Re: Are you smarter than George W. Bush?
20-Dec-02 at 01:32, Miquel van Smoorenburg ([EMAIL PROTECTED]) wrote : In article 000c01c2a787$49a440c0$ad15a8c0@nvcisplt01, Brian Johnson [EMAIL PROTECTED] wrote: How about simply denying messages from non-subscribers like EVER ONE of my other lists do. :) This has come up before. And before. And before. Ech time I explained the policy that the lists that I run have. Yes, spam/virus filtering is done, quite extensively. No, it's not perfect. If you know a perfect spam filter please tell me (and I'll get rich with it). SpamAssassin isn't bad. You could be harsh with it, for this list. -- |-Simon White, Internet Services Manager, Certified Check Point CCSA. |-MTDS Internet, Security, Anti-Virus, Linux and Hosting Solutions. |-MTDS 14, rue du 16 novembre, Agdal, Rabat, Morocco. |-MTDS tel +212.3.767.4861 - fax +212.3.767.4863 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
IPv6 + Proxy...
Hello, Is FreeRADIUS IPv6 compatible? And, after the authentication of the user I want to send (proxy) the authentication packets to another FreeRADIUS server, How can I do that? It is like proxying the packets to 2 other RADIUS server but one of them is its own. Regards, Tamer - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
cisco as5400 dialing digits
hi all, i'm new to free radius... i've RH Linux, Freeradius 0.8, mysql for accounting/cdr (no authentication)... and cisco as5400 as radius client. while making calls, we can see all the attributes are displaying properly in screen (running radius in debug mode). but in the calldetails table (radacct) the digits of calling station and called station are truncated to 10 digits... instead of getting the whole digits. i've checked the field names, there enough space is there (32) can anyone help in this issue TIA regards sunil - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Are you smarter than George W. Bush?
On Fri, Dec 20, 2002 at 11:10:12AM +, Simon White wrote: 20-Dec-02 at 01:32, Miquel van Smoorenburg ([EMAIL PROTECTED]) wrote : This has come up before. And before. And before. Ech time I explained the policy that the lists that I run have. Yes, spam/virus filtering is done, quite extensively. No, it's not perfect. If you know a perfect spam filter please tell me (and I'll get rich with it). SpamAssassin isn't bad. You could be harsh with it, for this list. http://lists.cistron.nl/archives/freeradius-devel/2002/10/msg00107.html -- Simon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Are you smarter than George W. Bush?
20-Dec-02 at 13:41, Simon ([EMAIL PROTECTED]) wrote : On Fri, Dec 20, 2002 at 11:10:12AM +, Simon White wrote: 20-Dec-02 at 01:32, Miquel van Smoorenburg ([EMAIL PROTECTED]) wrote : This has come up before. And before. And before. Ech time I explained the policy that the lists that I run have. Yes, spam/virus filtering is done, quite extensively. No, it's not perfect. If you know a perfect spam filter please tell me (and I'll get rich with it). SpamAssassin isn't bad. You could be harsh with it, for this list. http://lists.cistron.nl/archives/freeradius-devel/2002/10/msg00107.html Thanks. Is there a difference in score between average regular posts and those spams which slip through? Could the threshold be lowered? -- |-Simon White, Internet Services Manager, Certified Check Point CCSA. |-MTDS Internet, Security, Anti-Virus, Linux and Hosting Solutions. |-MTDS 14, rue du 16 novembre, Agdal, Rabat, Morocco. |-MTDS tel +212.3.767.4861 - fax +212.3.767.4863 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cisco as5400 dialing digits
hi sunil, i have noticed the same (using a AS5300) and found a limitation in the create statement of the radacct table in [freeradius-home]/src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sql: ... CalledStationId varchar(10) NOT NULL default '', CallingStationId varchar(10) NOT NULL default '', ... changing this to a bigger value then 10 works good for me. are you really using varchar(32) here? [EMAIL PROTECTED] wrote: hi all, i'm new to free radius... i've RH Linux, Freeradius 0.8, mysql for accounting/cdr (no authentication)... and cisco as5400 as radius client. while making calls, we can see all the attributes are displaying properly in screen (running radius in debug mode). but in the calldetails table (radacct) the digits of calling station and called station are truncated to 10 digits... instead of getting the whole digits. i've checked the field names, there enough space is there (32) can anyone help in this issue TIA regards sunil - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html gerald - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Configuration problem .. And presentation
Hi all I'm Benjamin Lenglart aka FlyBen I'm currently working in a french little company named Inovatel I'm looking to install and setup a freeradius server to control access over internet from mobilphones We dispose of a Network Acces Point from GPRS Now a day I'm doing static IP affectation with login/password I'm using : #test Auth-Type=Local,Password==test,Calling-Station-Id = 3x9 # Service-Type = Framed-User, # Framed-Protocol = PPP, # Framed-IP-Address = a.a.a.a, # Fall-Through = Yes In user file It permits me to control that the user test has the sim card with phone number 3x9 and will become Ip adress a.a.a.a Radius parameter I receive are there : NAS-Identifier = bez3ggsn02 User-Name = test User-Password = test NAS-Port-Type = Virtual Calling-Station-Id = 3x9 Called-Station-Id = apn Acct-Session-Id = 02c0dfd591f51600 Everything works fine .. This way But It's not the way I would like to use !! Aim is : No login and password needed for anyone. Control is done only on Calling-Station-Id and depending of this point Either the phone number is one of my working friend then the user should become a dynamix IP address selected in a Pool (would say i could need approx twenty address) (and how to free this adress after an amount of time (is 2 hour)) Either the phone has a specific phone number I know and should become a specified Ip adress assinged statically and that would be the same every time .. May be anyone could help me?? Thanks in advance FlyBen - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Are you smarter than George W. Bush?
