Dan Delaney wrote:
Does anyone know how to change the service type that pam_radius_auth
passes to the server?
Source code modifications.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List
freeradius wrote:
Is there a way or another to check on a network basis like
192.168.2.100/30 ?
Yes and no. Regular expressions work, but they're ugly.
In our productive architecture, the number of ip addresses should be a
/21 subnet (2046 hosts)...
I can write one line per ip but
peppeska wrote:
...
rad_recv: Access-Request packet from host 127.0.0.1:1027, id=118, length=54
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = peppeska
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
rad_check_password: Found Auth-Type
Arran Cudbard-Bell wrote:
Am I right in thinking that for radius to be able to proxy eap
successfully, the request_list module would have to be updated to hold
information as to which home radius server the session
was being handled by.
No. There has to be a separate in-memory table.
[EMAIL PROTECTED] wrote:
confirm tha EAP-TTLS userid's used to work with freeradius (1.0.5 era
through to 1.1.3) but then only anonymous was seen. i've been following
this User-Name = %{User-Name} etc thread with interest
Ouch. It needs fixing, then. I'm at a conference this week, so I'll
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alan DeKok ha scritto:
peppeska wrote:
...
rad_recv: Access-Request packet from host 127.0.0.1:1027, id=118, length=54
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = peppeska
NAS-IP-Address =
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alan DeKok ha scritto:
peppeska wrote:
...
rad_recv: Access-Request packet from host 127.0.0.1:1027, id=118, length=54
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = peppeska
NAS-IP-Address =
Hello Freeradius users!
I have a recurring problem that I'm wondering if any of you have run
into. I am currently running freeradius 1.1.4 (haven't had time to
upgrade yet) on Suse Linux SLES 10 together with a Myql DB engine.
I am using IP pools to supply users coming from various NAS:es with
peppeska wrote:
Now my configuration in user file is:
DEFAULT Auth-Type = LDAP
Fall-Through = 1
Can you explain why you're setting Auth-Type? All of the docs say to
NOT DO THAT.
But the output now is:
rad_recv: Access-Request packet from host 127.0.0.1:1030, id=65, length=54
Ramm-Ericson, Johannes wrote:
I suspect the problem may be related to the fact that some sessions do
not recieve accounting session stop packets.
Yes. if the server isn't told that the IP is free, what is it
supposed to do?
Alan DeKok.
--
http://deployingradius.com - The web site
But the output now is:
rad_recv: Access-Request packet from host 127.0.0.1:1030,
id=65, length=54
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = peppeska
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Michael Messner wrote:
hey,
freeRADIUS works quite good and it's possible to authenticate via PAM,
for example local logins, ssh-logins, su, chsh, gdm, ... are working
quite fine.
The only thing is the htaccess from apache2 which will not work. The
Radius gets the request and permits
Hello, Alan!
You wrote on Tue, 20 Mar 2007 12:47:01 +0100:
AD Alexander V. Klepikov wrote:
I applied the patch and it does not work. It seemes to me, it's
becuase
SQL socket may be unconnected and sqlsocket-conn != NULL,
AD That sounds like a bug to me.
It seemes to me I begin to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alan DeKok ha scritto:
peppeska wrote:
Now my configuration in user file is:
DEFAULT Auth-Type = LDAP
Fall-Through = 1
Can you explain why you're setting Auth-Type? All of the docs say to
NOT DO THAT.
ook
I comment that
but
I am trying to build/compile freeRadius 1.1.5. My Cygwin environment is
1.5.24-2 from www.cygwin.com. freeRadius 1.1.5 from www.freeradius.org.
I ran configure for freeRadius with following parameters: ./configure
-without-snmp -disable-shared -enable-static -without-rlm_perl.
Configure and
Alexander V. Klepikov wrote:
I did not find any information about what is going on when database or SQL
server suddenly comes down, but it looks like pg_sock-conn is freed when
connection to DB became broken. And pg_sock-conn != NULL . That's why libpq
crashes when PQfinish(pg_sock-conn)
I installed freeradius-1.1.4 in FC4 and i got all the compilation
without error.
However, when i tried to run the radiusd in debug mode i got the error below
Can someone pls point out my problem to me.
Goksie
[EMAIL PROTECTED] ~]# radiusd -X
Starting - reading configuration files ...
