User freezing!!!
Hi, all I use freeradius with MySQL & I have problem with user freezing. I'm turn off any accounting & logging except MySQL (such as radutmp, radwtmp). My radius server works pretty well except one thing: When my users is disconnects unexpectedly (telephone line rapture & etc.) in the database his still online (AcctStopTime is still -00-00 00:00:00) & as effect his can't reconnect (radius tells him such login already exists). To solve it I'm every day check radacct table for redundancy AcctStopTime=-00-00 00:00:00 & delete all this records. I do this manualy every day. My users thinks that somebody steals his password. Question: How can I check for existance of incorrect entries & delete it automatically or at all debar from appearance of it? Thanks in advance. Regards, Eric. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RADTEST program issues
I'm new to using FreeRADIUS, I've just downloaded, configured and installed the defaults for version 0.8.1. I copied a few files from another RADIUS server over to try and use my existing config (in the belief that they should be the same, all following the rfc) however there were one or two little things to fix because certain entries weren't the same in my dictionary file. That was all good, now the server runs after chucking a few hundred "had to change Password = to Password ==" messages which I will worry about later. Anyway, I run radtest with all the appropriate commandline options to receive this message: [EMAIL PROTECTED] bin]# ./radtest user password 127.0.0.1 1 key radclient:Unknown attribute User-Password I figure this is something to do with dictionary files, but I can't find that entry in any of the ones I seem to have. Any ideas? == Adrian Griffin Administrator RetNet Internet Services -- Phone: 07 5527 0436 PO Box 105 Fax: 07 5532 9172 Southport BC == - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Newbie: Permissions on rlm_sql_mysql/db_mysql.sql
On Thu, 27 Feb 2003, Ed H wrote: > To add, this is all an attempt to get rid of the error below: > > rlm_sql: Could not link driver rlm_sql_mysql: file not found > rlm_sql: Make sure it (and all its dependent libraries!) are in the search > path of your system's ld. > radiusd.conf[14]: sql: Module instantiation failed. This often happens if you didn't do "make install" (which installs all the libraries where they need to be). What exactly did you put in ld.so.conf? Did you run ldconfig after adding that line? And is there a rlm_sql_mysql.so or similar file in that directory? Are you sure that the rlm_mysql library even got compiled? (Maybe the configure script couldn't find your mysql libraries and include files.) This error can have a lot of reasons behind it ranging from something not going quite right during compilation to the library not being where the server can find it. You'll want to look around to make sure it even got compiled, and that it's someplace where the server can find it. Just a few thoughts. :-) K. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Newbie: Permissions on rlm_sql_mysql/db_mysql.sql
On Wed, 26 Feb 2003, Ed H wrote: > I am a newbie installing FreeRadius for the first time on a Redhat Linux 7.2 > system with MySQL capabilities. > > I got the system to run without the SQL option and am now having problems > reading the db_mysql.sql library. I added the rlm_sql_mysql path to my > ld.so.conf file and also to the radiusd.conf file. However I am still > having problems. [snip] Actually, db_mysql.sql is a text file containing the database and table structures you need to use for freeradius + mysql. It doesn't matter what the permissions or ownership are, because you just use it to create your radius tables. Usually, something like this: mysql < db_mysql.sql or mysql -p db_mysql.sql It's not read or used at all by the radius server itself, as far as I know. Kristina - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: access without login/password
in the users file, set DEFAULT Auth-Type:=Accept - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Newbie: Permissions on rlm_sql_mysql/db_mysql.sql
To add, this is all an attempt to get rid of the error below: rlm_sql: Could not link driver rlm_sql_mysql: file not found rlm_sql: Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. Ed _ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Newbie: Permissions on rlm_sql_mysql/db_mysql.sql
Hello: I am a newbie installing FreeRadius for the first time on a Redhat Linux 7.2 system with MySQL capabilities. I got the system to run without the SQL option and am now having problems reading the db_mysql.sql library. I added the rlm_sql_mysql path to my ld.so.conf file and also to the radiusd.conf file. However I am still having problems. My permissions on the db_mysql.sql looks like this: -rw-r--r--1 root 504 4585 Nov 8 15:42 db_mysql.sql The radiusd binary is owned by "root" with the user/group tags in the radiusd.conf file set to "nobody". What should the db_mysql.sql file above be set to? Should it be set to "root" group instead of 504? Is there any security reasons why it is now set at 504? this is what the install gave it. Thanks. Ed _ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
access without login/password
Hello, this is my first post to the plist, i have solaris 2.7/Sparc + freeradius 0.8 and we want to known how can i permit access without login and password as default ? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: post_proxy methods