In article [EMAIL PROTECTED], Simon White [EMAIL PROTECTED] wrote: 20-Dec-02 at 13:41, Simon ([EMAIL PROTECTED]) wrote : http://lists.cistron.nl/archives/freeradius-devel/2002/10/msg00107.html Thanks. Is there a difference in score between average regular posts and those spams which slip through? Could the threshold be lowered? The cutoff score is the default, 5. I'm not sure about what exactly gets rejected - the mail isn't actually filtered through spamassassin, the script just calls 'spamc -c' to check if it is spam. If so it is simply thrown away. Perhaps I should fix that so that you can read the score in the headers of spam that slips through. Need to find /time/ for that though, and I aften say I don't have enough of it, and now my collegue has just told us he'll be trying his luck somewhere else, so I'm not going to get any more time soon ... Mike. -- They all laughed when I said I wanted to build a joke-telling machine. Well, I showed them! Nobody's laughing *now*! -- [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cisco AV-Pairs Suffix
All, I'm using FreeRadius to authenticate access to my Cisco routers. I'm trying to allow my engineers to use the suffix .en to gain enable access via the login process. The problem I am having is that the Cisco-AVPair is not being passed during this process. User Chimp logs in and is authenticated level 15. User monkey logs in and works fine. User monkey.en logs in, but is not level 15, is level 1. What am I doing wrong? Running: Solaris 2.8 FreeRadius 0.8 USERS FILE: === CUT monkey Auth-Type := System Service-Type = Login-User, Chimp Auth-Type := System Service-Type = Login-User, Cisco-AVPair += shell:priv-lvl=15, /CUT HINTS FILE: === CUT DEFAULT Suffix == .en, Strip-User-Name = Yes Cisco-AVPair += shell:priv-lvl=15 /CUT - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IPv6 + Proxy...
Tamer Demir [EMAIL PROTECTED] wrote: Is FreeRADIUS IPv6 compatible? What do you mean by that? Does FreeRADIUS send/receive packets on IPv6 interfaces? No. Does FreeRADIUS send/receive radius packets which contain ipv6 configuration attributes? Sort of. As always, patches are welcome. And, after the authentication of the user I want to send (proxy) the authentication packets to another FreeRADIUS server, How can I do that? Why? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco AV-Pairs Suffix
Olney, Matthew [EMAIL PROTECTED] wrote: HINTS FILE: === DEFAULT Suffix == .en, Strip-User-Name = Yes Cisco-AVPair += shell:priv-lvl=15 So you're not adding a Hint attribute, like the examples in the hints file do... Try READING the supplied configuration files 'hints' and 'users'. Look for the word 'Hints', and see how it's used. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Are you smarter than George W. Bush?
Once again, Why not limit who can post to the list to subscribers? Brian J. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Miquel van Smoorenburg Sent: Friday, December 20, 2002 8:41 AM To: [EMAIL PROTECTED] Subject: Re: Are you smarter than George W. Bush? In article [EMAIL PROTECTED], Simon White [EMAIL PROTECTED] wrote: 20-Dec-02 at 13:41, Simon ([EMAIL PROTECTED]) wrote : http://lists.cistron.nl/archives/freeradius-devel/2002/10/msg0 0107.html Thanks. Is there a difference in score between average regular posts and those spams which slip through? Could the threshold be lowered? The cutoff score is the default, 5. I'm not sure about what exactly gets rejected - the mail isn't actually filtered through spamassassin, the script just calls 'spamc -c' to check if it is spam. If so it is simply thrown away. Perhaps I should fix that so that you can read the score in the headers of spam that slips through. Need to find /time/ for that though, and I aften say I don't have enough of it, and now my collegue has just told us he'll be trying his luck somewhere else, so I'm not going to get any more time soon ... Mike. -- They all laughed when I said I wanted to build a joke-telling machine. Well, I showed them! Nobody's laughing *now*! -- [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Are you smarter than George W. Bush?
