魏景鹏 wrote:
I've configured two home_server for a pool with type=fail-over, when the
1st one not start,FR didn't send the request to the 2nd one.
FreeRADIUS doesn't check if a home server starts. RADIUS doesn't
work that way.
The fail-over code works. Fail-over occurs when a home server
dulan wrote:
i need to disconnect online user automatically when complete his download
capacity (like prepaid).how can i configure it in freeradius.
You don't. RADIUS doesn't really do that.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Chris L wrote:
Well, if you know in advance, at AA time, how much the session is allocated
to transfer and *IF* your NAS supports something like
Acct-Session-Output-Octets, Session-Octets-Limit, etc, you should be able to
set that to a specific value as a Reply Item and the NAS *SHOULD*
On 27 Jul 2011, at 08:34, Chris L wrote:
On Jul 26, 2011, at 11:19 PM, Alan DeKok wrote:
dulan wrote:
i need to disconnect online user automatically when complete his download
capacity (like prepaid).how can i configure it in freeradius.
You don't. RADIUS doesn't really do that.
Hi,
have you found a solution or a workaround?
I have the same problem, you experienced.
I configured freeradius to talk with LDAP on Mac but at the end I realized
that in the userPassword field isn't saved the clear-text password of the
LDAP user.
OpenDirectory doesn't use that field and
Hi ,
My cisco sends to radius it's ip address, and isakmp-group-id ( or profile name
)
Debug from radius -X :
Cisco-AVPair = isakmp-group-id=CiscoGroup
Acct-Session-Id = 61286
User-Name = domain\\user
Cisco-AVPair = connect-progress=No Progress
You're assuming FreeRADIUS will magically strip off the 'isakmp-group-id=' part
of the value... AVPairs are Ciscos own invention they are not part of the
RADIUS standard.
It's difficult to do because the order of AVPairs sometimes changes and the ==
operator will only check the first instance
ok, now i get corret value to switch changing this two value on eap.conf
(ttls section):
copy_request_to_tunnel = yes
use_tunneled_reply = yes
i've just a new problem.. after successful auth (also switch add corret
VLAN ID), i need to wait about 25-30secs to get connectivity (or DHCP)
with
ok problem solved..
test port on switch wasn't set in portfast mode.. sorry ^_^
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/LDAP-SHA1-Password-EAP-PAP-and-Dynamic-VLAN-tp4635755p4638216.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List
Sorry, I made a mistake in the email.
My cisco sends to radius it's ip address, and isakmp-group-id ( or profile name
)
Debug from radius -X :
Cisco-AVPair = isakmp-group-id=CiscoGroup
Acct-Session-Id = 61286
User-Name = domain\\user
Cisco-AVPair =
Hi all,
freeRADIUS version 2.1.7
(package freeradius2 on centos 5.6)
Radius is configured to store user info (auth) in ldap - running on same
machine as freeradius,
and use rlm_sql for accounting info (and simultaneous use checks) - running on
remote machine.
For some unknown reason radiusd
Did you open your firewall? Redhat-like distros send dest-prohib by default
for ports blocked by iptables.
Cheers,
Harry
gary gary.y...@browan.com wrote:
Hi All
I have trouble about freeradius+mysql.
I configured freeradius(2.1.10) +mysql(5.5.14) and selftest by radtest
everything is okay.
Hi,
I am running a Debain server on the domain haskell-solutions.com. I
installed freeradius 2.1.11 on that. As the tutorial suggested I added a
user account to the top of users file bob Cleartext-Password :=
hello and on the seperated terminal connecting throw SSH to the
haskel server
Hi
I am installing Freeradius and for my scenario i just need to authenticate
from local files and there is no need for DBM or mysql or anything. how do i
disable them during installation of freeradius. I tried using
--disable-rlm-dbm and similar but it din't work out. How do i disable them
from
Vasanth Ragavendran wrote:
I am installing Freeradius and for my scenario i just need to
authenticate from local files and there is no need for DBM or mysql or
anything. how do i disable them during installation of freeradius. I
tried using --disable-rlm-dbm and similar but it din't work out.
Eddie wrote:
I am running a Debain server on the domain haskell-solutions.com. I
installed freeradius 2.1.11 on that. As the tutorial suggested I added a
user account to the top of users file bob Cleartext-Password :=
hello and on the seperated terminal connecting throw SSH to the
haskel
Massimiliano Tommasi wrote:
You are pretty right ;)
I have just recompiled freeradius with that module, which I need...
It seems to be what I need but ... I notice a lack of documentation for
that module..
I have found nothing at all :(
Could you suggest me some doc or/and example of the
On 07/27/2011 07:42 AM, Vasanth Ragavendran wrote:
Hi
I am installing Freeradius and for my scenario i just need to
authenticate from local files and there is no need for DBM or mysql or
anything. how do i disable them during installation of freeradius. I
tried using --disable-rlm-dbm and
Hi Harry
radius server and nas ping no problem each other.
checking firewall no problem.
the OS is Fedora 12.
Best Regards
Gary
BROWAN COMMUNICATIONS INC.
Tel:886-3-600-6899 ext.4842
Fax:886-3-597-2970
e-mail:gary.y...@browan.com
- Original Message -
From: Harry Hoffman
ping isn't the same as a open udp port.
run the command:
/sbin/iptables-save
and past the output. If it's not the firewall then it's probably ACLs as
those are really the only two things that are going to return a
admin-prohib icmp packet.
