SecureID support
I have searched the mail archive for posts on SecureID support. I found a couple of hits from back in 2001. Does FreeRADIUS support SecureID today? Thank You --- Jay Wilson Extreme Networks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Orinoco Shared Key Problem - RE: FR and Orinoco AP2000
Maybe try changing your NAS type to other? -- AA7C EF9F 451F E4AF EB1E 7212 BA37 2882 E813 5B02 -- Jay DeSotel Systems Administrator InterLink L.C. [EMAIL PROTECTED] On Thu, 9 Oct 2003, Joe Antkowiak wrote: Ok, so I read a little more, and it looks like there is a problem with my shared secret, on the orinoco side. I've entered and re-entered the shared secret on the orinoco AP to no avail. Just to make sure it works, I tried this exact config with a cisco AP and it works fine. Is there something special I have to do when getting an Orinoco AP to talk to freeradius, ie to/for the shared key? What NAS type should I use? (Would that have anything to do with this?) It only authenticates because I have Auth-Type := Accept set on every mac address user. -Joe Hi, I'm stumped. We have a few orinico AP-2000's that we're trying to set up mac-address control through radius. The authentication works fine. The shared secrets are correct, everything's configured right, etc... Accounting, however, doesn't. When freeradius 0.9.1 (and 0.9.0) receives an accounting request from any AP2000, it complains that the shared secret is not the same, and rejects it. Now, I've read all the e-mails I could find about this, and I've tried all kinds of things, and I still can't get it to work, with freeradius. On an off chance, I tried it with cistron radius instead, with basicly the same exact configuration, and wa-la, everything works! This is the account record that the AP sends back to radius (as recorded by cistron): Thu Oct 9 14:06:52 2003 User-Name = 00-0c-41-0c-f3-ea Acct-Session-Id = 00-0c-41-0c-f3-ea NAS-Identifier = wolfe-ap1 NAS-IP-Address = 66.92.46.190 NAS-Port = 2 NAS-Port-Type = 19 Acct-Authentic = RADIUS Acct-Status-Type = Start Client-IP-Address = 66.92.46.190 Timestamp = 1065722812 Request-Authenticator = Unverified I did however notice the following statistics on the orinoco: Primary Authentication Server Access Requests 1 Access Accepts 1 Access Retransmissions 3 Access Rejects 0 Access Challenges 0 Malformed Access Responses 0 Authentication Bad Authenticators 1 ? Timeouts 3 Primary Accounting Server Accounting Requests 1 Accounting Retransmissions 0 Accounting Responses 1 Accounting Bad Authenticators 1 ? And any password being passed to radius comes back in a jumbled string of letters and numbers, about 50 characters long. This is my freeradius config: clients: 66.92.46.190 ss clients.conf: client 66.92.46.190 { secret = ss nastype = portslave shortname = wolfe1-ap1 } naslist: 66.92.46.190wolfe1-ap1 portslave Anyone have any ideas? I'd really like to use freeradius, I want mysql. Thanks in advance. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Orinoco Shared Key Problem - RE: FR and Orinoco AP2000
It uses it figure out how to detect double logins, I think. -- AA7C EF9F 451F E4AF EB1E 7212 BA37 2882 E813 5B02 -- Jay DeSotel Systems Administrator InterLink L.C. [EMAIL PROTECTED] On Thu, 9 Oct 2003, Joe Antkowiak wrote: Tried that too... is there another one I need to use maybe? orinoco uses lucent gear... But would that cause this kind of problem? What exactly does the NAS-type make radius do differently? Maybe try changing your NAS type to other? -- AA7C EF9F 451F E4AF EB1E 7212 BA37 2882 E813 5B02 -- Jay DeSotel Systems Administrator InterLink L.C. [EMAIL PROTECTED] On Thu, 9 Oct 2003, Joe Antkowiak wrote: Ok, so I read a little more, and it looks like there is a problem with my shared secret, on the orinoco side. I've