Never mind Didn't catch your earlier reply. :) Oops...sorry. Brian J. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Brian Johnson Sent: Friday, December 20, 2002 9:27 AM To: [EMAIL PROTECTED] Subject: RE: Are you smarter than George W. Bush? Once again, Why not limit who can post to the list to subscribers? Brian J. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Miquel van Smoorenburg Sent: Friday, December 20, 2002 8:41 AM To: [EMAIL PROTECTED] Subject: Re: Are you smarter than George W. Bush? In article [EMAIL PROTECTED], Simon White [EMAIL PROTECTED] wrote: 20-Dec-02 at 13:41, Simon ([EMAIL PROTECTED]) wrote : http://lists.cistron.nl/archives/freeradius-devel/2002/10/msg0 0107.html Thanks. Is there a difference in score between average regular posts and those spams which slip through? Could the threshold be lowered? The cutoff score is the default, 5. I'm not sure about what exactly gets rejected - the mail isn't actually filtered through spamassassin, the script just calls 'spamc -c' to check if it is spam. If so it is simply thrown away. Perhaps I should fix that so that you can read the score in the headers of spam that slips through. Need to find /time/ for that though, and I aften say I don't have enough of it, and now my collegue has just told us he'll be trying his luck somewhere else, so I'm not going to get any more time soon ... Mike. -- They all laughed when I said I wanted to build a joke-telling machine. Well, I showed them! Nobody's laughing *now*! -- [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
URGENT ASSISTANCE
FROM:MRS. M SESE-SEKO ATTN: I AM MRS. MARIAM SESE-SEKO WIDOW OF LATE PRESIDENT MOBUTU SESE-SEKO OF ZAIRE? NOW KNOWN AS DEMOCRATIC REPUBLIC OF CONGO (DRC). I AM MOVED TO WRITE YOU THIS LETTER, THIS WAS IN CONFIDENCE CONSIDERING MY PRESENT CIRCUMSTANCE AND SITUATION. I ESCAPED ALONG WITH MY HUSBAND AND TWO OF OUR SONS TIMOTHY AND BASHER OUT OF DEMOCRATIC REPUBLIC OF CONGO (DRC) TO ABIDJAN,COTE D'IVOIRE WHERE MY FAMILY AND I SETTLED, WHILE WE LATER MOVED TO SETTLED IN MORROCO WHERE MY HUSBAND LATER DIED OF CANCER DISEASE. HOWEVER DUE TO THIS SITUATION WE DECIDED TO CHANGED MOST OF MY HUSBAND'S BILLIONS OF DOLLARS DEPOSITED IN SWISS BANK AND OTHER COUNTRIES INTO OTHER FORMS OF MONEY CODED FOR SAFE PURPOSE BECAUSE THE NEW HEAD OF STATE OF (DR) MR LAURENT KABILA HAS MADE ARRANGEMENT WITH THE SWISS GOVERNMENT AND OTHER EUROPEAN COUNTRIES TO FREEZE ALL MY LATE HUSBAND'TREASURES DEPOSITED IN SOME EUROPEAN COUNTRIES. HENCE MY CHILDREN AND I DECIDED LAYING LOW IN AFRICA TO STUDY THE SITUATION TILL WHEN THINGS GETS BETTER, LIKE NOW THAT PRESIDENT KABILA IS DEAD AND THE SON TAKING OVER(JOSEPH KABILA). ONE OF MY LATE HUSBAND'S CHATEAUX IN SOUTHERN FRANCE WAS CONFISCATED BY THE FRENCH GOVERNMENT, AND AS SUCH I HAD TO CHANGE MY IDENTITY SO THAT MY INVESTMENT WILL NOT BE TRACED AND CONFISCATED. I HAVE DEPOSITED THE SUM OF TWENTY FIVE MLLION UNITED STATE DOLLARS (US$25,000,000,00.) WITH A SECURITY COMPANY , FOR SAFEKEEPING. THE FUNDS ARE SECURITY CODED TO PREVENT THEM FROM KNOWING THE CONTENT. WHAT I WANT YOU TO DO IS TO INDICATE YOUR INTEREST THAT YOU WILL ASSIST US BY RECEIVING THE MONEY ON OUR BEHALF IN EUROPE. I WANT YOU TO ASSIST IN INVESTING THIS MONEY, BUT I WILL NOT WANT MY IDENTITY REVEALED. I WILL ALSO WANT TO BUY PROPERTIES AND STOCK IN MULTI-NATIONAL COMPANIES AND TO ENGAGE IN OTHER SAFE AND NON-SPECULATIVE INVESTMENTS. MAY I AT THIS POINT EMPHASIS THE HIGH LEVEL OF CONFIDENTIALITY, WHICH THIS BUSINESS DEMANDS, AND HOPE YOU WILL NOT BETRAY THE TRUST AND CONFIDENCE, WHICH I REPOSE IN YOU IN CONCLUSION, IN THE EVENT YOU ARE INTERESTED TO ASSIST US I WILL LIKE YOU TO CONTACT MY LAWYER WHO I HAVE STATIONED IN HOLLAND TO WITHNESS THE TRANSACTION TO IS CONCLUTION.YOU CAN REACH HIM ON IS DIRECT LINE WHICH IS +31-630-054-343 OR VIA MAIL [EMAIL PROTECTED] HIS NAME IS RICHARD GORDON AND I HAVE THE FULL TRUST IN HIM. I SINCERELY WILL APPRECAITE YOUR ACKNOWLEDGMENT AS SOON AS POSSIBLE. BEST REGARDS, MRS M. SESE SEKO.
