Re: configuration parameters for perl module in rlm_perl

Am 14.09.2013 14:50, schrieb Alan DeKok: > Cornelius Kölbel wrote: >> I would like to avoid having the perl module read an additional >> configuration file. > Then edit the source code to rlm_perl, and add those features. > >> Is there a possibility to add such paramters somewhere in the freerad

Re: configuration parameters for perl module in rlm_perl

Cornelius Kölbel wrote: > I would like to avoid having the perl module read an additional > configuration file. Then edit the source code to rlm_perl, and add those features. > Is there a possibility to add such paramters somewhere in the freeradius > config like in > /etc/freeradius/modules/pe

Re: Configuration check

radiusd -XC seems to produce what I was looking for, thanks. On Tue, Nov 27, 2012 at 9:10 AM, Alan DeKok wrote: > James Devine wrote: > > * globally writable I mean > > It already checks that. > > $ chmod a+w raddb/proxy.con > $ radiusd -XC > ... > Configuration file ./raddb//proxy.conf is glo

Re: Configuration check

James Devine wrote: > * globally writable I mean It already checks that. $ chmod a+w raddb/proxy.con $ radiusd -XC ... Configuration file ./raddb//proxy.conf is globally writable. Refusing to start due to insecure configuration. Errors reading or parsing ./raddb//debug.conf If you don't see

Re: Configuration check

James Devine wrote: > I ran into an issue where proxy.conf was globally readable for some > reason, proxy.conf should NEVER be globally readable. > freeradius wouldn't start because of this and this wasn't picked > up by radiusd -C. Can this check be added? File permissions are enforced by

Re: Configuration check

* globally writable I mean On Tue, Nov 27, 2012 at 8:55 AM, James Devine wrote: > I ran into an issue where proxy.conf was globally readable for some > reason, freeradius wouldn't start because of this and this wasn't picked up > by radiusd -C. Can this check be added? - List info/subscribe/un

Re: configuration overview

Alan Batie wrote: > I've been using freeradius for quite a while now, but never really > grokked the config file. There is lots of documentation that gives you > a narrow peep hole into the specific section it's concerned with and how > to do common basic things, but there's nothing I've found tha

Re: configuration freeradius for no simultaneous use

Толик Шавловский wrote: > So, i indicated nastype = cisco > > will freeradius connect to nas in this case? Only if the server receives accounting packets, AND a user session is still open, AND that user tries to log in a second time from a different location. Alan DeKok. - List info/subscrib

Re: configuration freeradius for no simultaneous use

tolik_shavlov...@mail.ru wrote: > i need your help in configuration freeradius for no simultaneous use. doc/Simultaneous-Use See also the Wiki. Have you read that documentation and followed the instructions there? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.o

Re: configuration freeradius for no simultaneous use

On Fri, Dec 2, 2011 at 2:31 PM, tolik_shavlov...@mail.ru wrote: > Hi, > > i need your help in configuration freeradius for no simultaneous use. simultanouse use limit is somewhat ... awkward. > So, i need one active user per login/password. > > I configured user as follow: > > te...@wimax.com Cl

Re: Configuration Problem with FreeRadius, Unix Authentication, and WRT54G2 WAP

On Thu, Aug 26, 2010 at 5:25 AM, Jonathan Black wrote: > +- entering group authenticate > rlm_unix: Attribute "User-Password" is required for authentication. Your iphone is probably doing EAP/MSCHAPv2, which does not send user password in plain text (which is required by rlm_unix). If you want

Re: Configuration trouble (2.1.8 for use with WiMAX)

Sumedh Sathaye wrote: > Thanks for pointing out what I am doing wrong. Being a newbie to the > whole field of AAA, can you give me a few pointers where/what I can read > up to configure EAP for the TLS method (rather than MD5)? I appreciate > your help. See the Wiki && my web page: deployingradi

Re: Configuration trouble (2.1.8 for use with WiMAX)

