Re: AS5300, selecting IP pool
You just cant get radius send the required attribute or it sends the attribute but the as5300 somehow doesnt care? Here is a good example(although this is not actually freeradius) http://lists.cistron.nl/pipermail/cistron-radius/2001-July/001555.html Evren On Wed, 8 Jan 2003, Nader Skaros wrote: > > Hi Guys, > > Im a bit of a newbie when it comes to access servers, but we have got a cisco as5300 >for our dialup customers and also our admin. We would like two different ip-address >pools, and securing users access using ACL's. > > Would anyone be able to give me a quick rundown on how to do this? I have tried many >different ways of doing this and in each case I just cant get free radius to send the >Cisco-AVPair attribute over. the nas keeps giving ip's from the default pool > > Thanx in advance > =) > > > MyVoice http://www.myvoiceonline.net > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(no subject)
Hi Guys, Im a bit of a newbie when it comes to access servers, but we have got a cisco as5300 for our dialup customers and also our admin. We would like two different ip-address pools, and securing users access using ACL's. Would anyone be able to give me a quick rundown on how to do this? I have tried many different ways of doing this and in each case I just cant get free radius to send the Cisco-AVPair attribute over. the nas keeps giving ip's from the default pool Thanx in advance =) MyVoice http://www.myvoiceonline.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Solaris Issue
hi all, when i type the command /usr/ccs/bin/ld /usr/local/openldap/lib/libldap.so SSL_get_error /usr/local/openldap/lib/libldap.so sk_value /usr/local/openldap/lib/libldap.so ber_memalloc /usr/local/openldap/lib/libldap.so ber_strdup /usr/local/openldap/lib/libldap.so ber_sockbuf_free /usr/local/openldap/lib/libldap.so ERR_get_error_line /usr/local/openldap/lib/libldap.so SSL_load_client_CA_file /usr/local/openldap/lib/libldap.so SSL_free /usr/local/openldap/lib/libldap.so X509V3_EXT_d2i /usr/local/openldap/lib/libldap.so res_query /usr/local/openldap/lib/libldap.so SSL_pending /usr/local/openldap/lib/libldap.so ber_skip_tag /usr/local/openldap/lib/libldap.so ERR_peek_error /usr/local/openldap/lib/libldap.so SSL_get_peer_certificate /usr/local/openldap/lib/libldap.so ber_pvt_log_print /usr/local/openldap/lib/libldap.so ber_alloc_t /usr/local/openldap/lib/libldap.so SSL_read /usr/local/openldap/lib/libldap.so ber_sockbuf_add_io /usr/local/openldap/lib/libldap.so sk_num /usr/local/openldap/lib/libldap.so SSL_accept /usr/local/openldap/lib/libldap.so X509_NAME_oneline /usr/local/openldap/lib/libldap.so connect /usr/local/openldap/lib/libldap.so ld: fatal: Symbol referencing errors. No output written to a.out is it relate to the compile problem? Brian chris wrote: >Just jumpin' in here real quick without knowin' the full story... just >trying to help: > >Check your LD_LIBRARY_PATH env var. Make sure it has a path to your SSL >libs. > >Also, you can use a linker option to include the path. If you're using GCC, >add a -R /path/to/lib in the makefile in the appropriate place. > >Good luck. > >Chris Bunnell >Senior Engineer - Network Implementation >Avantac Technologies, Inc. - Formerly Sonic Internet Services >9719 Lincoln Village Drive #503 >Sacramento, CA. 95827 >(916) 854-5940 >www.avantac.com > >- Original Message - >From: "Frank Cusack" <[EMAIL PROTECTED]> >To: "Brian Leung" <[EMAIL PROTECTED]> >Cc: <[EMAIL PROTECTED]> >Sent: Monday, January 06, 2003 5:49 PM >Subject: Re: Solaris Issue > > > > >>No idea what the problem was. You didn't quote the original message. >>/fc >> >>On Tue, Jan 07, 2003 at 09:46:27AM +0800, Brian Leung wrote: >> >> >>>hi all, >>> >>>i think the problem may be caused by the fact that the freeradius can't >>>find the ssl library but i already tried to compile the ssl lib in >>>/usr/local/lib. is there any method to specify the path of ssl library >>>before compile the radius? >>>thank you >>> >>>Brian >>> >>> >>> >>- >>List info/subscribe/unsubscribe? See >> >> >http://www.freeradius.org/list/users.html > > > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: NT auth ...
Might I recommend you look at the possibility of proxy radius to the nt/w2k server which has "Internet Autentication Service" (installed in windows components) configured with remote access policies ? Rodrigo Hidalgo wrote: Hi all, New to this list, hopefully you can help me with my question. Setup: FreeRadius 0.8 PM3 | Radius_server using module rlm_smb | NT_domain_controller My question is can i with rlm_smb deny a user access when the domain user has "grant dialin permission" denied ?? If no is there any other way to get this working ?? PAM maybe. BR Rodrigo Hidalgo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error about:rlm_eap_md5: No password configured for this user.