Alexander V. Klepikov wrote:
... If connection to DB fails, PQfinish(pg_sock-conn) is called, which frees
pg_sock-conn - need to do this is described in libpq docs. So even in case
of unsuccessefull connection we have good database handle sqlsocket-conn,
which should not be NULL.
If
Nicolas Baradakis wrote:
It seems to me this is the real cause of the problem: pg_sock-conn becomes
an invalid pointer. The libpq manpage says the PGconn pointer should not be
used after PQfinish has been called.
Please try the following patch:
I think it should be applied, independent of
peppeska wrote:
rad_recv: Access-Request packet from host 127.0.0.1:1030, id=65, length=54
^^
-Where is User-Password attribute?
Ask the NAS.
what?
In this case I have a suspicion the NAS could be radclient...
How are you sending
Hello, Nicolas!
You wrote on Wed, 21 Mar 2007 12:37:03 +0100:
NB It seems to me this is the real cause of the problem: pg_sock-conn
NB becomes
NB an invalid pointer. The libpq manpage says the PGconn pointer should
NB not be
NB used after PQfinish has been called.
NB Please try the following
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael Mitchell ha scritto:
peppeska wrote:
rad_recv: Access-Request packet from host 127.0.0.1:1030, id=65, length=54
^^
-Where is User-Password attribute?
Ask the NAS.
what?
In this
-Message d'origine-
De :
[EMAIL PROTECTED]
radius.org
[mailto:[EMAIL PROTECTED]
sts.freeradius.org] De la part de peppeska
Envoyé : mercredi 21 mars 2007 13:44
À : FreeRadius users mailing list
Objet : Re: freeradius, ldap error - HELP ME!
-BEGIN PGP SIGNED
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thibault Le Meur ha scritto:
-Message d'origine-
De :
[EMAIL PROTECTED]
radius.org
[mailto:[EMAIL PROTECTED]
sts.freeradius.org] De la part de peppeska
Envoyé : mercredi 21 mars 2007 13:44
À : FreeRadius users mailing list
Objet :
Hi,
Very strange I didn't get this email ?
See my comments below:
Thibault Le Meur ha scritto:
But the output now is:
rad_recv: Access-Request packet from host
127.0.0.1:1030, id=65,
length=54
Service-Type = Framed-User
Framed-Protocol = PPP
Hi,
Ouch. It needs fixing, then. I'm at a conference this week, so I'll
see what I can do in a few days.
It would be nice to have regression tests for the server...
certainly for eg the glibc double-free issue that has hitbut otherwise
there are so many different permutations and
Jason Hodges wrote:
...
Here are the debug results:
radius_xlat: '0210xxx'
radius_xlat: Running registered xlat function of
module exec for string
'/usr/local/freeradius/bin/mdn_lookup.sh'
rlm_exec (exec): Executing
/usr/local/freeradius/bin/mdn_lookup.sh
rlm_exec (exec): result 0
Hello Michael,
freeRADIUS works quite good and it's possible to authenticate via PAM,
for example local logins, ssh-logins, su, chsh, gdm, ... are working
quite fine.
The only thing is the htaccess from apache2 which will not work. The
Radius gets the request and permits the user:
I
Thank you for the response.
I did cover that base as well. I should have pasted
the script into the original email. Here is the
script that I tested with (where xxx are numbers):
#!/bin/sh
if [ $1 = ]; then
#Example 0xx
echo 0xx
else
echo 1xx
fi
Hi Alan,
I'd like to patch the openvpn-radiusplugin so that an extra
attribute
is sent in the Access-Accept packets so that FR will be able to
differentiate Initial and Renegociation Access-Accept
requests and
only assign new IP address from the pool on Initial Access-Accept
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thibault Le Meur ha scritto:
Have you setup ppp to use mschap (require-mschap-v2 option) ? Are
you using the radiusclient library ?
refuse-pap
refuse-chap
require-mschap
require-mschap-v2
require-mppe
Ok so that your NAS don't
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Alan DeKok
Sent: Wednesday, March 21, 2007 2:46 AM
To: FreeRadius users mailing list
Subject: Re: pam_radius_auth
Dan Delaney wrote:
Does anyone know how to change the service type that
Thibault Le Meur wrote:
I've patched the radiusplugin to add Framed-IP-Address to the re-auth
request but rlm_ippool still allocates a new IP Address (I'm using FR
1.1.4).
Ok. It seems like rlm_ippool should be updated to look for
Framed-IP-Address in the request.
