Thank You for reply Alan.
I have working eap-tls for my staff and
Dnia 5 sierpnia 2013 21:52 a.l.m.bu...@lboro.ac.uk napisał(a):
Hi,
gt; In that situation i need to have active, both sql and ldap, authorization
gt; modules in inner-tunnel. So users, who should identify by login/pass in
gt; guest
Hello.
In that situation i need to have active, both sql and ldap, authorization
modules in inner-tunnel. So users, who should identify by login/pass in guest
SSID, can be authenticate via inner-tunnel ldap module. I don't want this.
Regards
Marcin
Dnia 25 lipca 2013 21:31 Marcin lt;bieri
. Is there a possibility, to use one radius
server to handle this scenario?
Regards
Marcin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Do I realy need database? When I should use it? Can You explain a little bit
more?
Regards
Marcin
Dnia 25 lipca 2013 14:26 Alan DeKok lt;al...@deployingradius.comgt;
napisał(a):
Marcin wrote:
gt; I'm new with FreeRadius. I would like to use FreeRadius to authenticate
gt; two groups of users
Hello!
I have one question is it possible to add some information on the end of
the line in radius.log like user not in db when I let in users without
account in my database?
POzdrawiam
Marcin S.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello
I want to ask if you succeeded in making open auth?
I want to let in users without passwords or with incorrect pass, users
without account in my database too.
I have add to my sql.conf lines that give something like this when there
is no such user in databese:
authorize_check_query =
return to let in user without account in my database?
POzdrawiam
Marcin S.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
And there is no other way than using pap instead of mschapv2 to let in
that sort of users?
W dniu 2010-02-10 23:14, Fajar A. Nugraha pisze:
On Thu, Feb 11, 2010 at 12:15 AM, Marcin S.red...@tlen.pl wrote:
working(user from database):
MS-CHAP-Challenge
Hello
Is there a way to auth user with bad password, or user that doesn't exists
in database??
What I need?
Let's say we have a 'userX' with password 'userXpassword' and that user
try to log in to service, but he try to use wrong password, I want to auth
him anyway but when he log in I will
On Fri, 29 Jul 2005 15:41:55 -0300
Jose Divino de Lima [EMAIL PROTECTED] wrote:
Hi people,
I need your help.
We´ve a solution that use SER athenticating, athotizing and accounting in a
freeRadius+mySQL.
I´ve a challenge now to limit thu number of simultaneous connections (i.e: we
can
On Thu, 28 Jul 2005 22:29:04 +0800
Liew Toh Seng [EMAIL PROTECTED] wrote:
Hi,
Is there any documentation for freeradius ? How and where to start ?
Thanks.
--
Best Regards,
Liew Toh Seng
System Consultant, RedHat Certified
On Thu, 21 Jul 2005 11:07:40 +0200
Dominique Lambert [EMAIL PROTECTED] wrote:
hello
i search to log the activity of my users
What kind of activity?
i want to know date,time,url
please
thank's
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Thu, 21 Jul 2005 11:39:43 +0200
Dominique Lambert [EMAIL PROTECTED] wrote:
Christian Seitz a écrit :
On Thu, 21 Jul 2005, Dominique Lambert wrote:
i search to log the activity of my users
i want to know date,time,url
It has nothing to do with radius if you want to log every
May I ask why do you want to do such a thing?
On Mon, 18 Jul 2005 15:12:00 +0200
Erling Paulsen [EMAIL PROTECTED] wrote:
Hello.
Right now I'm running multiple servers for listening to multiple ports,
for having the option of accomadating both NAS'es that use the old 1645
port and the
Hi.
I would like to allow any NAS IP to connect to my radius server restricting
connections from NAS only with shared secret - username and password.
Is it possible to use 0.0.0.0 or ANY in clients.conf/SQL nas table ?
What are the security issues having an open setup like that ?
Cheers
Marcin
it! ;)
They could chop it only if I let them use my axe which I have the only key to.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marcin
Jessa
Sent: Friday, July 15, 2005 11:29 AM
To: FreeRadius
Subject: Allowing any NAS to connect to my
On Fri, 15 Jul 2005 11:42:57 +0100
Guy Davies [EMAIL PROTECTED] wrote:
Hi Marcin,
You can create a subnet in clients.conf (e.g. 10.10.10.0/24) that can
use the same key. I think that doing 0.0.0.0/0 would be a very bad plan
since it only requires that an attacker know the shared key
Hi.
Is /usr/local/var/log/radius/radutmp existing and is rw for radius ?
Cheers,
Marcin.
