(sorry for $pollution, but this really begs the question:)
Sorry, I'm in the office reading an autoresponder out-of-office message - I
can't respond to the meaningful and useful messages in my inbox.
Kind regards,
Jan
On 30/05/07, Thor Spruyt [EMAIL PROTECTED] wrote:
Hugh Messenger wrote:
One thing to keep in mind is Freeradius is basically just a framework that
you chuck plugins into: there are numerous plugins to do most any task
included with it to make things easier - and if you don't find what you
need, you can make your own (or, if you're lazy, you can build one in a
Yeah, I found a method to do this. It involves configuring your NAS to
reauthenticate the user every 20 minutes or so (I use OpenVPN with a NAS
plugin, it does key renegotiation every 20 minutes so this is ideal for me),
and using a Perl script with rlm_perl to do your own calculations. Read
...or if you're feeling lazy and know Perl, rlm_perl is an exellent tool to
make your own policy decisions (as you can configure perl to talk to your
mysql database).
Hope this helps,
Jan
On 11/05/07, Marc Miranda (GOWEX) [EMAIL PROTECTED] wrote:
Take a look at rlm_counter/rlm_sqlcounter (I
You could use the same ip pool across two NAS servers if you were only using
one radius server to assign IPs. I recommend you either make one radius
server handle only one NAS, so the ip pools don't collide, or used
rlm_sqlipool across them both as Peter pointed out.
Jan
On 12/04/07, Peter
like Radtest, you mean?
Jan
On 02/04/07, khursheed Ahmed [EMAIL PROTECTED] wrote:
Hi All
I need a RADIUS Packet simulator, which could simulate RADIUS packet
for
me,
If is there any Plz tell me,
As I needed it bcz I m developing a Translation Agent which could
translate
(convert)
RADIS
Radtest is designed to send RADIUS packets. If you take a look at the
manpage you will see that it is based on a small utility that sends raw
RADIUS packets, and contains code for retransmission, display of variables,
and other things.
What do you mean, AVPs? If you're referring to the draft EAP
I've been using OpenVPN + Ralf's Radiusplugin for several months and
recently moved away from server-side IP assignment. However, while I did use
it, I found that in my configuration FreeRADIUS only assigned new IPs when
the accounting for that user had stopped (ie, if it recieved a STOP packet).
Redhat is probably the Ford of the linux distributions: it'll get you to
where you want to be, it just might not do it as quickly or flashily as
other distros.
For most installs I recommend CentOS - which is basically Redhat Enterpise 4
but free. You pretty much can't go wrong with any modern,
run radiusd using radiusd -X from the shell, and watch what it does. Does it
give an error message? Does this hint at what the problem is?
Regards,
Jan
On 07/02/07, satish patel [EMAIL PROTECTED] wrote:
Dear ALL
i have some problem of regradig radius service when i
if all else fails, try using rlm_perl to do the authentication (or maybe,
compare the password against both elements in the database, then 'rewrite'
it as the first if it matches, so rlm_sql recognises it properly. This, of
course, is a bit of a hack (but if it works every time and is less
I've heard good things about chillispot.
Jan
On 19/01/07, PD [EMAIL PROTECTED] wrote:
Dear all,
Is there any solutions for prepaid services such as hotspot ?
I look thru the mailing list archieve and only found one unanswered
question.
TIA
PD
-
List info/subscribe/unsubscribe? See
Hoping to be more helpful here, I know how to implement this functionality
in freeradius, but only when using a mysql database backend (which is a good
idea for most setups using more than about 20 users).
I am assuming you want to control user logins to multiple NASes and this is
what you meant
You may wish to use the radius-tools package (correct me if the package name
is wrong, List) which is included with freeradius to send test packets from
the test application to the Freeradius server, and it'll show you what the
attributes you're sending and what the server replies with.
You can
Freeradius can do this, I believe (please correct me if I'm wrong, List).
However, you might want to consider firewalling those certain addresses on
your radius server so authentication/accounting packets never reach your
existing radius server daemon. Look into iptables, it should be fairly
There are plenty of examples embedded in the users file - also, if you read
the manpages it describes precisely how to do this.
Jan
On 20/12/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
James:
Can you send an example.
Saludos y Gracias
Francisco
-
List info/subscribe/unsubscribe? See
Read the documentation in radiusd.conf, and experimental.conf. It's all
there.
You need two rlm_ippool modules instantiated, and placed in the postauth and
accounting sections of the config file. You also need to add Pool-Name :=
pool1name in radgroupcheck under the name of group 1, and the same
insert into radgroupcheck table:
id,groupname,attribute,op,value
[leave blank],group1,Pool-Name,==,pool1
This will mean that any user that is part of group1, will have Pool-Name set
to group1 (which will make IP assignment work properly).
radcheck will be just fine authenticating users on its
from what I've seen on the lists, sqlippool is full of bugs and holes. If
you're planning to put it into a production environment, I'd strongly
suggest booking a coder for a couple of days :-) Such is the nature of
open-source I guess.
There is no other truly feasable way of leasing IPs over
Hello,
Trying to do a very simple task here - create a new check attribute
Pool-Name := servername, depending on what NAS sends the request to
the RADIUS server (identifiable by IP address or by name or whatever
in the request attributes).
What's the best way of doing this?
Thanks,
Jan
-
Hello all,
After much trouble I've managed to get CVS to download the right
version of freeradius (not radiusd-cistron...doh), and now I'm having
some problems with making it.