Thanks Alan and Chris. Indeed, I did mean version 0.8 (not 8.0). There are no 'FreeRadius' specific resources I have to free on a proxy-reject, but my module holds state information and some resources for each active session. If a user attempts to renew their session and for some magical reason the proxy says 'NO!', then my module needs to mop up. Thanks again, I will investigate the CVS tree. MV On Wed, 2003-02-26 at 15:42, Chris Parker wrote: > At 03:28 PM 2/26/2003 -0500, Mike Varley wrote: > >Appologies for not keeping up to date, but I was wondering if the > >'post_proxy' module methods are currently supported. > > Yes, but not by every module. Check the latest CVS for support. > > >I am running FR 8.0, and although I can list post-proxy methods in the > >config file, the methods are not run. This did not pose a problem > >because I simply implemented a 'post-auth' method to do all my work. > > Code is in current CVS to do this. I belive it is post 0.8 but may > or may not be in 0.8.1. > > >The problem now is that I would like to know if the proxy rejects a > >user; if it does, I need to free up any resources that user maybe > >holding. Are the post-proxy methods supported? Will they be called on a > >Proxy-Reject? > > Post-Proxy exists as a stage after authorization, after the reply has > been received from the remote server, but before the reply enters > the authentication stage ( IE, before a request is sent back to the > client who sent it to us ). > > There shouldn't be anything specific you need to do in post-proxy > to do cleanup, unless you have a custom module that has allocated > resources in some way. > > >If there is a 'ChangeLog' file someone could point me to, I will happily > >read that. > > Subscribe to the -devel list and you'll get nightly CVS commit logs, that > is the best way to get the most verbose and uptodate feature information. > > -Chris > -- > \\\|||/// \ StarNet Inc. \ Chris Parker > \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering > | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 > oOo---(_)---oOo--\-- >\ Wholesale Internet Services - http://www.megapop.net > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- ~~~ Mike Varley -= SOMA Networks =- Tel: 416.977.1414 x1578 email: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: post_proxy methods
At 03:28 PM 2/26/2003 -0500, Mike Varley wrote: Appologies for not keeping up to date, but I was wondering if the 'post_proxy' module methods are currently supported. Yes, but not by every module. Check the latest CVS for support. I am running FR 8.0, and although I can list post-proxy methods in the config file, the methods are not run. This did not pose a problem because I simply implemented a 'post-auth' method to do all my work. Code is in current CVS to do this. I belive it is post 0.8 but may or may not be in 0.8.1. The problem now is that I would like to know if the proxy rejects a user; if it does, I need to free up any resources that user maybe holding. Are the post-proxy methods supported? Will they be called on a Proxy-Reject? Post-Proxy exists as a stage after authorization, after the reply has been received from the remote server, but before the reply enters the authentication stage ( IE, before a request is sent back to the client who sent it to us ). There shouldn't be anything specific you need to do in post-proxy to do cleanup, unless you have a custom module that has allocated resources in some way. If there is a 'ChangeLog' file someone could point me to, I will happily read that. Subscribe to the -devel list and you'll get nightly CVS commit logs, that is the best way to get the most verbose and uptodate feature information. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: post_proxy methods
Mike Varley <[EMAIL PROTECTED]> wrote: > Appologies for not keeping up to date, but I was wondering if the > 'post_proxy' module methods are currently supported. They're supported in the CVS head. > I am running FR 8.0, and although I can list post-proxy methods in the > config file, the methods are not run. This did not pose a problem > because I simply implemented a 'post-auth' method to do all my work. 8.0? You mean 0.8. > The problem now is that I would like to know if the proxy rejects a > user; if it does, I need to free up any resources that user maybe > holding. Are the post-proxy methods supported? Will they be called on a > Proxy-Reject? In the latest CVS snapshot, they should work, and they should be called on a reject, too. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
post_proxy methods
Appologies for not keeping up to date, but I was wondering if the 'post_proxy' module methods are currently supported. I am running FR 8.0, and although I can list post-proxy methods in the config file, the methods are not run. This did not pose a problem because I simply implemented a 'post-auth' method to do all my work. The problem now is that I would like to know if the proxy rejects a user; if it does, I need to free up any resources that user maybe holding. Are the post-proxy methods supported? Will they be called on a Proxy-Reject? If there is a 'ChangeLog' file someone could point me to, I will happily read that. Thanks. MV -- ~~~ Mike Varley -= SOMA Networks =- Tel: 416.977.1414 x1578 email: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: checkrad script things
Kristina Pfaff-Harris <[EMAIL PROTECTED]> wrote:
> Question for the developers on the format of a clients.conf entry. (Hm.