Cheers,
Harry
On 07/27/2011 09:06 AM, gary wrote:
Hi
Amir Tal wrote:
For some unknown reason radiusd keeps getting segmentation faults, every few
days and even after several hours of work.
Upgrade.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
That's working, Alan.
Thanks.
Max
Il 27/07/11 14.54, Alan DeKok ha scritto:
Massimiliano Tommasi wrote:
You are pretty right ;)
I have just recompiled freeradius with that module, which I need...
It seems to be what I need but ... I notice a lack of documentation for
that module..
I have
Gary,
You're looking for 'iptables -nvL | grep 3306' to produce something like this:
0 0 ACCEPT tcp -- * * 192.168.21.2230.0.0.0/0
tcp dpt:3306
-sth
sam hooker|s...@noiseplant.com|http://www.noiseplant.com
I have not failed, I've just found 10,000
Sorry, I meant 'iptables -nvL | grep 1812' should yield something like THIS:
0 0 ACCEPT udp -- * * 192.168.21.223 0.0.0.0/0
udp dpt:1812
-sth
You're looking for 'iptables -nvL | grep 3306' to produce something
like this:
0 0 ACCEPT tcp -- * *
I got the first step..., FreeRadius and OpenDirectory are speaking the
same language BUT I'm not able to authenticate the users...
On the client side I have a function to get the chap and on the server
side I don't save the password in hashing manner (i guess) ...
When I try to auth, this is the
Massimiliano Tommasi wrote:
I got the first step..., FreeRadius and OpenDirectory are speaking the
same language BUT I'm not able to authenticate the users...
Please READ the debug output. Honestly, it's not that hard.
On the client side I have a function to get the chap and on the server
On Jul 26, 2011, at 4:36 PM, Alan DeKok wrote:
Charles Plater wrote:
Is there any way to try multiple realms inside an update control
statement? What I want to do is try proxying to one realm, and if that
fails trying the credentials via the local ream. Thanks in advance.
Read
hi guys,
i want to assing VLAN based on groups entry and users on LDAP server.
Actually my schema is divided in this way:
ou=groups
-- cn=admin-vlan (with radiusProfile and items to set VLAN ID)
-- cn=dev-vlan
ou=people
-- cn=testusers (that is a uniqueMember of admin-vlan)
the only
Charles Plater wrote:
If I'm reading raddb/proxy.conf correctly home_server_pool allows for
fail-over and load-balancing configurations.
Yes.
In my case I was to try the
same credentials against multiple servers.
RADIUS doesn't do that. It's a *terrible* idea.
What I'm looking at
On 27 Jul 2011, at 17:14, Charles Plater wrote:
On Jul 26, 2011, at 4:36 PM, Alan DeKok wrote:
Charles Plater wrote:
Is there any way to try multiple realms inside an update control
statement? What I want to do is try proxying to one realm, and if that
fails trying the credentials via the
You are right, Alan.
I hoped there was a solution to this but evidently it's not possible.
The only way is to disable the chap on the client-side.
Regards,
Max
Il 27/07/11 17.14, Alan DeKok ha scritto:
Massimiliano Tommasi wrote:
I got the first step..., FreeRadius and OpenDirectory are
stich86 stic...@gmail.com wrote:
there is a possibility to get Tunnel-Private-Group-ID and others from the
LDAP groups and not users file?
i've read many times docs/rlm_ldap but cant get out of this problem :(
Next time, try the freeradius-users@ archive too (true of *any* mailing
list)?
john wrote:
The radiusd keeps closing and i have to restart it. I am running 2.1.11
on this server but i have recently upgraded to this and it was happening
before.
The program uses up all the memory on the computer which is 4GB and I
have enclosed a picture of this. I can send what ever
Hi, I'm using freeradius-2.1.11 and i have problem with mysql
connection. If MySQL server goes down, the freeradius don't reconnect
until he be restarted.
logfile like this, but the mysql server is UP again:
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql: Connected new DB handle,
john j...@rcsaccess.net wrote:
The radiusd keeps closing and i have to restart it. I am running
2.1.11 on this server but i have recently upgraded to this and it was
happening before.
The program uses up all the memory on the computer which is 4GB and I
have enclosed a picture of this.
Thank you so much sir!
On Wed, Jul 27, 2011 at 9:01 PM, John Dennis jden...@redhat.com wrote:
On 07/27/2011 07:42 AM, Vasanth Ragavendran wrote:
Hi
I am installing Freeradius and for my scenario i just need to
authenticate from local files and there is no need for DBM or mysql or
Hi Harry, Sam
The problem solved.Thank you very much.
Here is the output of iptables-save. (iptables -nvL | grep 1812 output
nothing)
***
[root@gary sysconfig]# /sbin/iptables-save
# Generated by iptables-save v1.4.5 on Thu Jul 28 11:36:40
On Thu, Jul 28, 2011 at 10:48 AM, gary gary.y...@browan.com wrote:
After I remark -A INPUT -j REJECT --reject-with icmp-host-prohibited it
work.
But iptables -nvL | grep 1812 command still output nothing.
Now the iptables-save output.
***
Hi Fajar
Sure. I am replying to say the root cause is firewall issue.
The firewall has to be optimized.
Thansk for your reply.
Best Regards
Gary
BROWAN COMMUNICATIONS INC.
Tel:886-3-600-6899 ext.4842
Fax:886-3-597-2970
e-mail:gary.y...@browan.com
- Original Message -
From: Fajar A.
39 matches
Mail list logo