From what I can see, there's some problems with EAP (which I happen to
not need). Is it possible (or even
Hello,
I'm currently trying to get hold of a CVS snapshot of the latest
FreeRADIUS build - but I'm having some real trouble.
I've tried looking in the cvs-snapshots subfolder, and found:
radiusd-cistron-1.6-snapshot-20061019.tar.gz
Is this freeradius?
I would like the new functionality
That explains a lot - thank you.
I was certain I was trying to install the wrong thing :)
Thanks,
Jan
On 20/10/06, Alan DeKok [EMAIL PROTECTED] wrote:
Jan Mulders [EMAIL PROTECTED] wrote:
I've tried looking in the cvs-snapshots subfolder, and found:
radiusd-cistron-1.6-snapshot-20061019
Hi list.
I'm having some problems getting the nightly CVS snapshot to work.
It compiles fine, I've set relevant log directories, and gotten rid of
the old dictionary files, instead using the ones in the CVS. I now get
this error when attempting to start radiusd:
Wed Oct 18 15:18:43 2006 :
Okay, I knew the CVS was weird, but this really takes the cake:
[EMAIL PROTECTED] [~]# radtest testuser1 testing localhost 5 SuperSecretPassword
Unknown attribute Password
radclient: cannot parse Password = testing
What on earth?
Usage: radtest user passwd radius-server nas-port-id secret
Hello,
More CVS madness for you all.
I'm trying to run radiusd on my server, replacing an existing, working
configuration.
When I run radiusd (specifying paths or using defaults, it doesn't
matter), I get the following:
[EMAIL PROTECTED] [/etc/raddb]# radiusd -xx
Starting - reading
ideas?
Many thanks,
Jan Mulders
On 18/10/06, Alan DeKok [EMAIL PROTECTED] wrote:
Jan Mulders [EMAIL PROTECTED] wrote:
Okay, I knew the CVS was weird, but this really takes the cake:
You are not using the correct dictionaries. Fix your installation.
Alan DeKok.
--
http
I've been through exactly the same hell authenticating a bunch of VPN users.
The fundamental problem is that FreeRADIUS is event-driven: ie, it can
only do anything when someone sends a RADIUS request to it. This
means, for our purposes, that freeradius needs to be *asked* if a user
can continue
Someone needs to do some serious work on sqlippool. I'd do so, but
currently I have no need for SQL-assigned IPs, as I only have one
RADIUS server - and if it fails over, the least thing I have to worry
about is current IP assignments.
I recommend finding someone who is adept at *SQL and buy
Hello all,
I've just finished writing a perl program to give a user a different
speed of service based on their accounting total for the last month in
MySQL, and I'd like to also assign these users an IP based on this
usage too.
I wanted to do this by setting the Pool-Name check value from my
Hello list,
I am trying to use the 'files' module of Freeradius to do
decisionmaking, based on information pulled in from the sql module,
and the sqlcounter thing.
First off, is this the right way of doing this? I want to assign users
a different Pool-Name for each assigned speed, and send
I'd also like to do this - although non-reversable encryption (like
MD5) would suit us - eg, password is encrypted in the table, and is
encrypted and compared when a user's password is checked.
How is encryption meant to be done in the MySQL module at all?
Jan
On 09/10/06, Stefan Winter [EMAIL
Hello,
I'm trying to assign users a different speed of service based on how
much data they've used on the service.
I found the following in the experimental.conf information on sqlcounter:
#
# DEFAULT Max-Daily-Session 3600, Auth-Type = Reject
# Reply-Message = You've
You're using the wrong syntax for including the pools in each section.
Here's an example from my own config...
modules {
ippool 512k_high {
# range-start,range-stop: The start and end ip
# addresses for the ip pool
range-start =x.x.x.6
404
On 05/10/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Don't know why it shows me -
Sorry but this survey is no longer available.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
g] On Behalf Of Alan DeKok
Sent: Thursday, October 05, 2006 11:39 AM
To:
, but no further.
Hope this helps,
Regards,
Jan Mulders
On 03/10/06, Torkel Mathisen [EMAIL PROTECTED] wrote:
Hi
We have a very simple freeradius setup today. We use freeradius 1.0.5
with PEAP/MS-CHAPv2 and users file.
My boss has asked be about making this configuration a bit more flexible
a helpful tip as to how to get this thing
working again, I'd appreciate it a lot.
Thanks all,
Jan Mulders
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
you should be putting it in radcheck, so it's checked when you log in.
radacct is used to store accounting information (like session times
etc :))
Hope this helps,
Jan Mulders
On 29/09/06, Collen Blijenberg [EMAIL PROTECTED] wrote:
Hmm, i was testing the mysql backend with freeradius 1.1.3
Thanks for your help. I ended up pulling the accounting counter part
out completely and did it via a cronjob that changed the user's group
- and have implemented the detail log as suggested.
Thank you,
Jan
On 27/09/06, Guy Fraser [EMAIL PROTECTED] wrote:
On Wed, 2006-09-27 at 02:47 +0100, Jan
of the following? groupA_belowcap,
groupA_overcap, groupB_belowcap, groupB_overcap?
Regards,
Jan Mulders
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Password == testingWhat do I need to do to make FreeRADIUS authenticate passwords sent as plaintext to it from a client NAS, to MD5 stored in the database?
Is this possible?(please see attempt logs below)Regards,Jan Mulders### client request ###www~# radtest testuser1 testing localhost:1812 3
41 matches
Mail list logo