Re: Password expiry and freeradius
thanks guys... looks like this works cheers Graeme Ali wrote: or u can use Exec-Program instead of Cron Job. In Exec-Program script u can check for Expiration attribute before Expiry time and set the Reply-Message Attribute accordingly ( to inform user for password change ) - Original Message - From: "Alexandre Strube" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, June 26, 2002 1:53 AM Subject: Password expiry and freeradius > On Tue, 25 Jun 2002 20:39:04 +0200, [EMAIL PROTECTED] wrote: > > >what i'm really looking for is a way to set expiry of a password to say > >20 days and then get the user to have to change his password. any ideas > > This is not so easy to do, and radius itself doesn't do that. > > The fact is: if a password is expired (say using the expiration attribute), radius > will not let the user get in and this will prevent him from changing its own > password. How can a user change his password if he's unable to log on? > > The solution: use the expiration attribute, but query it peridocally with a self-made > script at your crontab, for instance on a daily basis. This script would eventually > check for users whose password will expire within' some time, and after a deadline > is reached (1 week is a good time), your script will warn the user, send a e-mail or > whatever means, but let the user know that his (or her, sorry for my bad english) > password will expire. > > WHEN the user change his password, remember to change the expiration attribute, > so the user can log after the initial time of expiration. > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Never underestimate the power of stupid people in large groups.
Re: Embeding Perl in freeradius
На Tuesday 25 June 2002 18:11, Alan DeKok написахте: > Boian Iliev Jordanov <[EMAIL PROTECTED]> wrote: > > Does somebody think or have a working version of perl module for > > freeradius ? i wrote some code but may be i missed something and > > radius sometimes makes core dumps. Can somebody help me ? I am ready > > to provide sources, if some body have interests. > > Use gdb to track down the core dumps. Post a 'tar' file of the > module on the web somewhere. > Alan at least i try to use gdb but with threads things goes different. tar file is located at http://dexie.orbitel.bg/rlm_perl/ see README for details and how to run this module. 10x in advance. > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html -- -- Best Regards, Boian Jordanov SNE Orbitel - the Internet Company tel. +359 2 937 07 23 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxy radius based on dialled number
Thanks Chris, you are a legend! That config did exactly what I want. :) However now I have a problem with accounting packets. They seem to always be proxied off to the default realm no matter what. I guess this is because the users file is not processed for accounting packets. Do you or anyone have any idea how I can set a realm for an accounting packet by the Called-Station-Id? Thanks, James. On Wed, 19 Jun 2002 21:53, Chris Parker wrote: > At 01:31 PM 6/19/2002 +0800, James Taylor wrote: > >Hi all, > > > >I wish to set up freeradius to act as a radius proxy but instead of using > >the "user@domain" style username for different realms I wish to use the > >dialled number (Called-Station-Id) to determine which radius server the > >request is sent to. > > > >So two people on two different systems can use the exact same > >username/password but because they are dialling different numbers the > >server is able to tell who they belong to. > > > >Has anyone done anything like this before or know how it would be done? > > > >I was thinking maybe of checking the Called-Station-Id and then rewriting > >the username to add the "@domain" bit for later processing by the proxy > >part of the configuration. > >Anyone know if this can this be done? > > > >If not I might consider writing some code to do it. > > No need. > > Configure 'proxy.conf' as you would, creating realm names that make > sense to you. Then create entries in your 'users' file like: > > DEFAULT Called-Station-Id == "5551212", Proxy-To-Realm := "foo" > > DEFAULT Called-Station-Id == "5553434", Proxy-To-Realm := "bar" > > You could even get really fancy, if you have lots of numbers, but each > "set" ends in the same last four digits, and use a regexp compare to > match the phone numbers: > > DEFAULT Called-Station-Id =~ "*1212$", Proxy-To-Realm := "baz" > > -Chris > -- > \\\|||/// \ StarNet Inc. \ Chris Parker > \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering > | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 > oOo---(_)---oOo--\-- >\ Wholesale Internet Services - http://www.megapop.net > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > -- James Taylor BSc (Computer Science) Systems Administrator - Commerce Australia Phone: +618 9226 0011 Fax: +618 9226 0033 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius and mysql crypt-password and php.