> Should we take this discussion of checkrad to the devel list?)
Sure...
> Actually, a few questions, and please, as always, point me to any docs I
> may have missed. First, do the spaces have to be tabs, or can they be any
> kind of space?
There isn't much in the way of docs for the configuration file
format.
The spaces can be tabs or spaces.
> Can you do something like
>
> client 127.0.0.1 { secret = rillyseekrit }
>
> Or do the braces and the config options have to be separated by newlines?
Yes, they do. The parser is *very* dumb.
> Can we have # comments anywhere in the entry, and if so, do comments start
> at the # and go to the end of the line, or does the # have to be at the
> beginning of a line as in "clients"? In other words, can I have this:
>
> secret = rillyseekrit # the secret: shh!
Yes, but only because the parser is broken.
After it reads 'rillyseekrit', it STOPS looking for anything else on
the line. So you can do:
secret = rillyseekrit ignore this stuff
and it will probably parse.
> To read the secret/community string/etc from clients.conf, you'd want
> checkrad to be able to parse every variation of how a user might set up
> that file,
No, I am *severely* opposed to checkrad parsing clients.conf. If
necessary, the server can pass more options to checkrad.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with Cisco...
** http://www.ibershop.com ** > On Wed, 26 Feb 2003 [EMAIL PROTECTED] wrote: > > > Good afternoon, We've installed freeradius v0.8.1, and we've configured > > our dialin Cisco router... The problem we have is that when we try to > > make a new connection we get all the info about the caller but not the > > "Framed IP Address", so, when we take this info to the database this > > field is empty... When the user disconnects, the IP address appears > > between the disconnection logs... > > > > Why could be that the IP doesn't appear at the connecting time? (the > > user has been validated by freeradius, and the IP should be > > assigned...) > > You need to put in the cisco this configuration: > > aaa accounting delay-start > > Otherwise, the cisco will send the accounting packet before the user is > actually assigned an IP address and the address won't be listed until it > sends the stop record. :-) > > (Heh. I just searched the mailing list archives for this exact thing > yesterday. :-)) > > K. > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > Thank you very much... It's working! :) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with Cisco...
On Wed, 26 Feb 2003 [EMAIL PROTECTED] wrote: > Good afternoon, We've installed freeradius v0.8.1, and we've configured > our dialin Cisco router... The problem we have is that when we try to > make a new connection we get all the info about the caller but not the > "Framed IP Address", so, when we take this info to the database this > field is empty... When the user disconnects, the IP address appears > between the disconnection logs... > > Why could be that the IP doesn't appear at the connecting time? (the > user has been validated by freeradius, and the IP should be > assigned...) You need to put in the cisco this configuration: aaa accounting delay-start Otherwise, the cisco will send the accounting packet before the user is actually assigned an IP address and the address won't be listed until it sends the stop record. :-) (Heh. I just searched the mailing list archives for this exact thing yesterday. :-)) K. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with Cisco...
At 06:32 PM 2/26/2003 +0100, [EMAIL PROTECTED] wrote: Good afternoon, We've installed freeradius v0.8.1, and we've configured our dialin Cisco router... ... Why could be that the IP doesn't appear at the connecting time? (the user has been validated by freeradius, and the IP should be assigned...) This is covered in the 'doc/cisco' file. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: checkrad script things
On Tue, 25 Feb 2003, Derrik Pates wrote:
> - For several RAS server types, the script doesn't actually look up
> username/password (or SNMP community ID) info from anyplace.