Thanks for the responses to my queries. I have the EAP/MD5 working with the win2k supplicant across a Nortel BS450 switch. users.conf: lunatic Auth-Type := Local, User-Password = "test" clients.conf: client 192.168.17.247 { secret = test shortname = bs450_1 nastype = other } radius.conf is as in the EAP-MD5 howto, only difference might be I installed freeradius 0.8.1 I guess my big dissapointent is the user password is in clear text in the /etc/raddb/users.conf file. Which is just another administrative task to maintain. Anyone have ideas/suggestions/experience to utilize an already existing, perhaps more centralized management for the EAP user/passwords ? thanks very much. -- Shawn Adams [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius vs SteelBelted, Tuning of Ports and Packets. Logs included!!!
Marnix Petrarca <[EMAIL PROTECTED]> wrote: > The windows client gives an error-message: Error 734: The PPP link control > protocol was terminated. The latest trailing messages logged by my > FreeRadius daemon are different from the first, which leads me to think I > have a combined problem: It seems I forgot to chown radius to the > appropriate directories - am checking that out currently. That shouldn't affect authentication. But if your PPP daemon gives little information about WHY the connection was terminated, then it makes the problem MUCH more difficult to solve. > *** Contents of my users file, which has simple entries for testing as yet: > I'm still confused which attributes should work the same way as the > Steel-Belted ''Standard Radius", The standard RADIUS attributes, as defined in the RFC's, should work the same. The others are server-specific, and may not work the same. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: NT auth ...
Rodrigo Hidalgo <[EMAIL PROTECTED]> wrote: > My question is can i with rlm_smb deny a user access when the domain user > has "grant dialin permission" denied ?? No. The SMB module only does password checking. If you want something else to happen, you need to use another module in addition to rlm_smb. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: user subnet
Joe Maimon wrote: You can use the Framed-Route attribute in your reply if the Ascend box supports it and limit the login to once. Limiting the times the user is logged in wasn't my goal.. My goal was to assign user xyz to a certain range of ips.. Sorry about the confusion.. -- Rock River Internet Roger Grunkemeyer 202 W. State St, 8th Floor[EMAIL PROTECTED] Rockford, IL 61101815-968-9888 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius0.8+RH8.0+Oracle9i: problem - growing of connections
Ruslan Spivak <[EMAIL PROTECTED]> wrote: > I have noticed this problem with my configuration: > > Freeradius0.8 + RH8.0 + Oracle9i > > I can see that number of connections to my DB constantly grows: Upgrade to 0.8.1. The problem is fixed there. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Solaris Issue
Just jumpin' in here real quick without knowin' the full story... just trying to help: Check your LD_LIBRARY_PATH env var. Make sure it has a path to your SSL libs. Also, you can use a linker option to include the path. If you're using GCC, add a -R /path/to/lib in the makefile in the appropriate place. Good luck. Chris Bunnell Senior Engineer - Network Implementation Avantac Technologies, Inc. - Formerly Sonic Internet Services 9719 Lincoln Village Drive #503 Sacramento, CA. 95827 (916) 854-5940 www.avantac.com - Original Message - From: "Frank Cusack" <[EMAIL PROTECTED]> To: "Brian Leung" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, January 06, 2003 5:49 PM Subject: Re: Solaris Issue > No idea what the problem was. You didn't quote the original message. > /fc > > On Tue, Jan 07, 2003 at 09:46:27AM +0800, Brian Leung wrote: > > hi all, > > > > i think the problem may be caused by the fact that the freeradius can't > > find the ssl library but i already tried to compile the ssl lib in > > /usr/local/lib. is there any method to specify the path of ssl library > > before compile the radius? > > thank you > > > > Brian > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
NT auth ...
Hi all, New to this list, hopefully you can help me with my question. Setup: FreeRadius 0.8 PM3 | Radius_server using module rlm_smb | NT_domain_controller My question is can i with rlm_smb deny a user access when the domain user has "grant dialin permission" denied ?? If no is there any other way to get this working ?? PAM maybe. BR Rodrigo Hidalgo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Netware LDAP & free Radius
Lyle: I have been using FreeRadius against Novell LDAP(Netware 5.1) for over a year now. It works like a dream... there were a few small tweaks I needed to get it working, but nothing major. I would have to go back and look at my notes, but I believe the main things were to create a "CN" LDAP attribute, allow anonymous BINDs to NDS LDAP, and make the CN attribute readable to "Public". I would recommend setting up server and do some ldapsearches against it to get the correct DN attributes and see what is available via your current LDAP setup. Regards, Mark Capelle (CNE5, CNE4, A+) Senior Network Administrator Message: 5 From: "Lyle Giese" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: Netware LDAP & free Radius Date: Sat, 4 Jan 2003 09:29:40 -0600 Reply-To: [EMAIL PROTECTED] I am playing with freeRadius a bit and had a question. Has anyone built freeRadius to connect to a Netware 5(or higher) via LDAP for authenication? This seems interesting as one of my clients wants a VPN solution and we want to keep user administration tasks to a minum by utilizing the existing user database in Netware. I worked with Novell's VPN solution and it has some severe drawbacks deep down inside. I am looking at Wolverine now as the VPN server and could use a way to intregrate the user database via LDAP or another method. Thanks, Lyle - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius0.8+RH8.0+Oracle9i: problem - growing of connections
Hello, freeradius users! I have noticed this problem with my configuration: Freeradius0.8 + RH8.0 + Oracle9i I can see that number of connections to my DB constantly grows: select status, count(*) from v$session group by status; and in 3-4 days number of allowed connections to my db exceeds and i need to restart my freeradius, after that it's ok. Can you point me what's the problem and how to solve it? Your help is very, very appreciated. Tahnks in advance, Ruslan. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius vs SteelBelted, Tuning of Ports and Packets. Logs included!!!
