so by starting radiusd -X i have this error:rlm_sql (sql): Driver rlm_sql_unixodbc (module rlm_sql_unixodbc) loaded and linkedrlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radiusrlm_sql (sql): starting 0rlm_sql (sql): Attempting to connect rlm_sql_unixodbc #0rlm_sql_uni
Hi,
How can I force the group processing after the positive authentication with the
radcheck table. I want to achieve the following: after I authenticate the user
I would like to add a reply attribute if the user belongs to the particular
group.
Thank you in advance.
Tomasz
-
List info/subsc
Hi Tomasz,
On Wed, Apr 18, 2007 at 10:07:41AM +0200, tzieleniewski wrote:
> Hi,
>
> How can I force the group processing after the positive authentication with
> the radcheck table. I want to achieve the following: after I authenticate the
> user I would like to add a reply attribute if the use
matthew zeier wrote:
>Can you post the errors?
>> I haven't used 1.0.1 in *years*, so I have no idea what may or may not
>> work when upgrading from 1.0.1 to 1.1.6.
>
> Should have mentioned that that's what RHEL4 ships.
I've seen that with other projects, too. RedHat has a tendency to
i
Hi,
I have just downloaded the CVS trunk sources.
When I compile them I get the following errors:
Please point me what do I miss.
Making all in main...
make[4]: Entering the directory `/home/radius/src/radiusd/src/main'
/home/radius/src/radiusd/libtool --mode=link gcc -export-dynamic -dlopen se
tzieleniewski wrote:
> I have just downloaded the CVS trunk sources.
> When I compile them I get the following errors:
> Please point me what do I miss.
I'm in the middle of re-writing portions of the code. It may not
build from time to time.
...
> collect2: ld returned 1 exit status
And th
Hi Alan,
On Tue, Apr 17, 2007 at 03:54:25PM +0200, Milan Holub wrote:
> Hi Alan,
> On Tue, Apr 17, 2007 at 11:45:28AM +0200, Alan DeKok wrote:
> > *Please* run the server under valgrind to find the source of these
> > problems.
>
> ==> finally I managed to compile valgrind and can give you thus
Milan Holub wrote:
...
> (gdb) print client->auth
> $2 = (rad_snmp_client_entry_t *) 0x0
Ah. client_add() doesn't create the necessary structure. I've just
fixed that.
> This works for me but I believe Alan will fix the issue cleanly ASAP:)
> Anyway thanks Alan for your hard job on freer
Hi,
Using freeradius 1.1.5 samba 3.0.24...i have an interesting problem,
and was curious what methods other people would take to solve it.
I am setting up radius for our new wpa2 wireless network, which
means that windows machine auth should work so that people can LOGIN to
their lapto
Well, it's not the question of money, its more question of my time and
finding 2-3 unused machines that I can use for the test then.
-Original Message-
From:
[EMAIL PROTECTED]
.org
[mailto:[EMAIL PROTECTED]
eeradius.org] On Behalf Of Jacob Jarick
Sent: Wednesday, April 18, 2007 12:21 AM
Hi,
> xp machine sends its machine auth to radius it sends
> host/machinename.activedirectorydomain.domain.domain. so freeradius
> takes the activedirectorydomain part of that and assumes that the
> domain's actual name (what you use for authentication) in our
> caseblame the windows peo
>
> well, you can use regexp/attr_filter to look for these systems
> and then just chop off the activedirectorydomain.domain.domain. part
> thus allowing the AD REALM to be forced by yourselves.
>
>
I tried something similar i used attr_rewrite to replace the bad parts
of User-Name with the mo
On 4/17/07, Alan DeKok <[EMAIL PROTECTED]> wrote:
Rick Macdougall wrote:
> Hi,
>
> We seem to be having the "The maximum number of threads (32) are active"
> with Freeradius 1.0.3. Version 1.0.1 works just fine.
Upgrade to 1.1.6. It has a whole host of fixes.