entered and re-entered the shared secret on the orinoco AP to no avail. Just to make sure it works, I tried this exact config with a cisco AP and it works fine. Is there something special I have to do when getting an Orinoco AP to talk to freeradius, ie to/for the shared key? What NAS type should I use? (Would that have anything to do with this?) It only authenticates because I have Auth-Type := Accept set on every mac address user. -Joe Hi, I'm stumped. We have a few orinico AP-2000's that we're trying to set up mac-address control through radius. The authentication works fine. The shared secrets are correct, everything's configured right, etc... Accounting, however, doesn't. When freeradius 0.9.1 (and 0.9.0) receives an accounting request from any AP2000, it complains that the shared secret is not the same, and rejects it. Now, I've read all the e-mails I could find about this, and I've tried all kinds of things, and I still can't get it to work, with freeradius. On an off chance, I tried it with cistron radius instead, with basicly the same exact configuration, and wa-la, everything works! This is the account record that the AP sends back to radius (as recorded by cistron): Thu Oct 9 14:06:52 2003 User-Name = 00-0c-41-0c-f3-ea Acct-Session-Id = 00-0c-41-0c-f3-ea NAS-Identifier = wolfe-ap1 NAS-IP-Address = 66.92.46.190 NAS-Port = 2 NAS-Port-Type = 19 Acct-Authentic = RADIUS Acct-Status-Type = Start Client-IP-Address = 66.92.46.190 Timestamp = 1065722812 Request-Authenticator = Unverified I did however notice the following statistics on the orinoco: Primary Authentication Server Access Requests 1 Access Accepts 1 Access Retransmissions 3 Access Rejects 0 Access Challenges 0 Malformed Access Responses 0 Authentication Bad Authenticators 1 ? Timeouts 3 Primary Accounting Server Accounting Requests 1 Accounting Retransmissions 0 Accounting Responses 1 Accounting Bad Authenticators 1 ? And any password being passed to radius comes back in a jumbled string of letters and numbers, about 50 characters long. This is my freeradius config: clients: 66.92.46.190 ss clients.conf: client 66.92.46.190 { secret = ss nastype = portslave shortname = wolfe1-ap1 } naslist: 66.92.46.190wolfe1-ap1 portslave Anyone have any ideas? I'd really like to use freeradius, I want mysql. Thanks in advance. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
pam_winbind and pam_radius thru NT domains
Hi All, Good Day! My NT domains users can already login to my redhat 7.3 using the pam_winbind module. However, when I try to use it in my Cisco using a PAP authentication, I can't authenticate using NT domain users to cisco terminal server. When I check in cisco terminal server, the username and async modem stay only form around 15 seconds and hang up my RAS connections. See my logs below:- Do I need pam_radius module to enable to authenticate my RAS clients using freeradius for this kind of setup beside of my pam_winbindd modules? Any suggestion and advise are very welcome and appreciated. Many thanks. Ready to process requests. rad_recv: Access-Request packet from host 10.76.16.3:1645, id=12, length=76 NAS-IP-Address = 10.76.16.3 NAS-Port = 65 NAS-Port-Type = Async User-Name = jungab User-Password = s1langan Service-Type = Framed-User Framed-Protocol = PPP modcall: entering group authorize modcall[authorize]: module preprocess returns ok rlm_chap: Could not find proper Chap-Password attribute in request modcall[authorize]: module chap returns noop modcall[authorize]: module mschap returns ok rlm_realm: No '@' in User-Name = jungab, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop users: Matched DEFAULT at 152 users: Matched DEFAULT at 157 modcall[authorize]: module files returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type SMB auth: type SMB modcall: entering group authtype Regards Jay Ungab Jardine Direct Company Inc - OSSC 3/F, Jardine Davies Building 222 Sen. Gil J. Puyat Avenue Makati City, Philippines Telephone: +63 2 8920190 extension 231 Voice/IP (from ATL Devon): 50-1110-231 Fax: +63 2 8939569 Network Team Mobile: +63 918 9225905 Email: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
