Yes. I had a look at Chillispot dictionary and you can set up sqlcounter
with ChilliSpot-Max-Total-Octets.
Ivan Kalik
Kalik Informatika ISP
Dana 16/10/2008, Budiono U. [EMAIL PROTECTED] piše:
Hi Ivan,
Is it possible ,after he reach limit, it will disconnect with Chillispot ?
Regards
Budiono
I just wonder if i can use radtest command as testing from a different
client?
Such as,
Assume i have a client conf for 1.1.1.1 ip add. in my freeradius(2.2.2.2)
server.
And from 3.3.3.3 client(lets call client3) i am trying to test the
connection.like
radtest user pass 2.2.2.2 10 secret ??
I was watching the file cert/Makefile to be able to solve my problem but
the truth is that according to what I saw I could not understand must be
done to achieve conversion certificates, is it a script?
No. A single command turns .pem file into .der. One line of text. Can you
at least locate the
It seems we need a comma at the end of the line which is not right for check
items. So instead of doing that, I changed the sentenses to the following,
in users file:
DEFAULT Group := doctor, Pool-Name := julienne
DEFAULT Group := dentist, Pool-Name := netplus
Group
Do you referred to this line?
openssl x509 -inform PEM -outform DER -in ca.pem -out ca.der
Yes. That converts ca.pem into ca.der. And you don't have to be a genius
to figure out how to convert cabundle.pem into cabundle.der.
Ivan Kalik
Kalik Informatika ISP
-
List
http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ#It_still_doesn.27t_work.21
Ivan Kalik
Kalik Informatika ISP
Dana 16/10/2008, Ronni Feldt [EMAIL PROTECTED] piše:
Thanks,
I found the following in the HP Documentation:
To supply a privilege level via RADIUS, specify the
I know, but what he does not understand is how to referee when you talk
about cabundle because what I have in / cert are the certificates that I
made in the steps of README, which I did not serve for windows, that the
back to delete?
when I run the command openssl x509-inform PEM-in-outform DER
I follow. The project we are investigating is web service based. Was
thinking of an web service api rather than the sql schemas.
And web service is getting information from ... You can make a
perl/php/whatever client for the web service and get the data that way.
But why don't you make it
DEFAULT Auth-Type = LDAP
Fall-Through :=1
Don't do that. You can configure ldap module to set auth type itself.
Putting the server into debug mode I get
[EMAIL PROTECTED]:/etc/freeradius# radiusd -X
The program 'radiusd' can be found in the following packages:
* radiusd-livingston
*
My certificate generation went really well, no errors at all. I generated the
certificates with openssl.
Did you use Makefile provided in raddb/certs directory? Or did you make
them yourself?
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
openssl dhparam -out dh2048.pem 2048
Jas
tnt-4 wrote:
My certificate generation went really well, no errors at all. I generated
the
certificates with openssl.
Did you use Makefile provided in raddb/certs directory? Or did you make
them yourself?
Ivan Kalik
Kalik Informatika ISP
-
List
[peap] eaptls_verify returned 11
[peap] TLS 1.0 Alert [length 0002], fatal access_denied
TLS Alert read:fatal:access denied
[peap] WARNING: No data inside of the tunnel.
Something is badly broken here. XP rejected CA certificate. It tends to
do that if certificate doesn't have xpextensions.
Did you try what is suggested in mschap module just above the ntlm_auth
line?
Ivan Kalik
Kalik Informatika ISP
Dana 17/10/2008, Casartello, Thomas [EMAIL PROTECTED] piše:
I've tried to find something on the past posts on this list about this. I
think I found what the problem is but was unable
Im confused - where can I set ldap module to set auth type itself.
Find set_auth_type in ldap configuration.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I created the certificates in the way as explained in the readme file. But
when I try to open or import the ca.der in the XP machine, it say that the
file type is not recognized.
What wrong am I doing here?