I was talking about this on a previous thread, but thought that it would require one for itself. Looking for the password encryption schema, what I saw was that any password generated using the php's function crypt() is correctly read by radius. However, this is strange. As crypt() is a one-way encryption function, when radius would check for it, I think that it would need to generate EXACTLY the same hash for querying the database, wouldn't it? Well, it doesn't look like. For example, look at the following three lines: all of them are hashes for the word 'test'. Any of them are valid, that is, if I log and type the password 'test' (without the quotes), any of these lines will return a access-accept. $1$2zGHwN5F$ytHiyCHtFgKkXU6opsHI3/ $1$I61qcigH$kSds2z.MAvRpQqSC70VXp0 $1$xofKQZIU$cc6n6NjIpaE42itF3QK431 That's where I and the password testing function from Dialup_admin fails: crypting a password with the crypt() funcion without the $salt parameter will generate a different hash, and the query will eventually fail. My question is: HOW radius finds the correct password? It will not try every hash until it finds the correct one, or it checks only for a small size of the hash? If I understand this, I can eventually repair dialup_admin so it can test crypt-passwords correctly... If someone from radius team could help me with this, I would thank you all! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius and ISPD
Hello freeradius users, My question is: If somebody has tried to use the freeradius with the ISPD (http://ispd.eburg.com).. If somebody did please can mail me. thanks. Besides that can somebody tell me if there are more modules to add to the dialup_admin. Right now Im trying to configure it. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Password expiry and freeradius
On Tue, 25 Jun 2002 20:39:04 +0200, [EMAIL PROTECTED] wrote: >i wrote a php frontend to add/remove users as well as change >passwords... your solution should work and i'll give it an try... but >will the radius server send a warning to the user to tell him that his >password has expired ??? What's the password crypting schema? I have some trouble to make crypt-password work on php... If you use only the php's crypt() function, it will randomly generate a password. In fact, its now only me that has this problem. The dialup admin program which comes with freeradius, fails on testing the crypted-password. Anyway, it can succesfully generate passwords for radius. As opiniões formuladas neste e-mail são de caráter exclusivamente pessoal. Minha opinião não necessariamente representa a opinião do meu Moto Grupo nem da empresa onde trabalho. Mene Sakkhet ur-seveh Alexandre Ganso - Diretor Steel Goose Moto Group 6, 7 e 8 de setembro - Aniversario 10 anos Steel Goose - Ouro Branco - MG 500 Four Vermelha [EMAIL PROTECTED] ICQ# 3778773 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
user/group switching behaviour changed
The default behaviour of the server has been changed with respect to the handling of user/group switching changes. Previously, when run in debug mode, the server would not switch to the user/group specified in the config, but would switch when run in daemon mode. This could cause problems with the server at times being able or unable to write information out to the .log and other files. The server will now switch to the user/group specified in the config file regardless of whether it is in debug mode or not. If no user/group are specifed, then the server will continue to run with the user/group it was started under. The config file by default now has the 'user' and 'group' options commented out. If you are running the server as a non-root user please take note of this change as upgrading may require you to make changes to your config. This takes effect in the latest CVS builds and will be incorporated into the next release version. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to Run RAdius Server
First you need to know what type of authentication you need. You can lookup the user/password from the passwd/shadow files, you can set a plain-text 'users' file, you can look this information on a sql table, or even inside a ldap server (which I would not recommend for a newbie on radius, as I see so many people having trouble with this kind of authentication). The 'users' file should be the better choice for you to start on radius... >I have installed free radius in RH 7.1 and how can i able to check for user name and >password . how can i able to login inside the radius Server. please let me know about that - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Password expiry and freeradius
