Are we forward fake user and unregistered users to fake ip or redirect page.
We are using freeradius on platform freebsd, databse server on postgresql.
That is possible?
Yes, use captive portal.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
I am several years working woth freeradius, bit recently I surgeg me a
question: I do not want that johndoe account never connect from NASES with
Client IP:
* 195.56.53.23
* 96.53.26.59
* 56.15.86.35
* 56.15.86.36
I know I have to use the attribute Client-IP-Address, so radckech will
Login attempt after setup result in error.
Please what do I do wrong?
Database connection error
Error Message: DB Error: not found
Debug: Unable to include the DB/postgresql.php file for
'postgresql://radius:radp...@127.0.0.1/radius'
That's not a freeradius error. Try daloRadius forum.
Ivan
I'm a relatively new freeradius user so I am not really an expert
with it.
I have two users in the racheck table:
admin and d6 40 1a 98. Both with passwords admin198.
Doing this:
*radtest admin admin198 localhost 0 testing123*
...returns an Access-Accept packet.
But doing this:
*radtest d6 40
I'm using Freeradius 2.1.1. My setup has been successfully
authenticating TLS, TTLS, and PEAP for a while. Now I would like to deny
TLS in the EAP negotiation, although the users will still have client
certificates. I don't know how to reject TLS without breaking PEAP/TTLS.
Revoke the
I am using Freeradius 2.1.3 to authenticate my users from AP via Active
Directory.
I have defined the time span that all users may login to the system in the
users file:
DEFAULT Login-Time :=
Wk0630-0130,Wk1020-1033,Wk1240-1351,Wk1555-2359,Sa,Su
The logintime module calculates the number of
Please any help or resources on this?
Have you read instructions in sql.conf?
For daloRadius - ask them. Liran has users forum and is active on it.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I have to run freeradius with 802.1X protocol : EAP/TLS.
i did all my possible but i had no chance to connect my client
(wpa_supplicant with the server)..
This is a very old server version. Upgrade.
My AP is also well configured..
I would seriously doubt that. Radius recieved an - accounting
Sorry but what you said doesn't make any sense to me. The default config
didn't work. How can you explain the same alarms even after changing the
permissions to everyone? The message containing permission denied
remains..It's strange, unless I have forgotten to change permission of a
directory. I
I do not want visitors to be able to get onto the original service, and I
do not want normal users to get onto the visitor service.
My thoughts are to set up a new virtual server and add an 'if' statement
to look for the visitor user names, and reject or allow as necessary.
something like this
finally i had some luck i guess, now the radius do authentication, but
jradius simulator say's timedout, could be ACS is not passing the
information to simulator i feel. though i am using ACS proxy distributin
table, still simulator is not getting the response back, any clues will be
greatly
http://coova.org/wiki/index.php/JRadius/WithFreeRADIUS
http://coova.org/wordpress/index.php/2007/04/07/integrating-radius-with-your-java-enterprise/
i can find only these two urls for documentation? anywhere else as a
reference?
Ask them, not us.
Ivan Kalik
Kalik Informatika ISP
-
List
I removed the DEFAULT Auth-Type = Perl since you said it wasn't use.
I removed the update control from the authorize in inner-tunnel.
Here's the new log. Thanks for the help.
What now? It works:
Login OK: [testUser] (from client DORMTEST2_M80 port 0 via TLS tunnel)
PEAP: Tunneled
I believe the only thing left is that it needs to return a Filter-Id
along with the access-accept?
Is you perl script adding it to $RAD_REPLY? I can't see it in the reply.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
if((%{request:Service-Type} == 'whatever')
(%{request:Stripped-User-Name} !~
/visitor[0-9]?[0-9]/i)) {
reject
}
# Just the Visitors please !!
if(%{request:Stripped-User-Name} !~
/visitor[0-9]?[0-9]/i) {reject}
Don't open and close brackets on the same line.
Yes, I have $RAD_REPLY{'Filter-Id'} = $filterId; in the perl script.
In the log, it says:
rlm_perl: Added pair Filter-Id = Enterasys:version=1:policy=Student
But shouldn't that show up in the Access-Accept also?