centralised authentication (freeradius using pam_windbind thru NT domains)
Hi All, I have a queries. The following scenario are already implemented in my heterogenous systems test site. I already centralise my authentication to use the NT domain using a pam_windbind module. Any NT domain users can login already to my unix box using the account in our NT domain machine server. My real problem persist are for my RAS authentication. I setup my freeradius using a redhat 7.3 OS to use the autheticate to my NT domains users database instead of creating each users or synchronizing the accounts in redhat box. In my pam.d configuration in radiusd and smb-auth, I add the entries below suggested in this list. ( see below of my entries). However, I can't successfully login to my NAS accounts when I try to dialin using the account of my NT domain user database. I also try to use the radtest utility if my account can authenticate using the NT domain user database but no success at all also. But using the redhat system account its work. Does anyone know where should I focus my troubleshooting? What authentication modules should be ideal for my setup using the freeradius? Any suggestion, pointers and advise are really appreciated. If anybody in this list successfully done this setup, please lean me your configurations. Many thanks in advance. radiusd: #%PAM-1.0 authrequired/lib/security/pam_securetty.so authrequired/lib/security/pam_stack.so service=smb-auth authrequired/lib/security/pam_nologin.so account required/lib/security/pam_stack.so service=smb-auth passwordrequired/lib/security/pam_stack.so service=smb-auth session required/lib/security/pam_stack.so service=smb-auth session optional/lib/security/pam_console.so smb-auth: #%PAM-1.0 authrequired/lib/security/pam_env.so authsufficient /lib/security/pam_winbind.so authrequired/lib/security/pam_deny.so account sufficient /lib/security/pam_winbind.so account required/lib/security/pam_unix.so passwordrequired/lib/security/pam_cracklib.so retry=3 type= passwordsufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow passwordrequired/lib/security/pam_deny.so session required/lib/security/pam_limits.so session required/lib/security/pam_unix.so Regards Jay Ungab Jardine Direct Company Inc - OSSC 3/F, Jardine Davies Building 222 Sen. Gil J. Puyat Avenue Makati City, Philippines Telephone: +63 2 8920190 extension 231 Voice/IP (from ATL Devon): 50-1110-231 Fax: +63 2 8939569 Network Team Mobile: +63 918 9225905 Email: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re[2]: mschap auth with ldap
That helps. Now an entry like Reply-Message in the users file under DEFAULT works. But how do I return group information with a Radius Authentication request? I've tried adding things like Group='pptp_users' and Group-Name=pptp_users, but these don't seem to get returned to the VPN server when it makes a request. From what I've read elsewhere, it looks like these are internal names to the freeradius server. What parameter will return group information when a client requests authentication? thanks for the help, jay Dear Jay Lyerly, Configure default entry in 'users' file and add 'file' authorization. --Friday, March 14, 2003, 2:22:48 AM, you wrote to [EMAIL PROTECTED]: JL Excellent! This is working now mostly. JL The Firebox successfully authenticates via MS-CHAP with data stored in LDAP. JL One last problem. JL The Firebox requires the users to be members of a