On Tue, 25 Jun 2002 20:39:04 +0200, [EMAIL PROTECTED] wrote: >what i'm really looking for is a way to set expiry of a password to say >20 days and then get the user to have to change his password. any ideas This is not so easy to do, and radius itself doesn't do that. The fact is: if a password is expired (say using the expiration attribute), radius will not let the user get in and this will prevent him from changing its own password. How can a user change his password if he's unable to log on? The solution: use the expiration attribute, but query it peridocally with a self-made script at your crontab, for instance on a daily basis. This script would eventually check for users whose password will expire within' some time, and after a deadline is reached (1 week is a good time), your script will warn the user, send a e-mail or whatever means, but let the user know that his (or her, sorry for my bad english) password will expire. WHEN the user change his password, remember to change the expiration attribute, so the user can log after the initial time of expiration. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_unix file not found
On Tue, 25 Jun 2002 06:26:09 +0200, [EMAIL PROTECTED] wrote: Mega-dumb question: did you run ldconfig? And is there a line containing "/usr/local/lib" inside the /etc/ld.so.conf file (or wherever your system puts this information)? >I'm new to freeradius and have a problem.. when I run >"check-radiusd-config" I get the error: >radiusd.conf[426] Failed to link to module 'rlm_unix': file not found.. >however the rlm_unix.a and rlm_unix.la are in the /usr/local/lib/ >directory. 'radiusd' doesn't seem to have a problem finding the other >libraries?? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Who's connected on radius.log?
On Tue, 25 Jun 2002 06:26:09 +0200, [EMAIL PROTECTED] wrote: >I did it and at now, everything is working more or less fine but i'm not able to see >in the radius.log file who is connected as it is show >with cistron radius. It's a way to view in a log who was connected, whose connection >failed and why? To make radius.log look the same as the one from cistron radius, I needed to change some things: Try changing this sections in your radiusd.conf to look like this, and it will do the job for you: # Log authentication requests to the log file. # # allowed values: {no, yes} log_auth = yes # Log passwords with the authentication requests. # log_auth_badpass - logs password if it's rejected # log_auth_goodpass - logs password if it's correct # # allowed values: {no, yes} log_auth_badpass = yes log_auth_goodpass = no As opiniões formuladas neste e-mail são de caráter exclusivamente pessoal. Minha opinião não necessariamente representa a opinião do meu Moto Grupo nem da empresa onde trabalho. Mene Sakkhet ur-seveh Alexandre Ganso - Diretor Steel Goose Moto Group 6, 7 e 8 de setembro - Aniversario 10 anos Steel Goose - Ouro Branco - MG 500 Four Vermelha [EMAIL PROTECTED] ICQ# 3778773 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Password expiry and freeradius
Set the response in RadGroup. That'll send a message to the user, but if the user is on Microsoft products, the implementation doesnt support messages coming in from the radius server. Regards, Asad -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of GraemeSent: Tuesday, June 25, 2002 1:31 PMTo: [EMAIL PROTECTED]Subject: Re: Password expiry and freeradiusi wrote a php frontend to add/remove users as well as change passwords... your solution should work and i'll give it an try... but will the radius server send a warning to the user to tell him that his password has expired ??? cheers Graeme Asad Manzur wrote: Hi,How do you add accounts? do you add them manually? You could write a simple script doing something like insert into radcheck (username, attribute, value) values ('username','Expiration',now()+20);Regards,Asad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Graeme Sent: Tuesday, June 25, 2002 12:07 PM To: [EMAIL PROTECTED] Subject: Re: Password expiry and freeradiusthanks. what i'm really looking for is a way to set expiry of a password to say 20 days and then get the user to have to change his password. any ideas cheers Graeme Asad Manzur wrote: Hi,Use 'Expiration' as a check field with the date format as "01 July 2002" for the expiry date.Regards,Asad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Graeme Sent: Monday, June 24, 2002 3:16 PM To: [EMAIL PROTECTED] Subject: Password expiry and freeradiusHi guys here is a quick description of my setup. i have a squid box that people proxy to. It hands the authentication off to a freeradius daemon on the same box. The free radius the queries a mysql server (on the same box) for user name and password. os - Redhat linux 7.2 freeradius - 0.5 mysql - Ver 11.18 Distrib 3.23.51, for pc-linux-gnu (i686) every thing is working fine. but i now need to expire user passwords and enable them to change them (this is first prize of course). Does any body know of some documentation on this or has experience doing it in the past. cheers Graeme -- Never underestimate the power of stupid people in large groups. -- Never underestimate the power of stupid people in large groups. -- Never underestimate the power of stupid people in large groups.
