika ISP
Dana 22/12/2007, Pablo Lucchetti [EMAIL PROTECTED] piše:
Hi,
I've an error with mysql, I think is php mysql client.
I did upgrade to php5 but the erros remains the same.
Mysql is Ver 14.12 Distrib
But will I get any trouble if both servers write their accounting data
into the same database?
No.
Do I need to setup radrelay? Is the second radius server able to take over
if radrelay isn't running?
Yes, it will take over as NAS starts sending packets to it. No need for
radrelay.
Ivan Kalik
OK, so password is not in LDAP. Where is it then? Are you trying to
accept users without passwords? Consider using a perl script to
implement that logic and forget about LDAP module in Freeradius.
Ivan Kalik
Kalik Informatika ISP
Dana 4/1/2008, Eric Martell [EMAIL PROTECTED] piše:
Hi Alan,
I
Please let me know if this clear and any other better
way to handle this in radius.
Yes. Why don't you strore zip code as userPassword? Since you are going
to use it as password I really don't see why not. That would make
things quite simple.
Ivan Kalik
Kalik Informatika ISP
-
List
You have posted a question to the freeradius list and included a debug
from - OpenSSH??? Don't you think that freeradius debug would be more
helpful?
Ivan Kalik
Kalik Informatika ISP
Dana 8/1/2008, Johan Rydberg [EMAIL PROTECTED] piše:
I'm trying to get RADIUS authentication to work on one of
I don't think there is a pppd mail list. Thats why I ask here.
http://us4.samba.org/samba/archives.html
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
You haven't posted the debug output. Post one that has both access and
accounting requests for the same user.
Ivan Kalik
Kalik Informatika ISP
Dana 10/1/2008, Jayaraman Balasubramanian
[EMAIL PROTECTED] piše:
Hi
I have configured the Free Radius Server to work as proxy radius server with
the
Yes.
Ivan Kalik
Kalik Informatika ISP
Dana 10/1/2008, [EMAIL PROTECTED] [EMAIL PROTECTED] piše:
Is it possible to authenticate with radius and the have ISC DHCP hand out
out an IP (etc)?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List
Let's try again: you haven't posted the debug output. From this I can
see that access request are proxied but accounting one aren't. Post the
debug so we can see why.
On first glance there is a lot missing (Acct-Session-Time, number of
octets ...) from this accounting stop packet:
rad_recv:
Store cleartext passwords and all eap types will work. Real problem is
the encrypted password not the eap type.
Ivan Kalik
Kalik Informatika ISP
Dana 11/1/2008, Sergio Belkin [EMAIL PROTECTED] piše:
2008/1/10, Ivan Kalik [EMAIL PROTECTED]:
...
rlm_ldap: Added password
This works by default. Just enter NAS details in clients.conf and
username and password in users file.
Ivan Kalik
Kalik Informatika ISP
Dana 11/1/2008, James Lockie [EMAIL PROTECTED] piše:
[EMAIL PROTECTED] wrote:
Yes.
Ivan Kalik
Kalik Informatika ISP
Dana 10/1/2008, [EMAIL PROTECTED]
Yes.
DEFAULT Called-Station-Id == someNAS, Proxy-To-Realm := somerealm
DEFAULT Called-Station-Id == anotherNAS, Proxy-To-Realm := anotherrealm
Ivan Kalik
Kalik Informatika ISP
Dana 12/1/2008, Abel Alejandro [EMAIL PROTECTED] piše:
Hello,
I want to proxy requests to different radius
Read the instructions in users file.
Ivan Kalik
Kalik Informatika ISP
Dana 14/1/2008, adnan deura [EMAIL PROTECTED] piše:
if the website is old where should i go buddy
http://www.aerospacesoftware.com/radius.html
?
_
Express
Can you post the debug for Accounting Start packets for that user and one
that is being recorded.
Ivan Kalik
Kalik Informatika ISP
Dana 14/1/2008, Marinko Tarlac [EMAIL PROTECTED] piše:
Hi
We have FreeRadius 1.1.4 and Mikrotik (as a NAS) with MySql as a database.
Accounting works fine for all
1. it's included with the server
2. Google freeradius mysql ddl script
Ivan Kalik
Kalik Informatika ISP
Dana 14/1/2008, adnan deura [EMAIL PROTECTED] piše:
please send me db_mysql.sql file
_
Express yourself instantly with
Output from radiusd -X. It will show server configuration and processing
of the access and accounting requests. If you are using MySQL you can
also show the content of radacct table that will contain accounting data.
Ivan Kalik
Kalik Informatika ISP
Dana 14/1/2008, adnan deura [EMAIL PROTECTED]
rlm_sql (sql): Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot
open shared object file: No such file or directory
rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the
search path of your system's ld
Instructions in the debug are quite clear.
Ivan Kalik
Kalik
Did you put something in usergroup table to link users and groups?
Ivan Kalik
Kalik Informatika ISP
Dana 14/1/2008, Arlinelson Fernandes dos Santos [EMAIL PROTECTED]
piše:
Hi,I am usind freeradius 2.0 an need to load radcheck, radreply,
radgroupcheck and radgroupreply tables. But radcheck and
OK, can we see database entries for a user (and group he belongs to) and
the debug of the access request? Or should I get my crystal ball back
from the polisher?