Ready to process requests. rad_recv: Access-Request packet from host 10.10.254.252:1812, id=243, length=107 NAS-Identifier = "GS5.gv-C1" User-Name = "job" User-Password = "x" NAS-IP-Address = 10.10.254.252 NAS-Port-Type = Virtual Calling-Station-Id = "316" Called-Station-Id = "xxx.nl" Acct-Session-Id = "344a07911ea9" modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_chap: Could not find proper Chap-Password attribute in request modcall[authorize]: module "chap" returns noop modcall[authorize]: module "mschap" returns notfound rlm_realm: No '@' in User-Name = "job", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched job at 80 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password matches local User-Password Login OK: [job/kunst] (from client nas1.kpn.com port 0 cli 31620017455) Sending Access-Accept of id 243 to 10.10.254.252:1812 Service-Type = Login-User Framed-Protocol = PPP Framed-IP-Address = 10.10.0.4 Framed-IP-Netmask = 255.255.255.255 Framed-Routing = Broadcast-Listen Framed-Filter-Id = "std.ppp" Framed-MTU = 1500 Framed-Compression = Van-Jacobson-TCP-IP Finished request 0 Going to the next request SMUX connect try 2 Can't connect to SNMP agent with SMUX: Connection refused --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Accounting-Request packet from host 10.10.254.252:1812, id=244, length=135 NAS-Identifier = "GS5.gv-C1" User-Name = "job" Acct-Status-Type = Start NAS-IP-Address = 10.10.254.252 NAS-Port-Type = Virtual Calling-Station-Id = "316" Called-Station-Id = "xxx.nl" Acct-Session-Id = "344a07911ea9" Framed-IP-Address = 10.10.0.4 X-Ascend-IPX-Alias = 0x0204088149f9 X-Ascend-Metric = 43294 X-Ascend-PRI-Number-Type = 0 X-Ascend-Dial-Number = "\221\007J4" X-Ascend-Route-IP = 2433174055 modcall: entering group preacct modcall[preacct]: module "preprocess" returns noop rlm_realm: No '@' in User-Name = "job", looking up realm NULL rlm_realm: No such realm NULL modcall[preacct]: module "suffix" returns noop modcall[preacct]: module "files" returns noop modcall: group preacct returns noop modcall: entering group accounting rlm_acct_unique: WARNING: Attribute 87 was not found in request, unique ID MAY be inconsistent rlm_acct_unique: Hashing ',Client-IP-Address = 10.10.254.252,NAS-IP-Address = 10.10.254.252,Acct-Session-Id = "344a07911ea9",User-Name = "job"' rlm_acct_unique: Acct-Unique-Session-ID = "a5045ec781c51f68". modcall[accounting]: module "acct_unique" returns ok radius_xlat: '/usr/local/var/log/radius/radacct/10.10.254.252/detail-20030107' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.10.254.252/detail-20030107 rlm_detail: Failed to create directory /usr/local/var/log/radius/radacct/10.10.254.252: Permission denied modcall[accounting]: module "detail" returns fail modcall: group accounting returns fail Finished request 1 Going to the next request SMUX connect try 3 Can't connect to SNMP agent with SMUX: Connection refused Cleaning up request 1 ID 244 with timestamp 3e1af415 rl_next: returning NULL Waking up in 6 seconds... rad_recv: Accounting-Request packet from host 10.10.254.252:1812, id=244, length=135 NAS-Identifier = "GS5.gv-C1" User-Name = "job" Acct-Status-Type = Start NAS-IP-Address = 10.10.254.252 NAS-Port-Type = Virtual Calling-Station-Id = "316" Called-Station-Id = "xxx.nl" Acct-Session-Id = "344a07911ea9" Framed-IP-Address = 10.10.0.4 X-Ascend-IPX-Alias = 0x0204088149f9 X-Ascend-Metric = 43294 X-Ascend-PRI-Number-Type = 0 X-Ascend-Dial-Number = "\221\007J4" X-Ascend-Route-IP = 2433174055 Here the weird stuff starts happening, probably due to my forgetting to chown radius to the various dirs. modcall: entering group preacct modcall[preacct]: module "preprocess" returns noop rlm_realm: No '@' in User-Name = "job", looking up realm NULL rlm_realm: No such realm NULL modcall[preacct]: module "suffix" returns noop modcall[preacct]: module "files" returns noop modcall: group preacct returns noop modcall: entering group accounting rlm_acct_unique: WARNING: Attribute 87 was not found in request, unique ID MAY be inconsistent rlm_acct_unique: Hashing ',