>
> - The script only looks in the naspasswd file, which I thought was
> deprecated. Shouldn't it look in (and of course, parse) clients.conf,
> at least?
Question for the developers on the format of a clients.conf entry. (Hm.
Should we take this discussion of checkrad to the devel list?) A
clients.conf entry looks something like this:
client 127.0.0.1 {
secret = rillyseekrit
shortname = localhost
nastype = other
}
Actually, a few questions, and please, as always, point me to any docs I
may have missed. First, do the spaces have to be tabs, or can they be any
kind of space?
Can you do something like
client 127.0.0.1 { secret = rillyseekrit }
Or do the braces and the config options have to be separated by newlines?
Can we have # comments anywhere in the entry, and if so, do comments start
at the # and go to the end of the line, or does the # have to be at the
beginning of a line as in "clients"? In other words, can I have this:
secret = rillyseekrit # the secret: shh!
To read the secret/community string/etc from clients.conf, you'd want
checkrad to be able to parse every variation of how a user might set up
that file, so I'm just trying to get a handle on what the server itself
requires in that config.
(I did read man 5 clients, but while it refers to man 5 clients.conf,
there ... um ... doesn't seem to be one. :-))
Thanks for any info or pointers to docs.
K.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problems with Cisco...
Good afternoon, We've installed freeradius v0.8.1, and we've configured our dialin Cisco router... The problem we have is that when we try to make a new connection we get all the info about the caller but not the "Framed IP Address", so, when we take this info to the database this field is empty... When the user disconnects, the IP address appears between the disconnection logs... Why could be that the IP doesn't appear at the connecting time? (the user has been validated by freeradius, and the IP should be assigned...) Thanks for your time! Best Regards, David. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: checkrad script things
On _ 2003-02-25 at 19:46, Kostas Kalevras wrote: > On Tue, 25 Feb 2003, Alan DeKok wrote: > > > [EMAIL PROTECTED] (Derrik Pates) wrote: > > > After looking at the checkrad script, I noticed a few minor things. > > > Namely: > > > > > > - For several RAS server types, the script doesn't actually look up > > > username/password (or SNMP community ID) info from anyplace. > > > > Yeah,checkrad hasn't had much development for quite a while. > > > > > - The script only looks in the naspasswd file, which I thought was > > > deprecated. Shouldn't it look in (and of course, parse) clients.conf, > > > at least? > > > > The server probably shouldn't fork checkrad at all. > > > > See 'gnu radius', it uses the SNMP libraries directly to avoid an > > external program like checkrad. > > > > In addition, putting that code into the server means that the > > configuration parameters are easily available, and external programs > > don't have to root through configuration files. > > checkrad is one huge piece of software which i don't think will ever be moved > inside the server. It uses SNMP only for specific nas types (cisco for example) > and other methods (like telnet) for other nas types. > I would prefer just using perl xlat to call it directly from the server thus > avoiding the perl interpreter overhead. IMHO using check_simul function in perl will reduce use of eval in xlat function and this way overhead will be reducent even more. > The overhead isn't that large in any case since checkrad is only called in > double login cases. > > > > > Alan DeKok. > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > -- > Kostas Kalevras Network Operations Center > [EMAIL PROTECTED] National Technical University of Athens, Greece > Work Phone: +30 210 7721861 > 'Go back to the shadow' Gandalf > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards, Boian Jordanov SNE Orbitel - the Internet Company tel. +359 2 937 07 23 signature.asc Description: This is a digitally signed message part
Re: Tagged Attributes and rlm_sql