group called JL pptp_users. I've added an LDAP attribute of radiusGroupName with a JL value of pptp_users to my LDAP account and created a group in LDAP with JL cn=pptp_users. This group lists my DN as a member. I believe this JL corresponds to the settings in my radiusd.conf file: JL groupname_attribute = cn JL groupmembership_filter = JL (|((objectClass=GroupOfNames)(member=%{Ldap-UserDn}))((objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn}))) JL groupmembership_attribute = radiusGroupName JL I tested out the groupmembership filter and it seems to work as JL expected. Unfortunately, this doesn't return the group information to JL the Firebox with the authentication information. In fact, monitoring JL the LDAP server, it looks like radiusd is never looking up anything JL related to pptp_users, just one query for my user info. How can I make JL radiusd expose this group information. JL If it is terribly difficult via LDAP, how can I hardcode one group JL response for all users? (I'll need the right syntax for this one.) JL That seems much less elegant, but would work for my purposes. JL thanks again, JL jay JL 3APA3A wrote: Dear Jay Lyerly, You better add radiusAuthType attribute in your LDAP schema with value of MSCHAP for MS-CHAP users. --Thursday, March 13, 2003, 3:53:34 PM, you wrote to [EMAIL PROTECTED]: JL Okay. That sounds like it should work. In fact, I tried that, but I JL don't quite understand the file format of radiusd.conf yet. Do I put in JL the line JL authtype= MS-CHAP JL in the config file? If that's right, where does it go? JL thanks, JL jay Dear Jay Lyerly, Remove mschap from authorize section (you don't need it to be in authorize) and set Auth-Type for user to MSCHAP (you have Auth-Type LDAP instead of MSCHAP). --Thursday, March 13, 2003, 1:21:02 AM, you wrote to [EMAIL PROTECTED]: JL Hi, JL I'm trying to set up a radius server to authenticate VPN users connecting JL via a WatchGuard Firebox. The only external authentication mechanism the JL Firebox supports is MS-CHAPv2 via Radius. I'd like to use freeradius to JL access data in our LDAP database. All the steps leading up to the end JL seem good, but the last crucial step keesp failing. The Firebox makes the JL authentication request to the radius server, the radius server looks up JL the user in LDAP and retrieves the ntPassword and lmPassword. The problem JL is the rlm_mschap module never seems to fire to verify the login JL credentials. I've read through all the info I can find, but I can't get JL it to work. The debug output from radiusd is below. JL Any thoughts? JL rad_recv: Access-Request packet from host 192.168.244.4:4037, id=172, JL length=135 JL User-Name = jayl JL MS-CHAP-Challenge = 0x117d9959135175e680ee77c456713eaf JL MS-CHAP2-Response = JL 0x8100e50b7fc08691cf23a35fb1db2be0421900 JL 002e053612d932f67ad81de0df53ea48744e0912054fda8857 JL NAS-Identifier = firebox JL NAS-Port = 3012 JL NAS-Port-Type = Virtual JL Service-Type = Authenticate-Only JL modcall: entering group authorize JL modcall[authorize]: module preprocess returns ok JL rlm_realm: No '@' in User-Name = jayl, looking up realm NULL JL rlm_realm: No such realm NULL JL modcall[authorize]: module suffix returns noop JL rlm_ldap: - authorize JL rlm_ldap: performing user authorization for jayl JL radius_xlat: '(uid=jayl)' JL radius_xlat: 'dc=ceintl,dc=com' JL ldap_get_conn: Got Id: 0 JL rlm_ldap: attempting LDAP reconnection JL rlm_ldap: (re)connect to igate:389, authentication 0 JL rlm_ldap: bind as / to igate:389 JL rlm_ldap: waiting for bind result ... JL rlm_ldap: performing search in dc=ceintl,dc=com, with filter (uid=jayl) JL rlm_ldap: checking if remote access for jayl is allowed by loginShell JL rlm_ldap: looking for check items in directory... JL rlm_ldap: Adding ntPassword as NT-Password, value JL F960112331D92B555B63B469248E92 JL 3F
