Jacob Jarick wrote:
> Hi, Im just getting started with freeradius (trying to nut out dynamic
> vlans atm) and I was wondering if this book would be a worth while
> purchase.
Maybe.
> I had a great experience with O'reillys bind and perl cookbook books.
> Have any FR users used this book and if
Jacob Jarick wrote:
> * school with wireless access
> * allready uses radius (soon to be freeradius)
> * freeradius auth's via a win2k3 Active Directory Server
> * teachers need to be able to log into WAP's a,b,c etc and be
> automatically assigned to the teachers vlan
> * priv students need to be
Alan DeKok wrote:
> Jacob Jarick wrote:
>
>> Hi, Im just getting started with freeradius (trying to nut out dynamic
>> vlans atm) and I was wondering if this book would be a worth while
>> purchase.
>>
>
> Maybe.
>
>
>> I had a great experience with O'reillys bind and perl cookbook boo
Hi,
> I receive the same broken pipe error when the smuxpeer pass and
> smux_password aren't the same, though there is probably a more complex
> cause. Are there any non-standard characters in either config file?
>
> Is Net-SNMP configured with ucd-snmp compatibility?
Thanks for the tip. Looking
Arran Cudbard-Bell wrote:
> I just got this one
> http://books.theregister.co.uk/catalog/browse.asp?id=746814&group=9880&subcat=8&cat=B
>
> Initial flickings through, suggest it's quite indepth .
I've seen that. It has 300+ pages, and 40 pages on RADIUS. I had a
hard time reading it, to be
Alan DeKok wrote:
> Arran Cudbard-Bell wrote:
>> I just got this one
>> http://books.theregister.co.uk/catalog/browse.asp?id=746814&group=9880&subcat=8&cat=B
>>
>> Initial flickings through, suggest it's quite indepth .
>
> I've seen that. It has 300+ pages, and 40 pages on RADIUS. I had a
>
Arran Cudbard-Bell wrote:
> What put me off the O'Rielly book was it's age.. Although I only started
> using FreeRADIUS with 1.1.4 , i've seen pretty rapid development.
> So I was concerned about how much relevance a book published in 2002 has
> today.
It covers RADIUS. It's good for people w
daniel wrote:
> Apr 15 22:03:51 bill sshd[7861]: PAM unable to
> dlopen(/lib/security/pam_radius_auth.so)
> Apr 15 22:03:51 bill sshd[7861]: PAM [dlerror:
> /lib/security/pam_radius_auth.so: undefined symbol: __stack_chk_fail_local]
You've built the module with stack overflow checking turned on,
Jacob Jarick wrote:
> I personally hate rpms and will compile all apps so no, I try rpms as
> a last resort and Im not surprised when they fail with a big list of
> dependancies.
You were not told to pick up a random RPM on the net. The wiki
explains how to build yourself a RPM from sources. The
Hi Alan,
On Sat, Apr 14, 2007 at 03:26:11AM +0200, Alan DeKok wrote:
> Milan Holub wrote:
> > Unfortunately I'm getting the output stripped by last character(byte):
> > instead of getting 37 for session_count I get 3, instead of getting 1563
> > for noresetcounterflat I get 156, instead of getting
Please someone can post a working configuration for a 3COM switch(4500) to
authenticate against freeradius?
Thanks in advance
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
It wasnt a random rpm and at the time I was unaware that the wiki had
been updated to list the latest rpms etc. So binarys are fairly well
supported by freeradius I take it.
On 4/16/07, Nicolas Baradakis <[EMAIL PROTECTED]> wrote:
> Jacob Jarick wrote:
>
> > I personally hate rpms and will compile
I will put it on order as reference is better than nothing :) I have
used radius before but not for ages (2000) I will be using it alot at
this new job so I will need all the good references I can get.
On 4/16/07, Alan DeKok <[EMAIL PROTECTED]> wrote:
> Arran Cudbard-Bell wrote:
> > What put me of
Kevin Bonner wrote:
> Try http://bugs.freeradius.org/show_bug.cgi?id=150
>
> I doubt that patch will still apply cleanly due to the many recent changes.
> I'll see if I can test the CVS head later today and submit a newer patch.
Please try the latest CVS. I've added a patch based on yours.