That would be very
Hello All,
I am attempting to build a new and different FR server than I currently use.
The new one is running the latest FR release and MySql. I am also running the
dialup admin software.
Before I attach a bunch of logs and eat up bandwidth, I want to make sure that
I am testing correctly.
and in the dictonary file:
$INCLUDE /etc/radiusclient/dictionary.microsoft
$INCLUDE /etc/radiusclient/dictionary.ascend
$INCLUDE /etc/radiusclient/dictionary.compat
$INCLUDE /etc/radiusclient/dictionary.merit
$INCLUDE /usr/share/freeradius/dictionary
Don't write $INCLUDE but
Thibault Le Meur wrote:
I've patched the radiusplugin to add Framed-IP-Address to
the re-auth
request but rlm_ippool still allocates a new IP Address
(I'm using FR
1.1.4).
Ok. It seems like rlm_ippool should be updated to look for
Framed-IP-Address in the request.
That
I can also vouch for freeradius 1.0.5 after building retro-fitting
my configuration to it. I'll probably just downgrade to an earlier
1.1.x build, since I haven't seen any major security
vulnerabilities/
fixes since the early 1.0.x builds.
On Tue, 20 Mar 2007 16:53:26 -0500 [EMAIL PROTECTED]
Hi guys,
I am trying to establish a secure connection between freeradius and a Novell
eDirectory LDAP server. After configuring LDAP in radiusd.conf it seemed to
work, almost:
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
MMM damn! why freeradius don't want work with me?
It's not a Freeradius issue, but a ppp/radiusclient issue ;-)
P.S.
without the Deafult Auth-Type in the users file...it's the
same... If I put $INCLUDE instead INCLUDE... work like before...
Very strange I've got several
I've been using OpenVPN + Ralf's Radiusplugin for several months and
recently moved away from server-side IP assignment. However, while I did use
it, I found that in my configuration FreeRADIUS only assigned new IPs when
the accounting for that user had stopped (ie, if it recieved a STOP packet).
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ok!!!
Now I have this configuration
INCLUDE /etc/radiusclient/dictionary.microsoft
INCLUDE /etc/radiusclient/dictionary.ascend
INCLUDE /etc/radiusclient/dictionary.compat
INCLUDE /etc/radiusclient/dictionary.merit
$INCLUDE
quote
I've been using OpenVPN + Ralf's Radiusplugin for several months and
recently moved away from server-side IP assignment. However, while I did use
it, I found that in my configuration FreeRADIUS only assigned new IPs when
the accounting for that user had stopped (ie, if it recieved a STOP
peppeska wrote:
Ok!!!
Now I have this configuration
INCLUDE /etc/radiusclient/dictionary.microsoft
INCLUDE /etc/radiusclient/dictionary.ascend
INCLUDE /etc/radiusclient/dictionary.compat
INCLUDE /etc/radiusclient/dictionary.merit
$INCLUDE /usr/share/freeradius/dictionary
No.
-Message d'origine-
De :
[EMAIL PROTECTED]
radius.org
[mailto:[EMAIL PROTECTED]
sts.freeradius.org] De la part de peppeska
Envoyé : mercredi 21 mars 2007 18:36
À : FreeRadius users mailing list
Objet : Re: RE : RE : RE : freeradius, ldap error - HELP ME!
-BEGIN PGP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alan DeKok ha scritto:
peppeska wrote:
Ok!!!
Now I have this configuration
INCLUDE /etc/radiusclient/dictionary.microsoft
INCLUDE /etc/radiusclient/dictionary.ascend
INCLUDE /etc/radiusclient/dictionary.compat
INCLUDE
peppeska wrote:
...
Sending Access-Accept of id 50 to 127.0.0.1 port 1028
...
Mar 21 19:21:41 applejack pppd[18529]: MS-CHAP authentication failed:
PPPD is broken.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
but plog:
[EMAIL PROTECTED]:/home/peppeska# plog
Mar 21 19:21:18 applejack pppd[18527]: Plugin rp-pppoe.so loaded.
Mar 21 19:21:18 applejack pppd[18529]: pppd 2.4.4 started by root, uid 0
Mar 21 19:21:19 applejack pppd[18529]: PPP session is 6
Mar 21 19:21:19 applejack pppd[18529]: Using
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alan DeKok ha scritto:
peppeska wrote:
...