Problem with free-radius compilation with AIX4.3
Hi, I am trying to install free-radius-0.8.1. I was able to run the configure script with one minor correction. I then tried to do the ' make'. I am getting the error listed below. The problem seems to be with the declaration of an array with a variable value. Can anyone suggest work-around to get past this. Line 524 in files.c has the following type decalaration. The maximum_proxies gets the value from a configured parameter and so is not a fixed value. REALM *rr_array[maximum_proxies]; Making all in main... gmake[3]: Entering directory `/aps/qa/radius/freeradius-0.8.1/src/main' cc -g -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DNDEBUG -I../include -c files.c 1506-507 (W) No licenses available. Contact your program supplier to add additional users. Compilation will proceed shortly. files.c, line 524.25: 1506-195 (S) Integral constant expression with a value greater than zero is required. gmake[3]: *** [files.o] Error 1 gmake[3]: Leaving directory `/aps/qa/radius/freeradius-0.8.1/src/main' gmake[2]: *** [common] Error 1 gmake[2]: Leaving directory `/aps/qa/radius/freeradius-0.8.1/src' gmake[1]: *** [all] Error 2 gmake[1]: Leaving directory `/aps/qa/radius/freeradius-0.8.1/src' gmake: *** [common] Error 1 make: 1254-004 The error code from the last command is 2. Thanks -Jay. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mschap auth with ldap
Okay. That sounds like it should work. In fact, I tried that, but I don't quite understand the file format of radiusd.conf yet. Do I put in the line authtype= MS-CHAP in the config file? If that's right, where does it go? thanks, jay Dear Jay Lyerly, Remove mschap from authorize section (you don't need it to be in authorize) and set Auth-Type for user to MSCHAP (you have Auth-Type LDAP instead of MSCHAP). --Thursday, March 13, 2003, 1:21:02 AM, you wrote to [EMAIL PROTECTED]: JL Hi, JL I'm trying to set up a radius server to authenticate VPN users connecting JL via a WatchGuard Firebox. The only external authentication mechanism the JL Firebox supports is MS-CHAPv2 via Radius. I'd like to use freeradius to JL access data in our LDAP database. All the steps leading up to the end JL seem good, but the last crucial step keesp failing. The Firebox makes the JL authentication request to the radius server, the radius server looks up JL the user in LDAP and retrieves the ntPassword and lmPassword. The problem JL is the rlm_mschap module never seems to fire to verify the login JL credentials. I've read through all the info I can find, but I can't get JL it to work. The debug output from radiusd is below. JL Any thoughts? JL rad_recv: Access-Request packet from host 192.168.244.4:4037, id=172, JL length=135 JL User-Name = jayl JL MS-CHAP-Challenge = 0x117d9959135175e680ee77c456713eaf JL MS-CHAP2-Response = JL 0x8100e50b7fc08691cf23a35fb1db2be0421900 JL 002e053612d932f67ad81de0df53ea48744e0912054fda8857 JL NAS-Identifier = firebox JL NAS-Port = 3012 JL NAS-Port-Type = Virtual JL Service-Type = Authenticate-Only JL modcall: entering group authorize JL modcall[authorize]: module preprocess returns ok JL rlm_realm: No '@' in User-Name = jayl, looking up realm NULL JL rlm_realm: No such realm NULL JL modcall[authorize]: module suffix returns noop JL rlm_ldap: - authorize JL rlm_ldap: performing user authorization for jayl JL radius_xlat: '(uid=jayl)' JL radius_xlat: 'dc=ceintl,dc=com' JL ldap_get_conn: Got Id: 0 JL rlm_ldap: attempting LDAP reconnection JL rlm_ldap: (re)connect to igate:389, authentication 0 JL rlm_ldap: bind as / to igate:389 JL rlm_ldap: waiting for bind result ... JL rlm_ldap: performing search in dc=ceintl,dc=com, with filter (uid=jayl) JL rlm_ldap: checking if