On Tue, Jun 24, 2003 at 03:32:06PM -0500, Dave Mason wrote:
> I searched for several forms of "realm wildcard" and only found my own post.
The one on the list page works well:
http://www.mail-archive.com/cgi-bin/htsearch?method=and&format=short&config=freeradius-users_lists_cistron_nl&restrict=&e
> Michael Chernyakhovsky <[EMAIL PROTECTED]> wrote:
>> You can not to remember "YWJyYWNhZGFicmE=" for 10 seconds to decode
>> this latter, but "abracadabra" can ;)
>> I understand, that it's no matter how to keep plain password - encoded
>> or not, but CASUAL OBSERVER can't remember encoded passw
I have a working version of freeradius v0.8.1 authenticating off of the unix password file on a RH linux 7.1 server. I would like to authenticate off of my iplanet ldap server v5.1 on the same host. i have compilled radius to use ldap.
I have add ldap auth in radiusd.conf and setup the radius entri
I am Freeradius 0.8.1 and I am writing accounting records to an Oracle
DB ver 8i. If the Database is down, the Freeradius give a segmentation
fault error and it dies also. I've tried also to point to another
database as a fail-over option, but the same results were encountered.
Worth to mention tha
Hi everyone,
I know that an access point can act as a radius client & then authenticate
client's mac address with Freeradius server & there got to be an entry for
this client in the users's file. But let's say I have 1000 clients, do I have
to find out every single client's mac address & then add t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Read doc/Autz-Type. In your users file, test the Client-IP-Address and set
the Autz-Type accordingly.
Kevin Bonner
On Tuesday 24 June 2003 19:50, Naman Latif wrote:
> Hi,
>
> Is it possible to configure a separate users list(and authentication
> me
Hi,
Is it possible to configure a separate users list(and authentication
methods) for a specific Client (NAS) ?
E.g. If the same User-A tries to authenticate through different NAS
Any request coming from NAS 1 should authenticate User-A.
However any request coming from any other NAS should reje
Well Now it returns ok...But I get an error..Cannot find NT
Password. Is this the password specified in the users file? Or is this
coming from my NAS?
modcall[authorize]: module "files" returns ok
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type := MS-CHAP'
modcall[authorize
"Steven Fries" <[EMAIL PROTECTED]> wrote:
> What does mschap returns not found mean? Is the mschap module in the wrong
> place? It's in the default install location and the config files seem to
> point to it.
Use the latest CVS snapshot, and look at the updates to
radiusd.conf. The MSCH
What does mschap returns not found mean? Is the mschap module in the wrong
place? It's in the default install location and the config files seem to
point to it.
Thanks,
Steven
rad_recv: Access-Request packet from host 10.1.1.3:1645, id=78, length=133
Framed-Protocol = PPP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.mail-archive.com/[EMAIL PROTECTED]/msg13199.html
Also searching for "partial realm" should give you something to work with.
Kevin Bonner
On Tuesday 24 June 2003 16:32, Dave Mason wrote:
> I searched for several forms of "realm wildcard" a
Sorry about the lateness of this, but perhaps this will be useful to
someone somewhere:
On 21 Apr 2003, Sungwon Ha wrote:
Hi!
I have a question about an access denied message from RADIUS. I was using RADIUS for
EAP-TLS authentication with Window XP (service pack 2). But XP was denied because
R
I searched for several forms of "realm wildcard" and only found my own post.
Dave
Oliver Graf wrote:
On Tue, Jun 24, 2003 at 09:35:22AM -0500, Dave Mason wrote:
I might have missed an answer to this so I'll try a repost. This is a
simple config question I couldnt find the answer to. I need
I am looking for a way to change the Kerberos service principle from the
default value of "host" to an arbitrarily assigned value. I have sifted
through much documentation and have been unable to find a way to do
this. Any and all help is much appreciated.
Thank You,
Chris
-
List info/subscrib
[EMAIL PROTECTED] wrote:
> I'm trying to understand the semantics of the += users file operator.