Regular expressions syntax in users file
Hi, I would like to know what is the exact syntax of regular expressions in the users file. What would be the right one? attribute =~ "regexp" attribute =~ "/regexp/" attribute =~ regexp attribute =~ /regexp/ Need help. thank you Roonui
Re: Embeding Perl in freeradius
Boian Iliev Jordanov <[EMAIL PROTECTED]> wrote: > Does somebody think or have a working version of perl module for > freeradius ? i wrote some code but may be i missed something and > radius sometimes makes core dumps. Can somebody help me ? I am ready > to provide sources, if some body have interests. Use gdb to track down the core dumps. Post a 'tar' file of the module on the web somewhere. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Newbie -- need help
"BORCHERS,JASON (HP-Roseville,ex1)" <[EMAIL PROTECTED]> wrote: > I'm really at a loss here, and since I'm so new to RADIUS I have no idea > what to do next. I suspect I've missed an important step in setting up the > server. Does anyone have any ideas? Read the FAQ? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_unix file not found
radiusd.conf[426]is the line number in the radiusd.conf file where the problem occurs this is a reference to module "unix" change one of those settings that has to do with caching passwords or the shadow file setting try different settings I would suggest you have there: cache = yes shadow = /etc/shadow the # are comments make sure you remove them from in front of those lines Regards Henk Pretorius "Stefan Immel" <[EMAIL PROTECTED]> Sent by:To: <[EMAIL PROTECTED]> freeradius-users-admin@lists. cc: cistron.nl Subject: RE: rlm_unix file not found 2002/06/25 02:32 PM Please respond to freeradius-users > Hey All, > > I'm new to freeradius and have a problem.. when I run > "check-radiusd-config" I get the error: > radiusd.conf[426] Failed to link to module 'rlm_unix': file > not found.. > however the rlm_unix.a and rlm_unix.la are in the /usr/local/lib/ > directory. 'radiusd' doesn't seem to have a problem finding the other > libraries?? > > Any suggestions? Which version do you use ??? I had the problem too but it was fixed in a recent snapshot. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_unix file not found
sorry I don't read carefully check the variable find / -name "rlm_unix*" and edit radiusd.conf libdir = /usr/local/lib #with the correct path --- BlUz <[EMAIL PROTECTED]> wrote: > Hey All, > > I'm new to freeradius and have a problem.. when I > run > "check-radiusd-config" I get the error: > radiusd.conf[426] Failed to link to module > 'rlm_unix': file not found.. > however the rlm_unix.a and rlm_unix.la are in the > /usr/local/lib/ > directory. 'radiusd' doesn't seem to have a problem > finding the other > libraries?? > > Any suggestions? > > Thanks. > > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html = |-| | Ser Joven Y No Ser Revolucionario, | | | | Es Una Contradiccion Hasta Biologica...| |-| __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_unix file not found
Yes, uncoment the line where says #shadow = /etc/shadow by shadow = /etc/shadow --- Stefan Immel <[EMAIL PROTECTED]> wrote: > > Hey All, > > > > I'm new to freeradius and have a problem.. when I > run > > "check-radiusd-config" I get the error: > > radiusd.conf[426] Failed to link to module > 'rlm_unix': file > > not found.. > > however the rlm_unix.a and rlm_unix.la are in the > /usr/local/lib/ > > directory. 'radiusd' doesn't seem to have a > problem finding the other > > libraries?? > > > > Any suggestions? > Which version do you use ??? I had the problem too > but it was fixed in a recent snapshot. > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html = |-| | Ser Joven Y No Ser Revolucionario, | | | | Es Una Contradiccion Hasta Biologica...| |-| __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_unix file not found
> Hey All, > > I'm new to freeradius and have a problem.. when I run > "check-radiusd-config" I get the error: > radiusd.conf[426] Failed to link to module 'rlm_unix': file > not found.. > however the rlm_unix.a and rlm_unix.la are in the /usr/local/lib/ > directory. 'radiusd' doesn't seem to have a problem finding the other > libraries?? > > Any suggestions? Which version do you use ??? I had the problem too but it was fixed in a recent snapshot. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Embeding Perl in freeradius