remote access for jayl is allowed by loginShell JL rlm_ldap: looking for check items in directory... JL rlm_ldap: Adding ntPassword as NT-Password, value JL F960112331D92B555B63B469248E92 JL 3F op=21 JL rlm_ldap: Adding lmPassword as LM-Password, value JL 49F1F165D6182D587C3113B4A1A5E3 JL A0 op=21 JL rlm_ldap: looking for reply items in directory... JL rlm_ldap: user jayl authorized to use remote access JL ldap_release_conn: Release Id: 0 JL modcall[authorize]: module ldap returns ok JL modcall[authorize]: module mschap returns notfound JL modcall: group authorize returns ok JL rad_check_password: Found Auth-Type LDAP JL auth: type LDAP JL auth: Failed to validate the user. JL Delaying request 0 for 1 seconds JL Finished request 0 JL Going to the next request JL --- Walking the entire request list --- JL Waking up in 1 seconds... JL --- Walking the entire request list --- JL Waking up in 1 seconds... JL --- Walking the entire request list --- JL Sending Access-Reject of id 172 to 192.168.244.4:4037 JL MS-CHAP-Error = \201E=691 R=1 JL - JL List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- ~/ZARAZA Âñåãäà áóäåì ðàäû ïîñëóøàòü âàøå ÷èðèêàíüå (Òâåí) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mschap auth with ldap
Hi, I'm trying to set up a radius server to authenticate VPN users connecting via a WatchGuard Firebox. The only external authentication mechanism the Firebox supports is MS-CHAPv2 via Radius. I'd like to use freeradius to access data in our LDAP database. All the steps leading up to the end seem good, but the last crucial step keesp failing. The Firebox makes the authentication request to the radius server, the radius server looks up the user in LDAP and retrieves the ntPassword and lmPassword. The problem is the rlm_mschap module never seems to fire to verify the login credentials. I've read through all the info I can find, but I can't get it to work. The debug output from radiusd is below. Any thoughts? rad_recv: Access-Request packet from host 192.168.244.4:4037, id=172, length=135 User-Name = jayl MS-CHAP-Challenge = 0x117d9959135175e680ee77c456713eaf MS-CHAP2-Response = 0x8100e50b7fc08691cf23a35fb1db2be0421900 002e053612d932f67ad81de0df53ea48744e0912054fda8857 NAS-Identifier = firebox NAS-Port = 3012 NAS-Port-Type = Virtual Service-Type = Authenticate-Only modcall: entering group authorize modcall[authorize]: module preprocess returns ok rlm_realm: No '@' in User-Name = jayl, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop rlm_ldap: - authorize rlm_ldap: performing user authorization for jayl radius_xlat: '(uid=jayl)' radius_xlat: 'dc=ceintl,dc=com' ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to igate:389, authentication 0 rlm_ldap: bind as / to igate:389 rlm_ldap: waiting for bind result ... rlm_ldap: performing search in dc=ceintl,dc=com, with filter (uid=jayl) rlm_ldap: checking if remote access for jayl is allowed by loginShell rlm_ldap: looking for check items in directory... rlm_ldap: Adding ntPassword as NT-Password, value F960112331D92B555B63B469248E92 3F op=21 rlm_ldap: Adding lmPassword as LM-Password, value 49F1F165D6182D587C3113B4A1A5E3 A0 op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: user jayl authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns ok modcall[authorize]: module mschap returns notfound modcall: group authorize returns ok rad_check_password: Found Auth-Type LDAP auth: type LDAP auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 172 to 192.168.244.4:4037 MS-CHAP-Error = \201E=691 R=1 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: I did Bizarre stuff with my pussy