Your XP is broken. Mine knows what .der file is. Go to Control
Panel/Folders/File Types
In /mssql/dialup.conf, I edit two queries for authorized_check_query and
authorize_group_check_query, instead of using the default ones. Doing this
is easy for our database programming.
authorize_check_query = RADIUS_authorize_check_query
'%{SQL-User-Name}'
Fri Oct 17 10:47:33 2008 : Debug: rlm_eap: processing type md5
Fri Oct 17 10:47:33 2008 : Debug: rlm_eap_md5: Issuing Challenge
..
a question:
this certificate I'm going to install on multiple computers, can I generate
problems that?
eap-md5 doesn't use certificates.
Ivan Kalik
Kalik
Only the NAS need to speak FR, the rest of the system can talk
directly to the data store, correct?
Yes, user administration is totally separate from radius stuff. Only
changes made to freeradius files (users file, etc.) would require server
restart to take effect.
Ivan Kalik
Kalik Informatika
There was no error (on the server). Server doesn't choose which
authentication protocol are you going to use (so disabling things on the
server is poitless and likely contra-productive). You set the
supplicant. If you want to use tls choose using certificate based
authentication (not md5).
Ivan
Leave server alone (ie. remove comment from default_eap-type). Supplicant
is on your laptop or whatever you are trying to connect with. Stop
messing with freeradius - it is working fine.
Ivan Kalik
Kalik Informatika ISP
Dana 17/10/2008, Martin Silvero [EMAIL PROTECTED] piše:
and that I did
Try authorize queries from mysql/dialup.conf. Perhaps mssql/dialup.conf
hasn't been updated. They look like 1.1.x to me.
Ivan Kalik
Kalik Informatika ISP
Dana 17/10/2008, Xiaochen Jing [EMAIL PROTECTED] piše:
Hello Ivan,
I cannot find out where to configure group_membership_query. Should I
The name of the attribute you want is used in mysql dialup.conf (group
check query) and is printed out *every time* you run radiusd -X (both
when server starts and *each* time you process the request). For less
obvious attributes used by the server look up freeradius.internal
dictionary -
update control { ...
Ivan Kalik
Kalik Informatika ISP
Dana 18/10/2008, Rasool Jalali [EMAIL PROTECTED] piše:
hi all
i have a code like this in auth-post section :
if (condition) {
allocate from pool_1
}
else {
allocate from pool_2
}
I write this code but it dose not work :
if
It does work. Post the whole debug.
Ivan Kalik
Kalik Informatika ISP
Dana 18/10/2008, Rasool Jalali [EMAIL PROTECTED] piše:
hi
it dose not work.Output :
+++[control] returns noop
PLZ help me
- Original Message
From: [EMAIL PROTECTED] [EMAIL PROTECTED]
To: FreeRadius users
Sorry, we don't do requests. But we can help. *You* write the example
and post the debug if things are not going well and we will tell you how
to fix it. You can place the result of the query in a temporary
attribute like Tmp-String-0 := %{sql:SELECT whatever... It should be
authorize section.
The purpose of the rule is to handle incoming requests from a cisco pix for
VPN authentication. It is supposed to validate it using ntlm_auth. There are
two ntlm_auth definitions in the radiusd.conf. One handles MS-CHAP and one
is for ntlm_auth_plaintext.
I tested this rule with radtest (Making
Same huntgroup - different ldaps; you can't have DEFAULT lines rejecting
users then. Comment them out and see if it works.
Ivan Kalik
Kalik Informatika ISP
Dana 19/10/2008, Elizabeth Steinke [EMAIL PROTECTED] piše:
Greetings!
I'm having an odd problem trying to implement load
You don't want to post the debug and users file entries so that we can
help?
Ivan Kalik
Kalik Informatika ISP
Dana 20/10/2008, Elizabeth Steinke [EMAIL PROTECTED] piše:
Since we have other applications that don't and probably never will preform
redundant LDAP lookups I'm thinking I will just
Statement that appends stuff is the same in hints, users file, unlang ...
