Seems there.
select * from radcheck where username='bob';
+-+--+++-+
| id | username | attribute | op | value |
+-+--+++-+
| 386 | bob| Expiration | := | 25 Jun 2011 |
|
What do you get when you run this query?
SELECT id, username, attribute, value, op FROM radcheck WHERE
username = BINARY 'bob' ORDER BY id
From: john decot [mailto:johnde...@yahoo.com]
Sent: Monday, May 23, 2011 11:24 PM
To: tim.sylves...@networkradius.com;
Phil Mayers schrieb:
On 05/23/2011 06:53 PM, Simon L. wrote:
Please have a look at my new, attached debug log.
The server you are proxying to sends a reject. Fix that server.
-
Why accepts the home server a proxied request from radtest but not from
a wpa supplicant.
The home server can not
thomas.d...@24-7-it-services.de wrote:
in the section authorize I include the module file.
(/etc/raddb/users)
At the moment I get an noop if a user is not found in the file.
How can I change it to return a reject, if a user is not found?
Now:
++[files] returns noop
Destination:
SELECT id, username, attribute, value, op FROM radcheck
WHERE
username = BINARY 'bob' ORDER BY id;
+-+--++-++
| id | username | attribute | value | op |
On Tue, May 24, 2011 at 3:20 PM, john decot johnde...@yahoo.com wrote:
SELECT id, username, attribute, value, op FROM radcheck
WHERE username = BINARY 'bob' ORDER BY id;
+-+--++-++
| id | username | attribute | value
Hi,
my testing lab like this :
Node1 (FreeRadius+MySQL)
Node2 (FreeRadius+MySQL)
i am setting Master-Master MySQL Replication between this two node ,
initially it seems OK ,
now i am going to deploy this in production environment
i asked if any one have further investigation (issues ,
On Tue, May 24, 2011 at 3:40 PM, Student University studen...@gmail.com wrote:
Hi,
my testing lab like this :
Node1 (FreeRadius+MySQL)
Node2 (FreeRadius+MySQL)
i am setting Master-Master MySQL Replication between this two node ,
Master-Master seems easy, but needs proper care. For
Hi Alexander,
thanks for your answer. This works nearly perfect.
My problem now is that:
[files] users: Matched entry DEFAULT at line 11
++[files] returns ok
...
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} - u8867
attr_filter:
thomas.d...@24-7-it-services.de wrote:
What I want to do is:
1. freeradius get an request
2. freeradius should look into his user file
2.1. if user found, next step
2.2. if user is not found, interrupt - reject
$ man unlang
This is documented. There are examples.
files
Thats it .. Problem was in operator I changed it to := and it works.
Thankyou Fajar
From: Fajar A. Nugraha l...@fajar.net
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Tue, May 24, 2011 2:17:51 PM
Subject: Re: Authentication
Hi Alan,
files
if (noop) {
reject
}
thanks a lot, that's the solution! :-)
$ man unlang
Sorry I know that, but for me
it is hard to understand.
Kind regards,
Thomas
-Ursprüngliche Nachricht-
Von:
Simultaneous-Use op should be := and not =
On 05/24/2011 10:32 AM, Fajar A. Nugraha wrote:
On Tue, May 24, 2011 at 3:20 PM, john decotjohnde...@yahoo.com wrote:
SELECT id, username, attribute, value, op FROM radcheck
WHERE username = BINARY 'bob' ORDER BY id;
El 23/05/11 14:30, Alan DeKok escribió:
Angel L. Mateo wrote:
...
reference = %{%{Packet-Type}:-format}
Which is *always* the request packet. Use %{reply:Packet-Type} for
the reply.
You'll have to find a way to switch the reference based on request or
reply. Maybe configure
On 24/05/11 09:57, Alexandros Gougousoudis wrote:
Hi Phil,
I got the point and it works! Thank you!
BTW, any idea why this failes?