Re: cisco as5400 dialing digits
hi gerald, thanks that's worked!!! regards sunil i have noticed the same (using a AS5300) and found a limitation in the create statement of the radacct table in [freeradius-home]/src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sql: ... CalledStationId varchar(10) NOT NULL default '', CallingStationId varchar(10) NOT NULL default '', ... changing this to a bigger value then 10 works good for me. are you really using varchar(32) here? [EMAIL PROTECTED] wrote: hi all, i'm new to free radius... i've RH Linux, Freeradius 0.8, mysql for accounting/cdr (no authentication)... and cisco as5400 as radius client. while making calls, we can see all the attributes are displaying properly in screen (running radius in debug mode). but in the calldetails table (radacct) the digits of calling station and called station are truncated to 10 digits... instead of getting the whole digits. i've checked the field names, there enough space is there (32) can anyone help in this issue TIA regards sunil - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html gerald - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IPv6 + Proxy...
20-Dec-02 at 17:23, Tamer Demir ([EMAIL PROTECTED]) wrote : I know it looks strange but, In an scenario like this: you are a big company and you have a contract with many smaller companies with their own realms. The users which are in this small companies may connect to the Internet by using other small companies' NASes. And in order to solve the accounting conflict between the small companies the big company wants all the data about the authenticating users from all other small companies. Big company just will act as a referee. Is this somehow possible by using proxy option in FreeRADIUS, if yes how? Either all your radius servers are proxies to the big company's radius server(s) or you use something like radrelay and just use the accounting information (which contains the detail you need) you don't need the actual packets that are sent to the user, just the accounting info. -- |-Simon White, Internet Services Manager, Certified Check Point CCSA. |-MTDS Internet, Security, Anti-Virus, Linux and Hosting Solutions. |-MTDS 14, rue du 16 novembre, Agdal, Rabat, Morocco. |-MTDS tel +212.3.767.4861 - fax +212.3.767.4863 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Cisco AV-Pairs Suffix
Sorry, I actually did try that, and many other things before I emailed, guess I should have gone further back in my work. Here is things after I tried your suggestion. bash-2.03# cat /usr/local/etc/raddb/users monkey Auth-Type := System Service-Type = Login-User, DEFAULT Hint == Enable Cisco-AVPair += shell:priv-lvl=15 bash-2.03# cat /usr/local/etc/raddb/hints DEFAULT Suffix = .en, Strip-User-Name = Yes Hint = Enable, Cisco-AVPair + shell:priv-lvl=15 Still same problem. User 'monkey' logs in fine. User 'monkey.en' also logs in fine, but fails to get priv level 15. Matt -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED]] Sent: Friday, December 20, 2002 10:08 AM To: [EMAIL PROTECTED] Subject: Re: Cisco AV-Pairs Suffix Olney, Matthew [EMAIL PROTECTED] wrote: HINTS FILE: === DEFAULT Suffix == .en, Strip-User-Name = Yes Cisco-AVPair += shell:priv-lvl=15 So you're not adding a Hint attribute, like the examples in the hints file do... Try READING the supplied configuration files 'hints' and 'users'. Look for the word 'Hints', and see how it's used. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IPv6 + Proxy...