Ivan Kalik
Kalik Informatika ISP
Dana 20/10/2008, alois blasbichler [EMAIL PROTECTED]
piše:
can you please give an example how to use unlang to stiick a $ to
the username
amusing. you even copied my typo/sticky key
Yes, user administration is totally separate from radius stuff. Only
changes made to freeradius files (users file, etc.) would require server
restart to take effect.
Hypothetical. If user upgraded there account for higher bandwidth OR
If a user was past due on the access fee, the FR server
1. Is there a place that I should tell Freeradius to use mysql/dialup.conf
instead of mssql/dialup.conf? But I am really using MS SQL as database.
Don't do that. mssql database needs mssql driver.
2. How can I update dialup.conf? Does it work if I make install directly
version 2.1.1 on the
There are plenty of examples in the documentation on how to append a
realm (@whatever) to the username. Modify it to add $.
Ivan Kalik
Kalik Informatika ISP
Dana 20/10/2008, alois blasbichler [EMAIL PROTECTED]
piše:
Quoting [EMAIL PROTECTED]:
Hi,
the username needs to have a $ - use
http://wiki.freeradius.org/Rlm_sql
Ivan Kalik
Kalik Informatika ISP
Dana 20/10/2008, Jřrn Kostřl [EMAIL PROTECTED] piše:
I'm trying to add multiple groups to a user, but only the group with
the highest priority (lowest number) is being processed.
I've tried this on Freeradius 1.1.7, 2.0.4 and
Thanks, I saw this, but unfortunaltely whereas in dialup.conf the
variable is '%{Sql-Group}', It seems i cannot re-use it outside of an
sql module.
That is probably a bug then. Sql-Group should be available outside sql
module. I've used it in huntgroups in 1.1.7.
I have even tried to add an
same result with .
Let's try a workaround. Get group name by executing query again in
authorize section:
update control {
Tmp-String-0 := %{sql:SELECT GroupName FROM radusergroup WHERE
UserName='%{User-Name}' ORDER BY priority}
}
%{control:Tmp-String-0} will hold group name then.
But for users login in without a realm I notice a lot of stop records but
the curious thing is that I see some with Ascend-Disconnect-Cause =
PPP-PAP-Auth-Failed. So now im wondering if the proxy at 2.2.2.2 is doing
something to the packets leaving for 3.3.3.3 that's causing it to fail
without the
Good morning, everybody. I am working on an upgrade for our FreeRadius
servers, which are currently at 1.1.0.I have configured a test
Radius server, which is running FreeRadius 2.0.5. These are both
Solaris 10 systems running SPARC, and our backend is LDAP.
With FreeRadius 1.1.0, when a
Sort of. Entry can look like:
ma:ca:dd:re:ss:xx Auth-Type := Accept
No user42 - mac address will be coming as username regardless of who is
using the machine. mac authentication authenticates the machine not the
user.
Ivan Kalik
Kalik Informatika ISP
Dana 22/10/2008, [EMAIL PROTECTED]
List ntdomain under suffix in authorize. It should be enabled by default
in realms module.
Ivan Kalik
Kalik Informatika ISP
Dana 22/10/2008, scott woodard [EMAIL PROTECTED] piše:
Hi,
Free Radius 2.1
It is working just fine on Windows XP and Windows Mobile. However Windows CE
is asking for a
http://wiki.freeradius.org/SQL_HOWTO
That's for 1.1.7 but most of it applies to 2.x as well. Only change is
that part of the sql.conf (queries) have been moved to database specific
config files (for MySQL it will be in sql/mysql/dialup.conf).
Ivan Kalik
Kalik Informatika ISP
Dana 22/10/2008,
How can I know the status access (reject or accept) reading detail
auth_log, for example the following sample say me nothing about it:
(Of course I can read on ${logdir}/radius.log, but I'd want to read
both status and detail...) thanks in advance
So, don't use detail auth_log. There are more
Does this mean that I have to check in with a domain?
Ask Microsoft.
Where can I find ?
List ntdomain under suffix in authorize.
That should be authorize section in the default virtual server. Or
inner-tunnel virtual server if this was an EAP request.
It should be enabled by default
in realms
Openssl support .der format. But I convert the .pem format certificates to
.der format. They do not realy work. The pem certificates is OK.