Hi,
Upgraded to 1.1.6 and
Hi,
> I tried something similar i used attr_rewrite to replace the bad parts
> of User-Name with the modified correct values, it, however because i am
> using eap-ttls, i got an eap error
> "rlm_eap: Identity does not match User-Name, setting from EAP Identity.
> rlm_eap: Failed in handler"
ah
ah! you really cannot play with User-Name - as you have found, the client
> doesnt like that to be changed. what you want to do is copy User-Name
> to Stripped-User-Name and then play with Stripped-User-Name - and
> use that in the rest of the stages.
>
how do i copy User-Name to something else?
On Wed 18 Apr 2007, Rick Macdougall wrote:
> On 4/17/07, Alan DeKok <[EMAIL PROTECTED]> wrote:
> > Rick Macdougall wrote:
> > > Hi,
> > >
> > > We seem to be having the "The maximum number of threads (32) are
> > > active" with Freeradius 1.0.3. Version 1.0.1 works just fine.
> >
> > Upgrade to
Follow up.
It is updating/inserting records into the mysql radacct database but it
seems that an ACK is not sent back to the remote server and the thread is
not released. A minute later the remote server tries again, etc etc until
the threds max out at 32.
Regards,
Rick
-
List info/subscribe/
Yep. Your backend is too slow to keep up. Accounting is inserts and
updates... Auth is selects.. BIG difference in speed...
Not a speed issue, the mysql records are inserted within milliseconds of the
detail file being written. Running radiusd -x shows the sql accounting
happening almost i
Hello,
Is it possible for FreeRadius to perform grouping after Kerberos
authentication accepted?
My company has many switches and servers and we use kerberos 5 for
RADIUS authentication. Once the user is authenticated, RADIUS will check
and decide if this user can access the switches or particula
Recompiled with --without-threads and it locks up hard on the first
accounting request. And when I say locks up hard, I mean not even a kill -9
will stop it, I have to reboot the server.
Output from radiusd -
Wed Apr 18 15:43:13 2007 : Debug: radius_xlat: 'INSERT into radacct
(RadAcctId,
A
Hi, I migrated a freeradius server from version 0.6 to 1.5. I'm using a
users file for authorize.
The server don't authorize and when a do a debug (radiusd -X) I saw the
User-password in clear text. If I modify the User-password in the users
file by the clear text one it works.
Here are the deb
Hi,
> how do i copy User-Name to something else?
there are guides out there..and various snippets from mail archives
but you can start by doing stuff like
attr_rewrite copy.user-name {
attribute = Stripped-User-Name
new_attribute = yes
searchfor = ""
searchin = packet
replacewith = "%{User-Name}
what is the kerberos server, MIT, Heimdal or M$$ AD?
On 4/18/07, Jason Chan <[EMAIL PROTECTED]> wrote:
Hello,
Is it possible for FreeRadius to perform grouping after Kerberos
authentication accepted?
My company has many switches and servers and we use kerberos 5 for
RADIUS authentication. Onc
Sebastian Firpo wrote:
> sebas Auth-Type := Local, Crypt-Password == "(!lGOOlHaBWoQ"
Remove the Auth-Type := Local. Let FR decide on what the auth type is.
It knows better than you. ;)
If you search the list archives, this comes up about once a week. Don't
set Auth-Type unless you r
On Wednesday 18 April 2007 16:39:27 Sebastian Firpo wrote:
> Hi, I migrated a freeradius server from version 0.6 to 1.5. I'm using a
> users file for authorize.
Wow, that's quite a leap. I assume from 0.6 to 1.1.5?
> The server don't authorize and when a do a debug (radiusd -X) I saw the
> User-
Thank you Kevin, but it didn't work now my entire
users file is:
sebas Crypt-Password := "(!lGOOlHaBWoQ"
Service-Type = Administrative-User,
Cisco-AVPair = "shell:priv-lvl=15"
and then the debug was:
rad_recv: Access-Request packet from host 10.12.4
Thank you Dennis, but it didn't work now my entire
users file is:
sebas Crypt-Password := "(!lGOOlHaBWoQ"
Service-Type = Administrative-User,
Cisco-AVPair = "shell:priv-lvl=15"
and then the debug was:
rad_recv: Access-Request packet from host 10.12.