You probably need to set use_tunneled_reply to yes in peap section of
eap.conf.
I don`t have firewall
How i solve the problem ?
Yes, you do. Things like iptables are also firewalls. Use wireshark to
find where are packets stopped. And then fix it.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Again, I'm a relatively new freeradius user so I am not really an expert
with it.
In our project, we need to add and delete users from the server database
from an authorized client computer.
See:
- dialup admin (included with the server)
- daloRadius (same thing but under active development)
rlm_sql (sql): Could not link driver rlm_sql_postgresql:
rlm_sql_postgresql.so: cannot open shared object file: No such file or
directory
rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the
search path of your system's ld.
radiusd.conf[11]: sql: Module instantiation
still can't get it. can u show me please which script to do benchmarking the
RADIUS server, and how to running the script,.
http://wiki.freeradius.org/Radclient
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I install the freeradius from the Ubuntu repo.
With mysql support (freeradius-mysql)?
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Everything looks fine in IP addresses, but the problem is still the same.
No, it's not looking fine.
Mikrotik debug log
. has no trace of Access-Accept packet - it didn't arrive.
Here again the log of Mikrotik and freeradius:
Stop looking at the logs and start looking at the network.
Ivan
What to check? I didn't got the point for the bandwidth shaping. Can you send
me more detail information about it.
This is freeradius list. Ask Mikrotik how their attributes work.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks Ivan,
Actually I've installed Mikrotik Router OS in single pc and Freeradius +
Mysql server in other. I want to shape the client bandwidth with mysql
database. If you have any idea then please send me.
Vendor attributes are just like any other - you put them in radreply or
radgroupreply.
The machines are connected to cable and on 2 meters,
in this case where to find the problem?
What and how to get to see where the real problem?
Wireshark. If you see packets on the wire - Mikrotik is stopping it. If
you don't see them on the wire - radius machine is stopping them.
Ivan Kalik
i've configure freeradius and chillispot and running well, i jut have one user
in radcheck table, the problem i use that account to login to the server from
two client in same time both of computer got the access. how to prevent
this..?? anyone help me. hope u understand.
Simultaneous-Use
from that release. It was succesfully built, yeay, but has another bug with
masking the password when it is used in the radtest-script :-/
Sending Access-Request of id 110 to 192.168.X.X:1812
User-Name = testuser
User-Password =
I am running freeradius 1.0 . My server has been running for several years
and has worked great authenticating users with a PIX and dialup servers. We
are adding a watchguard firewall. Freeradius needs to send the watchguard
the following filter-id on successful authentication: IPSEC_RADIUS.
In my proxy.conf file, I have
Realm LOCAL {
}
I noticed right above that, that it suggest to add DEFAULT EAP-TYPE ==
PEAP, Proxy-To-Realm := LOCAL to the users file. So I added that to the
users file. Is realm Local {} not correct? If not, what should it be?
Nothing. Zou can delete that DEFAULT
I'm trying to configure the mysql module to use a port different than
3306 to connect to the db server. I've tried setting the server string
as mysql-server.domain.com:12345 on sql.conf, but that's
unfortunately not correct. Can anyone point me to the correct syntax?
And the line below server in
I've taken out all perl references from the sites-enabled/default and
moved them to sites-enabled/inner-tunnel
I don't see perl being called:
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - 192.168.
PEAP: Got tunneled identity of 192.168.
PEAP:
I have a LDAP server which contains ntPassword and lmPassword attributes
like following:
dn: uid=subs, ou=accounts, dc=test, dc=com
uid: subs
userPassword:: e01ENX03MmIwMTViNDhlOTU5ZTlkYWQ3MTAxNjNiYjJhZDkyMQ==
mac:
lmPassword: {ENC}9846B736BDDA9E7CAAD3B435B51404EE
ntPassword:
I would like to change the reply-Messages of sqlcounter. Looked in the list
and the www, but
there was not really a useful info. And like always I can not solve the
problem.
Tried :
sqlcounter Duration {
counter-name = Duration
check-name = Card-Duration
Ok, I've made a little progress. The perl script is now being called
correctly and returning the correct data. There seems to be something
else now.
Yes, there is something else.