Alan,
Thankyou, how do I build the module with stack overflow checking turned off,
also what library do I need to link it to?
Regards,
Daniel Davis
On Mon, 16 Apr 2007 11:15:59 +0200, Alan DeKok <[EMAIL PROTECTED]> wrote:
> daniel wrote:
>> Apr 15 22:03:51 bill sshd[7861]: PAM unable to
>> dl
daniel wrote:
> Thankyou, how do I build the module with stack overflow checking
> turned off, also what library do I need to link it to?
I have no idea. Stack checking is part of your local system, not part
of the module.
Alan DeKok.
--
http://deployingradius.com - The web site of t
> Nope, Client-IP-Address / Packet-Src-IP-Address don't work as check
> items in huntgroups or hints .
Well, all I can say is that they Client-IP-Address currently works for
me within the huntgroup (haven't tried the hints file). I use it for
matching devices and applying policy thereafter from
Alan,
I dont know if someone could help me, i got FR working and authenticating
in my AD. Here in my core switch a (Cisco 4507R) i have around 7 vlans, i
was wondering if someone could explain to me how could i use FR and my
switch to use a different vlan based in the user, and if is a guest user
On Mon 16 Apr 2007, Jacob Jarick wrote:
> It wasnt a random rpm and at the time I was unaware that the wiki had
> been updated to list the latest rpms etc. So binarys are fairly well
> supported by freeradius I take it.
Yep. The general plan is that we spend the time once building an rpm, and
the
Hi,
currently in the process of migrating to 1.1.6 and the User-Password
replacements. We used to have several entries, and for some of them I'm not
really sure what to do with... if someone could add some clarity to that it
would be highly appreciated!
User-Password := something => Cleartex
Hi all,
Has anyone a sample configuration of 3Com 4500 switch to work with Freeradius?
THX in adv.
Riccardo
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Peter Nixon wrote:
> Yep. The general plan is that we spend the time once building an rpm, and
> then have much less questions on random build problems on various OS'
Ideally, we should have packages on the web site. This is sometimes
difficult to do...
Alan DeKok.
--
http://deployingradiu
Stefan Winter wrote:
> User-Password := something => Cleartext-Password := something
> Crypt-Password := unixcrypt => Crypt-Password := unixcrypt
Yes.
> Crypt-Password := $1$somethingveryweird => SMD5-Password := somethingveryweird
>
> (stripping the header, and $1$ meands MD5 with 12-charac
Alan,
I am trying to set up unix authentication using radius. Does the pam module
support the maximum session times. I am trying to set up a system where linux
users authenticate against my existing radius hotspot system and they are
forced to log out when their session expires.
Regards,
Dan
Hi Alan,
On Mon, Apr 16, 2007 at 01:52:43PM +0200, Alan DeKok wrote:
> Kevin Bonner wrote:
> > Try http://bugs.freeradius.org/show_bug.cgi?id=150
> >
> > I doubt that patch will still apply cleanly due to the many recent changes.
> >
> > I'll see if I can test the CVS head later today and subm
daniel wrote:
> I am trying to set up unix authentication using radius.
> Does the pam module support the maximum session times.
No, because PAM has no provisions for enforcing maximum session times.
The setrlimit function call can enforce CPU time restrictions, but
that is *not* clock time.
Milan Holub wrote:
> - snmp works until 1st reload(HUP or snmp-write)
> - then it behaves the same as with Kevin's old patch (described in this
> thread) == snmp not working after reload
Hmm... OK.
> - debug flags survive reload (good!)
> - with my config each reload eats additional 620k of m
Hi Alan,
with the latest cvs head I've experienced following serious bug:
radiusd.conf:
...
listen {
ipaddr = *
port = 0
type = auth
}
listen {
ipaddr = *
port = 0
type = acct
}
...
clients.conf:
client 127.0.0.1 {
secret = testing123
Hi Alan,
On Mon, Apr 16, 2007 at 03:18:24PM +0200, Alan DeKok wrote:
> That memory will be cleaned up after a few more HUPs.
==> Are you sure about that?
ps axu | grep rad:
freerad 16235 2.2 1.9 9448 4916 pts/0S15:31 0:00
freeradius -X
==> initially we have 9448kb of memory used
Milan Holub wrote:
> Hi Alan,
>
> with the latest cvs head I've experienced following serious bug:
>
> radiusd.conf:
> ...