At 04:05 PM 12/20/2002, you wrote: Tamer Demir [EMAIL PROTECTED] wrote: Is FreeRADIUS IPv6 compatible? What do you mean by that? I mean, can FreeRADIUS understand the authentication packets that comes from a client that has an IPv6 IP address(128)? Since we are planning to use RADIUS in an IPv6 Testbed to authenticate the users. And, after the authentication of the user I want to send (proxy) the authentication packets to another FreeRADIUS server, How can I do that? Why? I know it looks strange but, In an scenario like this: you are a big company and you have a contract with many smaller companies with their own realms. The users which are in this small companies may connect to the Internet by using other small companies' NASes. And in order to solve the accounting conflict between the small companies the big company wants all the data about the authenticating users from all other small companies. Big company just will act as a referee. Is this somehow possible by using proxy option in FreeRADIUS, if yes how? Thanks a lot, Tamer - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IPv6 + Proxy...
At 05:23 PM 12/20/2002, you wrote: 20-Dec-02 at 17:23, Tamer Demir ([EMAIL PROTECTED]) wrote : I know it looks strange but, In an scenario like this: you are a big company and you have a contract with many smaller companies with their own realms. The users which are in this small companies may connect to the Internet by using other small companies' NASes. And in order to solve the accounting conflict between the small companies the big company wants all the data about the authenticating users from all other small companies. Big company just will act as a referee. Is this somehow possible by using proxy option in FreeRADIUS, if yes how? Either all your radius servers are proxies to the big company's radius server(s) or you use something like radrelay and just use the accounting information (which contains the detail you need) you don't need the actual packets that are sent to the user, just the accounting info. Unfortunately, What if big company wants all the detailed informations and also the small companies want all the detailed info too, like MAC address of the users, the beginning and end time of the connection and the small company name that the wireless user connected. Tamer - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco AV-Pairs Suffix
Olney, Matthew [EMAIL PROTECTED] wrote: bash-2.03# cat /usr/local/etc/raddb/users monkey Auth-Type := System Service-Type = Login-User, DEFAULT Hint == Enable Cisco-AVPair += shell:priv-lvl=15 With that configuration, monkey and monkey.en will both match ONLY the first entry. But if you had run the server in debugging mode like is suggest in the FAQ, README, and twice a day on this list, you would have noticed that. The solution is to make your configuration more like the sample 'users' file. READ IT. Especially the 'Auth-Type := System' piece, and the hints that come afterwards. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IPv6 + Proxy...
Tamer Demir [EMAIL PROTECTED] wrote: What do you mean by that? I mean, can FreeRADIUS understand the authentication packets that comes from a client that has an IPv6 IP address(128)? Since we are planning to use RADIUS in an IPv6 Testbed to authenticate the users. And I answered that in my previous message, in text you deleted. In an scenario like this: you are a big company and you have a contract with many smaller companies with their own realms. The users which are in this small companies may connect to the Internet by using other small companies' NASes. And in order to solve the accounting conflict between the small companies the big company wants all the data about the authenticating users from all other small companies. Big company just will act as a referee. Is this somehow possible by using proxy option in FreeRADIUS, if yes how? No. Use radrelay. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Cisco AV-Pairs Suffix
Thanks for your help Alan, your hints gave me the right thing to look at. For the curious here is the corrected configuration: bash-2.03# cat /usr/local/etc/raddb/users DEFAULT Hint == Enable, Auth-Type := System Service-Type = Login-User, Cisco-AVPair += shell:priv-lvl=15 monkey Auth-Type := System Service-Type = Login-User, bash-2.03# cat /usr/local/etc/raddb/hints DEFAULT Suffix = .en, Strip-User-Name = Yes Hint = Enable, Cisco-AVPair += shell:priv-lvl=15 Thanks again! Matt -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED]] Sent: Friday, December 20, 2002 11:48 AM To: [EMAIL PROTECTED] Subject: Re: Cisco AV-Pairs Suffix Olney, Matthew [EMAIL PROTECTED] wrote: bash-2.03# cat /usr/local/etc/raddb/users monkey Auth-Type := System Service-Type = Login-User, DEFAULT Hint == Enable Cisco-AVPair += shell:priv-lvl=15 With that configuration, monkey and monkey.en will both match ONLY the first entry. But if you had run the server in debugging mode like is suggest in the FAQ, README, and twice a day on this list, you would have noticed that. The solution is to make your configuration more like the sample 'users' file. READ IT. Especially the 'Auth-Type := System' piece, and the hints that come afterwards. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IPv6 + Proxy...