Ivan Kalik
Kalik Informatika ISP
Dana 15/1/2008, Arlinelson Fernandes dos Santos [EMAIL PROTECTED]
piše:
Yes! I did. And I put
There is a typo in usergroup table. Group is set as teste-pap, while
other tables have group test-pap.
Ivan Kalik
Kalik Informatika ISP
Dana 15/1/2008, Arlinelson Fernandes dos Santos [EMAIL PROTECTED]
piše:
Don't take your ball, not good. ;) Here's informations:##
1. Don't hijack other peoples topics.
2.
http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ#It_still_doesn.27t_work.21
Ivan Kalik
Kalik Informatika ISP
Dana 15/1/2008, hamid benane [EMAIL PROTECTED] piše:
hello,
i need help to authenticate win-xp client throw cisco3560 on
OK, since that's correct I had a look at the debug. You are not doing
group checking at all. You have done something to sql.conf to break it.
Go back to the original sql.conf and just alter the connection details
(user, pass, server). Leave rest as it is (we will sort out sumultaneous
use later).
DEFAULT NAS-IP-Address == so.me.bo.x, Auth-Type := Accept
Ivan Kalik
Kalik Informatika ISP
Dana 16/1/2008, Chad Whitten [EMAIL PROTECTED] piše:
Hello,
I run a few NAS devices, all Lucent/Ascend Max TNT with a freeradius
server. Im trying to locate some documentation on the Max TNT to
change
The phone doesn't seem to receive an ip. Is there an error in my config?
Depends. Where is IP address suposed to come from? radius? dhcp? If PC
has static configuration all it needs is a correct VLAN and it will work.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
machine: TLS_accept:error in SSLv3 read client certificate A
user:(other): SSL negotiation finished successfully
There doesn't seem to be a machine certificate in the certificate store.
Ivan Kalik
Kalik Informatika ISP
Dana 18/1/2008, Michael Olson [EMAIL PROTECTED] piše:
I'm
Have a look in debug mode to see if you are getting accounting packets
from Chillispot. If you are not getting accounting data there is no way
for counter to work.
Off topic, what stops a user to use a different username and gain another
2 hours? Mikrotik has a trial mode where users can gain
http://dev.mysql.com/doc/refman/5.0/en/data-manipulation.html
Read at least insert, select, update and delete.
Ivan Kalik
Kalik Informatika ISP
Dana 18/1/2008, Andy Smith [EMAIL PROTECTED] piše:
Erm, thanks. But Im trying to work out how I Administer the data in MySQL.
Are there no utilities
* Setting the attribute Auth-Type:=Accept or Auth-Type:=Reject
in the table radgroupreply doesn't work. Maybe it is
not supposed to work, but why not?
It's a check item, so it goes into radcheck or radgroupcheck.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
Again, send a debug with the Start and Stop packets.
Ivan Kalik
Kalik Informatika ISP
Dana 21/1/2008, A.smith [EMAIL PROTECTED] piše:
Also, regarding radius 1.x I now have a patch which allows this type of
record.
However next issue is that with accounting set to sql in radiusd.conf the
SQL
I took a look at the SQL Queries used by freeradius to check the logins
and decided to run them manually on my sql database:
mysql SELECT COUNT(*) FROM radacct WHERE username = 'Kat' AND
acctstoptime = 0;
+--+
| COUNT(*) |
+--+
| 16 |
+--+
1 row in set (0.00 sec)
Dana 21/1/2008, A.smith [EMAIL PROTECTED] piše:
Also, regarding radius 1.x I now have a patch which allows this type of
record.
However next issue is that with accounting set to sql in radiusd.conf the
SQL statements are being written just to
/usr/local/var/log/radius/sqltrace.sql
and nothing is
There is a configuration line in radiusd.conf:
nospace_user = yes (default is no)
that will remove trailing space even when entered. By the user. It
doesn't help if the trailing space is in the database.
Ivan Kalik
Kalik Informatika ISP
Dana 22/1/2008, Marinko Tarlac [EMAIL PROTECTED] piše:
It's more likely to be a MySQL bug. Try the same with a user entry in
users file - if user can authenticate with and without trailing space
then it is freeradius bug. If SELECT . 'test' and SELECT .
'test ' produce the same output, then the problem is with MySQL.
Ivan Kalik
Kalik
From what I can see start, interim and stop
records are being recorded just fine. The issue is that the sql queries
are matching old accounting records. Any idea on how I can fix this
issue? If there is something I'm not understanding, please let me know.
At this point I think my next step might
Debug with capital X == radiusd -X.
Ivan Kalik
Kalik Informatika ISP
Dana 23/1/2008, mohsen rahmanian [EMAIL PROTECTED] piše:
Hi dears,
I install freeradius, MySQL on Ubuntu 7 and work correctly with file
authentication, but where follow http://wiki.freeradius.org/SQL_HOWTO;
instruction don't
It's up but terribly slow.