Sending Access-Accept of id 50 to 127.0.0.1 port 1028
...
Mar 21 19:21:41 applejack pppd[18529]: MS-CHAP authentication failed:
PPPD is broken.
And wath I most do now?
@Thibault Le Meur
I use
Hi, all,
This is a refinement of my earlier request for information, honed
after half a week of trying to untangle things.
I've been grubbing through all the code for dialup_admin 1.80 (from
the 20070320 CVS snapshot) and am entirely unconvinced that it works
with version of PHP newer than
On 3/21/07, Helmut Tröbs [EMAIL PROTECTED] wrote:
Hello Michael,
freeRADIUS works quite good and it's possible to authenticate via PAM,
for example local logins, ssh-logins, su, chsh, gdm, ... are working
quite fine.
The only thing is the htaccess from apache2 which will not work.
I figured this out. I had to use {sha} instead of {sha1}.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I would like to send clear-text password at post-auth using eap-ttls. is there
a way?
I'm avoiding to write a lot of details about the question. Just using post-auth
I got to send User-password attribute, but it's cyphered at destination(Yes,
there is all the TLS tunneling stuff, but I'm
Erico Augusto wrote:
Hi,
I would like to send clear-text password at post-auth using eap-ttls.
is there a way?
I'm avoiding to write a lot of details about the question. Just using
post-auth I got to send User-password attribute, but it's cyphered at
destination(Yes, there is all the TLS
Message: 4
Date: Wed, 21 Mar 2007 15:33:11 -0400
From: Ethan Dicks [EMAIL PROTECTED]
Subject: Is anyone using dialup_admin with a PHP version newer than
4.2.0?
To: freeradius-users@lists.freeradius.org
Message-ID:
[EMAIL PROTECTED]
Content-Type: text/plain;
hi Alan,
Thank you for the reply, You are a great help for this list, _AS_USUAL_
However,
Do you have any hint or know anything about disappearing users in mysql
database?
Thank you.
Marwan Sultan wrote:
This system is up and running since september 2006, last week, we start
to
see a
thanks joe,
my pap's modules section is already as follows:
pap {
encryption_scheme = clear
}
I'm trying to forward username and password to my own app, using post-auth
section, to perform user authentication, as described below ... is that
possible?
Erico.
- Mensagem original
Marwan Sultan wrote:
Do you have any hint or know anything about disappearing users in mysql
database?
Turn on mysql query logging. Wait for user to disappear. Check log.
See what generated that query.
--
Dennis Skinner
Systems Administrator
BlueFrog Internet
http://www.bluefrog.com
-
On 3/21/07, Arran Cudbard-Bell [EMAIL PROTECTED] wrote:
You could try phpRadmin
http://freshmeat.net/projects/phpradmin/
Still in alpha last time I checked but very pretty and featurefull gui :)
Freshmeat lists it as pre-alpha, but it looks worth a look.
Thanks!
-ethan
-
List
O/H Ethan Dicks έγραψε:
Hi, all,
This is a refinement of my earlier request for information, honed
after half a week of trying to untangle things.
I've been grubbing through all the code for dialup_admin 1.80 (from
the 20070320 CVS snapshot) and am entirely unconvinced that it works
with
O/H Ethan Dicks έγραψε:
Hi, all,
This is a refinement of my earlier request for information, honed
after half a week of trying to untangle things.
I've been grubbing through all the code for dialup_admin 1.80 (from
the 20070320 CVS snapshot) and am entirely unconvinced that it works
with
On 3/21/07, Kostas Kalevras [EMAIL PROTECTED] wrote:
O/H Ethan Dicks έγραψε:
... I'm using PHP 4.3.0, since
that's what comes with RedHat Enterprise Linux 4. I've turned on
register_globals, but I can't get the dialup_admin code to stop
throwing warnings about variable names, etc.
Hello
My name is Lara Thynne and I am a PhD candidate at Deakin University
Australia. I am currently researching the boundary between work and
leisure activities directly related to the open source community and
open source program development.
As part of this I am running a survey at the
Dear 's
I have useing freeradius-1.1.0 with mssql when i run radwho i have
seen this optout
#radwho
mlpm482mlpm482 PPP 999 Thu 10:11 192.168.1 10.100.13.205
mlpm636mlpm636 PPP 999 Thu 11:31 192.168.1 10.100.14.178
so what is 999 this is error or
63 matches
Mail list logo