DOMAIN\username - username
The command:
radtest -t mschap VERWALTUNG\gougousoudis testpwd 127.0.0.1:1812 0
testing123
gives this output. It seems, that
On 24/05/11 08:35, Simon L. wrote:
Phil Mayers schrieb:
On 05/23/2011 06:53 PM, Simon L. wrote:
Please have a look at my new, attached debug log.
The server you are proxying to sends a reject. Fix that server.
-
Why accepts the home server a proxied request from radtest but not from
a
Student University studen...@gmail.com wrote:
my testing lab like this :
Node1 (FreeRadius+MySQL)
Node2 (FreeRadius+MySQL)
i am setting Master-Master MySQL Replication between this two node ,
initially it seems OK ,
now i am going to deploy this in production environment
You
Hello,
Just looking for a bit of advice here. I've been setting up freeradius
here recently, and whilst I'm mostly finished, there are a few points
that still need to be addressed. The main one is sending a (semi)
meaningful reply message when a user is rejected. Unfortunately, I'm
having
On 24/05/11 12:16, Martin Goldstone wrote:
Hello,
Just looking for a bit of advice here. I've been setting up freeradius
here recently, and whilst I'm mostly finished, there are a few points
that still need to be addressed. The main one is sending a (semi)
meaningful reply message when a user
also ,,,
each node (FR+MySQL) is connected to different NAS server like this :
Cisco NAS1 -- Node1 (FR+MySQL) == Node2(FR+MySQL) -- Cisco NAS2
This is what we need to deploy exactly ,
so does the master-master replication is suited enough to accommodates our
needs or there is any better
Hi,
I'm new to Freeradius and i am trying to figure a way to use Freeradius to
Authenticate a user through a CISCO GGSN in where the GGSN will send the
IMSI to the Freeradius and the Freeradius will connect to a Postgresql DB
doing a SELECT on 2 tables and will receive a Language that the
On 24/05/11 13:44, Pedro Costa wrote:
Hi,
I'm new to Freeradius and i am trying to figure a way to use Freeradius
to Authenticate a user through a CISCO GGSN in where the GGSN will send
the IMSI to the Freeradius and the Freeradius will connect to a
Postgresql DB doing a SELECT on 2 tables and
On 24/05/11 12:46, Phil Mayers wrote:
On 24/05/11 12:16, Martin Goldstone wrote:
Hello,
Just looking for a bit of advice here. I've been setting up freeradius
here recently, and whilst I'm mostly finished, there are a few points
that still need to be addressed. The main one is sending a
Hello,
I need your help with freeradius proxy configuration.
What I would like to do is to configure freeradius as a proxy to forward all
the authentication requests to another radius server without having to wait for
an answer from the RADIUS server. Could you please help me with this
Maglione Roberta wrote:
What I would like to do is to configure freeradius as a proxy to forward all
the authentication requests to another radius server without having to wait
for an answer from the RADIUS server.
What does that mean?
A proxy will forward a request, and then wait for
Phil Mayers schrieb:
On 24/05/11 08:35, Simon L. wrote:
Phil Mayers schrieb:
On 05/23/2011 06:53 PM, Simon L. wrote:
Please have a look at my new, attached debug log.
The server you are proxying to sends a reject. Fix that server.
-
Why accepts the home server a proxied request from
What I was trying to do is to configure just the forwarding behavior for each
authentication request, is it possible to just forward the requests?
Thanks,
Roberta
-Original Message-
From:
freeradius-users-bounces+roberta.maglione=telecomitalia...@lists.freeradius.org
On 24/05/11 15:23, Martin Goldstone wrote:
Yes, I have this in both the peap stanza and the ttls stanza. This
seems to be fine when access is accepted, for example if I set a
Reply-Message saying Welcome in the post-auth section of the
inner-tunnel config, I see this in the final access-accept
Hi,
proxy-inner-tunnel:
server proxy-inner-tunnel {
authorize {
update control {
Proxy-To-Realm := NULL #I want to proxy realm NULL
}
}
authenticate {
eap
}
post-proxy {
eap
}
}
dont set it to NULL - that keeps it very much local. instead set it to FOOBAR
and
Hi,
I am using FreeRADIUS to proxy EAP-PEAP authentication as MSCHAPv2 to a
third-party RADIUS Server. (Terminating the outer tunnel at FreeRADIUS).