On Fri, 15 Jul 2005 12:04:55 +0200
[EMAIL PROTECTED] wrote:
radius -X doesn´t show any error or warning until the end (Segmentation
fault). You can see the result of my last execution:
Starting
On Wed, 13 Jul 2005 12:15:45 +1000
Ross Tsolakidis [EMAIL PROTECTED] wrote:
Thanks for responding Marcin, just to double check:
I added those details into radgroupcheck:
mysql select * from radgroupcheck;
++---+-++---+
| id | GroupName
On Mon, 11 Jul 2005 17:18:00 -0500
Thomas Tinsley [EMAIL PROTECTED] wrote:
Marcin,
Hi my name is Tom and I am installing FreeRadius for the first time.
Specifications:
OS: Fedora Core 4
Linux Kernel 2.6.11smp
Freeradius version : 1.0.2
1.0.2 has security holes
describing the behaviour and functionality of
the module.
People tend to be more patient if they know you did some work on your own.
Cheers,
Marcin Jessa
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ross
Tsolakidis
Sent: Tuesday, 5 July 2005 2:14
On Mon, 11 Jul 2005 11:16:04 +0200 (MEST)
Dumpfbacke 102731 [EMAIL PROTECTED] wrote:
Hello,
I search a HowTo for Freeradius+PPPoe.
You need a network access server running PPPoE service which talks to Radius.
You can do that with any BSD or Linux or check out www.mikrotik.com for
.
This way you can have multiple proxying radius servers and redundant database
servers, proxy http etc.
Cheers,
Marcin Jessa.
On Mon, 11 Jul 2005 16:42:15 +0100
Michael Fisher [EMAIL PROTECTED] wrote:
Unfortunatly this solution must be able to scale up. We have already
assesed other
successfully for the MySQL server. I just need to get Radius to do the
same. Radius.conf sql.conf are modified accordingly.
Any help would be appreciated. Thank you.
Cheers,
Marcin Jessa
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
security holes and 1.0.4 is out.
Cheers,
Marcin Jessa
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi.
This error says very little.
You need to paste in what happens just before that and check the config.log
On Mon, 4 Jul 2005 09:34:15 -0700
TeemX [EMAIL PROTECTED] wrote:
Hi Guys Gals,
I am having problem on installing my FreeRadius Server Version 1.0.4.
I am running at Linux
You can also log to SQL and then sort on the info stored in radacct.
Should be relatively easy for a newbie PHP coder to write a script doing that.
Marcin.
On Tue, 21 Jun 2005 22:02:08 +0100
Shepherd, Dave [EMAIL PROTECTED] wrote:
You could try radiusreport
http://www.pgregg.com
Hi.
Search the mailing list. There have been discussion on that providing solutions.
Here you have link with my configs using sqlcounter
http://www.yazzy.org/configs/linux/freeradius/
Now, what exactly does not work?
Marcin.
On Fri, 17 Jun 2005 14:08:03 +0100
synackrst [EMAIL PROTECTED
On Fri, 17 Jun 2005 16:29:24 +0200
Benoit LELONG [EMAIL PROTECTED] wrote:
Hello,
I would like to build a freeradius plateform and I am looking for return of
experiences about :
- the best choice of Linux distribution to support the last version of
freeradius.
They all work. The best
Hi Cris.
You can accomplish thing like that in two ways.
One is to hand out each of your users Framed-IP-Address and Framed-IP-Netmask
attribute.
This can be set in the group attributes of the user or individually.
The second one would be to hand out Framed-Pool for the users and have a
On Thu, 16 Jun 2005 12:57:06 -0400
Alan DeKok [EMAIL PROTECTED] wrote:
Marcin Jessa [EMAIL PROTECTED] wrote:
The link to email archive page at http://www.freeradius.org/list/users.html
points to http://lists.freeradius.org/archives/freeradius-users/ which does
not exist.
It exists
://lists.freeradius.org/archives/freeradius-users/ for that address.
Cheers,
Marcin.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Thu, 16 Jun 2005 20:01:34 +1200
Andrew Thompson [EMAIL PROTECTED] wrote:
On Thu, Jun 16, 2005 at 09:45:03AM +0200, Marcin Jessa wrote:
On Thu, 16 Jun 2005 07:04:24 +0300
Abu Khaled [EMAIL PROTECTED] wrote:
On 6/16/05, phil grainger [EMAIL PROTECTED] wrote:
you can mod
You can add an extra field in SQL with Calling-Station-ID attribute for a user
and make radius check that when it receives a request.
