so by starting radiusd -X i have this error:rlm_sql (sql): Driver rlm_sql_unixodbc (module rlm_sql_unixodbc) loaded and linkedrlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radiusrlm_sql (sql): starting 0rlm_sql (sql): Attempting to connect rlm_sql_unixodbc #0rlm_sql_unixodbc: SQL
Hi,
How can I force the group processing after the positive authentication with the
radcheck table. I want to achieve the following: after I authenticate the user
I would like to add a reply attribute if the user belongs to the particular
group.
Thank you in advance.
Tomasz
-
List
Hi Tomasz,
On Wed, Apr 18, 2007 at 10:07:41AM +0200, tzieleniewski wrote:
Hi,
How can I force the group processing after the positive authentication with
the radcheck table. I want to achieve the following: after I authenticate the
user I would like to add a reply attribute if the user
matthew zeier wrote:
Can you post the errors?
I haven't used 1.0.1 in *years*, so I have no idea what may or may not
work when upgrading from 1.0.1 to 1.1.6.
Should have mentioned that that's what RHEL4 ships.
I've seen that with other projects, too. RedHat has a tendency to
include
Hi,
I have just downloaded the CVS trunk sources.
When I compile them I get the following errors:
Please point me what do I miss.
Making all in main...
make[4]: Entering the directory `/home/radius/src/radiusd/src/main'
/home/radius/src/radiusd/libtool --mode=link gcc -export-dynamic -dlopen
tzieleniewski wrote:
I have just downloaded the CVS trunk sources.
When I compile them I get the following errors:
Please point me what do I miss.
I'm in the middle of re-writing portions of the code. It may not
build from time to time.
...
collect2: ld returned 1 exit status
And
Hi Alan,
On Tue, Apr 17, 2007 at 03:54:25PM +0200, Milan Holub wrote:
Hi Alan,
On Tue, Apr 17, 2007 at 11:45:28AM +0200, Alan DeKok wrote:
*Please* run the server under valgrind to find the source of these
problems.
== finally I managed to compile valgrind and can give you thus its
Milan Holub wrote:
...
(gdb) print client-auth
$2 = (rad_snmp_client_entry_t *) 0x0
Ah. client_add() doesn't create the necessary structure. I've just
fixed that.
This works for me but I believe Alan will fix the issue cleanly ASAP:)
g
Anyway thanks Alan for your hard job on
Hi,
Using freeradius 1.1.5 samba 3.0.24...i have an interesting problem,
and was curious what methods other people would take to solve it.
I am setting up radius for our new wpa2 wireless network, which
means that windows machine auth should work so that people can LOGIN to
their
Well, it's not the question of money, its more question of my time and
finding 2-3 unused machines that I can use for the test then.
-Original Message-
From:
[EMAIL PROTECTED]
.org
[mailto:[EMAIL PROTECTED]
eeradius.org] On Behalf Of Jacob Jarick
Sent: Wednesday, April 18, 2007 12:21 AM
Hi,
xp machine sends its machine auth to radius it sends
host/machinename.activedirectorydomain.domain.domain. so freeradius
takes the activedirectorydomain part of that and assumes that the
domain's actual name (what you use for authentication) in our
caseblame the windows people,
well, you can use regexp/attr_filter to look for these systems
and then just chop off the activedirectorydomain.domain.domain. part
thus allowing the AD REALM to be forced by yourselves.
I tried something similar i used attr_rewrite to replace the bad parts
of User-Name with the
On 4/17/07, Alan DeKok [EMAIL PROTECTED] wrote:
Rick Macdougall wrote:
Hi,
We seem to be having the The maximum number of threads (32) are active
with Freeradius 1.0.3. Version 1.0.1 works just fine.
Upgrade to 1.1.6. It has a whole host of fixes.
Hi,
Upgraded to 1.1.6 and the
Hi,
I tried something similar i used attr_rewrite to replace the bad parts
of User-Name with the modified correct values, it, however because i am
using eap-ttls, i got an eap error
rlm_eap: Identity does not match User-Name, setting from EAP Identity.
rlm_eap: Failed in handler
ah! you
ah! you really cannot play with User-Name - as you have found, the client
doesnt like that to be changed. what you want to do is copy User-Name
to Stripped-User-Name and then play with Stripped-User-Name - and
use that in the rest of the stages.
how do i copy User-Name to something else?
