File blocked - ScanMail for Lotus Notes --> Re: Wicked screensaver
SCANMAIL hat die Anlagedatei entfernt, da diese die Dateiendung SCR (Bildschirmschoner) hat. Diese ausführbaren Dateien können Viren enthalten und werden daher grundsätzlich entfernt! SCANMAIL has removed the attached file, due to its file extension SCR (screen saver). These executable files may contain viruses and are therefore blocked in generall! Rückfragen bitte an die Notes Hotline 77577 / For questions please call Notes Helpdesk 77577 Date: 20.08.2003 05:16:30 Subject: Re: Wicked screensaver Virus: File: wicked_scr.scr From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Action: Blocked by Filter Rules; Scanned by ScanMail for Lotus Notes 2.6 with scanengine 6.510-1002 and patternfile lpt$vpn.618 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Segmentation fault on Freeradius
I am running Freeradius 0.9 and I am writing accounting records to an Oracle DB ver 8i. If the Database goes down, the Freeradius gives a segmentation fault error and dies. I've tried also to point to another database as a fail-over option, but the same results were encountered. Please find below the gdb output along with the debug output and the configuration. GDB output > gdb /app/experimental/free-0.9/local/sbin/radiusd /app/experimental/free-0.9/local/sbin/core GNU gdb 5.3 Copyright 2002 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "sparc-sun-solaris2.8" ...(no debugging symbols found) ... Core was generated by `./radiusd'. Program terminated with signal 11, Segmentation fault. Reading symbols from /lib/libcrypt_i.so.1...(no debugging symbols found)...done. Loaded symbols for /lib/libcrypt_i.so.1 Reading symbols from /lib/librt.so.1...(no debugging symbols found)...done. Loaded symbols for /lib/librt.so.1 Reading symbols from /lib/libpthread.so.1...(no debugging symbols found)...done. Loaded symbols for /lib/libpthread.so.1 Reading symbols from /app/experimental/free-0.9/local/lib/libradius-0.9.0.so...done. Loaded symbols for /app/experimental/free-0.9/local/lib/libradius-0.9.0.so Reading symbols from /usr/local/lib/libsnmp-0.4.2.5.so...done. Loaded symbols for /usr/local/lib/libsnmp-0.4.2.5.so Reading symbols from /lib/libnsl.so.1...done. Loaded symbols for /lib/libnsl.so.1 Reading symbols from /lib/libsocket.so.1...done. Loaded symbols for /lib/libsocket.so.1 Reading symbols from /lib/libresolv.so.2...done. Loaded symbols for /lib/libresolv.so.2 Reading symbols from /lib/libkstat.so.1...done. Loaded symbols for /lib/libkstat.so.1 Reading symbols from /usr/local/lib/libltdl.so.3...done. Loaded symbols for /usr/local/lib/libltdl.so.3 Reading symbols from /lib/libdl.so.1...done. Loaded symbols for /lib/libdl.so.1 Reading symbols from /lib/libc.so.1...done. Loaded symbols for /lib/libc.so.1 Reading symbols from /usr/local/lib/libgcc_s.so.1...done. Loaded symbols for /usr/local/lib/libgcc_s.so.1 Reading symbols from /lib/libgen.so.1...done. Loaded symbols for /lib/libgen.so.1 Reading symbols from /lib/libaio.so.1...done. Loaded symbols for /lib/libaio.so.1 Reading symbols from /lib/libmp.so.2...done. Loaded symbols for /lib/libmp.so.2 Reading symbols from /usr/platform/SUNW,Ultra-4/lib/libc_psr.so.1...done. Loaded symbols for /usr/platform/SUNW,Ultra-4/lib/libc_psr.so.1 Reading symbols from /lib/libthread.so.1...done. Loaded symbols for /lib/libthread.so.1 Reading symbols from /app/experimental/free-0.9/local/lib/rlm_expr-0.9.0.so...done. Loaded symbols for /app/experimental/free-0.9/local/lib/rlm_expr-0.9.0.so Reading symbols from /app/experimental/free-0.9/local/lib/rlm_pap-0.9.0.so...done. Loaded symbols for /app/experimental/free-0.9/local/lib/rlm_pap-0.9.0.so Reading symbols from /app/experimental/free-0.9/local/lib/rlm_chap-0.9.0.so...done. Loaded symbols for /app/experimental/free-0.9/local/lib/rlm_chap-0.9.0.so Reading symbols from /app/experimental/free-0.9/local/lib/rlm_mschap-0.9.0.so...done. Loaded symbols for /app/experimental/free-0.9/local/lib/rlm_mschap-0.9.0.so Reading symbols from /app/experimental/free-0.9/local/lib/rlm_unix-0.9.0.so...done. Loaded symbols for /app/experimental/free-0.9/local/lib/rlm_unix-0.9.0.so Reading symbols from /app/experimental/free-0.9/local/lib/rlm_eap-0.9.0.so...done. Loaded symbols for /app/experimental/free-0.9/local/lib/rlm_eap-0.9.0.so Reading symbols from /app/experimental/free-0.9/local/lib/rlm_eap_md5-0.9.0.so...done. Loaded symbols for /app/experimental/free-0.9/local/lib/rlm_eap_md5-0.9.0.so Reading symbols from /app/experimental/free-0.9/local/lib/rlm_eap_leap-0.9.0.so...done. Loaded symbols for /app/experimental/free-0.9/local/lib/rlm_eap_leap-0.9.0.so