Does anyone use .der format certificates?
Windows.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
It's in the FAQ:
http://wiki.freeradius.org/FAQ#It_says_.22Could_not_link_..._file_not_found.22.2C_what_do_I_do.3F
Ivan Kalik
Kalik Informatika ISP
Dana 23/10/2008, Elie Hani [EMAIL PROTECTED] piše:
Hi;
I am configuring a freeradius server with mikrotik hostpot, all is working
fine while
Debug (radiusd -X)?
Ivan Kalik
Kalik Informatika ISP
Dana 23/10/2008, Mohammad Belgaumkar
[EMAIL PROTECTED] piše:
Hi
I have configured freeradius for EAP AKA by applying the patch.
I m using radeapclient to test it.
Below is my configuration for server in raddb/users file
DEFAULT Auth-Type
Hi, hoping someone has some advise on thise but I had DNIS proxy working and
im not sure what I did and now it has stopped working.
In the acct_users file I have
DEFAULT Called-Station-Id == 5500, Proxy-To-Realm := xxx
Fall-Through = yes
But not in users file.
rad_recv: Access-Request
Are you sure that your firmware supports that attribute. It's pretty low
down the list in the dictionary.
Ivan Kalik
Kalik Informatika ISP
Dana 23/10/2008, Alexandre Chapellon [EMAIL PROTECTED]
piše:
Le 22.10.2008 13:08, Alexandre Chapellon a écrit :
Le 22.10.2008 12:16, Chris a écrit :
experimenting with some sqlcounter directives in radiusd.conf and
chilli as the NAS.
I've defined the following sqlcounter stanza for a daily traffic limit:
sqlcounter defined in radiusd.conf:
(the query was corrected as suggested by tnt on a previous thread on the
list, correct me if I got it wrong
by tnt on a previous thread on the
list, correct me if I got it wrong please)
sqlcounter counterChilliSpotMaxDailyOctets {
counter-name = ChilliSpot-Max-Daily-Octets
check-name = ChilliSpot-Max-Daily-Octets
reply-name = ChilliSpot
#radtest jerry cool 127.0.0.1:1812 0 testing123
Here are results i get:
Sending Access-Request of id 197 to 192.168.1.30 port 1812
User-Name = jery
User-Password = cool
NAS-IP-Address = 127.0.1.1
NAS-Port = 43459
Your system is broken. It's not resolving localhost to 127.0.0.1
I am using freeradius for AAA of my cable users. Now what I want
to do is, insert billiplan code 001 into radacct table during
authentication so that I can view online users according to billingplan
code. There will be Billingplan field in radcheck table and when users
tries to login the
OK. This where the problem comes from:
/*
* If we are near a reset then add the next
* limit, so that the user will not need to
* login again
*/
if (data-reset_time
VoIP accounting is developed for postgresql (raddb/sql/postgresql). You
can use that database or adapt schema and queries for MySQL.
Ivan Kalik
Kalik Informatika ISP
Dana 25/10/2008, Noel Rwamatsika [EMAIL PROTECTED] piše:
Hi there,
I have setup a SuSE 11 server with freeradius and mysql.
The
And they won't. It's nothing to do with the settings - it's this peace
of the code.
Let's take your example. Limit was 26MB and about 2MB was left.
2,000,000 seconds is about 23 days. So this part of the code will kick
in (there are 6 days left in this month) and returned value will be
26MB +
http://wiki.freeradius.org/FAQ#It_says_.22Could_not_link_..._file_not_found.22.2C_what_do_I_do.3F
Ivan Kalik
Kalik Informatika ISP
Dana 25/10/2008, Ahmet DÜLGAR [EMAIL PROTECTED] piše:
hi
i want to install freeradius 2.1.1 into debian system. i think there is no
package for 2.1.1 for debian
Following is my radcheck table format:
--+--+-+--+
| id | UserName | Attribute| op | Value| CrDate
| creator | Usemac | activated | activeDate | status |
rate | Type | BillingPlan | TimeToFinish |
Read raddb/sites-available/dinamic-clients.