At least its kind of funny spam ;-P. -- AA7C EF9F 451F E4AF EB1E 7212 BA37 2882 E813 5B02 -- Jay DeSotel Systems Administrator InterLink L.C. [EMAIL PROTECTED] Voice-(319)524-2895 Fax-(319)524-3175 On Thu, 6 Feb 2003, John A. Hengstler wrote: Untitled DocumentGreat The spam has found the list :) John Hengstler -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of samantha Sent: Thursday, February 06, 2003 5:58 PM To: [EMAIL PROTECTED] Subject: I did Bizarre stuff with my pussy OK GUYS I HAVE FINALLY EVEN SHOCKED MY SELFI HOPE I DIDN'T RUIN MY COOTER FOR EVERLAST NIGHT MY NEW BOYFRIEND GOT HIS ENTIRE FIST IN MY LOVE TACOPEDRO THE TACO EATER WOULD HAVE BEEN OFFENDED.WE FILMED THE ENTIRE THING...HOT SAUCE AND GUACAMOLE AND ALL... I CAN LET YOU IN FOR 1 DAY TO CHECK THIS WEIRD SHIT OUT FOR FREE BEFORE WE HAVE TO CHARGE YA.I KINDA LIKED IT. HUMAN TACO CARLA - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
UNSUBSCRIBE
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Alexandre Strube Sent: Tuesday, April 30, 2002 6:41 PM To: [EMAIL PROTECTED] Subject: Re: Limiting the user's time online On Mon, 29 Apr 2002 16:31:13 +0300 (EET DST), Kostas Kalevras wrote: Check out the counter module. Now I found it! Needed to do using sql, which is not on 0.5 release, but only on CVS. I just don't know if I have to do something different on ./configure to compile it... Using the plain ./configure doesn't look to compile it... Mene Sakkhet ur-seveh Alexandre Ganso - Diretor Steel Goose Moto Group 500 Four Vermelha [EMAIL PROTECTED] ICQ# 3778773 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: naslist
I just created the directories in /var/log/radacct to be the nas name I wanted then created links for the IP's of the NAS to point to the right directory. I also might be misunderstanding what your point was, so ignore me if this is the case ;-). -- Jay DeSotel Systems Administrator InterLink L.C. [EMAIL PROTECTED] Voice-(319)524-2895 Fax-(319)524-3175 On Mon, 22 Apr 2002, Zohar Ram wrote: um, I don't have that file (variables.txt) under doc nor I can find it on the website.. regards Zohar Ram Development Networking Knet -- Tel: 03-6233640/658 Mobile: 972-52-755-641 Email: [EMAIL PROTECTED] -- - Original Message - From: Alan DeKok [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, April 22, 2002 5:30 PM Subject: Re: naslist Zohar Ram [EMAIL PROTECTED] wrote: I've configured all my /etc/raddb/naslist to hold all NAS ip's description and type, yet on my logs (/var/log/radacct ) I get the IP as the directory and not the description. You can configure the directory names that get created in radiusd.conf. The default is to use IP's. See 'doc/variables.txt' for more information. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using Radius for Mac Auth. with Wireless Internet.
That is correct, you only need the client side mac to be able to authenticate. -- Jay DeSotel Systems Administrator InterLink L.C. [EMAIL PROTECTED] Voice-(319)524-2895 Fax-(319)524-3175 On Fri, 5 Apr 2002, Mark wrote: I don't have a system to verify this on at the moment, but I vaguely remember that the MAC address that you have to specify is the address of the wireless client. - Original Message - From: David Petruzzella [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, April 05, 2002 6:26 PM Subject: RE: Using Radius for Mac Auth. with Wireless Internet. How would I setup the access point as a client? Also when I try creating users using my useradd or userconf commands it won't allow me to it just says invalid user. What mac address would I specify for the access point the wired mac address or the wireless mac address? I really appreciate the info you have been providing, I just wish there was a document to follow, because I am kind of new at this. _ Join the world's largest e-mail service with MSN Hotmail. http://www.hotmail.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using Radius for Mac Auth. with Wireless Internet.