Reading symbols from /app/experimental/free-0.9/local/lib/rlm_preprocess-0.9.0.so...done. Loaded symbols for /app/experimental/free-0.9/local/lib/rlm_preprocess-0.9.0.so Reading symbols from /app/experimental/free-0.9/local/lib/rlm_sql-0.9.0.so...done. Loaded symbols for /app/experimental/free-0.9/local/lib/rlm_sql-0.9.0.so Reading symbols from /app/experimental/free-0.9/local/lib/rlm_sql_oracle-0.9.0.so...done. Loaded symbols for /app/experimental/free-0.9/local/lib/rlm_sql_oracle-0.9.0.so Reading symbols from /oracle/ora817/lib//libclntsh.so.8.0...done. Loaded symbols for /oracle/ora817/lib//libclntsh.so.8.0 Reading symbols from /oracle/ora817/lib//libwtc8.so...done. Loaded symbols for /oracle/ora817/lib//libwtc8.so Reading symbols from /lib/libsched.so.1...done. Loaded symbols for /lib/libsched.so.1 Reading symbols from
Freeradius snmp and MIBS problem
I've configured the Freeradius to work with snmp. I discovered that I only get snmp response on some of the MIBS but not the others. Does Freeradius treat or manipulate all MIBS, if yes, why I cannot get reply for such MIB: radiusAccServTotalInvalidRequests, I am getting replies only on radiusAccServTotalRequests, radiusAccServUpTime, radiusAccServResetTime and radiusAccClientTable. Appreciate your help. Regards Yasser Ahmed Hosny - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and Cygwin
At 04:49 PM 8/19/2003 -0700, A. Clausen wrote: I'm sure you get this question quite a bit, but I was wondering if anyone had successfully compiled FreeRadius under Cygwin, and if so, what modifications were required. I've tried a couple of quick compiles, but so far have been unable to. Yes, as far back as 0.2. The trick was to compile static modules ala: ./configure --disable-shared And also disabling a few of the modules that try to use stuff that cygwin doesn't have. Try disabling shared modules, and then clean up the 'stable' module list to only list the modules you need/want. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Again --User Expiration Date
HI all As we know int conf/sql.attrmap write that: chechItem Expiration Expiration when i set User Expiration Date "16 Aug 2003" ,it doesn't work. And i find the attr"16 Aug 2003" is in the mysql radreply table but not radcheck table ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius and Cygwin
I'm sure you get this question quite a bit, but I was wondering if anyone had successfully compiled FreeRadius under Cygwin, and if so, what modifications were required. I've tried a couple of quick compiles, but so far have been unable to. -- Aaron Clausen [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: reply-message
hi alan your answers always appear before the oirignal questions, which is a little bit suprising :-) e.g. to my email originally written at 20:50 +02:00 you answered at 11:06 -04:00. evidently it's not possible, provided that we have the same reference point. do you make reference to GMT or what? then, to your email: i would like to test it with AP340/250. which is the attribute to put into the user configuration in order to get assigned an ip by the radius server? :-) ciao artur Alan DeKok wrote: > > Artur Hecker <[EMAIL PROTECTED]> wrote: > > Alan: what do you think, if freeradius assigned an ip-address to the > > user in a corresponding radius attribute and the client (AP) would use > > it for the client's DHCP/BOOTP relay which then would emit an DHCPOFFER > > message, could it work? I'm not an expert in BOOTP/DHCP, but do you > > think something like this would be possible? > > It should be possible, but I don't know off-hand if any AP's work > that way. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Artur Hecker artur[at]hecker.info - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
errors when starting in debug mode
i´m having problems when starting the server, with mysql. here are some lines im getting, -*--- HERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0" rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. [EMAIL PROTECTED] freeradius-0.9.0]# what should i do? thanks!! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: errors when starting in debug mode
make sure the module's got built in the first place. see the output of your ./configure script and add the mysql-dev libs if necessary. ciao artur juan wrote: > > i´m having problems when starting the server, with mysql. > here are some lines im getting, > > -*--- > HERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0" > rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found > rlm_sql (sql): Make sure it (and all its dependent libraries!) are in > the search path of your system's ld. > radiusd.conf[14]: sql: Module instantiation failed. > [EMAIL PROTECTED] freeradius-0.9.0]# > > what should i do? > > thanks!! > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Artur Hecker artur[at]hecker.info - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I finaly got PostgreSQL Authentication Working :)