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, Does somebody think or have a working version of perl module for freeradius ? i wrote some code but may be i missed something and radius sometimes makes core dumps. Can somebody help me ? I am ready to provide sources, if somebody have interests. - -- - -- Best Regards, Boian Jordanov SNE Orbitel - the Internet Company tel. +359 2 937 07 23 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9GFYNeYpFgymJ6RARAmp+AJ9h1jxPeo4UUmi8KJMdic9QzVgCuACbBkhx zjAv+2qWVnhbRbbscl53meE= =GK0C -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Password expiry and freeradius
i wrote a php frontend to add/remove users as well as change passwords... your solution should work and i'll give it an try... but will the radius server send a warning to the user to tell him that his password has expired ??? cheers Graeme Asad Manzur wrote: Hi,How do you add accounts? do you add them manually? You could write a simple script doing something like insert into radcheck (username, attribute, value) values ('username','Expiration',now()+20);Regards,Asad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Graeme Sent: Tuesday, June 25, 2002 12:07 PM To: [EMAIL PROTECTED] Subject: Re: Password expiry and freeradius thanks. what i'm really looking for is a way to set expiry of a password to say 20 days and then get the user to have to change his password. any ideas cheers Graeme Asad Manzur wrote: Hi,Use 'Expiration' as a check field with the date format as "01 July 2002" for the expiry date.Regards,Asad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Graeme Sent: Monday, June 24, 2002 3:16 PM To: [EMAIL PROTECTED] Subject: Password expiry and freeradius Hi guys here is a quick description of my setup. i have a squid box that people proxy to. It hands the authentication off to a freeradius daemon on the same box. The free radius the queries a mysql server (on the same box) for user name and password. os - Redhat linux 7.2 freeradius - 0.5 mysql - Ver 11.18 Distrib 3.23.51, for pc-linux-gnu (i686) every thing is working fine. but i now need to expire user passwords and enable them to change them (this is first prize of course). Does any body know of some documentation on this or has experience doing it in the past. cheers Graeme -- Never underestimate the power of stupid people in large groups. -- Never underestimate the power of stupid people in large groups. -- Never underestimate the power of stupid people in large groups.
RE: Password expiry and freeradius
Hi, How do you add accounts? do you add them manually? You could write a simple script doing something like insert into radcheck (username, attribute, value) values ('username','Expiration',now()+20); Regards, Asad -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of GraemeSent: Tuesday, June 25, 2002 12:07 PMTo: [EMAIL PROTECTED]Subject: Re: Password expiry and freeradiusthanks. what i'm really looking for is a way to set expiry of a password to say 20 days and then get the user to have to change his password. any ideas cheers Graeme Asad Manzur wrote: Hi,Use 'Expiration' as a check field with the date format as "01 July 2002" for the expiry date.Regards,Asad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Graeme Sent: Monday, June 24, 2002 3:16 PM To: [EMAIL PROTECTED] Subject: Password expiry and freeradiusHi guys here is a quick description of my setup. i have a squid box that people proxy to. It hands the authentication off to a freeradius daemon on the same box. The free radius the queries a mysql server (on the same box) for user name and password. os - Redhat linux 7.2 freeradius - 0.5 mysql - Ver 11.18 Distrib 3.23.51, for pc-linux-gnu (i686) every thing is working fine. but i now need to expire user passwords and enable them to change them (this is first prize of course). Does any body know of some documentation on this or has experience doing it in the past. cheers Graeme -- Never underestimate the power of stupid people in large groups. -- Never underestimate the power of stupid people in large groups.