On Wed 18 Apr 2007, Rick Macdougall wrote:
On 4/17/07, Alan DeKok [EMAIL PROTECTED] wrote:
Rick Macdougall wrote:
Hi,
We seem to be having the The maximum number of threads (32) are
active with Freeradius 1.0.3. Version 1.0.1 works just fine.
Upgrade to 1.1.6. It has a whole
Follow up.
It is updating/inserting records into the mysql radacct database but it
seems that an ACK is not sent back to the remote server and the thread is
not released. A minute later the remote server tries again, etc etc until
the threds max out at 32.
Regards,
Rick
-
List
Yep. Your backend is too slow to keep up. Accounting is inserts and
updates... Auth is selects.. BIG difference in speed...
Not a speed issue, the mysql records are inserted within milliseconds of the
detail file being written. Running radiusd -x shows the sql accounting
happening almost
Hello,
Is it possible for FreeRadius to perform grouping after Kerberos
authentication accepted?
My company has many switches and servers and we use kerberos 5 for
RADIUS authentication. Once the user is authenticated, RADIUS will check
and decide if this user can access the switches or
Hi, I migrated a freeradius server from version 0.6 to 1.5. I'm using a
users file for authorize.
The server don't authorize and when a do a debug (radiusd -X) I saw the
User-password in clear text. If I modify the User-password in the users
file by the clear text one it works.
Here are the
Hi,
how do i copy User-Name to something else?
there are guides out there..and various snippets from mail archives
but you can start by doing stuff like
attr_rewrite copy.user-name {
attribute = Stripped-User-Name
new_attribute = yes
searchfor =
searchin = packet
replacewith = %{User-Name}
}
Sebastian Firpo wrote:
sebas Auth-Type := Local, Crypt-Password == (!lGOOlHaBWoQ
Remove the Auth-Type := Local. Let FR decide on what the auth type is.
It knows better than you. ;)
If you search the list archives, this comes up about once a week. Don't
set Auth-Type unless you
On Wednesday 18 April 2007 16:39:27 Sebastian Firpo wrote:
Hi, I migrated a freeradius server from version 0.6 to 1.5. I'm using a
users file for authorize.
Wow, that's quite a leap. I assume from 0.6 to 1.1.5?
The server don't authorize and when a do a debug (radiusd -X) I saw the
Thank you Kevin, but it didn't work now my entire
users file is:
sebas Crypt-Password := "(!lGOOlHaBWoQ"
Service-Type = Administrative-User,
Cisco-AVPair = "shell:priv-lvl=15"
and then the debug was:
rad_recv: Access-Request packet from host 10.12.4.2:1645, id=103,
length=75
Thank you Dennis, but it didn't work now my entire
users file is:
sebas Crypt-Password := "(!lGOOlHaBWoQ"
Service-Type = Administrative-User,
Cisco-AVPair = "shell:priv-lvl=15"
and then the debug was:
rad_recv: Access-Request packet from host 10.12.4.2:1645, id=103,
length=75
html
I almost ignored your message, as I don't parse HTML well. =)
On Wednesday 18 April 2007 18:06:28 Sebastian Firpo wrote:
Thank you Kevin, but it didn't work now my entire users file is:
sebas Crypt-Password := (!lGOOlHaBWoQ
Service-Type =
I just tried building 1.1.6 as an rpm on suse, it fails with this error.
[EMAIL PROTECTED] src]# rpmbuild -ba /usr/src/packages/SPECS/freeradius.spec
error: File /usr/src/redhat/SOURCES/freeradius-1.1.5.tar.gz: No such
file or directory
This is corrected instructions
Notes:
* The wiki glosses
The deps have incorrect names, ie requests apache2-devel but fedora
calls it httpd2-devel and so on.
So atm, rpm building completely broken, any comments / suggestions are
welcome. I will be going back to compiling from source until the bins
are resolved.
I suppose I could use some random rpm
Rick Macdougall wrote:
It is updating/inserting records into the mysql radacct database but it
seems that an ACK is not sent back to the remote server and the thread
is not released. A minute later the remote server tries again, etc etc
until the threds max out at 32.
That says that the
Rick Macdougall wrote:
Recompiled with --without-threads and it locks up hard on the first
accounting request. And when I say locks up hard, I mean not even a kill
-9 will stop it, I have to reboot the server.
Are you sure your OS isn't buggy? It's a bad problem if kill -9
doesn't work.
30 matches
Mail list logo