I added DEFAULT Auth-Type = Perl Fall-Through = 1 to users, I think
that's what you were wanting.
Fine. Only you
After installing freeradius, I couldn't start it. Checking
radius.log I saw the following errors:
Wed Mar 18 15:31:28 2009 : Error: rlm_eap: SSL error error:0200100D:system
library:fopen:Permission denied
Wed Mar 18 15:31:28 2009 : Error: rlm_eap_tls: Error reading Trusted root CA
terminal 1 : radiusd -X gives me :
..
radiusd: Instantiating modules
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = no
input_pairs = request
shell_escape = yes
}
Module: Linked to module rlm_expr
Module:
I wrote the version and the kind of NAS before, so I hoped it could be true
that one of all the guys here did it before with the same configuration.
The documentation of the NAS is not detailed enough to get the needed
information!
Did you look at the vendors dictionary (if there is one included
radius_xlat: 'EXEC acct_update '2009-03-18 22:45:44', '17096', '253790',
'426579', '', '', 'Acct-Update', '0', '153354240', '0002380B', '...@',
'xxx.xxx.xxx.xxx', '2aa4d04abb7544a1', 'DEFAULT', '0', 'Virtual', 'RADIUS',
'', '', 'Framed-User', 'PPP', 'xxx.xxx.xxx.xxx';'
rlm_sql (sql):
I`m new radius user and i`m beginner.
I have problem with connect mikrotik with radius server.
My clients using pppoe server but i have connect to radius server but
after configuration from internet documentation my server don`t work
and i receive errors in radius.log and pppoe server show 691
The procedures work most of the time plus on the failing cases when I run the
procedure by my self it works, anyway what about the other error:
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'xx' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 6
Sending Access-Accept of id 2 to 192.168.200.4 port 32768
..
rad_recv: Access-Request packet from host 192.168.200.4:32768, id=2,
length=144
Sending duplicate reply to client TEST-RADIUS:32768 - ID: 2
Re-sending Access-Accept of id 2 to 192.168.200.4 port 32768
..
rad_recv:
The problem is that the access challenge sent by the radius server, to the pam
module, is returned by the pam module without being displayed to the user.
What I expect is for the access challenge to be displayed to the user: Enter
your OTP (or something). After the user has responded to the
Are you using interim updates?
No. This is ordinary dial-up.
If yes, is there any special method to
make it more efficient? On a DSL environment where users are mostly
auto-connect (i.e. modem redials automatically when disconnected)
interim updates seems to contribute most load.
Do all updates
I spent 3 weeks trying to make FreeRadius work with PEAPv0 and WinXP SP3
native supplicant. I can authenticate using local flat file or ntlm_auth but
authentication from WinXP doesn't work.
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled
Please link me to a resources on how to make FreeRadius to work with
postgreSQL on Ubuntu 8.04 LTS?
-
You configure raddb/sql.conf. And create the database with scripts in
raddb/sql/postgresql/. Then uncomment sql where you need it (authorize,
accounting, session, ...) in
I am currently looking into testing freeradius and started reading a couple
of wiki/doc/man pages on the subject and ended on that SQL_HOWTO page. One
of the prerequisite is to already have the NAS configured. Do you have any
suggestion for a NAS running on a linux box ?
radtest is installed
How does buffered-sql read the detail file? I see
filename = ${radacctdir}/detail
but it does not show (for example) what happens when freeradius is
stopped and restarted before all entries in the detail file processed
: Does it re-process everything, or does it ignore everything and only
Sorry for bothering but what if detail file is on daily basis ...
detail-20090101 for example...
If you want to keep daily detail file then create two detail instances -
one that is rotated daily and one that writes to a file with constant
name. Point detail reader to one with the constant name.
I have finally been able to upgrade my secondary freeradius server to
2.1.3 and I must commend everyone on their hard work, the changes are
great :)
I am having some trouble but would like to clarify my understanding
before posting all my problem details in case I have misunderstood
something.
My
I hope anyone can help me with these errors I have in the
radius.log file:
Error: rlm_sql_getvpdata: database query error
Error: rlm_sql (sql): SQL query error; rejecting user
Error: rlm_sql (sql): Couldn't update SQL accounting ALIVE record -
0
I am using freeradius 1.1.7 with
Do you really want to accept these users without checking their
passwords? That's a *very* bad idea.