Ivan Kalik
Kalik Informatika ISP
Dana 26/10/2008, jasoneswan [EMAIL PROTECTED] piše:
How long do dynamic clients stay cached? And is this time configurable?
--
View this message in context:
I'm facing a problem with Freeradius 2.0.4. I want to make a configuration to
allow our Cisco routers to auth via RADIUS. For this, we're using a password
file now (let's call it ciscopwd) and another file for granting rights.
I want to change the config file, so that the auth is done by LDAP
I check for a login using radwho and I
see I have a session, I then attempt both a new auth and start
accounting again and still radwho shows only one login.
The fact that you have user listed in radwho doesn't mean that he is
connected to the NAS as well. checkrad script will delete stale
I would like to authorize windows clients access to 3com Baseline
Switch 2948 SFP against FreeRADIUS server 2.0.5.
Windows are cofigured to use PEAP - EAP-MSCHAPv2.
Server certificate was created with bootstrap script (xpextensions
are included).
I tried windows xp sp3 and linux (wpa_supplicant)
It is other both in the localhost client and in the client I created
to test using radiustest.
I have, it shows 5 sessions for this user.
mysql SELECT COUNT(*) FROM radacct WHERE UserName='yellowhousejake'
AND AcctStopTime = 0;
+--+
| COUNT(*) |
+--+
|5 |
+--+
1
Do I need to set Simultaneous-Use := 1 for the groups not allowed SU,
and Simultaneous-Use := 2 for the group allowed SU?
OK. This is how Simultaneous-Use works in freeradius: you put that
attribute when you want to set the limit for a number of simultaneous
connections. The number you enter is
I would like to add a very simple user with only a Cleartext-Password to
the users file (this is strictly a FreeRADIUS user and in the interest
of security shouldn't be in LDAP). I would like both the users file and
LDAP to be queried for users, with a query falling through to the next
source if
..
Module: Linked to module rlm_ldap
Module: Instantiating ldap
ldap {
..
access_attr = uid
access_attr_used_for_allow = yes
..
Login incorrect (rlm_ldap: User not found): [someuser\000/via Auth-Type
= EAP] (from client someap2 port 6 cli somemac2)
If you want people who are not
Have you enabled sql in the accounting section? Can you post the
freeradius debug (radiusd -X)? Accounting-Request should be coming
straight after Access-Accept.
Ivan Kalik
Kalik Informatika ISP
Dana 28/10/2008, lolo [EMAIL PROTECTED] piše:
Hi,
I am not member of the list, cause I never
redundant {
# if I comment the folloing line out, the password is accepted, but I
get % Authorization failed. from the switch (this is coused by the
incorrect users file maybe).
So, post the debug (radiusd -X).
files
ldap
ciscopwd
# if I
I have a question to understanding better radius.
For this i make a simple example-scenario :
I want to use my radius for 2 things :
1. wireless-access for laptops with machine authentication over a
wireless switch with ip 1.1.1.1
2. authentication for the login to my switches for some
rad_recv: Access-Request packet from host myswitchip port 1645, id=139,
length=80
NAS-IP-Address = myswitchip
NAS-Port = 1
NAS-Port-Type = Virtual
User-Name = myusernamer
Calling-Station-Id = myclientip
User-Password = myvalid_ldap_password
+-
I saw that :
rad_recv: Accounting-Request packet from host 10.1.1.254 port 32782, id=14,
length=199
Received Accounting-Request packet from 10.1.1.254 with invalid signature!
(Shared secret is incorrect.) Dropping packet without response.
Going to the next request
Waking up in 0.9 seconds.
As I see, that I should provide Service-Type = Login-User in the reply. Is
it possible somehow?
DEFAULT
Service-Type = Login-User
In users file. Or put it in ciscoextra where avpair is.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
I have freeradius virtual configurations.
Until today all were working without a problem.
But today i created a new one and i have a tiny problem about it.
It doesnt update sql queries until the user logs off. SO i can not track
the statistics of online users and transferred data etc via mysql.