It's not so much about '+=', as "the users file doesn't allow you to
do what you want to do"
> lerxst Crypt-Password == "KSi8a3j4oasdi", ES-Default-ID += V90LocalUser
...
> DEFAULT ES-Default-ID ==
> I check the man page, there is only a '-x' flag, but not a
> '-X' flag. Are they the same? Does the '-X' flag
> un-daemonize radiusd?
>
Yes. Type 'radiusd -?' (or any other invalid switch) and you get a
print out of all options including -X. -X is shorthand for -sfxxyz -l
stdout
The 'f' op
Michael Chernyakhovsky <[EMAIL PROTECTED]> wrote:
> You can not to remember "YWJyYWNhZGFicmE=" for 10 seconds to decode
> this latter, but "abracadabra" can ;)
> I understand, that it's no matter how to keep plain password - encoded
> or not, but CASUAL OBSERVER can't remember encoded password whil
I read the 'README' file under doc subdirectory and it says that
'radiusd -X' will provide more detail, helpful if I encounter any problems.
I thought it will put that message in the log so I put the flag in the
startup
script under /etc/rc3.d. When LINUX reboots, radiusd spits out lots of
messag
Wednesday, June 25, 2003, 12:27:17 AM, Alan wrote:
> [EMAIL PROTECTED] wrote:
>> I agree, Alan. this is no difference when somebody have FULL access to files.
>> I just want to hide password from casual observer who can see for a moment
>> this file. It's like qualcomm popper saves passwords in
[EMAIL PROTECTED] wrote:
> I agree, Alan. this is no difference when somebody have FULL access to files.
> I just want to hide password from casual observer who can see for a moment
> this file. It's like qualcomm popper saves passwords in gdb-file.
> passwords are just xor'ed there.
That's non
"Lisa Casey" <[EMAIL PROTECTED]> wrote:
> Could you give me a url for finding more info about this? I've looked
> through the Free Radius web site and can't find it.
Umm... look for the 'CVS snapshot' link on the downloads page?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www
I agree, Alan. this is no difference when somebody have FULL access to files.
I just want to hide password from casual observer who can see for a moment
this file. It's like qualcomm popper saves passwords in gdb-file.
passwords are just xor'ed there.
>> MS-CHAP an similar auth-methods require to
Hi Alan,
> See the CVS snapshots: src/modules/rlm_counter/rad_counter.pl
Could you give me a url for finding more info about this? I've looked
through the Free Radius web site and can't find it.
Lisa Casey
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
A spec file is simply a configuration script for building the binary into
an rpm.
on late RH systems you do like
rpmbuild -ba specfile
(i think those are the correct flags.)
After you put the tarballgz file in /usr/src/redhat/SOURCES and the spec
file in /usr/src/redhat/SPECS
In the /usr/
On Tue, Jun 24, 2003 at 09:35:22AM -0500, Dave Mason wrote:
> I might have missed an answer to this so I'll try a repost. This is a
> simple config question I couldnt find the answer to. I need to add a realm
> entry in proxy.conf that would match all realms that end in "owlan.org".
> That is
On Tue, Jun 24, 2003 at 09:32:39AM -0500, Dave Mason wrote:
> I just noticed the redhat directory and the spec file inside. What's a
> spec file? I checked the FAQ and doc directory but didnt see anything.
> I'm guessing it's input to some other tool which could be useful in a
> production env
On Tuesday 24 June 2003 3:13 am, Tomas Bozsaky wrote:
> hello,
>
> mysql does not support triggers. function inside mysql - you can, but
> i do not know, how.
According to the features, this is scheduled for inclusion in mysql version
5.0. The problem is that the current production release is 4.
Hi,
I might have missed an answer to this so I'll try a repost. This is a simple
config question I couldnt find the answer to. I need to add a realm entry in
proxy.conf that would match all realms that end in "owlan.org". That is,
[EMAIL PROTECTED] would match for any xxx or yyy. I tried the
Hi,
I just noticed the redhat directory and the spec file inside. What's a
spec file? I checked the FAQ and doc directory but didnt see anything.