At 05:04 PM 2/25/2003 -0800, Jacob S. Barrett wrote: Nevermind, I figured it out. It was in the value field ":TAG:VALUE". Thanks, Jake Jacob S. Barrett wrote: I am having problems finding the correct format for configuring a reply with tagged attributes in rlm_sql in 1.8.1. Is the attritbute field format "ATTRIBUTE:TAG" for example "Tunnel-Type:1"? When I do this I get this error in the debug log "rlm_sql: unknown attribute Tunnel-Type:1". I have tried another example that I saw on another product where you set the value to 'TAG1="VALUE"', but that resulted in a segfault on the server. What is the correct format or what I am doing wrong? Both syntax should work. Hmmm, I'll take a poke rlm_sql to see what I can do. Glad the alternate syntax worked for you though! -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re:Free Radius and Inter Access Point Protocol (IAPP - 802.11f)
Yes, it does. Vincent Giovannone Network Infrastructure Group Information Services Division Rush - Presbyterian St. Luke's Medical Center "So for the IT Manager Role, you want someone who's absolute crap, looks reasonable on paper, and won't cause too much trouble. ... Well I don't have any MCSEs on my books at the moment, but I could call around."-- Simon Travaglia "Mohit Bajpai" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 02/26/2003 04:40 AM Please respond to freeradius-users To: <[EMAIL PROTECTED]> cc: <[EMAIL PROTECTED]> Subject:Re:Free Radius and Inter Access Point Protocol (IAPP - 802.11f) Hi, Thanks for the reply.I have one more question.I would like to know whether freeRADIUS supports Wireless LAN(IEEE 802.11b) authorization and authentication like EAP /802.1X , ESSID registration and things like that. Please reply. Thanks and Regards, Mohit - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AW: more than one Cisco-AVPair attributes
Hello Joe, thank you. I forgot to look in this man page. It works great and I save a lot of time Christian Ihm -Ursprüngliche Nachricht- Von: Joe Maimon [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 26. Februar 2003 14:32 An: [EMAIL PROTECTED] Betreff: Re: more than one Cisco-AVPair attributes try using += man 5 users Ihm, Christian wrote: > Hello, > > > > I'm testing Freeradius about 4 weeks. I want to implement this product > in our firm. > > > > I want to create a user who could make an Dial-In to an Cisco Router > 3640 who correspond to an Radius-Server. > > > > I create following config: > > > > * Ritchie Auth-Type := Local, Password == ritch * > > * Service-Type = Framed-User, * > > * Framed-Protocol = PPP, * > > * Cisco-AVPair:="ip_addr-pool=Test", * > > * Framed-IP-Netmask = 255.255.255.0, * > > * Framed-Routing = Broadcast-Listen, * > > * Framed-MTU = 1500, * > > * Cisco-AVPair:="ip:dns-servers= > xxx.xxx.xxx.xxx", * > > * > Cisco-AVPair:="ip:wins-servers=xxx.xxx.xxx.xxx", * > > * Framed-Compression = Van-Jacobsen-TCP-IP * > > * * > > I'm running the Radiusd-Daemon in Debug mode -X . When this user dials > in the radiusd cleans the string of the address-pool and wrights the > wins-serves in > > this string too . So the client don't get an ip-address an quit. > > > > Has anyone an idea what the problem is. > > > > It would be very helpfull fo me. > > > > Thanks a lot > > > > Christian Ihm > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: more than one Cisco-AVPair attributes
Oh yeah, I think you can embed newlines into the Cisco-AVpair with '\n' Ihm, Christian wrote: Hello, I'm testing Freeradius about 4 weeks. I want to implement this product in our firm. I want to create a user who could make an Dial-In to an Cisco Router 3640 who correspond to an Radius-Server. I create following config: * Ritchie Auth-Type := Local, Password == ritch * * Service-Type = Framed-User, * * Framed-Protocol = PPP, * * Cisco-AVPair:="ip_addr-pool=Test", * * Framed-IP-Netmask = 255.255.255.0, * * Framed-Routing = Broadcast-Listen, * * Framed-MTU = 1500, * * Cisco-AVPair:="ip:dns-servers= xxx.xxx.xxx.xxx", * * Cisco-AVPair:="ip:wins-servers=xxx.xxx.xxx.xxx", * * Framed-Compression = Van-Jacobsen-TCP-IP * * * I'm running the Radiusd-Daemon in Debug mode -X . When this user dials in the radiusd cleans the string of the address-pool and wrights the wins-serves in this string too . So the client don't get an ip-address an quit. Has anyone an idea what the problem is. It would be very helpfull fo me. Thanks a lot Christian Ihm - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: more than one Cisco-AVPair attributes