I agree. What am I missing? I thought the user passwords were
checked by the ldap module via the authentication section. Is that
not correct?
Remove those entries in users file. They are
I've made no progress in finding a solution to my MSCHAP problem. To
summarize, Winbind and FreeRadius authenticate via PAP fine on both
servers (RedHat V5), but MSCHAP fails on one of the two (see below). I
tried tar'ing up the entire /etc/raddb directory and copied it to the
other machine, but
I'm having trouble getting FreeRADIUS to run programs called by
Exec-Program-Wait in the newest version of FreeRADIUS (version 2.1.3).
I'm using a custom C script that used to work with all versions of
FreeRADIUS prior to version 2.
Read comments in exec module configuration file
It that possible to get hashed passwords together with MS_CHAP?
http://deployingradius.com/documents/protocols/compatibility.html
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Remove those entries in users file. They are bypassing password checking.
If you want to accept only some ldap groups use unlang. Something like:
if(Ldap-Group == something || Ldap-Group == something_else) {
ok
}
else {
update control {
Auth-Type := Reject
}
}
When Post-Auth-Type REJECT is executed I need to insert two or more
rows into a SQL data base.
here is what I have at present
sites-enabled/default
Post-Auth-Type REJECT {
sql
}
sql.conf - sql/mysql/dialup.conf
postauth_query = INSERT INTO
Can i execute an external program when authentication, authorization and
accounting events occurs (different program in each case)?
Yes. Just create multiple instances and call the one you want in each
section. See raddb/modules/echo for the example.
Ivan Kalik
Kalik Informatika ISP
-
List
rad_recv: Access-Request packet from host 127.0.0.1 port 32772,
id=96, length=27
User-Name = bill
..
The Access-Request contains a User-Name and plaintext User-Password.
Well, not on debug you posted.
Is there anything else I can try?
Post the whole debug (server startup,
And what about 'acct_users' file? Can i use it for my purposes?
It runs only on accounting packets. But, yes. You can start the
accounting script from that file.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
It's a question to all members of freeradius community :) I'm going to use
freeradius in my billing system. That's why i'd like to know, what is the
maximum loading on the freeradius-server (average number of online users
during the day, total number of users, interval of alive packets etc.).
The high level goal is to have a new radius server slurp all the
users on a DSL ATM aggregation link into a SQL database.
We are taking over a bunch of users from a defunct ISP and don't have
the UserName / Password data.
What I'm thinking is that there should be a way to have Post-Auth-Type
the username i am using is scoe,the domain name is ITDEPT.COM,the password
is testing
So, you need to strip out the domain.
i am using a single access point as client and i am not using any proxy
server.
Is it still necessary to make the changes in proxy.conf file??
Yes, you won't be proxying
I've been successfully using FreeRADIUS 1.1.4 to authenticate users
against Active Directory using LDAP and a plaintext password.
In the authorize section FreeRADIUS anonymously binds to our LDAP server
(Active Directory) and searches for the user identified in the
Access-Request (in my case we
i want to implement peap for my wifi connection. I have set up the access
point(D-Link DWL 2100 AP) for using FreeRADIUS 2.1 For
authentication.Whenever i send a request from the client to the server,the
server fails to authenticate the client. What happens can be seen in the
debug code attached
thanks Ivan Kalik will go thru the cisco documentation and get backto you,
meantime, still i am wondering howto post the information from freeradius to
java application, iam confused with jradius document.
Configuration file for jradius module is included in the source
Thanks Alan, here's where I've ended up so far...
Fri Mar 13 09:57:22 2009 : Error: rlm_ldap: (re)connection attempt failed
Fri Mar 13 09:57:22 2009 : Info: [ldap] search failed
Fri Mar 13 09:57:22 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Fri Mar 13 09:57:22 2009 : Info:
So, the question is: How do I make freeradius return the users' group as
a class attribute in the authentication reply?
Like every other: Class:= whatever. In your case Class := %{Group}.
