Kenneth Grady [EMAIL PROTECTED] wrote:
You could do it with the users file by adding a DEFAULT user re:
DEFAULT
Service-Type = Authenticate-Only,
Framed-Protocol = PPP,
Fall-through = yes
Thanks, it works!
Daniel
-
List info/subscribe/unsubscribe? See
Hi there
I'am using freeradius to authenticate and authorize users connecting to a
cisco router. In my configuration freeradius uses ldap as the backend
database. I have not defined Service-Type and Framed-Protocol in my ldap
schemas. Now I need to add this two attributes for all users. How can
Hi there
If my freeradius server returns an access-accept packet with a length that
exceeds 1472 bytes, authentication on the cisco router fails. It seems that
the cisco does not receive or maybe can not reassemble the packet. Anyone
knows how I can fix this problem?
Thanks, Daniel
-
List
Josh Howlett [EMAIL PROTECTED] wrote:
Try pinging the Cisco from the radius server with that packet size, and
see the error message returned.
Thanks Josh! I saw that the firewall that is between the radius and the
cisco did not allow fragmented packets. Now after changing this setting it
works!
Hi there
I'm using Cisco-AVPairs to return ACL filter rules to a Cisco NAS:
Cisco-AVPair = ip:inacl#1=permit icmp any any reflect icmp
Cisco-AVPair = ip:inacl#2=permit tcp any any eq 53 reflect dns-tcp
Cisco-AVPair = ip:inacl#3=permit udp any any eq 53 reflect dns-udp
Cisco-AVPair =
Daniel Eyholzer [EMAIL PROTECTED] wrote:
I am using freeradius 1.0.0-pre3 with rlm_ippool managing the ip
addresses for a cisco NAS. I have several address pools with 254 IPs
each. When I started the radius 2 days ago, the rlm_ippool_tool
showed me the correct number of active IP addresses
Hi there
Im using 1.0.0-pre3 to authenticate users with ldap as backend. In the
LDAP-tree I have md5 passwords. When I configure the Network Access Server
to use PAP it works fine, but with CHAP it does not work. I have read that
CHAP can not be used with encryptet passwords in the database, is
Mitchell, Michael [EMAIL PROTECTED] wrote:
In short, yes you need a clear text password at the server end.
Okay.
b) use a reversible encryption algorithm to store your passwords, and
modify the rlm_ldap code to decrypt the user password as it pulls it out
of ldap.
This feature is not
Mitchell, Michael [EMAIL PROTECTED] wrote:
Well its not a standard feature of freeRADIUS, and quite possibly
shouldn't be, so probably never will be. ;-)
Why isn't it a standard feature? Is there an obvious reason? Are you all
storing your password in clear text in LDAP or whatever backend you
On Sun, 04 Jul 2004 10:15:34 -0400
Alan DeKok [EMAIL PROTECTED] wrote:
http://www.freeradius.org/cgi-bin/cvsweb.cgi/radiusd/raddb/radiusd.conf.in
The log_destination directive was added to the server *after* the
1.0.0 branch was created.
So this feature will not be in the final 1.0.0
On Sun, 4 Jul 2004 00:10:36 +0200
Daniel Eyholzer [EMAIL PROTECTED] wrote:
I'm trying to let freeradius 1.0.0-pre3 log to syslog, but it does
not seems to work. I have tried both, setting the log_destination to
syslog and starting radiusd with the -l syslog option, but nothing
gets logged
On Thu, 1 Jul 2004 12:27:22 +0300 (EEST)
Kostas Kalevras [EMAIL PROTECTED] wrote:
Do a cvs update on the ippool module or wait for tomorrow's CVS snapshot.
Then you can set Pool-Name to DEFAULT and it will match all of the ippool
module instances.
I have tested the updated ippool module, but
Hi there
I am using FreeRADIUS Version 0.9.3 and I need to set up an ippool with
addresses that are not subsequent. I have two ranges of addresses, say
192.168.2.0/24 and 192.168.6.0/24. According to what I have read I can set
only one range-start and one range-stop parameter for a single
On Thu, 1 Jul 2004 12:27:22 +0300 (EEST)
Kostas Kalevras [EMAIL PROTECTED] wrote:
Do a cvs update on the ippool module or wait for tomorrow's CVS snapshot.
Then you can set Pool-Name to DEFAULT and it will match all of the ippool
module instances.
Thanks for your reply, Kostas, I will try
14 matches
Mail list logo