Karl Auer wrote:
The fail-over protocol does not work. Full-stop.
Unless you come up with some very clever definition of does not work,
that's just plain wrong, Alan. It clearly *does* work, most of the time
for most of the people, and has been doing so in enterprises large and
small
Stefan Kuegler wrote:
OK - that's what I forgot to say. The first two arguments (user and
password) come directly from the user. The next three arguments (secret,
pin and offset) are per-user-values. So I wanted to configure these
values in the 'users'-file (/etc/freeradius/users)
For
On Tue, 2009-06-09 at 08:06 +0200, Alan DeKok wrote:
It does something. But it doesn't meet the goal of reliability.
Ah, now that's different. But again, it's reliable *enough*. It does
leave a nice big hole for people like Nominum to prodyuce something that
is *very* reliable.
You've
hello:
i have a h3c route and a cisco route,i want to set a user only can telnet
to this two route from a PC with ip address 192.168.1.22,but h3c route use
Framed-IP-Address = 192.168.1.22, CISCO use Calling-Station-Id = 192.168.1.22
how to set in mysql radcheck?
Karl Auer wrote:
Perhaps you've just been unlucky? It's just as good an argument.
Well-designed systems don't require luck to work. That's my argument.
See the RELNOTES that is included with ISC for a
series of bug fixes to the protocol. Both the implementation and the
protocol design
Hi,
It's not a good sign that we bicker about terminology. Suffice it to say
whilst it was interesting that FreeRADIUS got DHCP support - certainly
for those that want to ensure policy actually works - I never thought we'd
get to have such fervent discussion about it :-)
now, historical
a.l.m.bu...@lboro.ac.uk wrote:
Hi,
It's not a good sign that we bicker about terminology. Suffice it to say
whilst it was interesting that FreeRADIUS got DHCP support - certainly
for those that want to ensure policy actually works - I never thought we'd
get to have such fervent
a.l.m.bu...@lboro.ac.uk wrote:
however, the main question is when will FreeRADIUS have to have a
new name? 8-)
It won't. The name is already well known.
FRANAS ? (free radius, authentication and network access server) 8-)
I'm all for having an *additional* name, web site, etc. That
Arran Cudbard-Bell wrote:
It's hard... How many protocols does FR support now, VMPS, RADIUS (With
WiMAX), EAP, DHCP. I'd suggest FreeNAC but I believe someone has already :P.
ARP? Tacacs+ maybe to come.
FreeRNC - Free RADIUS and Network Control
or
FreeRaNCS (FRANCS)
I'd avoid the
i have a h3c route and a cisco route,i want to set a user only can
telnet
to this two route from a PC with ip address 192.168.1.22,but h3c route use
Framed-IP-Address = 192.168.1.22, CISCO use Calling-Station-Id =
192.168.1.22
how to set in mysql radcheck?
FreeRadius should always be called FreeRadius. It's almost a brand name,
which is very well known, and has an excellent reputation.
I agree the new stuff in FreeRadius needs way more attention. Virtually
no one i know associates Free_Radius_ with VMPS, nor DHCP.
I'd avoid the word free.
I'd
grep mysql_config still remains as follows:
configure: WARNING: silently not building rlm_sql_iodbc.
configure: WARNING: FAILURE: rlm_sql_iodbc requires: libiodbc isql.h.
checking for mysql_config... no
configure: WARNING: silently not building rlm_sql_postgresql.
configure:
On 9/6/09 11:07, Martin Lorentz wrote:
FreeRadius should always be called FreeRadius. It's almost a brand name,
which is very well known, and has an excellent reputation.
I agree the new stuff in FreeRadius needs way more attention. Virtually
no one i know associates Free_Radius_ with VMPS, nor
Hi all
I try to do a fail-over with two ldap on my freeradius. I read this article
http://wiki.freeradius.org/Fail-over, I instantiated two openldap modules and i
use the keyword redundant in my /raddb/site-available/default in authorize and
authenticate section.
redundant {
Alan,
I hoping you can help me. We're currently testing FR2.1.6 and robust proxy
accounting.