20-Dec-02 at 17:39, Tamer Demir ([EMAIL PROTECTED]) wrote : At 05:23 PM 12/20/2002, you wrote: 20-Dec-02 at 17:23, Tamer Demir ([EMAIL PROTECTED]) wrote : I know it looks strange but, In an scenario like this: you are a big company and you have a contract with many smaller companies with their own realms. The users which are in this small companies may connect to the Internet by using other small companies' NASes. And in order to solve the accounting conflict between the small companies the big company wants all the data about the authenticating users from all other small companies. Big company just will act as a referee. Is this somehow possible by using proxy option in FreeRADIUS, if yes how? Either all your radius servers are proxies to the big company's radius server(s) or you use something like radrelay and just use the accounting information (which contains the detail you need) you don't need the actual packets that are sent to the user, just the accounting info. Unfortunately, What if big company wants all the detailed informations and also the small companies want all the detailed info too, like MAC address of the users, the beginning and end time of the connection and the small company name that the wireless user connected. They get all that, have you looked at an accounting record? -- |-Simon White, Internet Services Manager, Certified Check Point CCSA. |-MTDS Internet, Security, Anti-Virus, Linux and Hosting Solutions. |-MTDS 14, rue du 16 novembre, Agdal, Rabat, Morocco. |-MTDS tel +212.3.767.4861 - fax +212.3.767.4863 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PEAP support
Lars, I got stuck at part-II. After the server send the first packet (Request for Identity, after confirm with Microsoft it is one byte of value 1) in the TLS channel, there is no response from XP client. Any chance you might look into this in near future such that we might team up together to work this out? or someone else might be interested in tackling this? Thanks. -Paul Lars I am using the EAP-TLS code base and tweek it to work up to the point of finishing PEAP Part I. Now XP can talk to my prototype up to the Part I. Cool! Now I am getting into the Part II to send EAP packet under TLS tunnel. Could you suggest where to add the Part II code given the EAP-TLS code base? and how to bootstrap EAP code assuming everything recursively happening again? Sorry, I haven't had time to look closely at this. However, obviously you would like to hook into the rlm_eap module to be able to reuse the existing EAP machinery. I suspect you'll have to modify this module slightly to allow this. (PEAP is actually EAP-TLS-EAP, am I right?) I guess you could say that it is EAP-TLS-EAP-X, where X is any EAP method. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Buy a new car at 1% over invoice!
Did you Know? You can buy America's top selling vehicles at 1% over invoice?* Click Here to Sign Up Now for FREE! http://redir.impulsive.com/redir.php?id=2817u=517364333b=5632 Look at the list to choose from: - Ford Explorer - Ford F-150 - Chevrolet Silverado - Ford Taurus - Honda Accord - Toyota Camry - Ford Focus - Jeep Cherokee - Chevrolet Cavalier - Nissan Altima - Dodge Ram - Honda Civic - Ford Ranger - Jeep Liberty - Chevrolet Tahoe To sign up now for FREE, click here. http://redir.impulsive.com/redir.php?id=2817u=517364333b=5632 *Only at StoneAge participating Dealers. Prices may vary depending on local market conditions or based on the configuration of the vehicle. StoneAge.com has been widely recognized as one of the nation's top automotive buying services since 1996. Headquartered in the Motor City, StoneAge.com is improving the car buying experience for thousands of consumers each day. It currently serves 2,000,000 customers monthly, and maintains an extensive network of top-related car dealerships. Click here. http://redir.impulsive.com/redir.php?id=2817u=517364333b=5632 This Email Is Brought To You By EmailHello brWe appreciate your patronage, and thank you for opting in To cancel your subscription to this newsletter, A href=http://www.yipit.com/list_remove.php?[EMAIL PROTECTED]source_id=15mojo=517364333;click here/A.br!-- LN.NORTSIC.STSIL@SRESU-SUIDAREERF -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Bir suikasti doðru okumak - Hablemitoðlu suikasti isaret fisegi