Yah I know it's not a big deal for some people in this list but rather than make everyone guess how it is done, I am going to give up the details. I have supplied a patch file to run against the raddb directory. The file postgres-test.sql contains sample data that can be put into the configured database {radiusd} for testing. NOTE: make sure pg_hba.conf will allow the user {radiusd} to connect to the database. Also make sure the user {radiusd} has permission to select data from the uthentication tables and has appropriate access to the accounting and session tables. Hope this will help someone. -- Guy Fraser Network Administrator The Internet Centre 780-450-6787 , 1-888-450-6787 There is a fine line between genius and lunacy, fear not, walk the line with pride. Not all things will end up as you wanted, but you will certainly discover things the meek and timid will miss out on. diff -ruN orig/clients raddb/clients --- orig/clients2003-08-12 15:53:01.0 -0600 +++ raddb/clients 1969-12-31 17:00:00.0 -0700 @@ -1,25 +0,0 @@ -# -# THIS FILE IS DEPRECATED. -# -# You should NOT be using this file to configure the server. -# It is here ONLY for backwards compatibility. -# -# See 'clients.conf' for the new configuration. -# -# -# clients This file contains a list of clients which are allowed to -# make authentication requests and their encryption key. -# -# Description of the fields: -# -# * The first field is a valid hostname or IP address -#for the client. -# * The second field (seperated by blanks or tabs) is the -#encryption key. - -# Client Name Key -# -- -#portmaster1.isp.com testing123 -#portmaster2.isp.com testing123 -#proxyradius.isp2.com TheirKey -#localhost testing123 diff -ruN orig/clients.conf raddb/clients.conf --- orig/clients.conf 2003-08-12 15:53:01.0 -0600 +++ raddb/clients.conf 2003-08-19 14:09:24.0 -0600 @@ -113,3 +113,8 @@ # password= someadminpas #} +client 10.10.10.10 { + secret = MySneakyPassWord + shortname = saturn + nastype = other +} diff -ruN orig/naslist raddb/naslist --- orig/naslist2003-08-12 15:53:02.0 -0600 +++ raddb/naslist 1969-12-31 17:00:00.0 -0700 @@ -1,31 +0,0 @@ -# -# THIS FILE IS DEPRECATED. -# -# You should NOT be using this file to configure the server. -# It is here ONLY for backwards compatibility. -# -# See 'clients.conf' for the new configuration. -# -# -# naslist This file contains a list of NASes (Network Access Servers, -# also known as terminal servers) which we know. -# -# Description of the fields: -# -# * The first field is a valid hostname or IP address -#for the client. -# * The second field (seperated by blanks or tabs) is the -#short name we use in the logfiles for this NAS. -# * The third field defines what type of device it is. Valid -#values are "cisco", "computone", "livingston", "max40xx", -# "multitech", "netserver", "pathras", "patton", "portslave", -# "tc", "usrhiper" or "other". -# -# This is used to find out how to detect double logins. -# - -# NAS Name Short Name Type -# -- -#portmaster1.isp.com pm1.NY livingston -#portmaster2.isp.com pm1.LA livingston -localhost local portslave diff -ruN orig/postgresql.conf raddb/postgresql.conf --- orig/postgresql.conf2003-08-12 15:53:02.0 -0600 +++ raddb/postgresql.conf 2003-08-19 14:26:27.0 -0600 @@ -19,11 +19,11 @@ # The following credentials will most likely work on a default install of Postgresql # If they do work however, it means that you have a HUGE GAPING SECURITY RISK on your # server! Please change the "postgres" users password and setup a separate radius user. - login = "postgres" + login = "radiusd" password = "" # Database table configuration - radius_db = "radius" + radius_db = "radiusd" # If you want both stop and start records logged to the # same SQL table, leave this as is. If you want them in diff -ruN orig/postgres-test.sql raddb/postgres-test.sql --- orig/postgres-test.sql 1969-12-31 17:00:00.0 -0700 +++ raddb/postgres-test.sql 2003-08-19 14:03:38.0 -0600 @@ -0,0 +1,45 @@ +DELETE FROM radcheck ; +COPY radcheck (username, attribute, op, value) FROM stdin; +fredf Password== wilma +barney Password== betty +dialrouter Password== dialup +troll Crypt-Password == $1$nccboTC8$iTa7cikTy1Ito27dpdkT90 +\. + +D
Re: MySQL Authentication Logging