>
I almost ignored your message, as I don't parse HTML well. =)
On Wednesday 18 April 2007 18:06:28 Sebastian Firpo wrote:
> Thank you Kevin, but it didn't work now my entire users file is:
>
> sebas Crypt-Password := "(!lGOOlHaBWoQ"
> Service-Type = Administrative-U
I just tried building 1.1.6 as an rpm on suse, it fails with this error.
[EMAIL PROTECTED] src]# rpmbuild -ba /usr/src/packages/SPECS/freeradius.spec
error: File /usr/src/redhat/SOURCES/freeradius-1.1.5.tar.gz: No such
file or directory
This is corrected instructions
Notes:
* The wiki glosses ov
Notes:
* The wiki glosses over a little and gives u an incorrect dir
* the spec file expects 1.1.5 tar.gz
# cd /usr/src
# tar zxvf /root/Desktop/freeradius-1.1.6.tar.gz
# cp /root/Desktop/freeradius-1.1.6.tar.gz
/usr/src/redhat/SOURCES/freeradius-1.1.5.tar.gz
# cp freeradius-1.1.6/suse/freeradius.
Ok, I have gotten pam_radius_auth.so to work and it is working well, however,
is there any way to get it to create a UID when it receives an auth accept?
At the moment I have to run adduser every time I want a user to be able to log
in, this would be ok if the users were fairly static, I could
The deps have incorrect names, ie requests apache2-devel but fedora
calls it httpd2-devel and so on.
So atm, rpm building completely broken, any comments / suggestions are
welcome. I will be going back to compiling from source until the bins
are resolved.
I suppose I could use some "random rpm" f
Rick Macdougall wrote:
> It is updating/inserting records into the mysql radacct database but it
> seems that an ACK is not sent back to the remote server and the thread
> is not released. A minute later the remote server tries again, etc etc
> until the threds max out at 32.
That says that the
Rick Macdougall wrote:
> Recompiled with --without-threads and it locks up hard on the first
> accounting request. And when I say locks up hard, I mean not even a kill
> -9 will stop it, I have to reboot the server.
Are you sure your OS isn't buggy? It's a bad problem if "kill -9"
doesn't work.
daniel wrote:
> Ok, I have gotten pam_radius_auth.so to work and it is working well, however,
> is
> there any way to get it to create a UID when it receives an auth accept?
Not at the moment. It's not clear how to do that in PAM.
> At the moment I have to run adduser every time I want a use
Hi
can u tell me how run radius with pam?
thanks
On 4/19/07, daniel <[EMAIL PROTECTED]> wrote:
Ok, I have gotten pam_radius_auth.so to work and it is working well,
however, is there any way to get it to create a UID when it receives an auth
accept?
At the moment I have to run adduser every tim
Jacob Jarick wrote:
> The deps have incorrect names, ie requests apache2-devel but fedora
> calls it httpd2-devel and so on.
The Redhat freeradius.spec file distributed with FreeRADIUS doesn't
reference apache2-devel. If you're using the Redhat spec file, please
ask them about fixing it.
> * T
Hi,
> Notes:
> * The wiki glosses over a little and gives u an incorrect dir
> * the spec file expects 1.1.5 tar.gz
yes, that has already been noted. simply edit the spec file
to use the correct value.
> # tar zxvf /root/Desktop/freeradius-1.1.6.tar.gz
> # cp /root/Desktop/freeradius-1.1.6.tar.
Hi,
> The deps have incorrect names, ie requests apache2-devel but fedora
> calls it httpd2-devel and so on.
argh!!!
now it all makes sense. from your previous email you said
cp freeradius-1.1.6/suse/freeradius.spec /usr/src/redhat/SPECS/
why the ** would you be trying to use a SUSE
39 matches
Mail list logo