Türkiye yeni döneme 1) Ýktidara gelir gelmez yanýna bir Ermeni patriðini alarak, Hristiyan kliselerine mülkiyet hakký tanýyacaklarýný açýklayan dünyadaki tek Ýslamcý parti ünvanýna sahip bir AKP, 2) Türk ordusu ile iþgal kelimesini yanyana kullanan bir dýþiþleri bakaný (Rum deðil Türk), 3) Yaþam sýnýrýna geldikleri için her türlü ahlaksýz teklife açýk hale gelen ve sýrtýna çantasýný alýp Avrupa'ya gidebileceði gibi ham hayallere kapýldýðý için her türlü tarihsel, kültürel ve milli bilinçten yoksun omurgasýzlaþtýrýlan bir halk, 5) Türkiye'nin küçük bir aynasý haline getirilen Kuzey Kýbrýs Türk Cumhuriyeti'nde Rum/AB rüþvetine sarýlan kýþkýrtýlmýþ kitle ile Türkler arasýnda iyice gerilen bir ortam ve bu gerilimi, Mehmet Ali Birand , Çengiz Çandar gibi aldýklarý parayý sonuna kadar hakeden kalemler aracýlýðý ile iyice týrmandýran, yabancý istihbarat örgütlerinin propaganda aracý haline dönüþen bir basýn, 4) Ülke savaþa sürüklenip, ülke topraklarý ABD'nin üssü haline gelirken, hala imam hatiplerdeki baþörtüsü sorununa müdahil olmaya çalýþarak, ülkede milliyetçilikle müslümanlýklýk arasýnda çizgi çizmeye çalýþanlarýn ekmeðine yað süren bir MGK baþkaný ile girmiþken, Türkiye'deki yabancý istihbarat örgütlerinin nasýl cirit attýðýna dair çalýþmalarý ile tanýnan ve en son Alman vakýflarýna yönelik çalýþmasý, Almanya'yý ciddi þekilde rahatsýz eden (AKP'nin son Avrupa seferindeki gözden kaçan tavizlerden biri - Kýbrýs'ýn verildiði bir masada Alman vakýflarýna yönelik baskýnýn arka plana itilmesi yolunda verilen tavizin lafý mý olur) Doçent Dr. Necip Hablemitoðlu bir suikaste kurban gitmiþtir. Hablemitoðlu bir çok açýdan önemli bir isimdir : 1) Uður Mumcu'dan sonra yabancý istihbarat ajanslarý(Alman, ABD, Ýngiliz, Ýsrail) ve bunlarýn paravan örgütlerine yönelik en ciddi çalýþmalardan birini yapan isimdir. Bu çalýþmalarý Almanya baþta olmak üzere Türkiye'yi yörüngelerinde sabitleþtirmek isteyen emperyal güçleri ciddi þekilde rahatsýz etmiþtir. 2) Ayný zamanda, Müslüman olduðu zannedilen fakat Türkiye'de Ýslamý Hristiyanlaþtýrmak (dinler arasý diyalog senaryolarý) gibi bir misyon verilen Fettullahçý kadrolara yönelik çalýþmalarý, Ýslam üzerinden yapýlacak manipülasyonlara açýk kapý býrakmaktadýr. 3) Hablemitoðlu, Türklerin Ýslamiyet öncesi köklerine aðýrlýk veren bir isimdir. Bu özelliði ile zaman zaman, Türklük ile Ýslam arasýnda çizgi çekmek isteyen ve bu yolla toplumdaki muhafazakar çevreleri diðerlerinden ayrýþtýrmayý planlayanlar tarafýndan suistimal edilmiþtir. 4) Devlet içinde baðýmsýz ve büyük Türkiye için çabalayan kadrolarla yakýn temas halindedir. Bu kadrolar, büyük fakat jandarma Türkiye ile büyük fakat koloni Türkiye isteyen kadrolara karþý mücadele halindedir. Hablemitoðlu suikastinin arkasýndaki güçler konusunda bütün bu arka plana raðmen somut bir þey söylemek zor olsa da, cinayetin hemen sonrasýnda medyaya yansýtýlan bilgilerin niteliði, suikastin planlamasýnýn kurþun aþamasý ile sýnýrlý tutulmadýðý ve sonrasýnýn da düþünüldüðü þüphesi uyandýrýyor. .. Cinayetle ilgili kamuoyunu çabuk yargý vermeye ve soruþturmayý yürütenleri de yanlýþ yönlendirebilecek bir bilgi akýþý gözlenmektedir. Sadece bir kýsmý alýnabilen bir araba plakasýnýn hemen basýna yansýmasý ve Hablemitoðlu'nun bomba tehditleri aldýðý için arabasýnýn kapýsýný uzaktan açmaya baþladýðý (bu artýk herkesin yaptýðý bir uygulamadýr ve bombalý saldýrýya tedbir niteliði taþýmaz) ve dolayýsý ile saldýrganlarýn bunu haber alarak silahla öldürmeye karar vermiþ olabilecekleri yolundaki medya tespitleri bu kuþkularý arttýrmaktadýr. Bu suikastin arkasýnda dýþ güçler var ise, bunlarýn izini HaberTurk gibi bu gibi zamanlarda çok deðerli kamuoyu oluþturma iþlevi görmek için kurulmuþ olan basýn-yayýn organlarýný takip ederek rahatça görebilirsiniz. Psikolojik savaþýn paralý askerleri paralarýný bu gibi zamanlarda hakederler. Türkiye 2023 olarak Hablemitoðlu suikasti hakkýnda yukarýdaki tespitlere dayanarak kolaycý çýkarýmlar yapmak yerine, þu deðerlendirmemizi dikkatinize sunmak istiyoruz : ABD'nin Irak'a yerleþmesi esas planda sadece bir ara adým olup, esas plan bölgenin yeniden yapýlanmasýdýr. Bu yapýlanma, Türkiye içindeki güç mücadelesinin de sonucuna baðlý olarak Türkiye'yi de içermektedir. Türkiye 2023, ABD'nin Irak'a yerleþmesini tamamlamasýndan sonra (bu illa Baðdat'ýn iþgali ve Saddam'ýn devrilmesi anlamýna gelmemektedir), Türkiye'yi de planlarý arasýna dahil eden güçlerin planlarý doðrultusunda, milliyetçilik-din ekseninde çalkantýlar beklemektedir. Fakat Hablemitoðlu cinayeti, bu çalkantýlarýn tahminimizden de erken gelen bir iþaret fiþeðidir. Bu çerçevede toplumu gittikçe gerginleþtirilen ve polarize edilen Kuzey Kýbrýs Türk Cumhuriyeti ile , dýþ güçlerin maþasý olma konusunda çok aceleci ve acemi davranan AKP'nin, iktidarda olduklarýný zannederek askeri-oligarþik güçlere karþý seslerini daha sert bir biçimde yükseltmeye baþlayacak olan kýrýlgan tabaný (Vakit'in bugün attýðý Ýþine