"Adam Carmichael" <[EMAIL PROTECTED]> wrote: > I'm currently running FreeRADIUS 0.9.0 on several *BSD boxes with MySQL4 > for logging accounting and retrieving authentication information. I am > interested in knowing how to log authentication attempts and even > possibly why an attempt failled. See the 'detail' module in the latest CVS snapshot. It will create "detail" style files for authentication requests, responses, proxied packets, and replies from a home server. It won't log all of the information you see in debugging mode, but it will log a fair amount of useful data. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: reply-message
Artur Hecker <[EMAIL PROTECTED]> wrote: > Alan: what do you think, if freeradius assigned an ip-address to the > user in a corresponding radius attribute and the client (AP) would use > it for the client's DHCP/BOOTP relay which then would emit an DHCPOFFER > message, could it work? I'm not an expert in BOOTP/DHCP, but do you > think something like this would be possible? It should be possible, but I don't know off-hand if any AP's work that way. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: reply-message
hi sylvain i have to admit that i don't really understand the first part of your question. but, in the case you are using EAP/MD5 try to read the FAQ under http://www.freeradius.org/doc/EAP-MD5.html and look for Reply-Message. Could it be this kind of problem? for the second part, it's interesting - i didn't try it but, as alan, i asked myself if it is possible some time ago and i promptly came up with a solution which i'm not sure about. Alan: what do you think, if freeradius assigned an ip-address to the user in a corresponding radius attribute and the client (AP) would use it for the client's DHCP/BOOTP relay which then would emit an DHCPOFFER message, could it work? I'm not an expert in BOOTP/DHCP, but do you think something like this would be possible? ciao artur Alan DeKok wrote: > > =?iso-8859-1?q?Sylvain=20Masnada?= <[EMAIL PROTECTED]> wrote: > > I'd like to know why the "reply-message" attribute is sent by > > freeradius in a access-reject packet. I use this attribute to > > welcome people who connected themselves on my wireless network. But > > with xsupplicant, this access-reject disconnects my user, who > > reconnects immediately and is disconnected and reconnected and ... > > I don't think that the Reply-Message has anything to do with it. > > If the user is rejected, they can try again immediately. After some > number of retries, the AP will deny them access. See the AP > configuration for details. > > > I'd like to know if my AP which is a cisco AP350 can cause me > > troubles when I try to assign an ip to the users. > > So far as I know, it can't be done. The users are authenticating to > the AP (and then FreeRADIUS) through the EAP protocol, which doesn't > support setting the IP address. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Artur Hecker artur[at]hecker.info - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: reply-message
=?iso-8859-1?q?Sylvain=20Masnada?= <[EMAIL PROTECTED]> wrote: > I'd like to know why the "reply-message" attribute is sent by > freeradius in a access-reject packet. I use this attribute to > welcome people who connected themselves on my wireless network. But > with xsupplicant, this access-reject disconnects my user, who > reconnects immediately and is disconnected and reconnected and ... I don't think that the Reply-Message has anything to do with it. If the user is rejected, they can try again immediately. After some number of retries, the AP will deny them access. See the AP configuration for details. > I'd like to know if my AP which is a cisco AP350 can cause me > troubles when I try to assign an ip to the users. So far as I know, it can't be done. The users are authenticating to the AP (and then FreeRADIUS) through the EAP protocol, which doesn't support setting the IP address. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
reply-message
hi everybody, I'd like to know why the "reply-message" attribute is sent by freeradius in a access-reject packet. I use this attribute to welcome people who connected themselves on my wireless network. But with xsupplicant, this access-reject disconnects my user, who reconnects immediately and is disconnected and reconnected and ... I'd like to know if my AP which is a cisco AP350 can cause me troubles when I try to assign an ip to the users. My user is configured like steve example in users. Freeradius sends framed-IP-Address, Netmask ... correctly (freeradius debug tell me it) but my client has never an IP assigned as I would like. What have I to do to assign an IP to my users? Please help me. Thx in advance Sylvain ___ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: users configuration using mysql