> listen {
> ipaddr = *
> port = 0
> type = auth
> }
> listen {
> ipaddr = *
> port = 0
> type = acct
> }
> ...
>
>
> client
Hi all,
just wondering whether everyone is happy with current processing of
radcheck & radgroupcheck tables. I just wanted to raise a discussion
about the rlm_sql module since on wiki
http://wiki.freeradius.org/Development_Roadmap
we can read that there are some plans with this (really useful) mod
Hi Arran,
On Mon, Apr 16, 2007 at 02:50:19PM +0100, Arran Cudbard-Bell wrote:
> Thats weird, i'm using cvs head from this morning and all is fine.
==> I'm using latest cvs head(at the time of writing). I have my own few minor
patches against cvs head but these really should not have any
impact...
Hi,
> Hi, Im just getting started with freeradius (trying to nut out dynamic
> vlans atm) and I was wondering if this book would be a worth while
> purchase.
>
> I had a great experience with O'reillys bind and perl cookbook books.
> Have any FR users used this book and if so your comments would b
Milan Holub wrote:
> Hi Alan,
>
> On Mon, Apr 16, 2007 at 03:18:24PM +0200, Alan DeKok wrote:
>> That memory will be cleaned up after a few more HUPs.
> ==> Are you sure about that?
Yes.
> After 10 HUPs:
> for i in `seq 10`; do echo HUP $i; kill -HUP 16235; sleep 1; done
Try 32 HUPs. The
Milan Holub wrote:
> Hi Alan,
>
> with the latest cvs head I've experienced following serious bug:
...
You're using SNMP. You ran into an assertion. Try "cvs update".
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
Milan Holub wrote:
> ==> I've tested latest cvs head:
> - snmp works until 1st reload(HUP or snmp-write)
> - then it behaves the same as with Kevin's old patch (described in this
> thread) == snmp not working after reload
Ok, try now. After some fighting with getting SNMPD to work, I can
now
Arran Cudbard-Bell wrote:
> [EMAIL PROTECTED] wrote:
>> Hi,
>>
>>
> Trying to use Client-Ip-Address is huntgroups and hints doesn't seem to
> work,
> if this because the Client-Ip-Address is written to the request packet
> at the end of pre-process
> and not the beginning ?
Sorry,
Another one for the list.
Dynamic expansion of reply items in SQL is broken
in current cvs head.
Reply-Message = "Welcome %{User-Name} At wherever"
Is printed as
Welcome %{User-Name} At wherever
Instead of Welcome Fluffy At Wherever.
Thanks,
Arran
--
Arran Cudbard-Bell ([EMAIL PROTECT
Arran Cudbard-Bell wrote:
> [EMAIL PROTECTED] wrote:
>> Hi,
>>
>>
> Trying to use Client-Ip-Address is huntgroups and hints doesn't seem to
> work,
> if this because the Client-Ip-Address is written to the request packet
> at the end of pre-process
> and not the beginning ?
Arran Cudbard-Bell wrote:
> Dynamic expansion of reply items in SQL is broken
> in current cvs head.
>
> Reply-Message = "Welcome %{User-Name} At wherever"
I'd suggest to try using back quotes in the table of reply items:
Reply-Message = `Welcome %{User-Name} At wherever`
--
Nicolas Baradakis
Arran Cudbard-Bell wrote:
> the issue is that now Packet-Src-Ip-Address Always matches ! Everywhere.
OK. I think I see why. I'll have a patch tomorrow.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info
Arran Cudbard-Bell wrote:
> Dynamic expansion of reply items in SQL is broken
> in current cvs head.
>
> Reply-Message = "Welcome %{User-Name} At wherever"
Use:
Reply-Message = `...`
In 1.x, Reply-Message was *always* run through radius_xlat. In 2.0,
it's done only if you ask it to.
A
Alan DeKok wrote:
> Arran Cudbard-Bell wrote:
>
>> Dynamic expansion of reply items in SQL is broken
>> in current cvs head.