Thats a good way to do it. If you will have alot of RF clients though, it might be better to put something like this in your users file: $INCLUDE /etc/raddb/users-rf and make users-rf look something like this: 00-00 Auth-Type = Local, Password = yourpassword Framed-IP-Address = 255.255.255.254 Where 00-00 would be the mac of the client. Just make sure you set the Password field the same as what you set the shared secret to on the Access Points. Also, dont forget to edit the clients and naslist files to include the right information. -- Jay DeSotel Systems Administrator InterLink L.C. [EMAIL PROTECTED] Voice-(319)524-2895 Fax-(319)524-3175 On Fri, 5 Apr 2002, Mark wrote: When I was playing with this, it wasn't with FreeRADIUS, but all I did was: Edit 'users' to include line: xx-xx Password = y (MAC addr of 802.11 client) (AP RADIUS authorization password) So if you have multiple clients, the MAC address will vary for each client, but they will all have the same password (as the password is actually coming from the Access Point, which you will have programmed to have an authorization password) - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, April 05, 2002 6:33 PM Subject: Re: Using Radius for Mac Auth. with Wireless Internet. That is correct, you only need the client side mac to be able to authenticate. -- Jay DeSotel Systems Administrator InterLink L.C. [EMAIL PROTECTED] Voice-(319)524-2895 Fax-(319)524-3175 On Fri, 5 Apr 2002, Mark wrote: I don't have a system to verify this on at the moment, but I vaguely remember that the MAC address that you have to specify is the address of the wireless client. - Original Message - From: David Petruzzella [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, April 05, 2002 6:26 PM Subject: RE: Using Radius for Mac Auth. with Wireless Internet. How would I setup the access point as a client? Also when I try creating users using my useradd or userconf commands it won't allow me to it just says invalid user. What mac address would I specify for the access point the wired mac address or the wireless mac address? I really appreciate the info you have been providing, I just wish there was a document to follow, because I am kind of new at this. _ Join the world's largest e-mail service with MSN Hotmail. http://www.hotmail.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Please send me a sample config
Just my 2 cents, but I could put it any better than Alan and you just did. Exceptional answers from you both, this list has helped me in _HUGE_ ways. Alan is always very helpful, and very fast. Great job as always Alan! -- Jay DeSotel Systems Administrator InterLink L.C. [EMAIL PROTECTED] Voice-(319)524-2895 Fax-(319)524-3175 On Fri, 22 Feb 2002, test wrote: IH - Net Admin [EMAIL PROTECTED] wrote: I would if I knew how to do it myself...and yes I've been through the config files and docs. I wouldn't be asking for a $100 per question either because isn't the purpose of this list to provide help? Yes, and no. The list is to provide help TO people who need it, FROM people who are interested in providing that help. I'm willing to help people who read the docs and config files. I'm not very interested in helping people who ask questions on the list, instead of reading the docs or config files. By asking those kind of questions, they've showed that they're not interested in reading the answers I've already provided, so I will be wasting my time if I answer their questions on the list. That's why my response is often go read the config files. Any other answer encourages people to ask redundant questions on the list, when the answer is already sitting in front of them. snip The supplied configuration examples cover a large subset of what people want to do. If you want to do something different, then maybe you can submit a new sample configuration, which will be included in a future release. The BIGGEST problem is that in order to do something different, you MUST understand WHAT you want to do, and HOW you want to do it. This involves understanding what RADIUS does, and how the server works. The people who are unwilling to put in that work will not be able to understand how to configure the server, and probably will not understand any answer they're given. For people who are unfamiliar with Linux, system administration, or with setting up another system service, I'm sorry, this list is for FreeRADIUS. Those other questions are probably off-topic, and don't belong on the list. Therefore, they generally won't be answered here. I *am* willing to answer questions from people who run into problems with the server, or who run into a lack of documentation about how the server works. That's my responsibility, and what I'm good at. I'm going to de-lurk for a second for this... I subscribed to the list several months ago, when I downloaded FreeRadius and was having some problems with configurations. I've asked some questions, but not a whole lot and (hopefully) not redundant ones. But I was able to do just what Alan says - read through the config files, comment/uncomment and change these settings, and get it working. I'm not a big system admin (I run this out of my home, for fun, strange as that sounds), and I haven't yet read the RFC's, but I understand the basic way that RADIUS works, and can figure things out so long as there isn't any programming involved. It works; it works well; and the list is there for when *that* fails, at least in my most humble opinion. Alan's replies are terse, often refer to the configs or ask for patches (it's an open-source project,a fter all, right?) and that's fine; he also replies *quickly* and in cases where something is wrong, with pointers and help in the right direction. Subscribing to the list if you plan to use it is a *great* idea, as a lot of things you might come across will be mentioned, and specific examples for out-of-the-way hardware. But for someone to send some sample configs - to my thinking, that's what the default config files *are*. Now back to my cave... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html