If all your users are using chap, set default chap authentication in the users file. Jeremy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of apellido jr., wilfredo p Sent: Tuesday, August 19, 2003 11:48 AM To: [EMAIL PROTECTED] Subject: users configuration using mysql hello, good day, i just want to know what is the users configuration if im using mysql as user information (database).i want to use chap as authentication. = [ apellido jr., wilfredo p. ] +63 034 4880-449 If you can't hear me, it's because i'm in parentheses. __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
users configuration using mysql
hello, good day, i just want to know what is the users configuration if im using mysql as user information (database).i want to use chap as authentication. = [ apellido jr., wilfredo p. ] +63 034 4880-449 If you can't hear me, it's because i'm in parentheses. __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: testing acl with radius
On Tue, 2003-08-19 at 17:10, Oliver Graf wrote: > On Tue, Aug 19, 2003 at 05:04:54PM +0200, Eric Leblond wrote: > > On Tue, 2003-08-19 at 16:58, Oliver Graf wrote: > > > On Tue, Aug 19, 2003 at 04:56:17PM +0200, Eric Leblond wrote: > > > > > > > > Can your firewall software speak to a radius server? > > > > I'm coding it ;-) (http://www.gnufw.org) > > I just wanna know it a test of the kind : > > IP in good range > > port in good range > > ... > > is admissible on a radius server like freeradius. > > I would try it the other way around... the radius returns some rules > in the attributes and your software does the matching. > > Other solution: just program a freeradius module which does the > address checking magic. This is not really hard. good idea > On the other hand: should every ip packet result in a radius request= > than your server is dead meat. True, but not if you only test packet with state NEW (beginning of connection in netfilter) that's only a few number you have to test. > So the best solution is to just load the firewall config from the > server, but does this make sense? really no for me. -- Eric Leblond <[EMAIL PROTECTED]> Alphalink - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Volubill dictionary
Hello, I'm looking for a volubill dictionary for freeradius 0.8 or later. Would anyone have that? Thans, Fred. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: clients.conf
I understand that much. I the ips range from 141. 208. 65. to a few others. I tried using the 0.0.0.0/1 but that only worked when the nas was behide a firewall with a private address. Thanks Jeremy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Oliver Graf Sent: Tuesday, August 19, 2003 10:58 AM To: [EMAIL PROTECTED] Subject: Re: clients.conf On Tue, Aug 19, 2003 at 10:48:09AM -0400, Jeremy Davis wrote: > > > I want to have just one entry into clients.conf for all of my radius usage. > I tried the man page, it wasn't there, but its referenced to exist in man > clients. Anyway if someone could point to me the document, the man page, or > the answer. something like this? client / { secret = shortname = } Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: testing acl with radius
On Tue, Aug 19, 2003 at 05:04:54PM +0200, Eric Leblond wrote: > On Tue, 2003-08-19 at 16:58, Oliver Graf wrote: > > On Tue, Aug 19, 2003 at 04:56:17PM +0200, Eric Leblond wrote: > > > > > Can your firewall software speak to a radius server? > > I'm coding it ;-) (http://www.gnufw.org) > I just wanna know it a test of the kind : > IP in good range > port in good range > ... > is admissible on a radius server like freeradius. I would try it the other way around... the radius returns some rules in the attributes and your software does the matching. Other solution: just program a freeradius module which does the address checking magic. This is not really hard. FreeRadius can do regular expression matching on attributes. but I don't think this would be good. On the other hand: should every ip packet result in a radius request= than your server is dead meat. So the best solution is to just load the firewall config from the server, but does this make sense? Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: testing acl with radius
On Tue, 2003-08-19 at 16:58, Oliver Graf wrote: > On Tue, Aug 19, 2003 at 04:56:17PM +0200, Eric Leblond wrote: > > Can your firewall software speak to a radius server? I'm coding it ;-) (http://www.gnufw.org) I just wanna know it a test of the kind : IP in good range port in good range ... is admissible on a radius server like freeradius. BR, -- Eric Leblond <[EMAIL PROTECTED]> Alphalink - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: L2TP Accounting