Read man unlang.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
Unfortunately I don't know where to put that line.
If I put it into the users file, in the DEFAULT section like this:
DEFAULT Auth-Type = System
Class := %{Group},
Fall-Through = 1
Are you using some ancient version?
The reply looks like this (at least in the logfile):
Use unlang afer unix in authorize.
Sorry, I don't understand that.
Reading man pages helps with that:
http://freeradius.org/radiusd/man/unlang.html
There is an authorize section in /etc/freeradius/sites-enabled/default.
Yes, that's where it is in 2.x. I had a look at the unix module and it
In a new version of the server.
Yes, indeed. I'm on 2.1.0 now, and no trick whatsoever will make it
populate the Group or Group-Name attribute. doh
Did you read rlm_passwd man page?
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
Did you read rlm_passwd man page?
Of course
I have posted the link to man unlang as well. It does say which quotes to
use to expand the variable, which lists exist ...
update reply {
Class := %{My-Group-Name},
Class += %{passwd:My-Group-Name},
Class += %{Group}
}
into
also i am going thru the documentation part of jradius to imply? can anyone
of you suggest me whether i am in right direction?
If you want to use Java that is a good way.
now by
making the ACS to do proxying at network configuration, i can see the
request
Well, we don't. Post the debug
I use rlm_sql to store user attributes, but i thought sql groups it's
internal feature of rlm_sql and not related to radius server at all.
It is internal, but SQL-Group can be used in other modules too. If you
check SQL-Group in, lets say, users file, rlm_sql will be called and
value of
In my my inner-tunnel virtual server, authorize section, I have some
code like this, for sorting users into vlans:
update control {
Tunnel-Type := VLAN
Tunnel-Medium-Type := IEEE-802
Tunnel-Private-Group-Id :=
Thank you for help. I try to do as you say and put this to authorize
section after preprocess:
preprocess
# allow hotspot users only
if (SQL-Group != 'Spot') {
reject
}
Here debug on this action:
++? if (SQL-Group != 'Spot')
sql_groupcmp
The Zinwell manual didn't say anything about enabling account.
Well, there is nothing you can do on the radius server to make AP send
accounting.
My Freeradius is configured with default values, only things I changed was to
use EAP/PEAP and freeradius, at radius database I configured tables
sites-enabled/default
-
authorize
{
ldap
if (Ldap-Group == employee NAS-IP-Address ==
^131\.(220)\.(1)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$)
{ok} else
if (Ldap-Group == student NAS-IP-Address ==
I've set up a 2.1.4 server, and working pretty well with authentication
against LDAP alone. What I've noticed though is that if the LDAP server is
down on the same box then the LDAP module, rightfully, fails. However whilst
this leaves the service unable to authenticate the user, it still replies
Yes, but will that allow me to choose an ldap configuration per NAS in
clients.conf?
If I list both of these in the authorize block, won't that return a
successful result for both NAS if either one of the filters matches?
It would. So use unlang to choose which ldap instance will be used for
And I get:
++[eap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
++? if (control:Tmp-String-0 == ldap-student)
(Attribute control:Tmp-String-0 was not found)
Sending Access-Accept of id 129 to 10.127.240.217 port 1645
Towards the beginning of the debug output is:
Sending Access-Challenge of id 102 to 192.168.0.232 port 1418
EAP-Message =
Here's the complete debug (excluding the server start-up messages). There's
rather a lot of it which is why I tried to post the bits relevant to what I'm
trying (rather unsuccessfully :-) ) to understand.
rad_recv: Access-Request packet from host 10.127.240.217 port 1645, id=36,
length=148
..
Hi. I have two types of nases: 1) hotspots 2) vpn servers. I need vpn
nases authorize only vpn users and hotspot nases authorize only hotspot
users. How can i divide users into several groups and reject vpn accounts
to login through hotspot and vice versa? I think i must use huntgroups and
unlang,
I used wireshark and didn't see anything referred about Account Packages. Only
thing I see is Radius-Access Resquest, Access Challenges and Access Accept.
So read Zinwell documentation about enabling accounting.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
I'm just getting back to this problem. I'm lost as to how to implement
either of these solutions. To summarise, I want to either remove, or just
not send, any Reply-Message when the user fails authentication. Where
would I put this attr_filter to delete it, and what does the attr_filer
look like?