--| |> | Subject: | |> >----------| |Re: Co

Re: configuration freeradius with mysql

Have you decommented the "$INCLUDE sql.conf" line in radiusd.conf? I had the same problem when I compiled freeradius-2.1.8. If I compiled freeradius without libmysqlclient15-dev package the problem appeared. Try it. 2010/5/14 dorra aa > hi > i installed mysql. > > and i modify in /etc/freera

Re: Configuration trouble (2.1.8 for use with WiMAX)

It seems that it could not generate EAP-MSK first,maybe you can check that. On Thu, May 13, 2010 at 2:49 AM, Sumedh Sathaye wrote: > Dear all, > > I am trying to use FreeRadius 2.1.8 for AAA in a wimax network. The problem > I am facing is that the WiMAX-MSK keys are not generated by FreeRadius.

Re: Configuration trouble (2.1.8 for use with WiMAX)

Sumedh Sathaye wrote: > Run-log from "radiusd -X" is also included at the end of this message. > Here is the message that indicates that EAP is not computing MSK and EMSK: > [wimax] No EAP-MSK or EAP-EMSK. Cannot create WiMAX keys. You're using an EAP method that doesn't provide the MSK. Use s

RE: Configuration trouble (2.1.8 for use with WiMAX)

Sent: Wednesday, May 12, 2010 3:43 PM To: David Peterson-WirelessConnections; FreeRadius users mailing list Subject: RE: Configuration trouble (2.1.8 for use with WiMAX) David, thanks for your reply. I am using a simulated WIMAX ASN gateway from the BOC-WiMAX distribution. It's available at:

RE: Configuration trouble (2.1.8 for use with WiMAX)

-| |> | Subject: | |> >----------

RE: Configuration trouble (2.1.8 for use with WiMAX)

Which product are you using? Some WiMax NAS do not send the proper keys to Freeradius. I have gotten FR to work with pretty much all of the major brands of WiMax we sell. David From: freeradius-users-bounces+david.peterson=acc-corp@lists.freeradius.org [mailto:freeradius-users-boun

RE: Configuration radius

I am doing a project in network mesh, wireless mesh. After making the implementation of my network, I want to do authentication and security of my network using Radius. But I have no information of this side and I found many documents that I do not understand. Please help me to find a clear docu

Re: Configuration test issue

Le 13/01/2010 16:39, Alan DeKok a écrit : >> So, can I do something here to fix the validation test :) ? > > Add the "ldap1-LDAP-Group" attribute to raddb/dictionary as a "string" > attribute. The value doesn't matter (though follow the guidelines in > raddb/dictionary) Perfect, many thanks. -

Re: Configuration test issue

Guillaume Rousse wrote: > Hello list. > > I'm trying to automatize configuration testing at each change. However, > I'm facing a situation where testing report failure, whereas running > freeradius works OK. > > With this following configuration: > DEFAULT Auth-Type := LDAP, Huntgroup-Name == Adm

Re: Configuration of FreeRADIUS on Ubuntu/Debian with OPEN-LDAP Authentication

On Tue, Sep 29, 2009 at 12:45 AM, Ryaz Khan wrote: > I googled it lot but did not come to any comprehensive solution. You'll probably learn this the hard way anyway, but don't try to google for freeradius. Most of those hits will be outdated, even if it is on the topic you're searching for. 1) S

Re: Configuration of FreeRADIUS on Ubuntu/Debian with OPEN-LDAP Authentication

Hi, > I googled it lot but did not come to any comprehensive solution. http://wiki.freeradius.org/Rlm_ldap you need to ensure that the FreeRADIUS LDAP module can talk to your LDAP server - check the LDAP configuration in FreeRADIUS to ensure that the configuration, password etc etc is fine (mo

RE: Configuration for md5 not working

> "If you need to use clear text passwords, the "fix" is to run the method > inside of PEAP or TTLS, which will generate keys and protect your > passwords in the air." > > So basically if i set in my eap.conf default type to PEAP, how do I do > the "fix" you speak of. That's irrelevant. You need

RE: Configuration for md5 not working

Thu, 17 Sep 2009 14:25:34 + > From: da...@mitton.com > To: freeradius-users@lists.freeradius.org > Subject: Re: Re: Configuration for md5 not working > > From: From: Alan Buxey > Sep 17, 2009 04:28:13 AM, freeradius-users@lists.freeradius.org wrote: > >>Hi, >> &