Add Fall-Through = 1 for Service-Type entry.
Ivan Kalik
Kalik Informatika ISP
Dana 28/10/2008, Dajka Tamás [EMAIL PROTECTED] piše:
Working, thanks. What about LDAP group membership checking?
DEFAULT
Ldap-Group != cn=routing_admins,ou=groups,dc=mydomain,dc=hu,
Auth-Type := Reject
This
I've got only a few lines of debug.
Ivan Kalik
Kalik Informatika ISP
Dana 28/10/2008, Oguzhan Kayhan [EMAIL PROTECTED] piše:
I have freeradius virtual configurations.
Until today all were working without a problem.
But today i created a new one and i have a tiny problem about it.
It doesnt
DEFAULT
Ldap-Group != cn=routing_admins,ou=groups,dc=mydomain,dc=hu,
Auth-Type := Reject
Sorry, this looked like a single line in my webmail. It should be:
DEFAULT Ldap-Group !=
cn=routing_admins,ou=groups,dc=mydomain,dc=hu, Auth-Type := Reject
(all on the same line).
Ivan Kalik
You probably need to link to openssl in configure. Something like:
http://www.mail-archive.com/[EMAIL PROTECTED]/msg19160.html
Ivan Kalik
Kalik Informatika ISP
Dana 28/10/2008, Graham Marsh [EMAIL PROTECTED] piše:
No idea, sorry. You say this is SLES10SP2 which I haven't used, have you
tried
Those are check items, so they should go on the first line.
Ivan Kalik
Kalik Informatika ISP
Dana 28/10/2008, Dajka Tamás [EMAIL PROTECTED] piše:
What's the difference (commas or new lines)?
BTW, it's working as it should. Thanks.
Tamas
Feladó: [EMAIL
I want to use a freeradius server for the following purposes:
- grant authorizaton to Cisco switches via LDAP (group membership checking,
etc).
Yes.
- make a WIFI with WPA+802.1x via MS IAS/RRAS (the main auth is done by the
IAS, so the freeradius acts as client for IAS/RRAS, and the WIFI APs
Instructions what to do with segmentation faults are in doc/bugs.
Ivan Kalik
Kalik Informatika ISP
Dana 28/10/2008, [EMAIL PROTECTED] [EMAIL PROTECTED] piše:
Hi All,
I tried the patch but unfortunately the library sigfaults.
Program received signal SIGSEGV, Segmentation fault.
0xfecf45b8 in
I cannot find a redundant section in this radiusd.conf
*You* should put it in. In post-auth.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
My first question for the list, to which I haven't been able to find a
clear answer ever is : What EAP sub-types are the ones I should
configure?
Nothing. Just don't touch anything in eap.conf and all supported eap
types will work. If you generate certificates with scripts provided you
don't even
Do a debug and see if the SSID appears in some request attribute (like
Called-Station-Id or NAS-Identifier). If it does you can do a regex
check on that attribute and force simultaneous use just on those that
match. Can be done with DEFAULT entry in users file or unlang in
authorize.
Ivan Kalik
The pam_radius module currently uses the service-type authenticate-only when
sending an access-request.
The rfc says this about authenticate only:
Only Authentication is requested, and no authorization information needs to be
returned in the Access-Accept
Does this mean that if I want the
I tried windows xp sp3 and linux (wpa_supplicant) client and both
cause the same server output and authorization can't pass.
Testing tools eapol_test, radeapclient and jRadiusSimulator can pass
all tests fine.
Your supplicant has issues then. Examine eapol.log file (XP):
I was trying to use the pam_radius module with the steel-belted-radius-server.
This server does not send vsa's in the reply if i send an authenticate only
in the access-request.
is this really expected? any idea whether other radius servers be doing
something like this?