I'm guessing it's input to some other tool which could be useful in a
production environment?
Dave
Oliver Graf wrote:
On Mon, Jun 23, 2003 at 01:
[EMAIL PROTECTED] wrote:
> MS-CHAP an similar auth-methods require to know users plain passwords.
> i want to keep passwords in file and load it by rlm_passwd. All works
> good. but for more security i think keep it crypted.
Don't bother. It doesn't make any difference.
How are you going to
Hello,
I'm trying to make some modification to tls_handshake_recv(). As I have
previously proposed, I'd like to extract the AVPs from the TLS packet and
put them into the RADIUS packet. But the AVPs defined in the draft are
represented by code-length-value triples(code is an 32-bit integer),
w
Nils =?ISO-8859-1?Q?R=F8nhovde?= <[EMAIL PROTECTED]> wrote:
> are there any plans for when 0.9 is to be "released"?
ASAP. We're working on the last few critical issues.
> I'm trying to plan some project activities this summer and if there
> is a known date for the release it would be a lot ea
"Joachim Wickman" <[EMAIL PROTECTED]> wrote:
> I'm testing the "pre-paid" solution (with lifetime counter) that was
> mentioned here on the list and is now wondering how I can reset one
> counter when a client wants one more hour?
See the CVS snapshots: src/modules/rlm_counter/rad_counter.pl
Hello,
I'm testing the "pre-paid" solution (with lifetime
counter) that was mentioned here on the list and is now wondering how I can reset one counter when a client wants
one more hour?
// Joachim
Hi,
I have almost managed to install the EAP/TLS authentication with my AP DWL
AP 1000 + but I have still a problem
in my freeRadius configuration.
I got the following error message :
" ...Error : rlm_eap_tls : conf N ctx stored ..."
What does it means ?
Thanks a lot for your help
Best regard
Hi,
Is there any way I can setup the authentication in
such a way that only a user who is requesting authentication with ip address
only 192.168.0.* will be authenticated?
the following works but only with a specific IP
address:
00904b-60603c Auth-Type := Local,
User-Password == "nita
hello,
mysql does not support triggers. function inside mysql - you can, but
i do not know, how.
t
Tuesday, June 24, 2003, 11:42:39 AM, you wrote:
> Can I ask a question :
> How can I update to mySQL database automatically a table that store money
> that users must charge for the sections their
On Tue, 24 Jun 2003, alantu wrote:
> freeradius-users
> hi all
>In dialup-admin ,it takes a long time to display the online user.why and how to
> change to use a little time?
If general_finger_type is set to snmp and your nas takes a long time to respond
or does not respond at all then t
Can I ask a question :
How can I update to mySQL database automatically a table that store money
that users must charge for the sections their connection?
does mySQL have trigger or function that I can write function inside mySQL ?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
You need to configure /etc/raddb/postgresql.conf for your particular
installation of postgres sql. Then add SQL to the accounting section.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Salvin Kumar
Sent: 23 June 2003 22:28
To: [EMAIL PROTECTED]
Subject: RE:
Dear [EMAIL PROTECTED],
Password decryption must be performed during authorize, not authenticate
stage.
--Tuesday, June 24, 2003, 12:45:25 PM, you wrote to [EMAIL PROTECTED]:
mmr> Hi!
mmr> Two questions.
mmr> MS-CHAP an similar auth-methods require to know users plain passwords.
mmr> i want t
Hi!
Two questions.
MS-CHAP an similar auth-methods require to know users plain passwords.
i want to keep passwords in file and load it by rlm_passwd. All works
good. but for more security i think keep it crypted.
module mschap wants to see decrypted (plain) password.
IMHO, this is good idea to
Hello,
are there any plans for when 0.9 is to be "released"? I'm trying to plan some project
activities this summer and if there is a known date for the release it would be a lot
easier to plan, than checking the website now and then.
--
best regards
Nils Ronhovde
Telenor
-
List info/subscri
43 matches
Mail list logo