Re: Re: Configuration for md5 not working

From: From: Alan Buxey Sep 17, 2009 04:28:13 AM, freeradius-users@lists.freeradius.org wrote: >Hi, > >> I have everything configured for md5 authentication so that I do not need to >> use either server or client-side certificates. I have my access points >> configured in /etc/raddb/clients.conf

Re: Configuration for md5 not working

Hi, > I have everything configured for md5 authentication so that I do not need to > use either server or client-side certificates. I have my access points > configured in /etc/raddb/clients.conf and my users configured in > /etc/raddb/users > > > > My access point is set to WPA Enterprise s

Re: Configuration for md5 not working

Jon Standley wrote: > When I try to connect to the network, all I get is “Windows is unable to > connect to the wireless network” No prompt for username/password or > anything. Can someone tell me if its my radius configuration that is bad > or my access point or what? Thanks Run the server in d

Re: Configuration sample CDMA-EVDO

Hi, Aldo. There's nothing special for freeradius providing AAA services for cdma ev-do. We're running CDMA (1xRTT, 1xEV-DO rev0/revA) network with ~25k peak online users on two servers running FR. Drop me a message if you're interested in details. -- Alexander Aldo wrote: Hello, could please

Re: Configuration trouble with fail-over

Guillaume Rousse wrote: > What's wrong with just looking recursively for the name under which the > module has been instanciated in the authorization section, without > interpreting fail-over behaviour at all ? Because it may be listed under multiple Auth-Type sections. This is something that p

Re: Configuration trouble with fail-over

Alan DeKok a écrit : > Guillaume Rousse wrote: >> It is not documented in the rlm_ldap file shipped in top-level directory >> (at least for release 2.0.0). The fact that there is a huge redundancy >> between this file and comments in default configuration files doesn't >> help maintaining a referen

Re: Configuration trouble with fail-over

Guillaume Rousse wrote: > It is not documented in the rlm_ldap file shipped in top-level directory > (at least for release 2.0.0). The fact that there is a huge redundancy > between this file and comments in default configuration files doesn't > help maintaining a reference documentation. The co

Re: Configuration trouble with fail-over

Alan DeKok a écrit : > Guillaume Rousse wrote: >> It does. But clarification between what's old and what's new syntax >> doesn't harm. > > The new syntax is documented, and is preferred. If you try the old > one (undocumented and deprecated), it works. What needs clarification? It is not docum

Re: Configuration trouble with fail-over

Guillaume Rousse wrote: > It does. But clarification between what's old and what's new syntax > doesn't harm. The new syntax is documented, and is preferred. If you try the old one (undocumented and deprecated), it works. What needs clarification? > Right, but that seems to be only a syntax d

Re: Configuration trouble with fail-over

Alan DeKok a écrit : >> I think this ought to be documented in rlm_ldap documentation (as well >> as minor other changes, such as the new tls subsection). > > The new tls sub-section isn't required. The old-style configuration > *should* work. It does. But clarification between what's old and w

Re: Configuration trouble with fail-over

Guillaume Rousse wrote: > I've recently upgraded my freeradius servers from 1.1.7 to 2.0.0, 2.0.3 has been out for a while... > and > I've been hit badly by the change in the handling of LDAP-UserDn > attribute, as detailed in > http://www.nabble.com/Re%3A-LDAP-Groups-and-EAP-p14886209.html

Re: Configuration for Cisco DSL Users

You will need to do debug ppp negotiation to see is IP address allocation the problem. If it is, you can always use Freeradius ippool (or sqlippool in latest versions) to alocate IPs. Ivan Kalik Kalik Informatika ISP Dana 22/9/2007, "DFN Systems Office" <[EMAIL PROTECTED]> piše: >I'm new both t

RE: configuration for realm with prefix and suffix

> > well... so what we get is in the form prefix/[EMAIL PROTECTED] > > I'm having trouble wrapping my head around how to configure our server to > > with these. > > > You'll need to use the hints file. The "realm" module won't run twice. > e.g. one way to strip the prefix/ and drop it would be: >

