dear all,
I setup a VPN Service under Microsoft Windows 2000 Server and
use radius server to authenticate requests.
I build the server with FreeRADIUS-0.3 version.
When i use MS-CHAP authentication, it always rejects the request.
The following message is what I got.
What configurations or argumen
I've gotten FreeRADIUS working, and almost configured, and have everything
almost the way I want it, the one stumbling block is some dedicated isdn
users we have dialing into an Ascend MAX.
Here's what I get when I do a radius request to the existing radius
server:
[mattrose@dogbert mattrose]$
Hi Alan,
I'm migrating from heavy patched by me Livingston radius.
Freeradius is most configurable one I managed to find and it was really
easy (with 2-3 slight patches like %{raw:Attr-Name} in xlat anyway :) to
switch it for all my needs.
One of the very few things i still need to do is sql acco
Matt Rose <[EMAIL PROTECTED]> wrote:
> I've gotten FreeRADIUS working, and almost configured, and have everything
> almost the way I want it, the one stumbling block is some dedicated isdn
> users we have dialing into an Ascend MAX.
Ascend is wonderful, isn't it?
> [mattrose@dogbert mattrose]
On Tue, 23 Oct 2001, John Blumel wrote:
> Hi,
>
> I'm looking into using RADIUS for authentication of remote dial-in and VPN users
>and,
> since I'm completely new to RADIUS, I was hoping I could pose a few questions to the
> list...
>
> 1. freeRADIUS is officially listed as beta software bu
At 05:18 PM 10/23/2001 -0400, Russell Enderby wrote:
>The FAQ says to do this:
>
> >So, if you're using CHAP, for each user entry you must use:
> >
> >Auth-Type = Local, Password = "stealme"
> >
> >If you're using only PAP, you can get away with:
> >
> >Auth-Type = System
>
>In the
The FAQ says to do this:
>So, if you're using CHAP, for each user entry you must use:
>
>Auth-Type = Local, Password = "stealme"
>
>If you're using only PAP, you can get away with:
>
>Auth-Type = System
In the users file I changed the default line from
Auth-Type=System to
Auth-Ty
[I sent the following email earlier today and just noticed that my email client has
html email formatting enabled again -- somehow it keeps getting reenabled. Hopefully,
the list server just swallowed it but if you do/did receive it as html, please accept
this apology as such.]
Hi,
I'm lookin
"John Blumel" <[EMAIL PROTECTED]> wrote:
> 1. freeRADIUS is officially listed as beta software but is anyone
> using it in production and/or do you feel that it is mature and
> stable enough to do so.
A number of people use it in production, and it seems to be stable.
> 2. We would like to gi
Hi,
I'm looking into using RADIUS for authentication of remote dial-in and VPN users and,
since I'm completely new to RADIUS, I was hoping I could pose a few questions to the
list...
1. freeRADIUS is officially listed as beta software but is anyone using it in
production and/or do you feel th
Thanks for the reply. I've upgraded the software to 0.3. However, the
problem continues. Are you sure that in the latest snapshot the problem has
gone away?
Another question: Apparently this problem doesn't affect the Radius
operation. Is this correct?
Thanks in advance for any help. Regards,
--
Xj Wang <[EMAIL PROTECTED]> wrote:
> Does the FreeRADIUS support security token products from RSA Inc.
> (SecurID/ACE server) ?
No, sorry.
As always, patches are welcome.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Does the FreeRADIUS support security token products from RSA Inc.
(SecurID/ACE server) ?
XJ
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Tuesday, October 23, 2001 18:47 [EMAIL PROTECTED] wrote:
>> Please don't. I think only tested patches should be applied. In that patch I
>> added support only for 'check' AV pairs. Shall I add operator support for
>> 'reply' AV pairs too?
> Yes.
OK. The patch is getting much simple. Here ar
I figured this out on my own...
DEFAULT Called-Station-Id == "5", Replicate-To-Realm := "isp1.com"
DEFAULT Called-Station-Id == "6", Replicate-To-Realm := "isp2.com"
Thanks,
Brian
- Original Message -
From: "Brian Gordon" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent
Bobi <[EMAIL PROTECTED]> wrote:
> Is there simple way to use Stripped-User-Name for accounting.
Yes... if it exists, it will go into the detail record.