Ivan Kalik
Kalik Informatika ISP
Dana 23/1/2008, Frank Büttner [EMAIL PROTECTED] piše:
Hello,
can it be, that the site is down?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
http://www.digipedia.pl/man/radiusd.8.html
Ivan Kalik
Kalik Informatika ISP
Dana 23/1/2008, Mother [EMAIL PROTECTED] piše:
Hi all,
After searching around the docs, I cannot find a way to control the
debug log level (to radius.log), and since I am having problems where
the server seems to
1 2 - radclient is included with the server:
http://wiki.freeradius.org/Radclient
3 - database. (Free)radius server should outperform the database with
some ease, even if the database box is much better.
Ivan Kalik
Kalik Informatika ISP
Dana 23/1/2008, Pawel Cieplinski [EMAIL PROTECTED]
You don't even need a password. You can emulate mac authentication:
PINnumber Auth-Type := Accept
Ivan Kalik
Kalik Informatika ISP
Dana 23/1/2008, Pawel Cieplinski [EMAIL PROTECTED] piše:
Its simple
Pin will be a be a username
And password will be hidden on login page eg:
form name=login
Put devices that you want authenticated by the system passwords into a
hungroup. Make an entry in a users file:
DEFAULT Huntgroup-Name == whatever, Auth-Type := System
When user logs in from one of those devices he will be forced into system
authentication, all other requests will go the usual
Yes. Have a look at the postproxy section.
Ivan Kalik
Kalik Informatika ISP
Dana 23/1/2008, Spam Eater [EMAIL PROTECTED] piše:
Hello everyone,
Can anyone tell me if it is possible to send the Reply-Message attribute in
the Access-Reject packet when using rlm_chap?
Or any other rlm_* by the
I apologise for posting on this list, but im guessing anybody that
has seen this kind of thing would be on this list.
You don't think that cisco-nas list would be a better place?
It seems to be rejecting ever authentication protocol?
Yes. Clent rejected all offered protocols.
Any ideas?
See
Uncomment ldap in authenticate section.
Ivan Kalik
Kalik Informatika ISP
Dana 23/1/2008, Tomasz Zieleniewski [EMAIL PROTECTED] piše:
Hi,
I am using version 2.0.2-pre
I would like to use ldap for freeradius authentication.
I couldn't find anything on web about this topic.
I have ldap module in
rad_recv: Access-Request packet from host 192.168.1.7:1119, id=0, length=44
User-Name = fred
User-Password = wilma
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
Look at the freeradius dictionaries. All of those.
Ivan Kalik
Kalik Informatika ISP
Dana 24/1/2008, [EMAIL PROTECTED] [EMAIL PROTECTED] piše:
Is it possible to extract (to filter) different field in a ldap entry on
the base of the nas ip address?
ok i've found out this old thread
It's all in black and white:
# for different users. The Pool-Name attribute is a *check* item not
# a reply item.
#
# Example:
# radiusd.conf: ippool students { [...] }
# users file : DEFAULT Group == students, Pool-Name := students
#
1. Use Cleartext-Password with =: as stated in the server documentation.
2. Post the output of radiusd -X. It's likely that the format for the
MAC address is wrong. It can have : for delimiters or no delimiters at
all.
3. That's not how you end user sessions on any device, Cisco or
otherwise.
users file and EAP-ttls + PAP schema can work togher?
Yes. In 2.0.1 you can divert EAP requests to one virtual server, others
to a different virtual server that will be doing ldap auth, ...
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
And that is good. Windows doesn't need to know who issued that
certificate, only radius server does.
Ivan Kalik
Kalik Informatika ISP
Dana 25/1/2008, orion [EMAIL PROTECTED] piše:
its not a problem that windows says about the client certificate :
the issuer of this certificate cannot be found
2)or only ca certificate + client certificate ?
the second case the linkage between the ca and client doesnt exist ( as you
said is the server the issuer of the client`s certificate ).
Link is not needed. Server checks the client certificate to see if it's
issued by the server (certificate).
Is there a better way, using radius?
No. Once user is authenticated radius has nothing to do with them (you
say that they can increase privileges after authentication). Can't you
put them in jail.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
#1:
rad_recv: Accounting-Request packet from host X.X.X.X:46641, id=184,
length=302
User-Name = blah
NAS-Port = 2
NAS-Port-Type = Wireless-802.11
NAS-Identifier = XX
NAS-IP-Address = X.X.X.X
Acct-Status-Type = Stop
Calling-Station-Id = MAC
Yes, write to Peter Nixon and he will help you.
Ivan Kalik
Kalik Informatika ISP
Dana 25/1/2008, Marinko Tarlac [EMAIL PROTECTED] piše:
I would like to register too. Is there any chance for this?
On Jan 25, 2008 5:37 PM, JB [EMAIL PROTECTED] wrote:
Peter Nixon wrote:
We have a wiki. You
Now that you mention it, the billing software _is_ getting replaced
some time soon, but until then I have to hack radius as a workaround.
So alter groups and not passwords.
Is it not possible to Fall-Through failed users to another section
with its own pool and auth-type: accept?
Why? Just
1 - 100 of 2007 matches
Mail list logo