Re: configuration for realm with prefix and suffix

On Thu, 2007-08-23 at 20:40 -0600, Mike Cisar wrote: > Running FreeRADIUS 1.1.3, usernames are in 'username' format in a unix > passwd file. Our dialup users are proxied to us in '[EMAIL PROTECTED]' > format and to this point everything has been working just fine. > > Now the tougher part... We'v

RE: Configuration issue - unknown client

L PROTECTED] > > eradius.org] On Behalf Of Dan O'Reilly > > Sent: August 13, 2007 6:58 PM > > To: FreeRadius users mailing list > > Cc: FreeRadius users mailing list > > Subject: Re: Configuration issue - unknown client > > > > My /etc/raddb/clients.conf:

RE: Configuration issue - unknown client

> -Original Message- > From: > [EMAIL PROTECTED] > org > [mailto:[EMAIL PROTECTED] > eradius.org] On Behalf Of Dan O'Reilly > Sent: August 13, 2007 6:58 PM > To: FreeRadius users mailing list > Cc: FreeRadius users mailing list > Subject: Re: C

Re: Configuration issue - unknown client

My /etc/raddb/clients.conf: client 192.168.0.11 { secret = foobar } Here's the output from radiusd -X: danolaptop freeradius-1.1.7 # /usr/local/sbin/radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/pro

Re: Configuration issue - unknown client

On 8/13/07, Dan O'Reilly <[EMAIL PROTECTED]> wrote: > > I had it that way and it didn't work either. > > At 04:27 PM 8/13/2007, Nicholas Hall wrote: > >On 8/13/07, Dan O'Reilly <[EMAIL PROTECTED]> > wrote: > >Same issue. Here's my /etc/raddb/clients.conf: > > > >client

Re: Configuration issue - unknown client

I had it that way and it didn't work either. At 04:27 PM 8/13/2007, Nicholas Hall wrote: >On 8/13/07, Dan O'Reilly <[EMAIL PROTECTED]> wrote: >Same issue. Here's my /etc/raddb/clients.conf: > >client 192.168.0.11 >secret foobar > > >Shouldn't that be

Re: Configuration issue - unknown client

On 8/13/07, Dan O'Reilly <[EMAIL PROTECTED]> wrote: > > Same issue. Here's my /etc/raddb/clients.conf: > > client 192.168.0.11 > secret foobar Shouldn't that be: client 192.168.0.11 { secret = foobar } -- Nicholas Hall [EMAIL PROTECTED] 262.208.6271 - List info/subscribe/unsubscribe? See h

Re: Configuration issue - unknown client

Same issue. Here's my /etc/raddb/clients.conf: client 192.168.0.11 secret foobar At 04:15 PM 8/13/2007, Nicholas Hall wrote: >On 8/13/07, Dan O'Reilly <[EMAIL PROTECTED]> wrote: >This is my first stab at Freeradius. I have the server installed on >Sabayon Linux, and th

Re: Configuration issue - unknown client

On 8/13/07, Dan O'Reilly <[EMAIL PROTECTED]> wrote: > > This is my first stab at Freeradius. I have the server installed on > Sabayon Linux, and the radtest script runs fine. I've done basically no > configuration to it, because I'm not sure what to configure. > > I'm writing a client on another

Re: Configuration doubt

Help you with what? If you managed to add the password to the check table what could be the problem in adding Session-Timeout to the reply table? Ivan Kalik Kalik Informatika ISP Dana 16/7/2007, "Osvaldohp" <[EMAIL PROTECTED]> piše: >I have a hotSpot that give access to the internet for my user

Re: Configuration doubt

On Monday 16 July 2007 08:05:15 Alan DeKok wrote: > Osvaldohp wrote: > > This is my users file: > > mike Auth-Type = System, User-Password == mike" > > Session-Timeout := 3600, > > > > What i am doing wrong? > > You're telling the server to look in /etc/passwd for the users > password,