You will have to ask
You should post that on wpa_supplicant list. Google returned this as
likely:
http://ubuntuforums.org/archive/index.php/t-604576.html
Ivan Kalik
Kalik Informatika ISP
Dana 29/10/2008, Lukas Lisa [EMAIL PROTECTED] piše:
[EMAIL PROTECTED] wrote:
I tried windows xp sp3 and linux
I am using freeradius since four years and I used PPTP/L2TP tunnel for
autenticating users against my RADIUS servers with one of my NAS has a
dynamic IP (xDSL). However, I can not rely on these connections and the
connectivity sometimes fall down and the tunnel, too.
I have some
All seam work !
And in radacct there's an entry of it !
It could be just a problem between hostap and radius ?
Yes. hostapd radius client is broken. Or you have made a mistake in their
configuration file. I had a look and they have separate secrets for auth
and acct. Post these outputs, your
Yes. hostapd radius client is broken. Or you have made a mistake in their
configuration file. I had a look and they have separate secrets for auth
and acct. Post these outputs, your failed accounting request (no point
in posting EAP stuff - that works) and your configuration file to their
You should really include the debug with this. It seems that you need to
add ntdomain to the authorize section (below suffix) in order to get
stripped username.
Ivan Kalik
Kalik Informatika ISP
Dana 29/10/2008, Kerry Tobin [EMAIL PROTECTED] piše:
I'm trying to use the version of FreeRadius
* Not to have to bother about a local CA or any type of PKI (i.e. not
generate certificates for all users, just have them user their
login/pass).
But if you are using a self-signed CA you need to import that CA to the
user device. For Windows into Trusted Root Certificate store. You don't
check this log
http://pastebin.ca/1239782
if its wrong i will apreciate some manual to make my users get authenticated
from the phone line .
Looks like you have set things correctly. Debug shows that you have
switched your NAS off and on.
Ivan Kalik
Kalik Informatika ISP
-
List
I am trying to install and configurate freeradius in ubuntu 7.04
but i can't. Can you help me?
No. Perhaps if you say what the problem is.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello, my name is Andre, I need your help for configuration of the Freeradius
with MySQL.
I can use the password in the tables of mysql with anything crypt, but I dont
know the configuration.
There is nothing to configure. Just use appropriate password attribute.
If you are using crypt -
rlm_mschap: NT Domain delimeter found, should we have enabled
with_ntdomain_hack
You need to enable with_ntdomain_hack in mschap module. ntdomain realm
works for pap requests.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I'd like to use mysql based user authentication/authorization, with
multiple NEs and multiple user groups.
Ideally, the radius reply message should only return the VSAs
appropriate for the vendor type x user group combination.
So if user1 with permission of readonly logs into a typeA ne, it
You did have a reply.
Ivan Kalik
Kalik Informatika ISP
Dana 30/10/2008, Marco C. Coelho [EMAIL PROTECTED] piše:
No response so I'm resending this
Marco C. Coelho wrote:
I've been trying to get my second set up IP address' working. The
main_pool works correctly. main_pool2 does not appear
http://freeradius.org/rfc/rfc2865.html#Port-Limit
Ivan Kalik
Kalik Informatika ISP
Dana 30/10/2008, Chav Paskov [EMAIL PROTECTED] piše:
Hi, Everybody,
i was wondering if there is an option or command that allows to limit
the number of outbound channels per gateway under external profile.
It does make sense. rlm_sqlcounterworks like this toward the time of the
reset: lets say you have an hour left, your limit is 20 hours and you
have signed in 15 minutes before counter reset time. When code
calculates that you can be online at reset time it doesn't return your
allowance (1 hour)
If there's no way to avoid listing all four ldap servers,
There is no way of check something without checking it.
I'm going to
have to have probably 25 huge IF statements in order to get the profile
set correctly in my radius config.
Perhaps organize users better not to have so many different
Dictionary value for that Tunnel-Medium-Type is IEEE-802.
Ivan Kalik
Kalik Informatika ISP
Dana 31/10/2008, Luke [EMAIL PROTECTED] piše:
Hi :)
I'm trying to get dynamic VLAN assignment to work with my Dell 6248,
which they officially support as of firmware revision 2.1.0.13.
I'm using
801 - 900 of 2007 matches
Mail list logo