However, I need to send an AVP of Framed-Ip-Address to the third party
RADIUS server ( its a legacy server), for which I tried adding a realm
Phil Mayers p.may...@imperial.ac.uk 5/21/2011 3:08 AM
On 05/20/2011 10:33 PM, Mark Jones wrote:
Here is the latest debug...Im not sure what to try next.
Latest debug... ok, what has changed?
I added the dns suffix to the computer name
rad_recv: Access-Request packet from host
so, in inner-tunnel post-auth, set outer.reply
to be whatever you want.. you can then, in the
outer layer, query/check or use that reply.
There's an additional round trip after the failure
which is why Phil said it needs to be saved. I
had a patch to save/restore it; but, it needs
rework
I note that many of you are implementing WPA Enterprise (or have) as I
have seen some interesting posts on the issue. I'd like to offer up our
configuration and troubleshooting guides here at Georgia Tech. Feel free
to liberate them for your own use, customize, enhance, whatever. We
have had
Hi,
...so, when are you going to join eduroam then? you seem to have EAP
and WPA/WPA2 all sorted and client configuration guides for your users
(everyone seems to be reinventing that wheel - especially in th eduroam
community where the settings are have minor difference - some sites
do WPA2/AES
Hi,
I am using FreeRADIUS to proxy EAP-PEAP authentication as MSCHAPv2 to a
third-party RADIUS Server. (Terminating the outer tunnel at FreeRADIUS).
However, I need to send an AVP of Framed-Ip-Address to the third party
RADIUS server ( its a legacy server), for which I tried adding a realm
I have an RSA Securid server that is being proxied by FreeRadius. Everything
works great.
When a client on a remote device authenticates, they are authenticating
against the FreeRadius server's address. So I assume FreeRadius is the NAS.
How do I force the client device's IP to be the one
On 05/24/2011 05:03 PM, Alan Buxey wrote:
so, in inner-tunnel post-auth, set outer.reply to be whatever you want..
you can then, in the outer layer, query/check or use that reply.
Unfortunately, outer.reply is an Access-Challenge.
-
List info/subscribe/unsubscribe? See
Your email client is mangling the quoting, which makes it really hard to
read your replies. Please fix it!
So this is a full host/name.domain.com now - what did you change?
as per above i added the dns suffix to the computer (under name
change...more)
Just renaming the machine won't help.
On 05/24/2011 06:00 PM, Mark Jones wrote:
Here is the latest debug with termination on Aruba turned off:
FreeRADIUS Version 2.1.10, for host i686-pc-linux-gnu, built on Mar 23
Sending Access-Challenge of id 152 to 10.152.0.100 port 32819
EAP-Message =
Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:
go on, join eduroam.
I got a @illinois.edu lurker this week here at soas.ac.uk :)
Cheers
--
Alexander Clouter
.sigmonster says: Wagner's music is better than it sounds.
-- Mark Twain
-
List
Hi Guys,
I'd like to recall this because now I also met this problem.
I also need add Calling-Station-Id to accounting request
But I can't find how the account part in pam radius source code.
Can anyone help to figure it out and tell me which codes I need added in?
hope hearing from you asap.
lth0721 wrote:
I'd like to recall this because now I also met this problem.
I also need add Calling-Station-Id to accounting request
But I can't find how the account part in pam radius source code.
Can anyone help to figure it out and tell me which codes I need added in?
That's a question
Locnar wrote:
When a client on a remote device authenticates, they are authenticating
against the FreeRadius server's address. So I assume FreeRadius is the NAS.
How do I force the client device's IP to be the one authenticated, not the
FreeRadius server?
I think I've tried about every
43 matches
Mail list logo