"Roy" <[EMAIL PROTECTED]> wrote: >How can I make rlm_mysql support L2TP accounting ? >Did I miss some ? No. The sql module doesn't currently handle Tunnel-Link-Stop messages. It shouldn't be hard to add, though. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: testing acl with radius
On Tue, Aug 19, 2003 at 04:56:17PM +0200, Eric Leblond wrote: > On Tue, 2003-08-19 at 16:51, Oliver Graf wrote: > > On Tue, Aug 19, 2003 at 04:01:18PM +0200, Eric Leblond wrote: > > > I like to know if it is possible to test Acl with freeradius (classic IP > > > filtering) > > > > block the radius ports and see if your nas gets to your freeradius. is > > this the test you have in mind? but perhaps a packet generator would > > be more fitting for this task... > > Oops, I was meaning : Is it possible to have a firewall check packet > against premission given by a radius server ? Can your firewall software speak to a radius server? Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: clients.conf
On Tue, Aug 19, 2003 at 10:48:09AM -0400, Jeremy Davis wrote: > > > I want to have just one entry into clients.conf for all of my radius usage. > I tried the man page, it wasn't there, but its referenced to exist in man > clients. Anyway if someone could point to me the document, the man page, or > the answer. something like this? client / { secret = shortname = } Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: testing acl with radius
On Tue, 2003-08-19 at 16:51, Oliver Graf wrote: > On Tue, Aug 19, 2003 at 04:01:18PM +0200, Eric Leblond wrote: > > I like to know if it is possible to test Acl with freeradius (classic IP > > filtering) > > block the radius ports and see if your nas gets to your freeradius. is > this the test you have in mind? but perhaps a packet generator would > be more fitting for this task... Oops, I was meaning : Is it possible to have a firewall check packet against premission given by a radius server ? -- Eric Leblond <[EMAIL PROTECTED]> Alphalink - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: testing acl with radius
On Tue, Aug 19, 2003 at 04:01:18PM +0200, Eric Leblond wrote: > I like to know if it is possible to test Acl with freeradius (classic IP > filtering) block the radius ports and see if your nas gets to your freeradius. is this the test you have in mind? but perhaps a packet generator would be more fitting for this task... or do you want to configure some client via radius to do ip filtering? than you should consult the documentation of your nas equipment which attributes are used for this purpose... Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
clients.conf
I want to have just one entry into clients.conf for all of my radius usage. I tried the man page, it wasn't there, but its referenced to exist in man clients. Anyway if someone could point to me the document, the man page, or the answer. TiA, Jeremy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
testing acl with radius
Hi, I like to know if it is possible to test Acl with freeradius (classic IP filtering) Thanks in advance, -- Eric Leblond <[EMAIL PROTECTED]> Alphalink - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject)
On Tue, Aug 19, 2003 at 10:51:49AM -0300, German Viera wrote: > I would like to know how could I configure freeradius to log in a db (mySQL) and ask > for users data also in a db, instead of flat file, read the example config and doc/rlm_sql. The list archive has also some examples. > Can sombody tell me hoy to configure cisco VSA's in freeradius, Example: Assign IP Pool via VSA pools-bkhead-test Auth-Type := Accept Framed-Protocol = PPP, Service-Type = Outbound-User, Cisco-AVPair = "ip:pool-def#1=pool1 192.168.1.2 192.168.1.254" You can see that you simply use the Attribute Cisco-AVPair which is defined as a VSA in the dictionary.cisco. There is no need for a special configuration. Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(no subject)
I would like to know how could I configure freeradius to log in a db (mySQL) and ask for users data also in a db, instead of flat file, Can sombody tell me hoy to configure cisco VSA's in freeradius, Regards, German Viera[EMAIL PROTECTED]DISTRICORP S.A.MontevideoUruguay+598-2-9019344 ext(110)
L2TP Accounting