>>
>> Reply-Message = "Welcome %{User-Name} At wherever"
>>
>
> Use:
>
> Reply-Message = `...`
>
> In 1.x, Reply-Message was *always* run through radius_xlat.
I will start reading it all ASAP, thanks alot guys :)
On 4/16/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Hi,
> > Hi, Im just getting started with freeradius (trying to nut out dynamic
> > vlans atm) and I was wondering if this book would be a worth while
> > purchase.
> >
> > I had a great
No probs guys, will check for bins 1st in future.
On 4/16/07, Alan DeKok <[EMAIL PROTECTED]> wrote:
> Peter Nixon wrote:
> > Yep. The general plan is that we spend the time once building an rpm, and
> > then have much less questions on random build problems on various OS'
>
> Ideally, we should
On Monday 16 April 2007 03:53:52 Stefan Winter wrote:
> Thanks for the tip. Looking up the net-snmp.spec file of openSUSE 10.2, it
> appears that ucd-snmp compat should be there... the compile
> switches --enable-local-smux and --enable-ucd-snmp-compatibility are there.
>
> Any other hints? Otherwi
Hello everyone,
I'm working on finding a way to define multiple local realms and have
each have a unique ldap profile associated with them.We want one
associated with a particular realm, and the other to be the
catchall/default case. In addition to this, we're also using EAP/TTLS,
which m
Alan DeKok wrote:
> If you're familiar with RADIUS, it will contain little useful
> information.
I can confirm this.
I was pretty disappointed about the value of the book when I bought it 3
years ago.
I doesn't go indepth into anything.
Thor.
-
List info/subscribe/unsubscribe? See http://www.
Yea, after reading that book I barely got able to install the FR.
I would say it tells you more about radius protocol then actual FR
-Original Message-
From:
[EMAIL PROTECTED]
.org
[mailto:[EMAIL PROTECTED]
eeradius.org] On Behalf Of Thor Spruyt
Sent: Monday, April 16, 2007 5:06 PM
To: Fre
Sean McNamara wrote:
> I'm working on finding a way to define multiple local realms and have
> each have a unique ldap profile associated with them.We want one
> associated with a particular realm, and the other to be the
> catchall/default case. In addition to this, we're also using EAP/TT
Arran Cudbard-Bell wrote:
> Aha, so the significance of the back ticks is .
> That the string will be sent through radius_xlat ?
Yes. See doc/variables.txt, I believe.
> And this is true for reply attributes in all the 'files' processed files ?
>
> Or is this a special feature of rlm_sql
Hello,
Im currently trying to configure freeradius to authenticate via a
win2k3 server, check the users group and then return a confirmation/
denial + vlan id for the cisco WAP to process.
Questions:
1: Is ldap the only way of retreiving the users group/s
2 - Can I talk directly to the ADS usin
I have been slowly reading through source docs (some are a bit full on
for me the 1st go) and I turned up this howto via google that
supposedly runs down the needed steps to auththenticate via ldap.
http://www.telenovela-world.com/~spade/linux/howto/LDAP-Implementation-HOWTO/radius.html
Im not su
Jacob Jarick wrote:
> Im not sure what is happening atm, the wireless client trys to
> authenticate but fails.
>
> radiusd -X -A output: http://pastebin.ca/444005
The debug output shows an error message from ntlm_auth. Fix that.
> Now I am still asumming radius can auth against ADS using ldap
Jacob Jarick wrote:
> Im currently trying to configure freeradius to authenticate via a
> win2k3 server, check the users group and then return a confirmation/
> denial + vlan id for the cisco WAP to process.
>
> Questions:
>
> 1: Is ldap the only way of retreiving the users group/s
If the user
Thanks again alan.
ntlm_auth error fixed, just working on the next 1 now :)
On 4/17/07, Alan DeKok <[EMAIL PROTECTED]> wrote:
> Jacob Jarick wrote:
> > Im currently trying to configure freeradius to authenticate via a
> > win2k3 server, check the users group and then return a confirmation/
> > de
radiusd -X -A output: http://pastebin.ca/444131
radius.conf: http://pastebin.ca/444132
OK Ive sorted that pesky ntlm_auth error, but I have encountered a
new 1 (at least its something new :D ).
The specific part of the error is below.
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_c
57 matches
Mail list logo