try using += man 5 users Ihm, Christian wrote: Hello, I'm testing Freeradius about 4 weeks. I want to implement this product in our firm. I want to create a user who could make an Dial-In to an Cisco Router 3640 who correspond to an Radius-Server. I create following config: * Ritchie Auth-Type := Local, Password == ritch * * Service-Type = Framed-User, * * Framed-Protocol = PPP, * * Cisco-AVPair:="ip_addr-pool=Test", * * Framed-IP-Netmask = 255.255.255.0, * * Framed-Routing = Broadcast-Listen, * * Framed-MTU = 1500, * * Cisco-AVPair:="ip:dns-servers= xxx.xxx.xxx.xxx", * * Cisco-AVPair:="ip:wins-servers=xxx.xxx.xxx.xxx", * * Framed-Compression = Van-Jacobsen-TCP-IP * * * I'm running the Radiusd-Daemon in Debug mode -X . When this user dials in the radiusd cleans the string of the address-pool and wrights the wins-serves in this string too . So the client don't get an ip-address an quit. Has anyone an idea what the problem is. It would be very helpfull fo me. Thanks a lot Christian Ihm - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Free Radius and Inter Access Point Protocol (IAPP - 802.11f)
yes, all this is supported. > Mohit Bajpai wrote: > > Hi, > Thanks for the reply.I have one more question.I would like > to know whether freeRADIUS supports Wireless LAN(IEEE 802.11b) > authorization and authentication like EAP /802.1X , ESSID registration > and things like that. > Please reply. > > Thanks and Regards, > Mohit -- Artur Hecker artur[at]hecker.info - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(no subject)
Hello, I have radius server authenticating + accounting (freeradius 8.0 on Linux mandrake 8.2), The first level authencating : is OK Access-resquest Access-Accept But the second level accounting : I get the message : “ rad_recv: Accounting-Request packet from host 192.168.1.85:26386, id=74, length=68 Accounting-Request packet sent to a non-accounting port from client test:26386 - ID 74 : IGNORED ” “ User-Name = "admin" User-Password = "admin_123" NAS-IP-Address = 192.168.1.85 NAS-Identifier = "login" NAS-Port = 25362 NAS-Port-Type = Virtual Service-Type = Authenticate-Only Calling-Station-Id = "192.168.1.80" ….. ….. auth: type Local auth: user supplied User-Password matches local User-Password Login OK: [admin/admin_123] (from client test port 25362 cli 192.168.1.80) Sending Access-Accept of id 176 to 192.168.1.85:26387 Finished request 1 “ rad_recv: Accounting-Request packet from host 192.168.1.85:26386, id=74, length=68 Accounting-Request packet sent to a non-accounting port from client test:26386 - ID 74 : IGNORED ” Thanks a lot ! [EMAIL PROTECTED] Halim Bouguebri Network Engineer Mobileway France
Re:Free Radius and Inter Access Point Protocol (IAPP - 802.11f)
Hi, Thanks for the reply.I have one more question.I would like to know whether freeRADIUS supports Wireless LAN(IEEE 802.11b) authorization and authentication like EAP /802.1X , ESSID registration and things like that. Please reply. Thanks and Regards, Mohit
more than one Cisco-AVPair attributes
Hello, I'm testing Freeradius about 4 weeks. I want to implement this product in our firm. I want to create a user who could make an Dial-In to an Cisco Router 3640 who correspond to an Radius-Server. I create following config: Ritchie Auth-Type := Local, Password == ritch Service-Type = Framed-User, Framed-Protocol = PPP, Cisco-AVPair:="ip_addr-pool=Test", Framed-IP-Netmask = 255.255.255.0, Framed-Routing = Broadcast-Listen, Framed-MTU = 1500, Cisco-AVPair:="ip:dns-servers= xxx.xxx.xxx.xxx", Cisco-AVPair:="ip:wins-servers=xxx.xxx.xxx.xxx", Framed-Compression = Van-Jacobsen-TCP-IP I'm running the Radiusd-Daemon in Debug mode -X . When this user dials in the radiusd cleans the string of the address-pool and wrights the wins-serves in this string too . So the client don't get an ip-address an quit. Has anyone an idea what the problem is. It would be very helpfull fo me. Thanks a lot Christian Ihm