Dear all, How can I make rlm_mysql support L2TP accounting ? Did I miss some ? Regards Roy. --- Acct-Session-Id = "12CEF81A207C" User-Name = "leotest" Acct-Status-Type = Tunnel-Link-Stop Service-Type = Framed-User Framed-Protocol = PPP Acct-Authentic = RADIUS Tunnel-Type:0 = L2TP Tunnel-Medium-Type:0 = IP Tunnel-Client-Endpoint:0 = "x.x.x.x" Tunnel-Server-Endpoint:0 = "x.x.x.x" Acct-Terminate-Cause = User-Request Acct-Session-Time = 681 Acct-Output-Octets = 109 Acct-Input-Octets = 690 Acct-Output-Packets = 9 Acct-Input-Packets = 14 Calling-Station-Id = "00:E0:63:83:1F:B3" NAS-Port-Type = Virtual NAS-Identifier = "lac" NAS-Port = 0 Acct-Delay-Time = 0 modcall: entering group preacct modcall[preacct]: module "preprocess" returns noop rlm_sql (sql): Unsupported Acct-Status-Type = 13 modcall[accounting]: module "sql" returns noop - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius vrs Cisco RADIUS
[EMAIL PROTECTED] wrote on 08/19/2003 04:21:20 AM: > > If you need paid support ("It's busted and I need it fixed RIGHT NOW!!"), > > then you're obviously SOL running freeradius. (Don't misinterpret this; > > the FR team does a bang up job. BUT they're NOT obligated to do > > _anything_ if something in FR doesn't quite work right.) > > Can I put that paragraph in the FAQ? Feel free. :) Vincent Giovannone Network Infrastructure Group Information Services Division Rush - Presbyterian St. Luke's Medical Center "A four-year-old will very quickly get over news of the death of Santa if told that it was due to his fully loaded sleigh crashing in the back garden." -- Mil Millington - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius vrs Cisco RADIUS
[EMAIL PROTECTED] wrote: > If you need to securID authentication _directly_, don't even bother > thinking about freeradius; it simply doesn't do it. (search the mailing > archives for a few diatribes by myself.) It's at least partially a licensing issue. However, I *think* that SecurID comes with a command-line token chek utility, which could then be run from FreeRADIUS. > If you need paid support ("It's busted and I need it fixed RIGHT NOW!!"), > then you're obviously SOL running freeradius. (Don't misinterpret this; > the FR team does a bang up job. BUT they're NOT obligated to do > _anything_ if something in FR doesn't quite work right.) Can I put that paragraph in the FAQ? > Now, don't get me wrong here. I _love_ freeradius. To that end, for my > wireless access points, I have ACS handle the radius PEAP requests, and > freeradius handle the direct AP management (console login, ssh login, > etc.) radius requests. Wait a few months. With the discussions on -devel about TTLS & PEAP, I'm sure they will be in FreeRADIUS before January. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FreeRadius vrs Cisco RADIUS
[EMAIL PROTECTED] wrote on 08/19/2003 03:02:17 AM: > I would agree. Cisco makes two products for Radius. One that is > expensive and the other that is even more expensive. Neither one has > all the same features as Freeradius AND neither one works as well. > > Gene Parks > VIP Direct That's a rather blanket reply. I use both freeradius and Cisco ACS. There are some HUGE differences between the two, which is why (*duh*) we use both. If you need to securID authentication _directly_, don't even bother thinking about freeradius; it simply doesn't do it. (search the mailing archives for a few diatribes by myself.) Sure, FR can proxy against the absolute PILE OF S**T radius server built into ACE, but why put a _great_ proxy against a _crap_ source radius server? PEAP support still seems pretty skechy, at best. It's experimental, it's new, and if you need it to work right now then FR isn't the best choice. (LEAP, otoh, seems to be pretty stable in FR.) If you need paid support ("It's busted and I need it fixed RIGHT NOW!!"), then you're obviously SOL running freeradius. (Don't misinterpret this; the FR team does a bang up job. BUT they're NOT obligated to do _anything_ if something in FR doesn't quite work right.) And lastly, ACS supports some other odd things (safetoken support, plus a few other securID wannabees) that just aren't in FR. Now, don't get me wrong here. I _love_ freeradius. To that end, for my wireless access points, I have ACS handle the radius PEAP requests, and freeradius handle the direct AP management (console login, ssh login, etc.) radius requests. I keep trying to push freeradius into MORE stuff on my network. But as things stand _right_ _now_, they're two different products with different strengths. Vincent Giovannone Network Infrastructure Group Information Services Division Rush - Presbyterian St. Luke's Medical Center "A four-year-old will very quickly get over news of the death of Santa if told that it was due to his fully loaded sleigh crashing in the back garden." -- Mil Millington - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Again - rlm_ippool problem.
