Hello,
this week I updated to freeradius 1.1.6. We use eap/tls with a crl from
a Microsoft CA, which is downloaded and converted by a shell script
every hour or has to be updated manually. If it changes, I have to
reload the server config, right? Since the update the server crashes
with a seg
i want to configure my freeradius server to be a proxy server! can i have
the config of the modification of freeradius's files?
My proxy's server must turn with IAS of windows server 2003!
thanks!
_
MSN Messenger : discutez en
On Apr 19, 2007, at 10:52 AM, Milan Holub wrote:
This version of perl is without ithreads and does not support
multiplicity.
Problem was localized to detach section of perl module and here is a
dummy patch(do not call custom detach function as I do not need it...)
An empty detach
Hi,
i want to configure my freeradius server to be a proxy server! can i have
the config of the modification of freeradius's files?
My proxy's server must turn with IAS of windows server 2003!
thanks!
you've already posted them. exactly why its not working is another issue
altogether! - is
On 4/20/07, Fiederling, Daniel [EMAIL PROTECTED] wrote:
Hello,
this week I updated to freeradius 1.1.6. We use eap/tls with a crl from a
Microsoft CA, which is downloaded and converted by a shell script every hour
or has to be updated manually. If it changes, I have to reload the server
Hi,
it's possible that the radiusd crashes on the next authentication - i only
noticed that it runs for a few seconds up to some minutes and then crashes with
a seg fault. But I wondering why I don't see any incoming requests when running
radiusd -X before the seg fault. That would imply that
There is nothing you need to modify in radiusd.conf - proxying is enabled
by default. All you need to do is enter info about IAS server into
proxy.conf. IAS uses both 1812/1813 and 1645/1646 ports for
authentication/accounting by default, so take your pick. Instructions in
proxy.conf about setting
inverse wrote:
EAP-TLS is implemented and works fine, so does the CRL.
My problem is as follows: the HUP works but radiusd segfaults at the
first authentication after the HUP.
The server doesn't handle HUP that well. You're *much* better off
just killing it and re-starting it.
Now I'm in
Hi Alan,
hi list,
I appreciate the tables explaining the compatibility of authentication
systems / protocols to password type compatibility from:
[table 1] http://deployingradius.com/documents/protocols/compatibility.html
and
[table 2]
Reimer Karlsen-Masur, DFN-CERT wrote:
I appreciate the tables explaining the compatibility of authentication
systems / protocols to password type compatibility from:
But I am still confused about the relationship of these two tables to each
other and how to use them.
Is the following
my last coonfiguration of these files is:
radiusd.conf
proxy_request = yes
proxy.conf
realm gie.local {
type = radius
authhost = LOCAL
accthost = LOCAL
}
realm DEFAULT {
type =
Hi,
my last coonfiguration of these files is:
radiusd.conf
proxy_request = yes
proxy.conf
realm gie.local {
type = radius
authhost = LOCAL
accthost = LOCAL
}
realm DEFAULT {
You are not sending gie.local to your IAS but dealing with them locally.
Change realm gie.local back to realm LOCAL and it should start to proxy
such requests.
Ivan Kalik
Kalik Informatika ISP
Dana 20/4/2007, parfait kouassi nda [EMAIL PROTECTED] piše:
my last coonfiguration of these files
Thanks Alan!
Your answer is raising some more questions though:
Alan DeKok wrote:
Reimer Karlsen-Masur, DFN-CERT wrote:
I appreciate the tables explaining the compatibility of authentication
systems / protocols to password type compatibility from:
But I am still confused about the
Reimer Karlsen-Masur, DFN-CERT wrote:
Which freeradius modules can be used for the *simple password store*?
files (the users file)
unix
pam
ldap
sql (?)
Not PAM.
Could you please complete this list? Are these entries ending up in the
authenticate or authorize or both sections
Hi Alan and others,
using cvs head from yesterday...
I have some query in radgroupcheck for some custom attribute defined in
dictionary:
dictionary:
# test_query
ATTRIBUTE test_query 3014string
select * from radgroupcheck where id=67;
On Fri, Apr 20, 2007 at 01:25:05PM +0200, Milan Holub wrote:
Is there a way how to specify more complex(longer) sql queries in freeradius
configuration?
== I've increased the value of MAX_STRING_LEN to 1024. Here is a patch:
ndex: src/include/libradius.h
Hello Alan,
It works! After I changed the authorize_check_query the FreeRadius is
now able to check for attributes after Kerberos authentications. Thanks!
Regards,
Jason
-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 19, 2007 8:13 PM
To: [EMAIL
Milan Holub wrote:
== I've increased the value of MAX_STRING_LEN to 1024. Here is a patch:
It will break almost everything in the server.
My query works now but I'm not sure whether this change might not have
some unwanted impact somewhere else since the constant is used on many
places...
On 4/19/07, John Butala [EMAIL PROTECTED] wrote:
We would like to use FreeRADIUS (acting as a proxy server) to set the
Primary-DNS-Server and Secondary-DNS-server attributes in the auth
response to the RADIUS client only if these attributes are not provied
by the end RADIUS server (which we
HI, I realize this was a thread from over a month ago, but thought I'd ask
anyway. I have my original post, followed by your reply, followed by my new
question.
First off, my original post:
We're using FreeRadius to authenticating our wireless users (who's
credentials are stored in LDAP). But
Matt Ashfield wrote:
Hi,
We'd like to use FR to assign users on our wired network to one of 30
different vlans on campus, based on an LDAP field. Currently, we are doing
this with huntgroups. Namely, we create a huntgroup for the NAS (in our
case, a network switch), and then in the users
I'm a freeradius newbie so bear with me. Two questions/issues:
1. I've installed version 1.1.6, but have some dictionary files that
are/were setup for
Freeradius 1.1.3. I've seen from the README/faq that the dictionary
files have changed post 1.1.3
am wondering what I need to
23 matches
Mail list logo