On Fri, 10 Jun 2005 15:28:46 +1000
[EMAIL PROTECTED] (Paul Hampson) wrote:
On Thu, Jun 09, 2005 at 06:19:28AM -0700, [EMAIL PROTECTED] wrote:
Hi,
I
I bet this is database specific.
Run radius in debug mode and see what is shown by the User-Name attribute.
Try to change sql query in postgresql.conf if radius accepts correct username.
Cheers,
Marcin
On Thu, 9 Jun 2005 20:30:03 +0200 (CEST)
Christian Seitz [EMAIL PROTECTED] wrote:
Hi,
I
On Mon, 06 Jun 2005 21:41:22 -0400
Alan DeKok [EMAIL PROTECTED] wrote:
Marcin Jessa [EMAIL PROTECTED] wrote:
Web scripts get executed as the www user. That way I need to grand
apache access to HUP radiusd and that can be done with sudo adding
www user to the sudoers file and allowing
info of an already loged in user, will it
get synced when the radius server is started again?
Is there a way to make radius automatically read new entries added to the nas
table ?
Regards,
Marcin Jessa.
On Thu, 02 Jun 2005 13:44:49 -0400
Alan DeKok [EMAIL PROTECTED] wrote:
Stefan Winter
Hi.
On Mon, 06 Jun 2005 14:48:22 -0400
Alan DeKok [EMAIL PROTECTED] wrote:
Marcin Jessa [EMAIL PROTECTED] wrote:
I noticed when I add new NAS servers to SQL on a running radius server,
they will not be used before the radius server is restarted.
Is that a case or am I mistaken here
On Mon, 06 Jun 2005 17:11:46 -0400
Alan DeKok [EMAIL PROTECTED] wrote:
Marcin Jessa [EMAIL PROTECTED] wrote:
You can send a HUP signal to th eserver.
That would require apache to have access to the radius deamon when
using a web-based interface.
Uh, no.
The way I understand
On Mon, 06 Jun 2005 18:13:32 -0400
Alan DeKok [EMAIL PROTECTED] wrote:
Marcin Jessa [EMAIL PROTECTED] wrote:
The way I understand it, say a PHP script used to HUP radiusd would get
executed as the httpd user. In that case the httpd deamon would need to be
added to the sudoers group like
the queries reading freshly
inserted info in the SQL tables.
Cheers,
Marcin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
authorization and authentication?
Cheers,
Marcin Jessa
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Wed, 1 Jun 2005 13:55:27 -0700
Rupak [EMAIL PROTECTED] wrote:
I mean that I wont define any sort of time limitations.But I want my
customer's surfing time to be appended in mysql.How can this be done?.
The session time of your users is stored in the radacct table.
And can the
their corresponding IP's stored in /etc/hosts or a
local DNS server.
Regards,
Marcin Jessa.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
in it with the secret for the NAS?
What about the clients.conf file? What should I keep there? It needs at least
one host definition or radius will not start.
Marcin Jessa wrote:
Hi guys.
I was wondering if the information read from the nas table is in any way
used by freeradius or maybe I
Then it should look something like:
#ps auxww | grep rad
radiusd 81708 0.0 1.0 9316 4944 ?? Ss 11:26PM 0:00.01
/usr/local/sbin/radiusd
Cheers,
Marcin
On Wed, 1 Jun 2005 16:49:37 -0400
Andrey [EMAIL PROTECTED] wrote:
Hi everyone,
Just a quick question about running radiusd as a user
Hi.
Looks like this query will use quite a while to get executed.
What does the debug mode say? Any timeouts?
Regards,
Marcin Jessa
On Fri, 20 May 2005 13:16:20 +0500
Kamran Bukhari [EMAIL PROTECTED] wrote:
Hello
I want to do the authentication using MYsql on Radius. I was doing it
till
Hi.
The error you received indicates your radius server cannot connect to any
database.
You can use this database for your setup:
http://www.yazzy.org/configs/linux/freeradius/radius.sql
Cheers,
Marcin Jessa
On Fri, 20 May 2005 16:40:28 -0400
Software Development Group [EMAIL PROTECTED] wrote
time quota is not fully used.
What would be the easiest/best/most elegant way to achieve it in combination
with SQL and sqlcounter?
Cheers,
Marcin Jessa
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
What does radius say when you run it in debug mode?
On Thu, 19 May 2005 16:20:35 -0400
Joseph Abadi [EMAIL PROTECTED] wrote:
hey,
I recently installed freeradius 1.0.2 on Ubuntu Warty (kernel 2.6.8).
The idea is to use the radius server with a mysql database to
authenticate users into a
You need to create your own database based on the SQL schema provided with
freeradius.