We have two servers running FR2.1.6. When both servers are operational the
relaying of
accounting packets works. However, when one of the servers is down the other
operational
server fails to retain
On Tue, 2009-06-09 at 09:24 +0200, Alan DeKok wrote:
Umm no. It means they protocol was designed from an incomplete
problem statement, and an incomplete knowledge of the system. That
isn't good engineering practice.
Maybe - but it's the way a good many, in fact most, of the main
On 9/6/09 13:58, Karl Auer wrote:
On Tue, 2009-06-09 at 09:24 +0200, Alan DeKok wrote:
Umm no. It means they protocol was designed from an incomplete
problem statement, and an incomplete knowledge of the system. That
isn't good engineering practice.
Maybe - but it's the way a good
On Tue, 2009-06-09 at 14:07 +0100, Arran Cudbard-Bell wrote:
See earlier messages in this thread. I (a) found a theoretical issue
with the protocol, and (b) demonstrated it in a live system.
I missed it. What was it again?
When we tried it back in 2007 with an Active/Active
I try to do a fail-over with two ldap on my freeradius. I read this
article http://wiki.freeradius.org/Fail-over, I instantiated two openldap
modules and i use the keyword redundant in my
/raddb/site-available/default in authorize and authenticate section.
redundant {
Karl Auer wrote:
Maybe - but it's the way a good many, in fact most, of the main
protocols we use today have become what they are. People do their best,
then the real world comes along and reminds them of all the things they
forgot. It's normal for stuff to need fixing.
That's nice. Except
On 9/6/09 14:20, Karl Auer wrote:
On Tue, 2009-06-09 at 14:07 +0100, Arran Cudbard-Bell wrote:
See earlier messages in this thread. I (a) found a theoretical issue
with the protocol, and (b) demonstrated it in a live system.
I missed it. What was it again?
When we tried it back in 2007
Hi,
When we tried it back in 2007 with an Active/Active configuration, the
two instances of ISC DHCPD started handing out duplicate leases
completely arbitrarily. We scrapped the second instance and went down to
a single one. Haven't tried it again since.
It didn't work then... it may do
/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -
/var/log/radacct/192.168.0.50/auth-detail-20090609
[auth_log] /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to
/var/log/radacct/192.168.0.50/auth-detail-20090609
[auth_log] expand: %t - Tue Jun 9 16:27:02 2009
++[auth_log
I will be glad, if anyone can direct me to whare The log below is the
part of the debug for the new test freeradius server 2.1.6 am testing with.
However, the hotspotlogin,cgi is able to pass the param username to the
radius but when the query is run against the database the Tue Jun 9
(following my last mail)
I read in my log:
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
So in the user file I replace
DEFAULT ldaplabobe2-Ldap-Group == administrateur, User-Profile :=
cn=administrateur,ou=Profiles,dc=netplus,dc=fr
Chris Howley wrote:
Sending proxied request internally to virtual server.
server acct_detail.leeds.ac.uk {
+- entering group accounting {...}
[detail.leeds.ac.uk] Suppressing writes to detail file as the request was
just read from a detail file.
++[detail.leeds.ac.uk] returns noop
} #
Goke Aruna wrote:
I will be glad, if anyone can direct me to whare The log below is the
part of the debug for the new test freeradius server 2.1.6 am testing with.
However, the hotspotlogin,cgi is able to pass the param username to the
radius
It's not in the debug log below.
rad_recv:
Alan DeKok wrote:
Goke Aruna wrote:
I will be glad, if anyone can direct me to whare The log below is the
part of the debug for the new test freeradius server 2.1.6 am testing with.
However, the hotspotlogin,cgi is able to pass the param username to the
radius
It's not in the debug log
I want to use mysql only for accounting purposes.I have uncommented the sql
and sql_log entries iin the various modules.
While users try to login,entries are being entered into the radpostauth
table of mysql.However, no entries are being made into the radacct
table.Can anyone please tell me the
Hello everyone
I migrated my freeradius version 1.1.3-1.4.el5 that came with CentOS
5.3 to version 2.1.6-2.