Is that possible that I keep my huntgroups for all clients with
IP-Addresses and write a conditions only for network masks?
That would probably be the best. You might benefit from using sql
huntgroup implementation (pull IP's from the database):
http://wiki.freeradius.org/SQL_Huntgroup_HOWTO
I have quite a interesting problem. And I don't think it's
freeRADIUS-related
You are correct. It's an AD problem. Something is wrong with the schema
for those imported accounts. SAM-Account-Name should be of the type
ADSTYPE_OCTET_STRING (case insensitive unicode string).
Ivan Kalik
Kalik
I'm looking for the best way of configuring freeradius (either version
1.1.3 or version 2.1.1) with two separate LDAP configurations.
Create multiple ldap instances:
ldap wifi {
..
}
ldap vpn {
..
}
That works for any module.
Ivan Kalik
Kalik Informatika ISP
-
List
I would like to have an ldap group that is another instance of ldap
(selected by departmentNumber), but I don't see how to add it into the
configuration (users file).
This is documented:
http://wiki.freeradius.org/Rlm_ldap#Group_Support
Ivan Kalik
Kalik Informatika ISP
-
List
I've read that, I just can't seem to make it work, I'm missing
something, but can't figure it out.
instantiate {
ldap NIE {
server = ldap
basedn = dc=lanl,dc=gov
filter = ((departmentNumber=NIE-2)(uid=%{User-Name}))
...
}
Find out which module is blocking the server, and why.
Okay, here is a newbie question: How do I do this?
Run server in debug mode (radiusd -X).
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
You enable that on your AP not your radius server.
Ivan Kalik
Kalik Informatika ISP
Dana 9/3/2009, Fernando fber...@um.es piše:
Just a clarification, My freeradius version is 2.0.2 and I would like to
enable EAP-TLS session resumption.
Is it possible?
Fernando wrote:
Hi all,
Does anybody
I have trying both
if (%{User-Name} =~ /^ABC\// ) {
update control {
Realm := 'another_realm'
}
}
if (%{User-Name} =~ /^ABC\// ) {
update request {
Realm := 'another_realm'
}
No, in the AP you can use PMKSA caching. I want session resumption in
EAP-TLS which is enabled in RADIUS server. In Freeradius version 2.1.1 I
have seen that there is a section cache ...
cache {
#
# Enable it. The default is no.
Say I do not want to return reject in this case and I want the switch to
understand that radius is down and retry another radius server (a
backup/failover).
So call a script that executes killall radiusd - that should do it. But
that's insane.
Because if I return reject the NAS device treats
Does Huntgroup support only IP-Addresses or I can fill up Network
Addresses too?
It's not what huntgroups support but what does the attribute
(NAS-IP-Address) support. And it is an IP address, not network.
Or there is another workaround? Or maybe this issue is already changed
in the new version
I am running FreeRADIUS version 1.1.3.
Why? Upgrade to current version.
I'm trying to setup LDAP
authentication for Windows users accessing our networking devices especially
with Cisco switches and routers. Windows authentication is working properly
on my FreeRADIUS server, but I'm trying to
I get a little problem with Ubuntu 8.04 + freeradius + EAP/TLS/PEAP + mysql,
'couse I don't receive an Accounting package even response. In Ubuntu is
installed freeradius, mysql and open ssl.
Is your NAS sending them? If it is, there is a firewall stopping them.
Ivan Kalik
Kalik Informatika
I am having another issue with readclients = yes option
I can't keep this option set to yes in all 3 files:
sql1.conf,sql2.conf,sql3.conf
I want to keep NASes in the database and use DB replication to all 3
databases so all 3 databases have exact same mirrored data.
The problem happens that it
So, I'm very newer with linux also freeradius. If you permit, how can I see if
the NAS send the account package? I'm using a ZINWELL G220 Plus and TP LInk
WA501G.
First run freeradius in debug mode (radiusd -X). If you don't see
accounting packets use wireshark. If wireshark can't see them
301 - 400 of 2007 matches
Mail list logo