The rest you config in the sql.conf in your raddb dir, usually in /etc/raddb or
/usr/local/etc/raddb
On Mon, 16 May 2005 18:10:39 +0800
shenwei [EMAIL PROTECTED] wrote:
dear all,
where does the
Hi.
Should be fine, this is mine for comparision:
http://www.yazzy.org/configs/linux/freeradius/radiusd.conf
I additionally use following for sqlcounter:
dailycounter
weeklycounter
monthlycounter
On Mon, 16 May 2005 20:56:04 +1200
Tristram J. Cheer [EMAIL PROTECTED]
On Mon, 16 May 2005 16:57:10 -0400
Software Development Group [EMAIL PROTECTED] wrote:
Hello,
I am running ubuntu and I am trying to compile FreeRadius with
rlm_sqlcounter
Freeradius 1.0.1-2 is avaliable for ubuntu maintained by Paul Hampson [EMAIL
PROTECTED]. Try to install it. It
the
realm of the NAS.
Cheers,
Marcin Jessa
On Mon, 16 May 2005 17:34:26 -0300
Bartosz Jozwiak [EMAIL PROTECTED] wrote:
Hello,
Is it possible to restrict users to login only to
specific nas client?
So if they use different nas their login should be rejected.
Thank you in advance
On Sat, 14 May 2005 12:18:22 +1000
Graeme Lee [EMAIL PROTECTED] wrote:
Stefano Martini [EMAIL PROTECTED] wrote:
Hi all,
I'm using freeradius-1.0.2 on a debina 3.1 i386 platform with
gcc-3.3.5.
I compiled the radius server, without errors, and want to use
a postgres database for
The Unix module should do that for you.
In radiud.conf:
# Unix /etc/passwd style authentication
On Fri, 13 May 2005 15:04:23 -0700
Rupak [EMAIL PROTECTED] wrote:
Hello every one I have a small question out here
I am using the latest version.I want the free radius to
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marcin
Jessa
Sent: Friday, May 13, 2005 2:46 AM
To: freeradius-users@lists.freeradius.org
Cc: [EMAIL PROTECTED]
Subject: Re: Freeradius authentication /etc/passwd
The Unix module should do that for you
Will
dialup NAS-IP-Address == 0.0.0.0
allow users which are members of the dialup group login from any NAS ?
On Thu, 12 May 2005 20:19:13 -0400
Alan DeKok [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] wrote:
radiusd: FreeRADIUS Version 0.9.3, for host i686-pc-linux-gnu, built on
Nov 9
Switch from MySQL?
If so, the diffence lies only in knowledge of your particular DB.
The database layout is included in the sources of freeradius.
On Thu, 12 May 2005 00:15:17 +0700
avudz [EMAIL PROTECTED] wrote:
Hello,
anybody knows where can i download / read radius-postgre how to ? i
Hi!
On Thu, 12 May 2005 15:42:52 +0700
avudz [EMAIL PROTECTED] wrote:
nah nah, you quite right :-) when i change the date format, its work
well now :-)
I'd propably stumble on the same problem if I was going to implement expiration
date on my system.
I don't find the american date format
You dont understand the way the counter works.
As stated in the experimental.conf:
# The 'reset' parameter defines when the counters are all
# reset to zero. It can be hourly, daily, weekly, monthly or
# never. It can also be user defined. It should be of the
Attribute for user expiration date as well.
On Wed, 11 May 2005 15:07:25 +0700
avudz [EMAIL PROTECTED] wrote:
Hello Marcin,
Wednesday, May 11, 2005, 2:54:09 PM, you wrote:
MJ In your case you should change reset=never to reset=1h if you
MJ want to reset the counter every hour.
MJ
Hi.
Yepp, that should work, i.e.
mysql select * from radcheck;
++--+---+++
| id | UserName | Attribute | op | Value |
++--+---+++
| 5 | yazzy| User-Password | := | yazzy |
| 6 |
Errata. I meant radgroupcheck, not radgroupreply.
On Wed, 11 May 2005 12:09:01 +0200
Marcin Jessa [EMAIL PROTECTED] wrote:
Hi.
Yepp, that should work, i.e.
mysql select * from radcheck;
++--+---+++
| id | UserName | Attribute | op
Hi.
I wonder how the huntgroups really work.
Can I have a huntgroup with multiple NAS's stored in SQL and users belonging to
that huntgroup?
Then can each huntgroup have a different group defined in the radgroup/radcheck
table ?