> I'm trying to do something like:
>
> DEFAULT Prefix == "pref"
> User-Name := %{Stripped-User-Name}
>
> in acct_users file
Uh, w
I am confused by the accounting methods of this software. I am using this
program to proxy requests to other radius servers based upon
callingstation-id. This is working great now, however the accounting
records by the syntax of the example in acct_users show that it sends a copy
of the records
"Gonzalez B., Fernando" <[EMAIL PROTECTED]> wrote:
> Hi! I'm using FreeRadius 0.2 and I have a problem with group authentication.
> When a user tries to authenticate, several lines appear (in the
> /var/log/radius/radius.log file) like the following:
>
> Mon Oct 22 18:53:11 2001 : Error: gr
Mitry Matyushkov <[EMAIL PROTECTED]> wrote:
> Please don't. I think only tested patches should be applied. In that patch I
> added support only for 'check' AV pairs. Shall I add operator support for
> 'reply' AV pairs too?
Yes.
My reason for adding the patch was that it can always be removed
[EMAIL PROTECTED] wrote:
> I run radiusd and authenticate successful many times but radutmp is still
> empty.
So? radutmp stores *accounting* records, not authentication
records.
> When I try radiusd -x=10
That won't work. If it does, you're not running freeradius.
Alan Dekok.
-
Lis
Hi List,
Is there simple way to use Stripped-User-Name for accounting.
I'm trying to do something like:
DEFAULT Prefix == "pref"
User-Name := %{Stripped-User-Name}
in acct_users file
If acct_users works only with existing attributes
there should be other way to strip prefixes for acc
[EMAIL PROTECTED] wrote:
> Need to modifying the username attribute before it gets sent on to the proxy
> based upone number that is dialed, only for certain numbers and not others.
rlm_attr_rewrite should be updated to also look for rewrite
information in the list of configuration items. But
At 09:48 AM 10/23/2001 -0400, you wrote:
>Is it possible to do CHAP authentication and PAP using the unix auth
>module? Currently it does not seem to support it. I setup the NAS as a
>ascend which in the ascend dictionary seems to support CHAP but it did
>not fix the problem.
>
>Any suggestions?
Is it possible to do CHAP authentication and PAP using the unix auth
module? Currently it does not seem to support it. I setup the NAS as a
ascend which in the ascend dictionary seems to support CHAP but it did
not fix the problem.
Any suggestions?
Thanks,
Russell
-
List info/subscribe/unsub
Hi! I'm using FreeRadius 0.2 and I have a problem with group authentication.
When a user tries to authenticate, several lines appear (in the
/var/log/radius/radius.log file) like the following:
Mon Oct 22 18:53:11 2001 : Error: group = /etc/group
However, the user authenticates correctly
On Monday, October 22, 2001 21:21 [EMAIL PROTECTED] wrote:
>> I'm looking for volunteers to check the patch which provides (as I suppose)
>> operator support in SQL authorization mode. Look here:
> This looks reasonable to me, but I can't test it.
> If anyone else has success with it, I'll co
> 1) ok .. I have found a script in icradius called ./scripts/dictimport.pl
> that did the import ...
> [ Note : you might have seen the answer I got from Alan that said
> I should not need it : "You should be able to use 'clients.conf'."
> but you are right, I should take no risk :it doesn't
> > I encrypt passwords with ENCRYPT(). I never tried to use plaintext
> passwords
> > with mysql.
> ok .. will try that immediatly.
> (is this related to using chap or pap ?)
I use PAP. You cannot use encryption with CHAP. Look in sql.conf to find out
how rlm_sql handles passwords.
There is a li
Hi!
I run radiusd and authenticate successful many times but radutmp is still
empty.
When I try radiusd -x=10
pa. 23 12:27:59: [3315]: leakdetect.c:95:efree:free(0x8098518)
pa. 23 12:27:59: [3315]: leakdetect.c:95:efree:free(0x8098538)
pa. 23 12:27:59: [3315]: leakdetect.c:95:efree:free(0x80998
Ah, where did you get freeradius server ? I guess from the homepage at
www.freeradius.org. And the second word on that page should lead you to
the FAQ.
Regards.
> -Original Message-
> From: Prasad Valmeti [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, October 23, 2001 8:54 AM
> To: [EMAIL P
30 matches
Mail list logo