I am looking for an option that I had in my previous configuration and
does not find it on this new, maybe it is removed. the fact is that many
of my users sometimes tend to write the
Dear List,
I'm having a strange issue with FreeRADIUS 2.1.4, using a configuration with
the following items:
- Cisco Aironet 1130AG access point
- Ubuntu-based server with FreeRADIUS and OpenLDAP
- Client machines (Windows XP SP2, Ubuntu 9.04)
The issue I have is, that I don't get a response
Hi Chuan,
Thx for reply amongst this heated discussion on DHCP
I've currently got install freeRadius 2.1.6 and Poptop 2.4.4 and I see no
dictionary file in /etc/ppp/radius/dictionary. In fact I have no radius
directory in /etc/ppp
All freeradius dictionary's are located in
I want to use mysql only for accounting purposes.I have uncommented the
sql
and sql_log entries iin the various modules.
While users try to login,entries are being entered into the radpostauth
table of mysql.However, no entries are being made into the radacct
table.Can anyone please tell me
I migrated my freeradius version 1.1.3-1.4.el5 that came with CentOS
5.3 to version 2.1.6-2.
I am looking for an option that I had in my previous configuration and
does not find it on this new, maybe it is removed. the fact is that many
of my users sometimes tend to write the username with
I'm having a strange issue with FreeRADIUS 2.1.4, using a configuration
with
the following items:
- Cisco Aironet 1130AG access point
- Ubuntu-based server with FreeRADIUS and OpenLDAP
- Client machines (Windows XP SP2, Ubuntu 9.04)
The issue I have is, that I don't get a response from
Hi all again,
Ok, I've got WISPr-Bandwidth-Max-Down in /var/run/radattr.ppp0 but the value is
all wrong.
I set WISPr-Bandwidth-Max-Down = 512000 (as a reply)
and in /var/run/radattr.ppp0 its show as - WISPr-Bandwidth-Max-Down -1062731706
I just basically copied the dictionary.wispr to
Ok, I've got WISPr-Bandwidth-Max-Down in /var/run/radattr.ppp0 but the
value is all wrong.
I set WISPr-Bandwidth-Max-Down = 512000 (as a reply)
and in /var/run/radattr.ppp0 its show as - WISPr-Bandwidth-Max-Down
-1062731706
I just basically copied the dictionary.wispr to
Hi, I'm new here. I installed freeradius 1.1.7 on a debian lenny.
./configure
make
make install
when I tri to start radiusd -x I get the following error :
radiusd: error while loading shared libraries: libradius-1.1.7.so: cannot open
shared object file: No such file or directory
(I dont have to
Hi, I'm new here. I installed freeradius 1.1.7 on a debian lenny.
./configure
make
make install
when I tri to start radiusd -x I get the following error :
radiusd: error while loading shared libraries: libradius-1.1.7.so: cannot
open shared object file: No such file or directory
(I dont
you talking about It says Could not link ... file not found, what do I
do? in the FAQ?
I tried:
server-radius:/home/freeradius-1.1.7# ./configure | grep libradius-1.1.7.so
configure: WARNING: snmpget not found - Simultaneous-Use and checkrad.pl may
not work
configure: WARNING: snmpwalk not
Sorry - I'm a n00b to this project.
Trying to get OpenLDAP-based authentication working (well the auth DOES
work) but cannot seem to get authorization working.
Googling has so far failed me. Perhaps someone on this list can clue me
in...
users file has the following:
DEFAULT Service-Type
On Tue, Jun 9, 2009 at 5:10 PM, Goke Aruna gok...@gmail.com wrote:
Alan DeKok wrote:
Goke Aruna wrote:
I will be glad, if anyone can direct me to whare The log below is the
part of the debug for the new test freeradius server 2.1.6 am testing
with.
However, the hotspotlogin,cgi is able
Hi all,
Anybody knows how to configure freeradius to send access list configuration
back to a cisco router applied to Dialer 0.
Thanks,
Jorge Pallares
Email disclaimer:
The information contained in or attached to this communication may contain
confidential
43 matches
Mail list logo