What I want to do is to restrict certain users to only be able to
:
Wednesday, May 11, 2005, 5:47:16 PM, you wrote:
a Hello Marcin,
a Wednesday, May 11, 2005, 5:09:01 PM, you wrote:
MJ Hi.
MJ Yepp, that should work, i.e.
mysql select * from radcheck;
MJ ++--+---+++
MJ | id | UserName | Attribute
Run your radiusd with -X flag, this will force it to foreground and give you
more info.
On Wed, 11 May 2005 18:40:38 +0700
avudz [EMAIL PROTECTED] wrote:
Hello Marcin,
Wednesday, May 11, 2005, 6:32:36 PM, you wrote:
MJ Maybe the date format is incorrect?
MJ I am not sure what those
On Wed, 11 May 2005 13:39:01 +0200
zze-BEN SAID Mehdi RD-CORE-ISS [EMAIL PROTECTED] wrote:
Hi;
I'm student and I'm new to freeRadius, actually I'm new to Radius!
Hi. I used to be student and new to FreeRadius, then I started to read the docs
and man pages.
Then came google to make my life
Operaciones
Qnet
Soluciones Tecnológicas
Av. Paseo de la República 4675 - Lima 34
Telf.: (511) 241-4122 Anexo 2245
Fax: (511) 446-8135
Visítenos en: www.qnet.com.pe
- Original Message -
From: Marcin Jessa
To: freeradius-users@lists.freeradius.org
Cc: [EMAIL PROTECTED
Hi.
I have a setup with multiple NAS's where each NAS belongs to a different owner.
All of them talk to the same radius server where users are stored in MySQL
database.
AFAIK normally realms are used to strip e.g. domain names from the login user
names, e.g [EMAIL PROTECTED] authenticating
What kind of module?
A new, custom one or one of the existing modules?
What do you want it to be able to do?
On Mon, 6 Dec 2004 14:29:19 +0800
xuxu [EMAIL PROTECTED] wrote:
How to add a module to authorize a request ? Does freeradius support it
,or I need to modify the source
Hi.
I just resubscribed to the mailinglist and found that topic unanswered.
You can accomplish that in two ways. One is with counter module and one with
SQL which uses sqlcounter module.
The sqlcounter needs the experimental modules to be compiled in.
I use MySQL to store my users's info so for
and make your radius talk to the one local to it.
And be nice, Yeah, right is not something you say asking strangers for
advices.
On Sat, 19 Mar 2005 04:14:11 +0100
Wolfram Schlich [EMAIL PROTECTED] wrote:
* Marcin Jessa [EMAIL PROTECTED] [2005-03-19 04:05]:
On Sat, 19 Mar 2005 03:52:52 +0100
The easiest solution is to set up replication of your SQL on the secondary
radius server and add it in you NAS.
On Fri, 18 Mar 2005 19:29:27 -0500
Schoggins, George [EMAIL PROTECTED] wrote:
I am trying to setup a backup radius server that would take over if the
primary goes down. I would
All you need is stunnel.
On Sat, 19 Mar 2005 03:52:52 +0100
Wolfram Schlich [EMAIL PROTECTED] wrote:
* Wolfram Schlich [EMAIL PROTECTED] [2005-03-17 00:55]:
* Wolfram Schlich [EMAIL PROTECTED] [2005-03-16 09:05]:
Hey guys,
we would like to implement the following setup:
-
PROTECTED] wrote:
Tq 4 ur response
But if I do this, wlan user still can access each other. How to protect
that? Is that mod_auth_radius that I'm looking for?
TQ
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marcin
Jessa
Sent: Wednesday, March
You need some kind of hotspot server like routeros or staros.
Or you can do that with Squid and custom firewalling rules to open connections
from i.e. PPTP authenticated users.
On Thu, 10 Mar 2005 09:28:01 -0800
Nurul Faizal M.Shukeri [EMAIL PROTECTED] wrote:
Hi everyone.,
Can anyone
Freeradius is not dialupadmin.
Check freshmeat for the project site and the doc is most propably in the dir of
dialupadmin when you unpack it.
Use your head, will you? And google.com as well..
On Tue, 8 Mar 2005 19:45:46 -0500
Janakan Rajendran [EMAIL PROTECTED] wrote:
Kostas,
You mean
0.93 doesn't support PEAP, you need newest
version from CVS...
--
Regards,
Marcin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
without 802.1X authorization and works ok: Open Key, Shared
Key + WEP and WPA-PSK with TKIP also ... How to make it working in WPA or
802.1X+WEP ??
--
Best Regards,
Marcin K. mailto:[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
?
--
Best Regards,
Marcin mailto:[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
81 matches
Mail list logo