Re: Configuration doubt

Osvaldohp wrote: > This is my users file: > mike Auth-Type = System, User-Password == mike" > Session-Timeout := 3600, > > What i am doing wrong? You're telling the server to look in /etc/passwd for the users password, and then also telling it what the users password is. Don't set

Re: Configuration doubt

Hi Ivan. It worked just fine. Just what I needed! Thanks a lot. On 7/12/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: You can use huntgroups: nasA NAS-IP-Address == aaa.aaa.aaa.aaa User-Name = jane, User-Name = peter nasB NAS-IP-Address == bbb.bbb.bbb.bbb

Re: Configuration doubt

You can use huntgroups: nasA NAS-IP-Address == aaa.aaa.aaa.aaa User-Name = jane, User-Name = peter nasB NAS-IP-Address == bbb.bbb.bbb.bbb User-Name = john, User-Name = peter nasC NAS-IP-Address == ccc.ccc.ccc.ccc User-Name = john,

Re: Configuration for EAP-SIM

locate src/tests/eapsim Ivan Kalik Kalik Informatika ISP Dana 6/7/2007, "Garvin Haslett" <[EMAIL PROTECTED]> piše: >Can anyone direct me to an example eap.conf entry to use EAP-SIM? I >have looked but I don't see an example. > >Cheers, > >Garvin. > >- >List info/subscribe/unsubscribe? See http

Re: re: configuration

You are not sending gie.local to your IAS but dealing with them locally. Change realm gie.local back to realm LOCAL and it should start to proxy such requests. Ivan Kalik Kalik Informatika ISP Dana 20/4/2007, "parfait kouassi nda" <[EMAIL PROTECTED]> piše: >my last coonfiguration of these file

Re: configuration

Hi, > my last coonfiguration of these files is: > radiusd.conf > proxy_request = yes > > proxy.conf > realm gie.local { > type = radius > authhost = LOCAL > accthost = LOCAL > } > > realm DEFAULT { >

re: configuration

my last coonfiguration of these files is: radiusd.conf proxy_request = yes proxy.conf realm gie.local { type = radius authhost = LOCAL accthost = LOCAL } realm DEFAULT { type =

Re: configuration

There is nothing you need to modify in radiusd.conf - proxying is enabled by default. All you need to do is enter info about IAS server into proxy.conf. IAS uses both 1812/1813 and 1645/1646 ports for authentication/accounting by default, so take your pick. Instructions in proxy.conf about setting

Re: configuration

Hi, > i want to configure my freeradius server to be a proxy server! can i have > the config of the modification of freeradius's files? > My proxy's server must turn with IAS of windows server 2003! > thanks! you've already posted them. exactly why its not working is another issue altogether! - i

Re: configuration problem in Freeradius.

Hi! Assuming you don't have a user/passwd johndoe/hello in your /etc/passwd (see comment in lines above the matching DEFAULT l. 157) your debug output shows a correctly working freeradius. Speculating further: if you like to have an Access-Accept on that test without creating a system user "john

Re: Configuration of users file

"Mike Cisar" <[EMAIL PROTECTED]> wrote: > But beyond that, how can I then skip over the 20 or so poola/poolb checks > which do not apply for accelleration requests? Maybe there's a cleaner way > of doing this? The "users" file isn't really mean for complex processing like that. You're running i

Re: Configuration item "User-Password" is required for authentication problem

=?ISO-8859-2?Q?Tom=E1=B9_Kom=E1rek?= <[EMAIL PROTECTED]> wrote: > The problem is probably in the line: > > rlm_digest: Configuration item "User-Password" is required for > authentication. > > Can anybody help me how to overcome this problem??? Try telling the server what the users password is

Re: configuration change without restarting???

Hi, > Is there anyway that we can apply some conf changes without restarting > radiusd? http://www.freeradius.org/faq/ SIGHUP is what you are looking for alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Configuration Problems

Santiago Balaguer García wrote: Hi people, My problem is when a install the version freeradius 0.9.3, the modules od mysql aren't compiled. It is compile sql, but mysql not. Unless I don't know where the make install put the file rlm_sql_mysql-0.9.3.so, what is the file that I need. Probably