Please, someone can help-me !!! I have installed freeradius and i need to use ippool, but when enable the option in post-auth {} i get the follow error : "radiusd.conf[1258] Failed to link to module 'rlm_ippool': file not found" In my lib directory exist the files. # ll /usr/local/freeradius/lib/rlm_ippool* lrwxrwxrwx1 root root 13 Aug 7 11:12 /usr/local/freeradius/lib/rlm_ippool-0.9.0.la -> rlm_ippool.la -rwxr-xr-x1 root root50606 Aug 7 11:12 /usr/local/freeradius/lib/rlm_ippool-0.9.0.so -rw-r--r--1 root root91296 Aug 7 11:12 /usr/local/freeradius/lib/rlm_ippool.a -rwxr-xr-x1 root root 770 Aug 7 11:12 /usr/local/freeradius/lib/rlm_ippool.la lrwxrwxrwx1 root root 19 Aug 7 11:12 /usr/local/freeradius/lib/rlm_ippool.so -> rlm_ippool-0.9.0.so my_server:/usr/local/freeradius/sbin # ./radiusd -X -p 1645 Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/freeradius/etc/raddb/clients.conf Config: including file: /usr/local/freeradius/etc/raddb/snmp.conf Config: including file: /usr/local/freeradius/etc/raddb/postgresql.conf main: prefix = "/usr/local/freeradius" main: localstatedir = "/usr/local/freeradius/var" main: logdir = "/usr/local/freeradius/var/log/radius" main: libdir = "/usr/local/freeradius/lib" main: radacctdir = "/usr/local/freeradius/var/log/radius/radacct" ... radiusd.conf[1258] Failed to link to module 'rlm_ippool': file not found Where is the problem ? Tanks. Kleyson Rios. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Antwort: Re: Antwort: Re: Problem with Framed-IP-Address
[EMAIL PROTECTED] wrote: > i have this settings: > > My Network: 192.168.202.0/24 > RadiusServer: 192.168.202.58/24Route: 192.168.202.0/24 > Gateway:192.168.202.59 > Router: 192.168.202.59/24 Route: 192.168.202.0/24 > Gateway:192.168.202.59 > User1Network: 10.20.30.0/24 > > User1 get IP-Address "192.168.202.50"! > Radiusd in Debug mode says "sending access-accept" Radius and routing are diffirent things. > but no ping and no telnet works Yes. Why you need to give user ip from 192.168.202.0/24 ? > help. For normal work you can give to user any ip except ip used in you and user networks Have solf the Problem! The Problem was, the Router don´t know the network 10.20.30.0/24 with WAN Partner User1. OK, i can set a static route, but it is not so easy, because i must bind the network with a WAN-Partner. My Router have no Entries yet, these are all in the Radius-Server. In this Situation the Radius must give the NAS the Network-Route. I implement the Attribute "Framed-Route" in the User1 Dialin-Account Framed-Route = "10.20.30.0/24 user1 Password" Now everything works fine! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FreeRadius vrs Cisco RADIUS
I would agree. Cisco makes two products for Radius. One that is expensive and the other that is even more expensive. Neither one has all the same features as Freeradius AND neither one works as well. Gene Parks VIP Direct -Original Message- From: Michael Brown [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 1:22 AM To: [EMAIL PROTECTED] Subject: Re: FreeRadius vrs Cisco RADIUS it's free, and it WORKS. Quoting Zuheir Mheir <[EMAIL PROTECTED]>: > > Team, > > > > How would FreeRADIUS compete with Cisco RADIUS (or other vendors for that > matter). I guess what I am looking for is some feedback from people whom > have experienced commercial RADIUS and migrated to freeRADIUS. Your quick > response is greatly apperciated. > > > > Regards, > > > > Zuheir > > > > - > Do you Yahoo!? > Yahoo! SiteBuilder - Free, easy-to-use web site design software Michael Brown <> mikro network solutions * http://www.mikro-net.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco VSA hack problem
Peter Nixon wrote: On Tue August 19 2003 07:55, Dmitry Melekhov wrote: Hello! I have following in preprocess: with_cisco_vsa_hack = yes But I have following in detail : h323-call-origin = "h323-call-origin=proxy" h323-call-type = "h323-call-type=VoIP" Do I have something wrong in configuration or this feature doesn't work? Which version are you using? If not 0.9.0 then upgrade... It should work, I have been using it for a long time, although versions prior to 0.7 (I think) were broken and needed a patch. Thank you! I used freeradius from SLES8 (something like 0.5). Upgrade solved problem. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html