EAP-LEAP and LDAP pwds in MS-CHAP
Hi FreeRADIUS users, I'm looking for a solution-- I'm hoping someone can help... (Please forgive my mention of a commercial RADIUS vendor!) We are going to implement a wireless LAN and will be using Cisco LEAP and an existing LDAP directory for authentication to the internal piece of the wireless network. LEAP requires an MD4 (MS-CHAP) password for authentication. We have tested Funk Steel-Belted RADIUS for this authentication against LDAP. However, since we have a non-Microsoft LDAP server (iPlanet) which can only store passwords in clear text, SHA or crypt we are forced to store a clear text password in LDAP so that Funk SBR can handle the hashing. We would like to store the MS-CHAP passwords in LDAP and point Funk SBR to that instead, but their LDAP module only knows how to process clear text, SHA or crypt. (we're trying to convince them to write a custom authentication module, but we'll see...) In the meantime, I'd like to try the following set up-- any ideas on if it will work? Cisco Aironet Access Point | | | Funk SBR RADIUS | | | (RADIUS proxy) FreeRADIUS (local password file with LDAP username and MS-CHAP password. This info would be written to the file by a special script invoked when a user changes their password on our password change web page.) Alternatively, if FreeRADIUS can pull the MS-CHAP passwords directly from LDAP and pass them on to Funk SBR for the LEAP conversation, that would be fine too. thanks! Jennifer --- Jennifer Mehl Network Administrator, IT - Network Services Whitehead Institute for Biomedical Research (MIT) 5 Cambridge Center Cambridge MA 02142 617.258.8930 voice 617.258.5121 fax [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-LEAP and LDAP pwds in MS-CHAP
Jennifer Mehl [EMAIL PROTECTED] wrote: We are going to implement a wireless LAN and will be using Cisco LEAP and an existing LDAP directory for authentication to the internal piece of the wireless network. LEAP requires an MD4 (MS-CHAP) password for authentication. Yuck. FreeRADIUS doesn't have LEAP yet, otherwise you could toss Funk completely. ... | (RADIUS proxy) FreeRADIUS (local password file with LDAP username and MS-CHAP password. This info would be written to the file by a special script invoked when a user changes their password on our password change web page.) FreeRADIUS can do that, so long as the LEAP packets aren't proxied to it. Alternatively, if FreeRADIUS can pull the MS-CHAP passwords directly from LDAP and pass them on to Funk SBR for the LEAP conversation, that would be fine too. That's generally a bad idea, and I doubt Funk supports doing it. But for less than the price of buying Funk's server, you could probably pay somone to implement LEAP in FreeRADIUS. You could then have a *real* RADIUS server with complete source. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
users file reloading
Hi All, I'm authenticating ISDN users from users file while normal dialup users are authenticated from Oracle database. Every time I add an ISDN user, I need to stop and start the freeRADIUS instance. I want to know if I can reload the users file without stopping and starting the freeRADIUS. Regards, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: users file reloading
judging by the documentation and sample scripts, it looks like you can use kill -HUP on radiusd's PID, which will cause it to reload the config files, without restarting the radius server. that said, restarting the radius daemon doesn't log everyone out (whereas a dialin server restarting itself without disconnecting people may make radius think so, until the accounting packets come in) Andrew Pilley On Sat, Dec 21, 2002 at 08:10:04AM +0400, Wisam Najim wrote: Hi All, I'm authenticating ISDN users from users file while normal dialup users are authenticated from Oracle database. Every time I add an ISDN user, I need to stop and start the freeRADIUS instance. I want to know if I can reload the users file without stopping and starting the freeRADIUS. Regards, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
